Slashdot Mirror


User: swillden

swillden's activity in the archive.

Stories
0
Comments
18,006
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 18,006

  1. Windows only? on WD Explains Its Windows-Only Software-Based SSHD Tech · · Score: 3, Informative

    Uh, okay, whatever.

    Guess I won't be buying one. Best of luck to those that do.

  2. Re:Projected in field of vision... on Google Glass Hands-On: Brimming With Potential, Dangerous While Driving · · Score: 2

    How is having something that is projected into your field of vision legal for use while driving?

    It's not projected into your field of vision, not the part of it you use to look at the road, cars, pedestrians, traffic signs, etc., anyway. To look at the screen you have to shift your gaze up and to the right. It's also translucent, which is probably the biggest reason that the guy couldn't easily see it -- white translucent text (which is what was used in the demo videos I've seen) would be fairly hard to see in full daylight. I wonder if it would be easier if the top of your windshield is tinted, to provide a darker background for better contrast.

    I think it has the obvious potential to be much safer than looking down at your GPS, or phone.

    I'm especially concerned when the author states he has to put his hand up to block the road to see what's on the Google glass's screen.

    Yes, this is an issue. Perhaps the navigation displays should use a dark font during daylight. I believe pure black is reserved to mean "transparent", but perhaps a dark blue would be good during daylight.

    (Disclaimer: I work for Google but I haven't touched a Glass device other than a very early prototype that one of my colleagues who was transferring to the Glass team had. All of this is based on the Youtube videos and the public developer toolkit documentation I've seen, and none of that has included much information about what the navigation display looks like.)

  3. Re:What else is in the "industry"? on 450 Million Lines of Code Can't Be Wrong: How Open Source Stacks Up · · Score: 1

    Exactly my question, what else is there besides proprietary and open source? How can they both surpass industry standards?

    I think that's based on the unstated and unsupported -- but not entirely unreasonable -- assumption that proprietary and open source projects that don't care enough about quality to run Coverity on their code have lower quality levels than those that do.

    However, I don't believe Google uses Coverity, and we have a pretty serious focus on code quality. At least, in my 20+-year career I haven't seen any other organization with quality standards as high as Google's, so I'd put Google forth as a counterexample to the assumption, and I'm sure there are many more. I have no idea if it the assumption is valid overall.

  4. Re:Youtube could potentially dominate all other vi on YouTube To Offer Subscription Service This Week · · Score: 1

    youtube.com from a northwest state

    That's not very informative :-)

    There are many, many things that could be causing problems for you. Your ISP's configuration, including possibly-overloaded caching servers, DNS misconfiguration directing your requests to the wrong places, overloaded ISPGoogle peering links, overloaded ISP backbone links... and many more.

  5. Re:Printing a gun is a crime.... on The First Fully 3D-Printed Gun Has Been Successfully Test-Fired · · Score: 1

    It's actually not a crime to print a gun (or otherwise manufacture one for personal use), which is why this guy did so openly and was not arrested.

    Though, just to be on the safe side, this guy did get a firearms manufacturing license.

  6. Re: That's nice on The First Fully 3D-Printed Gun Has Been Successfully Test-Fired · · Score: 1

    Nah its about the bribery. The gun industry needs their profits so they lobby for no gun control. 3d printing guns would reduce profits so it must be banned.

    Heh. Have you actually looked at what happens to gun and ammunition sales whenever gun control legislation is discussed? If it's about profits, then the gun industry should be pushing for gun control bills. To be proposed, not passed, of course.

    However, it's not really about profits and you're not going to see significant pushback from the gun industry over 3D-printed guns.

  7. Re:Youtube streaming sucks. on YouTube To Offer Subscription Service This Week · · Score: 2

    YouTube is all inside Google's infrastructure so anything you stream from youtube you use your ISP's internet backbone.

    Google also has caching servers forward-deployed with the major ISPs. Also, Google peers directly with many ISPs, so data doesn't flow over the ISP's connection to the backbone.

    http://blogs.broughturner.com/2009/04/googles-peering-and-caching-strategy.html

  8. Re:Youtube could potentially dominate all other vi on YouTube To Offer Subscription Service This Week · · Score: 1

    Except that they haven't proven that with their NorthWest servers at all. And yes, it is their servers that are having issues.

    Cite?

  9. Poor virtual worlds on Living In a Virtual World Requires Less Brain Power · · Score: 5, Insightful

    This just shows that living in a poor virtual world, with less sensory input, requires less brain power. That may be an interesting result, but it's hardly what the headline says.

  10. Re:Want time off to spend with your child? on So What If Yahoo's New Dads Get Less Leave Than Moms? · · Score: 1

    Promoting child birth is considered good for the community?

    Promoting strong parent-child bonding and involved parenting is good for the community.

  11. Re:And those of us who don't need glasses? on Google Glass Is the Future — and the Future Has Awful Battery Life · · Score: 1

    I'm in my early 30's with better than 20/20 vision. I know that won't hold out forever, but I've never needed glasses. Why would I want to wear these?

    You'd wear them to have a heads-up display, etc., of course.

    Currently, people who do need corrective lenses actually need to wear contacts in order to use Google Glass, because it doesn't support corrective lenses. It comes with a couple of lenses, one clear and one shaded, which can be attached if you want to protect your eyes from the elements, and I wonder why it would be hard to get corrective lenses manufactured in the same shape, but apparently it is.

  12. Re:Not surprising on Windows Store In-App Ad Revenue Plummets · · Score: 1

    Keep on working for a company that advocates a future without privacy, capitalist faggot.

    I really shouldn't respond to this, but...

    I, personally, care a great deal about privacy. I was an active participant on cipherpunks when it was a going concern, ran a mixmaster remailer for years, strongly advocated (and contributed to) PGP and S/MIME email encryption tools, still run a Tor node and an open Wifi access point on a 100Mbps connection, am a strong advocate for cryptographic privacy assurance tools of all sorts -- and my day job at Google is building the encryption systems that ensure critical user data is kept properly secured, including from Googlers. My day job used to be security and privacy consulting.

    I mention all of that to give you a feel for my general attitudes about security and privacy... and I'm perfectly comfortable with working for Google. I think the company takes great care to do the right things. Not that there aren't occasional screwups -- in a company this size, and especially one where decisions are almost entirely bottom-up, there will be mistakes. But that's what they are: mistakes, not evidence of a subtle conspiracy to destroy privacy. In fact, I'd argue that the fact that there have been so few mistakes and they've all been relatively harmless is strong evidence for Google's good intentions and excellent execution.

    Google's stance on privacy is that it's very important. However, it's reasonable to trade personal information for access to goods and services. Google wants to make such a compelling suite of services, and to behave so responsibly with the data you provide, that you want to make that trade. Google also wants you to have the option of deciding not to make that trade.

    That's why Google provides:

    https://www.google.com/dashboard
    https://www.google.com/settings/ads/plugin/
    http://www.dataliberation.org/
    http://www.google.com/transparencyreport/removals/

    And others.

    It does concern me a little bit that a future version of Google, under different leadership, could begin to abuse the data access it has. It also concerns me a little that government can leverage Google (and Facebook, etc.) to obtain way too much insight into private information. No matter how careful Google is to secure and properly manage user information, government can always compel its release. But that's primarily an issue to be addressed through public policy.

    I'm a staunch privacy/security advocate (and no, those things are not at all the same, though there are intimate relationships between them), and I'm quite comfortable working for Google -- and quite comfortable calling attention internally to any privacy missteps I think the company is making. Google actually makes it very easy for employees to speak up on such issues in a way that can't be swept under the rug, at the weekly TGIF meetings. If I see a serious issue I can -- and will -- stand up in front of the whole company and take Larry Page to task. But I suspect if I felt the need to do that, I'd have to get in line. There are a lot of hardcore geeks at Google who care a great deal about privacy.

    Of course, you'll just dismiss this whole comment, because you'll assume I'm bought and paid for. Fine. Whatever. But do you really think a Google engineer can't easily get a job elsewhere? Hell, isn't actively recruited on a regular basis? I speak my mind, and I wouldn't say any of this just because my employer wanted me to. In fact, if this post comes to HR's attention, they'll likely gently suggest that I should shut up (gently, though... Google is a company of nerds and understands that nerds have strong opinions and object strongly to being silenced without very good reason).

    IHBT and shall have a nice day.

  13. Re:Not surprising on Windows Store In-App Ad Revenue Plummets · · Score: 1

    How much of your profit is not ads based?

    That's not in the public data, AFAICT, sorry. But I would guess that the non-hardware (e.g. Google Apps) profit margins are high. The hardware, I don't know. I doubt it's actually zero margin, though.

  14. Re:Not surprising on Windows Store In-App Ad Revenue Plummets · · Score: 5, Informative

    Google, who seems to be running the advertising network that's actually doing well, makes around 98% of its money from selling ads.

    FYI, Google does make the vast majority of its money from ads, but not 98%. Here are recent percentages (calculated from http://investor.google.com/financial/tables.html):

    2011: 96.3%
    2012: 94.9%
    2013: 91.9% (Q1 only, obviously)

    For Q1 2013, Google's non-advertising revenues saw 150% year-on-year growth and 27% quarter-on-quarter growth, to just over $1B for the quarter. At that rate, Google is on track to have ~6B in 2013 in non-advertising revenues, and for advertising revenues to drop to less than 90% of total revenues. Perhaps even more.

    Note that none of the above includes Motorola Mobility revenues. If you count Motorola, Q1 advertising revenues were 85% of total revenues.

    Also note that this isn't because Google's advertising business isn't doing well, it's because it's non-advertising business is doing even better (except for Motorola, which is still posting losses).

    (Disclaimer: I work for Google, but this is all public information.)

  15. Re:Which becomes cheaper, as its seldom needed. on Spain's Extremadura Starts Move To GNU/Linux, Open Source · · Score: 1

    Unlike some other proprietary OSes, where things are constantly breaking, a Linux machine always works unless the hardware fails.

    Have you ever used Linux with a GUI? Servers, sure, rock solid, but I have always had X issues which were annoying. And don't tell me to "just ssh in and restart X, the computer didn't really crash", normal users won't do that and shouldn't have to.

    I haven't seen that happen in at least 5 years.

  16. Re:New Tricks? on Can Older Software Developers Still Learn New Tricks? · · Score: 1

    I think a better question would be, how often does something genuinely new come along?

    Well, there was that new object orientated thingy-ma-whatsit that came out recently?

    If by "recently" you mean "30+ years ago".

  17. There are no new tricks on Can Older Software Developers Still Learn New Tricks? · · Score: 1

    The question doesn't really make sense. When you've been around for a while, there are no new tricks, just minor variations on old tricks. Occasionally there'll be something that requires a different way of looking at the old tricks -- like functional programming or massive concurrency -- but computers haven't fundamentally changed, and aren't going to.

    In most cases, the old software developers who've already seen a number of variations on the tricks are better able to pick up new tools and techniques than the younger guys, because they can say "Oh, that's like X except for Y, where it's more like Z". Details are just details, and that's what manuals are for.

    Young programmers who've already had the opportunity to learn three or four programming languages should be able to extrapolate from their experience with the last language or two, by which point learning the language is just a matter of remembering a few details of syntax and exploring the libraries. When you've been writing code for 20+ years nearly every new environment, toolset, library, etc., feels the same... just another variation with some trivial differences to be assimilated.

    My older colleagues (I'm in my 40s but some of the guys I work with are in their 50s and 60s) confirm that adopting new technologies just gets easier and easier over time.

  18. Re:Access management nightmare? on New Smart Gun Company Hopes To Begin Production This Summer · · Score: 2

    Luckily, given the distinguishing capabilities of modern fingerprint scanners, once you've loaded a few thousand fingerprints into the unit you'll have a high degree of assurance that any random person who picks up the gun will be considered authorized to shoot it.

  19. Re:I won't be buying one... on New Smart Gun Company Hopes To Begin Production This Summer · · Score: 5, Insightful

    I don't see a problem if he wants to carry that way.

    I do. I think a case could be made for reckless endangerment, and if it goes off and hurts someone I would definitely support criminal negligence charges.

    He should just get a holster. There's really no reason not to use a holster. If nothing else one of those ultra-minimalist holsters that covers nothing but the trigger guard.

  20. Re:Kind of innevitable and entirely reasonable on Canada Revenue Agency To Tax BitCoin Transactions · · Score: 1

    For an economy, efficiency isn't just about doing a particular thing with fewer resources.

    Only if you define "efficiency" in an odd and particularly narrow way.

    For an economy, efficiency is about doing everything with the fewest resources; maximizing the amount of net value to people. Which means it's all about allocating resources for maximum good. The challenge is determining what is "good". The best way we've found so far is to use pricing to stand in for aggregate resources consumed to produce a good or service, and to allow individuals to allocate their resources (or their stand-in: money) to purchase what they believe will do them the most good.

    You can also be inefficient by doing the wrong things. Think of the badly organized communist state which manufactures - very efficiently - twice as many left shoes as right.

    That's not efficient at all. It's pure waste since it's devoting resources to producing goods which no one wants to purchase. Even without the imbalance between left and right shoes, centrally-planned economies tend to do a horrible job at determining how much of what to produce. Marginal pricing tends to do a much better job of driving production resources to satisfy individual needs and desires. And -- believe it or not -- profit on investment capital is a huge part of what makes that work. The "parasitic" professional speculators and bankers are critically important to making all of the myriad resource allocation decisions that flow capital into the industries where it can accomplish the most good for people -- and in the process generate the best profits. The free market allocation process has its own inefficiencies and weaknesses, of course, but it's far better than anything else we've got.

    Or more plausible government that piles its country's resources in to terrorism prevention, whilst ignoring road safety.

    That is a good example of tremendous inefficiency: spending vast resources in an arguably-failed attempt to mitigate a non-problem.

  21. Re:Completely missing the point on Mitigating Password Re-Use From the Other End · · Score: 1

    "Run your own OAUTH server"? No way in hell would Google allow their login processes to accept authentication decisions from Joe's bedroom OAUTH server. Quit being disingenuous.

    I'm not being disingenuous at all, and I really believe that Google should be willing to do exactly that. No matter how horribly broken it is, Joe's bedroom OAUTH server can't compromise Google's login process in general, only the users who choose to use Joe. I could see Google throwing up some strong warnings, and there may be some issues around account creation control -- if Joe's bedroom OAUTH server could be used to facilitate mass-creation of gmail accounts for use by spammers, for example, that would be a problem, but I think most of those controls are independent of authentication mechanism.

    I should mention that I don't work on Google's account management or authentication systems, so there may well be technical issues that I'm unaware of that prevent this. But I doubt it.

    a provider who has not already demonstrated that they intend to abuse the collected information

    I take issue with the claim that Google has demonstrated they intend to abuse the collected information. I think Google behaves quite responsibly with their collected information and that they're quite clear with users about how it will be used. I grant that it's always possible that some future version of Google might behave differently, but I challenge you to show any case of Google abuse of collected information. At most you can point to a couple of instances where Google collected information that perhaps they should not have, but none where that information was abused.

  22. Re:Completely missing the point on Mitigating Password Re-Use From the Other End · · Score: 1

    What single OAUTH provider allows me to sign on to both Facebook and Google? As long as the answer remains "none", we will never have single sign-on.

    This is a valid point. The OAUTH providers need to get with it and start accepting OAUTH from others. I'll file a bug in Google's bugtracking system. Google is the right company to start that trend. There may be some concern that crappy OAUTH providers might be used to do an end-run around Google's own spam account creation mitigation efforts (Google works hard to make it difficult for spammers to create lots of Google accounts), but hopefully most of those efforts are independent of the authentication mechanism.

    My complaint about correlating activity with OAUTH was that it allows every site to correlate information because they all get your user ID. But reading further I've just discovered that Google does this properly - it allows logons that leak no identity information (it provides a random ID). However, I can't find a site that will accept such a logon!

    Ah, so you're not so much concerned (or not only concerned) about Google correlating your cross-site usage, but about all of the other sites getting together to correlate your usage, independently of Google (or whoever your OAUTH provider is) but using your common OAUTH ID.

    Do you have link to the random ID stuff from Google? That's intriguing.

    Given a web site that accepts true OAUTH (not just "log in with Google, Facebook, or Yahoo"), you could make your own OAUTH provider that gives you random IDs which can be used with different sites. I'm sure that's what Google is providing, though I'd still like to read the details.

    I understand that the OAUTH provider will always be able to correlate everything, but this problem would be greatly mitigated if we actually had a real choice of OAUTH provider. As I said, this will never happen.

    There are a few sites I know of that accept arbitrary providers. Stackoverflow does, for example. I agree that we need to get more sites accepting any openid, rather than just one of the big providers. But that's a per-site decision... and so is the -- vastly inferior -- approach proposed in TFA. If sites were willing to adopt TFA's idea, they should be even more willing to adopt OAUTH.

    The fact that OpenID/OAUTH isn't as widely deployed as it should be, or deployed in the right configuration, isn't a reason to dismiss the technology, it's a reason to get it deployed more widely, and correctly.

  23. Re:Completely missing the point on Mitigating Password Re-Use From the Other End · · Score: 1

    The common security objection to this approach -- that centralizing your authentication in a single account creates a single point of failure for your security -- ignores the fact that your web security already has a single point of failure, even if you use unique, strong passwords for every site you visit. That SPOF is your e-mail account, because essentially all web sites use the ability to receive e-mail as the golden key that bypasses all of their other security mechanisms

    That single point of failure is unlikely to cause your entire userbase to be compromised in a single breach. A single user's email gets breached and it doesn't impact everyone on your service. A single webmail site gets breached and that affects only the accounts for your service that use those webmail accounts. Unless all your users use the same webmail, you still don't have a *single* point of failure.

    I was speaking from the user's perspective, not the site's perspective.

    And your argument applies equally well to using OAUTH... a breach of one user's OAUTH provider account affects only that user. And a total breach of an OAUTH provider affects only the subset of your users using that provider.

    You also ignore the ability to use multiple communication channels to communicate a password reset to your users. Email, text message, and even snail mail are options for verification, and each is appropriate for different levels of security. Remember: neither everyone nor everything requires uber-ultra-mega-secure-perfect-in-theory security.

    All of which applies in exactly the same way in an OAUTH world.

    I don't think you know what you're talking about.

  24. Re:Completely missing the point on Mitigating Password Re-Use From the Other End · · Score: 2

    OAUTH could have been nice, but Google, Facebook, etc. just see it as an opportunity for more data gathering.

    If Google et al cared more about security than violating my privacy they would support a single sign standard on that didn't enable the correlation of user activity across sites.

    This will never happen.

    Did you not read my post?

    If you don't want to use Google as your OAUTH provider, don't! Pick a different one. If you want one that guarantees not to violate your privacy, find one that makes that guarantee. Don't trust guarantees? Fine... run your own OAUTH provider. It's as simple as setting up a server and installing some software.

    As for your theoretical single sign-on standard that doesn't enable the correlation of user activity across sites, by all means please tell us how such a thing would work. Keep in mind that the authentication must be portable, that I should be able to authenticate on a friend's computer roughly as easily as I can on my own, and that complex key management schemes are barely usable by geeks and completely unusable by everyone else.

  25. Re:Wrong approach in use. Secrets should be local on Mitigating Password Re-Use From the Other End · · Score: 1

    That's impractical.

    10 years ago, I'd have been right with you on that. Five ago I realized that key management is harder than it appears. Today I know that it's just impossible for the general public to do. Too many devices, none of which are very secure, and each of which represents a single point of failure. Not only that, users want mobility. They don't want to be tied to a single device, or even a small set of devices -- and that's entirely reasonable.

    On the other hand, there's nothing fundamentally wrong with password authentication, if it's done right, and if the user only needs one password -- not a password per-site. The problem is that managing passwords correctly (on the server side) is much harder than it appears, and there are many sites.

    The solution is single sign on, and we've already implemented it: OAUTH.