Too complex for someone who can be trusted to remotely tweak a router - no
And what is your suggestion for the case mentioned by the GP "for your elderly parents or other friends"? As somebody suggested earlier "just use an old Dell and threw OpenBSD on it"? Let them have a full computer just so you can tunnel through the router to it and then access from it the router interface? There's always a compromise between security and convenience and really in this case it isn't the worst compromise possible to just let the router interface available. I bet there are out there many more ancient windows boxes that haven't been patched for many years, fully exposed to internet than these routers.
You can't foresee what would happen if you go to the bakery. You might have an accident and lose an eye or a leg or your life. Or you can find the love of your life. Or the one that would "peck your soul out". It's called life. It's my decision. I don't worry about google having my shit. It's enough to be worried about insecticides, pesticides, food additives, carcinogens, worried about radon gas, worried about asbestos, worried about saving endangered species.
Actually I wanted to post explicitly that I wouldn't give my location history to my employer but I was thinking it went without saying if I said I don't want my mother or spouse to have it. So yes, if Google/Alphabet was my employer I would most likely NOT have my location (or email or pics or documents or anything) stored with them. As for having shares... you must be VERY naive if you think storing MY location would influence either way the share price.
YES, it is opt in. Without giving explicit permission not even Google Maps (the default navigation app on your phone, at least for those related to Google's ecosystem) would access your location, not even once. Storing your location is again a different step in the wizard (separated from accessing it in the first place). If anything there's TO MUCH opt in but hey, you asked for it!
Now let's say they "trick you" this way and you opt in to something you didn't want to, just because you like to opt in to everything instead of thinking about what you want to actually chose.
BUT! Once enabled it's sending you now and then emails with Location Reporting Privacy Reminder To protect your privacy we would like to remind you that your mobile device is reporting your location data to Google.
In the Maps app "Your timeline" isn't at all hidden, actually it is in the first level menu, just under "Your places" (basically your bookmarks). You ARE bound to check it out.
Also, if you browse to google maps while logged in to your google account it will tell your location clearly and also showing: "From you phone (Location History) Update Learn More"
In short there is no shortage of opt in, if anything there's too much. And if you got something wrong they'll remind you in many ways. The only real danger is as I mentioned if they make it just illegal for you to opt in, completely. Which they can very well do and I actually see it happening, "for your own good".
I am aware of all (or at least countless) risks involved. Even if I don't and didn't have anything to hide I've been sending PGP encrypted emails since more than 20 years. And I stopped doing so for more than 20 years. I lived for half my life in a dictatorship where you could "go away" and never been heard of for less than 5 words said to the wrong person. I am in no way naive or uninformed, I've been following up on security (not only computing security), privacy, heavy handed governments and so on; this is not something you can turn off.
BUT I'm happy with Google having my location. All the time, the more precise the better (well, preferably without killing my battery). I tried to do it myself and keep a GPS log since 2006 or so. I was having a GPS with me with multiple batteries that I would replace over the day but of course I couldn't do it very often, it had to be only on special occasions. It was very painful to melt tons and tons of files (I still have them) and in the end rather pointless. I managed (barely) to find a perl script that would at least tag my pictures with their location but there is no good software to manage the pics (if you have a lot of them, not only a small folder), even if they have proper GPS tags. Google Photos (yes, I give them my pictures too) finds places where I've been instantly. It even finds them if the pics are coming from non-GPS cameras, by correlating the location from the phone (the same thing I've been doing very painfully back in 2006-2007). Google Timeline (including the decent mobile version from Google Maps) helped me find again places I didn't know in advance I had to bookmark and once even answered the question "I know what you did last night" - because I DIDN'T (no joke, years ago I remember an article, most likely on slashdot too, that was half-jokingly saying google can tell where you've been last night if you can't remember - and that came in hand this Christmas...).
Funny thing is EU used to (for more than one decade if I remember correctly) force mobile providers to keep your metadata (including the location, albeit not as precise as Google does it now, but those were other times) for at least 6-24 months (at least, without any obligation to age it off). And make it available to the state when needed of course. Everything at your expense of course (as part of your mobile contract). And -here's the kicker- YOU COULDN'T GET THIS DATA. Even if you went to Vodafone and said: ok, I pay you already to store all my shit for at least 24 months, what about letting me have it too? I can pay extra for your trouble, how about that? Nope, no option. At least with Google you can download it via Takeout and use it how you like it and you can use it in the built-in Google Maps/Timeline and Photos too.
YES, I wouldn't give my mother or my significant other access to my timeline. But I'm happy with Google having it. Yes, I understand the risks and I understand there are meta-risks I can't even imagine now. But this is a risk I'm willing to take. And I'll be really, really pissed if the government comes and says I can't just tick a box and agree that Google tracks me, as much and as accurately as technically feasible.
OneNote (desktop not the "tablet" abomination) had (has) a perfectly good snipping tool. However from Win7->8 they changed the combination from WinKey-S to Win-Shift-S (and used the former for search). It was bad for a while but got used to it.
Now with some W10 update (aniversary, FC? doesn't matter) they took the Win-Shift-S for their stupid screenshot tool (which when triggered looks exactly the same as OneNote's except that nothing happens afterwards which makes you think something is messed up with OneNote). And while you can disable completely Win-Shift-S you can't assign it back to OneNote (and changing OneNote's hotkeys is something well hidden in registry anyway).
With google offering a very seamless "unlimited" if you let them "scale down" to 16Mpixel or 1080p (more than enough for all casual users) I see it unlikely that flickr will put any tighter limits than now, at least for total pictures.
You can never be sure the manufacturer didn't cut some corners and/or made any honest mistakes when implementing such a touchy beast. You'll never be sure if the manufacturer didn't share with both OSes in a risky way some keyboard/video/multimedia/networking component that can run some code injected by the untrusted OS (that is even if they properly separate everything you mentioned as separated: OS, BIOS, CPU, RAM, SSD, USB).
Plus by your design the "attacker OS" has already access to keyboard and video so how do you know it isn't using it? Just trust the manufacturer? You can just as well trust directly the primary box. You might "feel" oh, Macbooks or Chromebooks or ipads or android or windows boxes are a can of worms and not to be trusted but any half-baked and barely used contraption like you are suggesting will be orders of magnitude worse.
It is hard to describe what is about without giving out major spoilers. It starts with something about first contact, earth politics, cold war, early space exploration stuff, virtual reality and goes to more than "sky's the limit". The plot for each of the books is easy to find and skim through but I strongly recommend you just go and read the books, they are available in English from all the usual places, including in digital form (and even audiobooks).
If you liked any of Greg Bear, Heinlein/Clarke/Asimov, Peter Hamilton, Joe Haldeman, Hal Clement - just get the books and enjoy them without any spoilers. Highly recommended. There might be especially at the beginning and in the first book parts you don't care about - just hang in there. The pace is changing quite a few times and everything is well explained. And I was so sad when it was over (not to say the end was sad just that I dreaded that there isn't anything more coming).
Just when you'd think everything on the small/big screen would suck forever. The announcement that they're making the Martian came as I still had vivid in my mind the book, so with this trilogy.
And this is really, really, really good for a series - and I mean for people with attention spans longer than 30 seconds. The book(s) just don't seem to end - in a very good way. I did have quite a few times the sensation that things are winding down and "this is it", nope - here comes more. And more. And more.
what do you think is going to be required on, say, Christmas Day when everyone wants to play their new games
So you're saying this won't work because EVERYONE is getting new games on Christmas Day and has nothing better to do than to play right then? This (assumption) is clearly false. Now how much they can save because not EVERYONE is online at the same time even at peaks plus doing it "in bulk" versus what overhead they're having (and what profit margin they want) is another discussion. And there's another discussion too if this would ever work properly from the technical side.
Then it's going to cost AT LEAST as much as a GPU, a computer, the cost of the game, the connectivity, and the associated hardware (at your end) overall. Or they either would be making a massive loss, or it would be shit.
Obviously "dedicated" means for the time you play not that it sits there idly waiting for you. So multiple (possibly many, many) customers could be using the same board at different times.
I wonder what people are expecting. They aren't treating this seriously, at least on My Cloud Gen 2 (current) there isn't even an option to cleanly shutdown or unmount or mount read-only the main volume. Not even if you enable ssh access (which they warn you not too, for good reason as it is OpenSSH_5.0p1, probably close to 10 years old).
This is not something you don't catch at testing, not something you design later. Anybody who used a computer since windows 95 and has some working neurons will think "hm, I'm supposed to do some tests or write some documentation on this box I have here but now that I'm done how to shut it down. Pull the plug? Nah, can't be.". They probably asked and the well practiced answer from the (inaptly called) Engineering was "just pull the plug on that 8TB ext4 volume, what can go wrong?".
This has been tried with Microsoft Continuum and Samsung DeX but for whatever reason it just isn't popular (to say the least). There were dreams about having docking stations in the offices/homes/hotels/etc. but they went for now at least the way of the flying car.
A PC isn't the huge investment that used to be 20 years ago and one that would perform as a desktop for light browsing/youtube/document editing or whatever you want to do with a phone can be found literally in the trash. People just aren't setting up a desktop environment with monitor/keyboard/mouse and skip the PC. Using the phone as a desktop is way less flexible and "strange", you tie your phone to the desk, it just isn't something that anybody seem to want.
Yes, this is what I wanted to post too - this attack is much harder than just making the malware not trigger the defender.
HOWEVER I wonder who came up with this "brilliant" idea, I was always in my head operating on the assumption that "live" scan operates by intercepting the call of the application and analyzing the data there. This idea of "let me go outside and see what this file is" for this purpose is not only crazy and a small security gap but also a performance killer.
There's a big difference: bandwidth comes and goes but storage stays.
With storage people put 50-500TBs on amazon (now on google) in a matter of days (they're using fast VPSes, google compute stuff, etc). Then they're using 1000 times the regular user forever. This doesn't happen with bandwidth. You can't just use your pipe for 3 days then cost your ISP forever as much as 1000 "average" customers (even if you turn your computer off). Then when you are in the mood do some uploads again and start to cost the provider 2000 times. Then 3000 times. Every day for two years.
Plus they need to keep all the storage, always. There's some congestion and you get only 90% of the bandwidth that's life. No more shrimp at the all you can eat after hour X - tough. Try to lose 10% of the data and see if people are happy.
Why would your friend/relative want to store a bunch of HDDs and do this "swap dance" for eternity?
These ideas of setting up a server at grandma's house two states away are absurd. You think she wants a server or even a RaspberryPi with a HDD attached running 24/7?
Why wouldn't a friend or relative want to help you? Maybe you're coming from a culture where everything has to be paid cash but and handled by a company but other people help each other with what they can (and certainly storing some drives qualifies, there are people storing in the basement or garage other's stuff since 15 years).
As far as grandma goes she has not a raspi as they weren't even on the drawing board back then but a Dockstar (something similar with 128MiB RAM, yes Debian supported). Enough for rsync/encfs and samba.
Correct. If anything Microsoft has a history of messing up the drivers so you get all kinds of nasty stuff: crashes when connecting/disconnecting the keyboard, in-use drivers that Microsoft's own update process can't update, poor battery life, etc.
Slashdot Mirror
And what is your suggestion for the case mentioned by the GP "for your elderly parents or other friends"? As somebody suggested earlier "just use an old Dell and threw OpenBSD on it"? Let them have a full computer just so you can tunnel through the router to it and then access from it the router interface? There's always a compromise between security and convenience and really in this case it isn't the worst compromise possible to just let the router interface available. I bet there are out there many more ancient windows boxes that haven't been patched for many years, fully exposed to internet than these routers.
You can't foresee what would happen if you go to the bakery. You might have an accident and lose an eye or a leg or your life. Or you can find the love of your life. Or the one that would "peck your soul out". It's called life. It's my decision. I don't worry about google having my shit. It's enough to be worried about insecticides, pesticides, food additives, carcinogens, worried about radon gas, worried about asbestos, worried about saving endangered species.
Actually I wanted to post explicitly that I wouldn't give my location history to my employer but I was thinking it went without saying if I said I don't want my mother or spouse to have it. So yes, if Google/Alphabet was my employer I would most likely NOT have my location (or email or pics or documents or anything) stored with them. ... you must be VERY naive if you think storing MY location would influence either way the share price.
As for having shares
YES, it is opt in. Without giving explicit permission not even Google Maps (the default navigation app on your phone, at least for those related to Google's ecosystem) would access your location, not even once. Storing your location is again a different step in the wizard (separated from accessing it in the first place). If anything there's TO MUCH opt in but hey, you asked for it!
Now let's say they "trick you" this way and you opt in to something you didn't want to, just because you like to opt in to everything instead of thinking about what you want to actually chose.
BUT! Once enabled it's sending you now and then emails with Location Reporting Privacy Reminder
To protect your privacy we would like to remind you that your mobile device is reporting your location data to Google.
In the Maps app "Your timeline" isn't at all hidden, actually it is in the first level menu, just under "Your places" (basically your bookmarks). You ARE bound to check it out.
Also, if you browse to google maps while logged in to your google account it will tell your location clearly and also showing:
"From you phone
(Location History)
Update
Learn More"
In short there is no shortage of opt in, if anything there's too much. And if you got something wrong they'll remind you in many ways. The only real danger is as I mentioned if they make it just illegal for you to opt in, completely. Which they can very well do and I actually see it happening, "for your own good".
I am aware of all (or at least countless) risks involved. Even if I don't and didn't have anything to hide I've been sending PGP encrypted emails since more than 20 years. And I stopped doing so for more than 20 years. I lived for half my life in a dictatorship where you could "go away" and never been heard of for less than 5 words said to the wrong person. I am in no way naive or uninformed, I've been following up on security (not only computing security), privacy, heavy handed governments and so on; this is not something you can turn off.
BUT I'm happy with Google having my location. All the time, the more precise the better (well, preferably without killing my battery). I tried to do it myself and keep a GPS log since 2006 or so. I was having a GPS with me with multiple batteries that I would replace over the day but of course I couldn't do it very often, it had to be only on special occasions.
It was very painful to melt tons and tons of files (I still have them) and in the end rather pointless. I managed (barely) to find a perl script that would at least tag my pictures with their location but there is no good software to manage the pics (if you have a lot of them, not only a small folder), even if they have proper GPS tags. Google Photos (yes, I give them my pictures too) finds places where I've been instantly. It even finds them if the pics are coming from non-GPS cameras, by correlating the location from the phone (the same thing I've been doing very painfully back in 2006-2007). Google Timeline (including the decent mobile version from Google Maps) helped me find again places I didn't know in advance I had to bookmark and once even answered the question "I know what you did last night" - because I DIDN'T (no joke, years ago I remember an article, most likely on slashdot too, that was half-jokingly saying google can tell where you've been last night if you can't remember - and that came in hand this Christmas...).
Funny thing is EU used to (for more than one decade if I remember correctly) force mobile providers to keep your metadata (including the location, albeit not as precise as Google does it now, but those were other times) for at least 6-24 months (at least, without any obligation to age it off). And make it available to the state when needed of course. Everything at your expense of course (as part of your mobile contract). And -here's the kicker- YOU COULDN'T GET THIS DATA. Even if you went to Vodafone and said: ok, I pay you already to store all my shit for at least 24 months, what about letting me have it too? I can pay extra for your trouble, how about that? Nope, no option. At least with Google you can download it via Takeout and use it how you like it and you can use it in the built-in Google Maps/Timeline and Photos too.
YES, I wouldn't give my mother or my significant other access to my timeline. But I'm happy with Google having it. Yes, I understand the risks and I understand there are meta-risks I can't even imagine now. But this is a risk I'm willing to take. And I'll be really, really pissed if the government comes and says I can't just tick a box and agree that Google tracks me, as much and as accurately as technically feasible.
OneNote (desktop not the "tablet" abomination) had (has) a perfectly good snipping tool. However from Win7->8 they changed the combination from WinKey-S to Win-Shift-S (and used the former for search). It was bad for a while but got used to it.
Now with some W10 update (aniversary, FC? doesn't matter) they took the Win-Shift-S for their stupid screenshot tool (which when triggered looks exactly the same as OneNote's except that nothing happens afterwards which makes you think something is messed up with OneNote). And while you can disable completely Win-Shift-S you can't assign it back to OneNote (and changing OneNote's hotkeys is something well hidden in registry anyway).
With google offering a very seamless "unlimited" if you let them "scale down" to 16Mpixel or 1080p (more than enough for all casual users) I see it unlikely that flickr will put any tighter limits than now, at least for total pictures.
https://xkcd.com/1968/
Also isn't "this weekend" referred in TFS the wrong one for the vast majority (if not the entirety) of the world?
"Drive more installs with social, email, and SMS marketing campaigns"
Doesn't sound fishy at all.
You can never be sure the manufacturer didn't cut some corners and/or made any honest mistakes when implementing such a touchy beast. You'll never be sure if the manufacturer didn't share with both OSes in a risky way some keyboard/video/multimedia/networking component that can run some code injected by the untrusted OS (that is even if they properly separate everything you mentioned as separated: OS, BIOS, CPU, RAM, SSD, USB).
Plus by your design the "attacker OS" has already access to keyboard and video so how do you know it isn't using it? Just trust the manufacturer? You can just as well trust directly the primary box. You might "feel" oh, Macbooks or Chromebooks or ipads or android or windows boxes are a can of worms and not to be trusted but any half-baked and barely used contraption like you are suggesting will be orders of magnitude worse.
I liked this: "Life is a distraction for physics."
It is hard to describe what is about without giving out major spoilers. It starts with something about first contact, earth politics, cold war, early space exploration stuff, virtual reality and goes to more than "sky's the limit". The plot for each of the books is easy to find and skim through but I strongly recommend you just go and read the books, they are available in English from all the usual places, including in digital form (and even audiobooks).
If you liked any of Greg Bear, Heinlein/Clarke/Asimov, Peter Hamilton, Joe Haldeman, Hal Clement - just get the books and enjoy them without any spoilers. Highly recommended. There might be especially at the beginning and in the first book parts you don't care about - just hang in there. The pace is changing quite a few times and everything is well explained. And I was so sad when it was over (not to say the end was sad just that I dreaded that there isn't anything more coming).
Just when you'd think everything on the small/big screen would suck forever. The announcement that they're making the Martian came as I still had vivid in my mind the book, so with this trilogy.
And this is really, really, really good for a series - and I mean for people with attention spans longer than 30 seconds. The book(s) just don't seem to end - in a very good way. I did have quite a few times the sensation that things are winding down and "this is it", nope - here comes more. And more. And more.
So you're saying this won't work because EVERYONE is getting new games on Christmas Day and has nothing better to do than to play right then? This (assumption) is clearly false. Now how much they can save because not EVERYONE is online at the same time even at peaks plus doing it "in bulk" versus what overhead they're having (and what profit margin they want) is another discussion. And there's another discussion too if this would ever work properly from the technical side.
Obviously "dedicated" means for the time you play not that it sits there idly waiting for you. So multiple (possibly many, many) customers could be using the same board at different times.
I wonder what people are expecting. They aren't treating this seriously, at least on My Cloud Gen 2 (current) there isn't even an option to cleanly shutdown or unmount or mount read-only the main volume. Not even if you enable ssh access (which they warn you not too, for good reason as it is OpenSSH_5.0p1, probably close to 10 years old).
This is not something you don't catch at testing, not something you design later. Anybody who used a computer since windows 95 and has some working neurons will think "hm, I'm supposed to do some tests or write some documentation on this box I have here but now that I'm done how to shut it down. Pull the plug? Nah, can't be.". They probably asked and the well practiced answer from the (inaptly called) Engineering was "just pull the plug on that 8TB ext4 volume, what can go wrong?".
This has been tried with Microsoft Continuum and Samsung DeX but for whatever reason it just isn't popular (to say the least). There were dreams about having docking stations in the offices/homes/hotels/etc. but they went for now at least the way of the flying car.
A PC isn't the huge investment that used to be 20 years ago and one that would perform as a desktop for light browsing/youtube/document editing or whatever you want to do with a phone can be found literally in the trash. People just aren't setting up a desktop environment with monitor/keyboard/mouse and skip the PC. Using the phone as a desktop is way less flexible and "strange", you tie your phone to the desk, it just isn't something that anybody seem to want.
You've got to, in order to compensate for the lack of basic math skills.
Yes, this is what I wanted to post too - this attack is much harder than just making the malware not trigger the defender.
HOWEVER I wonder who came up with this "brilliant" idea, I was always in my head operating on the assumption that "live" scan operates by intercepting the call of the application and analyzing the data there. This idea of "let me go outside and see what this file is" for this purpose is not only crazy and a small security gap but also a performance killer.
There's a big difference: bandwidth comes and goes but storage stays.
With storage people put 50-500TBs on amazon (now on google) in a matter of days (they're using fast VPSes, google compute stuff, etc). Then they're using 1000 times the regular user forever. This doesn't happen with bandwidth. You can't just use your pipe for 3 days then cost your ISP forever as much as 1000 "average" customers (even if you turn your computer off). Then when you are in the mood do some uploads again and start to cost the provider 2000 times. Then 3000 times. Every day for two years.
Plus they need to keep all the storage, always. There's some congestion and you get only 90% of the bandwidth that's life. No more shrimp at the all you can eat after hour X - tough. Try to lose 10% of the data and see if people are happy.
The lameness filter is lame.
I don't think Google wants to get into the business of saving crap for nothing (or pennies).
For reference: https://hardware.slashdot.org/...
Why wouldn't a friend or relative want to help you? Maybe you're coming from a culture where everything has to be paid cash but and handled by a company but other people help each other with what they can (and certainly storing some drives qualifies, there are people storing in the basement or garage other's stuff since 15 years).
As far as grandma goes she has not a raspi as they weren't even on the drawing board back then but a Dockstar (something similar with 128MiB RAM, yes Debian supported). Enough for rsync/encfs and samba.
Correct. If anything Microsoft has a history of messing up the drivers so you get all kinds of nasty stuff: crashes when connecting/disconnecting the keyboard, in-use drivers that Microsoft's own update process can't update, poor battery life, etc.
Am I the only one who copy pasted the title to check if it includes "fail" with a funky PascalCase?