Unfortunately account hijacking due to password re-use is so common that Google has to detect what look like suspicious logins (ie. from a different device, or in a different country, or at an unusual time) and ask additional challenge questions. However, in this case you can enter ANY phone number - it doesn't have to be your own.
Any documents you have stored in google cloud / docs / drive are already being scanned by their software - how else could those docs be displayed and indexed?
Further scanning for malware or whatever isn't done by humans - it's fully automated, implemented by software that in the recent case happened to be buggy.
This no-fly zone feature has been around for quite a while on their high-end models, to prevent users flying over an airport - see http://www.dji.com/fly-safe/ca...
Also, last time I checked the firmware update process involved connecting the quadcopter to a PC via a USB cable, so it's not like new rules are being applied without the user knowing.
As someone who works at a company that has branches all over the world (including India) and employs people from all of the world, I've never seen this happen. Instead everyone who comes over on an H1B starts their green card application process as soon as they can, with the aim of staying in the US permanently.
Have slashdot commenters ranting about H1Bs ever actually worked at a tech company? Or tried to hire someone in tech recently? The idea that there is some huge untapped pool of US workers that are being ignored is simply bullshit - demand is so great currently (at least in Silicon valley) that its damn near impossible to hire anyone decent from anywhere.
Explain to me how allowing more foreign workers to come to the US under H1B visas will increase offshoring? Surely not allowing people to work here is going to cause work to be sent overseas, not the other way around.
Every H1B worker I've met (including myself) wants to get a green card so they can live and work in the US permanently. At which point they are just as much part of the US tech workforce as a citizen who was born and raised here.
You do not have a shortage of good applicants, such a shortage is impossible in a market system like we have. What you have is too low a price point.
I wish that were true.. but there really is a shortage of candidates that know jack shit about coding. I work at a large US tech company as a team lead, so I can see the kinds of salaries that we are paying at various levels. And I do a large number of interviews so I get to see the quality of candidates that apply, and make it past the first couple of levels of filters. New grads are already getting six-figure offers, but we still have trouble finding acceptable candidates.
Couldn't a similar suit be brought against the developers iptables or squid if those applications are used by an oppressive government? Just answering a question from a user with.cn email address could be turned into "assisting the censorship of dissidents" by an enterprising lawyer..
The trouble with Linux, and I'm speaking as someone who's used YaST in precisely this context, is that you have to make a choice - do you let the GUI manage it or do you CLI it?
Or you can use a GUI tool that can parse manually created config files and not break settings in them that it doesn't understand, such as Webmin. YaST has its own separate configuration database that it generates the Apache config files from, so any manual changes you make will either be ignored or over-written.
On a VPS, it really doesn't matter if the hosting company has your root password or not - they can directly access the filesystem to view or modify any files any time they want.
For some virtualization types (like Xen and KVM) it is more convenient for the host to know the root password so they can login to manage the VPS. Without it, filesystem access requires that the VPS be shut down, with is worse for everyone.
For other types like OpenVZ, the host can login as root any time they want, without even knowing the password.
In the case of GoDaddy, they would probably be better off setting up VPSs they sell with an additional root-equivalent account or using SSH keys - that way the customer can keep their root password secret.
While I totally agree that overriding NXDOMAIN responses is evil, returning different DNS responses based on the clients location or for load balancing purposes is an extremely useful technique for last companies serving a large amount of web traffic. For example, check out what www.google.com resolves to from different countries or even at different times - depending on where you look it up from and what network links are up, you will get a different set of IPs.
Sure, determining a browser's location from the DNS client source IP is not totally reliable.. but it is accurate enough to significantly improve user-visible responsiveness by avoiding un-necessary cross-planet network traffic. And even if google gets it wrong, they are no worse off than if they never implemented this in the first place.
Do you think Comcast has a connection they own all the way to every website you visit? Of course not.. which means that they have to pay higher-tier internet providers for links of various speeds. If Comcast's customers then generate too much traffic for those links, they have to pay more for greater capacity.
And even at the tier-1 ISP level, fibre in the ground or under the ocean only has limited capacity. When that gets used up, they have to lay more fibre.. why else do you think ISPs and telcos have been building new undersea and cross-country cables?
Since I live in the area where this happened and it was reported extensively on the local news, I noticed *many* errors in TFA, such as :
- Morgan Hill was not specifically targeted.. the cuts were in San Jose and Santa Clara. At most, Morgan Hill was collateral damage.
- Cables were cut in four different locations, so there was no single point of failure.
- Hosting everything at your site might help in cases like this, but is your mail really more reliable if managed by a part-time sysadmin on a single $1000 box, or at Google where they have triple-redundant everything?
your credit cards you carry around? the PIN number isn't stored on the card - but an MD5 hash of the PIN number *is* stored on the card (making replay attacks possible, believe it or not).
I sure as hell hope not! If that was the case, anyone with a card reader could brute-force your PIN in under a second by taking the MD5 hash of all 4 digit numbers, and comparing them to be hash that is supposedly on the card.
You'd be surprised how often I have seen experienced programmers manually type out long commands or directory paths, instead of using tab completion. Sometimes I have to restrain myself from ripping the keyboard from their hands and using tab to enter the path myself in a 10th of the time.
The situation where Firefox 3's new policy is most annoying is installable applications that use a browser-based UI with SSL. The one closest to my heart is Webmin, which will run in SSL mode by default if the needed Perl libraries are on the system when you install it.
When installed, it generates a self-signed cert unique to the system, with * as the hostname in the cert. This used to work fine - browsers would display a security warning when you connect, but this is expected and covered in the documentation. Sure, there was a risk of MITM attacks the first time you logged in, but having some encryption is way better than none at all, especially for an app that has root access to your system.
Comcast in the silicon valley area (Santa Clara at least) offers 16Mbps. Also, these comparisons between US and non-US broadband speeds are often misleading - from using a bunch of foreign ISPs on my last trip overseas, I found that the actual speed you get to websites is crap compared to what I get in the USA. My guess is that many foreign ISPs don't have the upstream bandwidth to match what they are handing out to customers, so getting 100 Mbps to the home is pretty useless unless you are downloading warez from your neighbours.
That said, since most websites are hosted in the US this kind of subjective measurement doesn't really tell the full story.
Worse still, they were (and maybe still are) redirecting lookups for google.com to their own servers.. and I'm pretty sure that Google isn't often down.
not only that, it will also force control panel companies like cpanel, which serve millions of website users through web hosts to have to force users of their services to pay for SSL certs for each server they use or let their users connect to their site control panels through unencrypted connections. that will eventually drive up prices in the high to mid end hosting market. which is BAD, since majority of people host their websites in such small business hosts with $3-4 bucks a month. the overall effect that will have is yet to be seen.
This is the area that has annoyed me the most - as the author of a web hosting control panel (Virtualmin), which uses SSL for the administration interface by default. Because it generates a self-signed cert when installed, anyone accessing it with FF3 gets an error which cannot be bypassed without having to navigate through a bunch of menus and pages in Firefox's preferences.
In a way, this is a good thing as it makes man-in-the-middle attacks on the control panel harder. However, it forces the hosting provider to purchase a cert for admin.theirdomain.com, and means that all control panel access has to be via that URL, rather than admin.customersdomain.com.
Slashdot Mirror
Unfortunately account hijacking due to password re-use is so common that Google has to detect what look like suspicious logins (ie. from a different device, or in a different country, or at an unusual time) and ask additional challenge questions. However, in this case you can enter ANY phone number - it doesn't have to be your own.
Any documents you have stored in google cloud / docs / drive are already being scanned by their software - how else could those docs be displayed and indexed?
Further scanning for malware or whatever isn't done by humans - it's fully automated, implemented by software that in the recent case happened to be buggy.
This no-fly zone feature has been around for quite a while on their high-end models, to prevent users flying over an airport - see http://www.dji.com/fly-safe/ca...
Also, last time I checked the firmware update process involved connecting the quadcopter to a PC via a USB cable, so it's not like new rules are being applied without the user knowing.
As someone who works at a company that has branches all over the world (including India) and employs people from all of the world, I've never seen this happen. Instead everyone who comes over on an H1B starts their green card application process as soon as they can, with the aim of staying in the US permanently.
Have slashdot commenters ranting about H1Bs ever actually worked at a tech company? Or tried to hire someone in tech recently? The idea that there is some huge untapped pool of US workers that are being ignored is simply bullshit - demand is so great currently (at least in Silicon valley) that its damn near impossible to hire anyone decent from anywhere.
Explain to me how allowing more foreign workers to come to the US under H1B visas will increase offshoring? Surely not allowing people to work here is going to cause work to be sent overseas, not the other way around.
Every H1B worker I've met (including myself) wants to get a green card so they can live and work in the US permanently. At which point they are just as much part of the US tech workforce as a citizen who was born and raised here.
$25k / year?! Fresh grads in silicon valley can get $100k / year jobs at good tech companies - and the median salary is way higher.
1 - What evidence do you have for how much Comcast charges Google or Akamai for placing hardware at their facilities?
2 - Google is just as much a competitor to Comcast via Youtube and the Google Play movies store. Why is only Netflix being targeted?
I'm sure that's what the left-wing conspiracy theorists believe, but in reality he shot himself with an AK-47, and there was no need to reload : http://en.wikipedia.org/wiki/Death_of_Salvador_Allende
You do not have a shortage of good applicants, such a shortage is impossible in a market system like we have. What you have is too low a price point.
I wish that were true .. but there really is a shortage of candidates that know jack shit about coding. I work at a large US tech company as a team lead, so I can see the kinds of salaries that we are paying at various levels. And I do a large number of interviews so I get to see the quality of candidates that apply, and make it past the first couple of levels of filters. New grads are already getting six-figure offers, but we still have trouble finding acceptable candidates.
This chart is nearly useless, as it doesn't account for the average distance traveled per country. You'd be better off reading the wikipedia page that has those stats : http://en.wikipedia.org/wiki/List_of_countries_by_traffic-related_death_rate
Or looking at trend in deaths / mile over time. For example, the US rate of 1.1 per 100M miles in 2011 is an all-time low : http://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year
Couldn't a similar suit be brought against the developers iptables or squid if those applications are used by an oppressive government? Just answering a question from a user with .cn email address could be turned into "assisting the censorship of dissidents" by an enterprising lawyer..
I'm up to 15644 commits in total on the Webmin / Virtualmin projects..
The trouble with Linux, and I'm speaking as someone who's used YaST in precisely this context, is that you have to make a choice - do you let the GUI manage it or do you CLI it?
Or you can use a GUI tool that can parse manually created config files and not break settings in them that it doesn't understand, such as Webmin. YaST has its own separate configuration database that it generates the Apache config files from, so any manual changes you make will either be ignored or over-written.
On a VPS, it really doesn't matter if the hosting company has your root password or not - they can directly access the filesystem to view or modify any files any time they want.
For some virtualization types (like Xen and KVM) it is more convenient for the host to know the root password so they can login to manage the VPS. Without it, filesystem access requires that the VPS be shut down, with is worse for everyone.
For other types like OpenVZ, the host can login as root any time they want, without even knowing the password.
In the case of GoDaddy, they would probably be better off setting up VPSs they sell with an additional root-equivalent account or using SSH keys - that way the customer can keep their root password secret.
While I totally agree that overriding NXDOMAIN responses is evil, returning different DNS responses based on the clients location or for load balancing purposes is an extremely useful technique for last companies serving a large amount of web traffic. For example, check out what www.google.com resolves to from different countries or even at different times - depending on where you look it up from and what network links are up, you will get a different set of IPs.
Sure, determining a browser's location from the DNS client source IP is not totally reliable .. but it is accurate enough to significantly improve user-visible responsiveness by avoiding un-necessary cross-planet network traffic. And even if google gets it wrong, they are no worse off than if they never implemented this in the first place.
Wrong wrong wrong!
Do you think Comcast has a connection they own all the way to every website you visit? Of course not .. which means that they have to pay higher-tier internet providers for links of various speeds. If Comcast's customers then generate too much traffic for those links, they have to pay more for greater capacity.
And even at the tier-1 ISP level, fibre in the ground or under the ocean only has limited capacity. When that gets used up, they have to lay more fibre .. why else do you think ISPs and telcos have been building new undersea and cross-country cables?
Since I live in the area where this happened and it was reported extensively on the local news, I noticed *many* errors in TFA, such as :
- Morgan Hill was not specifically targeted .. the cuts were in San Jose and Santa Clara. At most, Morgan Hill was collateral damage.
- Cables were cut in four different locations, so there was no single point of failure.
- Hosting everything at your site might help in cases like this, but is your mail really more reliable if managed by a part-time sysadmin on a single $1000 box, or at Google where they have triple-redundant everything?
your credit cards you carry around? the PIN number isn't stored on the card - but an MD5 hash of the PIN number *is* stored on the card (making replay attacks possible, believe it or not).
I sure as hell hope not! If that was the case, anyone with a card reader could brute-force your PIN in under a second by taking the MD5 hash of all 4 digit numbers, and comparing them to be hash that is supposedly on the card.
You'd be surprised how often I have seen experienced programmers manually type out long commands or directory paths, instead of using tab completion. Sometimes I have to restrain myself from ripping the keyboard from their hands and using tab to enter the path myself in a 10th of the time.
Google uses aerial photography for the views of major cities - so those 10cm resolution images are not from satellite.
The situation where Firefox 3's new policy is most annoying is installable applications that use a browser-based UI with SSL. The one closest to my heart is Webmin, which will run in SSL mode by default if the needed Perl libraries are on the system when you install it.
When installed, it generates a self-signed cert unique to the system, with * as the hostname in the cert. This used to work fine - browsers would display a security warning when you connect, but this is expected and covered in the documentation. Sure, there was a risk of MITM attacks the first time you logged in, but having some encryption is way better than none at all, especially for an app that has root access to your system.
Comcast in the silicon valley area (Santa Clara at least) offers 16Mbps. Also, these comparisons between US and non-US broadband speeds are often misleading - from using a bunch of foreign ISPs on my last trip overseas, I found that the actual speed you get to websites is crap compared to what I get in the USA. My guess is that many foreign ISPs don't have the upstream bandwidth to match what they are handing out to customers, so getting 100 Mbps to the home is pretty useless unless you are downloading warez from your neighbours.
That said, since most websites are hosted in the US this kind of subjective measurement doesn't really tell the full story.
Worse still, they were (and maybe still are) redirecting lookups for google.com to their own servers .. and I'm pretty sure that Google isn't often down.
not only that, it will also force control panel companies like cpanel, which serve millions of website users through web hosts to have to force users of their services to pay for SSL certs for each server they use or let their users connect to their site control panels through unencrypted connections. that will eventually drive up prices in the high to mid end hosting market. which is BAD, since majority of people host their websites in such small business hosts with $3-4 bucks a month. the overall effect that will have is yet to be seen.
This is the area that has annoyed me the most - as the author of a web hosting control panel (Virtualmin), which uses SSL for the administration interface by default. Because it generates a self-signed cert when installed, anyone accessing it with FF3 gets an error which cannot be bypassed without having to navigate through a bunch of menus and pages in Firefox's preferences.
In a way, this is a good thing as it makes man-in-the-middle attacks on the control panel harder. However, it forces the hosting provider to purchase a cert for admin.theirdomain.com, and means that all control panel access has to be via that URL, rather than admin.customersdomain.com.
I like the look of Usermin for Webmail ( http://www.webmin.com/uwebmail.html ), but I may be biased because I created it ..