His argument was that there was no use case for it, and that it would not be possible to secure it. That's very different from saying they want it to become more secure.
If you use that logic we would have had no technological progress, ever. No invention ever solved a monumental problem on day one, everything has been incremental improvements to things over time. Nobody thought that we needed to have a computer in our pocket at all times and yet people really enjoy having that at this point,. This message is being composed entirely by voice. Something you say we don't need, and I'll agree we don't need it, that doesn't mean we don't want it, or that it doesn't improve our lives in some way.
Just because you personally aren't interested in any Improvement to human-computer interfaces, doesn't mean that the entire world is like you.
Sometimes it really is nice not to have to get up go over to a keyboard sit down and type a bunch of things in. Small conveniences really do add up and can make a big difference to your life.
That's fine really, because I have yet to come up with any legitimate reason to use this "service". If someone sends me one of these, I'll just send it to spam right away because there's no way it's a legitimate email.
I would recommend that anyone running a mail server should probably do that system wide.
I think your missing the real attack. It doesn't seem like things are inaudible, but more that they're disguised as other sounds. Being that computers and humans "hear" very differently, it's not really a surprise that you can craft a sound that would sound like one thing to a computer, but something else to a human listener.
Something trivially solved with voiceprints, a several decade old technology.
Near as I can tell from the poor explanations given, the sounds aren't actually inaudible, they're simply disguised. It's not that a human hears nothing while the device hears a command, it's that a human hears white noise, or music, or unrelated speech, and the device hears a command.
Considering that computers and humans "hear" in very different ways, it's not really a surprise that you can craft an audio signal that sounds like one thing to a human, and yet sounds like something different to a computer.
What *IS* surprising though is that we've gotten this far in to the voice assistant craze, and seen many attacks, including ones airing on national TV during some of the most watched events of the year, and yet the manufacturers still don't use voiceprints ubiquitously. That's really inexcusable as the technology for that is decades old already, and would immediately shutdown any attack targeting more than a single user, while at the same time likely making it much harder to disguise a command as something else.
Voiceptints aren't the be-all end-all of security in this realm, but they would sure go a long way here!
Sure, it's illegal. But we live in a world with many criminals. You can't assume that the simple fact that an act is illegal will provide you any protection against someone doing it.
Spam is illegal in most places, as are unsolicited phone calls, and yet there are thousands of businesses doing both on a daily basis. Do you trust that those same businesses wouldn't also try running a TV ad or radio spot?
Why would the user need to set it? it seems that there's a known frequency range for all human speech and anything outside of that should be rejected. No user side configuration required.
That said, the article is less clear about this, but I suspect the sounds aren't actually outside of the human voice/hearing range, but rather disguised in other sounds. It's not that you hear silence while your voice assistant hears a command. It's more that you hear music, or white noise, or something else, while it hears a command. This is harder, because computers simply don't "hear" the same way that humans do, so it's no surprise that you can come up with sounds that trick the computer in to thinking they are the right words, while a human doesn't hear it.
The most obvious solution is voiceprints, which I'm shocked aren't already widely in use, the technology is decades old at this point. Sure it doesn't help against a determined attacker who can record and synthesize your voice, but it has 2 big advantages in this case: 1) it's likely much harder to disguise a voice command as something else if it also has to match a voiceprint. 2) you immediately eliminate all attacks that target multiple people at once (ads on TV or radio, youtube videos targeted at a wide audience, etc)
Voiceprints aren't perfect, but they do a good job of defeating anything that's crafted to blanket a large number of users.
If voiceprints are used, you couldn't for example, simply air a commercial on TV that makes millions of devices order a product.
Basically it's a hugely effective method of blocking spam.
That said, you are correct that it's basically useless against a determined attack on a specific individual, but so are door locks and I don't see people advocating that we should get rid of those.
Security does not need to be, nor should it ever be, an all or nothing approach. It needs to combine all sorts of elements to make it work properly. Voiceprints are a good start as they can instantly stop the most prolific attacks. That's not to say other methods shouldn't also be employed, but start with the obvious things and work up from there.
More specifically that if they dared run the applications they want to on the machine Google would throw up a big scary warning screen with loud audible beep that begs anyone nearby to please wipe your data. But other than that, sure, it was actually easy to run any app you want. As long as you are willing to risk all your data.
You appear to be referring to "Developer mode". Developer mode is available in all Chromebooks, and they've always made it easy to get into. It's off by default, because the entire point of the Chromebook is to be a secure platform, and giving people access outside of the sandbox is risky.
When did we re-define "secure" to mean "the end user isn't allowed to choose what to do with their hardware"? That's not security, that's oppression. Blocking the end user from running apps, does not stop hackers from accessing your data, or running their own apps. It only means that you don't actually own the hardware you bought and paid for.
They've never "blocked" this functionality. They implemented the functionality.
Debatable. By putting up so many barriers (including making sure that any passer-by can wipe your drive clean just by pressing the largest key on the keyboard) They have very much actively discouraged using this functionality, even if it's not technically "blocked". As for "implemented" it's hard to give credit for someone who spends tons of time, effort, and money taking away the primary feature of a general purpose computer just because they come up with the most awkward and inconvenient way possible to give it back to you later.
What appears to be being announced today is that they've found a way to sandbox regular old GNU/Linux applications, so they have the same level of security that NaCl, Web apps, and sandboxed Android APKs do.
That's definitely new, and that's definitely positive.
And by "security" you really mean "lack of end user control", as opposed to the traditional definition of security which would be more focussed on blocking attackers, and less focused on keeping the owner of the machine from actually having any control over it.
Developer mode however is an insecure system. It doesn't sandbox anything. When you're in developer mode, you literally have control over the entire workings of your Chromebook. You can even overwrite the BIOS.
Since when did the definition of "insecure" change to mean "the customer has control of the device they bought and paid for"? This is a complete re-definition of the word, and is entirely in the favor of the corporations fighting against the end users.
What this article is about is the ability to run arbitrary GNU/Linux applications in a sandbox. It will not give you, or those applications, control over the Chromebook. Your data will remain safe.
The only threat to your data in developer mode was Google themselves with the moronic decision to allow anyone to wipe your device by pressing the spacebar at the big scary security screen. THAT is what is talked about when people talk about google preventing people from running what they want on their own machines, the fact that Google makes it as scary and fragile as possible to control what you already own.
The only thing the two things have in common are that if you want to run an arbitrary GNU/Linux application, both systems allow you to do so. That's a little like arguing that a car is the same thing as a bus because both can transport you to work.
Here you are correct. The original developer mode was a way for you to actually own the hardware you paid for, as long as you were ok with any passer-by wiping your device clean if the looked at it funny. The new version is making sure that ownership of your device continues to rest with the manufacturer, but at least you're allowed to use it for a subset of approved activities.
So in other words, this is a solution to a problem that Google themselves created. And not even the easy solution which would be to quit putting up stupid screens that allow people to wipe the machine by pressing the spacebar!
The only thing that's "insecure" about developer mode is that one stupid screen. I wish companies would stop this war against their end users and allow people to have some control over their own devices without such stupid shenanigans!
I'm on Chrome 66 for Android and I see autoplay videos (muted) many times every day on a variety of different sites. If there's a way to prevent it I'm all ears! (On my laptop I have an extension that prevents it, but no such luck on my phone)
The whole concept of "diversity goals" is 100% discrimination. There is no other word possible for the concept of selecting people based purely on their gender or race.
As for who can discriminate. It's become very apparent that many people are capable of discriminating. There is however very much a double standard when it comes to what forms are "acceptable"
And yet hemp uses more energy to grow and process than cotton, and if you are just worried about density, you should be in favor of polyester instead as it is even more dense than hemp. Polyester also uses far less water than hemp. And hemp is very labour intensive too making it quite expensive to cultivate.
In general artificial fibres are superior to hemp in almost every way, and cheaper to create as well.
As for hemp milk, actual cow's milk is better for you (more protein, less fat) and doesn't require an "acquired" taste, If you can't have cow's milk, soy milk also has more benefits, and fewer drawbacks than hemp.
For hemp seeds, depends what you're taking them for, but chia seeds are better for fibre and calcium, eggs are better for protein (and if you see above, switching away from hemp milk to many other products would also reduce the need for excess protein here) flax seeds are also a better alternative in many ways including some cancer prevention.
As with every hemp product out there, there's always a better alternative than hemp. Unless of course your real desire is to get marijuana, in which case rational discussion is irrelevant.
Well to start with it's not nearly as complicated as you make it out to be because nobody is trying to use such sneaky tactics, but beyond that, it's still easy, does the image change on a frequent basis with no user input? then it's a video. Done.
You are WAY over complicating matters. This isn't rocket science, there are dozens of extensions that are able to accomplish this feat with near 100% success, there's no reason why it can't also be done on a mobile phone.
I disagree, If you can't tell if it's video or not, you also wouldn't be able to play it. The fact that you can play it means you know what it is, and can also block it.
Browser coders aren't as completely incompetent as you make them out to be.
Why should we use more of it? I have yet to see ANY application where hemp was superior to existing established materials.
It's often touted as a miracle material to substitute for all sorts of things, but that's only because people are desperate to come up with some form of seemingly legitimate excuse for growing the stuff so they can smoke/eat it.
It's a common trend, basically take ANY hemp product out there, remove the hemp and replace with traditional materials, and you will have improved the product (or at the very least, made it no worse)
People force hemp in to all sorts of things to try to pretend that marijuana has legitimate uses, when in reality they just want to smoke or eat it. Marijuana proponents are nothing if not creative.... (which I guess is to be expected from people who spend too much time around hallucinogens)
I would prefer that Browsers treated the owner of the computer as being in charge, rather than the idiot web "designer". Let users decide if they want to waste all their bandwidth downloading video.
Years ago when connections were slower, all major browsers gave you the option whether or not to load images from websites automatically. Now obviously that's not what people are clamoring for now, but video is the new image, and the choice as to whether or not to download them should rest with the person paying for the bandwidth, the end user.
Slashdot Mirror
His argument was that there was no use case for it, and that it would not be possible to secure it. That's very different from saying they want it to become more secure.
If you use that logic we would have had no technological progress, ever. No invention ever solved a monumental problem on day one, everything has been incremental improvements to things over time. Nobody thought that we needed to have a computer in our pocket at all times and yet people really enjoy having that at this point,. This message is being composed entirely by voice. Something you say we don't need, and I'll agree we don't need it, that doesn't mean we don't want it, or that it doesn't improve our lives in some way.
Just because you personally aren't interested in any Improvement to human-computer interfaces, doesn't mean that the entire world is like you.
Sometimes it really is nice not to have to get up go over to a keyboard sit down and type a bunch of things in. Small conveniences really do add up and can make a big difference to your life.
That's fine really, because I have yet to come up with any legitimate reason to use this "service". If someone sends me one of these, I'll just send it to spam right away because there's no way it's a legitimate email.
I would recommend that anyone running a mail server should probably do that system wide.
I think your missing the real attack. It doesn't seem like things are inaudible, but more that they're disguised as other sounds. Being that computers and humans "hear" very differently, it's not really a surprise that you can craft a sound that would sound like one thing to a computer, but something else to a human listener.
Something trivially solved with voiceprints, a several decade old technology.
Near as I can tell from the poor explanations given, the sounds aren't actually inaudible, they're simply disguised. It's not that a human hears nothing while the device hears a command, it's that a human hears white noise, or music, or unrelated speech, and the device hears a command.
Considering that computers and humans "hear" in very different ways, it's not really a surprise that you can craft an audio signal that sounds like one thing to a human, and yet sounds like something different to a computer.
What *IS* surprising though is that we've gotten this far in to the voice assistant craze, and seen many attacks, including ones airing on national TV during some of the most watched events of the year, and yet the manufacturers still don't use voiceprints ubiquitously. That's really inexcusable as the technology for that is decades old already, and would immediately shutdown any attack targeting more than a single user, while at the same time likely making it much harder to disguise a command as something else.
Voiceptints aren't the be-all end-all of security in this realm, but they would sure go a long way here!
Sure, it's illegal. But we live in a world with many criminals. You can't assume that the simple fact that an act is illegal will provide you any protection against someone doing it.
Spam is illegal in most places, as are unsolicited phone calls, and yet there are thousands of businesses doing both on a daily basis. Do you trust that those same businesses wouldn't also try running a TV ad or radio spot?
Why would the user need to set it? it seems that there's a known frequency range for all human speech and anything outside of that should be rejected. No user side configuration required.
That said, the article is less clear about this, but I suspect the sounds aren't actually outside of the human voice/hearing range, but rather disguised in other sounds. It's not that you hear silence while your voice assistant hears a command. It's more that you hear music, or white noise, or something else, while it hears a command. This is harder, because computers simply don't "hear" the same way that humans do, so it's no surprise that you can come up with sounds that trick the computer in to thinking they are the right words, while a human doesn't hear it.
The most obvious solution is voiceprints, which I'm shocked aren't already widely in use, the technology is decades old at this point. Sure it doesn't help against a determined attacker who can record and synthesize your voice, but it has 2 big advantages in this case: 1) it's likely much harder to disguise a voice command as something else if it also has to match a voiceprint. 2) you immediately eliminate all attacks that target multiple people at once (ads on TV or radio, youtube videos targeted at a wide audience, etc)
Voiceprints aren't perfect, but they do a good job of defeating anything that's crafted to blanket a large number of users.
If voiceprints are used, you couldn't for example, simply air a commercial on TV that makes millions of devices order a product.
Basically it's a hugely effective method of blocking spam.
That said, you are correct that it's basically useless against a determined attack on a specific individual, but so are door locks and I don't see people advocating that we should get rid of those.
Security does not need to be, nor should it ever be, an all or nothing approach. It needs to combine all sorts of elements to make it work properly. Voiceprints are a good start as they can instantly stop the most prolific attacks. That's not to say other methods shouldn't also be employed, but start with the obvious things and work up from there.
What was stopping them before?
Google.
More specifically that if they dared run the applications they want to on the machine Google would throw up a big scary warning screen with loud audible beep that begs anyone nearby to please wipe your data. But other than that, sure, it was actually easy to run any app you want. As long as you are willing to risk all your data.
(aforementioned easy-wipe boot screen aside.)
It's really hard to ignore a massive warning with loud audible beep that begs anyone nearby to please destroy all your data....
If Google really wanted to fix the problem, they didn't need to go to all this work, they just needed to remove that one huge threat!
You appear to be referring to "Developer mode". Developer mode is available in all Chromebooks, and they've always made it easy to get into. It's off by default, because the entire point of the Chromebook is to be a secure platform, and giving people access outside of the sandbox is risky.
When did we re-define "secure" to mean "the end user isn't allowed to choose what to do with their hardware"? That's not security, that's oppression. Blocking the end user from running apps, does not stop hackers from accessing your data, or running their own apps. It only means that you don't actually own the hardware you bought and paid for.
They've never "blocked" this functionality. They implemented the functionality.
Debatable. By putting up so many barriers (including making sure that any passer-by can wipe your drive clean just by pressing the largest key on the keyboard) They have very much actively discouraged using this functionality, even if it's not technically "blocked". As for "implemented" it's hard to give credit for someone who spends tons of time, effort, and money taking away the primary feature of a general purpose computer just because they come up with the most awkward and inconvenient way possible to give it back to you later.
What appears to be being announced today is that they've found a way to sandbox regular old GNU/Linux applications, so they have the same level of security that NaCl, Web apps, and sandboxed Android APKs do.
That's definitely new, and that's definitely positive.
And by "security" you really mean "lack of end user control", as opposed to the traditional definition of security which would be more focussed on blocking attackers, and less focused on keeping the owner of the machine from actually having any control over it.
So the new part is a way to not be screwed over by Google just because you want to pretend you own your hardware....
Developer mode however is an insecure system. It doesn't sandbox anything. When you're in developer mode, you literally have control over the entire workings of your Chromebook. You can even overwrite the BIOS.
Since when did the definition of "insecure" change to mean "the customer has control of the device they bought and paid for"? This is a complete re-definition of the word, and is entirely in the favor of the corporations fighting against the end users.
What this article is about is the ability to run arbitrary GNU/Linux applications in a sandbox. It will not give you, or those applications, control over the Chromebook. Your data will remain safe.
The only threat to your data in developer mode was Google themselves with the moronic decision to allow anyone to wipe your device by pressing the spacebar at the big scary security screen. THAT is what is talked about when people talk about google preventing people from running what they want on their own machines, the fact that Google makes it as scary and fragile as possible to control what you already own.
The only thing the two things have in common are that if you want to run an arbitrary GNU/Linux application, both systems allow you to do so. That's a little like arguing that a car is the same thing as a bus because both can transport you to work.
Here you are correct. The original developer mode was a way for you to actually own the hardware you paid for, as long as you were ok with any passer-by wiping your device clean if the looked at it funny. The new version is making sure that ownership of your device continues to rest with the manufacturer, but at least you're allowed to use it for a subset of approved activities.
So in other words, this is a solution to a problem that Google themselves created. And not even the easy solution which would be to quit putting up stupid screens that allow people to wipe the machine by pressing the spacebar!
The only thing that's "insecure" about developer mode is that one stupid screen. I wish companies would stop this war against their end users and allow people to have some control over their own devices without such stupid shenanigans!
All I really want is developer mode that doesn't have the obnoxious screen allowing any passer-by to wipe your machine by pressing the spacebar.
The only thing "insecure" about developer mode is that stupid boot screen!
I'm on Chrome 66 for Android and I see autoplay videos (muted) many times every day on a variety of different sites. If there's a way to prevent it I'm all ears! (On my laptop I have an extension that prevents it, but no such luck on my phone)
To be modded funny? Or oblivious?
The whole concept of "diversity goals" is 100% discrimination. There is no other word possible for the concept of selecting people based purely on their gender or race.
As for who can discriminate. It's become very apparent that many people are capable of discriminating. There is however very much a double standard when it comes to what forms are "acceptable"
And yet hemp uses more energy to grow and process than cotton, and if you are just worried about density, you should be in favor of polyester instead as it is even more dense than hemp. Polyester also uses far less water than hemp. And hemp is very labour intensive too making it quite expensive to cultivate.
In general artificial fibres are superior to hemp in almost every way, and cheaper to create as well.
As for hemp milk, actual cow's milk is better for you (more protein, less fat) and doesn't require an "acquired" taste, If you can't have cow's milk, soy milk also has more benefits, and fewer drawbacks than hemp.
For hemp seeds, depends what you're taking them for, but chia seeds are better for fibre and calcium, eggs are better for protein (and if you see above, switching away from hemp milk to many other products would also reduce the need for excess protein here)
flax seeds are also a better alternative in many ways including some cancer prevention.
As with every hemp product out there, there's always a better alternative than hemp. Unless of course your real desire is to get marijuana, in which case rational discussion is irrelevant.
Well to start with it's not nearly as complicated as you make it out to be because nobody is trying to use such sneaky tactics, but beyond that, it's still easy, does the image change on a frequent basis with no user input? then it's a video. Done.
You are WAY over complicating matters. This isn't rocket science, there are dozens of extensions that are able to accomplish this feat with near 100% success, there's no reason why it can't also be done on a mobile phone.
I disagree, If you can't tell if it's video or not, you also wouldn't be able to play it. The fact that you can play it means you know what it is, and can also block it.
Browser coders aren't as completely incompetent as you make them out to be.
While true, there is growing support for the gender neutral singular "They" pronoun, in fact, it's already well established.
That said, using male pronouns in this case is also perfectly acceptable in English, and many style guides still insist on it.
Why should we use more of it? I have yet to see ANY application where hemp was superior to existing established materials.
It's often touted as a miracle material to substitute for all sorts of things, but that's only because people are desperate to come up with some form of seemingly legitimate excuse for growing the stuff so they can smoke/eat it.
It's a common trend, basically take ANY hemp product out there, remove the hemp and replace with traditional materials, and you will have improved the product (or at the very least, made it no worse)
People force hemp in to all sorts of things to try to pretend that marijuana has legitimate uses, when in reality they just want to smoke or eat it. Marijuana proponents are nothing if not creative.... (which I guess is to be expected from people who spend too much time around hallucinogens)
I would prefer that Browsers treated the owner of the computer as being in charge, rather than the idiot web "designer".
Let users decide if they want to waste all their bandwidth downloading video.
Years ago when connections were slower, all major browsers gave you the option whether or not to load images from websites automatically. Now obviously that's not what people are clamoring for now, but video is the new image, and the choice as to whether or not to download them should rest with the person paying for the bandwidth, the end user.