Like many a company before them, they realized that their name alone was their most important asset. Some senior executive decided to save a few bucks by capitalizing on that name. The shareholders lose out, but the people who made those decisions have long ago collected their bonuses.
Yup. What is the average passenger going to think when they see a guy go through the "high risk" line and end up sitting next to them on the plane? If they sneeze everybody around them will be yelling for an air marshal.
It would seem smarter to me to keep things uniform so that it isn't subject to the risks of reverse engineering your profiling technique. Just have a bunch of parallel tunnels and everybody gets the full treatment.
If they just figure out how to screen people without making them remove their shoes and empty their pockets that would get rid of 95% of the wait right there.
$100k is something like $1k/month for 30 years. You could fly first class to Europe a few times a year for those kinds of costs. That is an awful lot to spend just to avoid lines. Plus, 95% of the time your plane is sitting in a hanger depreciating. Plus, that $100k plane looks like it seats 1-2, and carries about 850 lbs, of which up to 350 lbs is fuel. That is 500lbs for payload, which isn't much room for luggage (a fair bit if you're alone, and you'll be happy to just get off the ground with two).
A more realistic option is a flying club or such. Ordinary rentals are not much of an option for actual transportation - you might be able to fly for $100/hour, but when you're done they are going to want the plane back, not sitting in some other airport for a week while you're on vacation.
A flying club typically costs maybe $20k or so to join (still quite a bit of cash, but something a bit more manageable), and it still costs quite a bit to fly (what, probably $80/hr or something?). At best the operational cost will about break even with an airline, and then you're paying your loan on the $20k on top of that. Your ability to book that plane for a week or two is going to depend on the club and the days you travel - the more the club is able to have planes available the more they're going to end up having to charge up-front anyway.
Once the kids are independent and I have more spending money I'd probably pursue a pilots license and instrument rating - more for the fun than anything else. However, most affordable aircraft are simply not capable of taking a family of four (or even two) on vacation or whatever. You're going to need a twin engine for that, and the cost goes way up.
I'll agree that cloud solutions right now are weak compared to professional-level desktop solutions. I suspect that we'll see that improve if the concept takes off. I think that the issue here is that Google is dabbling with the concept but hasn't gone all-in.
Not just professional level desktop solutions. I would say that we apps are not even up to consumer level standards. What it comes down to is that the web is just not designed to support that kind of applications that people are trying to build. HTML5 will help, but I think it will still be quite limited. For one thing, the browser is a big sandbox for security reasons. You cannot utilize local hardware and applications can't talk to each other like they can on desktops.
Sure browser-based apps can interact. If you'd like your Facebook page to interact with your Gmail page then Facebook merely needs to make a connection to the Gmail servers on the SERVER side to implement the interaction. What is missing is some way to make this more standard so that we're not talking about a bazillion point-to-point links without a common standard. How does app A know that it might be able to share data with app B?
As you point out that brower runs in a sandbox for security reasons. Google's concept is that EVERYTHING should run in a sandbox - they've done it now with both Android and Chrome. The default permissive desktop OS paradigm is why we have tons of malware, and something like 25% of all windows PCs are infected with it.
Chrome on Windows doesn't work out-of-the-box - you need to install it first,
WEll.. duh. WTF does that matter?
Well... duh - Chrome does work out of the box. When my company buys a new PC probably the better part of an hour or two of effort goes into setting it up BEFORE it gets to the end user. The end user ends up fiddling with it for a day or two to get it set up the way they want it. With Chrome the PC can be deployed directly (unless they really want provisioning - that takes one login and 30 seconds), and the user's settings are all in the cloud so they spend no time fiddling with it setting it up unless it is the first time they've ever used the account.
and periodically deal with issues that crop up.
So?
So, dealing with issues costs time and money. The employee is unproductive while waiting for support to show up, and then the support team costs quite a bit. If you're a small business owner you probably don't have somebody on staff, and if you do you'd rather not have them on staff.
Now, I'll admit that the configure your printers bit is a double-edge sword on Chrome - you don't have to do that as part of provisioning a new device with Chrome, but instead you have to somehow Cloudprint-enable your printers, which isn't trivially done these days unless you leave a PC on all the time running Chrome on Windows. Like I said - they clearly haven't gone all-in on it.
What you call "not going all-in" I call a fundamental limitation of the technology. There are just many many you can't easily do within the confines of a web browser. Google is already pushing hard on the limits of the modern web browser. The technology just isn't designed to do what they want it to do.
The browser has relatively little to do with cloud print - most of the issues are between a server in the cloud and the local printer. The browser just sends the data to be printed to the server - and that part works fine. The problem is that there isn't yet an install base of local printers that connect to the server to look for jobs, or an easy to install device (other than a windows PC) to connect legacy printers.
The only Google service I could ever really recommend most companies go to is Gmail. Managing mail servers is a headache and there's not a whole lot to be gained by running your own.
Well, once upon a time that wasn't true. Google is just looking to extend that paradigm. In the past the time wasn't right - the question is whether that has changed...
Your calculations are way off as you don't know in advance where the one capital letter will be, so you are still stuck with all possibilities.
If the password is n characters long, then the capital letter could be in one of n positions. So, the number of possibilities is n*26^n. Basically you take each 8-char lowercase password and then you capitalize each of the 8 letters in turn.
Or you could look at it this way - you have n-1 chars lowercase, which is 26^(n-1). Then you have 26 possible uppercase chars in any of n positions, or 26*n. So, you get 26*n*26^(n-1), which is just another way of saying n*26^n.
As far as your arguments about making the passwords harder to brute force go, clearly that is just good sense. That doesn't change how the time to brute force scales with n, but just the base time per try, and salting also prevents you from being able to divide the time per password by the number of passwords in the database.
Either that or they can't see past the browser. Maybe they're just short sighted and don't really get how people use computers.
Well, to me it seems more that they are trying to change how people use their computers.
Limiting the ability to run arbitrary X11 apps greatly cuts down on the number of possible exploits possible.
In theory, maybe, but in practice it doesn't matter. Especially with the kind of strict package management using signatures that Linux uses.
I'm not aware of any common desktop distro that: 1. Detects any rootkit install and refuses to boot. 2. Keeps all executables on a read-only partition making that rootkit almost impossible to install anyway.
Sure, some of this is possible with some combination of trusted Grub and SELinux. However, again no distro I'm aware of does this and most linux software would need heavy patching/repackaging to work in a heavily managed environment (say where it can't read/write arbitrary files in $HOME or whatever). Package manager signatures only ensure that known-good copies of software gets installed by the package manager. They don't keep users from inadvertently installing/running arbitrary code. They usually don't detect modifications to files after installation either.
Or you setup some sync/backup of important files. You can even sync you files to the "cloud" automatically. This is a problem that is largely solved. I know Apple makes backup dead simple. Also, if you really do have a bazillion files, you probably have them between many different applications. Which means they're spread out amongst many different services on the "cloud." That makes it difficult to search, track, and transfer files between apps/services. Say I have my pictures on one service, but I want to try a different one to edit them... kind of a pain to download them locally and then import into something else. Better to have a central store for files.
I'll agree with your points here to an extent. The average user does not backup their PC at all, and when they do they almost never use offsite backups. Sure, there are services like Carbonite and all that. If you use them then you're very unlikely to ever lose data (though you still need to deal with antivirus/malware/etc). I do agree that cloud solutions have a tendency to partition your data - I have mixed feelings about that.
Except that nearly all web based apps pale in comparison to desktop equivilents particular when it comes to business use....Maybe 9 of 10 of Office users dont' need any modern spreadsheet features, but there's always that 1. ANd basically that one power user is going to define what the whole office needs. That's how MS Office got where it is now. Most people don't use a quarter of the poential of MS Office, but somebody does.
I'll agree that cloud solutions right now are weak compared to professional-level desktop solutions. I suspect that we'll see that improve if the concept takes off. I think that the issue here is that Google is dabbling with the concept but hasn't gone all-in.
The issue you bring up about the power user dictating the requirements is a cultural one. A solution is to simply use Google Docs for the 95% of things it works for, and just upload.xls files and edit them in Excel for the other 5% or whatever. Obviously a key driver here is whether we're talking 5% or 25%, and so on. A typical corporation may own tractor trailers, but I doubt they issue them to their sales force as company cars. At some point you need to avoid tailoring solutions to the 1%. I think that the atmosphere in a lot of companies is a lot more conducive to that.
Chrome OS doesn't browse the web any better than than Chrome on Windows and it certainly doesn't do more than Windows. So how can it succeed?
Chrome on Windows doesn't work out-of-the-box - you n
Why this push for take it all or nothing for cloud services? Why not lets have your application local, your data local and have synced the data to the cloud? That why you could have the best of the two worlds.
Well, nothing prevents this with html5 - just not many apps are set up that way. However, it is best to have the always-available version be the authoritative one. By always-available I mean available from any computer on the planet and not just available in your living room when your 56k phone line is down (you seem to consider broadband a non-starter).
No your data in the cloud is not protected at all. My data at home is at least protected because it's local in my home. In my home I have a whole bunch of protection, from thieves and from the police. In the cloud you have no rights at all, nothing, none. All you have is a promise by the cloud company that your data is "save". But neither you can sue the company if it's not save nor you have any special rights of privacy.
Ok, when you talk data security, you need to talk about threat models. It seems like your main threat model is Uncle Sam trying to bust your stash or something. Sure, data in the cloud is much easier to seize with a warrant or subpoena. There is no reason that cloud services couldn't be designed to make identifying the owner of data harder, or making it unreadable by the provider. However, I agree that this isn't likely to happen in many cases.
So, if you're dealing with material that the US Government is likely to detect and want to seize then I'll agree that the cloud is a dumb place to put it. I'll go a step further and say that if you're selling drugs Ebay is probably a dumb place to do it. I don't see that killing Ebay's business model.
The threat model I'm more concerned with is hardware failure, or fire. Hardware failure is simply inevitable unless you replace your hardware often. If you do replace hardware often, then it is just fairly likely to happen. Hard drives die. If you don't back them up, you lose everything on them when they die unless you're willing to pay a pretty penny to restore them. If money is no object, you're still down until the recovery outfit restores the data - and if you're concerned with Google Docs downtime (what, hours per year at most?), then having to FedEx drives and wait a few days must be a really big problem for you. Your handy portable hard drive backup is useless if your house burns down. That happens a lot less often, but I imagine that it has a much bigger impact on data than cloud service outages.
Another threat model is theft - unless you encrypt every hard drive you own you're very vulnerable to this. Chrome OS does encrypt the local hard drive automatically - so even novice users benefit.
Sure, in the end you have to trust your cloud provider. As I suggested you can always back up your remote data to mitigate this. In general, however, I'm a lot more confident that my mother is likely to lose her data stored on a local hard drive with a backup drive than Google is.
"and it runs great on cheap hardware. Cheap also means low-power-use so you get 8+ hours out of a charge."
Yeah right. JavaScript and Flash is so cheap to run. That is why this new laptop with runs only a browser have "... estimated at 3.5 hours" of battery.
Uh, my CR-48 gets around 8 hours on a charge. My understanding is that most chrome notebooks are designed to have similar lifetimes. Plus, the really lite footprint of the OS means you just need a modest SSD which is neither expensive nor power-draining. 16GB of storage on a laptop would be limiting, but it is no big deal on a chrome device.
"The device is designed to sync, so when it breaks you can be back up and running with a spare in minutes."
if you have a T1 connection to Google maybe. But with normal DSL with 60kbytes/sec up and 300kbytes/sec down it takes longer then the time I n
In a way I agree with you, but lets just look at the numbers. A password of n characters long of only lower case letters (in English) is 26^n possible combinations. Adding upper case then give 52^n combinations.
The parent's point was that this isn't actually correct. That is only true if ANY or ALL of those characters could be upper case. Well, they could be, but most likely they aren't. Instead it is probably the case that all but one are lower case. So, the number of possibilities isn't 52^n, but rather n*26^n. That is barely larger than 26^n.
Require 8 characters, of which at least one is upper case and one is a number? Ok, users will go with the minimums on both, so you start with 6 lowercase and 1 uppercase letters, which is 7*26^7. Then you throw in a digit. That could go in 8 positions, and could be any of 10 characters, so multiply that number by 80. If you just check a "1" in the last character position then you don't increase the number of combinations at all and you'll probably nail 80% of the passwords anyway.
If I lose my car keys then a true brute force search would have to cover the entire volume of c * the elapsed time since I last saw them. However, I wouldn't start by searching the moons of Jupiter - the kitchen counter is far more likely to yield dividends.
Well, it isn't so much that it doesn't run applications so much as it doesn't run anything but Chrome applications - with a much more limited API. In some sense complaining that it doesn't run Openoffice is like complaining that Ubuntu doesn't run Internet Explorer. That said, if you need to run Internet Explorer for whatever reason neither Ubuntu nor Chrome OS is going to be suitable, and that argument hits Chrome even harder.
Google is basically trying to rethink the entire desktop paradigm. Limiting the ability to run arbitrary X11 apps greatly cuts down on the number of possible exploits possible. Plus, they don't want to make it easy to work with locally-stored files, since the whole point of the device is to not do that except when transferring files to/from a cloud-based service. If you have a bazillion files on the local drive then if you drop the thing you lose them. Indeed, if somebody just walks up to it and flips the developer switch while you're not looking you automatically lose them as well (switching to dev mode does a full profile wipe so that others can't use the now-rooted device to gain access to any locally stored files).
I'm not sure I'd spend $500 on one personally. However, if I had an office of 10 people that needed to do typical office work I'd probably buy them in a heartbeat (assuming they could live with cloud-based apps only). I imagine the typical office with 10 people has no need for full-time IT, and probably pays quite a bit for desktop provisioning, backups, and general maintenance. If they don't, then they're in for a world of hurt if they have a fire or something, or anytime somebody drops a laptop. The concept of Chrome is that you buy IT like you buy phone service or whatever, and if a phone breaks you just go to Walmart to buy a new one.
Agreed, unless they start offering cheap printer servers that just plug into your LAN or whatever, or get printer manufacturers to include cloud print clients. Their solution isn't actually a bad one per-se, but they haven't really executed on it.
I'd argue that the chances of Google Docs being down are much lower than the chances that Aunt Edna forgot to drag-and-drop her files to the remote hard drive and then put it in a safe deposit box within the last six months (if it isn't offsite it isn't secure). Plus, if Google Docs is down chances are the fix is to wait for 20 minutes. If Aunt Edna forgot to back up the last year's worth of files she's SOL.
And, if you don't trust Google you can always download your docs periodically - I do that. They're backed up even if I forget to do this, but then I'm trusting Google. The difference is that I'm just providing an extra layer of redundancy, and not the only layer - and it is all offsite automatically since the primary site is in the cloud somewhere.
Oh, and if you're out and about chances are you still have your smartphone, which means your docs on the cloud are still accessible.
Don't get me wrong, the cloud is not perfect. I'd argue that it is not nearly as secure as a well-run enterprise datacenter. The problem is that few enterprises even have a well-run enterprise datacenter, and almost no consumers do. You and I don't really count.
Sure, I can script sarab and gpg and s3cmd to do nice automatic daily rotating remote backups for relatively little cost. I'd never suggest that my family do the same. Most of the stuff that I do store locally these days is only stored that way because the cloud isn't practical yet (can't run mythtv off the cloud without spending a fortune in bandwidth charges, and so on).
I think you're missing one of the key benefits of Chrome OS - professional-quality device management. That isn't cheap. The difficulty is in convincing the average home user that this is something they need. It probably won't be a hard sell in the corporate world.
Storage certainly is cheap. Backups aren't. Now, the average user addresses this by not making backups.
A computer that can run software is cheap. Keeping malware out isn't. Now, the average user addresses this by simply tolerating malware until the computer becomes inoperable, and then begging for help or taking it to the Geek Squad or whatever, or just getting a new one.
I've heard numerous stories from family members about their headaches when a hard drive crashed. I've had several crash and they haven't had big impacts on me - because I run RAID (yes, I know that isn't a backup in itself). Granted, my hardware isn't enterprise-grade, so often I still need to fiddle a little to get the device to boot again (usually just pulling out the affected drive), but I'm up and running in an hour or so typically without any loss at all. Another hour of fiddling after ordering a replacement and I'm back to full redundancy.
This is what the cloud and Chrome OS is designed to protect users from. A Chrome OS device is always up-to-date (well, we'll see about that in a few years), local data is always encrypted, and remote data is protected by whatever services you use (which inevitably means more protection than the average home user provides). The nature of the device eliminates the need for virus protection, and it runs great on cheap hardware. Cheap also means low-power-use so you get 8+ hours out of a charge. The device is designed to sync, so when it breaks you can be back up and running with a spare in minutes.
I do agree that they need better support for running remote applications. Indeed, if they start providing this I wouldn't be surprised to see more Citrix-based solutions on the web/etc. A Chrome notebook would be the ideal solution for a small business with 10 employees (10 laptops plus a spare in the closet = zero IT overhead). However, that small business with 10 employees probably needs to run at least a few applications that aren't web-based. I know that a bunch of local businesses have moved to Google Apps to simplify their IT overhead. The average slashdotter probably works in some company that is full of programmers/etc or is so large that they have major support organizations. However, the plumber or HVAC contractor who works on your house probably has 3 guys in the office and having to pay somebody to come out every time a computer needs fixing or whatever is a big expense.
Imagine if for an extra $500 you could have bought plumbing for your house that would never need maintenance, or whose maintenance would be a low fixed cost every few years? Unless you are a professional plumber chances are that would be a good deal. It is the same with Chrome OS - the target is people who don't want to fiddle with their computers, but actually need to create documents/etc (as opposed to the consumption-oriented tablet).
Chrome also supports secure boot - I don't believe chromium does (and in any case this requires hardware/firmware-level support as well).
I'm also not sure if chromium OS supports auto-updates.
As far as codecs go - I'm not sure what chromium does/doesn't support. However, many linux distros tend to skirt patents around things like h.264. Often they will not include these codecs, but will make them easy to install from sources where the patent does not apply. Google might be reluctant to do the same since they have deep pockets.
Yes and no. The fact that you can get an android phone from any carrier or vendor makes it hard for anybody to go way overboard on controlling the platform. Ultimately if anybody messes up the consumer experience too much they'll go elsewhere since they have options.
I think their main concern was that they didn't want the iPhone cornering the market. Apple is pretty heavy-handed with controlling the experience there, and if they felt like Google ads or services weren't the ones their customers should be using, Google would be stuck fighting things out in court. By giving consumers options it constrains what everybody else can get away with - why would you buy a phone that limits options you actually care about when other devices don't?
Plus, Chrome and Android are forcing the market to advance. How fast were Javascript interpreters a few years ago? How fast are almost all of them today? Arguably Firefox is a lot faster at rendering Google's pages as a result of Chrome coming out than it would have been if Google merely tried to submit patches for it.
Well, it is also not illegal to speak your mind in public, but that didn't stop the framers from writing the 1st ammendment. There were many opposed to creating the Bill of Rights for the very reason you suggest - enumeration would possibly lead to a default-no situation.
This gets enough abuse that it is probably worth creating a law over. Of course, it will never happen.
I've always wondered whether libraries/etc who would like to protest these kinds of gag orders could easily get around them in this manner:
Every week post a list of library card numbers with the statement "we declare that we've never gotten a request for records for any of these numbers."
Then one week the list change slightly - three numbers are missing from the list, and a new list is started "we can neither confirm nor deny that we've gotten a request for records of any of these numbers."
Or every time you borrow a book the librarian tells you (or prints out on your due date slip) "I can confirm that we've never had to divulge personal information about you in response to a court order." One day the message either changes to "can never confirm or deny" or goes away.
Unless courts want to start issuing gag orders when there ISN'T an investigation this would be pretty hard to defeat. It is basically just a keepalive system where the absence of a message sends the message.
Re:In b4 losers asking why he didn't kill himself
on
Jack Kevorkian Dead at 83
·
· Score: 4, Insightful
Personally, I doubt the motivation of health insurance companies would at all be driven by the ability of patients to kill themselves (which to some extent is an option many already have). At some point insurance companies stop paying for heroic measures anyway, and I doubt that the legal availability would impact that.
Now, the consumer demand for insurance that covers more desperate treatments might very well drop if euthanasia becomes more socially acceptable, and that might impact what insurance companies are willing to cover. That is a bit more indirect than what you are suggesting.
Most people don't realize it, but EVERY insurance company puts a price on life - and that includes national healthcare systems as well. If a $100k procedure would extend your life of an 85 year old quadriplegic by one day no insurance system on this planet would pay the bill. If the same procedure was likely to give a 15 year old a normal healthy lifespan (vs death in a few weeks) chances are most insurance systems would pay it (even private insurance in the US). The basic algorithm looks at how a treatment extends your life and/or improves the quality of your life - the more it does both the more it is allowed to cost. In the end everybody puts a price on life - we just don't like to talk about it.
True, but a trade war will start slowly over time too. If the Chinese float their currency their prices will steadily rise, making it less cost-effective to outsource there. Either work will shift to some other country, or back to the US. I doubt the Chinese will just wake up one day and declare a blockade or something, and the US isn't about to just do something like default on its debt without some kind of warning.
Nobody is going to start a nuclear war over treasury bills. While the people that run China might end up living in slightly less opulence after a trade war, they're far better off than they would be living in a parking lot. Those guys have something to lose.
China doesn't really have the ability to strike at the US conventionally, and the US doesn't need to bomb the Chinese (they're already ahead if they cancel the debt). I'm sure there might be some skirmishes in far-away lands, and a bunch of people will die on both sides. I doubt either country would be seriously affected from actual battle.
However, I don't really think the US has dug itself into quite the hole that people make it out to be. The Chinese gave us a ton of tangible goods, and we gave them a bunch of IOUs. The only real problem from the US standpoint is that we've gotten used to this arrangement. However, if it ever ends we'll just have to make our own goods, and it isn't like we don't know how to do that. The transition could get messy, but for people whose main value is in their ability to work and not their bank accounts it probably won't be a bad deal.
I dunno - at some level money is life. People with money inevitably do better health-wise. What if you spent the money from the kidney on buying healthier food, or paying health insurance premiums, or putting it in your "insurance won't pay for it" savings account?
I doubt I'd ever sell a kidney just for the cash (if it were ever legalized so many people would do it that you wouldn't get much money for it anyway). However, the health vs money tradeoff isn't quite as clear is one might think.
I would imagine that an extradition request for a criminal complaint would have to come from the US Justice Department, perhaps even routed through the State Department. Random individuals can't ask governments to arrest people and ship them overseas. Random individuals can file suit in the other country and then that country can take steps as needed to keep the person there if warranted. In many countries however this would be inconvenient to a multinational - since they would be subject to loser-pays, security of costs, and all kinds of other things that they don't have to deal with in the US. And, of course, they have to convince the other country that they have jurisdiction.
Or, they could just ask South Carolina to pass a law exempting them from collecting sales tax in exchange for building a distribution center there. Then go to the other states where they have distribution centers and tell them to ante up less they find their sites closing.
Amazon can do its business from just about anywhere, so they have a lot of leverage when dealing with state governments. They can also build their distribution centers in areas that are lower income.
Yup, and sites running SSL with valid certificates can host malware just fine. You just know who actually infected you with the malware (if the CA did their job well).
Uh, I believe all apks are digitally signed - certainly the ones from the market are. All a signature tells you is that whoever owns the key created the software. The signature in itself doesn't tell you own owns the key, and whether they stuck nasty stuff in their software. A certificate backed by a CA can help tell you who owns the key, but not whether they stuck nasty stuff in their software. If the CA does their job well enough it can make it easier to trace down who stole your money after the fact.
Like many a company before them, they realized that their name alone was their most important asset. Some senior executive decided to save a few bucks by capitalizing on that name. The shareholders lose out, but the people who made those decisions have long ago collected their bonuses.
Yup. What is the average passenger going to think when they see a guy go through the "high risk" line and end up sitting next to them on the plane? If they sneeze everybody around them will be yelling for an air marshal.
It would seem smarter to me to keep things uniform so that it isn't subject to the risks of reverse engineering your profiling technique. Just have a bunch of parallel tunnels and everybody gets the full treatment.
If they just figure out how to screen people without making them remove their shoes and empty their pockets that would get rid of 95% of the wait right there.
$100k is something like $1k/month for 30 years. You could fly first class to Europe a few times a year for those kinds of costs. That is an awful lot to spend just to avoid lines. Plus, 95% of the time your plane is sitting in a hanger depreciating. Plus, that $100k plane looks like it seats 1-2, and carries about 850 lbs, of which up to 350 lbs is fuel. That is 500lbs for payload, which isn't much room for luggage (a fair bit if you're alone, and you'll be happy to just get off the ground with two).
A more realistic option is a flying club or such. Ordinary rentals are not much of an option for actual transportation - you might be able to fly for $100/hour, but when you're done they are going to want the plane back, not sitting in some other airport for a week while you're on vacation.
A flying club typically costs maybe $20k or so to join (still quite a bit of cash, but something a bit more manageable), and it still costs quite a bit to fly (what, probably $80/hr or something?). At best the operational cost will about break even with an airline, and then you're paying your loan on the $20k on top of that. Your ability to book that plane for a week or two is going to depend on the club and the days you travel - the more the club is able to have planes available the more they're going to end up having to charge up-front anyway.
Once the kids are independent and I have more spending money I'd probably pursue a pilots license and instrument rating - more for the fun than anything else. However, most affordable aircraft are simply not capable of taking a family of four (or even two) on vacation or whatever. You're going to need a twin engine for that, and the cost goes way up.
I'll agree that cloud solutions right now are weak compared to professional-level desktop solutions. I suspect that we'll see that improve if the concept takes off. I think that the issue here is that Google is dabbling with the concept but hasn't gone all-in.
Not just professional level desktop solutions. I would say that we apps are not even up to consumer level standards. What it comes down to is that the web is just not designed to support that kind of applications that people are trying to build. HTML5 will help, but I think it will still be quite limited. For one thing, the browser is a big sandbox for security reasons. You cannot utilize local hardware and applications can't talk to each other like they can on desktops.
Sure browser-based apps can interact. If you'd like your Facebook page to interact with your Gmail page then Facebook merely needs to make a connection to the Gmail servers on the SERVER side to implement the interaction. What is missing is some way to make this more standard so that we're not talking about a bazillion point-to-point links without a common standard. How does app A know that it might be able to share data with app B?
As you point out that brower runs in a sandbox for security reasons. Google's concept is that EVERYTHING should run in a sandbox - they've done it now with both Android and Chrome. The default permissive desktop OS paradigm is why we have tons of malware, and something like 25% of all windows PCs are infected with it.
Chrome on Windows doesn't work out-of-the-box - you need to install it first,
WEll.. duh. WTF does that matter?
Well... duh - Chrome does work out of the box. When my company buys a new PC probably the better part of an hour or two of effort goes into setting it up BEFORE it gets to the end user. The end user ends up fiddling with it for a day or two to get it set up the way they want it. With Chrome the PC can be deployed directly (unless they really want provisioning - that takes one login and 30 seconds), and the user's settings are all in the cloud so they spend no time fiddling with it setting it up unless it is the first time they've ever used the account.
and periodically deal with issues that crop up.
So?
So, dealing with issues costs time and money. The employee is unproductive while waiting for support to show up, and then the support team costs quite a bit. If you're a small business owner you probably don't have somebody on staff, and if you do you'd rather not have them on staff.
Now, I'll admit that the configure your printers bit is a double-edge sword on Chrome - you don't have to do that as part of provisioning a new device with Chrome, but instead you have to somehow Cloudprint-enable your printers, which isn't trivially done these days unless you leave a PC on all the time running Chrome on Windows. Like I said - they clearly haven't gone all-in on it.
What you call "not going all-in" I call a fundamental limitation of the technology. There are just many many you can't easily do within the confines of a web browser. Google is already pushing hard on the limits of the modern web browser. The technology just isn't designed to do what they want it to do.
The browser has relatively little to do with cloud print - most of the issues are between a server in the cloud and the local printer. The browser just sends the data to be printed to the server - and that part works fine. The problem is that there isn't yet an install base of local printers that connect to the server to look for jobs, or an easy to install device (other than a windows PC) to connect legacy printers.
The only Google service I could ever really recommend most companies go to is Gmail. Managing mail servers is a headache and there's not a whole lot to be gained by running your own.
Well, once upon a time that wasn't true. Google is just looking to extend that paradigm. In the past the time wasn't right - the question is whether that has changed...
Your calculations are way off as you don't know in advance where the one capital letter will be, so you are still stuck with all possibilities.
If the password is n characters long, then the capital letter could be in one of n positions. So, the number of possibilities is n*26^n. Basically you take each 8-char lowercase password and then you capitalize each of the 8 letters in turn.
Or you could look at it this way - you have n-1 chars lowercase, which is 26^(n-1). Then you have 26 possible uppercase chars in any of n positions, or 26*n. So, you get 26*n*26^(n-1), which is just another way of saying n*26^n.
As far as your arguments about making the passwords harder to brute force go, clearly that is just good sense. That doesn't change how the time to brute force scales with n, but just the base time per try, and salting also prevents you from being able to divide the time per password by the number of passwords in the database.
Either that or they can't see past the browser. Maybe they're just short sighted and don't really get how people use computers.
Well, to me it seems more that they are trying to change how people use their computers.
Limiting the ability to run arbitrary X11 apps greatly cuts down on the number of possible exploits possible.
In theory, maybe, but in practice it doesn't matter. Especially with the kind of strict package management using signatures that Linux uses.
I'm not aware of any common desktop distro that:
1. Detects any rootkit install and refuses to boot.
2. Keeps all executables on a read-only partition making that rootkit almost impossible to install anyway.
Sure, some of this is possible with some combination of trusted Grub and SELinux. However, again no distro I'm aware of does this and most linux software would need heavy patching/repackaging to work in a heavily managed environment (say where it can't read/write arbitrary files in $HOME or whatever). Package manager signatures only ensure that known-good copies of software gets installed by the package manager. They don't keep users from inadvertently installing/running arbitrary code. They usually don't detect modifications to files after installation either.
Or you setup some sync/backup of important files. You can even sync you files to the "cloud" automatically. This is a problem that is largely solved. I know Apple makes backup dead simple. Also, if you really do have a bazillion files, you probably have them between many different applications. Which means they're spread out amongst many different services on the "cloud." That makes it difficult to search, track, and transfer files between apps/services. Say I have my pictures on one service, but I want to try a different one to edit them... kind of a pain to download them locally and then import into something else. Better to have a central store for files.
I'll agree with your points here to an extent. The average user does not backup their PC at all, and when they do they almost never use offsite backups. Sure, there are services like Carbonite and all that. If you use them then you're very unlikely to ever lose data (though you still need to deal with antivirus/malware/etc). I do agree that cloud solutions have a tendency to partition your data - I have mixed feelings about that.
Except that nearly all web based apps pale in comparison to desktop equivilents particular when it comes to business use....Maybe 9 of 10 of Office users dont' need any modern spreadsheet features, but there's always that 1. ANd basically that one power user is going to define what the whole office needs. That's how MS Office got where it is now. Most people don't use a quarter of the poential of MS Office, but somebody does.
I'll agree that cloud solutions right now are weak compared to professional-level desktop solutions. I suspect that we'll see that improve if the concept takes off. I think that the issue here is that Google is dabbling with the concept but hasn't gone all-in.
The issue you bring up about the power user dictating the requirements is a cultural one. A solution is to simply use Google Docs for the 95% of things it works for, and just upload .xls files and edit them in Excel for the other 5% or whatever. Obviously a key driver here is whether we're talking 5% or 25%, and so on. A typical corporation may own tractor trailers, but I doubt they issue them to their sales force as company cars. At some point you need to avoid tailoring solutions to the 1%. I think that the atmosphere in a lot of companies is a lot more conducive to that.
Chrome OS doesn't browse the web any better than than Chrome on Windows and it certainly doesn't do more than Windows. So how can it succeed?
Chrome on Windows doesn't work out-of-the-box - you n
Why this push for take it all or nothing for cloud services? Why not lets have your application local, your data local and have synced the data to the cloud? That why you could have the best of the two worlds.
Well, nothing prevents this with html5 - just not many apps are set up that way. However, it is best to have the always-available version be the authoritative one. By always-available I mean available from any computer on the planet and not just available in your living room when your 56k phone line is down (you seem to consider broadband a non-starter).
No your data in the cloud is not protected at all. My data at home is at least protected because it's local in my home. In my home I have a whole bunch of protection, from thieves and from the police. In the cloud you have no rights at all, nothing, none. All you have is a promise by the cloud company that your data is "save". But neither you can sue the company if it's not save nor you have any special rights of privacy.
Ok, when you talk data security, you need to talk about threat models. It seems like your main threat model is Uncle Sam trying to bust your stash or something. Sure, data in the cloud is much easier to seize with a warrant or subpoena. There is no reason that cloud services couldn't be designed to make identifying the owner of data harder, or making it unreadable by the provider. However, I agree that this isn't likely to happen in many cases.
So, if you're dealing with material that the US Government is likely to detect and want to seize then I'll agree that the cloud is a dumb place to put it. I'll go a step further and say that if you're selling drugs Ebay is probably a dumb place to do it. I don't see that killing Ebay's business model.
The threat model I'm more concerned with is hardware failure, or fire. Hardware failure is simply inevitable unless you replace your hardware often. If you do replace hardware often, then it is just fairly likely to happen. Hard drives die. If you don't back them up, you lose everything on them when they die unless you're willing to pay a pretty penny to restore them. If money is no object, you're still down until the recovery outfit restores the data - and if you're concerned with Google Docs downtime (what, hours per year at most?), then having to FedEx drives and wait a few days must be a really big problem for you. Your handy portable hard drive backup is useless if your house burns down. That happens a lot less often, but I imagine that it has a much bigger impact on data than cloud service outages.
Another threat model is theft - unless you encrypt every hard drive you own you're very vulnerable to this. Chrome OS does encrypt the local hard drive automatically - so even novice users benefit.
Sure, in the end you have to trust your cloud provider. As I suggested you can always back up your remote data to mitigate this. In general, however, I'm a lot more confident that my mother is likely to lose her data stored on a local hard drive with a backup drive than Google is.
"and it runs great on cheap hardware. Cheap also means low-power-use so you get 8+ hours out of a charge."
Yeah right. JavaScript and Flash is so cheap to run. That is why this new laptop with runs only a browser have "... estimated at 3.5 hours" of battery.
Uh, my CR-48 gets around 8 hours on a charge. My understanding is that most chrome notebooks are designed to have similar lifetimes. Plus, the really lite footprint of the OS means you just need a modest SSD which is neither expensive nor power-draining. 16GB of storage on a laptop would be limiting, but it is no big deal on a chrome device.
"The device is designed to sync, so when it breaks you can be back up and running with a spare in minutes."
if you have a T1 connection to Google maybe. But with normal DSL with 60kbytes/sec up and 300kbytes/sec down it takes longer then the time I n
In a way I agree with you, but lets just look at the numbers. A password of n characters long of only lower case letters (in English) is 26^n possible combinations. Adding upper case then give 52^n combinations.
The parent's point was that this isn't actually correct. That is only true if ANY or ALL of those characters could be upper case. Well, they could be, but most likely they aren't. Instead it is probably the case that all but one are lower case. So, the number of possibilities isn't 52^n, but rather n*26^n. That is barely larger than 26^n.
Require 8 characters, of which at least one is upper case and one is a number? Ok, users will go with the minimums on both, so you start with 6 lowercase and 1 uppercase letters, which is 7*26^7. Then you throw in a digit. That could go in 8 positions, and could be any of 10 characters, so multiply that number by 80. If you just check a "1" in the last character position then you don't increase the number of combinations at all and you'll probably nail 80% of the passwords anyway.
If I lose my car keys then a true brute force search would have to cover the entire volume of c * the elapsed time since I last saw them. However, I wouldn't start by searching the moons of Jupiter - the kitchen counter is far more likely to yield dividends.
That's the price admins pay for using passwords to authenticate users. It will only get better once it gets sufficiently worse. :)
Well, it isn't so much that it doesn't run applications so much as it doesn't run anything but Chrome applications - with a much more limited API. In some sense complaining that it doesn't run Openoffice is like complaining that Ubuntu doesn't run Internet Explorer. That said, if you need to run Internet Explorer for whatever reason neither Ubuntu nor Chrome OS is going to be suitable, and that argument hits Chrome even harder.
Google is basically trying to rethink the entire desktop paradigm. Limiting the ability to run arbitrary X11 apps greatly cuts down on the number of possible exploits possible. Plus, they don't want to make it easy to work with locally-stored files, since the whole point of the device is to not do that except when transferring files to/from a cloud-based service. If you have a bazillion files on the local drive then if you drop the thing you lose them. Indeed, if somebody just walks up to it and flips the developer switch while you're not looking you automatically lose them as well (switching to dev mode does a full profile wipe so that others can't use the now-rooted device to gain access to any locally stored files).
I'm not sure I'd spend $500 on one personally. However, if I had an office of 10 people that needed to do typical office work I'd probably buy them in a heartbeat (assuming they could live with cloud-based apps only). I imagine the typical office with 10 people has no need for full-time IT, and probably pays quite a bit for desktop provisioning, backups, and general maintenance. If they don't, then they're in for a world of hurt if they have a fire or something, or anytime somebody drops a laptop. The concept of Chrome is that you buy IT like you buy phone service or whatever, and if a phone breaks you just go to Walmart to buy a new one.
Agreed, unless they start offering cheap printer servers that just plug into your LAN or whatever, or get printer manufacturers to include cloud print clients. Their solution isn't actually a bad one per-se, but they haven't really executed on it.
I'd argue that the chances of Google Docs being down are much lower than the chances that Aunt Edna forgot to drag-and-drop her files to the remote hard drive and then put it in a safe deposit box within the last six months (if it isn't offsite it isn't secure). Plus, if Google Docs is down chances are the fix is to wait for 20 minutes. If Aunt Edna forgot to back up the last year's worth of files she's SOL.
And, if you don't trust Google you can always download your docs periodically - I do that. They're backed up even if I forget to do this, but then I'm trusting Google. The difference is that I'm just providing an extra layer of redundancy, and not the only layer - and it is all offsite automatically since the primary site is in the cloud somewhere.
Oh, and if you're out and about chances are you still have your smartphone, which means your docs on the cloud are still accessible.
Don't get me wrong, the cloud is not perfect. I'd argue that it is not nearly as secure as a well-run enterprise datacenter. The problem is that few enterprises even have a well-run enterprise datacenter, and almost no consumers do. You and I don't really count.
Sure, I can script sarab and gpg and s3cmd to do nice automatic daily rotating remote backups for relatively little cost. I'd never suggest that my family do the same. Most of the stuff that I do store locally these days is only stored that way because the cloud isn't practical yet (can't run mythtv off the cloud without spending a fortune in bandwidth charges, and so on).
I think you're missing one of the key benefits of Chrome OS - professional-quality device management. That isn't cheap. The difficulty is in convincing the average home user that this is something they need. It probably won't be a hard sell in the corporate world.
Storage certainly is cheap. Backups aren't. Now, the average user addresses this by not making backups.
A computer that can run software is cheap. Keeping malware out isn't. Now, the average user addresses this by simply tolerating malware until the computer becomes inoperable, and then begging for help or taking it to the Geek Squad or whatever, or just getting a new one.
I've heard numerous stories from family members about their headaches when a hard drive crashed. I've had several crash and they haven't had big impacts on me - because I run RAID (yes, I know that isn't a backup in itself). Granted, my hardware isn't enterprise-grade, so often I still need to fiddle a little to get the device to boot again (usually just pulling out the affected drive), but I'm up and running in an hour or so typically without any loss at all. Another hour of fiddling after ordering a replacement and I'm back to full redundancy.
This is what the cloud and Chrome OS is designed to protect users from. A Chrome OS device is always up-to-date (well, we'll see about that in a few years), local data is always encrypted, and remote data is protected by whatever services you use (which inevitably means more protection than the average home user provides). The nature of the device eliminates the need for virus protection, and it runs great on cheap hardware. Cheap also means low-power-use so you get 8+ hours out of a charge. The device is designed to sync, so when it breaks you can be back up and running with a spare in minutes.
I do agree that they need better support for running remote applications. Indeed, if they start providing this I wouldn't be surprised to see more Citrix-based solutions on the web/etc. A Chrome notebook would be the ideal solution for a small business with 10 employees (10 laptops plus a spare in the closet = zero IT overhead). However, that small business with 10 employees probably needs to run at least a few applications that aren't web-based. I know that a bunch of local businesses have moved to Google Apps to simplify their IT overhead. The average slashdotter probably works in some company that is full of programmers/etc or is so large that they have major support organizations. However, the plumber or HVAC contractor who works on your house probably has 3 guys in the office and having to pay somebody to come out every time a computer needs fixing or whatever is a big expense.
Imagine if for an extra $500 you could have bought plumbing for your house that would never need maintenance, or whose maintenance would be a low fixed cost every few years? Unless you are a professional plumber chances are that would be a good deal. It is the same with Chrome OS - the target is people who don't want to fiddle with their computers, but actually need to create documents/etc (as opposed to the consumption-oriented tablet).
Chrome also supports secure boot - I don't believe chromium does (and in any case this requires hardware/firmware-level support as well).
I'm also not sure if chromium OS supports auto-updates.
As far as codecs go - I'm not sure what chromium does/doesn't support. However, many linux distros tend to skirt patents around things like h.264. Often they will not include these codecs, but will make them easy to install from sources where the patent does not apply. Google might be reluctant to do the same since they have deep pockets.
Yes and no. The fact that you can get an android phone from any carrier or vendor makes it hard for anybody to go way overboard on controlling the platform. Ultimately if anybody messes up the consumer experience too much they'll go elsewhere since they have options.
I think their main concern was that they didn't want the iPhone cornering the market. Apple is pretty heavy-handed with controlling the experience there, and if they felt like Google ads or services weren't the ones their customers should be using, Google would be stuck fighting things out in court. By giving consumers options it constrains what everybody else can get away with - why would you buy a phone that limits options you actually care about when other devices don't?
Plus, Chrome and Android are forcing the market to advance. How fast were Javascript interpreters a few years ago? How fast are almost all of them today? Arguably Firefox is a lot faster at rendering Google's pages as a result of Chrome coming out than it would have been if Google merely tried to submit patches for it.
Competition keeps everybody honest.
Well, it is also not illegal to speak your mind in public, but that didn't stop the framers from writing the 1st ammendment. There were many opposed to creating the Bill of Rights for the very reason you suggest - enumeration would possibly lead to a default-no situation.
This gets enough abuse that it is probably worth creating a law over. Of course, it will never happen.
I've always wondered whether libraries/etc who would like to protest these kinds of gag orders could easily get around them in this manner:
Every week post a list of library card numbers with the statement "we declare that we've never gotten a request for records for any of these numbers."
Then one week the list change slightly - three numbers are missing from the list, and a new list is started "we can neither confirm nor deny that we've gotten a request for records of any of these numbers."
Or every time you borrow a book the librarian tells you (or prints out on your due date slip) "I can confirm that we've never had to divulge personal information about you in response to a court order." One day the message either changes to "can never confirm or deny" or goes away.
Unless courts want to start issuing gag orders when there ISN'T an investigation this would be pretty hard to defeat. It is basically just a keepalive system where the absence of a message sends the message.
Personally, I doubt the motivation of health insurance companies would at all be driven by the ability of patients to kill themselves (which to some extent is an option many already have). At some point insurance companies stop paying for heroic measures anyway, and I doubt that the legal availability would impact that.
Now, the consumer demand for insurance that covers more desperate treatments might very well drop if euthanasia becomes more socially acceptable, and that might impact what insurance companies are willing to cover. That is a bit more indirect than what you are suggesting.
Most people don't realize it, but EVERY insurance company puts a price on life - and that includes national healthcare systems as well. If a $100k procedure would extend your life of an 85 year old quadriplegic by one day no insurance system on this planet would pay the bill. If the same procedure was likely to give a 15 year old a normal healthy lifespan (vs death in a few weeks) chances are most insurance systems would pay it (even private insurance in the US). The basic algorithm looks at how a treatment extends your life and/or improves the quality of your life - the more it does both the more it is allowed to cost. In the end everybody puts a price on life - we just don't like to talk about it.
True, but a trade war will start slowly over time too. If the Chinese float their currency their prices will steadily rise, making it less cost-effective to outsource there. Either work will shift to some other country, or back to the US. I doubt the Chinese will just wake up one day and declare a blockade or something, and the US isn't about to just do something like default on its debt without some kind of warning.
Nobody is going to start a nuclear war over treasury bills. While the people that run China might end up living in slightly less opulence after a trade war, they're far better off than they would be living in a parking lot. Those guys have something to lose.
China doesn't really have the ability to strike at the US conventionally, and the US doesn't need to bomb the Chinese (they're already ahead if they cancel the debt). I'm sure there might be some skirmishes in far-away lands, and a bunch of people will die on both sides. I doubt either country would be seriously affected from actual battle.
However, I don't really think the US has dug itself into quite the hole that people make it out to be. The Chinese gave us a ton of tangible goods, and we gave them a bunch of IOUs. The only real problem from the US standpoint is that we've gotten used to this arrangement. However, if it ever ends we'll just have to make our own goods, and it isn't like we don't know how to do that. The transition could get messy, but for people whose main value is in their ability to work and not their bank accounts it probably won't be a bad deal.
I dunno - at some level money is life. People with money inevitably do better health-wise. What if you spent the money from the kidney on buying healthier food, or paying health insurance premiums, or putting it in your "insurance won't pay for it" savings account?
I doubt I'd ever sell a kidney just for the cash (if it were ever legalized so many people would do it that you wouldn't get much money for it anyway). However, the health vs money tradeoff isn't quite as clear is one might think.
I would imagine that an extradition request for a criminal complaint would have to come from the US Justice Department, perhaps even routed through the State Department. Random individuals can't ask governments to arrest people and ship them overseas. Random individuals can file suit in the other country and then that country can take steps as needed to keep the person there if warranted. In many countries however this would be inconvenient to a multinational - since they would be subject to loser-pays, security of costs, and all kinds of other things that they don't have to deal with in the US. And, of course, they have to convince the other country that they have jurisdiction.
Or, they could just ask South Carolina to pass a law exempting them from collecting sales tax in exchange for building a distribution center there. Then go to the other states where they have distribution centers and tell them to ante up less they find their sites closing.
Amazon can do its business from just about anywhere, so they have a lot of leverage when dealing with state governments. They can also build their distribution centers in areas that are lower income.
Yup, and sites running SSL with valid certificates can host malware just fine. You just know who actually infected you with the malware (if the CA did their job well).
Uh, I believe all apks are digitally signed - certainly the ones from the market are. All a signature tells you is that whoever owns the key created the software. The signature in itself doesn't tell you own owns the key, and whether they stuck nasty stuff in their software. A certificate backed by a CA can help tell you who owns the key, but not whether they stuck nasty stuff in their software. If the CA does their job well enough it can make it easier to trace down who stole your money after the fact.