True, but the point the GP is making is that such wealth status is a choice. It's a choice that's a good idea regardless of your career field.

This gets to the heart of the matter; it's all a question of perceptions/feelings. Perhaps it's because of something in Google's original ads and videos about Glass, or something else, but people perceive the main purpose of Glass to be video recording and assume that anyone wearing one is recording them, while they don't think the same thing of phones with cameras. Even though phones are actually better video recording devices, and almost as easy to record with covertly.

(Disclaimer: Because some AC thought I should mention it, I am a Google employee. I don't work on Glass, and don't speak for Google, though. This is only my own personal opinions. I've only used Glass a handful of times myself, though I've frequently been around other people wearing one.)

When I say something that may be construed as defending Google, I do post a disclaimer. I didn't think this qualified.

And, yes, I'm pretty happy with my compensation :-)

Where Muslims dominate government, law becomes Sharia sooner or later. That is not a world in which you and I will be permitted to believe whatever we want to believe, and if we insist upon it, one in which we will not be permitted to exist.

Perhaps you missed the bit of history where Spain was controlled by Muslims for nearly eight hundred years with Jews and Christians living freely and being left to practice their own religion, and then they were kicked out and the Christian leaders that replaced them forced the Jews out under penalty of death if they did not convert or leave?

Even if we assume that for every active terrorist there is 100 people supporting them (a high estimate, but not outside the realm of possibility at all), we're still talking about only hundreds of people.

Well, official estimates say that some 1,200+ people have left France to join jihadist groups in Iraq and Syria so I'd say your estimates are quite low in how many support the terrorists ideals, 1,200 people have been so enraptured by the same ideals that they have left their homeland to take up arms in a distant country, how many more must there be that support them but haven't been so moved yet as to actually take physical action? I think the problem is much, much larger than your musing imply, and it's something that needs to be talked about and dealt with. Is every muslim in the west a terrorist? No, of course not. Have the majority of terrorist attacks against the west in the last 2 decades been perpetrated by extremist muslims, yes.

That is the perception, but it's really not true. It's quite easy to record video while pretending to be texting, or something.

It will also be limited by not wanting to reveal that they have the capability. Per a former-NSA colleague of mine, that is often the more stringent restriction.

I'm fairly certain there aren't any in the Nexus 6 or Nexus 9 low-level boot or hardware security code. However, there certainly could be in firmware blobs. Those run in non-secure mode, but all your data is also accessible from non-secure mode.

That said, the Android security team pays pretty close attention to exploits in the wild, so if there were something like that being exploited on a large scale, I think we'd know. Exploits that are used only for so-called "targeted persistent attacks", whether by criminal organizations or government agencies are a different story, of course, but those simply aren't relevant to most people.

Sure, that's why I said "the next option is to exploit some defect...".

Another fine place for a back door, though, and still not that unlikely that a flaw will exist there. The critical code paths should be sufficiently short that it's worth disassembling them.

You seem to be restating what I just said :-)

Keep what secrets from whom? If the NSA is really your adversary and they're specifically targeting you, you're simply screwed. Seriously, give up now. My goal is to ensure that your device is secure against (a) remote network exploits, (b) locally-installed software and (c) hardware attacks of moderate sophistication. (c) definitely includes "I lost my device and some clueful hardware engineer found it".

Assuming you're running up-to-date software (yeah, much easier said than done, I know), haven't done anything yourself to compromise the Android security model (e.g. running around with an unlocked bootloader) and have a reasonably-good password and an encrypted file system, I give you high odds of being perfectly safe against (a), (b) and (c).

There is NO software vendor that offers longer support than MS for free, not one. There are only a handful of products that even offer a supported lifetime longer than 10 years which is the MS standard, and of those the longest other than IBM's mainframe OS is 12 years. This isn't about extortion, it's about the realities of the software industry and the inability of companies to profitably support the very longest of long tails.

Just like with the AC unit, the vendor isn't telling you you may no longer use the product, they're merely telling you they will no longer offer support for it, if XP continues to work for you, then that's fine keep running it, but it won't be updated by MS just like the manufacturer will no longer offer warranty extensions or out of warranty repair parts (although for at least 3 more years MS will support 2003 if you sign a custom agreement and pay them high 6 to mid 7 figure annual support contracts). I've seen CNC machines running MSDOS in the early 2000's, many many years after MS stopped supporting the OS, so it's not like the software just dies at the EOS date.

Imagine if you would, you have an air conditioner on top of your building. Costs a million or so dollars. Then you get a call from the company you bought it from telling you you need to buy a new air conditioner. You ask why, and they tell you its at "end of life for support"

Happens all the time, if you can't get a new compressor or control board and there are none available on the secondary market you have to scramble to find a correctly sized replacement and get a crane in to do the swap to the newer unit. We had that happen with our 15 year old building here at our HQ, luckily our roof units were installed in redundant pairs so it was without the mad scramble for a replacement unit, but we had to replace a relatively young AC unit because parts were no longer available from the manufacturer.

We're fairly similar, our counts are 100x 2003 boxes (almost all ready to be retired, only about 20% really have to have projects in the next 6 months to move their functions to new boxes), 304x 2008/2008R2, and 31x 2012/2012R2. Almost all of the 2012 boxes are MS stack functions, most third party vendors either don't have it certified or only on the edition released in the last few months. We actually just started our first LOB app install on 2012R2 yesterday =)

Actually, since it's closely related to my day job (Android hardware-backed crypto), I have quite deep knowledge of exactly how true it is or is not.

Subverting it requires subverting the bootloader sequence, which starts with code in on-SoC ROM, which is nearly impossible to modify, and I add the "nearly" only because nothing is impossible; I sincerely doubt that any agency is able to modify silicon without destroying the CPU and I'm quite certain that if anyone can it's a very closely-held, and therefore rarely-used, secret. Supposing the initial bootloader can't be subverted, subverting later bootloaders (which are stored in flash) is also difficult, since they're signed and signatures are verified by the hard-to-subvert boot ROM. There are two obvious ways: break the cryptographic signing, or obtain the signing key. There's no doubt that intelligence services could do the latter. It's unlikely that they would share the signing key, or the subverted signed code, with law enforcement since doing so would make their ability known. It's unlikely in the extreme that criminals would obtain either the key or the subverted signed code. I'll dismiss the notion that someone can break the crypto directly.

The next option is to exploit some defect in the implementation of the bootloaders and/or fastboot (or in the case of intelligence agencies, even to implant a defect to be exploited). This is probably the best avenue of attack, but it's not easy because the code in question is relatively small, and should be closely scrutinized. Most of it is not open source, though, so scrutiny is limited. This is an avenue law enforcement and criminals could use, if there are exploitable defects. If there are any such defects in any Android devices, I don't know of them, and if they were in any sort of widespread use, I would. If such exploits exist, they're being held close by criminals (for TPT-style attacks) and not being used by LE or intelligence agencies in any context which might reveal them publicly... such as in court.

The final option is to ignore all of the above and simply attack the hardware. Remove the flash chips and install them in a custom device which reads out their contents. This threat is what device encryption exists to mitigate. Pre-Lollipop, the strength of FDE depended entirely on the strength of the user's password. In Lollipop it was strengthened with the use (where available) of a key bound to the device SoC.

I'm in a military.

Starfleet - especially the Starfleet of ST2 - is *unquestionably* a military.

Gene said a lot of things, but trek grew well beyond his initial creation and took on a life of its own. You can't argue using dogma.

Commodore BASIC, Turbo Pascal, M6800 Assembly (wonderful!), 8088 Assembly (horrible!), C, SQL, M68k Assembly, AREXX, perl, sh, Javascript, Java, php. I've dabbled in others (I can crank out a VB macro if need be), but those are my core fluencies.

The assembly was very useful in learning how the CPU actually works, and proved very useful for understanding industrial/microcontroller stuff later on, but with CPUs these days being vastly more complex than an 8088 or an M6800, I don't know if it could be dumbed down enough. Perhaps on a virtual machine or something?

Turbo Pascal was an absolutely brilliant language to learn on, and it is a shame Pascal seems to have fallen out of favour. It was powerful enough to write workable programs on, but simple enough to keep a new student from wandering off the cliff edge.

If I was teaching, I'd use perl:

- perl supports multiple syntaxes so you can teach the simple stuff in a straightforward manner
- The fact that it identifies variables and in which context they are being used is a brilliant way to help students separate out what bits are variables/arguments and what bits are code
- The C and sh bits are gateways into C and sh - "C lite"
- You can do some really powerful and *useful* programs in perl, which teaches that programming isn't just the creation of monolithic apps, but a *process* that can be used to solve a single specific problem.
- perl has native regular expressions, and teaching pattern matching opens up a whole new world of problem solving techniques

I can see homework like "Take the provided text file, and write a program that takes it as input and prints out the sentence that has the most vowels in it" or "Write a program that prints a list of the songs in your music library, ordered by date of album release". These programs are easy to write in perl, fun, challenging, and *useful*.

Good point. I wanted to argue but I looked up some numbers, and EVs tend to be several hundred pounds heavier than comparable ICEVs. I though the weight of the batteries would be offset by the lighter motor, but apparently not.

Google Maps uses both WAZE and Google Maps to gather traffic info. Mostly Google Maps, I suspect, since the userbase is much larger... though WAZErs do tend to have WAZE running all the time while most Google Maps users only use it when they're actually getting driving directions, so I may be wrong.

Oh, and Google Maps also gives you alternate routes around traffic as it discovers them. It's a bit less aggressive about it, I think, requiring a larger potential time saving before prompting a re-route.