Flashing the factory image will do a wipe if you follow the instructions on Google's download page because it has you unlock the bootloader, which causes the device to erase itself. There's also a command argument in flash-all.bat that causes a wipe.

Usually someone will capture and post a link to the OTA download (who knows why Google won't just post it themselves...) and you _can_ "sideload" that fairly easily using adb without losing all your user data. This is by far the easiest method if you don't need to update right this second but you don't want to wait until Google finally gets around to allowing the update for your device.

Bullshit. There is virtually no difference in the operation of either system except one has a fingerprint reader.

More bullshit. The reason ApplePay became the #1 mechanism overnight is because Apple leveraged their marketing and the media around it. Google hasn't ever done the same. In fact, it would be easy to be oblivious to the fact that Google Wallet even exists - it's almost as if Google doesn't give a crap in terms of marketing it (who knows why..)

It takes me no more time to use Google Wallet.

I was under the impression that where phones have hardware (e.g. Nexus 5) it'll use it, and it provides emulation elsewhere so that Wallet can work across all Android devices with NFC, and the idea was to broaden support for the platform, not to say emulation is better or even preferred.

Brain-computer demo (internal voice):
"Visit Slashdot"
"Fucking beta..."
"No no no, go back!"
"Damn, Amazon ads are creepy, I was just searching for a new stereo system!"
"no no no, I don't want to search for a stereo system, go back!"
"reads post explaining vulnerability that tricks brain-computer interface into issuing commands using your internal reading voice select all files permanently delete confirm"
"wait! fuck! nooooooooooooooooooooooo!!!!!!!!!!!"

Hi Warren,

I haven't really heard of you before but I thought those movies were okay. As someone currently thinking, "what kind of stupid question is this?", what kind of biscuit do you prefer with your tea?

Seems like something along the lines of Google Wallet or Apple Pay would be more secure, since they can require to be unlocked before processing NFC transactions. Something as simple as a pressure pad on a card (i.e. requiring it to be pressed while completing a transaction) could solve the vulnerability.

As soon as any government appoints a Czar, you know that they know bad things are going to happen.

Usually:
* The person has little actual power
* They are allocated minimal resources
* Decisions come from the people above
* Blame falls upon the Czar's shoulders
* Appointing a Czar makes it look like you're doing something, even though you don't actually have to know what you're doing
* Almost inevitably the Czar resigns or is fired later for being ineffective - because they were never actually there to do anything or even empowered to do anything

When you see a Czar being appointed you should immediately think, "they know the outcome here has a high probability of being very damaging politically, likely because they either don't have the answers and they know it, or the answers they have point to a very unpopular outcome".

That's not being cynical, it's just reality.

Sure. Imagine it's a recurring meeting that someone else owns, or a short-term meeting where you're not the owner and the owner is late or doesn't have their laptop with them, etc. How are you going to change the invitation list? You can't, and neither can anyone else on remote teams, so you're screwed until someone goes and creates a new meeting and re-invites everyone, then hope the Chromebox picks that up fast enough, or at all, because technically the meeting has already started. Oh, and then also hope that nobody else has already booked the room you want to use, but simply hasn't showed up.

These are just some of the real problems I've found.

Czar's are usually there to be completely ineffective and take the fall when side A politically leverages hindsight and/or the situation that they themselves have helped create against side B.

Don't be a Czar, it won't end well for you.

I'm aware of "the proper solution" from an administrative perspective, and maybe what you suggest does work at Google. However, there is a vast difference between a company the size of Google and, say, a startup where people just "take" rooms as needed, or you have to find a free room for something at short notice, and moving the conference from one room to another in a hurry becomes a pain. As I say, I've "experienced" the Chromebox for Meetings in the startup setting, and I'm sure it would be great _if_ you're a larger company, but it was "unpleasant" shall we say for me - in fact, you could tell it was not designed to handle exceptions very easily.

Google should recognize that there are many smaller companies than large ones and provide a convenient solution.

That's okay for you on your laptop. When you go to a conference room with a e.g. a PC set up for conference calls, and someone needs to log in to pull up the hangout, it's a different story (don't even get me started on Chromebox for Meetings...).

Here, having a little dongle sitting in the middle of the desk connected to the main system via USB would provide an easy option to provide at least the 2nd factor auth, without anyone typing in codes or plugging in additional devices. Lots of people walk into a conference room with their phone in hand as it is.

Let me know when they start selling cheap NFC dongles so we can just tap our phone on them to login. I'm sure our company would buy a bunch. 2-factor makes logging in to conference systems a pain in the ass - everyone is always looking to the guy who doesn't use 2-factor to login already. I don't see how fumbling around with USB sticks is much better.

It would be nice if router logs showed suspicious ARP packets and/or declined to forward them except for specially privileged connections (e.g. via a flag in the access list). The router knows the addresses of users connected over WiFi, and it's extremely unlikely those WiFi users will be routes for other devices. This seems like a good measure in general to make MITM harder.

Stuff like this is exactly why strong cryptographic solutions should be woven into the fabric of the internet ASAP (e.g. content signing in this case). Agencies globally have become extremely abusive - spying, manipulating, defrauding,denying - and work against the basic infrastructure elements that would prevent this at every turn. They really bring it on themselves with crap like this.

Maybe it is, when law enforcement isn't brazenly violating every single principle of personal privacy for all persons without redress. You got us here, Bush and Obama administrations. You. Not us. You.