The ones with money.

You lose the market of the country in question.

In any case, you're asking the wrong questions. You're looking at it from the perspective of one of those big cloud providers. The truth is, the big players can't protect your site. The big players have too much to lose. If you want your site protected, you can not go to the cloud.

You have to contract with a small independent company (a real company, not just a reseller) who is willing to protect you. If you want to host a porn web site, there are hosting companies that specialize in that, these hosts can even protect you against denial of service attacks. If you want to host a site that doesn't bow down to China, there are hosting companies that specialize in that too. If you want to host a site that is free from the influence of the NSA, you at least know to stay away from US companies (even if they have their servers in your own country).

If you don't know where to look, you just need to look for content that is similar to yours on the internet and trace their ip address to see what host they're using. You'll have to pay a premium for their service, but that's only because those hosting companies are not reselling a commodity, they're selling you a very unique specialized service that is tailored to your needs.

Or the more likely case is that German Intelligence are traitors to their own country.

Finally, a like-minded individual. What movie/book should we boycott next?

I tried boycotting a Harry Potter matinee once, but those little 8 year old kids can be incredibly violent and cruel.

I don't know why I'm continuing this, but if you're going to just reflexively gainsay, you might at least say why the experiments I linked to don't prove what scientists say they do. Bell's work was a long time ago, and while it's still not 1000% nailed down it's very solid. The experiments are all on that side - the only thing on the "alternative" side is vague "I don't think the universe would work that way" crap that has to be very convoluted to match up with experimental reality.

Less space (12GB vs 16GB) than AMD
No DisplayPort 1.3
No Wireless
Lame.

I did over 50 interviews of technical candidates while at Google, and 6 of them were phone screens.

One of them tried this on me, so it definitely happens. Two of them tried the "look things up on the Internet to answer the question" trick.

Personally, I would have had him drive the hour and a half from Boynton Beach to the Miami MarCom office, and interview from there. I don't recruit directly since my pre-Google/pre-Apple/Pre-IBM days, but if you are acting as a recruiter, one of the best gauges of a candidates personality is the front desk person's opinion of them. I can't see a recruiter passing on that information.

Shields should have gone up from the they-contact-you-because-you're-desirable-then-they-phone-screen moment. If they want you, they'll call you in, and if they *really* want you, they'll fly you to Mountain View to get a full team on your interview.

PS: I was 5 minutes late to exactly one of them because the bike I was riding to the building broke down. It would be interesting to hear an explanation of why the recruiter was not on the line with the person at the appointed time, and telling them of the schedule change and asking if it was OK with the candidate. For the on-site I was late for, the last interviewer stayed with the candidate until I got there. At a full 10 minutes of no-show I would have been substituted.

No, they weren't in that state the entire time - the results of real experiments don't correspond with that, or with "hidden variables".

It's complicated, but the Wikipedia article on http://en.wikipedia.org/wiki/B... seems like a good place to start.

Those were the days......

"... that aims to automatically suggest cancer diagnoses..." even if you don't actually have cancer.

"Sponsored Content" banner at the top of this post?

And continuing on my initial line of thought.

I think that Groupon should assign $500 to that one security flaw disclosed by Brute_Logic (again, it can't be 32 flaws, because it's essentially only one flaw on 32 sites owned by Groupon), and then it should give that money as a donation to the EFF (under the pseudonym Brute_Logic).

This would send the right message to future researchers who discover future flaws, that Groupon can be fair, but that researchers need to follow protocol if they really want the money to go to them.

That's a good point.

By the way, it was actually one single XSS flaw that was affecting 32 different web sites.

At least, this is according to the researcher himself (either that, or he made a mistake expressing himself, because his English is obviously not too good). So if that's really the case that it was only one flaw, but on 32 sites, then I really do have no sympathy for him.

Once a vulnerability is disclosed for one site, it's obvious that hackers are going to try to exploit the same flaw on other sites owned by that same entity And by disclosing the vulnerability of two sites, a disclosure which was not accidental at all, it's obvious that he was pissed off that Groupon wouldn't commit to any minimum amount of money for his initial disclosure .

That was a misprint; that's not the actual number of them, as individuals, that's by weight.

Yes.

There's also Mandatory Access Controls (MAC Framework) in the kernel itself, and there's BSM secure auditing in the kernel itself, and there's discretionary access controls, such as standard UNIX permissions, and there's POSIX.1e draft (it was never ratified as a standard) ACLs, and then there's whatever malware detection or antivirus protection you've jammed into the kernel as a MAC module via a KEXT, and in the absence of any access controls whatsoever, it's default deny, and then there's code signing, and encrypted pages within executables.

They didn't bypass any of that, and they wouldn't really be able to, even if they were root, because you can't get the Mac port for the kernel virtual address space without jumping through a massive number of hoops (which is why jailbreaking phones is non-trivial, and everyone uses script kiddy tools to do it, instead of jailbreaking from scratch).

And yeah, it's pretty stupid that Gatekeeper or anything else would be running as root and thus be exploitable with the escalated privilege available at install time, since it'd be pretty easy to just have it run as a role-based account, and have the kernel's cooperation, after cryptographic verification of the developer keys at the kernel level. But that doesn't let you bypass "All OS X Security": getting root doesn't really get you nearly 1/10th of the security bypassed (less, if you've installed third party anti-malware KEXTs that refuse to be unloaded except in single user mode during boot as part of an uninstall script, and are therefore always active).

They clearly do not understand the concept of "security in depth".

Personally, I don't think he was talking to Google; at least not directly.

He got called by a recruiter, supposedly for Google, who set up a phone interview Looking for C/C++ and Java. Fine. There's an outside chance of Java, either as an Android App developer, or for some server back end crap at a company they purchased. It's unlikely, but it's possible (in 2011, they hired people to work at Google, and then groups decided to offer them, and then you got a choice of usually one of 3 groups... you didn't know what you'd be working on at interview time, and there was no such thing as "hiring for position" unless you were net.famous).

Then he didn't get sent a Google Docs link by the interviewer. You are *always* sent a Google Docs link by the interviewer, unless you are in a city/area where Google has a facility, then you are instead brought in to use the video conferencing at the Google location.

Then he got an interviewer who barely spoke English, and wouldn't take him off speakerphone. That never happens at Google.

The interviewer was 10 minutes late to the call.

Frankly, sir, IMHO, you got played.

You just got man-in-the-middled by an Indian or other foreign person who wanted a job at Google, and got you to ghost his or her phone interview for them, with the help of a "recruiter"/"interviewer" who had you on lousy speakerphone so that they could relay your answers directly via a cell phone to the person Google was actually talking to.

Yes, this happens.

No, savvy technical people generally don't fall for it, because they get an email from Google telling you the schedule, there's a Google Doc URL sent out with an @google.com address, and if you look at the email headers in the email of the schedule, you'll see that they are probably forged, assuming you got one at all.

Congratulations on being played, Mr. Robert Heath.