Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Comment Re:really... (Score 1) 482

Both Mormons and Muslims claim that their Scripture are merely copies of documents which came from heaven.

Actually, I don't think either claims that. I know Mormons don't. Mormons claim that the Book of Mormon was written by a series of prophets. The prophets were inspired, but wrote in their own words. Same as the Bible. The difference is in the method of collection and translation, not the method of authorship.

I think it's the same for Islam. Muslims believe Mohammed was a prophet, so his writings were inspired by Allah, but the Koran contains his own words.

Comment Re:A govt employee charged with a crime? Shock!!! (Score 3, Insightful) 72

That Shaun Bridges was even charged at all is amazing. He's a government employee, and in most of the world it's very rare for government employees to be charged with a crimes because fellow government employees refuse to prosecute them. Thank your lucky stars, America, you are not like Australia where the press reports alleged corruption, the police ignore it, and it piles up and up and up: https://archive.is/KUTAy#cases

Nah, it's pretty much the same in America.

The difference in this case is the nature of the crime and the victim chosen. No, not Ulbricht. The victim was the federal government, because they were going to seize that money anyway. You steal from the government, or attack the government in any way, they're going to drop the hammer on you. If your victim is an individual, well, it depends in large part on the socioeconomic status of that individual. A government employee can get prosecuted for killing a poor black man, for example, but it's rare. If you're a government agency and your victim is the entire nation, you're almost certainly going to get away with it. At most you'll be told to stop, but no one will be going to jail... well, except the guy who ratted the agency out. There's a good chance he'll go to jail, if he can be caught.

Comment Re:It is amazing... (Score 1) 284

My concerns include the following:

* Candidates may only request recounts in state and federal elections. This leaves lower levels (esp. cities and counties) with no recourse.
* If the margin originally reported is greater than 0.5% then the recount requester has to put up a bond to cover the full cost of the recount. Since the question being researched relates directly to unexpected statistical skew in voting results after voting units (precincts?) reach 500 votes, that skew if artificial and introduced at the tabulating stage might well result in a margin greater than 0.5%.

I'll grant though that perhaps she should have chosen a different place to check since the statistical pattern is not only seen in Kansas - it's just that the researcher is in Wichita, so presumably Kansas is the easiest place for her to work and she's an interested party as a resident of the state.

Comment Re:Headline leaves out one very important detail (Score 2) 196

The technical term for jailbroken, insecure versions of iOS is "Android."

That's a common belief. In practice, I don't think it's true. In particular, although the Android world sees lots of announcements of vulnerabilities that affect X hundred million devices, the actual exploitation doesn't seem to follow. One reason is that many of the vulnerabilities aren't actually as widespread or are harder to exploit in practice than the researchers describe. Another is that the diversity of the Android ecosystem often means that an exploit has to be customized for each different manufacturer and model, making broad exploitation harder. A third is that Google is often able to successfully mitigate vulnerabilities with the Play store, Verify Apps and updates to the Play services app. There are other reasons as well.

Whatever the reasons, it's interesting to note that we don't see reports of large numbers of Google accounts being compromised via Android vulnerabilities. I'm not claiming that's impossible, and it wouldn't shock me if it happened tomorrow, but the fact that we don't indicates to me that there is actually more right with the Android security situation than is commonly believed. The low real-world malware numbers disclosed in Google's Android security "State of the Union" report further buttress that view.

(Disclaimer: I'm a member of Google's Android security team. I'm speaking only for myself, not for Google.)

Comment Re:Headline leaves out one very important detail (Score 5, Interesting) 196

I expect to be able to go in and out of my door. That's what doors are for. Apple doesn't even give you a door. You have to break your way through the wall. Then there's a hole there. That's why Apple products are only sufficient for sheep. They don't break down walls, they just wander through holes.

It's worth pointing out that if you root your Android device you're doing the same thing, breaking through a wall. That's fine if it's what you want to do, but you are giving something up in terms of security.

As a member of the Android security team, I'm involved in lots of discussions about lots of different threat models and attack vectors, and while we do think about trying to maintain security on rooted devices, I'd say that 90% of the time we end up deciding that we just can't, so "device is running an official image[*] and is not rooted" becomes a foundational assumption of the analysis.

This isn't because rooting is inherently bad, or because we're trying to control user's devices, but because it's impossible to reason about security in a vacuum. You have to know what you can depend on. For example, we might argue that apps can't break out of their sandbox in a particular way because the information they need to do it is managed by a particular system daemon which validates access in a particular way... but in a rooted device that daemon may be modified, or simply bypassed. We just can't know that stuff is still working the way it's intended to. Some members of the modding community do an outstanding job of adding flexibility without breaking the security model, but many others don't.

Ideally, devices should provide enough native flexibility to allow users to achieve what they want while staying entirely within the normal mode of operation. In the case of Android that means staying within Google's "walled garden": install apps only from the play store, keep Verify Apps enabled (and follow its recommendations), don't root, definitely don't disable SELinux, etc. Where that ideal fails, and users want to do stuff that can't be done in the garden, they should have the option of stepping out of it, and they should be able to do so in a progressive way, not all-or-none... but each step they take increases the probability that they'll change something that violates a security assumption and thereby increases their risk of compromise.

I suspect that Apple security engineers even more strongly assume that devices are not jailbroken. That's just a guess, but it's consistent with the general philosophy of iOS and, if correct, it means that jailbreakers have even less expectation of security. iOS users also live in a software monoculture, which exacerbates the risk. (Android users get security benefits from ecosystem diversity, though there are obvious costs to that diversity as well. Including the update problem.)

[*] Note that given the state of updates in the Android ecosystem, we often don't assume that the device is running an up to date system image. From our perspective that's often easier to work with than a rooted device because at least we know how it behaves and can look at trying to mitigate risks at other layers. We're also working on the update situation, but that's hard given the nature of the ecosystem.

Comment Re:It is amazing... (Score 1) 284

Perhaps I am partisan, but I'd say that at this point there's enough information to make a credible argument for calling into question any election in Kansas. Of course, that would perhaps be vote fraud not voter fraud, and I'm not sure that the former is as worth of attention as the chance of catching those rare Ann Coulters of the world who vote illegally.

Of course, this could be a rework of the old saying, now to "It is better to hide ballots and let people think there's a criminal conspiracy rather than opening them up and proving it."

I think it'll be interesting to watch recount challenges that would normally be outside the margin where a recount would be allowed. Will they challenge that exclusion based on the unexpected statistical pattern without which they wouldn't be outside that margin?

Comment Re:Great experience (Score 1) 182

Google knows my location due to my use of Google Maps

Google receives the map tile requests, etc., but if location history is turned off nothing about it is stored. I have no idea what your cell provider may store, though.

Again, I actually like the location history. I find it convenient to be able to look back and see where I was at a particular date and time. But it's under your control.

Comment Re:Great experience (Score 1) 182

I really have no concern about sharing it with Google, because no one is ever going to see it.

Well, an individual person doesn't need to see it. If they're willing to use searches to send people job offers and ads, what else can they automate?

They can also remind you when it's time to leave for an appointment, and that you have a coupon you can use at the store you just entered, and that your wife's birthday is coming up, and much, much more... but only with your permission. If you don't want it, turn it off and delete the data. Google provides the tools.

And what happens when Google has a breech or a bad setting. Remember when Google signed people up for G+,. and a lot of private data got exposed.

I think you're thinking about Buzz, not Google+. That was bad; Buzz auto-friended contacts, exposing relationships. The fact that that's the worst thing that's happened, and that happened before all of the internal privacy review policies were put in place is pretty indicative, IMO.

As for a breach... nothing is impossible, but I spent 15 years as a security consultant to US corporations, mostly banks, and Google has dramatically better security systems than anyone I ever saw. I'm not worried about my data at Google.

However, if you are I highly recommend going to your Google account dashboard and deleting whatever information there you're concerned about.

Comment Re:Time Management (Score 1) 182

but bored in their current job?

I'd expect a self motivated worker to already be looking for a new one.

Bah. There are different kinds of people. Some will search out a better job, but many of the more introverted sorts won't. It doesn't mean they're not motivated, just that they're not comfortable with interviewing. A lot of top-performing software engineers are very introverted.

easier to teach brilliant problem solvers some time management skills

That's an optinion that not many employers share. Companys that take it upon themselves to teach basic skills tend to hire people without them. And then everyone suffers, because everyone is expected to help out the special snowflakes.

There are no "special snowflakes" at Google. Google gives people time and resources to address their shortcomings, and it's expected that everyone be helpful, but if you can't pull your weight for whatever reason, it'll come out. Your peers will tell you that you need to manage your time better, and your manager will expect you to make use of the internal resources available to improve. It's even fine if you take time away from your job to do what's needed to improve... but if you don't, you'll eventually be gone. It's not like learning to manage your time is hard. If you're capable of solving hard computer science problems, you can learn that, too.

In practice, it's really not a problem. If you find smart people and keep them challenged (or enable them to keep themselves challenged), and give them feedback on how they can do better, it works.

Comment Re:Great experience (Score 1) 182

I buy the "potential" issue. I have enough confidence in the leadership and the culture that I don't worry about it being abused in the near term, but eventually that could change. I actually do have a greater degree of trust in Google than I do other corporations or government agencies, though. I expect that's mostly because of the visibility I have as an employee.

The less they know about me, the better.

In the abstract I see that. But Google Now is useful... and I expect it to become vastly more useful. It's going to be interesting to see how this evolves over the next decade or so, whether most everyone decides that having an excellent personal digital assistant is worth allowing someone to know so much about them. At least it's shaping up that there will be competition... Now, Siri, Cortana, Echo...

And obviously Google is already using information it knows about users to make recruiting decisions so clearly they are using the data for more than just advertising.

Recruiting is advertising.

Suppose that I use an Android phone and I have all my web browsers signed in to a Google account. Google now has access to all my phone data, my contact data, calendar data, search history, and even info about websites that I go to directly w/o the help of google (thanks to Google ads)

Chrome can also tell Google everywhere you go even without the help of ads. It only does that if you turn on web history, though. Same with location. If you turn on location history, Google stores it. If not, Google doesn't get it. As for phone, contacts, calendar, photos, etc., that's true if you turn on backup for everything. If you turn off backup, the data doesn't go to Google. Of course, then you don't get the cross-platform always-updated calendar and contacts list, and if your phone gets run over by a bus it's all gone. Whether or not to use backup isn't a one-time decision, though; if you use it and then later decide not to you can use the privacy dashboard to delete stuff.

And Google does forget the data you ask it to delete. It's a good idea to check the dashboard periodically and wipe out anything you don't want to be there. You should probably do that if you haven't.

Comment Re:Does flipping one electron now flip the other? (Score 1) 213

As I understand it, when you flip the state of one of an entangled pair, you break the entanglement. So site B can do what they like with the second pair, but site A won't know what they did. But IANAP and it's been over two decades since I took physics. Oh, and although my old textbook is on the shelf behind me, I'm too lazy to turn around and look at it :)

Comment Re:Time Management (Score 2) 182

Person is researching python lambda function list comprehension for a programming project. Gets sidetracked for a couple of hours by popup puzzles.

Yep. This is the employee we want.

You mean the sort of person who is an avid problem solver but bored in their current job? Yes, that's exactly who you want to hire if you're going to put them in an environment rich in productive puzzles to solve. Yes, you do also need them to be able to maintain focus when it really matters, but it's far easier to teach brilliant problem solvers some time management skills than it is to teach plodding, methodical thinkers to be brilliant problem solvers.

Comment Re:Not if you're searching for Maaaaaaatlock... ;- (Score 1) 182

FWIW, I'm a Google engineer. I'm 46. Many members of my previous team were in their 50s and 60s, and the median age there was probably around my age. That team was working on complex internal enterprise systems, where decades of experience with complex business logic was at a premium. My current team is younger... but I'm not the oldest.

Comment Re:Great experience (Score 1) 182

Rumor has it the selection process happens through your Google search history over a long period of time, so you're not going to be able to just spam Python jargon at the search engine and get in tomorrow.

Do you keep yourself logged in with a google account when you search? I specifically try to avoid Google tracking my searches to the extent that I can control. This whole thing is kind of creepy to me, and I never ever log into a google account unless I'm in a VM, though I am sure there are still ways to track me.

Out of curiosity, what are you concerned that Google is going to do with your search history?

FWIW, my approach is that I stay logged in all the time, with web history enabled (so Chrome sends a log of every page I visit to Google for storage, not just my searches) and open an incognito window when I'm doing something I don't want recorded. I try not to do that much, though, because I get a lot of value from being able to search my own web history (web history allows you to search in all the stuff you've looked at, so when you find yourself thinking, "I know I read that on some site..." you can typically find it pretty easily).

While there probably is stuff that I'd rather not share with the world, I really have no concern about sharing it with Google, because no one is ever going to see it. Unless there's a warrant or a subpoena for my information, but that seems pretty unlikely, and even more unlikely that any warrant or subpoena wouldn't get more from my e-mail, bank records, etc.

In the interest of full disclosure I should mention that I'm a Google employee, but this post really isn't about trying to convince you that you're wrong. I'm just curious.

Comment Re:It is amazing... (Score 0) 284

It's a amazing how many folks have a "Government is hiding something" default setting here. Who, without reading the background material, conclude that the Kansas Secretary of State is stonewalling with the "it's not legal to release this information" argument.

Under KS Secretary of State Kris Kobach, creator of the 2-tier voting system (you must provide proof of citizenship, e.g. passports to vote in state and local elections, but not in federal elections because federal law prohibits using that same type of restriction on the federal voting registration paperwork) I'd absolutely believe that he's hiding something. He's shown a history of official decisions that can at least be interpreted from the outside as motivated by politics more than the law, and if there's something squirrely going on with the voting machines I'd be unsurprised to see him working to keep it covered up.

He: Let's end it all, bequeathin' our brains to science. She: What?!? Science got enough trouble with their OWN brains. -- Walt Kelly

Working...