Hopefully these people are not allowed in public or private schools or daycare. We care enough about our dogs and cats to not let them in kennels and grooming situations unless they have vaccinations. Why should we care about kids any less. I mean if someone want to start a vac-free school where everyone is not vaccinated, that is their right, but we shouldn't put innocent kids at risk.
I have published a paper through Elsevier when I was working on my PhD. At least the contract I signed with them states that I retain the right to distribute the papers if I so choose, for example, on my own website.
Of course, if the distrubution happens through a third party...that might be a different matter.
Or the purple wigs.
I come from Edmonton, Canada... I'm well acquainted with just how cold it gets up here.
And if your extremities are that cold, then you can be damn sure that frostbite is setting in. We're not talking about topical skin temperature here... we're talking about the temperature of what's underneath, and underneath your skin even at the extremities won't ordinarily deviate from core temperature more than about a couple of degrees. Any more than that and you have a problem.
If you are wearing proper gear for the weather, your extremity temperatures will not be any colder than normal.
It's a pain, but the average user needs to start actually paying attention to app permissions.
Except the "average user" literally CANNOT understand the permissions being asked for.
That's why an up-front model for permissions is inherently broken. If an app sneaks in location in the set of permissions an "average user" will never see it. If it asks them if the flashlight app can have their location when they run it, or access to contacts - there's few people that would agree to that.
On my mobile device, half the text is under the X-rays, looking like some bizarre part of it.
Needlessly using some complicated HTML generator that tries to control layout down to the atom FTL.
I am intrigued. I mean is this the start of the T-1000???
More like the T-Hog.
Their flashlight app was requesting network and GPS privs? There's obviously a fundamental problem with the Android security model, and I'm just going to go ahead and point my finger at people. First off, people assume that just because it's on the Play store, it's safe to install. Obviously not the case. Second, people obviously don't review the privs their apps request and say something like "Why the fuck does a flashlight app need access to my GPS and network?" And third, lazy developers have no incentive not to request every priv in the model.
Not to mention that although for a very basic app (like a flashlight one) it is possible to spot a nefarious permission, once you start looking a much more feature-rich app then it gets very difficult for users to work out the validity of the permission requested.
For example, a mobile banking app wants your location. Is this because:
- It's sending location data to a server to track you?
- It's sending it to third party companies for location based advertising?
- It wants that information so it can tell you where the nearest ATM or bank branch is?
The actual spying isn't the biggest issue I have with the NSA (and GCHQ and ASIO and the others), the biggest issue is the way that these agencies are doing things that deliberately weaken computer security in the name of making it easier to spy on people
+1. This particular aspect of the Snowden revelations shocked and staggered me.
The NSA has always had two missions around signals intelligence (1) spy on the rest of the world and (2) make sure the rest of the world can't spy on us. And that second mission covered all communications important to national security, not just government comms. A few years ago I build an important commercial system that protected stuff related to credit card payments, and I had NSA oversight for the whole project because they (rightly) consider the payment infrastructure to be important to national security. And the NSA guys were clearly working to ensure that the system was highly secure; they never once suggested anything that would in any way compromise it, and they had some valuable insights about how to make it better. Over the years the NSA has done a lot to contribute to the security of important commercial security infrastructure -- because it's their job.
So, what the Snowden revelations made clear is that the NSA has decided mission 2 takes a back seat to mission 1, and in fact that mission 2 is so unimportant that they're actively working to undermine it.
heck Yahoo and Bing still don't use SSL for search
Out of curiosity I just went and tried it. Not only do they not use SSL by default, but you can't use SSL at all for searches on either site. Yahoo will serve the home page via HTTPS, but trying to search from it gives you first a big error message from your browser due to a certificate name mismatch, and if you click through that you get a 403. If you try to go to http://www.bing.com/ you get a blank page.
I didn't try either site while logged in, so it's possible that you can do secure searches if you have an account.
My understanding with Google was that it was always SSL for all logged-in searches, but that logged-out users could still use via HTTP. At some point that appears to have changed, because signed in or signed out, regardless of browser, any attempt to go to google.com via HTTP gets redirected to HTTPS. If you construct a query like http://www.google.com/search?q=foo you can force Google to receive your query terms over HTTP, but it still immediately redirects to HTTPS rather than returning any data. I suppose if you used a browser that indicated it could not handle HTTPS, Google would probably allow you to do searches over HTTP.
2. China & India, you really need to step up your game.
It's not quite as big a boost to national prestige when hobbyist makers are getting their stuff launched. If SpaceX starts providing unused space for hobby payloads to fly standby, every school science project could get launched.
How long did it take Google to finally get around using https and secure logins? A long fucking time
You don't know what you're talking about.
Google provided the option for SSL on all Google services back in 2008. At that point in time it was considered infeasible for large web services to do always-on SSL, because it would increase the load too much; SSL was only used for login pages, pages where financial information was entered, etc. In 2010 Google turned it on by default for all users for Gmail and other key services, long before any other major webmail providers did. In 2011 they turned it on by default for everything, including search. Google did this long before any of the other big web companies... heck Yahoo and Bing still don't use SSL for search.
Google was also the first major web service to provide two-factor authentication, in 2010. Yahoo didn't do it until 2012, and Microsoft didn't offer it for Outlook until little more than six months ago. AFAIK, Google is still the only major webmail provider to offer and use secure SMTP when communicating with other mail servers. Most SMTP traffic to and from Google is unencrypted, but only because the other end won't do encryption.
Google also designed SPDY without any unencrypted mode at all. The W3C committee standardizing SPDY as HTTP/2.0 is struggling a little bit with that, though it appears they're going to accept it as encrypted-only. Google's next-gen web protocol, QUIC, not only doesn't have a unencrypted mode, but encryption is baked so deeply into the protocol that when it gets to standardization there will be no question about removing it... you'd have to completely redesign the protocol.
Google has been serious about encrypting everything for a long time and has consistently led the industry.
Bill Gates is on the ground giving billions to eradicate disease -- something that actually improves peoples' lives in a meaningful way
The work of the Gates foundation is fantastic, I completely agree. However, I disagree that providing universal access to useful information, which is Google's stated mission, doesn't "improve peoples' lives in a meaningful way". In fact, I'd say that universal Internet access is one of the most powerful tools we can offer the developing world, enabling them access to the information needed to lift themselves out of poverty and corruption. Of course, Internet access doesn't help when you're dying of malaria, so eradicating, or at least suppressing, disease is critical.
None of the major IT companies gave a rats ass about user privacy until Snowden leaked his information.
You can debate about whether or not they would have without it (I argue they would), but Google has had to care seriously about user privacy for years now, because privacy assurance, including annual privacy audits performed by a third-party auditor, are required by the FTC consent decree. If there's any hint that some design or implementation detail threatens to expose user data, or even put it where it shouldn't be, the privacy team comes down with both feet until it's fixed. I really think that would be the case even without the consent decree, though because of it the privacy team is supervised by legal which undoubtedly gives it even more clout than it would have otherwise.
I realize that
(Disclaimer: I'm a Google engineer. I work on the security infrastructure, which is related to but not the same as the privacy infrastructure.)
Maybe to start them up. But try anyhing significant with thousands of cells, formulae, and VB code, all of which is script on top of script, and RAM skyrockets and speed slows.
Having said that, VB is pretty fast as script goes. Some cleve people have optimized it internally pretty well.