Forgot your password?
typodupeerror

Comment: Re:hasn't stopped him yet (Score 1) 37

by swillden (#48209609) Attached to: Google Leads $542m Funding Round For Augmented Reality Wearables Company

so where was his "strong anti-authoritarian and anti-military streak" when he was rolling over for the NSA **for years**...

That never happened. The NSA tapped Google's fiber without Google's knowledge, but there's no evidence that Google ever willingly participated. As soon as Google found out about the taps, it accelerated a program to get the data on all those fibers encrypted, to lock the NSA out.

Google invades privacy for profit and for decades gave the NSA (and god knows who else) an unaccountable back door to all our data

Google trades the right to target ads to you in exchange for services, and enables you to opt out of the trade if you want, even providing the necessary tools for you to do it. Google has never given the NSA an "unaccountable back door". See David Drummond's numerous public statements on this issue. From my personal perspective as a Google security engineer, I think it would be virtually impossible for such a back door to exist in Google's systems without my having noticed some trace of it. Take that as you will.

You're coming to this question with a whole bunch of inaccurate assumptions, which are seriously skewing your perspective. You should take a breath, look into what really happened (as much as is public information anyway) vis a vis the NSA, PRISM, etc., and then re-evaluate.

Or not, that's your choice. I'll merely point out that time will prove me right with respect to any purported military-focused work by Google X and leave it there.

Comment: Re:and so? (Score 1) 37

by swillden (#48203575) Attached to: Google Leads $542m Funding Round For Augmented Reality Wearables Company

why dont you explain? if it is lol funny then you should be able to say why

Sergey Brin, director of X projects at Google and co-founder of the company, has a strong anti-authoritarian and anti-military streak. The idea that he'd invest himself so deeply into a project focused on military applications is laugh-out-loud funny.

Comment: Re:I'm betting on balloons (Score 4, Informative) 93

by swillden (#48201627) Attached to: Internet Broadband Through High-altitude Drones

Have you ever seen a hurricane or a tropical storm? It means the Internet will be down during these critical events when it is often most needed. That is the reason they are talking about 13 miles altitude drones and not just zeppelins. The altitude record for a zeppelin is 7.6 km or 4.7 miles. Large hurricanes can reach an altitude of 50 000 feet or 9.5 miles or 15.25 km. Zeppelins couldn't clear a large hurricane.

The balloons Google is experimenting with do reach the stratosphere. 20 km altitude.

Comment: Re:Where is the NFC 2-factor? (Score 1) 119

by swillden (#48201227) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

The ownership thing can be mildly obnoxious. It's fairly standard practice at Google to click the checkbox to allow all attendees to edit a meeting. Even without that, though, it's always possible to make the change on your own copy; no one else will see the change if they look, but you can add someone (or a room), and the meeting will be added to the appropriate person/room calendar. Maybe Google Calendar works a little differently externally... I wouldn't think that part would be different.

Doesn't the Chromebox offer you the ability to type in a meeting name? That's another option on the internal system. We just go to the other room and manually enter the meeting name. Actually this was a problem a couple of years ago, but refreshes have gotten fast enough I haven't had to do that for a while, except when no one added a Hangout to begin with and we just have to make one up on the fly. Then we pick a name send it to everyone via chat or whatever, and type it into the room controller.

As for getting the other room booked, that's easy. Just make a calendar appointment and put the room on it. Fast.

Comment: Re:I'm still waiting... (Score 1) 156

by swillden (#48199813) Attached to: Cell Transplant Allows Paralyzed Man To Walk

We keep statistics, yes, but only in the context of criminal law.

To study, say, gun ownership as a matter of public health, as a risk factor for overall mortality, is illegal(with public funds).

Cite?

It seems to me that the main obstacle to such studies is detailed information on gun ownership, because mortality information is readily available, and not just from law enforcement. The CDC tracks it closely.

In any case, I'd love to see this research done... though I suspect that I anticipate a different result than you expect.

Comment: Re:Wait, wait, trying to keep up (Score 1) 712

by swillden (#48199585) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

They're both. Just like men.

Ah, the old "If I can say it in a grammatically correct sentence, it must be true!!" fallacy.

No. They can't be both, because the groups OP defined are mutually exclusive. Men can't be both either.

Nonsense. Even individuals aren't only one thing. They're different things at different times and in different contexts. Further, you're talking about two large groups of people; there's clearly a lot of variation among them.

Why would you think that women should fit neatly into one bucket or another?

To state the obvious, because some buckets are neatly defined. For instance, a woman can only fit into at most one of these buckets: "Likes math" or "Hates math." (They could be in neither of those buckets.)

You're a little bit closer in recognizing that women aren't all the same. Congratulations! But you're still wrong. A given woman can like some kinds of math but not others, can like math during some parts of her life but not others, can even like math in some moods but not others.

Comment: Re:Where is the NFC 2-factor? (Score 1) 119

by swillden (#48199561) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

I don't see how fumbling around with USB sticks is much better.

I use a YubKey NEO-n. It's a tiny device, only extends from the USB port by a millimeter or so... just enough that you can touch it to activate it. I just leave it plugged into my laptop all the time, so there's no "fumbling with USB sticks", I just run my finger along the side of the laptop until it hits the key. It's extremely convenient.

Doesn't leaving the device plugged into your laptop all the time defeat the purpose of two-factor authentication? If someone steals your laptop they have your key now, same is if you left your one-time pad as a text document on the desktop.

I addressed this in the paragraph below the one you quoted, and a bit more in the paragraph after that.

Comment: Re:How does it secure against spoofing? (Score 1) 119

by swillden (#48199163) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

The second channel will not secure a compromised channel, but it will make it easier to detect it.

Oh, you're talking about a completely separate channel, with no joining to the primary channel? That creates its own set of problems... when the user authorizes a login, how do we bind that authorization to the login the user is attempting, rather than a login from some other location? Without a join (e.g. entering OTP from second channel into primary channel, or vice versa), the attacker just has to figure out when the user is logging in, and beat them.

There is very little you can do to combat malware infections unless you are willing to use a second channel.

I maintain that a second channel doesn't really help, either as defense or for detection, and you haven't suggested any way that it might.

At some point in the communication the data is vulnerable to modifiction, no matter how well you try to shield it. It resides in memory, unencrypted, at some point in time.

In the case of a security key no, it does not. Not in the memory of the PC. The PC and browser are merely a conduit for an authentication process that occurs between security key and server. It's actually pretty reasonable to characterize this as a second, virtual channel. It's MITM-resistant; an attacker can block the messages but can't fake, modify or replay them without failing the auth. It is also bound to the primary channel, though that binding is admittedly dependent on the PC being uncompromised. But if the PC is compromised to the level that the attacker can cause the auth plugin to lie to the security key then there is no hope of achieving any security. A separate channel definitely wouldn't help.

And it's heaps easier to do if the interface used is a browser.

Sure. But the goal is to create as much security as possible within the context of what people actually use. Theorizing about some completely different approach that no one would use is entertaining but pointless.

Comment: Re:Wait, wait, trying to keep up (Score 0) 712

by swillden (#48198973) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

...so today are women ndividuals who can do anything men can do and are perfectly capable of functioning in modern society to wit, choosing the career path that they want to follow out of interest, talent, and education?

Or are they intimidatable, wilting violets incapable of exercising free will, intimidated by the faintest approbation, and unable to choose a career because some shitty 1980s movies didn't ACTUALLY show "girls doing data entry"?

I'm just trying to keep track here. I need to know if I should treat them like plain old people, or tread delicately around their fragile sensibilities?

They're both. Just like men.

Why would you think that women should fit neatly into one bucket or another?

Comment: Re:Toys vs tools (Score 2) 712

by swillden (#48198943) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

When computers were viewed as toys, it was acceptable for girls to have them. Once they became tools, however, they were only for boys.

Then explain why a high percentage of programmers were women back when the only computers that existed filled rooms, cost millions of dollars and were clearly anything but toys, but once microcomputers were widely available in homes and used for playing games as much as anything, the percentage of women began to decline.

I think you may have the right concept, but with the genders reversed.

Comment: Re:Where is the NFC 2-factor? (Score 1) 119

by swillden (#48198359) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options
Can you elaborate on what the problems are? You described having a PC in each room... so I don't see what's difficult about uninviting one and inviting another when moving. As for the other things you mentioned... do you think there's no need at Google to find a free room at short notice, or move hurriedly from one room to another? Actually, of late at Google in Mountain View there is no finding a room at short notice or moving hurriedly... because if you didn't grab that room days in advance it's just not available. But the buildings haven't always been so overcrowded and soon won't be again.

God made machine language; all the rest is the work of man.

Working...