Forgot your password?

Comment: Re:If this works, then Microsoft is doomed. (Score 1) 99

by swillden (#47957451) Attached to: Android Apps Now Unofficially Able To Run On Any Major Desktop OS

yes....but did Java have all of the millions of apps that were indexed by a single entity, and more importantly made it easy for anybody to access and use?

Neither does Android. Oh, there are millions of apps, but most of them are completely uninteresting on a desktop or laptop and the rest won't run well. Oh, there will be apps, over time, but there's no huge number already available, developers are going to have to start more or less from scratch.

The index is new-ish, yes, but I still don't think it's going to provoke the sort of sea change the GGP supposes. If that were all it took, the Chrome store would already be doing it (there's also an index of apps).

No, what's really going to happen is that Microsoft is going to continue its slow, gradual slide into obscurity, unless it finds a way to create a new market for itself (which is likely, frankly, though no one knows what it'll be). Android apps on Windows may even play a role, but a small one. Phones and tablets are becoming the dominant computing platform for the masses, a platform they don't participate in meaningfully, and a combination of web apps, cross-platform toolkits (like Android, but also including Java, their own .NET, Qt and Chrome apps) and maturation of free/open source offerings are breaking their stranglehold on the rest.

Comment: Re:How about buying PGP? (Score 1) 24

by swillden (#47953343) Attached to: Dropbox and Google Want To Make Open Source Security Tools Easy To Use

It has a decent UI

Really? Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Yeah, it was a while ago and some things have improved, but most of the issues remain and I doubt another focus group study would find significantly different results.

The problem is that designing a UI that makes it easy for people who don't know anything about cryptography or security to achieve useful cryptographic security is really, really hard. Almost as hard as educating everyone about cryptography and security enough that they can achieve useful cryptographic security with PGP.

Comment: Re:If you believe this (Score 2) 126

by swillden (#47942305) Attached to: Next Android To Enable Local Encryption By Default Too, Says Google
Yep. Google addresses it internally by requiring two-factor auth and using Device Policy to enforce pasword, lock timeout, etc. requirements. Oh, and not letting Android devices on the corporate network, only on the partitioned guest network. It is a problem, no argument there.

Comment: Re:If you believe this (Score 1) 126

by swillden (#47942031) Attached to: Next Android To Enable Local Encryption By Default Too, Says Google
Yeah, Android's support for enterprise has been weak. That's been a pain point for Google's own enterprise security team, though it's not really surprising because Android has been focused on the consumer space. The "Android for Work" (announced at I/O) is fixing that.

Comment: Re:If you believe this (Score 3, Interesting) 126

by swillden (#47941611) Attached to: Next Android To Enable Local Encryption By Default Too, Says Google

I know everybody talks about encryption, but the word itself is just the tip of security. What's the key size? What's the algorithm?

It uses Linux dm_crypt. Here's the source code that configures it, and protects the dm_crypt master key: https://android.googlesource.c...

What data is encrpyted?

The /data partition, which holds everything which isn't part of the system image. An easy way to understand the distinction is to note that on unrooted Android devices everything but /data is mounted read-only. So any data that is stored after the device leaves the factory is in /data, and is therefore encrypted, unless it's written to removable media (SD card).

Most of the rest of your post is speculation assuming that Google is intensively mining everything backed up. I'm quite certain that's not true, but I probably shouldn't comment in more detail.

The only thing it will do is keep your private information out of the hands of someone who picked up your lost phone and decided to keep it (or sell it).

Yes, that's what device encryption is for.

(Disclaimer: I'm an Android security engineer. I'm speaking for myself, not for Google.)

There are running jobs. Why don't you go chase them?