Forgot your password?
typodupeerror

Comment: Re:and so? (Score 1) 36

by swillden (#48203575) Attached to: Google Leads $542m Funding Round For Augmented Reality Wearables Company

why dont you explain? if it is lol funny then you should be able to say why

Sergey Brin, director of X projects at Google and co-founder of the company, has a strong anti-authoritarian and anti-military streak. The idea that he'd invest himself so deeply into a project focused on military applications is laugh-out-loud funny.

Comment: Re:I'm betting on balloons (Score 4, Informative) 92

by swillden (#48201627) Attached to: Internet Broadband Through High-altitude Drones

Have you ever seen a hurricane or a tropical storm? It means the Internet will be down during these critical events when it is often most needed. That is the reason they are talking about 13 miles altitude drones and not just zeppelins. The altitude record for a zeppelin is 7.6 km or 4.7 miles. Large hurricanes can reach an altitude of 50 000 feet or 9.5 miles or 15.25 km. Zeppelins couldn't clear a large hurricane.

The balloons Google is experimenting with do reach the stratosphere. 20 km altitude.

Comment: Re:Where is the NFC 2-factor? (Score 1) 119

by swillden (#48201227) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

The ownership thing can be mildly obnoxious. It's fairly standard practice at Google to click the checkbox to allow all attendees to edit a meeting. Even without that, though, it's always possible to make the change on your own copy; no one else will see the change if they look, but you can add someone (or a room), and the meeting will be added to the appropriate person/room calendar. Maybe Google Calendar works a little differently externally... I wouldn't think that part would be different.

Doesn't the Chromebox offer you the ability to type in a meeting name? That's another option on the internal system. We just go to the other room and manually enter the meeting name. Actually this was a problem a couple of years ago, but refreshes have gotten fast enough I haven't had to do that for a while, except when no one added a Hangout to begin with and we just have to make one up on the fly. Then we pick a name send it to everyone via chat or whatever, and type it into the room controller.

As for getting the other room booked, that's easy. Just make a calendar appointment and put the room on it. Fast.

Comment: Re:I'm still waiting... (Score 1) 155

by swillden (#48199813) Attached to: Cell Transplant Allows Paralyzed Man To Walk

We keep statistics, yes, but only in the context of criminal law.

To study, say, gun ownership as a matter of public health, as a risk factor for overall mortality, is illegal(with public funds).

Cite?

It seems to me that the main obstacle to such studies is detailed information on gun ownership, because mortality information is readily available, and not just from law enforcement. The CDC tracks it closely.

In any case, I'd love to see this research done... though I suspect that I anticipate a different result than you expect.

Comment: Re:Wait, wait, trying to keep up (Score 1) 710

by swillden (#48199585) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

They're both. Just like men.

Ah, the old "If I can say it in a grammatically correct sentence, it must be true!!" fallacy.

No. They can't be both, because the groups OP defined are mutually exclusive. Men can't be both either.

Nonsense. Even individuals aren't only one thing. They're different things at different times and in different contexts. Further, you're talking about two large groups of people; there's clearly a lot of variation among them.

Why would you think that women should fit neatly into one bucket or another?

To state the obvious, because some buckets are neatly defined. For instance, a woman can only fit into at most one of these buckets: "Likes math" or "Hates math." (They could be in neither of those buckets.)

You're a little bit closer in recognizing that women aren't all the same. Congratulations! But you're still wrong. A given woman can like some kinds of math but not others, can like math during some parts of her life but not others, can even like math in some moods but not others.

Comment: Re:Where is the NFC 2-factor? (Score 1) 119

by swillden (#48199561) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

I don't see how fumbling around with USB sticks is much better.

I use a YubKey NEO-n. It's a tiny device, only extends from the USB port by a millimeter or so... just enough that you can touch it to activate it. I just leave it plugged into my laptop all the time, so there's no "fumbling with USB sticks", I just run my finger along the side of the laptop until it hits the key. It's extremely convenient.

Doesn't leaving the device plugged into your laptop all the time defeat the purpose of two-factor authentication? If someone steals your laptop they have your key now, same is if you left your one-time pad as a text document on the desktop.

I addressed this in the paragraph below the one you quoted, and a bit more in the paragraph after that.

Comment: Re:How does it secure against spoofing? (Score 1) 119

by swillden (#48199163) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

The second channel will not secure a compromised channel, but it will make it easier to detect it.

Oh, you're talking about a completely separate channel, with no joining to the primary channel? That creates its own set of problems... when the user authorizes a login, how do we bind that authorization to the login the user is attempting, rather than a login from some other location? Without a join (e.g. entering OTP from second channel into primary channel, or vice versa), the attacker just has to figure out when the user is logging in, and beat them.

There is very little you can do to combat malware infections unless you are willing to use a second channel.

I maintain that a second channel doesn't really help, either as defense or for detection, and you haven't suggested any way that it might.

At some point in the communication the data is vulnerable to modifiction, no matter how well you try to shield it. It resides in memory, unencrypted, at some point in time.

In the case of a security key no, it does not. Not in the memory of the PC. The PC and browser are merely a conduit for an authentication process that occurs between security key and server. It's actually pretty reasonable to characterize this as a second, virtual channel. It's MITM-resistant; an attacker can block the messages but can't fake, modify or replay them without failing the auth. It is also bound to the primary channel, though that binding is admittedly dependent on the PC being uncompromised. But if the PC is compromised to the level that the attacker can cause the auth plugin to lie to the security key then there is no hope of achieving any security. A separate channel definitely wouldn't help.

And it's heaps easier to do if the interface used is a browser.

Sure. But the goal is to create as much security as possible within the context of what people actually use. Theorizing about some completely different approach that no one would use is entertaining but pointless.

Comment: Re:Wait, wait, trying to keep up (Score 0) 710

by swillden (#48198973) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

...so today are women ndividuals who can do anything men can do and are perfectly capable of functioning in modern society to wit, choosing the career path that they want to follow out of interest, talent, and education?

Or are they intimidatable, wilting violets incapable of exercising free will, intimidated by the faintest approbation, and unable to choose a career because some shitty 1980s movies didn't ACTUALLY show "girls doing data entry"?

I'm just trying to keep track here. I need to know if I should treat them like plain old people, or tread delicately around their fragile sensibilities?

They're both. Just like men.

Why would you think that women should fit neatly into one bucket or another?

Comment: Re:Toys vs tools (Score 2) 710

by swillden (#48198943) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

When computers were viewed as toys, it was acceptable for girls to have them. Once they became tools, however, they were only for boys.

Then explain why a high percentage of programmers were women back when the only computers that existed filled rooms, cost millions of dollars and were clearly anything but toys, but once microcomputers were widely available in homes and used for playing games as much as anything, the percentage of women began to decline.

I think you may have the right concept, but with the genders reversed.

Comment: Re:Where is the NFC 2-factor? (Score 1) 119

by swillden (#48198359) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options
Can you elaborate on what the problems are? You described having a PC in each room... so I don't see what's difficult about uninviting one and inviting another when moving. As for the other things you mentioned... do you think there's no need at Google to find a free room at short notice, or move hurriedly from one room to another? Actually, of late at Google in Mountain View there is no finding a room at short notice or moving hurriedly... because if you didn't grab that room days in advance it's just not available. But the buildings haven't always been so overcrowded and soon won't be again.

Comment: Re:How does it secure against spoofing? (Score 1) 119

by swillden (#48197891) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

What keeps me (or my malware, respectively) from opening a google page in the background (i.e. not visible to the user by not rendering it but making Chrome consider it "open") and fool the dongle into recognizing it and the user into pressing the a-ok button?

For one thing, if the tab with the malware-loaded page isn't on top, Chrome won't allow it to talk to the dongle. If there is some way to render a page that is not visible to the user but which Chrome considers sufficiently "open", that's a Chrome bug which should be fixed.

A machine that is compromised is no longer your machine. If you want two factor, use two channels. There is no way to secure a single channel with two factors sensibly.

You should have stopped after the first sentence, because two channels doesn't help. If the machine you're using is compromised, it's no longer your machine, period. This is true regardless of the authentication method being used. That said, some authentication methods are susceptible to replay attacks... if I can compromise your machine and grab your credentials then I can log in as you from my machine. Security keys make that sort of attack very difficult, much harder than, for example, an out-of-band one-time-password. In that case, I just have to make sure I use the one-time password before you do, grabbing and submitting it before you click "Go". With a cryptographic challenge response protocol performed by a security key that's more difficult, because a secure channel is established between the authentication server (at Google) and the security key. It's still not impossible, but it's much harder.

I am the wandering glitch -- catch me if you can.

Working...