Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Entitled much? (Score 1) 387

"I don't need my phone on mass transit, so nobody else should be allowed to use theirs."

Nice try. Explain to me what vital need you have for your phone while riding the bus that cannot abide a few minute wait. Then explain to me how your right to post to Twitter or Facebook or make calls while in transit is a civil right more important to society than the lives of several thousand people every year. Frankly I'm not feeling a lot of sympathy for people who have such a sense of entitlement that they cannot delay gratification on non-vital communication for a few minutes for the safety of others.

Furthermore there are technical solutions to the bus rider problem. Put wifi on the bus and use that for example. Poof, problem solved.

Comment False premise and false equivalence (Score 1) 387

You could save more lives by banning unhealthy junk food (Roughly as many people died of diabetes as traffic fatalities last year) and a whole load of other things.

False equivalence. Eating badly only kills you. Distracted driving risks the lives of other people. If you want to slowly kill yourself with a bad diet or drug habit go ahead. But when your actions start to threaten others then absolutely the state should intervene. That's the whole point of a government and to solve problems that we cannot solve ourselves.

I reject your premise that people's fears have any worth in determining rules.

False premise again. What fears? Distracted driving is proven to cause thousands of unnecessary and preventable deaths every single year. All because people aren't willing to delay gratification on their entertainment for a few minutes.

If people are afraid of terrorists attacking shopping malls, should we put TSA stations up at every entrance point?

Oh I get it. You want to get all hyperbolic with absurdities rather than actually point out a better solution. What is your solution to distracted driving? Or maybe you think it is fine. Is your argument is that your right to send/receive text messages while driving is more valuable to our society than the lives of several thousand people and injuries to tens of thousands?

Comment Mitrokhin referred to this... (Score 0) 606

To his credit, MLK rejected the Soviet funds and refused to work with them, but others in the black activist (ok, terrorist...we're talking the Black Panthers here) were all too willing to take the funds and materiel.

The Soviets had the view that the Achilles heel of the US was black vs white enmity, and have funded it carefully for many years now.

Mitrokhin, "Secret History of the KGB". Great story how he got out of Russia and how he compiled the archive while working at the KGB.

Comment Re:Biases truth (Score 0) 244

You're avoiding the reality that the unions were a short term cudgel until progressive-era laws were put into place to prevent the abuses you refer to. Once political power was in the hands of a Teddy Roosevelt, let's say, or his nephew, things changed rapidly. In the Gilded Age, sure, a union was your best bet, but that hasn't been for almost 100 years now. In the meantime, unions do kill businesses and they restrain trade, to the detriment of workers who would otherwise be productive, but have to take employment at below the maximal wage that would be available had not everything but the service jobs fled overseas.

As for steel - it should be clear enough that if the steel workers unions were interested in the well being of their workers, they'd figure out a way to cooperate with the management to maximize employment for the longest period possible. That isn't what happened, in practice. Basically, management would keep fighting with the unions until they took a decision to close a plant, which tended to end the labor difficulties in one fell swoop. The decision was often driven by such factors. I don't blame the workers, but I do blame the false idea that collective bargaining is necessarily good for workers. That's just bogus.

Comment Re:Two Options: (Score 1) 338

1) change your possibly useful feature to include the ability to turn it off, modify the icon, allow customization. 2) Demand, outraged, it be removed.

Guess which one prevailed.

You don't know which one prevailed. My guess is that it will be #1.

Google teams generally operate on a very rapid release cycle, many with weekly releases. How do you develop a feature that takes several weeks (or months!) when your team releases weekly? What you don't do is branch the code and work on your branch for a long time, either constantly rebasing or trying to do a big merge at the end. That way lies madness. And bugs. Lots and lots of bugs.

Instead, you flag-protect your feature. As much as possible you put your new code into the regularly-exercised paths, so it gets run by automated tests, manual QA and real users, but without actually activating the new functionality. The part that you can't allow to be run, because your feature isn't ready yet, you protect with a flag that defaults to off. You can easily flip it on for your own development testing. When you get far enough along, you can flip it on for a bunch of internal users ("dogfooders").

When it's finally ready to go, you flip the flag for all users. If there are tens of millions of them, you also flip the flag progressively, first for 1%, then wait to see if anything breaks, then progressively greater percentages until you get to 100.

Now... with that in mind, if your feature provokes howls of outrage, what do you do? It's utterly obvious: you flip the flag back off for everyone, to silence the outrage while you figure out the next step.

In this case, I suspect that the next step will be to add a control to the settings interface. That sounds like an easy task, but don't forget that you have to run a gauntlet of UX people focused on keeping the software as simple and intuitive as possible, and a gauntlet of QA people who point out that every boolean option you add doubles their test burden, not to mention internationalization and host of other things. Adding a switch to an app used by a billion people isn't easy. But my guess is that it might make enough sense to do it, so in a few weeks we'll see the feature come back, turned off by default.

Or maybe they'll decide that the clutter and testing burden are too much and just kill it. Could go either way.

But, whatever, it's blindingly obvious that step #1 is to un-flip the damned flag and stop the whining while you figure out what to do next.

Comment Re:Fragmentation is not a good thing (Score 3, Interesting) 77

Google could put an end to it by simply not allowing it in the license agreement.

No, they really couldn't. Google has to walk a fine line, especially with Samsung, but with several of the major players. Push too hard and they're perfectly capable of pulling an Amazon... but far more likely to be successful. Even the smaller players could potentially band together, or make a deal with Amazon.

You think Android fragmentation is bad now? It's nothing compared to what we'd have if Google pushed too hard and lost control. Eventually it would re-consolidate, I think, though probably not entirely. In the short term it would be a mess.

Of course, more than a handful of features have made their way from vendor overlays into vanilla Android, and I'm not sure Google would have considered those features for inclusion had they not been proven beforehand, so maybe there's some benefit to the current system.

This is true.

most of what Google adds to Android isn't originating from within Google.

This is not true. Google does pick up a lot of ideas from other OEMs, but it's definitely not the majority.

Perhaps, at the very least, Google should require vendors to submit any proprietary drivers so that Google can release vanilla builds for every device

Treble is a better approach, I think. The idea is to provide a standard hardware interface that is tested and validated, both with a set of low level tests (the Vendor Test Suite) and by flashing a vanilla AOSP system image and running the app-level API tests (the Compliance Test Suite). So Google doesn't have to release vanilla builds, you (or your favorite community) can just build your own -- assuming, of course, that you can unlock your device's bootloader.

Comment Re:Wow, great. (Score 3, Informative) 77

Replaceable battery? Rugged/IP68? SD card slot? Headphone jack?

There are phones on the market that have all of those things. You should buy one of them.

You know.. things that actually matter?

You know those phones I mentioned above? You should check the sales figures on them. The features you mention are important to you -- and that's fine, you should buy what serves your needs, and the great thing about Android is that you have lots of choice -- but they apparently aren't important to most people. You're trying to claim that they are, but objective evidence clearly indicates that you're wrong.

Comment Re:Open BSD Linux ... WTF (Score 1) 132

The alternative is "Hey I found a flaw in your OS six months ago and told shittons of other people about it. I'm publishing it tomorrow. I didn't tell you earlier because you don't honor embargoes."

Only not if five months beforehand, Theo already issues a patch without having been on the original distribution list, via a thumb-sized hole in the shitton dike.

He can't be the only security professional out there convinced to his very marrow that six months is a total crock.

Six months is long, but probably a good idea in this case, because a lot of affected systems are hard to patch.

But regardless of what you think of the duration, violating embargoes is a very good way to get actively excluded from notification.

Comment Re:They did? (Score 1) 197

compromising my email would probably net a clever attacker access to that money.

This made me do a quick mental inventory -- I don't think I have any emails that would give attackers enough information to drain my accounts -- but my email archives go back nearly two decades, so I can't be sure.

It's not so much about your archives. Old emails are very useful for social engineering -- and looking for "security question" answers -- but the real benefit is that your online accounts generally use your email as proof of identity for password reset.

I should disclose, though, that I've been working in computer security (with an emphasis on network security) for years now, an so I'm more cautious -- or paranoid, if you prefer -- and capable than the average user.

I've been doing security consulting and engineering for 20+ years, and I ran my own mail server -- with a highly paranoid configuration -- for most of that time. After I joined Google and got a look at how Gmail security is set up, I moved my archives into Gmail and not only do I no longer have to put all that time into it, but I'm quite confident that my email is more secure than I could make it. Oh, and far better spam filtering. I suspect it's much better defended against legal process, too.

My email does get scanned to target advertising to me, but I don't care about that.

Comment Re:They did? (Score 1) 197

Also true, but not as important. If people have gained access to my home, the security of my email is perhaps the least of my security problems.

Maybe... looking only at money, I have a lot more of it in my bank and brokerage accounts than is in movable form in my house (the house itself is worth more, but hard to steal), and compromising my email would probably net a clever attacker access to that money. I should mention that my personal email account is on a personal domain hosted by Google, i.e. Gmail. I use hardware tokens for authentication most of the time, though I do also have the Authenticator app set up. SMS auth is turned *off*.

Regarding personal safety, I agree that if someone is in my house I have much bigger worries than email security. Though I generally have a gun in my pocket.

Although it would still be a pain (but certainly possible) to subvert. My basic assumption with my security measures is that all machines and networks, inside and out, are already subverted -- so I don't trust anything just because it's sitting on my side of the firewall.

Very good assumption! With constant scrutiny you can minimize that risk, but that's really not practical without a large, dedicated security team. Which, as it happens, Google has :P

Comment Re:Also breaking (Score 0) 197

Exactly. Google is allegedly making it safer by keeping everyone from reading it - except themselves, of course.


You're not thinking this through. Okay, I get that you don't like targeted advertising, and if you use Gmail you are accepting, even embracing, that particular risk. And maybe you don't like that government agencies with proper paperwork can force Google (or any other email provider in the relevant jurisdiction) to hand over your data. But your statement is making about a hundred separate false equivalencies.

An identity thief that hacks your primary email has a good shot at being able to reset your password and gain access to all of your bank accounts, your social media accounts, recover huge amounts of information to enable social engineering attacks against pretty much every organization you do business with, etc. If you're a businessman who uses email to do negotiations with customers or suppliers, or if you're a CEO of a publicly-traded company who uses email to negotiate acquisitions or discuss sensitive internal information, your email account is a treasure trove of exploitable data for insider trading or corporate espionage. If you're a political candidate running for preside... okay, let's not go there.

You get the point. If you have important stuff in your email... and the higher-profile, wealthier, more powerful, etc. you are the more likely it is that you do, there are lots of Very Bad things that people could do if they could get into your email account. For as much as you dislike Google and government agencies, they're not going to do any of those things. Google will show you ads. Government agencies may prosecute you for crimes (which is pretty scary, but there are a lot of other constraints on that).

It's perfectly conceivable that someone could be totally okay with Google seeing their email, and yet still feel the need to secure it from the world at large, and that is what this new authentication option does (to be very precise, this isn't a new authentication option, it's a new option to restrict allowable authentication modes to use only the most secure).

Comment Re:They did? (Score 1) 197

What difference does it make that Google encrypts data in-house?

It helps to ensure that in the event that Google is hacked, your email is not leaked.

Google is doing its users a disservice by making any claims that they can "secure" a fundamentally insecure messaging system.

Google is making no claims about making email "secure" as a system (note that the word "secure" is meaningless without a specified threat model; email can be very well-secured against some sorts of attacks and not at all against others), only about making it much harder for anyone to break into your email account.

Comment Re:Hoops (Score 1) 197

Too bad that Google openly brags about providing (AKA selling) this so called "encrypted" information.

Google does not sell user data.

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

That just says that Google outsources some data processing, but requires the organizations that do it to comply with all of the Google policies.

Slashdot Top Deals

It was pity stayed his hand. "Pity I don't have any more bullets," thought Frito. -- _Bored_of_the_Rings_, a Harvard Lampoon parody of Tolkein