Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Hmm (Score 1) 890

That's indeed the kind of ideas that is now floating around. I rank it in the category of Iraq coming to kill us all, with the same combination of inflating the threat and at the same time regarding the opponent as a pushover. I think Colin Powell has made some sensible comments on that. Russia is paranoid about us, about NATO. We scare them. They are a small power, we're a big one that is surrounding them more and more, and then sabre rattling is a sensible response.

That doesn't explain why they weren't rattling their sabers a few years ago. The Economist has a recent article that does offer an explanation that covers that as well The thesis is basically that domestic troubles caused by a weak economy have motivated Putin to seek ways to distract his people from domestic concerns. Specifically, he's tried to recapture the superpower position of the Soviet Union. He can't, really, because Russia isn't the Soviet Union. Without the central planning structure to force the massive overproduction of military resources, the Soviet Union wouldn't have been the Soviet Union, either.

But his people don't really realize this and, frankly, the rest of the world tends not to realize it much, either. So Putin can rattle his rusted and broken saber and the rest of the world reacts as though he was the mighty Soviet Union. Except... there is one area in which is military isn't so rusted or broken: nuclear weapons. Oh, his nuclear armament is aging and dilapidated, but it's still very real and Russia has the technological wherewithal to build highly functional nukes and missiles to carry them. Russia can't afford to build very many of them, but it doesn't really take all that many.

So, as it becomes more and more apparent that Putin doesn't really have the conventional forces to make the world treat Russia with the fear and respect that the Soviet Union got, he's almost certainly going to be making more and more use of the nuclear threat that the world can't ignore. And that will help to keep his people feeling like they're a major world power again, which will keep him in power.

Is this true? I don't know. Makes sense to me.

Comment Re:Am I missing something? (Score 1) 140

Hangouts used to have seamless SMS/Hangouts.

No, it was never seamless in the sense that iMessage is. The seams were harder to see, and that was exactly the problem that motivated the clear separation; the failure modes of the combined messaging were subtle, hard to understand and opaque to users. The upshot is that the combination made Hangouts messaging appear to be unreliable.

Actually, iMessage isn't really seamless either. It breaks badly if iMessage thinks the destination device is an iPhone but it isn't. It's very good in a pure-Apple world, though.

Comment Re:Am I missing something? (Score 1) 140

Hangouts does everything you describe. It's what I use all the time. It is seamless across my phone and table and my PC. And it is seamless across windows, linux and apple.

It is seamless between SMS and the internal delivery system, and the conversations are synced to my gmail account allowing me to search them.

I like Hangouts and use it constantly, both personally and for work (I work for Google, where it is arguably the primary means of communication), but it isn't quite as seamless as iMessage in one respect: SMS integration. In iMessage there is no distinction between SMS and iMessage messages; they're all just messages. If they can be delivered via Apple's infrastructure, they are, if not they're routed via SMS. With Hangouts, SMS and Hangouts chat messages are distinct. They look similar, but they're different in subtle ways.

Of course, Hangouts clearly is superior to iMessage if you or your friends use non-Apple devices, because Hangouts works on a much wider variety of platforms, and for those who understand the distinction it's *good* to know what is SMS and what is not, because SMS is inherently unreliable -- and in some parts of the world SMS is also ridiculously expensive while data is cheap.

So, although depending on your context Hangouts may be better than iMessage, it's definitely not as seamless in a pure-Apple world as iMessage is.

Comment Re:Halfway There (Score 1) 424

It's not "gun controllers bringing it up", it's manufacturers working on them. What do you have against manufacturers developing new products?

I have absolutely nothing against manufacturers developing new gun safety products and offering them on the market. The concern with these "smart" guns is that they'll be mandated by law. This has already happened in New Jersey. The 2002 Childproof Handgun Law says that three years after "smart" guns are available for sale in the US, all guns for sale in New Jersey must be "smart". The law doesn't require that the guns be in any way reliable or have obtained any significant market share, just that they've been available for sale. So if these actually make it to market people in NJ who want reliable guns are screwed. And if any other states, or Congress, passes a similar law, then all of us are screwed.

Actually, I'd have no problem with smart guns if they were really reliable. And there's a really simple reliability screening test we can use: offer them to military and law enforcement personnel. Cops in particular should see a lot of value in smart guns because cops occasionally get shot with their own guns. However, they also need their guns to be extremely reliable, and big departments and the FBI have the institutional resources and motivation to seriously test them. So, once the technology reaches a level where police are not only willing to use smart guns but actively want them then it's fine to mandate them for civilians.

Of course, thanks to the NJ law, civilians are going to fight like hell to keep these things off the shelves, which means that the years of refinement needed to make them reliable is never going to happen. Not in the US, anyway.

Comment Re:Account Recovery (Score 2) 105

Google no longer supports non-security questions for account recovery.

FTFY. Security questions are a joke. The answers are almost always easy for an attacker with a little bit of information about you to find, and a lot of the time the legitimate user can't remember them. Moreover, those two traits are strongly correlated: the harder it is for an attacker to find the answers, the more likely it is that the user won't be able to find them either.

Everyone should stop using them.

Comment Re:Reason (Score 1) 105

Google doesn't actually want your phone number for security. Google wants your phone number so that they can link the account in their database to other information that contains your phone number.

The number is to make account recovery possible in the event you've forgotten your password. The assumption is that attackers won't have access to your phone. That assumption is violated if your telco will transfer your number to the attacker's phone, of course.

If you prefer not to give your phone number to Google, don't. Just turn on two-factor auth using a non phone number-based auth method, either the Authenticator app or (better yet) a security key, or both. Then download and print out some backup 2FA codes and keep them somewhere safe. Google won't have your phone number and you won't be vulnerable to mistakes by dumb telco customer service reps.

Submission + - Wired says Google's Pixel is the best phone on the market

swillden writes: The reviews on Google's Pixel phones are coming in, and they're overwhelmingly positive. Most call them the best Android phones available, and at least one says they're the best phones available, period.

Wired's reviewer says he used to recommend the iPhone to people, but now he says "You should get a Pixel." The Verge, says "these are easily the best Android phones you can buy." The Wall Street Journal calls the Pixel "the Android iPhone you've been waiting for." ComputerWorld says "It's Android at its best."

AndroidPolice is more restrained, calling it "A very good phone by Google." The NY Times broke from the rest, saying "the Pixel is, relatively speaking, mediocre", but I'm a little skeptical of a reviewer who can't figure out how to use a rear-mounted fingerprint scanner without using both hands. It makes me wonder if he's actually held one.

Comment Re: Irony (Score 1) 90

They obviously know, but are legally forbidden from commenting.


I think people often forget that corporations are about the furthest thing possible from monolithic. It's entirely possible for one organization within a corporation to receive a request that is within its own ability and authority and to handle it without bothering to tell anyone else, or with only brief consultations with legal, who may not have kept any records. Given government secrecy requests/demands, that possibility grows even more likely. Further, corporations aren't static. They're constantly reorganized and even without reorgs people move around a lot, and even leave the company. There are some records of what people and organizations do, but they're usually scattered and almost never comprehensive.

It's entirely possible that they did something like this, that the system was installed and later removed, and that the only people who know about it have left the company or aren't speaking up because they were told at the time that they could never speak about it, and that the organization that was responsible for doing it and/or undoing it no longer even exists. It's possible that Yahoo's leadership's only option for finding out whether it happened is to scan old email to see if anyone discussed it via email (which may not have happened; see "government secrecy requests/demands") or to look in system configuration changleogs to find out if the system was ever deployed (and it may have been hidden under an innocuous-sounding name)... or to ask the government if the request was ever made.

Of course, my supposition here depends on a culture of cooperation with the government. I don't know if that existed at Yahoo. I think most of the major tech corporations at this point have a strong bias towards NON-cooperation, which would cause any request like this to go immediately to legal who would immediately notify the relevant C-level execs. But I have worked for corporations where the scenario I describe is totally plausible.

Comment Re:Warrant canary (Score 1) 22

I was expecting a Warrant canary. e.g. something to say they have not yet been been given secret orders by the NSA/CIA to install a backdoor for spying on users.

Like Apple used to have. Is there some reason Google cannot do that?

I think their absence of an existing Warrant Canary speaks volumes. (That is - they've already been issued such an order or warrant.)

Google's head lawyer, David Drummond, has explicitly said that Google has done no such thing. Of course, if the government could order him to lie, then that doesn't mean anything. But if the government could order corporations to lie, then it could order them to publish a false warrant canary statement.

Comment Re: I hope Apple Pay will die (Score 1) 284

I'm sorry but that's just not true. The two systems are vastly different in implementation. Google are acting as a financial intermediary for every transaction through use of a "virtual credit card" which is what is on your phone and what the vendors see (they never see your actual cards as they are only on Google'a servers). As a result, Google have access and knowledge of every detail of every transaction you make using their system. This aligns with their panopticon business model. By effectively acting as a middleman financial institution they don't need any agreement with banks etc. Every transaction you make actually becomes two 1. Google pays vendor, 2. Google charges your bank.

Your information is out of date.

What you say was the mechanism that Google Wallet used, in its second version. The evolution of Google's NFC payment system went as follows:

1. The initial release used a secure element (essentially a smart card chip) and installed your actual credit card information in the SE, using the standardized EMV solution straight up. (EMV is EuroPay/Mastercard/Visa, a consortium that creates payment standards). Initially only Chase cards were supported because this approach requires support from the issuer.

In this version Google was not a middleman.

2. Due to banks being very slow to get on board with SE-based NFC payments, and due to lots of opposition from carriers (who wanted to become the new payments infrastructure, see ISIS/SoftPay), Google abandoned the SE-based solution and invented something called Host Card Emulation (HCE). In this model, your actual credit card information was kept off the phone entirely, stored only in Google's servers. A proxy card was used to make payments at the point of sale, using pre-computed single-use cryptographic tokens computed on the server and stored on the phone. The proxy card allowed Google Wallet to support any and all credit and debit cards -- in theory any payment mechanism that Google's back-end payment infrastructure could support.

In this version Google acted as a middleman, as you say.

3. AndroidPay deployed after ApplePay and uses a payment architecture very similar to ApplePay, called "network tokenization". The idea is that the interchange networks can produce cryptographic credentials which can be validated by the network, which then passes the validated transaction back to the card issuer. This means that the issuing banks have dramatically less work to do to support NFC payments than in the original EMV-specified model (the one used by Google Wallet). Network tokenization was under development when Google Pay deployed initially, but far from ready to go. Apple waited until it was before launching, and as soon as it was available Google shifted to it as well. They still work somewhat differently, in that Apple uses long-lived multi-use tokens stored in the secure enclave, while Google uses short-lived, single-use tokens stored in Android, and encrypted with a key kept only in RAM and re-downloaded after each reboot.

In this version Google is no longer a middleman.

I expect that a future iteration of AndroidPay will shift to using tokens stored in the Trusted Execution Environment (TEE), discarding the RAM-only key, but that will have to wait until all of the devices using AndroidPay have the TEE with the necessary software.

Submission + - Google Says Black, Hispanic Children Like CS 1.5x-1.7x More Than White Kids 2

theodp writes: Based on a sample of interviews with 1,672 students in grades 7-12, Google says its research with Gallup shows that "Black and Hispanic students are more likely than their white counterparts to be interested in learning CS". In fact, Google says it found "Black students are 1.5 times and Hispanic students are 1.7 times as likely as white students to be interested in learning CS." In response, Google has joined Microsoft, Apple, Amazon, and others to call for more K-12 CS cowbell. A just-released K–12 Computer Science Framework (pdf, 339 pgs.), which cites some of the same Google & Gallup reports President Obama drew factoids from ("Nine out of ten parents want it [CS] taught at their children’s schools") to justify his $4.2B CS For All budget request, even calls for "pair programming" lessons for the pre-Kindergartner set. "At the pre-K level," reads a chapter on Computer Science in Early Childhood Education, teachers can help facilitate pair programming among two children with the same "My turn"/"Your turn" flashcards to designate driver/navigator roles as well as encourage children to engage in collaboration and communication skills to foster peer-to-peer scaffolding. Educators can provide more support and scaffolding by engaging in child/teacher pair programming."

Comment Re:It's actually worse than you think (Score 1) 65

On the other hand, I agree that there needs to be a rule requiring officers to turn the cameras on -- but I don't think that arrests without the camera on should be invalid. Police have been making valid arrests without cameras for a long time.

Over time, that may take care of itself. When judges and juries become accustomed to always having footage of the arrest, often from multiple angles, they may begin to consciously or unconsciously discount the officer's statements if not supported by video evidence.

Also, unless they have a very specific reason to turn it off, most cops will realize they're better off having it on because the fact that they're not recording doesn't mean someone *else* isn't, and that someone else may well produce carefully selected out-of-context footage that shows the officer in a bad light. In various articles I've read from around the US, police on the street are overwhelmingly in favor of body cameras. They feel like the cameras do more to protect them than to harm them.

Comment Re:Who would have thought? (Score 1) 61

I know of several times that the US govt paid for data, but the data wasn't exactly private data, and the purchase wasn't secret. They may also have done it with private data, or have kept their purchase secret, but I don't know about those cases. And it may well depend on which arm of the federal government you are dealing with.

What, you mean like above-board purchase of GIS mapping data or such? What we're talking about is purchase of information about people that would normally require a court order to compel. There's a common belief that companies have been selling user data to government agencies as a secret profit center, but I can't find any example. We know that telcos were giving them huge amounts of data, but there doesn't seem to have been any fee for it.

Comment Re:What happens, when a gag order is violated? (Score 1) 61

Third, it's safe to assume Google tracks revisions to their pages, so yes, they would soon know who made the 'mistake'. Also, a letter like this should be shared with extremely few people within the company, so it shouldn't be hard to follow the chain until suspicious activity is found. Punishment for this sort of mishandling would be limited to a fine, however, so the FBI would go after Google's deep pockets rather than try to pin the crime on an individual. The employee should be safe from criminal charges, though not, presumably, from Google discipline.

Also, it's very likely that the set of people with access to the letter and the set of people with access to the systems to publish the letter are disjoint.

Slashdot Top Deals

If A = B and B = C, then A = C, except where void or prohibited by law. -- Roy Santoro