Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Account Recovery (Score 2) 91

Google no longer supports non-security questions for account recovery.

FTFY. Security questions are a joke. The answers are almost always easy for an attacker with a little bit of information about you to find, and a lot of the time the legitimate user can't remember them. Moreover, those two traits are strongly correlated: the harder it is for an attacker to find the answers, the more likely it is that the user won't be able to find them either.

Everyone should stop using them.

Comment Re:Reason (Score 1) 91

Google doesn't actually want your phone number for security. Google wants your phone number so that they can link the account in their database to other information that contains your phone number.

The number is to make account recovery possible in the event you've forgotten your password. The assumption is that attackers won't have access to your phone. That assumption is violated if your telco will transfer your number to the attacker's phone, of course.

If you prefer not to give your phone number to Google, don't. Just turn on two-factor auth using a non phone number-based auth method, either the Authenticator app or (better yet) a security key, or both. Then download and print out some backup 2FA codes and keep them somewhere safe. Google won't have your phone number and you won't be vulnerable to mistakes by dumb telco customer service reps.

Comment Re:Is that all (Score 1) 467

It's inevitable that a certain fraction of people go off the deep edge. People are irrational, even (or perhaps mostly) people who are convinced they are entirely rational. Rationality is a fragile thing because emotion and confirmation bias are deeply woven into everyone's thinking.

For normal people are few more powerful emotional impulses than the urge to protect children. It should hardly be surprising that children come to harm from it.

Submission + - Wired says Google's Pixel is the best phone on the market

swillden writes: The reviews on Google's Pixel phones are coming in, and they're overwhelmingly positive. Most call them the best Android phones available, and at least one says they're the best phones available, period.

Wired's reviewer says he used to recommend the iPhone to people, but now he says "You should get a Pixel." The Verge, says "these are easily the best Android phones you can buy." The Wall Street Journal calls the Pixel "the Android iPhone you've been waiting for." ComputerWorld says "It's Android at its best."

AndroidPolice is more restrained, calling it "A very good phone by Google." The NY Times broke from the rest, saying "the Pixel is, relatively speaking, mediocre", but I'm a little skeptical of a reviewer who can't figure out how to use a rear-mounted fingerprint scanner without using both hands. It makes me wonder if he's actually held one.

Comment Re:DCMA Fair Use / Parody (Score 1) 213

Ah, but is it a parody of the copyrighted elements? That's the tack I'd take if I were Samsung's lawyer: this is not parodying Samsung's IP, it is quoting Samsung's IP in a literal, non-transformative way that is not actually parody.

Of course in my heart I'd hope to lose, but that argument is no more ridiculous than many others that have become established case law. Issues like privacy and IP are where fundamental values we have as a society cut against each other and generate innumerable weird corner cases.

Comment Re:So it appears . . . (Score 1) 176

It's not just how hard you check, but how incisively. It's easy to satisfy yourself that software's anticipated failure modes won't happen. What's tough is discovering ways of screwing up that have never happened before.

That's why there's no substitute for experience. This gets back to the very roots of rocket science: the path to success passes through many, many failures.

Comment Re: Irony (Score 1) 85

They obviously know, but are legally forbidden from commenting.


I think people often forget that corporations are about the furthest thing possible from monolithic. It's entirely possible for one organization within a corporation to receive a request that is within its own ability and authority and to handle it without bothering to tell anyone else, or with only brief consultations with legal, who may not have kept any records. Given government secrecy requests/demands, that possibility grows even more likely. Further, corporations aren't static. They're constantly reorganized and even without reorgs people move around a lot, and even leave the company. There are some records of what people and organizations do, but they're usually scattered and almost never comprehensive.

It's entirely possible that they did something like this, that the system was installed and later removed, and that the only people who know about it have left the company or aren't speaking up because they were told at the time that they could never speak about it, and that the organization that was responsible for doing it and/or undoing it no longer even exists. It's possible that Yahoo's leadership's only option for finding out whether it happened is to scan old email to see if anyone discussed it via email (which may not have happened; see "government secrecy requests/demands") or to look in system configuration changleogs to find out if the system was ever deployed (and it may have been hidden under an innocuous-sounding name)... or to ask the government if the request was ever made.

Of course, my supposition here depends on a culture of cooperation with the government. I don't know if that existed at Yahoo. I think most of the major tech corporations at this point have a strong bias towards NON-cooperation, which would cause any request like this to go immediately to legal who would immediately notify the relevant C-level execs. But I have worked for corporations where the scenario I describe is totally plausible.

Comment Re:Not to Sound iIke a Snowflake... (Score 4, Insightful) 226

It's not only that. The problem with most theories of eugenics is that they draw from experience with agricultural breeding of domesticated species. Humans are not domesticated; we're a wild species with massive genetic diversity compared to, say, purebred Arabian horses.

This means that with us sexual reproduction still does what it is supposed to do: generate genetic diversity in offspring. Look at large families. You get some who are tall and some who are short; some who have Grandpa Joe's nose and others that have Grandpa John's jaw, others who get both or neither. Even with litter of pedigreed puppies you'll get one total loser and if you're lucky one champion; and pedigreed dog litters are much more alike than any set of human siblings. And that's just physical traits; in terms of interests, talents, and success there is massive variability among siblings, although there is some correlation, in part due to economic circumstances, upbringing and education.

Nature works this way because variability is good for the species, and that variability comes from combinations of genes being shuffled. Add to that the massive behavioral plasticity of our gigantic brains, and the idea that you can sample some of, say, Steve Jobs DNA for successful CEO markers is ludicrous. If you'd raised Jobs in a different family and sent him to a different set of schools, and didn't get him luck out by ending up close friends with Woz, then while he may well have been quite successful in some other way, he wouldn't have been the Steve Jobs we knew.

Of course, willingness to go along with the DNA test is a good test for one phenotypical trait: the willingness to put up with pseudo-scientific baloney.

Comment Re:Warrant canary (Score 1) 22

I was expecting a Warrant canary. e.g. something to say they have not yet been been given secret orders by the NSA/CIA to install a backdoor for spying on users.

Like Apple used to have. Is there some reason Google cannot do that?

I think their absence of an existing Warrant Canary speaks volumes. (That is - they've already been issued such an order or warrant.)

Google's head lawyer, David Drummond, has explicitly said that Google has done no such thing. Of course, if the government could order him to lie, then that doesn't mean anything. But if the government could order corporations to lie, then it could order them to publish a false warrant canary statement.

Comment Re:Here's the full menu (Score 1) 171

People who don't believe that VP picks have always been analyzed this way are naive. Lincoln picked Andrew Johnson because Johnson was from a border state (Tennessee) that could go either way. The primary goal of a VP pick is to help you win. Everything else is secondary.

The VP pick is all about picking up votes from electorate segments you might not otherwise get (Palin/women), or solidifying shaky part of your coalition (Biden/labor and left), or being young when you are old or vice versa (Quayle). Coming from a swing state or an adjacent state with major media market overlap (Edwards, Ryan, Pence, Kaine) puts you on the inside track. Naturally, sometimes those calculations go hilariously wrong.

It's safe to say that almost nobody ever picks the person they think would be the best president as their running mate; it's ways the person who would be the best running mate. The last time I think that anyone picked someone on the basis that they'd be the best president was when Bob Dole picked Jack Kemp -- who wouldn't be my choice for President, but I'm pretty sure he'd have been Dole's.

Comment Re: I hope Apple Pay will die (Score 1) 283

I'm sorry but that's just not true. The two systems are vastly different in implementation. Google are acting as a financial intermediary for every transaction through use of a "virtual credit card" which is what is on your phone and what the vendors see (they never see your actual cards as they are only on Google'a servers). As a result, Google have access and knowledge of every detail of every transaction you make using their system. This aligns with their panopticon business model. By effectively acting as a middleman financial institution they don't need any agreement with banks etc. Every transaction you make actually becomes two 1. Google pays vendor, 2. Google charges your bank.

Your information is out of date.

What you say was the mechanism that Google Wallet used, in its second version. The evolution of Google's NFC payment system went as follows:

1. The initial release used a secure element (essentially a smart card chip) and installed your actual credit card information in the SE, using the standardized EMV solution straight up. (EMV is EuroPay/Mastercard/Visa, a consortium that creates payment standards). Initially only Chase cards were supported because this approach requires support from the issuer.

In this version Google was not a middleman.

2. Due to banks being very slow to get on board with SE-based NFC payments, and due to lots of opposition from carriers (who wanted to become the new payments infrastructure, see ISIS/SoftPay), Google abandoned the SE-based solution and invented something called Host Card Emulation (HCE). In this model, your actual credit card information was kept off the phone entirely, stored only in Google's servers. A proxy card was used to make payments at the point of sale, using pre-computed single-use cryptographic tokens computed on the server and stored on the phone. The proxy card allowed Google Wallet to support any and all credit and debit cards -- in theory any payment mechanism that Google's back-end payment infrastructure could support.

In this version Google acted as a middleman, as you say.

3. AndroidPay deployed after ApplePay and uses a payment architecture very similar to ApplePay, called "network tokenization". The idea is that the interchange networks can produce cryptographic credentials which can be validated by the network, which then passes the validated transaction back to the card issuer. This means that the issuing banks have dramatically less work to do to support NFC payments than in the original EMV-specified model (the one used by Google Wallet). Network tokenization was under development when Google Pay deployed initially, but far from ready to go. Apple waited until it was before launching, and as soon as it was available Google shifted to it as well. They still work somewhat differently, in that Apple uses long-lived multi-use tokens stored in the secure enclave, while Google uses short-lived, single-use tokens stored in Android, and encrypted with a key kept only in RAM and re-downloaded after each reboot.

In this version Google is no longer a middleman.

I expect that a future iteration of AndroidPay will shift to using tokens stored in the Trusted Execution Environment (TEE), discarding the RAM-only key, but that will have to wait until all of the devices using AndroidPay have the TEE with the necessary software.

Comment Re: Hilarious (Score 2) 185

When you have a tablet, you can do things like punch in what defense the other team just used to provide statistical analysis of what the next best play is, or what kind of defense to run if your opponent is doing X often.

I'm guessing this is another case of a solution in search of a problem.

The reason this happens is that as a technologist faced with helping someone solve a problem you have no choice but to imagine what you would need to do that person's job. But if you want to have a better than random chance at success, you have to really understand the people who will use the system and what they would need.

I'm guessing Belichick of all people doesn't need a computer to give him a statistical analysis of what the best next play is or how to set up his defense -- although you or I sure as hell would. What sets Belichick apart from all the other ruthless, unprincipled, hyper-competitive control-freak coaches is that he's a smart bastard who is obsessive about research. If I had to take a wild stab at what kind of technical aids he needs during a game, the broad theme would be "communication", not "analysis".

By the way, does anyone else find it bizarre that the NFL provides stuff like computer tablets and headsets, but the teams are in charge of supplying the footballs?

Slashdot Top Deals

No problem is so large it can't be fit in somewhere.