Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the brand new SourceForge HTML5 speed test! Test your internet connection now. Works on all devices. ×

Comment Re:How do we opt out of the webpage? (Score 1) 86

Hah. Good point, yeah. Time for me to get off my butt and actually get 2-factor going.

It's pretty painless, especially with the Authenticator app. SMS works, too, but if you're somewhere that you don't have cell coverage it can be problematic. Authenticator works on or off-line. I also recommend setting up a couple of different options: maybe use Authenticator as your primary and SMS for a backup (and maybe even add your wife's phone as another backup), and/or print out some codes to keep in your wallet.

Hrm. That paragraph makes it sound complicated. It's really not.

Comment Re:How do we opt out of the webpage? (Score 1) 86

So, what if I don't mind being tracked by Google, but I just don't want this webpage available for anyone out there to access (ie if my password gets compromised)? I can't see a way to opt out of the availability of the data without deleting the data.

Secure your account well. Use a good password and turn on two-factor authentication.

Also, you may want to use the "Send Feedback" link and suggest that there should be an option to turn this off. I'm not sure how it would work, though, since there would clearly also need to be a way to turn it on. What would prevent someone who compromised your account from doing that?

Comment Re:Do you believe Google? (Score 3, Informative) 86

If you believe that Google would willingly stop collecting any data about you on your request, well, you're more naive than I thought.

Remember that Google is subject to an FTC consent decree from the Buzz privacy investigation. As a result of that, they're regularly audited by the FTC, and if the FTC were to find that Google were not acting in accord with public privacy-related statements Google would be in big trouble. Even if the FTC's fine were trivial (which I don't think it would be), you can bet the EU would pile on a much bigger one. And the damage to Google's brand would be incredible.

Believe what you like, but the reality is that Google would have to be dumber than a box of rocks to lie. There's way too much at stake.

(Disclaimer/disclosure: I'm a Google employee, but I'm speaking only for myself.)

Comment Re:Not so easy... (Score 1) 54

Also, I should mention that there are some powerful techniques for effectively sandboxing native code as well, when/if instant apps can use native code. NaCl's history of safely sandboxing x86 code has been outstanding.


Comment Re:Not so easy... (Score 2) 54

That all sounds really good but sandboxes can be broken

Sure, they can, but putting code into them that tries to break out of the Sandbox will get caught by the Play store review systems. Oh, I suspect that we'll occasionally see a clever 0day that can do it and sneak by the review systems, just as there are occasional apps that can break out of the sandbox and obtain root. Such techniques are quickly understood and apps that use them removed from the Play store. In the case of instant apps, there are some additional levers of control: the sandbox can be updated whenever problems are discovered, and sandbox updates can potentially even remove or restrict APIs.

where did you get "Google will be vetting them more closely"

I work with the people who do the vetting.

and will they be vetting them so closely after many updates?

I expect that will depend on how many vulnerabilities are found and how much abuse occurs. It's certainly safe to assume that instant apps will always be at least as safe as the Play store in general... and that's quite safe.

Fundamentally the fact remains that going to a web page will download some executable code onto your device without consent or explicit installation action.

Like, say, Javascript?

How difficult that is to secure depends on what the sandbox allows the code to do. How quickly you can update the sandbox to remove discovered vulnerabilities is also very important.

Comment Re:Not so easy... (Score 1) 54

Allow apps from unknown sources should always be off, unless you know what you are doing. Period. That should stop this

And when app fragments are downloaded and installed automatically over web pages as the latest version of Android does?

Not just the latest version of Android. "Instant apps" will be available on every platform version from 4.1 up.

However, instant apps can *only* be downloaded from the Play store -- there is no equivalent of "allow untrusted sources". They'll run inside a sandbox which is part of Google Play services, so it can be updated at any time if any abuse is detected -- including the ability to remove APIs, disable specific abused instant apps, or even shut the whole system off if needed. In addition, Google will be vetting them even more closely than normal Play apps.

Comment Re:AIs don't have G-force limits (Score 1) 439

The airframes can't take 8G either. You take a modern fighter jet fresh off the assembly line, put it through several 8G turns, and you've just drastically shortened the service life. High G turns create a huge amount of stress on the metal and if you keep making them, the wings will crack and fall off just like a WWI biplane.

So you can stuff that "pilot can't take it" line, it's partially true but not really why they don't allow fighter planes to go above 4-5G unless it's wartime.

But you only need to bend up a few planes to get the AI thoroughly trained on the limits of the design. After that, the only time the AI does the high-gee maneuvers is when it's in a dogfight -- and if you're in a dogfight, shortening the service life of the aircraft is a complete non-issue.

Slashdot Top Deals

"The eleventh commandment was `Thou Shalt Compute' or `Thou Shalt Not Compute' -- I forget which." -- Epigrams in Programming, ACM SIGPLAN Sept. 1982