me, 2.0: jose nazario
beauty and the street
Four short links: 7 November 2013
of course, Silicon Valley, credit card
Float Label Pattern | Brad Frost Web -- User loses contextThe biggest disadvantage of inline form labels is that the user loses the context of the input once they focus on the field and after theyve entered a value. The float label pattern floats the inline label up above the input after the user focuses on the form field or enters a value.
Mike Hearn - Google+ - The packet capture shown in these new NSA slides shows -- Until this article no one had mentioned that the intercepted traffic was on leased fiber, not on the public internet. That makes the cleartext transmission seem like a less glaring error, I suppose I can see how it wouldn't seem necessary. In fact, anyone claiming in was necessary probably would have been seen as paranoid until now. Still, encrypting data sent over the wire is not difficult. Considering the value of the data in question, and the number of parties who could access it (at least two - the fiber owners and the government), it seems like a worthwhile investment. Lesson learned, I suppose. +Trevor Loucks In many cases that would mean the service couldn't operate - for example, GMail couldn't communicate with other SMTP servers if Google never had the decrypted message on its servers. If you have a doc for collaborative editing, how do multiple people get the same key? +Mike Hearn Was this work started before the most recent revelations made it clear that this was mission critical? I've had quite a few people ask why I haven't seemed to be more upset publicly about all the recent NSA and other surveillance disclosures. When the agencies have something they really want to target, they can use warrants and even user endpoint attacks to deal with most kinds of common encryption. But what's so important about encryption at Google scale is that by making it significantly harder to do the mass, vacuum cleaner type surveillance, the opportunity for governments building up enormous databases of such material composed almost entirely of innocent parties' data can likely be curtailed in meaningful ways. +Mike Hearn in many cases it is simply not necessary to ship your personal info to someone else to organize. If you have a good internet connection at home, you can just put a modest box alongside your cablemodem that is capable of storing all your data and organizing it (with the right software, of course). And you would control your own privacy. The big missing piece is the software. Unfortunately all the effort has been poured into services like Google's because quite frankly, people don't know any better. Nobody knows the value of their data so they give it away. I would much rather contribute to a kickstarter for open source software to do the same thing. That way I know the application is working for me, not someone else. One hopes that the executive leadership team @ Google have retained some suitably capable legal resources to deal with what is inevitably coming down the pike. The state and it's securocrats do not like to be defied in private, let alone in public. +Larry Gritz Did you not read +Mike Hearn comment above? IIRC +Mike Hearn is in SecOps and while I can't recall if I ever worked on anything directly with him, my general experience with that group is that they thought about security in great detail. It's my hope that people in SecOps use this event wisely to build more security into Google's products and to Google's internal infrastructure. Some of them don't know they are (the authoritarians who obey orders, just doin' m'job types, these are the kinds of people who executed Jews on command in Nazi Germany), and some of them are fully aware of the criminality of their behavior (the psychopaths a.k.a. We're talking about people who have conspired to mass murder brown people abroad, and cage millions of non-violent black and white people at home. You need to remember that these people are willing to murder you if you disobey or resist them. That is what they do, they do it righteously, they will do whatever the fuck they want to increase their power over you, you must never forget that. FWIW, I do not do security related work at Google any more, I moved on to other things. Afterall, Google is the biggest source of information in the world and obviously for NSA, and for it to pretend as the White Knight in front of everyone is one way to get the trust back of the people which affected Google's reputation along with NSA's. The Patriot Act (and others) gave sweeping powers of data collection all in the name of national security. Obama campaigned on removing the Patriot Act, and then supported it his first week in office - presumably he saw something that made him believe such suspension of privacy is required, and if everybody in the government believes it they think they are doing the right thing. I would pump data over those lines which created a whole new parallel world of users, accounts, and address books, all artificial of course. I forget where I read it, maybe The Guardian, but there was a suggestion that Google and other mega tech create an NRA-like grassroots movement. Time to side with the people. Too bad you didn't use your power to do that in the first place and too bad it didn't become a huge deal for you when the NSA was just obliterating privacy rights of the little people. Time to stand with the people and use the tremendous power that you have. Google could make a difference. "The security agency of NSA GCHQ have a duty and a right to store data, and mine credible (only credible) threat profiles to the law and order of society." +Jeff Weiss It seems fairly clear now that claims that it should have been encrypted being "paranoid" are in retrospect reasonable. Though I'm not trying to evoke the cliche "Just because you are paranoid, doesn't mean they aren't out to get you." Hey, I just wanted to thank you guys for attempting to keep our data safe. +Mike Hearn Anyone slightly exposed to any serious production security issue will know that any security issue is non-trivial, and none of them is simple. +Kevin Lyda I'm sorry to say it, but +Mike Hearn may be downplaying the importance of Google's business model in its inability to move to a user-pays system. I thank +Mike Hearn for commenting here, because I think his comments are a great service to the community, I do, however disagree about the viability of user-pays. All Google would know is that you logged in, sent some CC details to a processor, and the processor confirmed the transaction. Then Google increments the amount of time you're entitled to their service. +Duplicati For everyone else prompted by recent revelations to want their own end-to-end security, check out this startup trying to get off the ground right now with a game-changing technology based on tokenization rather than encryption: http://www.indiegogo.com/projects/make-it-private Thank you for having the courage to express your point of view. Crime is potentially older than surveillance. Yet anyone who ever justified crime because "everyone knows it happens" or "everyone does it" . Such a person is marginalized by any society wishing for privacy, peace and prosperity. Plenty of criminals offer similar excuses, "Everyone is doing it", "You can't stop me" or "Crime is part of life". Such people are often medicated for our protection. You are presenting yourself as that guy (that jerk). The one who looks for crying parents at funerals and hollas, "People die all the time, quit yer' bitching, you shoulda expected it!"
When a great product hits the funding crunch -- Today I read a well-done article by The Verge on the shutdown of Everpix, a photo startup thats gained a small but loyal following. Theres a lot of things to comment on, but the Everpix story is a common one these days- a lot of startups have built great initial products, and even shown some strong engagement, but ultimately not enough traction to gain a Series A. Then you raise $1-2M to get traction on your product. Maybe angel investors will expect a working product, reasonable traction, and product/market fit all before they put in the first $1M? If you combine this with the rest of your schedule, like 6 months to raise VC, another 6-12 months to build the product, etc., then you dont have much time to hit your traction milestones.
Bitcoin The Internet of Money | Startup Boy -- Thanks to these technical underpinnings, bitcoins are scarce (Central Banks cant inflate them away), durable (they dont degrade), portable (can be carried and transmitted electronically or as numbers in your head), divisible (into trillionths), verifiable (through everyones block chain), easy to store (paper or electronic), fungible (each bitcoin is equal), difficult to counterfeit (cryptographically impossible), and can achieve widespread use many of the technologists that brought us advances on the Internet are now working overtime to improve Bitcoin. Another fear is that a central actor could take over the Bitcoin computing network but the combined Bitcoin distributed supercomputer runs at the equivalent of 2,250 PetaFLOPS, 90x the rate of the fastest supercomputer (note in Nov, its now 48,000 PetaFLOPS!), and consumes an infinitesimal fraction of the resources used by a bloated banking system. Its better to think about Bitcoin the protocol as Bitcoin 1.0, destined to evolve just as HTTP 1.0 evolved beyond of simple text and image-only web-browsers. Bitcoins are easy to send instead of filling forms with your address, credit card number, and verification information, you just send money to a destination address. It has near-zero transaction costs you can use it for micropayments, and it costs the same to send 0.1 bitcoins or 10,000 bitcoins. A Bitcoin transaction can require M of N parties to approve a transaction.
This post is auto generated by @hacktweetnews
next Friday, Nov 08, 2013 @ 04:05am |
previous Thursday, Nov 07, 2013 @ 12:08am
Last modified: Thursday, Nov 07, 2013 @ 04:05am
copyright © 2002-2005 jose nazario, all rights reserved.