Google are Data Sheiks and how to secure things without their budget
In the Middle East, a few lucky families control the nation, and thus the oil wealth, thus perpetuating their rule. The Middle East isn't known for contributing much to the world's infrastructure or science. The same goes for Google. Mentioned in the past that Google doesn't ban having "noreply" in username, allowing for phishing accounts to be used on their service. You have to be some kind of sociopath to see something terrible happening and not trying to at least think of something that could be done. They have immense amounts of money, so their contributions to cybersecurity rank from (in monetary value), SHA-1 collision search (a million GPU hours), $200,000 for Android exploits, and $1,000 to fuzz browser DOMs for only ten seconds per attempt. They did discover numerous "security-related" crashes. Don't know if they decided to check for memory bound errors that didn't cause a crash. That might take more than ten seconds though. Twenty? Will they offer $200,000 for Chromium OS exploits? If they can't do it, shouldn't they cut back on Chromium OS and put everything behind Android? Or rework Xen-ARM to replace Chrome OS and Android? Corporations brag about smartphone resolution, but they should brag about security. Maybe force them to? Of course, McAfee got rich selling snake oil, by being alarmist. Fortunately there are real reasons to be alarmist nowadays! Or just do what puri.sm is doing and mumble... privacy... security... something. Does one really lose that much privacy with a smartphone with the default apps and settings? (you do have to set-up the backup) But the EFF quit W3C after DRM (surely there is a middle ground that makes DRM unviable on any slow computer). What is anyone going to do about webrtc? Anyway, here's a spin on an old saying, demand a mile, get an inch, demand it again, (and listen to them complain that they give you an inch and you want a mile). Allegedly some people have complained of various leftist nonprofits as being shake down organizations. Raise a fuss over insecurity, demand proportionate funding from corporations, name and shame, etc etc. Democracy is numerous people shouting over each other for what they want. Ideally though, one would have a low performance computer with high volatile memory, Qubes-style separation. AVOID COMPRESSING MEMORY. Local attestation, hash the loaded instructions, and induce a fault if the instructions change (thus causing any insecurity to be limited to improperly coded APIs). Integrate ClamAV, and harden it's sandbox? Computers should be separated into hobbyist (for learning and experimentation) and production computers (for anything actually important). Motherboards with soldered chips, and integrated SSD for the operating system. Shorting a fuse will disable updating the operating system for those activists. I mean... https://en.wikipedia.org/wiki/Instructions_per_second#Timeline_of_instructio... Computers are fast. Transistors are small. Whatever you people think you're doing, it is not happening. It is not going to happen. What does it say that Zuckerberg owns a Macbook, and tapes over the speaker jack? Soghoian also criticises Google for failing to step up to the plate.
"Google could pay for the development of Grsecurity using the money found between the cushions of their sofa," he insists. "This is not a big-ticket item in the grand scheme of Google's budget."
What is cheaper? A Pinebook with Android or a Librem 5? Probably unfair, the pixels per inch for the pinebook is a lot lower.
participants (1)
-
Ryan Carboni