absfac + google   48

Google Cloud Platform Blog: 12 best practices for user account, authorization and password management
not really specific to services built on GCP, but worth reading what Google is recommending to developers
security  identity  software-as-a-service  google 
february 2018 by absfac
Why I left Google to join Grab – Steve Yegge – Medium
Yegge-esque, although lacking a certain something, probably due to its sales-pitchiness. I will excerpt just one joke that made me laugh out loud:

<<
I am tempted to make fun of Jeff Bezos here, but I’ve heard that nobody has done that three times in a row and lived to tell the tale, so I’ll, ah, quit while I’m ahead.
>>
google  steve-yegge  rants 
january 2018 by absfac
Data breaches, phishing, or malware? Understanding the risks of stolen credentials
<<
In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the course of March, 2016--March, 2017, we identify 788,000 potential victims of off-the-shelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums. Using this dataset, we explore to what degree the stolen passwords---which originate from thousands of online services---enable an attacker to obtain a victim's valid email credentials---and thus complete control of their online identity due to transitive trust. Drawing upon Google as a case study, we find 7--25\% of exposed passwords match a victim's Google account. For these accounts, we show how hardening authentication mechanisms to include additional risk signals such as a user's historical geolocations and device profiles helps to mitigate the risk of hijacking. Beyond these risk metrics, we delve into the global reach of the miscreants involved in credential theft and the blackhat tools they rely on. We observe a remarkable lack of external pressure on bad actors, with phishing kit playbooks and keylogger capabilities remaining largely unchanged since the mid-2000s.
>>
research  papers  security  google 
november 2017 by absfac
Tackling Age Discrimination in Silicon Valley | WIRED
The rare article that is mostly about useful measures that one can take, rather than just thinly sourced muckraking. (To be clear, age discrimination is a real issue in the Valley, and as someone who's now over 40 I have a pressing personal stake in its pernicious effects, but I still find most of the journalism on the subject rather mediocre.)
ageism  silicon-valley  culture  google  hiring 
august 2017 by absfac
Attacking Nexus 9 with Malicious Headphones
<< Ossmann & Osborn also briefly documented multiplexed audio connectors, noting that Nexus 4 has a TTL UART interface hidden in its headphone jack, a functionality which is enabled if the voltage on the MIC pin exceeds some threshold.

Fast-forward to 2017, nowadays it’s a well known fact that the Nexus devices (Pixel too) have this kind of functionality in their headphone jack. >>

Honestly, what the fuck.
security  mobile-computing  google  android 
march 2017 by absfac
Picasa.google.co.uk
Last place to download official Picasa installers, if you don't want to get them from random sketchy download sites.
photography  software  google 
january 2017 by absfac
They Promised Us Jet Packs. They Promised the Bosses Profit. - NYTimes.com
<<Kathy Cooper, an engineer who led the project, said of the goal, “I think we could meet it, but it would be more like 15 to 20 years.” That was too far away, which was why she recommended killing it.>>
research  business  google  technology-industry 
july 2016 by absfac
Site Reliability Engineering: How Google Runs Production Systems 1, Chris Jones, Jennifer Petoff, Betsy Beyer, Niall Richard Murphy (@Kindle)
Finished 2016-06-19. "The SRE book". Long-winded and somewhat variable in quality (for example, the chapter on testing is pedantic, uninformative, and frequently syntactically garbled; and the chapter on Borgmon may be a crime against humanity). Yet this is the frustrating sort of book which has just enough good content that you can't actually ignore or skip most of it entirely, but not enough density of good content that you will enjoy reading it all the way through. I wish a more tightly edited version of this book existed.

However keep in mind that I worked at Google and interacted a decent amount with SRE so other readers may derive more value from its correspondingly greater novelty than I did.
booklog  finished:2016  google  devops  software-development 
june 2016 by absfac
The Practice of Cloud System Administration, by Thomas A. Limoncelli, Strata R. Chalup, Christina J. Hogan (@Kindle)
Finished 206-06-??. I refer other engineers in my org to this often enough that I have an abbreviation for it: TPOCSA. Recommended, although you should skip liberally based on your experience. Probably somewhat better than "the SRE book" IMO.
booklog  devops  google  finished:2016  software-development 
june 2016 by absfac
Peter Norvig: How Computers Learn - YouTube
Vienna Gödel Lecture 2015 with Peter Norvig, Research Director at Google Inc.

Interesting quote from 1h 11m 50s:

<< One thing I can share that was surprising to me is it turned out that being a winner of one of these programming contests was actually a negative factor for performing well on the job. Which is surprising, and it doesn't mean you guys should stop doing the contests, but I think what it meant is that everybody who gets hired at Google is pretty good, you know, so if you just had to pick somebody off the street, I'm going to take that contest winner. I'm gonna take him every time, uh, or her. But if it's somebody who passed the hiring bar, then they're all pretty much at the same level. And maybe the ones who are used to winning the contest, you know, they're really used to going really really fast, and cranking the answer out, and then going on to the next thing. And you perform better on the job if you're a little more reflective, and go slowly, and make sure you get things right. >>
videos  programming  machine-learning  google  peter-norvig  via:reddit  hiring  survivor-bias 
february 2016 by absfac
Jeff Dean: I'm saddened to see AltaVista being shut down. +Danny Sullivan wrote a nice a...
Among other things, this is one of the few remaining pieces of information on the web which clearly states the relationship between DEC WRL and DEC SRC (really! try finding it anywhere else!). Given how much interesting research happened between these two labs, and the roster of luminaries who worked there (3 Turing Award winners did tenures at SRC!), this is astonishing...
computer-science  history  google  dec  silicon-valley 
february 2016 by absfac
The Auto Industry Won’t Create The Future — Backchannel — Medium
<<One of the biggest vectors for disruption in cars is the existing manufacturer/dealer model. The model where auto companies sell to dealers who, in turn, sell (with terrible experiences) to drivers is an idea who time has come and gone. Tesla, as the first successful direct-to-consumer auto brand, has this right. They don’t have dealers, they have showrooms. They don’t haggle with us over price. (I remember once hearing car companies defend this practice by stating that consumers actually prefer to haggle over price.) How does the industry react to this modern model of engagement, allowing one to actually know and understand one’s customer? They sue to protect dealers.>>
business  automobiles  futurism  apple  google  tesla  detroit 
november 2015 by absfac
How Chromium Works — Medium
<<If a refactor breaks something that wasn’t exposed by failing tests, our outlook it that it wasn’t the fault of the engineer who did the refactor, but the one whose feature had insufficient test coverage.>>

<<WebKit moves really fast too. And just like we cannot have feature branches that suddenly land, we can’t try and merge a month’s worth of WebKit changes all at once. It would destabilize the tree for days. Instead, we try and keep Chrome compiling against a very recent version of WebKit. That version is almost always less than a half-day old. There’s a file in the root of Chrome that contains the version of WebKit we currently compile against. When you check out or update the Chrome source code, a tool called gclient automatically pulls the version of WebKit indicated in this file. Several times each day, an engineer updates this version number >>

<<Testing thoroughly is still an unsolved problem. In particular, flaky integration tests are a constant issue for us. Chrome is big, complex, asynchronous, multiprocess, and multithreaded. It’s easy for integration tests to have subtle timing issues that make them fail intermittently. On a project our size, a test that fails 1% of the time is guaranteed to fail multiple times per day. Once a test becomes flaky, the team quickly gets in the habit of ignoring it, and that makes it easy to miss other legitimate test failures in that area of code.>>
software-development  google  chromium  free-software 
september 2015 by absfac
Startup L. Jackson on Twitter: "Apple's Principled Position On Privacy Paradoxx. https://t.co/DGokR6MpEp http://t.co/sWCDv423tY"
This Twitter thread is a surprisingly rich mine of opinion IMO but it is a testament to how disastrously bad Twitter's UI is that you'll basically never parse it without machine aid.
privacy  apple  google  facebook  internet  business 
june 2015 by absfac
Omega: flexible, scalable schedulers for large compute clusters
Forgot that this project had published a description of its WIP externally.
google  distributed-systems  operating-systems 
november 2014 by absfac
Migrating to Google+ Sign-In - Google+ Platform — Google Developers
See timetable. This is actually super confusing, but OpenID Connect is not going away (although OpenID 2.0 is).
google  web-development 
august 2014 by absfac
Google Online Security Blog: Content hosting for the modern web
I was surprised recently to find that many objects (for example, images from private photo albums) on the googleusercontent.com domain have no authentication requirements, relying only on URL obfuscation. The object ID seems to be a little over 256 bits long, so it is quite hard to guess, but nevertheless there are ways that the URL can leak (as noted in this post). This post helpfully explains that there are 3 tiers of content protection on googleusercontent, and for some documents it seems that a form of access token must be issued.
google  security  web-development 
may 2014 by absfac
From a Googler: the Google interview process : cscareerquestions
I don't really endorse the sometimes dismissive language used here. However, the facts match up well with my own extensive experience interviewing engineering candidates.
google  hiring 
march 2014 by absfac
In The Plex: How Google Thinks, Works, and Shapes Our Lives, Steven Levy (@Kindle)
Finished 2013-08-??, mostly while busing around the Balkans. Entertaining. Mostly but not entirely accurate as far as I can tell (for example the description of MapReduce is a bit mangled, but what are you going to do, he's just a journalist). Rather naively booster-ish in spots. My feelings about my time at Google are kind of complicated but reading this reminded me of the best parts of being there.
booklog  finished:2013  history  internet  google 
september 2013 by absfac

Copy this bookmark:



description:


tags: