Good sign to me is one of the steering members is Tom Hacohen founder of Svix (webhooks-as-a-service). We're adopting them where I work and everything from them has been solid. I know he's seen a lot of different use cases and will have good consideration for the schema they define in their spec file.
Seems interesting, all the best ai chat interfaces do well in selling themselves by offering strong citations - I like how you.com for example points to relevant SO posts when it presents code snippets.
This sort of API can really boost the chat development workflow
No pizza is as good as my memories of Fox’s - sausage and peppers under the cheese, herbaceous profile sliced into borderline bite size squares that you can eat a dozen of
Telling that the summary advice is “change the default password”, even if some of the other ideas are deployed user involvement is near zero if not completely zero. I wonder how impactful it would be to roll out a totally read-only router, or if the necessity of updates and maintenance would generate too much headache for the user
I think this is one of the awesome things about Google Wifi (aka: OnHub). It's fully managed from a phone app (via "the cloud"), so you get the authentication tied to your gmail account. It's also based on ChromeOs (chromebook OS), and follows a similar auto-update that Chromebooks get. So you are always running the latest firmware.
(There are obviously downsides to Google Wifi, my primary issue being that it doesn't have many of the advanced features that something like UniFi has. But for most people, it works well.).
While your points are valid, it is a bit disconcerting to have the world's largest data monetizer watch all of a home's traffic. Google's promised benevolence may be temporary
Even more than that; I left Google (as a user, never employee) because I was scared of being banned. Seeing stories of users on Amazon / Google getting their account banned due to something related to a business concern, made me realize that if someone flagged a google app I had my whole life could come to a grinding halt. Phone, phone number, email, storage, internet access! All that because maybe I got reports on a phone app I wrote (hypothetical).
I'm doing nothing illegal or unethical, nothing wrong. Nevertheless, I ran from Google asap due to that reason alone. Google represented a massive single point of failure to my digital life.
I now use separate products for just about everything I own. While it's not as convenient as Google, I feel far more secure.
Similar concerns, I recently used Google Express for a purchase, it worked fine, and then I deleted it. My Google account is my main email, and every new Google service is another opportunity for my whole account to get irreversibly banned.
Using Google with their famous lack of customer service to make purchases that I could conceivably need to put a chargeback on felt uncomfortably risky.
Tie my home internet connection to that? How do I know I won't get locked out of the cloud-integrated admin app? Why would I want it connected to anything Google?
The "one account everywhere" thing is convenient and great for their branding, but it's not great for my peace of mind.
Agree on lack of support. I have an account that is blocked. I forgot the password since it was always logged in. When I try to recover the password, it asks me a bunch of questions that I am pretty sure I am answering correctly. At the end it just tells me that the account cannot be recovered... even if I had the second factor authenticator still working and I punched in the right code. I searched high and low online but since they do not have any kind of support I have no way out. It is depressing.
To be honest, if someone doesn’t know my password, doesn’t have my 2-factor code, and can’t answer the security questions, I don’t want them to be able to call up customer service and social engineer an account takeover. I don’t think there’s any amount of proof that I could provide but an adversary targeting me couldnt’t fake to convince a call center employee.
What I’m more worried about is their “You violated the TOS. We can’t tell you how you violated the TOS. We can’t unban your account.” If you don’t know someone at Google, you’re out of luck.
Google also remotely wiped a bunch of its customers' routers, driving them off line and causing all sorts of problems.
Which isn't to say that home customers would have necessarily done better, but most people don't have random maintenance bring them down at random times.
One nice thing with Google WiFi being based on CROS, is that it's mostly open source (about the same level as Android, where there are some binary blob board support packages). With that, there is custom firmware you can load know Google Wifis: https://github.com/marcosscriven/galeforce
I think there is a pretty big distinction wrt routers, in that an end-user cannot build it. That link states as much under the, "Why not just build Chromium OS from source" section. Has anything changed ? With android at least, google distributes the blobs. This probably (?) explains why openwrt hasn't been ported to any of the google routers, although the availability of chromiumOS source would make you think that it would be straightforward.
While it's amusing to consider that someone cares, the fact is that if someone wanted to specifically surveil you the most likely way to do so would be to crack into your computers and network devices. That's the real threat model. You want the device with the best functional security. I don't think you should rule out any candidates based on imaginary privacy issues.
Perhaps it's just because I'm not in the target demographic, but this is exactly the reason that Google Wifi is completely out of consideration if I ever need to buy a new router.
Give me local ssh and WebUI. No cloud, no phone apps.
Wow, really? Am i reading that right, that without an active WAN connection, the internal LAN connections don't work on Google WiFi hardware? That sounds more like an "Internet appliance" than it does a router.
UniFi products also work from the cloud, if you enable that (it is optional) and you're not tied into the system of one of the largest data gatherers in the world.
Microsoft with Windows 10 uses machine learning to figure out when its most convenient for the user to update (latest Insider build has this function). Either way, Windows has come a long way from 9x randomly crashing and every other piece of software requiring a reboot.
It’s useful but not necessary. It’s hard to offer the simplicity described above while keeping the control in your hands, but some folks working on wireless mesh are working on it:
"Simplicity" can be a negative indicator of security. If it's simpler for you, it might also be simpler for an attacker.
Manual steps with the physical hardware, or even requiring a local wifi/ethernet connection, are always going to be more secure than an internet-accessible god mode.
Could you be more specific regarding why it's "hard"? I reject the premise that such a limited feature set can be "hard" to support without "cloud". Seems like some combination of NFC/QR codes, WPS and Android/iOS ought to be able to do the job. Mesh set-ups are known to work just fine on-prem. Moreover, a fully local system will almost certainly be more reliable, and will last longer. Certainly beyond the date when Google inevitably cancels the project on their end.
AT&T and a few others currently deal with this problem by having a random password assigned for the admin user printed on a sticker on the side of their Modem/Router combo boxes. It seems to work pretty well.
Got a new netgear router the other day and it used this. Default admin and default wpa2 key were randomly-generated at the factory and printed on the back of the router. If/when my parents need a new router I'm going to have them get one of these and never have to guide them through the security gui again.
While I do like the idea, att boxes are very low quality and drop wifi connections constantly. I've always installed a ubuqiti router and AP. Apparently it's impossible to disable the firewall on the att box also. I've actually called att and had the conversation: "can you enable some ports". CSR, which ones? Tcp and udp 1-65,535...
For most users, this really isn't a problem. I never had many problems using the ATT stock boxes for routing, but like you have moved on to better solutions. But we also understand how to secure our devices. Even newer consumer routers are following this same strategy of printed admin passwords, so if a consumer is deciding to replace it with a newer device it still works! :)
This is what my ISP does for their router/cable modem combo. There's a sticker that tells you the SSID, the password for the SSID, the URL for the web interface along with the user ID and password. The passwords are both randomly generated.
They will also put it into bridge mode for you where none of that stuff applies.
Yeah, mine as well, until recently they figured out that the passwords weren't so randomly generated as they were derived from the SSID. Great entropy...
I recommend to use a mnemonic password [1] and just print out the WiFi password (without using Google Cloud...) and use some adhesive tape to attach it on the bottom of the router. The downside is that someone who has physical access to the router can see the password within seconds. Someone's who's plumbing your drain or when you are on the toilet.
That they put it into bridge mode when you request is due to EU regulations where EU civilians have free choice of router.
Only reason I would be concerned about using that specific generator in particular would be the fact that it severely limits your passwords to the "kid-friendly" set.
If you have to create pw you want use one time and tell it to someone over the phone or use it for "Guest WiFi" network, I don't see why I got downvoted.
It is not like I am going to use it for my main email account.
The only con I can think to that is the initial influx of support questions. I have no idea why this is not the default now, its simple, user friendly, and way more secure
Cox (Orange County) and Verizon Fios (Los Angeles) delivered routers with good-looking, seemingly randomly generated passwords printed on a label. It's been this way with Cox for at least six years.
Exactly. That’s because FiOS routers allow tech support and their website to acquire information about your network, including your WPA passphrase, devices connected on your local network and more.
For that reason alone it’s best to have your own equipment not tied to the ISP, IMO. The ISP can already see all of my plaintext traffic, DNS requests, and MITM all my sessions if they wish. I’d rather not give them full access to my private network on top of that.
The idea of a completely read-only router is really interesting. I used to buy hardware that would only work with open firmware -- I used to love to constantly update and mess with DD-WRT. But in more recent years I've just started buying high-performing hardware and skipping the customization beyond SSID and passwords. With faster connections, UPNP, and decent default QoS policies I pretty much never have to configure my access points or routers anymore. I'm pretty sure the average consumer has no desire to configure anything.
I don’t know how it’s possible to be read only. It needs to update things like routes and arp tables. That’s exactly the type of stuff that gets poisoned when attacked.
Zuckerberg purchased the land from all serious parties, and now his lawyers are doing their due diligence to track down anyone who might own even a "1/3,276" share, and are hardly treating anyone unfairly.
Put down your pitchforks, no one is being driven off their land.
Indeed. Another article quotes his lawyer as saying "Zuckerberg has no intention of contesting any co-owner who can prove their interest in any of the land parcels."[0]
For some of us though, the historical context of the US invasion and overthrow of Hawaii means that this sounds quite distasteful, although reasonable.
No, the issue is identifying the owners, at Zuckerberg's own personal expense, most of whom seem to be completely unaware that they are partial owners.
The practical effect is some people get a windfall check in the mail that they weren't expecting at all.
It's a two-step process. First, they learn about their part ownership of some land, which is probably a nice thing, although one shouldn't mistake it with a gift or winning the lottery or some such. After that, their land is exchanged for money, possibly against their will. That seems very much like any eminent domain case, except for the whole for-the-good-of-the-public aspect.
