ZergShotgunAndYou

LMAO.

Not even close and that's NOT what google said, prime example of clickbait title. Ofc the VP of marketing had to say something nice about the latest offering from a strategic partner,it's not like he can flat out say it's shit.

They list the presence of a secure face recognition method to to unlock & authenticate payments as the reason why the device excels in the workplace?! o-ok.
if you are adopting an Android phone in a corporate environment and it's NOT a Pixel(preferred,due to hardening,dedicated secure HW, monthly sec patches and seamless updates) OR a Samsung you're doing it wrong.

Nah, we appreciate your hard work.
And yes even tho there are very few nodes running clients other than Geth and Parity, we should give the teams maintaining those projects time to review,update and test,they have less resources at their disposal and a consensus bug is pretty high up on the list of things you don't want to see happening on mainnet.

It sucks but that's just the way things go sometimes.Having multiple clients implementing the same spec with different codebases is a boon to security and makes the network more resilient to attacks exploiting bugs in a single client but this is the tradeoff, the possibility of having potentially serious consensus bugs that fork the network.
I say take the time to do it right, fuzz the shit out of it and ship somewhat reviewed code.ETH is securing Billions in digital assets,a delayed protocol update is bad but inconsenquential in the grand scheme of things while a forked and temporarily unusable mainnet network is catastrophic and the implications very long lasting, do what's right.

fuck you and your spammy link(apologies if it was malformed by a botched cut & paste and not intentionally)

Also, this is a good thread by Lane explaining roughly what happened and what the current status is:

https://twitter.com/lrettig/status/1051933420044062720

It is.

While it doesn't function exactly like a traditional zero knowledge cloud backup,the whole purpose of the HSM/Titan chip in Google's cloud is that Google can under no circumstances access the crypto material and unilaterally perform a decryption of the data without having access to the device passcode.That IS zero knowledge.

They boast about it offering Insider Attack Resistance,eg: a malicious/compromised Google Employee with root access to the machine where user data is stored is able to decrypt it. Zero Knowledge is needed to achieve that.

Read the doc below, they DO make some assumption when declaring their threat model and the scope of the analysis but they're very reasonable and conservative:

https://www.nccgroup.trust/globalassets/our-research/us/public-reports/2018/final_public_report_ncc_group_google_encryptedbackup_2018-10-10_v1.0.pdf

They don't reference it but if the data-at-rest is encrypted in such a way that no Google employee is able to decrypt it, not even when legally required to do so(court order/search warrant etc) that IS the definition of Zero Knowledge.

The user is in control of the decryption key, not Google.

Remember this is ONLY for application data/settings NOT user generated files saved on Google Drive etc.

Also unclear if it supports both Key/Value Backup AND Auto Backup https://developer.android.com/guide/topics/data/backup#Choosing

It's unclear but i think Pixel 3 devices will be the first to support it, i don't think it's an exclusive feature.

I don't know what changes,if any, OEMs needs to do to implement it.Based on some of the language used in the third party audit of the infrastructure performed by NGCC at the request of google i'm inclined to think that *maybe* it also uses the Titan M chip on the device itself since they mention this in the document:

​

"This backup encryption key will be stored only in secure hardware on the phone and synced periodically with secure hardware hosted by Google."

taken from: https://www.nccgroup.trust/globalassets/our-research/us/public-reports/2018/final_public_report_ncc_group_google_encryptedbackup_2018-10-10_v1.0.pdf

It's just an educated guess tho, i may be wrong and they are just referencing TrustZone, present in every ARM SoC.

This would tie in nicely with what Rick Osterloh said on stage at the event recently about "the closed loop between on-device security and the datacenter :

https://www.youtube.com/watch?v=EsoQGTA1SxY&t=10m15s

When it rains ,it pours...

lmao. You are paying(dearly) for those.
Prices are fucking insane all over the world,irrespective of VAT,currency rates etc.

Fuck me it's even worse than i expected.

They really did waste $$$ in the BOM to add a second front facing camera and no face recognition capabilities.

So the only feature i'm looking forward to is the Titan M security module.

https://outline.com/mNDfrH
Non paywalled version.

This is bad...they didn't do a postmortem of the security incident - or rather they did one internally and condensed it for executives who decided NOT to inform the public based on it due to fears of attracting scrutiny from regulators, fines for having exposed private data and the potential damage to the brand.

i have an OP3T too and i work in infosec . i can guarantee you that any system not using a dot projector and an ir camera is an inferior technical solution that does NOT meet an acceptable threshold for security(and the reason why it's generally only used to unlock the phone and NOT to perform more sensitive actions like authorizing payments etc).I'm not claiming Apple's(or Xiaomi's) solution is perfectly secure but it has a remarkably better FAR & FRR.

Face recognition biometric auth solutions using off the shelf cameras/hw are a gimmick and can't be compared to carefully engineered ad-hoc systems.Apple bought PrimeSense and RealFace(two start ups working on face unlock tech) for a reason

Maybe the face unlock offered by OP is enough for you, it's not for me and for usage in an enterprise setting.

I swear if it turns out the 2nd front facing camera is only used for wide angle selfies and they don't have a decent face unlock mechanism(which is very likely since they would need a dot/pattern projector and the camera would need to be IR and i don't see it)i'm gonna lose it.

I don't mind notches because i see them as free screen on the sides BUT this one is humongous and if they wasted precious real estate for a second camera uniquely dedicated to wide angle selfies...someone needs to be fired.

Agenda:

https://github.com/ethereum/pm/issues/58

As a bonus the IfDefElse team (creators of ProgPOW) is expected to attend the call.

Agenda:

https://github.com/ethereum/pm/issues/58

As a bonus the IfDefElse team (creators of ProgPOW) is expected to attend the call.

trained for the Ethereum

lolwut?

They are HW/silicon engineers for the most part...not Solidity devs.
And their core skillset is not gonna be relevant anyway when PoS is finally live.