Hey, I'm a SWE at Google currently hosting an eng resident. I'd encourage staying through the residency in general, but I of course don't know your specific situation. (I'm also not sure which rotation you're on, but it's worth noting that even if one of your rotation teams doesn't have headcount the other might, and that even if neither does right now they might by the end of your residency.)

If you want, feel free to contact me internally and schedule a 1:1 so we can chat in more detail. My google username is the first 5 characters of my HN username. If you want to make the meeting private, that's absolutely reasonable. I will not mention anything about it to your team or manager unless you ask me to.

3 combined with 6 sounds like a recipe for disaster if someone manages to compromise your CloudDrive account (probably not by breaking the password, but by social engineering or a method similar to the one in this article). If they get that, they have your encrypted password database, and if that has a weak password... you're totally SOL. The password database's password is one you want to be /very/ strong.

Do you recommend I memorize a GUID? It's not quite "Correct Horse Battery Staple"

Has any CloudDrive service been socially engineered? I didn't find any results in my rudimentary search.

Personally, I have a password that my password manager generated that I use for it. I had it written down in my wallet for a while, but after typing it multiple times a day for a while I memorized it and since destroyed the paper. It's a shorter password than what I use for my stored passwords, but I think it strikes a good balance. (And it's not a GUID, but if you think you could memorize that then it probably couldn't hurt. That's risky, though -- if you forget, there go all of your passwords for everything!)

I don't know of any off the top of my head, but there was that time a few years ago when Dropbox accidentally let anyone in without a password. This isn't to pick on Dropbox, but security lapses happen and it's wise to have multiple layers of strong defense to reduce your risk. (Also, if someone compromises the email associated with your CloudDrive, they can use that to get your CloudDrive by invoking a password reset.)

EDIT: Wolfram|Alpha estimates the entropy of a password generated using the constraints I used for mine as roughly 85 bits (the relevant space would take 14 trillion years to enumerate). It actually has a pretty information-heavy password strength estimator (though I can't attest to its reliability as I'm not familiar with the internals).

If there's malware on your computer, it could just as easily keylog your password and one-time code the next time you try to log in to google, silently drop those packets on the floor (so you think there was just a connection issue), and then use your credentials to get access to your account.

If there's malware on your computer running as you, with access to things like USB devices, it becomes significantly harder (if not impossible) to do anything security critical on it.

A few examples:

"Remote Timing Attacks are Practical" https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

"RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis" http://www.tau.ac.il/~tromer/acoustic/

Please file a bug report so that the issue can get fixed: https://code.google.com/p/end-to-end/issues/list

It's because this is an animated gif. Presumably picasa only shows the first frame.

That's just the animation -- the gif is constructed to animate displaying each block.

I find it very weird that the author of the page did not display this information on the page.

He uses mechanism that is inherent in GIF specification and can be used for animation, more than 256 color images or images that do not store image data for empty areas (or any combination). GIF stores sequence of rectangular blocks of image data each with its specified position in resulting image, own palette and optional delay before start of drawing (for animation). Browsers tend to assume that GIFs with multiple blocks with zero delay between them are broken animated GIFs (and enforce some minimum delay), because such files do exist and are certainly more common than GIFs with holes or large numbers of colors.

There's a more general proof at https://docs.google.com/viewer?a=v&q=cache:euFgQLUCTfwJ:... that looks reasonable at a skim.

Awesome!

Here's perhaps an easier to understand proof.

Let A be a countable set. Now, suppose that there was a surjective function (one that hits every element of P(A)) f: A -> P(A). (Note that f takes elements of A, and produces subsets of A.)

Now, define Y ⊆ A as follows: For all x in A, x is in Y if and only if x is not in f(x).

Thus, Y, which is in P(A), is distinct from every output of f, and so f is not actually surjective.

This means that no surjective function f: A -> P(A) exists.

This is a generalization of Cantor's Diagonal Argument (http://en.wikipedia.org/wiki/Cantor%27s_diagonal_argument).

Cockpit view is generating an error: "The Google Maps API key used on this web site was registered for a different web site. The developer of this web site can generate a new key here.

(here links to https://developers.google.com/maps/)

from the forum - "If you have problems with "Aircraft View" or API-key, make sure to install latest version of Google Earth plugin-in http://www.google.com/earth/explore/products/plugin.html and remove your ad-blocker."

I logged in to google earth, paused ad blocker and cockpit view is now working for me.