Profile

Cover photo
Harald Tveit Alvestrand
Works at Google
Attended Norwegian University of Science and Technology
Lives in Trondheim
2,212 followers|462,081 views
AboutPostsCollectionsPhotosYouTube

Stream

Harald Tveit Alvestrand

Shared publicly  - 
 
Five years of WebRTC. Quite a ride!
https://twitter.com/webrtc/status/740844129966526464
 ·  Translate
WebRTC turns 5 - time to celebrate. A big shoutout goes to our users and contributors! https://goo.gl/lDmrVW · Vedlagt bilde. 02.52 - 9. jun. 2016. 7 retweets8 liker. Svar @webrtc. Hjem · Registrer deg · Logg inn · Søk · Om. Mer av dette; Mindre av dette; Cancel. Not on Twitter?
5
1
Add a comment...

Harald Tveit Alvestrand

Shared publicly  - 
 
Fint vær i dag. G+ mente denne gjorde seg best i svart-hvitt.
 ·  Translate
8
Add a comment...

Harald Tveit Alvestrand

Shared publicly  - 
 
This is what I call news.
16
2
Add a comment...

Harald Tveit Alvestrand

Shared publicly  - 
 
When trying to guess what people think, look at what they do, not (just) what they say.....
13
4
Add a comment...

Harald Tveit Alvestrand

Shared publicly  - 
 
Go Carl!
(the sheer stupidity of using the "T" word qualifies the Georgia leadership for a place in the Hall of Stupid).
 
The State of Georgia claims that its statutes are a copyrighted work, and that rogue archivist Carl Malamud and public.resource.org committed an act of piracy by making the laws of Georgia free for...
1 comment on original post
7
1
Steven Stowitts Elliott's profile photo
 
Carl is a thief. It is not Georgia state law that is copyrighted; it is the annotated code, which consists of research and analysis regarding legal precedent and caselaw, legislative and judicial history, and links to relevant law journal articles, and so on. Most states contract with private companies to provide this service. 
Add a comment...

Harald Tveit Alvestrand

Shared publicly  - 
 
Schiphol. Just because.
3
Johannes Keukelaar's profile photo
 
Mind your step!
Add a comment...
Have him in circles
2,212 people
Jói Sigurðsson's profile photo
Chris Brorsen's profile photo
marie josiane's profile photo
Virginia Verginica's profile photo
Olaf Drescher's profile photo
Paul Jones's profile photo
Isabel Rosberg's profile photo
Tori Einarsdottir's profile photo
Thomas Longva's profile photo

Harald Tveit Alvestrand

Shared publicly  - 
 
Well said. Yes, it's that serious.
 
After being asked personally a few times and reading claims by others a few more, I thought I'd set the record straight....

Working at Google does not give you access to the data of users!

It's an easy assumption to make.  After all, most companies don't put internal access controls on data making it easy for every employee to access everything inside the firewall.  Google does not work that way.

Though there are many groups at Google, we'll simplify it into Software Engineering ("SWE") and Site Reliability Engineering ("SRE").  I was the latter for 5 years and I've been the former for 3.

SWE, in general, has access to nothing.  They run their code on their own workstations and sometimes test clusters with test data.  A few get access to anonymized user data for their service -- more on that later.

SRE is the group that owns the keys to the kingdom.  They're the group (actually many small groups) responsible for running Google services "in production".  They almost always have access to anonymized user data for their service and the ability to access "raw" logs if necessary, again for only their service.  The kicker is that, since around 2011, this latter access comes through a specific interface where you must explain with each request why you're doing this.  All those actions are logged and those logs are audited.  Misuse of the access will get you fired.

What is "misuse"?  I can't even look up my own queries.  I could be on-call for my service, have you on the phone fixing a problem with you saying, "go ahead" , and I still couldn't do it.  In five years, I only used raw logs twice, both on myself during training just so we'd know how.

So, for any given service, there may be somewhere between 10 and 100 people worldwide who could potentially access Personally Identifiable Information ("PII") of a user, but doing so without a good reason would be the end of them at the company.  And should that abusive employee somehow cause "material damage" to the company...  I don't even want to speculate.

On top of that, any attempt to track a single user, whether the user can be identified personally or not, will also get you fired.  Every user with any form of logs access has signed a paper (real paper, even) stating that they understand all this and the consequences.

This is serious stuff.  My own team would turn me in without a second thought if I did any of this.  And I'd do the same to them.

What are "anonymized" logs?  They're the requests that have had all PII stripped.  No IP address.  No account identifier.  No geo-locating finer than the city, etc.

Disclaimer:  I work for Google (obviously).  These thoughts are mine and mine alone.  Mine, I tell you!  Mine!!!
98 comments on original post
2
1
Add a comment...

Harald Tveit Alvestrand

Shared publicly  - 
 
The soundtrack lies. There are no engines.
10
1
Sanjeev Gupta's profile photoHarald Tveit Alvestrand's profile photo
Add a comment...

Harald Tveit Alvestrand

Shared publicly  - 
 
If crypto is exciting, you're either a theoretican or doing it wrong.
Go BoringSSL!
BoringSSL. BoringSSL is a fork of OpenSSL that is designed to meet Google's needs. Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no ...
1 comment on original post
3
Eugene Crosser's profile photo
 
Hey, zero knowledge proofs are exciting!
(I am no theoretician, just a fan :)
Add a comment...

Harald Tveit Alvestrand

Shared publicly  - 
 
For once, it feels right to be a signatory to a letter to an US rulemaking authority.
I replace the firmware of every router I deploy, if I can.
I want to be able to keep doing that.
 
The CeroWrt project's letter to the FCC on how to better manage the
software on wifi and home routers vs some proposed regulations is now in last call for signatures. The final draft of our FCC submittal is
here:

https://docs.google.com/document/d/15QhugvMlIOjH7iCxFdqJFhhwT6_nmYT2j8xAscCImX0/edit?usp=sharing

And in PDF format: http://huchra.bufferbloat.net/~d/fcc_saner_software_practices.pdf

The principal signers (Dave Taht and Vint Cerf), are joined by many
network researchers, open source developers, and dozens of developers of aftermarket firmware projects like OpenWrt.

Prominent signers currently include:

Jonathan Corbet, David P. Reed, Dan Geer, Jim Gettys, Phil Karn, Felix
Fietkau, Corinna "Elektra" Aichele, Randell Jesup, Bruce Schneier, Eric S. Raymond, Simon Kelly, Andreas Petlund, Sascha Meinrath, Joe Touch, Dave Farber, Nick Feamster, Paul Vixie, Bob Frankston, Eric Schultz, Brahm Cohen, Jeff Osborn, Harald Alvestrand, and James Woodyatt.

If you would like to join our call for substituting sane software
engineering practices over misguided regulations, the window for
adding your signature to the letter closes at 11:59AM ET, today,
Friday, 2015-10-08.

Sign via webform here: http://goo.gl/forms/WCF7kPcFl9

We are at approximately 170 signatures as I write.

For more details on the controversy we are attempting to address, or
to submit your own filing to the FCC see:

https://libreplanet.org/wiki/Save_WiFi
https://www.dearfcc.org/

Please reshare this message and hyperlinks to anyone that would like better wifi.

Sincerely,

Dave Täht
CeroWrt Project Architect
Tel: +46547001161
Drive
new_edit_fcc_alternate_guidelines-final.odtThis is the final version. Comment and edits are closed. Any further edits will be typographic: the sense of the document will not be changed. Before the FEDERAL COMMUNICATIONS COMMISSION Washington, DC 20554 In the Matter of ) ) Amendment of Part 0, 1, 2, 15 and 18 of the ) ET Docket
8 comments on original post
4
Ted Hardie's profile photo
Add a comment...

Harald Tveit Alvestrand

Shared publicly  - 
 
Perhaps we'll really get something going now.....
5
Add a comment...

Harald Tveit Alvestrand

Shared publicly  - 
 
Mye rart man kan ta bilde av med mobiltelefon.... fant denne krabaten på hytta. Kroppen kanskje 1-1.5 cm lang.
 ·  Translate
4
Henrik Lundin's profile photoJames Bankoski's profile photo
2 comments
 
awesome photo!
Add a comment...
Harald Tveit's Collections
People
Have him in circles
2,212 people
Jói Sigurðsson's profile photo
Chris Brorsen's profile photo
marie josiane's profile photo
Virginia Verginica's profile photo
Olaf Drescher's profile photo
Paul Jones's profile photo
Isabel Rosberg's profile photo
Tori Einarsdottir's profile photo
Thomas Longva's profile photo
Work
Employment
  • Google
    Engineer, 2006 - present
  • Cisco
    2000 - 2006
  • Uninett
    1989 - 1997
  • EDB Maxware
    1997 - 2000
  • Norsk Data
    1984 - 1989
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Trondheim
Previously
Trondheim, Norway - Bergen, Norway - Los Altos, California - Namsos, Norway
Story
Tagline
My non-work Google account.
Introduction
I'm the only Harald Alvestrand in the world, as far as I know.

Norwegian Internet geek.

Bragging rights
I'm on the cover of Tanenbaum's "Computer Networks".
Education
  • Norwegian University of Science and Technology
    Electronics, 1980 - 1984
  • Norwegian University of Science and Technology
    1980 - 1984
Basic Information
Gender
Male
Other names
Harald Alvestrand, Harald Tveit