I’m convinced that any project named Titan will fail to ship (or fail immediately after shipping, as in the most famous instance). Apple’s car project was Titan, Facebook’s gmail killer was Project Titan, I think Activision Blizard had a Titan. Google has this, but I don’t even think it’s their first Titan to not ship, I’m blanking on the other. (Edit: Google’s defunct internet drone project was Titan)
Let's not even talk about all the projects named Phoenix. I am convinced that out of all extremely superficial things, there is nothing more hurtful to a project than naming it Phoenix.
If you zoom out to the big picture, most products, services and companies have a shelf-life and can be distilled down to the "but it didn't deliver" or "it never shipped and was vaporware" perspective.
As an aside, this was published last week, Imagine how much they could of done if they didn't have to do blackbox fuzzing, and how many holes in the device would of been closed.
"Attacking Titan M with Only One Byte" [0]
> ...Titan M, a security chip introduced by Google in their Pixel smartphones, starting from the Pixel 3. In this blog post, ...we show how we found this vulnerability, using emulation-based fuzzing with AFL++ in Unicorn mode. Then, we go over the exploitation and its inherent challenges, that eventually led us to obtain code execution on the chip.
I've talked with security professionals who have told me they prefer to not have source so that they don't get lazy. The bugs you find via black box methods aren't always the same you would find through scanning the code. Assuming the attacker also lacks source, you're better off finding the bugs they would find through similar methods. I don't work in security so I don't know if this is a commonly held belief.
I'm curious if this is a legally binding promise in any major jurisdiction.
E.g., can someone on the U.S. sue Google for specific performance to uphold that promise?
I'm not talking about suing for monetary compensation, or accepting an out-of-court settlement. I'm talking, full-strength, possibly precedence-setting, fulfillment of that promise in federal court?
I would so contribute to a legal fund for that, especially with the stipulation that my money must be returned if an out-of-court settlement were reached.
(IANAL) I wonder if there's a truth in advertising case here. Titan M is a security product, and is not meeting one of its promised security statements:
> With the Pixel 3, we’ve increased our investment in security and put industry-leading hardware features into the device, so you can rest assured that your security and privacy are well protected. In the coming months, the security community will be able to audit Titan through its open-source firmware. In the meantime, you can test out Titan M and all of the smarts Pixel 3 brings, when it goes on sale on Thursday, October 18 in the U.S.
I can see a world where consumers/etc have purchased Pixel 3 specifically for that statement.
Suing for specific performance is mostly a thing of the past; it sometimes happens in regard to real estate transactions. It was quite common in the pre-modern era. Think runaway apprentices, indentured servitude, etc.
> - there's no monetary award that makes the plaintiff whole.
> If I'm right, then I'd think that this issue with Google meets those criteria.
Wouldn't returning the purchase money or reversing the purchase of the phone make the plaintiff whole? Perhaps a competitor could complain that the unfulfilled promise was anti-competitive and disrupted their sales, but they could be made whole by money damages.
Hey, Google! It's time to redeem your promise.
Almost four years ago the Google blog post on Pixel 3's Titan M [1] stated:
In the coming months, the security community will be able to audit Titan through its open-source firmware.
However, as of today, the source code still is not available to the (security) community.
[1] https://blog.google/products/pixel/titan-m-makes-pixel-3-our-most-secure-phone-yet/
If you've got expired google login cookies, a lot of google resources will prompt you to reconfirm your account state. Kind of a pain for otherwise public resources.
