Anti phishing education is actually quite simple right now.
What's the URL of your bank?
Before you type in your login/bank information, check to make sure that the URL in the URL toolbar is the URL of your bank. If it isn't, then this is most likely a phishing scam, and you shouldn't enter any information.
All banks have to do is put this information on a nice one sheet insert, and put it in with the account statements that they mail out monthly anyway.
Quite frankly, the only way to prevent phishing fraud is through user education.
If you're going to spend money on fixing this problem, I think the best place to put it is in user education.
Suppose.bank goes through. Browsers implement a feature that when a user is at a legitimate SSL protected.bank site, the URL bar turns green.
At this point, you *still* have to educate users of what this green bar means. So why not just skip this expensive.bank/browser implementation, and go straight for the user education, which you will have to do anyway if you truly want to prevent phishing scams?
This just seems like it would be a big waste of money for all parties involved.
My words were in a discussion about voting machines. If you wish to lift them out of context, that's your problem.
But even if I humor you, you're still wrong. Before the operating system of a computer is loaded, the firmware is loaded first. Nefarious firmware is, of course, completely unheard of, but it is not an impossibility.
I'll just quote another poster in this thread:
"If you built the whole computer system from the transistors up through the software by hand then you, personally, can trust the computer - as long as you've never let it out of your sight." -- Original Post.
Practically, this scenario is impossible, and that is why I made my original statement. You can't trust anything you see on a computer screen.
Now, of course, there are caveats to this. There are degrees of trust. I'm 99.999% certain that the computer I'm using right now doesn't have any malware on it. That's good enough for me to go and make some credit card purchases online. In the rare case that I'm wrong, it's easy enough to cancel my cards after they are used fraudulently.
This is good enough for the vast majority of computer use. Voting, however, doesn't fall into this category. The stakes are high, and both parties have unscrupulous members that will cheat if they can get away with it. Computers can be programmed to lie. And they can be programmed to cover their tracks afterwards, so that no one will ever know. This is why systems that have been hacked are completely wiped and reinstalled before they are put back into service. Sure, it's theoretically possible to manually clean a system, but practically, it's much easier to just reinstall from scratch.
And that will be the end of this discussion for me. No matter what "secure computing" model you come up with, I can poke a dozen holes through it. Paranoid? Yes. But this is really just a distraction from the real issue, which is voting system security.
If security is important, then don't let them touch it.
Who is "them"? And who is this mythical person that can be trusted with the software for every voting machine in the country? I mean, I know *I* can be trusted, I just think I'll have trouble hitting every precinct before the polls open on election day. I'm not Santa Clause.
I don't trust anyone, and I don't trust any machine that I see to not be already cracked and rootkit'd before I get there. These are not unreasonable assumptions if you are designing a secure voting machine.
But again, as I've been saying, the source code issue is just a distraction. The real issue is voting machine security, and source code has nothing to do with that.
This is not checked by machines today in any precinct that I know of. I see no reason to hand this responsibility to a machine.
3a) the ballot matches the vote that is recorded internally and wasn't spoofed to the printer
I think you misunderstand the design. There is no vote recorded by the machine. The only tally that counts is the tally of the printed ballots.
4a) the storage method, accounting method, global upload, global tally are all secure
Again, this isn't done by local voting machines. The precincts are responsible for tallying and reporting results, and the issue of a system to collect these results is an entirely different issue.
Even if you have the source, there's no way to certify that it is the same code that will be running on the machine on election day.
This is just one of the many reasons why it is a complete and utter waste of time to check the source code. Even worse, the source code is a distraction from the real issue, which is security.
There is no need to see the source code for this software.
There is only one specification for a secure voting machine, and it is easy to test. There is no need to see the source code. If the machine meets the spec, it is a secure voting machine. Otherwise, it is not, and should not be certified.
Here is the specification:
1. The voter votes on the machine. 2. The machine prints out a ballot. 3. The voter checks the ballot for accuracy, then deposits it in the ballot box. 4. Ballots in the box are tallied for the official vote count.
Simple, easy, secure, reliable, and recountable. There is no need to see any source code.
A voting machine which doesn't meet this spec is not secure. It doesn't matter how many times you check the source, the machine will still not be secure. An "open source" voting machine which does not meet this spec is not secure./.ers like to equate secure voting machines with open source. I like open source, but trying to inject it in this issue is foolish. It is irrelevant whether the voting machine uses open source software. Either it meets the spec, or it doesn't.
I would agree with you, except that this instance of plagiarism is fairly well known at this point.
A quick google search for his name brings up many pages repeating these allegations, and many of them back it up with image comparisons that are very damning.
This man's reputation as an artist is already ruined.
This legal threat is a desperate and foolish measure. The goal is to get rid of the allegations, but instead, the allegations will only be further spread.
And worse, if the threat is followed through to a lawsuit, the website's author will have a chance to prove the allegations in court. A quick look at the evidence reveals that this would likely be a slam dunk for the defense.
Under the DMCA, ripping a DVD is illegal. Making a backup copy of a DVD is illegal. Format shifting a DVD is illegal. Possessing a tool which can do any of the above is illegal. Distributing a tool which can do any of the above is illegal.
If the DMCA had been around in 1980, the VCR would have been shut down by the MPAA long before it ever hit store shelves.
The DMCA is a bad piece of legislation. Congress passed it because the movie industry asked them too.
Congress needs to start thinking for themselves and not passing every single BS piece of legislation that special interest groups ask them to pass.
We just got rid of a whole lot of congressmen, and brought in quite a few new ones, but unfortunately, I see no indications that the new lot will be any better than the old.
Re:People don't always want what they say.
on
The Lameness of Warcraft
·
· Score: 3, Informative
Some people like grind oriented games because it allows them to differentiate themselves from other players by merely spending more time playing the game.
"But I *should* be more powerful!! I spent more time playing the game!"
MMOs are infested with this type of player.
When details of WoW's honor system were announced, I made several posts here and on WoW's forums about how the honor system was "just another grind," and rewarded time played instead of actual PvP skill. I predicted that the players who have the highest ranks would spend 60+ hours a week grinding their PvP rank. And I also said that this is a bad thing.
The most common response I got was "But these players *should* have the highest ranks! They spent more time playing the game!"
IMO, games shouldn't encourage and reward players who give up their lives to play the game. Doing any single activity for 60+ hours a week is not healthy. No game should explicitly encourage this kind of behaviour, but most MMOs do.
Granted, some players would play this much a week without the extra rewards for doing so, but I still don't think we should give players extra rewards just for playing more. Playing the game should be reward enough. If a so called "ranking system" requires a 60+ hour time commitment a week to maintain the highest rank, then a rule change is certainly in order.
Fortunately Blizzard is ditching the current system shortly. I said they should dump it before the system was even in place. Guess that's what they get for not consulting me...
The replacement system is better in two ways. First, it no longer purports to be a ranking system. Second, it no longer depletes your honor by 20% each week, thus eliminating the requirement that players spend ridiculous amounts of time each week to maintain high pvp ranks. Unfortunately the replacement system is still "just another grind."
There is hope for the future though. BC will have a PvP arena system, complete with a ranking system. Here's hoping it's not "just another grind."
I'm no fan of microsoft, but XBox Live is a great product. Neither Nintendo nor Sony will match it this generation. They've pretty much said as much. The PS3 has no unified online framework, and Nintendo is using a kid friendly-mother approved friend code system slightly improved over the DS version.
That said, I don't have a 360, I'm not planning to buy one anytime soon, but I do have a preorder for a Wii which I will hopefully be able to pick up on launch day =]
The receipt idea is horrible... the ballot is secret for a reason...
A much better idea is that the electronic voting machine prints out a human readable paper ballot, which the voter verifies, and puts in the ballot box. The ballots in the ballot box are counted for the official tally.
The real issue is that there are no good standards in the USA for what makes a secure electronic voting machine. Without a solid standard, companies like diebold and sequoia are going to offer insecure voting machines, precincts are going to buy them, and there's really no way to know whether vote fraud has occured, or will occur.
EBGameStop isn't the only chain to sell the Wii/PS3, but they are the only chain that does preorders, so that's why preorder stories are limited to that chain.
Wal-mart, Circuit City, Best Buy, etc don't do preorders.
They aren't going to cut google, or anybody else, they are going to boost other things.
I don't think anyone honestly believes that this will be the case. The Internet is already pretty fast. I can watch video pretty close to real time on my existing "high speed" cable internet connection.
What's going to happen is that google's packets are going to be mysteriously "held up," while search engine B, which paid its protection money, will have its packets go through just fine.
The telecoms aren't planning a business model. They're planning an extortion scheme. And the House of Representatives gave them the green light.
Slashdot Mirror
You should take that up with the US Supreme Court, who derived fair use rights from the first amendment a long time ago.
http://en.wikipedia.org/wiki/Fair_use
Anti phishing education is actually quite simple right now.
What's the URL of your bank?
Before you type in your login/bank information, check to make sure that the URL in the URL toolbar is the URL of your bank. If it isn't, then this is most likely a phishing scam, and you shouldn't enter any information.
All banks have to do is put this information on a nice one sheet insert, and put it in with the account statements that they mail out monthly anyway.
Quite frankly, the only way to prevent phishing fraud is through user education.
.bank goes through. Browsers implement a feature that when a user is at a legitimate SSL protected .bank site, the URL bar turns green.
.bank/browser implementation, and go straight for the user education, which you will have to do anyway if you truly want to prevent phishing scams?
If you're going to spend money on fixing this problem, I think the best place to put it is in user education.
Suppose
At this point, you *still* have to educate users of what this green bar means. So why not just skip this expensive
This just seems like it would be a big waste of money for all parties involved.
Humans are really bad at being random, so a computer could stomp a human at Rock/Paper/Scissors, provided that there were enough rounds.
I remember playing the Apple II port a ton when I was a kid. Great game.
My words were in a discussion about voting machines. If you wish to lift them out of context, that's your problem.
But even if I humor you, you're still wrong. Before the operating system of a computer is loaded, the firmware is loaded first. Nefarious firmware is, of course, completely unheard of, but it is not an impossibility.
I'll just quote another poster in this thread:
"If you built the whole computer system from the transistors up through the software by hand then you, personally, can trust the computer - as long as you've never let it out of your sight." -- Original Post.
Practically, this scenario is impossible, and that is why I made my original statement. You can't trust anything you see on a computer screen.
Now, of course, there are caveats to this. There are degrees of trust. I'm 99.999% certain that the computer I'm using right now doesn't have any malware on it. That's good enough for me to go and make some credit card purchases online. In the rare case that I'm wrong, it's easy enough to cancel my cards after they are used fraudulently.
This is good enough for the vast majority of computer use. Voting, however, doesn't fall into this category. The stakes are high, and both parties have unscrupulous members that will cheat if they can get away with it. Computers can be programmed to lie. And they can be programmed to cover their tracks afterwards, so that no one will ever know. This is why systems that have been hacked are completely wiped and reinstalled before they are put back into service. Sure, it's theoretically possible to manually clean a system, but practically, it's much easier to just reinstall from scratch.
And that will be the end of this discussion for me. No matter what "secure computing" model you come up with, I can poke a dozen holes through it. Paranoid? Yes. But this is really just a distraction from the real issue, which is voting system security.
We are talking about two entirely different things. I am talking about a system that can be trusted by voters.
You apparently are talking about a system that can be trusted by a single computer expert.
The two problems are entirely different, and have entirely different solutions.
I agree 100%
So every voter is going to bring in their own thumb drive?
If security is important, then don't let them touch it.
Who is "them"? And who is this mythical person that can be trusted with the software for every voting machine in the country? I mean, I know *I* can be trusted, I just think I'll have trouble hitting every precinct before the polls open on election day. I'm not Santa Clause.
I don't trust anyone, and I don't trust any machine that I see to not be already cracked and rootkit'd before I get there. These are not unreasonable assumptions if you are designing a secure voting machine.
But again, as I've been saying, the source code issue is just a distraction. The real issue is voting machine security, and source code has nothing to do with that.
1a) Only a valid voter may vote
This is not checked by machines today in any precinct that I know of. I see no reason to hand this responsibility to a machine.
3a) the ballot matches the vote that is recorded internally and wasn't spoofed to the printer
I think you misunderstand the design. There is no vote recorded by the machine. The only tally that counts is the tally of the printed ballots.
4a) the storage method, accounting method, global upload, global tally are all secure
Again, this isn't done by local voting machines. The precincts are responsible for tallying and reporting results, and the issue of a system to collect these results is an entirely different issue.
It is trivial to write a program that prints out a fake hash.
Ever heard of a root kit? You can't trust anything displayed on a computer screen.
Even if you have the source, there's no way to certify that it is the same code that will be running on the machine on election day.
This is just one of the many reasons why it is a complete and utter waste of time to check the source code. Even worse, the source code is a distraction from the real issue, which is security.
There is no need to see the source code for this software.
/.ers like to equate secure voting machines with open source. I like open source, but trying to inject it in this issue is foolish. It is irrelevant whether the voting machine uses open source software. Either it meets the spec, or it doesn't.
There is only one specification for a secure voting machine, and it is easy to test. There is no need to see the source code. If the machine meets the spec, it is a secure voting machine. Otherwise, it is not, and should not be certified.
Here is the specification:
1. The voter votes on the machine.
2. The machine prints out a ballot.
3. The voter checks the ballot for accuracy, then deposits it in the ballot box.
4. Ballots in the box are tallied for the official vote count.
Simple, easy, secure, reliable, and recountable. There is no need to see any source code.
A voting machine which doesn't meet this spec is not secure. It doesn't matter how many times you check the source, the machine will still not be secure. An "open source" voting machine which does not meet this spec is not secure.
Phishing works because people don't pay attention to URLs. How would changing the URL help?
I would agree with you, except that this instance of plagiarism is fairly well known at this point.
A quick google search for his name brings up many pages repeating these allegations, and many of them back it up with image comparisons that are very damning.
This man's reputation as an artist is already ruined.
This legal threat is a desperate and foolish measure. The goal is to get rid of the allegations, but instead, the allegations will only be further spread.
And worse, if the threat is followed through to a lawsuit, the website's author will have a chance to prove the allegations in court. A quick look at the evidence reveals that this would likely be a slam dunk for the defense.
IANAL
It's not libel if it's true.
IANAL.
I am going to organize the largest class action opt out campaign in the history of class action lawsuits.
Under the DMCA, ripping a DVD is illegal.
Making a backup copy of a DVD is illegal.
Format shifting a DVD is illegal.
Possessing a tool which can do any of the above is illegal.
Distributing a tool which can do any of the above is illegal.
If the DMCA had been around in 1980, the VCR would have been shut down by the MPAA long before it ever hit store shelves.
The DMCA is a bad piece of legislation. Congress passed it because the movie industry asked them too.
Congress needs to start thinking for themselves and not passing every single BS piece of legislation that special interest groups ask them to pass.
We just got rid of a whole lot of congressmen, and brought in quite a few new ones, but unfortunately, I see no indications that the new lot will be any better than the old.
Some people like grind oriented games because it allows them to differentiate themselves from other players by merely spending more time playing the game.
"But I *should* be more powerful!! I spent more time playing the game!"
MMOs are infested with this type of player.
When details of WoW's honor system were announced, I made several posts here and on WoW's forums about how the honor system was "just another grind," and rewarded time played instead of actual PvP skill. I predicted that the players who have the highest ranks would spend 60+ hours a week grinding their PvP rank. And I also said that this is a bad thing.
The most common response I got was "But these players *should* have the highest ranks! They spent more time playing the game!"
IMO, games shouldn't encourage and reward players who give up their lives to play the game. Doing any single activity for 60+ hours a week is not healthy. No game should explicitly encourage this kind of behaviour, but most MMOs do.
Granted, some players would play this much a week without the extra rewards for doing so, but I still don't think we should give players extra rewards just for playing more. Playing the game should be reward enough. If a so called "ranking system" requires a 60+ hour time commitment a week to maintain the highest rank, then a rule change is certainly in order.
Fortunately Blizzard is ditching the current system shortly. I said they should dump it before the system was even in place. Guess that's what they get for not consulting me...
The replacement system is better in two ways. First, it no longer purports to be a ranking system. Second, it no longer depletes your honor by 20% each week, thus eliminating the requirement that players spend ridiculous amounts of time each week to maintain high pvp ranks. Unfortunately the replacement system is still "just another grind."
There is hope for the future though. BC will have a PvP arena system, complete with a ranking system. Here's hoping it's not "just another grind."
I'm no fan of microsoft, but XBox Live is a great product. Neither Nintendo nor Sony will match it this generation. They've pretty much said as much. The PS3 has no unified online framework, and Nintendo is using a kid friendly-mother approved friend code system slightly improved over the DS version.
That said, I don't have a 360, I'm not planning to buy one anytime soon, but I do have a preorder for a Wii which I will hopefully be able to pick up on launch day =]
The receipt idea is horrible... the ballot is secret for a reason...
A much better idea is that the electronic voting machine prints out a human readable paper ballot, which the voter verifies, and puts in the ballot box. The ballots in the ballot box are counted for the official tally.
Simple, safe, secure, reliable, and recountable.
The real issue is that there are no good standards in the USA for what makes a secure electronic voting machine. Without a solid standard, companies like diebold and sequoia are going to offer insecure voting machines, precincts are going to buy them, and there's really no way to know whether vote fraud has occured, or will occur.
EBGameStop isn't the only chain to sell the Wii/PS3, but they are the only chain that does preorders, so that's why preorder stories are limited to that chain.
Wal-mart, Circuit City, Best Buy, etc don't do preorders.
They aren't going to cut google, or anybody else, they are going to boost other things.
I don't think anyone honestly believes that this will be the case. The Internet is already pretty fast. I can watch video pretty close to real time on my existing "high speed" cable internet connection.
What's going to happen is that google's packets are going to be mysteriously "held up," while search engine B, which paid its protection money, will have its packets go through just fine.
The telecoms aren't planning a business model. They're planning an extortion scheme. And the House of Representatives gave them the green light.