Not at all. If you never enter your bank password or pin through the phone in the first place, there is no way a compromised phone will be able to obtain it. I do all of my online banking from a computer, so a second factor being the phone would work fine (unfortunately only the least important of my three banks uses two factor).
Fair point. But that kind of negates the purpose of all the mobile banking apps at that point, which the banks are eager to promote because they think it makes them look more in touch with their customers' needs. Besides, you're basically assuming security-conscious users with that assertion.:-)
Unfortunately, even if we very optimistically estimate the security knowledge of a bank's customers, I doubt that more than 1% would know enough about computer security to understand that a single device cannot safely be used for both purposes. Therefore, it is the banks' responsibility to ensure that it is not possible for them to set up their account in this way. In practice, this probably means that you either have the ability to do banking on the web (and/or with a mobile app) or you allow text messages as a second factor, but not both.
I mean, sure, they could ostensibly disable the use of text messages as a second factor when you first log in with their mobile banking app or using any mobile device to access their website, but the sheer number of hairy edge cases that would cause means that such a design would get very, very complicated very, very quickly.
something you know, something you have, and something you are
The problem is that superficially, a phone looks like a great second factor. You know your password, and you have your phone. Unfortunately, in practice, it is not a second factor at all because the phone is a party to the communication of the first factor (password/PIN), so compromising the phone compromises a second factor implicitly. Fundamentally, no phone can ever be a second factor for authentication purposes, period, so long as it is possible to enter your password or PIN through that phone.
The ability to clone phones is just the icing on the cake. It's the beach ball floating through the gaping hole that nobody noticed previously that calls attention to the flaw in the minds of people who were otherwise not sufficiently security-minded to see it.
It's not that people can't compare the "what if" scenario so much as that it is meaningless to do so. For abortions in the past, you can't go back and prevent them, and for abortions in the future, the hypothetical "What if I vote Republican and they overturn Roe v. Wade" scenario is a pipe dream. It's a fantasy that will never happen. Thus, that "what if" scenario isn't meaningful except in a purely academic discussion. By contrast, providing material support for the poor so that they are much less likely to decide to have an abortion in the first place is something that can and does reduce abortion deaths every day.
For example, Obamacare's improvements to the availability of drug and alcohol treatment programs will likely do more to reduce the number of abortions and substance-induced miscarriages in this country than everything the Republicans have done since Roe v. Wade put together. It has its flaws, sure, but on the whole, it's a win.
That's the key difference between the Republicans and the Democrats. The Republicans try to make it harder to do what they consider wrong, whereas the Democrats try to make it easier to do what they think is right. The Republicans want a pure rule that bans everything that they consider bad, whereas the Democrats accept that there will always be wrong in the world, and the only thing we can do as a people is to try to make it easier to do right and to lead by example.
The main reason I object to these laws is that they are basically permanent punishment. The fundamental design of a functioning legal system is one of rehabilitation—once you've done your time, you become part of society again. Unfortunately, there are a few parts of our government that violate that design—disenfranchisement for convicted felons, sex offender registries, limits on where convicted sex offenders are allowed to live, and so on—by creating permanent or near-permanent punishments.
Unfortunately, such policies are a big part of why the U.S. has such a staggeringly high recidivism rate. They serve as a constant reminder of what the criminal did—a constant reminder that they're not like the rest of society—which makes complete reintegration with society impossible, forcing them to live on the fringes of society. Every time somebody asks if they voted, they either have to lie or have a very awkward conversation. When somebody asks them to pick up their kids, same problem. And so on.
Regardless of the type of crime, if you think someone is likely to reoffend, you shouldn't be letting them out, and if you don't, then you shouldn't be treating them like they're expected to reoffend, because doing so will significantly increase the odds that they will. That's basic psychology. Anyone who can't grasp that concept has absolutely no business setting any sort of policy on crime prevention. Unfortunately, most of the people setting policies on crime prevention don't understand that concept. And that's why crime in the U.S. is likely to keep getting worse.
The rank and file Catholics can’t even agree on the abortion issue.
It's not that Catholics don't mostly agree that abortion is bad. It's that Catholics tend to be a lot more pragmatic as a group than their clergy would perhaps like. There are three factors here:
Catholics don't universally agree on whether it should be illegal—that is, whether their moral objection to it outweighs the need for a clear separation of church and state—whether they have the right to push what is essentially a religious belief on those who do not share that belief.
A sizable percentage of American Catholics realize that making it completely illegal has the potential to actually cost lives in some medical cases. That certainly isn't something that the Church as an institution will likely ever accept, but it is a reality that most American Catholics will concede. If your choice truly is whether to abort a fetus (or administer medical treatment that has the potential to kill the fetus) or let two people inevitably die, even most people who are against abortion in general have a hard time stomaching the latter.
Most Catholics recognize that there are more important issues that are more likely to actually have a real impact on the world. Roe v. Wade is a wedge that Republicans use to try to get votes, but in reality, they almost never actually do anything to try to change it.
That last one is crucial to understanding Catholic voters. The abortion debate is full of sound and fury, signifying nothing—all talk, no action. As long as that remains the case, it makes sense to evaluate the candidates based on issues that they might realistically act upon—health care, civil rights, care for the poor, etc.
GPL is for people and companies that think "I wrote this software [together with X, Y and Z] and if somebody else makes it better they must share it with all the world, as I did."
BSD is for people and companies that think "I wrote this software [together with X, Y and Z] and I accept the loss that somebody else makes it better and keep it for themselves because I want to have the option of getting somebody's else software, make it better and keep it for me without sharing it back."
No, that's a fundamental mischaracterization.
The GPL is for people and companies who think, "I wrote this software, and if anybody else wants to use it, they should have to give back not only any changes they make to this software, but also any software whose functionality depends on this software or portions of this software."
The BSD license is for people and companies who think, "I wrote this software, and I'm willing to accept that some people may use it as part of a proprietary piece of software and may or may not give back changes, confident that most of them will want to give back their changes because doing so reduces their maintenance costs, and thus I will get patches from those proprietary companies whereas with the GPL, they would reimplement the wheel and I'll get nothing."
Sometimes the GPL people rant about not being able to include BSD code in their projects.
Unless it's the ancient four-clause BSD license or its predecessor (with no enumerated clauses), those GPL people are wrong. You can freely include BSD-licensed code in GPLed projects. Just not the other way around.
In 1995, Congress failed to introduce term limits and the results have been a disaster. Our Federal-level politics have become polarized, and no one is willing to work together for the common good. They just want to make a name for themselves so that they can move on to cushy consulting jobs in private industry. We have no one in the legislature who is able to create a reasonable budget or work with the other party because most career politicians have no real experience in budget writing or politicking.
Never attribute to causation what can be attributed to national political trends just as easily.
They still offer a technically feasible and useful solution to your problem, you've just decided not to count them for political or social reasons.
You're making the incorrect assumption that the only reasons to reject one provider are political or social. There are also companies that:
Cap your bandwidth below your typical usage.
Disallow servers.
Block certain ports that you use.
Don't allow multiple computers to share the connection.
And so on. There may be very valid technical reasons why you have to reject one provider or another, and none of those reasons are particularly uncommon.
Or, to put it another way: If you were too cold hearted to subsidize the land line network by subscribing to it, and chose instead to save a few bucks, I'm too cold hearted to help you for free. Pay me the amount you saved on turning off your land line, and I'll let you use my phone.
Except that's not the way it works. The telcos want the wired land lines to go away because of the overhead. That means that they have policies that make it difficult, if not impossible, to keep your wired line.
For example, most telcos won't activate service on any form of fiber-based connection without permanently severing your ability to get a dial tone on the original wired-line service at that address. So you have a choice: high speed Internet service above DSL speeds or wired voice. You can't have both unless you have a multi-unit dwelling and can add the high speed Internet service to the second unit.
For many people, it has nothing to do with saving a few bucks.
This is actually pretty typical after most disasters. SMS is the most reliable way to get messages back and forth. It can be a high-latency channel for communication, but the message eventually gets delivered. By contrast, a voice call requires a continuous channel that is hard to maintain when everybody is trying to place calls.
None of which helps if the cell tower isn't there anymore or has no power, of course, but with the cell tower density in most places, that's probably not a huge concern unless you're out in the middle of nowhere.
Ruptured lines may not be a big issue, but as a disaster preparedness scheme, relying on natural gas might not be a good idea unless you store it yourself. Natural gas is pumped to you, and in many cases, the compressor stations are powered by electricity, which means that if power goes down, so does your natural gas supply. In those areas, using natural gas for your backup power is basically equivalent to having no backup power at all, localized power outages notwithstanding.
in a way, I like the fact that the gov is killing the privacy-encroaching thing we call The Cloud. really great that people will see it for the unsecure thing that it is.
Except that's not really what's happening here. What's happening is that any cloud providers that don't encrypt the data with a key that is under the user's sole control are going to wither and die as they get replaced by services that do.
Then, after that great purge, the government is going to demand a backdoor into all of the major cloud providers that still exist, and they will dutifully comply. At that point, the people will have no real security, but most will believe that they do. This is just the first step in creating that false sense of security.
I'm in Northern California. My top tier of power costs either 35 or 38 cents, I forget which. So a small savings in continuous consumption adds up very quickly. That's also why an electric vehicle would not be cost effective for me. A Nissan leaf, cost-wise, is only equivalent to a car getting 35 MPG, which is significantly worse fuel economy than the similarly sized Prius, has a fraction of the range, and costs half again more.
I just moved my backup DNS server to a Raspberry Pi. I shed 38 Watts of continuous power consumption. If my math is correct, this change will save me about $116 per year in electricity.
If the fire code bans that, then the fire code is broken. If anything, a fire in the basement is worse than a fire on an upper floor because the whole building becomes a chimney, including the stairwells and elevator shafts. By contrast, the only added risks from having tanks on a higher floor are the risk of leakage (which is easily detected and prevented through proper multi-hull tank design) and the risk posed by having pipes filled with fuel in your walls (which is far less dangerous than the natural gas pipes you already have in those walls).
Okay, so there's a small additional risk if a fire and massive leakage somehow occur simultaneously (catastrophic tank failure combined with an outside ignition source, e.g. a terrorist bombing), but even then, the risk is primarily to folks close to the source of fuel, which is still a lot better than a fire in the basement that puts the entire building in immediate danger and makes exiting the building difficult for everyone on every floor.
What we have here is a situation where regulations created to solve a theoretical problem that is better solved in other ways prevents solving a very real problem that can't be solved in any other way. Such regulations need to be rethought.
Nonsense. You're only saying that because none of them ever have.:-D
Adding hardware to detect bomb residue in the air would potentially be useful (if it works).
Adding thermal imaging to detect concealed weapons or seriously sick people would potentially be useful.
X-ray checks of baggage are at least moderately useful even if they miss things once in a while.
The background checks they run against lists of known or suspected terrorists to help inform the screening process is potentially of at least slight utility, though probably only slight in light of the way the system was designed....
The problem with the TSA is that they seem to have a goal of being usefulness-neutral—for every one thing that they do to improve security, they have to come up with one additional useless hoop for people to jump through for no good reason, so that on average, their actions will never get more useful than they currently are....
Fair point. But that kind of negates the purpose of all the mobile banking apps at that point, which the banks are eager to promote because they think it makes them look more in touch with their customers' needs. Besides, you're basically assuming security-conscious users with that assertion. :-)
Unfortunately, even if we very optimistically estimate the security knowledge of a bank's customers, I doubt that more than 1% would know enough about computer security to understand that a single device cannot safely be used for both purposes. Therefore, it is the banks' responsibility to ensure that it is not possible for them to set up their account in this way. In practice, this probably means that you either have the ability to do banking on the web (and/or with a mobile app) or you allow text messages as a second factor, but not both.
I mean, sure, they could ostensibly disable the use of text messages as a second factor when you first log in with their mobile banking app or using any mobile device to access their website, but the sheer number of hairy edge cases that would cause means that such a design would get very, very complicated very, very quickly.
Yeah. Florida might find another eighty electoral votes somewhere.
The problem is that superficially, a phone looks like a great second factor. You know your password, and you have your phone. Unfortunately, in practice, it is not a second factor at all because the phone is a party to the communication of the first factor (password/PIN), so compromising the phone compromises a second factor implicitly. Fundamentally, no phone can ever be a second factor for authentication purposes, period, so long as it is possible to enter your password or PIN through that phone.
The ability to clone phones is just the icing on the cake. It's the beach ball floating through the gaping hole that nobody noticed previously that calls attention to the flaw in the minds of people who were otherwise not sufficiently security-minded to see it.
It's not that people can't compare the "what if" scenario so much as that it is meaningless to do so. For abortions in the past, you can't go back and prevent them, and for abortions in the future, the hypothetical "What if I vote Republican and they overturn Roe v. Wade" scenario is a pipe dream. It's a fantasy that will never happen. Thus, that "what if" scenario isn't meaningful except in a purely academic discussion. By contrast, providing material support for the poor so that they are much less likely to decide to have an abortion in the first place is something that can and does reduce abortion deaths every day.
For example, Obamacare's improvements to the availability of drug and alcohol treatment programs will likely do more to reduce the number of abortions and substance-induced miscarriages in this country than everything the Republicans have done since Roe v. Wade put together. It has its flaws, sure, but on the whole, it's a win.
That's the key difference between the Republicans and the Democrats. The Republicans try to make it harder to do what they consider wrong, whereas the Democrats try to make it easier to do what they think is right. The Republicans want a pure rule that bans everything that they consider bad, whereas the Democrats accept that there will always be wrong in the world, and the only thing we can do as a people is to try to make it easier to do right and to lead by example.
The main reason I object to these laws is that they are basically permanent punishment. The fundamental design of a functioning legal system is one of rehabilitation—once you've done your time, you become part of society again. Unfortunately, there are a few parts of our government that violate that design—disenfranchisement for convicted felons, sex offender registries, limits on where convicted sex offenders are allowed to live, and so on—by creating permanent or near-permanent punishments.
Unfortunately, such policies are a big part of why the U.S. has such a staggeringly high recidivism rate. They serve as a constant reminder of what the criminal did—a constant reminder that they're not like the rest of society—which makes complete reintegration with society impossible, forcing them to live on the fringes of society. Every time somebody asks if they voted, they either have to lie or have a very awkward conversation. When somebody asks them to pick up their kids, same problem. And so on.
Regardless of the type of crime, if you think someone is likely to reoffend, you shouldn't be letting them out, and if you don't, then you shouldn't be treating them like they're expected to reoffend, because doing so will significantly increase the odds that they will. That's basic psychology. Anyone who can't grasp that concept has absolutely no business setting any sort of policy on crime prevention. Unfortunately, most of the people setting policies on crime prevention don't understand that concept. And that's why crime in the U.S. is likely to keep getting worse.
It's not that Catholics don't mostly agree that abortion is bad. It's that Catholics tend to be a lot more pragmatic as a group than their clergy would perhaps like. There are three factors here:
That last one is crucial to understanding Catholic voters. The abortion debate is full of sound and fury, signifying nothing—all talk, no action. As long as that remains the case, it makes sense to evaluate the candidates based on issues that they might realistically act upon—health care, civil rights, care for the poor, etc.
No, that's a fundamental mischaracterization.
The GPL is for people and companies who think, "I wrote this software, and if anybody else wants to use it, they should have to give back not only any changes they make to this software, but also any software whose functionality depends on this software or portions of this software."
The BSD license is for people and companies who think, "I wrote this software, and I'm willing to accept that some people may use it as part of a proprietary piece of software and may or may not give back changes, confident that most of them will want to give back their changes because doing so reduces their maintenance costs, and thus I will get patches from those proprietary companies whereas with the GPL, they would reimplement the wheel and I'll get nothing."
Unless it's the ancient four-clause BSD license or its predecessor (with no enumerated clauses), those GPL people are wrong. You can freely include BSD-licensed code in GPLed projects. Just not the other way around.
To be fair, though, most Mac and iOS developers probably have no real reason to care whether FreeBSD is using the same compiler.
In 1995, Congress failed to introduce term limits and the results have been a disaster. Our Federal-level politics have become polarized, and no one is willing to work together for the common good. They just want to make a name for themselves so that they can move on to cushy consulting jobs in private industry. We have no one in the legislature who is able to create a reasonable budget or work with the other party because most career politicians have no real experience in budget writing or politicking.
Never attribute to causation what can be attributed to national political trends just as easily.
Oh, yeah. I also forgot the sadly still common mother of all technical reasons:
You're making the incorrect assumption that the only reasons to reject one provider are political or social. There are also companies that:
And so on. There may be very valid technical reasons why you have to reject one provider or another, and none of those reasons are particularly uncommon.
Or truck one in, which is the usual fix. Again, though, it is worth remembering that fixing cell towers in the cities will always get priority.
Except that's not the way it works. The telcos want the wired land lines to go away because of the overhead. That means that they have policies that make it difficult, if not impossible, to keep your wired line.
For example, most telcos won't activate service on any form of fiber-based connection without permanently severing your ability to get a dial tone on the original wired-line service at that address. So you have a choice: high speed Internet service above DSL speeds or wired voice. You can't have both unless you have a multi-unit dwelling and can add the high speed Internet service to the second unit.
For many people, it has nothing to do with saving a few bucks.
This is actually pretty typical after most disasters. SMS is the most reliable way to get messages back and forth. It can be a high-latency channel for communication, but the message eventually gets delivered. By contrast, a voice call requires a continuous channel that is hard to maintain when everybody is trying to place calls.
None of which helps if the cell tower isn't there anymore or has no power, of course, but with the cell tower density in most places, that's probably not a huge concern unless you're out in the middle of nowhere.
I'm waiting for the one with Marvin.
Many compressor stations do run on gas, but not all.
Ruptured lines may not be a big issue, but as a disaster preparedness scheme, relying on natural gas might not be a good idea unless you store it yourself. Natural gas is pumped to you, and in many cases, the compressor stations are powered by electricity, which means that if power goes down, so does your natural gas supply. In those areas, using natural gas for your backup power is basically equivalent to having no backup power at all, localized power outages notwithstanding.
Because... ooh! Shiny!
Except that's not really what's happening here. What's happening is that any cloud providers that don't encrypt the data with a key that is under the user's sole control are going to wither and die as they get replaced by services that do.
Then, after that great purge, the government is going to demand a backdoor into all of the major cloud providers that still exist, and they will dutifully comply. At that point, the people will have no real security, but most will believe that they do. This is just the first step in creating that false sense of security.
I'm in Northern California. My top tier of power costs either 35 or 38 cents, I forget which. So a small savings in continuous consumption adds up very quickly. That's also why an electric vehicle would not be cost effective for me. A Nissan leaf, cost-wise, is only equivalent to a car getting 35 MPG, which is significantly worse fuel economy than the similarly sized Prius, has a fraction of the range, and costs half again more.
I just moved my backup DNS server to a Raspberry Pi. I shed 38 Watts of continuous power consumption. If my math is correct, this change will save me about $116 per year in electricity.
If the fire code bans that, then the fire code is broken. If anything, a fire in the basement is worse than a fire on an upper floor because the whole building becomes a chimney, including the stairwells and elevator shafts. By contrast, the only added risks from having tanks on a higher floor are the risk of leakage (which is easily detected and prevented through proper multi-hull tank design) and the risk posed by having pipes filled with fuel in your walls (which is far less dangerous than the natural gas pipes you already have in those walls).
Okay, so there's a small additional risk if a fire and massive leakage somehow occur simultaneously (catastrophic tank failure combined with an outside ignition source, e.g. a terrorist bombing), but even then, the risk is primarily to folks close to the source of fuel, which is still a lot better than a fire in the basement that puts the entire building in immediate danger and makes exiting the building difficult for everyone on every floor.
What we have here is a situation where regulations created to solve a theoretical problem that is better solved in other ways prevents solving a very real problem that can't be solved in any other way. Such regulations need to be rethought.
I don't have any handy. I tend to rapidly reject them when I have an alternative, after which there's no point in keeping them. ;-)
FWIW, most of the binding arbitration clauses I've read lately have specified that the megacorp pays for the arbitration. YMMV.
Nonsense. You're only saying that because none of them ever have. :-D
The problem with the TSA is that they seem to have a goal of being usefulness-neutral—for every one thing that they do to improve security, they have to come up with one additional useless hoop for people to jump through for no good reason, so that on average, their actions will never get more useful than they currently are....