The fact that it was only bloodless because Rudd did some last minute polling and found out exactly how much of it he was about to lose is unrelated.
So you're suggesting that if not for the last minute polling, Rudd would have stormed the party chambers wielding a sub-machine gun and blown off a few hundred rounds?
Sounds like some decent security analysis has been done. Very impressive that such simplicity can be so effective. I hope it takes off sooner than later.
The trick with the preference voting system that we are lucky enough to have in Australia, is that there are no 'wasted votes' in the same sense that happens when you only get to vote for a single candidate/party. So there is no downside to voting for your 'idealistic' party first, followed by labour/liberal in the order that you prefer.
It's a shame that people still don't understand the tremendous benefits you get from being able to number the candidates from 1st to last. This is one of those benefits.
Actually, the single issue parties are great. It lets people that care about that particular issue vote that 'party' in at number one. The preference system lets you select the other large parties in descending order of who else you'd actually prefer to win.
If, for example, the Pirate Party somehow won the seat in that electorate, the nominated candidate would probably just turn it down. But, even if they don't win, the vote would show that any other candidate that stood for that same issue would have a commensurate increase in their own votes next time around.
The Pirate Party is confusingly named. What they stand for is extremely well reasoned - ie. they're NOT about completely abolishing copyright legislation and making piracy legal. It'll be interesting to see if they get enough members to register as an official political party before the next election.
Out of interest, how did you come up with your figure of 10000 interceptions?
After thinking about it for a bit, I get the impression that 10000 is quite high for this type of cipher.
The method boils down to a boolean 'OR' of two inputs to produce an output. Only one of the inputs and a section of the output pattern are known. The output pattern is known to exist, but at one of a few possible locations within the combined field. This implies that all other valid outputs do not exist at any location within the field, and assumes that the positions are exclusive between the inputs and the resultant pattern.
On the surface, it looks like the above function can be mapped with a series of simultaneous linear boolean equations. When the results of a few overlapping iterations are known, the equations can be expressed as a number of unknowns that are interrelated by position and pattern. Knowing that a particular pattern has been created at one of a few possible locations, and knowing one of the inputs; the second input can be equated against the unknowns of all other iterations. As more and more iterations are run (and assuming that the entire field is utilised fairly uniformly across iterations), the ability to completely map the key space tends towards certainty.
Looking at the numbers, we already know the following: Each digit is made up of 7 segments. The code weight of the digits varies from 2 to 7 with a fairly uneven distribution (assuming all ten values (0-9) are valid). If there are 16 possible locations for the resultant digit pattern, and there are 4 modified locations (1 real + 3 dummy) indicated by the known input, then each iteration leaks enough information to pinpoint the pattern with 1/4 probability. Since an 'on' segment is a weak correlation (it could have both or either inputs on), and and 'off' segment is a strong correlation (we know both segments are 'off'), the assumption is that we'll only need a few inputs for each location to determine the localised pattern. This amount of input data should also provide a sufficient number of simultaneous equations that could be solved for most of the unknown positions, and by extension the patterns at those positions.
Unless I'm missing something, I'd suggest that the upper bound on the complexity of the solution is on the order of two to three times the field width in digits. And assuming 4 digits per login, that means the entire key space could be leaked to passive interception in under 10 logins.
The concept is excellent. It's great to see that your cryptanalysis suggests that there is more than sufficient security margin in the animated challenge / static key generator algorithms that you've created.
Although, they aren't immune from active attackers as you've described, the primary benefit of the OTP secure token is that passive evesdropping at any single point is insufficient to compromise the system.
Whereas, while PassWindow is immune to trojan interception, it doesn't solve the problem of the proverbial 'over the shoulder' camera or the trojan controlled web-cam. That is where the secure tokens have a huge advantage, and traditionally where the banks focused their attention.
To get the banks interested, both problems need to be solved. When your electronic version goes into production, the banks are much more likely to take notice. But, there are many other industries that I'm sure could gain huge benefits from the static mask PassWindow technology. And if nothing else, it's always going to be an improvement over the (in)security of typing a password into a keygrabber.
At a certain energy, the particle will eventually be torn apart into its constituent subatomic particles. This is effectively what the super-colliders and particle accelerators do.
There is a potential issue with your system in situations where the user makes multiple transactions over time.
The following assumes that a passive trojan is acting as a MITB (man in the browser) and can access both the outbound images and inbound responses. That is obviously not trivial, but possible none-the-less.
After a single transaction, it should still be theoretically impossible to deduce with 100% certainty the pattern on the user's card.
However, as the user performs more and more transactions, the pattern can progressively be 'decoded' as per a substitution cipher. By introducing animation, the trojan can further assume that 'inactive' digits do not visually resolve as real digits - this can be used to assist the deduction process.
Some banks use side channel communications in the form of mobile phones or pagers. Others use the OTP tokens. And as you've pointed out, a poorly implemented OTP / secure token system is still vulnerable to MITB attacks. The OTP systems were introduced as an improvement to single factor systems. Although not a panacea, they clearly helped enough to let the banks continue without too much effort.
At present, all the Australian banks are using some kind of improved system to secure their transactions. And being rather conservative, it's unlikely they'll change to a system that is not a significant improvement to their existing security and ease of use.
Your system improves on just entering the digits in the clear, and requires more effort from the trojan. It also requires the trojan to be resident for a longer period of time before it is able to deduce your key. But, this is only a marginal improvement to security, and in some ways could be considered a reduction in security if it was to replace an existing OTP system. This is because once the pattern has been deduced, any number of transactions could be made at any time without requiring the original card.
However, if your system was to be combined with a secure token - ie. a token that changes the 'key pattern' on a transparent LCD - then you could have the best of both worlds: the protection of blind entry combined with a continually changing pattern (requiring possession of the token - the second factor). The token could toggle between standard numeric display for regular OTP logins, and the pattern mask for online transaction approvals.
Your idea is very clever and really deserves as much industry attention as it can get.
The kind of eyewear required to protect you from this is the kind that is very hard to see through even in direct sunlight on a bright sunny day. Think welding masks.
And LCD shutters aren't fast enough to protect you from an on-axis beam in the eye with a 1W laser. If the shutter closed in 1 millisecond it would still be like looking continuously into the beam of a 1mW laser pointer for a whole second. It might help you avoid total blindness, but definitely a situation you would want to avoid.
You'd really need something like a camera/monitor built into your 'goggles' to be sure. And if that kind of technology gets small enough to be fashionable and wearable, there are many other much more useful things you could do with it than just 'protect' your eyes.
This isn't like the usual hyping of camera resolution - hey look we've got 14 megapixels vs the competition's crappy 12. Yee haw!
This is like a 14 megapixel point and shoot camera being released back in the days when everyone else was still only touting 4 megapixels. That kind of jump seems like a point worth marketing to me. You might call it hype, I call it a significant improvement.
BTW, I was amused when we got former F-117 maintainers in our squadron after the program ceased to be Black. They told us that "UFO" sightings were common when they flew, which was of course at night.
Nothing unexpected about that. They were flying around at night in unusual aircraft that couldn't be identified. Just because someone reports a 'UFO', doesn't mean they automatically assume it's of alien origin.
That's probably because conspicuous consumption used to imply that you had a lot of available money/assets, and used to be a good indicator of actual wealth.
That would be like saying that a spammer/customer relationship is satisfied by the fact that the spammer was selling toilet paper and the recipient was a user of toilet paper.
As a vendor of toilet paper, I may be free to spam my existing customer base, but I'm not free to spam yours (or any other potential customers that aren't already engaging me an existing and ongoing relationship).
With that in mind, even if we could assume that just by the fact that a voter voting for her automatically satisfies the requisite relationship criteria, there is still no way for her to know who voted for her and who voted for another candidate.
Those healthy things on the menu are primarily there for marketing purposes to placate the people that say MacDonalds is unhealthy (even if they never eat there). For the 2% of people eat the good stuff at MacDonalds, more power to them.
However, you can pretty much guarantee that nearly every kid that is taken to MacDonalds will not be eating off their healthy menu.
And from fermion's slashdot ID, I'd say that he (along with just about everyone else from that era) held that opinion well before "super size me" was ever made. In fact "super size me" was only successful because so many people had for years/decades already believed the core premise of the movie.
Back in the '80s we used to sit and eat in Maccas, and the whole time we'd basically talk about how bad it was for us and how if we died our plasticised bodies would never decompose. Then we'd go back and eat it again the next week.
So, no, the 'outrage' bandwagon has nothing to do with your straw man. It's been around a long time before that.
They are saying that once you've become severely addicted, the benefits of caffeine consumption are only returning you to a level of 'focus and energy' that is equivalent to the unstimulated level that you had prior to becoming addicted.
The idea is that after you're addicted, consuming caffeine only makes you normal again. Yes, it is still stimulating you, but only from a severely depressed level to a normal level of focus and energy. Whereas, if you weren't addicted, your level of awareness and energy would be raised above the level that is normal for your body.
No, the implementations of these WIFI patents still need to be done in hardware. It will be a while before general purpose processors are fast enough to run equivalently functional software to do the job in real time.
However, the problem isn't hardware patents being good and software patents being bad. It's that the patent system is too broken to cater for either.
Hardware is simply the embodiment of a functional device that is performing a described functionality. Software is simply a reduction of (potentially the same) functionality into a descriptive language that can be implemented 'on the fly'.
In the end, any invention, whether it be a manufacturing process, physical implementation, or software code, needs to be evaluated on both its usefulness and ingenuity.
Anything that ends up in a public inter-communications standard needs to be considered with that in mind and re-evaluated with more stringent criteria, reduced term lengths, and proportionally non-discriminatory licensing terms. This should be part of the legal framework of the patent system, and not left to the whim of various colluding standards organisations or corporations.
Patent and copyright durations need to be evaluated in terms of the usefulness of the idea to the public trust. If an idea becomes useless (or close to useless) before it expires to the public trust, then the term should be deemed excessive and reduced. That means that software should be patentable, but at a reduced term length.
Also, the amount of required inventiveness (ie. non-obviousness) needs to be relative to the protection afforded and the number of potential 'inventors' operating in the given fields of expertise. The problem with the current system is that very small inventive steps are protected for 20 years. In many cases this locks out all competition by making it far too risky to even try to work around the patent (which in some cases is not possible due to vagueness/broadness of the pre-existing patent). For software developers this can quickly become a disaster when there are millions of players participating in their domain, and the cost of litigation prohibitive.
1. Your family is so poor that they can barely eat. 2. You work pretty much all your waking hours earning money to send back home to support your family. 3. You realise that you'll probably have to do this for the rest of your life. 4. You find out that if you commit suicide, your employer will pay your family 10 times your yearly salary. 5. ??? 6. Profit.
I'm sure it's not hard to understand what some people will opt to do as step #5.
The parent post is a concise response to the anti-Apple drivel that regularly gets spouted on Slashdot.
It is true that there is a perception that Apple products are far more expensive - but only because Apple doesn't make anything that competes feature-wise in the low end of the market. When comparing like to like, their prices are only marginally higher than offerings from Dell/HP/Lenovo/etc.
It is way too early to pick one phone OS as the one you want to use for "life"... The same applies to why I wouldn't buy blu-ray or HD-dvd until hd-dvd died off and we have only blu-ray.
By your reasoning, you should also not yet own any type of smart phone, let alone the apps.
As I said, I buy things that last, so no, I wouldn't have a problem paying a little more for it in order to know that I have it forever.
But, now you're just pissing away your hard earned cash on something that you didn't really want anyway. If you did want it, you would have thought about what its intrinsic utility was worth to you to determine how much you'd be prepared to pay. You seem to think that the only apps in the app store that are worth their price are the free ones: from your first post, "If I could buy Awesome App from company X and have access to that app on iPhone, Android, and WebOS without having to rebuy it, THEN I'd be willing to pay for apps. Until that happens, I stick with the freebies."
By saying that portability is worth "a little more" implies that there is a point that the non-portable app still has value. So what is this value to you? As shown above, you say it's zero, but that is just your own stubbornness, as I'm sure you wouldn't be happy to pay a fixed amount (ie. zero + portability levy) for every app out there - clearly some are going to be worth more than others.
I don't rent because that's the same as flushing your money down the toilet.
The moment you purchase a DVD (or BluRay or whatever) it immediately depreciates in value to a level that is close to the cost of renting it. If you watch all your purchased videos multiple times, then more power to you. If you're like most people with a huge collection, and watch them at most once every 5 years, then the cost of purchase usually exceeds the cost of a single new release rental plus a few $1/week rentals 5, 10 and 15 years later.
I understand buying a movie that you really love and don't ever want to lose access to. But, this is hardly the case for the vast majority of purchased movies. For most people the hoarding instinct lets them believe that they are not pissing money out the window, when in reality they are.
So, unless you're scared that the movie will never again be available for rent/streaming, then you're better off investing your saved dollars elsewhere. Purchasing DVD/Bluray disks is not a clever way of investing money.
Slashdot Mirror
The fact that it was only bloodless because Rudd did some last minute polling and found out exactly how much of it he was about to lose is unrelated.
So you're suggesting that if not for the last minute polling, Rudd would have stormed the party chambers wielding a sub-machine gun and blown off a few hundred rounds?
I hope you jest.
Slashdot is just working its way through the alphabet of centric foci:
America
Apple
Australia
In October, we'll be expecting a slurry of submissions from Bavaria, followed subsequently by the BBC, Belgium and some guy called Bill.
Sounds like some decent security analysis has been done. Very impressive that such simplicity can be so effective. I hope it takes off sooner than later.
The trick with the preference voting system that we are lucky enough to have in Australia, is that there are no 'wasted votes' in the same sense that happens when you only get to vote for a single candidate/party. So there is no downside to voting for your 'idealistic' party first, followed by labour/liberal in the order that you prefer.
It's a shame that people still don't understand the tremendous benefits you get from being able to number the candidates from 1st to last. This is one of those benefits.
Actually, the single issue parties are great. It lets people that care about that particular issue vote that 'party' in at number one. The preference system lets you select the other large parties in descending order of who else you'd actually prefer to win.
If, for example, the Pirate Party somehow won the seat in that electorate, the nominated candidate would probably just turn it down. But, even if they don't win, the vote would show that any other candidate that stood for that same issue would have a commensurate increase in their own votes next time around.
The Pirate Party is confusingly named. What they stand for is extremely well reasoned - ie. they're NOT about completely abolishing copyright legislation and making piracy legal. It'll be interesting to see if they get enough members to register as an official political party before the next election.
One great idea after the next!
Out of interest, how did you come up with your figure of 10000 interceptions?
After thinking about it for a bit, I get the impression that 10000 is quite high for this type of cipher.
The method boils down to a boolean 'OR' of two inputs to produce an output. Only one of the inputs and a section of the output pattern are known. The output pattern is known to exist, but at one of a few possible locations within the combined field. This implies that all other valid outputs do not exist at any location within the field, and assumes that the positions are exclusive between the inputs and the resultant pattern.
On the surface, it looks like the above function can be mapped with a series of simultaneous linear boolean equations. When the results of a few overlapping iterations are known, the equations can be expressed as a number of unknowns that are interrelated by position and pattern. Knowing that a particular pattern has been created at one of a few possible locations, and knowing one of the inputs; the second input can be equated against the unknowns of all other iterations. As more and more iterations are run (and assuming that the entire field is utilised fairly uniformly across iterations), the ability to completely map the key space tends towards certainty.
Looking at the numbers, we already know the following: Each digit is made up of 7 segments. The code weight of the digits varies from 2 to 7 with a fairly uneven distribution (assuming all ten values (0-9) are valid). If there are 16 possible locations for the resultant digit pattern, and there are 4 modified locations (1 real + 3 dummy) indicated by the known input, then each iteration leaks enough information to pinpoint the pattern with 1/4 probability. Since an 'on' segment is a weak correlation (it could have both or either inputs on), and and 'off' segment is a strong correlation (we know both segments are 'off'), the assumption is that we'll only need a few inputs for each location to determine the localised pattern. This amount of input data should also provide a sufficient number of simultaneous equations that could be solved for most of the unknown positions, and by extension the patterns at those positions.
Unless I'm missing something, I'd suggest that the upper bound on the complexity of the solution is on the order of two to three times the field width in digits. And assuming 4 digits per login, that means the entire key space could be leaked to passive interception in under 10 logins.
The concept is excellent. It's great to see that your cryptanalysis suggests that there is more than sufficient security margin in the animated challenge / static key generator algorithms that you've created.
Although, they aren't immune from active attackers as you've described, the primary benefit of the OTP secure token is that passive evesdropping at any single point is insufficient to compromise the system.
Whereas, while PassWindow is immune to trojan interception, it doesn't solve the problem of the proverbial 'over the shoulder' camera or the trojan controlled web-cam. That is where the secure tokens have a huge advantage, and traditionally where the banks focused their attention.
To get the banks interested, both problems need to be solved. When your electronic version goes into production, the banks are much more likely to take notice. But, there are many other industries that I'm sure could gain huge benefits from the static mask PassWindow technology. And if nothing else, it's always going to be an improvement over the (in)security of typing a password into a keygrabber.
At a certain energy, the particle will eventually be torn apart into its constituent subatomic particles. This is effectively what the super-colliders and particle accelerators do.
There is a potential issue with your system in situations where the user makes multiple transactions over time.
The following assumes that a passive trojan is acting as a MITB (man in the browser) and can access both the outbound images and inbound responses. That is obviously not trivial, but possible none-the-less.
After a single transaction, it should still be theoretically impossible to deduce with 100% certainty the pattern on the user's card.
However, as the user performs more and more transactions, the pattern can progressively be 'decoded' as per a substitution cipher. By introducing animation, the trojan can further assume that 'inactive' digits do not visually resolve as real digits - this can be used to assist the deduction process.
Some banks use side channel communications in the form of mobile phones or pagers. Others use the OTP tokens. And as you've pointed out, a poorly implemented OTP / secure token system is still vulnerable to MITB attacks. The OTP systems were introduced as an improvement to single factor systems. Although not a panacea, they clearly helped enough to let the banks continue without too much effort.
At present, all the Australian banks are using some kind of improved system to secure their transactions. And being rather conservative, it's unlikely they'll change to a system that is not a significant improvement to their existing security and ease of use.
Your system improves on just entering the digits in the clear, and requires more effort from the trojan. It also requires the trojan to be resident for a longer period of time before it is able to deduce your key. But, this is only a marginal improvement to security, and in some ways could be considered a reduction in security if it was to replace an existing OTP system. This is because once the pattern has been deduced, any number of transactions could be made at any time without requiring the original card.
However, if your system was to be combined with a secure token - ie. a token that changes the 'key pattern' on a transparent LCD - then you could have the best of both worlds: the protection of blind entry combined with a continually changing pattern (requiring possession of the token - the second factor). The token could toggle between standard numeric display for regular OTP logins, and the pattern mask for online transaction approvals.
Your idea is very clever and really deserves as much industry attention as it can get.
The kind of eyewear required to protect you from this is the kind that is very hard to see through even in direct sunlight on a bright sunny day. Think welding masks.
And LCD shutters aren't fast enough to protect you from an on-axis beam in the eye with a 1W laser. If the shutter closed in 1 millisecond it would still be like looking continuously into the beam of a 1mW laser pointer for a whole second. It might help you avoid total blindness, but definitely a situation you would want to avoid.
You'd really need something like a camera/monitor built into your 'goggles' to be sure. And if that kind of technology gets small enough to be fashionable and wearable, there are many other much more useful things you could do with it than just 'protect' your eyes.
This isn't like the usual hyping of camera resolution - hey look we've got 14 megapixels vs the competition's crappy 12. Yee haw!
This is like a 14 megapixel point and shoot camera being released back in the days when everyone else was still only touting 4 megapixels. That kind of jump seems like a point worth marketing to me. You might call it hype, I call it a significant improvement.
BTW, I was amused when we got former F-117 maintainers in our squadron after the program ceased to be Black. They told us that "UFO" sightings were common when they flew, which was of course at night.
Nothing unexpected about that. They were flying around at night in unusual aircraft that couldn't be identified. Just because someone reports a 'UFO', doesn't mean they automatically assume it's of alien origin.
That's probably because conspicuous consumption used to imply that you had a lot of available money/assets, and used to be a good indicator of actual wealth.
The established relationship is voter, candidate.
That would be like saying that a spammer/customer relationship is satisfied by the fact that the spammer was selling toilet paper and the recipient was a user of toilet paper.
As a vendor of toilet paper, I may be free to spam my existing customer base, but I'm not free to spam yours (or any other potential customers that aren't already engaging me an existing and ongoing relationship).
With that in mind, even if we could assume that just by the fact that a voter voting for her automatically satisfies the requisite relationship criteria, there is still no way for her to know who voted for her and who voted for another candidate.
Those healthy things on the menu are primarily there for marketing purposes to placate the people that say MacDonalds is unhealthy (even if they never eat there). For the 2% of people eat the good stuff at MacDonalds, more power to them.
However, you can pretty much guarantee that nearly every kid that is taken to MacDonalds will not be eating off their healthy menu.
And from fermion's slashdot ID, I'd say that he (along with just about everyone else from that era) held that opinion well before "super size me" was ever made. In fact "super size me" was only successful because so many people had for years/decades already believed the core premise of the movie.
Back in the '80s we used to sit and eat in Maccas, and the whole time we'd basically talk about how bad it was for us and how if we died our plasticised bodies would never decompose. Then we'd go back and eat it again the next week.
So, no, the 'outrage' bandwagon has nothing to do with your straw man. It's been around a long time before that.
They're not saying that it doesn't.
They are saying that once you've become severely addicted, the benefits of caffeine consumption are only returning you to a level of 'focus and energy' that is equivalent to the unstimulated level that you had prior to becoming addicted.
The idea is that after you're addicted, consuming caffeine only makes you normal again. Yes, it is still stimulating you, but only from a severely depressed level to a normal level of focus and energy. Whereas, if you weren't addicted, your level of awareness and energy would be raised above the level that is normal for your body.
No, the implementations of these WIFI patents still need to be done in hardware. It will be a while before general purpose processors are fast enough to run equivalently functional software to do the job in real time.
However, the problem isn't hardware patents being good and software patents being bad. It's that the patent system is too broken to cater for either.
Hardware is simply the embodiment of a functional device that is performing a described functionality. Software is simply a reduction of (potentially the same) functionality into a descriptive language that can be implemented 'on the fly'.
In the end, any invention, whether it be a manufacturing process, physical implementation, or software code, needs to be evaluated on both its usefulness and ingenuity.
Anything that ends up in a public inter-communications standard needs to be considered with that in mind and re-evaluated with more stringent criteria, reduced term lengths, and proportionally non-discriminatory licensing terms. This should be part of the legal framework of the patent system, and not left to the whim of various colluding standards organisations or corporations.
Patent and copyright durations need to be evaluated in terms of the usefulness of the idea to the public trust. If an idea becomes useless (or close to useless) before it expires to the public trust, then the term should be deemed excessive and reduced. That means that software should be patentable, but at a reduced term length.
Also, the amount of required inventiveness (ie. non-obviousness) needs to be relative to the protection afforded and the number of potential 'inventors' operating in the given fields of expertise. The problem with the current system is that very small inventive steps are protected for 20 years. In many cases this locks out all competition by making it far too risky to even try to work around the patent (which in some cases is not possible due to vagueness/broadness of the pre-existing patent). For software developers this can quickly become a disaster when there are millions of players participating in their domain, and the cost of litigation prohibitive.
Maybe the US could just lend us their Constitution. They don't seem be using it anymore.
I've been writing for Windows CE for so long, I've got a permanent furrow on my brow.
And when it doesn't sell, it'll be proof "no one wants ebooks" so we'll just can that market.
No, it'll be proof that "there are too many people pirating our wonderful ebooks" so we'll lobby the government to enact more draconian laws.
Think of it like this.
1. Your family is so poor that they can barely eat.
2. You work pretty much all your waking hours earning money to send back home to support your family.
3. You realise that you'll probably have to do this for the rest of your life.
4. You find out that if you commit suicide, your employer will pay your family 10 times your yearly salary.
5. ???
6. Profit.
I'm sure it's not hard to understand what some people will opt to do as step #5.
Good to see people standing up for their rights.
Well, in Foxconn's case, not so much standing up as falling down.
The parent post is a concise response to the anti-Apple drivel that regularly gets spouted on Slashdot.
It is true that there is a perception that Apple products are far more expensive - but only because Apple doesn't make anything that competes feature-wise in the low end of the market. When comparing like to like, their prices are only marginally higher than offerings from Dell/HP/Lenovo/etc.
Australia, an island off the coast of New Zealand.
It is way too early to pick one phone OS as the one you want to use for "life" ... The same applies to why I wouldn't buy blu-ray or HD-dvd until hd-dvd died off and we have only blu-ray.
By your reasoning, you should also not yet own any type of smart phone, let alone the apps.
As I said, I buy things that last, so no, I wouldn't have a problem paying a little more for it in order to know that I have it forever.
But, now you're just pissing away your hard earned cash on something that you didn't really want anyway. If you did want it, you would have thought about what its intrinsic utility was worth to you to determine how much you'd be prepared to pay. You seem to think that the only apps in the app store that are worth their price are the free ones: from your first post, "If I could buy Awesome App from company X and have access to that app on iPhone, Android, and WebOS without having to rebuy it, THEN I'd be willing to pay for apps. Until that happens, I stick with the freebies."
By saying that portability is worth "a little more" implies that there is a point that the non-portable app still has value. So what is this value to you? As shown above, you say it's zero, but that is just your own stubbornness, as I'm sure you wouldn't be happy to pay a fixed amount (ie. zero + portability levy) for every app out there - clearly some are going to be worth more than others.
I don't rent because that's the same as flushing your money down the toilet.
The moment you purchase a DVD (or BluRay or whatever) it immediately depreciates in value to a level that is close to the cost of renting it. If you watch all your purchased videos multiple times, then more power to you. If you're like most people with a huge collection, and watch them at most once every 5 years, then the cost of purchase usually exceeds the cost of a single new release rental plus a few $1/week rentals 5, 10 and 15 years later.
I understand buying a movie that you really love and don't ever want to lose access to. But, this is hardly the case for the vast majority of purchased movies. For most people the hoarding instinct lets them believe that they are not pissing money out the window, when in reality they are.
So, unless you're scared that the movie will never again be available for rent/streaming, then you're better off investing your saved dollars elsewhere. Purchasing DVD/Bluray disks is not a clever way of investing money.