The problem here is that Lester is the one who owes
the money, but Lester does not get paid first.
The Label only footed the upfront studio cost, but the
Label gets paid first, and then from what's left
they pay Lester.
That's like having a mortgage on my house, and now
the Bank gets my paycheck and they take their cut
then hand me the rest.
Changing OSs... is like a blood transfusion, except
your new blood is not quite compatible with your old
blood. A lot of people find it quite impossible to
migrate from windows because they've got (a) apps,
(b) data, or (c) skills which won't transfer to linux.
Basically they're locked in.
Frankly, I don't think it matters if the rate of
technological advance per person is diminishing.
The rate of technological advance of the species as
a whole is accelerating, and that's what counts. Because
only one person may invent something, but the whole race benefits from that invention.
The problems in a nutshell are (a) the root servers
control the set of TLDs which exist, and (b) every
resolver contains a list of the root servers.
People who chafe at the thought of ICANN controlling
the TLD list (and want to add their own, new TLDs)
setup alternative root servers. And then they are
caught by problem B, in that every client in the world
must change their root server hints in order to see
the alternative domains. Most don't, of course, and
so only a few people can see those alternative domains.
The people who run the servers and the people who use
the alternative domains are deluding themselves.
But what if domains could be looked up without clients
needing a list of root servers? What if anybody could
lay unique claim to a domain name without going through
the established structure of Registries and Registrars
and ICANN at the top of it all making ridiculous decisions
about the TLDs (like.tel and.museum), not to mention the appalling Verisign? This would destroy the DNS resale
market. Would that be such a problem - it's already necessary to register company domains in multiple namespaces, and it only gets worse as more TLDs are added.
An infinity of TLDs would prove the futility of that
action. Anyway, what's my point?
Trackerless Bittorrent.
The latest Bittorrent does without a tracker by using a
clever algorithm to distribute the contents of a hash
table around the net. No hardcoded tracker IP is required.
Perhaps this concept could be applied to the function of
looking up domain names. Clients would not need a
list of "official" root servers in order to lookup any
name. Domain Name owners would be able to choose any
domain name they like (subject only to the requirement
that it is recognisable as a domain name). No more ICANN
mismanagement. No more Verisign hijacking.
What characteristics would a usable distributed DNS
algorithm need?
Each domain would need to be allocated uniquely. It
would not be good if it allowed domains to be spoofed.
It would need to be a hierarchical system. Only the
entity maintaining "cocacola.com" should be able to create
a subdomain under "cocacola.com".
There would need to be some kind of mechanism
preventing automatic allocation of large chunks of the
namespace (for example, acquiring every single 4-character
TLD).
Yes I did, and I pulled out the book to try to find
references but failed. It's a big book.
Then I did a google search but still nothing came up
to prove whether my mental connection between the
two was legitimate.
I can take notes and leave them in my handwriting rather than try and convert everything to text.
If you do that then your notes are not greppable. On
the other hand, converting them to text after the
meeting concludes takes extra time. This is a good
argument for bringing an ordinary laptop, as opposed
to a tablet pc, into a meeting. I suppose it's much
easier to draw quick diagrams on a tablet PC, but if
your notes are mostly textual, best to use the keyboard.
My last two ASUS mobos sucked bigtime. I can't remember
the model number but they were identical and housed a 1.3 GHz Celeron chip.
Sound, on both mobos, was unreliable. It would work for
anything from 10 seconds to 2 days, then just stop. Compiling the sound driver as a module and unloading and
reloading did not help. Various versions of the sound
driver code did not help.
Also the mobos would crash irregularly. I found I had to
slow down the CPU and particularly memory timing to keep
them going for longer. It could have been a problem with
the memory but I do not think so because I had to replace
memory at some time and the condition still occurred
with the replacement memory.
So no, I'm not very impressed with ASUS. My last mobo
purchase was an ABIT, and while it's not perfect either,
at least my sound works reliably.
Now all I need is a keyboard with a trackpoint mouse
embedded in it - not just any keyboard, but a Model M
style buckling-spring beauty. I think pckeyboard.com
sells them. Then I won't need to move my hands away
from the keyboard to move the mouse around.
I suppose I should clearly distinguish between
customization features which I would use
myself on the one hand, and basic design improvements
and programs which
should be part of the base install on the other.
I know these things exist - and if I had to use windows
more I'd use them too. But that's not enough to take
them off my list.
For me, Windows won't be desktop-ready until they come
pre-installed and operational as part of the base
operating system. Sure I could spend a lot of time
tweaking and tuning "my" system to make the user
interface more comfortable for me to use. But the
moment I have to sit at somebody else's PC, if all
that stuff just disappears, then what's the point? I
might as well just run linux on my own PC, and avoid
touching anybody else's computer (as I do currently).
For windows to be
desktop-ready for me, means that decent tools have
to be available on everybody's computer, not just
mine. (I don't care if the others use those tools
or not, just that the tools should be available).
I can install and remove scads of software with one
or two commands
Microsoft implements "Focus follows Mouse"
Multiple desktops become standard
They get rid of those stupid drive letters
Configuration becomes human-readable (and understandable)
and acquires revision control
The user interface becomes less responsive.
Yes, you read that right. It seems that Microsoft works
hard to make every possible piece of screen real estate
"do something, anything!" and so a mistaken keypress or
mouse click is likely to cause my document to be
translated into Swahili or something
I no longer have to give up fundamental rights, like
the right to free speech, to use it
It stops deciding how much text I want selected
Microsoft ships a real shell like bash with
it, not that cmd.exe rubbish
It comes with konsole and openssh out of the box
I stay away from Windows as much as possible. If I had to
use Windows more I'm sure I would have a longer list.
Your banking experiences are obviously a bit different
from mine. I have used 3 internet banking systems here
in AU and they all require only a username/password
or similar to login. Only one asks for an extra
"internet verifier". None of them ask for "N of M"
digits of any identifier - in other words, the input
necessary to successfully authenticate is the same
every time. None of them use a client certificate.
Perhaps you can see why I place so much blame on the
banks.
The scheme you referred to about the bank asking for
"N of M" digits is fundamentally a challenge-response mechanism and it doesn't improve security for two
reasons.
Assume that the bank is asking for 4 consecutive digits
out of 16. There are only 13 combinations of those -
16 if the digits can wrap around. Not having seen any
of these systems I don't know if the bank is likely to
ask for non-consecutive digits; offhand I think it might
be considered too confusing for old people to use.
First is the easy one - if a scammer captures everything
you type, then tries to login to your online banking later,
the scammer has a 1-in-13 or 1-in-16 chance of success.
I would not be happy to know that only a 1-in-16 chance
stood between a scammer and my money.
If the digits required are non-consecutive, then the odds
of the bank asking for digits which the scammer has reduce
considerably to 1-in-43680. But the scammer can improve
their information gathering by getting the sucker to try to login a few times.
However the second reason that this does not improve security, and the really important one at that, is that
there is no defense against a man-in-the-middle attack.
The scammer could connect to your online banking website
at the same time the sucker is at the scammer's website,
relaying the bank's HTML output to the sucker while
relaying the sucker's input to the bank. As soon as the
sucker has authenticated, the scammer can "disconnect"
the sucker from the bank website, and continue with the
established session.
This is the same technique that scammers use to get around
captchas, those silly graphics which some websites use to
deter robots. The technique goes like this: the scammer
sets up a pr0n website, and anybody who wants to view the
website must answer a captcha. But the captchas which are
displayed for the pr0n website are obtained in realtime
from a legitimate website which the scammer wants to
access. The pr0n-viewing user sees the captcha, enters a
code, the pr0n website has no idea whether the code is
correct but it submits that input to the legitimate website
and usually obtains access into the legitimate website.
Getting back to the online banking, the fatal flaw here
is that the user can authenticate using only information
that the user can type in. The only way to prevent
man-in-the-middle attacks is to use a client certificate;
this will ensure that the online bank is talking directly
to the user's browser.
Yay, I've been waiting patiently for my copy which
is over five and a half months late, but I know it
will be worth it. Jason Scott is to be commended;
he has put his heart and soul into this documentary
and I hope he sure makes a profit on it.
Whether it's an account number or a customer code
is irrelevant; the ones I have experience with
authenticate the user completely from
details which the user types in at the keyboard.
No certificates used.
This makes it vulnerable to phishing attacks because
the phisher needs only to fool the user into believing
that they are using the legitimate website. The phisher
does not need the account number, they need only enough
information to login to the user's banking site.
On the other hand, if the banks used a certificate, then the
user would authenticate themselves to their own browser
only. There's nothing for a phisher to take advantage of.
You bank is never going to ask you for your account number over email. They already have it!
Maybe so, but they definitely ask you for your
account number and password when you login to their
website.
Phishers setup a fake website to look like the bank and
then all they have to do is lure the suckers to the
fake website. And users have been conditioned to type
their usernames and passwords into the fake website
because they have been conditioned to type the same
information into the real website.
What the banks should be doing is providing users with
certificates (auto download to the browser) which
proves the user's identity, without requiring the user
to send their password to the bank. If every user
authenticated using a certificate, a phisher would get
nowhere, because (a) the browser won't send the certificate to the phisher, and (b) even if the browser did send the certificate, it's not usable by the phisher to authenticate to the real bank website.
Third Voice
were apparently the first ones to think of this
concept, back in 1999 - they wrote an application
which allows users to add comments to any web page.
Sadly, they went under. See this
Wired Article for more details.
Slashdot Mirror
That's like having a mortgage on my house, and now the Bank gets my paycheck and they take their cut then hand me the rest.
Changing OSs ... is like a blood transfusion, except
your new blood is not quite compatible with your old
blood. A lot of people find it quite impossible to
migrate from windows because they've got (a) apps,
(b) data, or (c) skills which won't transfer to linux.
Basically they're locked in.
The problem is that the advertising promotes what the device can do and totally fails to mention what the device cannot do, i.e. how it's crippled.
Frankly, I don't think it matters if the rate of technological advance per person is diminishing. The rate of technological advance of the species as a whole is accelerating, and that's what counts. Because only one person may invent something, but the whole race benefits from that invention.
People who chafe at the thought of ICANN controlling the TLD list (and want to add their own, new TLDs) setup alternative root servers. And then they are caught by problem B, in that every client in the world must change their root server hints in order to see the alternative domains. Most don't, of course, and so only a few people can see those alternative domains. The people who run the servers and the people who use the alternative domains are deluding themselves.
But what if domains could be looked up without clients needing a list of root servers? What if anybody could lay unique claim to a domain name without going through the established structure of Registries and Registrars and ICANN at the top of it all making ridiculous decisions about the TLDs (like .tel and .museum), not to mention the appalling Verisign? This would destroy the DNS resale
market. Would that be such a problem - it's already necessary to register company domains in multiple namespaces, and it only gets worse as more TLDs are added.
An infinity of TLDs would prove the futility of that
action. Anyway, what's my point?
Trackerless Bittorrent.
The latest Bittorrent does without a tracker by using a clever algorithm to distribute the contents of a hash table around the net. No hardcoded tracker IP is required.
Perhaps this concept could be applied to the function of looking up domain names. Clients would not need a list of "official" root servers in order to lookup any name. Domain Name owners would be able to choose any domain name they like (subject only to the requirement that it is recognisable as a domain name). No more ICANN mismanagement. No more Verisign hijacking.
What characteristics would a usable distributed DNS algorithm need?
I notice the chart authors kept listing ISPs until they got down to AOL, and then they stopped.
1.) Crack the P2P protocol
2.) Set up proxy, man-in-the-middle or alternate server
3.) ???
4.) Profit!
What kind of metastructure do they put on the disks to achieve that kind of large filesystem, and improve reliability?
In that case, hide your keystrokes behind your other hand - don't assume the security by obscurity of embedding your PIN inside some fake digits.
Wouldn't it be better to just check for a camera glued to the ATM?
Glad you confirmed it for me.
If you do that then your notes are not greppable. On the other hand, converting them to text after the meeting concludes takes extra time. This is a good argument for bringing an ordinary laptop, as opposed to a tablet pc, into a meeting. I suppose it's much easier to draw quick diagrams on a tablet PC, but if your notes are mostly textual, best to use the keyboard.
Sound, on both mobos, was unreliable. It would work for anything from 10 seconds to 2 days, then just stop. Compiling the sound driver as a module and unloading and reloading did not help. Various versions of the sound driver code did not help.
Also the mobos would crash irregularly. I found I had to slow down the CPU and particularly memory timing to keep them going for longer. It could have been a problem with the memory but I do not think so because I had to replace memory at some time and the condition still occurred with the replacement memory.
So no, I'm not very impressed with ASUS. My last mobo purchase was an ABIT, and while it's not perfect either, at least my sound works reliably.
s/athsma/asthma/
Now all I need is a keyboard with a trackpoint mouse embedded in it - not just any keyboard, but a Model M style buckling-spring beauty. I think pckeyboard.com sells them. Then I won't need to move my hands away from the keyboard to move the mouse around.
I suppose I should clearly distinguish between customization features which I would use myself on the one hand, and basic design improvements and programs which should be part of the base install on the other.
For me, Windows won't be desktop-ready until they come pre-installed and operational as part of the base operating system. Sure I could spend a lot of time tweaking and tuning "my" system to make the user interface more comfortable for me to use. But the moment I have to sit at somebody else's PC, if all that stuff just disappears, then what's the point? I might as well just run linux on my own PC, and avoid touching anybody else's computer (as I do currently).
For windows to be desktop-ready for me, means that decent tools have to be available on everybody's computer, not just mine. (I don't care if the others use those tools or not, just that the tools should be available).
I stay away from Windows as much as possible. If I had to use Windows more I'm sure I would have a longer list.
Unfortunately their webserver is as blank as the keyboard.
The scheme you referred to about the bank asking for "N of M" digits is fundamentally a challenge-response mechanism and it doesn't improve security for two reasons.
Assume that the bank is asking for 4 consecutive digits out of 16. There are only 13 combinations of those - 16 if the digits can wrap around. Not having seen any of these systems I don't know if the bank is likely to ask for non-consecutive digits; offhand I think it might be considered too confusing for old people to use.
First is the easy one - if a scammer captures everything you type, then tries to login to your online banking later, the scammer has a 1-in-13 or 1-in-16 chance of success. I would not be happy to know that only a 1-in-16 chance stood between a scammer and my money.
If the digits required are non-consecutive, then the odds of the bank asking for digits which the scammer has reduce considerably to 1-in-43680. But the scammer can improve their information gathering by getting the sucker to try to login a few times.
However the second reason that this does not improve security, and the really important one at that, is that there is no defense against a man-in-the-middle attack.
The scammer could connect to your online banking website at the same time the sucker is at the scammer's website, relaying the bank's HTML output to the sucker while relaying the sucker's input to the bank. As soon as the sucker has authenticated, the scammer can "disconnect" the sucker from the bank website, and continue with the established session.
This is the same technique that scammers use to get around captchas, those silly graphics which some websites use to deter robots. The technique goes like this: the scammer sets up a pr0n website, and anybody who wants to view the website must answer a captcha. But the captchas which are displayed for the pr0n website are obtained in realtime from a legitimate website which the scammer wants to access. The pr0n-viewing user sees the captcha, enters a code, the pr0n website has no idea whether the code is correct but it submits that input to the legitimate website and usually obtains access into the legitimate website.
Getting back to the online banking, the fatal flaw here is that the user can authenticate using only information that the user can type in. The only way to prevent man-in-the-middle attacks is to use a client certificate; this will ensure that the online bank is talking directly to the user's browser.
Yay, I've been waiting patiently for my copy which is over five and a half months late, but I know it will be worth it. Jason Scott is to be commended; he has put his heart and soul into this documentary and I hope he sure makes a profit on it.
Whether it's an account number or a customer code is irrelevant; the ones I have experience with authenticate the user completely from details which the user types in at the keyboard. No certificates used.
This makes it vulnerable to phishing attacks because the phisher needs only to fool the user into believing that they are using the legitimate website. The phisher does not need the account number, they need only enough information to login to the user's banking site.
On the other hand, if the banks used a certificate, then the user would authenticate themselves to their own browser only. There's nothing for a phisher to take advantage of.
Phishers setup a fake website to look like the bank and then all they have to do is lure the suckers to the fake website. And users have been conditioned to type their usernames and passwords into the fake website because they have been conditioned to type the same information into the real website.
What the banks should be doing is providing users with certificates (auto download to the browser) which proves the user's identity, without requiring the user to send their password to the bank. If every user authenticated using a certificate, a phisher would get nowhere, because (a) the browser won't send the certificate to the phisher, and (b) even if the browser did send the certificate, it's not usable by the phisher to authenticate to the real bank website.
Logging of IP addresses won't prevent (or aid) monitoring. What it will do is assist in after-the-event investigation of an incident.
Sadly, they went under. See this Wired Article for more details.