I was looking for a good place to crack a "Real Genius" joke. There's already a thread about popcorn... something about a "Real Genius" thought of that...
A mirror surface will harden the target, but even the best mirrors do not reflect all light and a combat laser can still burn a hole in it very fast.
Surprisingly, a mirror wouldn't work nearly as well as cheap glossy white paint.
Mirrors reflect (typically) 60-70% of the light that hits them, turning the rest into heat. Cheap, glossy, exterior-grade white paint often reflects in excess of 90% of the light back.
In other words, mirrors would turn about 4x as much of the light into heat as the white paint will. The difference is that mirrors reflect light without losing its coherency. White paint, on the other hand, just reflects the light in random directions.
Worried about teh lazers? Paint your tin foil hat white!
Now I just have to wait for my office to upgrade, and I'll get to spend another six months in Dependency Hell!
As a LOOOONNNNGGGG time RedHat user, what is this "Dependency Hell" that you speak of?
Rarely, I'll run into a dependency failure when using lots of 3rd party repos. Typically I just try again in a day or two, to find that the 3rd party repo has "caught up" with the main branch and order is restored. And even in this case, I still have a stable system afterward, it's just not updated until the deps are satisfied.
Sorry, but while deps were a royal pain back around RedHat 6.0 or so, since Yum/RHN came along, the deps problem has all but vanished for me. And if you are having deps problems with your 3rd party vendor, you need to look at your 3rd party vendor, not RedHat. If your 3rd party bothers to make RPMS and put up a repo (the latter is astonishingly easy once you get past the "build an RPM" part, which is usually just to use CheckInstall and your standard./configure && make style packaging) then your deps problems should similarly all-but-disappear.
It's the culmination of the Reaganomics era, where everyone "learned" that the almighty dollar was the only thing that mattered, and you get your bonuses based on quarterly performance, not on long-term performance.
Sure. Because before bad old Reagan entered the office, everybody only got bonuses after 10 SOLID YEARS of performance... and dollars didn't matter so nobody cared. No, the economic miracle of the United States, which began over a hundred years before Reagan was a gleam in his father's eye somehow managed to make it all the way to 1980 before people began thinking that dollars are "almighty" and that bonuses should be made in accordance with recent activity.
The whole thing is rather disconcerting as we seem to be developing better ways to kill just as quickly as all our other tech is advancing but I don't see leaps in our ability to live peacefully or get along keeping up with it all.
The best way to live peacefully is to communicate. Perhaps if we had some global communication tool, that made it trivial to communicate ideas to anyone, anywhere in the world, at very low cost? Something decentralized, so that it can't be easily controlled by any one nation or government. It would have to be open, based on standards only. It would be vast, and would probably quickly consume other industries that are based on the dissemination of information.
Nations with oppressive regimes would suddenly have to deal with the newfound power of their population. They'd communicate using "peer-to-peer" technologies given weird names like "Twitter".
25 thousand square miles of solar panels? I laughed out loud at that being considered a plausible solution to the energy crisis. You could power the entire world with the amount of money that would cost, using cheaper power like hydroelectric/wind.
Really? You need to find
A) Water that's falling, for hydro-electric. In case you hadn't noticed, there aren't that many more rivers of decent size that haven't been dammed (no pun intended) all to hell. Hydro-Electric is a non-starter for any more future development. There just isn't any.
B) Wind and a PLACE TO STORE THE POWER. Wind energy is cheap, but is only available when the wind blows. And that only has ZERO correlation to the when we need the power. See, in the American Southwest, we see a very distinct pattern of usage during the peak (summer) times of year. Every day, power usage spikes at about 2:00 PM, when everybody's air conditioner is running full tilt. Nicely, solar energy availability peaks at about 1:00 PM, so if we were smart about it, we could use solar to offset this horrific peak of power that otherwise maxes out the grid every year.
Also it would cost a fortune to maintain. Also why do they have to make roads out of them.. where did that come from? Just put them out on land somewhere, you don't have to drive all over them.
Driving on PV panels is teh stupid. But why not put them over the road, like a roof? Then you drive in relative "coolth" while the sun's heat is converted into electricity and/or re-radiated upwards instead of into your car. Cover parking lots, too. Wouldn't it be nice if your car didn't heat up to 150 degrees F when you parked at the local mall?
When I've pictured solar roads, I've pictures roads with a solar "roof" so that it's like you are driving on the bottom of a double-decker bridge. This keeps the road cool (saves fuel expenses on air conditioning) while not impacting actual driving. The only real cost is the scaffolding for the panels, which is usually dwarfed by the cost of the land the solar panels sit on. Since the road area is effectively free (or dang cheap) this is a win-win situation. Drivers don't have to roast in hot (Western US) sun, and the grid gets lots of juice at the time of day they are most likely to need it.
But the road itself!?!?! There are so many issues with this I don't know where to begin:
1) Dirt/grit/oil/grease. Ever walk barefoot on a road? Your feet are black within MINUTES. Ever walk barefoot on a freshly paved road? Not so much. Roads are nasty, dirty places with noxious dust from brakes, oil sling, grease droppings, and an occasional tire screetch smear. I can't imagine more than 50% of the light getting to the road in the first place, what with all the silt, dirt, sand, and the like. You want this to be see through?
2) Abrasion. So you have a road, covered with a fine layer of silt. Sandy, dusty, gritty stuff. And then, for good measure, you grind it all in with a 75,000 pound semi every 30 seconds or so. You still want this to be see through?
3) Expansion/Contraction. In the summer, the road surface hits 140 degrees. In the winter, it hits 10 below zero. With traffic, and snow plows - another big knife blad, with a 35,000 pound tractor behind it. Uh, yeah.
4) Accidents. So a semi crushes a small import at high speed. Pieces of metal go flying in all directions, and the chassis of the import becomes a 1,500 pound, 6 foot long knife blade being ground into the road at 65 miles an hour by 75,000 pounds of angry 18-wheel semi. Normal asphalt would have a nice groove in it 3/4 of an inch deep that would cause a "tick" noise as you drive over it. But what's that going to do to a PV road?
I'm not one who normally encourages negative responses to engineering challenges. But this strikes me as fundamentally... stupid. It's like using a hummer to drive fuel tanks of alcohol across the US and calling it "green shipping". Good luck getting anything north of 5% efficiency over 5 years.
Build a scaffold. Put the panels up above. And enjoy 50 years of quality cheap electricity, while making it cooler for the drivers and saving fuel to boot.
I drive a Toyota Matrix. It's no Lexus, but's it's plenty "good enough".
I live in a two-story, 2,000 Sq Ft home. It's no mansion, but it's quite nice, and it's "good enough".
My computer is an almost-3-year-old Dell running Fedora Core Linux. Although it was a bit spendy when I bought it, it's worth 1/10 of it's original value. I still use it because it's "good enough".
My shoes, purchased at Payless shoe source, black leather Airwalks. Are they the nicest shoes in the world? Well, they are if by nicest you mean "easy to come by for $30 or less". Oh, and "good enough".
Lame article is lame. We *always* compromise quality for price to find a healthy balance between the two. You don't drive a bulletproof limousine, nor do you (likely) travel to work every day in a private jet. Given a particular product marketplace, as features broaden, they become less and less important. The marketplace for the product as a whole commoditizes, and prices collapse.
This is the natural order of market progression, and is the march towards general social wealth. The author of this article needs a little Econ 101, as does the article submitter.
Are you *positive* that the VPN connection is uncrackable?
No, and nobody ever is. Which is why security protocols are so conservatively deployed. Protocols are proposed and analyzed by lots of people who are (hopefully) much smarter than you or I. Protocols that withstand years of this scrutiny and review are slowly trusted more and more (EG: SSL) over other protocols that get picked apart. (like WEP)
If it's going over wireless, then if someone is recording the cyphertext, they will be able to recover the VPN cyphertext out of the WPA cyphertext. If they then know of a way to recover the 'cleartext' from the VPN cyphertext, then you are still leaking your data.
This whole paragraph makes no sense at all, and makes it clear that you do not understand encryption, especially dual-key cryptography. Please RTFM.
If the VPN system is so secure, why aren't we using it for the wireless connection? That is, make the wireless network a VPN using the same algorithms you use for your VPN?
WEP, WPA, and AES are protocols that logically establish a sort of Virtual Private Network on otherwise public radio waves. The main difference between these protocols and a true VPN is that they aren't layered on top of IP, like a VPN, but are instead layered on the datagram protocol of the radio signal itself. The problem is that WEP was quickly implemented and was never really peer reviewed. Thus, it had numerous flaws that were discovered very quickly.
From a security standpoint, WEP is sort of like locking your ground-floor window. It allows you to announce your intention of privacy, but it's quite easily compromised by somebody with the digital equivalent of the nearest rock.
Yeah yeah, funny. But there's a very serious side to this joke. Where *are* all these cells going to come from? Well, it looks like the answer is just about here - YOU! See, scientists are rapidly unlocking the code behind what is a "stem cell" and are able to reprogram them to be whatever you want them to be.
In the (near!) future, you may be able to regenerate heart tissue, liver tissue, or (in my case) new teeth, simply by taking a small skin scraping, culturing the cells, reprogramming them into stem cells, or into whatever type of cell is actually needed - teeth, heart, liver, or whatever.
The resulting tissue could then be surgically implanted with zero risk of rejection, since they are cells from your own body, with your DNA/RNA and so on!
This is a brave new world that includes (at last!) a cure for Type I Diabetes, Parkinsons, heart disease, bad teeth, and too many other illnesses to name.
For example, there was a cure for Diabetes YEARS AGO called the Edmonton Protocol that had the unfortunate side effect of requiring hundreds of donor cadavers. I was, for a while, intensely excited (one of my oldest sons is Type 1 Diabetic) but the donor cadavers does present just a *bit* of a problem.
But suddenly, now, donors aren't a problem. If I need islet cells, I can donate a bit of skin tissue! Or even have a liposuction!
This isn't big. This isn't huge. This is world-changing.
Current residential ISP pricing is based on this model. If connections were priced no the assumption that you would actually use your 3mbps continuously all month, it would cost considerably more than $10 or $20/mo.
There is no particular reason why this would be the case. Sure, they're selling packets, and there's the concept that if you buy more, it will cost more. People accept that because they buy milk and gasoline based on this idea.
But when you really get down to it, when you really break down a "packet" or a megabit stream or whatever, you find out very quickly that there's nothing there. A packet isn't an amount of anything greater than the actual number of quantum bits it would take to communicate that idea.
Here, in my office, I have a 1 Gb switch for my office network. It doesn't use any more power than the 100 Mb switch that it replaced, and it didn't use any more power than the 10 Mb hub that it replaced. So we have 100x the "wealth" being transferred at only an incremental one-time cost, and zero additional per-unit or per-volume cost. Even the wires are the same!
Sure, routers and equipment cost money. But they only cost money once, and then continue to transmit data at exponentially faster speeds compared to their predecessors. If we change the investment scheme so that a larger percent of the revenues are actually invested into equipment, (even though still a small fraction of the total revenue stream!) we'd find exponentially better service.
This is something that our "free market" telecommunications industry is anything but motivated to provide. Their motivation is clear - spend as little as possible, pocket as much of the cashola as possible. This is OK - it's what companies do - but it's still stupid, and it works against the viability of our nation over the long term even if it does mean that the phone company makes a bit more profit in the shorter term.
100 Mb to the house should be commonplace. There's absolutely no good reason why it isn't, other than the friction of the "free" marketplace.
Really? Are you actually naive enough to believe this tripe? Where do you think the "free" market comes from? (ever heard of the Sherman Anti-trust act?) You drive to work every day in a car that doesn't give your children birth defects from pollution, and leaves you in a reasonable hope of surviving a crash at freeway speeds due to the legislation that regulates the competition between the auto companies.
Sounds kinda like biting the hand that feeds you when you talk incoherently like this...
Customers will decide if their carriers are doing whats best for them.
Unless they have no choice. If Comcast had the choice, the consumer (that's YOU) wouldn't have the choice.
People will talk, with or without the internet.
Sure - like they did in 1970, at $1 per minute. Or not. (My parents never let me chat with my grandparents on the phone)
As long as competitors are not locked out of the market by stupid government, bad businesses will die, better businesses will surface, and services will improve.
Sounds great. Except that it wasn't government that worked to stifle competition in the telecommunications industry through the 70s, it was AT&T. It was the "evilbad gubbmint" that freed the marketplace by splitting up AT&T into the "baby bells". In fact, many economists trace the beginnings of the Internet itself to this government-decreed split-up, since that was the first point where competition opened up enough to let lease lines become feasibly priced.
While the system is not always perfect, and sometimes business do the "wrong thing" (this is where government SHOULD come in), it is best for the government to act ON THE EXCEPTION rather than try and shape the course of the industry.
Sanity has just entered the discussion! Nice to see you! And this is where we might sort-of agree. See, Comcast is doing the "wrong thing". And they have enough marketshare in many of its jurisdictions that they can be considered a monopoly in many regions. And this is *exactly* where "gubbmint" needs to jump in and do its thing.
I like net neutrality as a concept, e.g. i don't want Comcast blocking my port 25, but on the other hand there will eventually have to be some use-based pricing because transfer does cost money. So if networks don't impose some usage caps or use QoS to provide multiple tiers, then we're just going to end up with metered service (like water, power, gas, phones and cell phones)... and that's going to hurt enthusiasts just as much if not more.
I pay another $10/month to have my bandwidth upgraded from 1.5 Mb to 3.0 Mb. In neither case is network neutrality even on the RADAR. Connection speed and/or bandwidth is NOT a net neutrality issue, so please don't waste all our time and bring it up as if it were.
Network neutrality is the idea that all valid packets are equal. Nothing more, nothing less.
If you are a carrier, you don't discriminate against a data packet because it appears to contain VOIP. You don't discriminate against a data packet because it comes from a company that you compete with. You don't discriminate against a packet because it's originator didn't pay their "protection money" this month. You don't use "traffic shaping" to make end services you offer "behave better" than other services from other networks.
That's a no-no.
Keep the network stupid - it's a world of ends and that's what it needs to be. And please, for the love of god, if you haven't clicked on the link at the beginning of this paragraph, PLEASE DO SO so you have some idea what network neutrality actually is, mmmkay?
Every so often, a foundational concept comes along that could affect development for decades or centuries hence. The concept of "network neutrality" is one of these.
Just imagine the future possibilities:
On one hand, you have a future where you can never be sure what's really "out there", where there are huge swaths of information that you simply can't access, not because you or the information owner have any disagreement, but because some third party that you don't even know has determined that you shouldn't or couldn't see it. In this world, many sites are slowed to the point of unusability simply because your carrier doesn't want to have to compete with them when they offer a similar service. Quality suffers due to the lack of open competition.
On the other extreme, we have a future in which the Internet consists of the "world of ends" so charmingly envisioned by Doc Searls and David Weinberger. In this world, every information provider competes on fairly level turf with everybody else. Services that are genuinely better are allowed to win out solely on their merits, and not on their competitive associations. Quality of service continues to progress at a lightning pace, friction for improvements is low, so the best man truly does win.
Some people would say this is esoteric, that it's not about the "real world". But these people miss the fact that in the world of the future, the Internet will be the primary means of communication around the world. Already we see whole industries being consumed and integrated into the Internet. I no longer have cable, no television antenna sits on my roof, since Hulu + Netflix does everything I ever asked of my satellite dish and then some. I no longer have a phone line, since Vonage lets me do what I wish, anywhere I like for less. I basically don't send letters anymore, Email does the job faster, better, and cheaper. It's easier for me to do my banking electronically than it is to drive downtown to the nearest bank branch.
The world of the future is the Internet. And it's up to us, our generation, to see that this gorgeous technology is established with social norms and laws that allow us to use it to its maximum potential. This is our time. SAY YES TO NETWORK NEUTRALITY, AS LOUDLY AND OFTEN AS YOU CAN.
The natural order of progression for any project like this is to tend towards conservatism.
See, in any big project, when you start out, you got nothing. So *anything* that is kinda sorta there is a vast improvement. And for a while, the changes come fast, heavy, and hard, as bugs are found, and details are filled in. You see a rapid growth, towards ideal.
But as you get closer to idea, the harder it gets to make it better. The Linux kernel was, at first, deeply concerned by simple things like stability, ability to reboot after an unexpected power outage, and getting permissions right, blah blah blah. But after 10 years of heavy development, things become so stable and mature that something that most people would never notice become a big deal - like the scheduler. (You think I personally pay ANY ATTENTION AT ALL to the scheduler used in the kernel that comes precompiled from my distro?)
So as the project matures, as the value of the intellectual property (source code, engineering drafts, whatever) rises, more and more attention is directed towards preserving past efforts and less effort is spent on improving it, simply because the potential value of improvement is decreased.
Wikipedia is following this course. It starts out a brash project, where the first question was simply: would people volunteer their time and knowledge to improve the encyclopedia without pay? Now, the idea is proven so successful there is a buzzword to describe it: crowd-sourcing.
Yes, values are changing. And they should. It's a reflection of the maturing state of Wikipedia!
Yes, yes it is - towards a day when the inner circle no longer has to use secret mailing lists, sock puppets, WP:CONFUSING, and the ol' boy network... They'll be the Law. And there will be no appeal.
Quoted is just one of many "END OF THE WORLD OMG I'M SO BETRAYEDED!" posts. The sound of a thousand 13-year olds biatching from their mother's basements as if the world owed 'em something. And they are all just pathetic and uninformed.
See, the license for Wikipedia is OPEN. You can download it, and fork your own damned wiki, complete with 3 MILLION quality articles to start with. And the cost to you for all this awesome shiat is nothing, nada, zip, zilch, zero, diddlysquat.
But hey, let's just ignore the facts, and whine and bellyache about the fact that the FREE (in just about every way) encyclopedia is being maintained (again, at no charge) by terms you don't like.
Geez, whiners! Don't like how it's being done? Grow a brass pair, and do it yourself! (or STFU)
Did you grow up somewhere drinking naturally non-fluoridated water? Did your land have a well rather than a hookup to city / county water supply?
Actually, yes. I grew up on a natural well in the country, and all that. However, there's still clearly a genetic component since my son is prone to cavities, while his older sister (that my wife had from another marriage) is not. Both have always lived on fluoridated water.
They're horrible, and I live in the United States, a culture where teeth are perfect and white or you are nothing. My wife has beautiful teeth, and despite the fact that we have nearly identical brushing and dental care habits, my teeth are horrid, yellow, and falling to pieces, hers are beautiful, white, and basically no cavities.
Sorry - not all teeth are created equal.
So here I am, 30-something, fairly affluent, and having horrid teeth. You think I wouldn't hesitate to spend a few Gs replacing my craptastic old teeth with new teeth with zero chance of rejection? Sure, they will go yellow quickly, just like the last ones did, but that means I'm in my 80s or later before my teeth are in any way unusual. And effectively, that means good teeth for life.
I've been waiting for this kind of treatment. Where do I sign up?
Re:Thwarted by properly designed online banking
on
Real-Time Keyloggers
·
· Score: 1
A properly designed security system fails gracefully by limiting the knowledge available at *every* step of the game.
Let's make a few assumptions:
1) The bank has a password generator. It's a simple key/value randomizer. It's very, very secure.
2) The end user has a cell phone. It may or may not be hacked.
3) The end user is attempting to get money or do something with the bank. It might be on a computer, or it might be a credit payment machine at a grocery store. The device can be reliably tracked (EG: IP address, or something similar) but it also may or may not be hacked.
You are the end user, and wish to make a credit card payment.
A) You swipe your card. The payment machine connects (indirectly) to the password generator, sending the balance to be paid. The password generator creates a key/password combo tied to the address for the device.
B) The password generator sends the key, password, and amount to be paid to the user's cell phone by SMS. The password generator sends only the key to the payment machine.
C) The end user gets the text message, and compares the key and amount charged to the machine. Verifying both, he enters in the password, and then a PIN (as now) completing the transaction.
D) Password generator compares the key, the source, the amount charged, and the password. If all match, the payment is approved and funds are delivered.
This protocol provides an attack window that is small and shallow.
A) If your credit card is stolen, the hax0r must have your cell phone to authorize a transaction. Value ~ worthless.
B) If your credit card AND cell phone are stolen, the hax0r must also know your PIN. Value ~ worthless
C) If your phone is hacked and hax0r sees your SMS messages, they can't use the key/password on any other payment gateway, since it's no more useful than any other random number for a purchase. And your PIN is never sent on the cell phone. Value ~ worthless.
D) If the credit machine is hacked, having the key, password, and balance doesn't do much since they can't charge for any amount other than the end user can verify, and also can't use the password for any other purchases without at least alerting the cell user.
E) This method drastically mitigates MITM attacks since the balance deducted is reviewed by the end user, and is only as good as the presence of the cell phone.
To defeat this system, the hax0r must:
1) Have a reliable means of reading YOUR cell phone messages while simultaneously blocking you from receiving them.
2) Have your PIN code.
3) Have a copy of your credit card.
Possible, perhaps. But still damned hard to do. And even if SMS were made vulnerable, *any* other communications channel can be just as effective. Email, pagers, even Twitter could be used. (the SMS messages don't exactly *have* to be private)
And while this protocol isn't perfect, and there are SOME weaknesses, these weaknesses are vastly reduced from the current "anybody can fake being you just by knowing the credit card number that you pass out to anyone you buy from" method that's used today.
Many times I text as a matter of politeness. If I have a short message that I don't want to interrupt someone over, but is more urgent than an email, I'll end a text. It's crazy conveniet. It's also useful when you have a 'sideband' during a phone conference.
Sure, pure voice is best when the needs of communication are rich, but it starts to feel 'heavy' when you telework closely with somebody for long.
A proper new secure OS from Microsoft would have to pull the same trick Apple did. Throw the old OS in a box, allow it to run in the new OS, and kick all old APIs to the curb. A good start would be the Singularity OS Microsoft has in it's research labs.
However, this road is fraught with danger for Microsoft. There is *decades* of third party code that depends on that old Win32 API. It may have its warts, but it's also the reason why everybody *must* have Windows. If they blackbox it and deprecate, then there will be screams and cries that will make the Vista fiasco seem like a little bickering by an old married couple.
Doubly dangerous for Microsoft is WINE, which runs the real risk of providing a better Windows than one which deprecates its own API.
So, deprecating their old API and requiring a new one for new development may be the "best" route, but remember, the switcharoo cost Apple something fierce, too.
Oh, I'm sure that the database was properly protected! I've seen quite a number of high-security environments that protect their databases with very cleverly written javascript that makes it all but impossible to hack!
Yet, somehow, those wascally l337 hax0rz still get in... (shrug)
The social security office could use a very similar protocol for setting up banking and credit accounts.
This is a *good* system and is roughly modelled after a system I designed for signing digital certificates.
And, do you want to talk about paranoia? Try designing a truly secure digital certificate system! It's harder than you think if you start with the assumption that any computer in the system could be hacked, but that still can't mean a system compromise.
But it doesn't matter if the cell phone company is compromised - or did you miss that bit?
The only thing that the cell phone company gets is the ability to approve the transaction that I already started. I don't give a shiat who reads the cell message. And if the cell network was hacked so that I get a bogus text message, then the transaction still doesn't work.
In other words, yes, perhaps it's possible to hack a GSM cell phone tower, but even so, the attack window is very, very small.
Compare that to today, where the attack window is so huge you could fly a dozen Airbus 380's through it in a parallel formation. Today, literally *EVERYBODY* you do business with has the ability to steal your credit card credentials!
These credit card processing companies had better get their acts together fast, or they'll be sunk by so many lawsuits that they won't be able to stay in business.
Yes, but there is still an underlying problem: The credit card payment system is inherently insecure. I'm not talking about the computers, I'm talking about the system at large. Credit card numbers are basically a password that you share with anybody who you buy stuff from. Any of these vendors by definition have all the information necessary to use your credit card.
What you can't do with the current system:
1) You can't "lend" your card to a subcontractor so that they can buy supplies, without opening yourself up to a world of hurt.
2) You can't trust that your identity isn't stolen at every possible transaction.
3) In the case of a leak, you can't be automatically alerted to attempts to use your credit card.
It could be some otherwise bored l337 h@x0r in Montana at his mom's house who cracks an online shopping cart, or the Russian Mafia, or the pimply guy who pumped your gas. All of them get the ability to "be you" simply by transacting as you, and so long as this fundamental insecurity remains unchanged, credit cards are and will continue to be problematic.
Me? I'm imagining something with my cell phone, a PIN like an ATM card, but one that's different for each transaction. In this manner:
1) I swipe my card. 2) The credit card gives me a challenge code, asks me for my PIN. 3) I get a text message on my cell, which has the challenge code on one line, and a one-time-PIN on the next line, and a third line with the amount charged. 4) I enter the one-time PIN, proving that I have the registered phone in my hand. 5) Then, I enter in my permanent PIN, just like I do now.
This protects me:
1) Anybody at the cell phone company can see the challenge and the response PIN, but it doesn't do them any good since these change with every card swipe.
2) Anybody at the store can see the whole transaction, but it doesn't matter since they don't have my phone.
3) Even the credit card processing center can't fudge the transaction because the amount of the charge was submitted prior to generating the one-time PIN, and I've already been made aware of the charge.
4) If somebody did get your card #, and tried to use it, you would know immediately that it was happening, and the amounts involved because you'd be getting notices of the transactions sent to your phone!
This would DRAMATICALLY reduce the security footprint of the credit card transactional system, and would easily allow for causual "lend him the credit card" scenarios, since you could give the card to someone, and even let them know your permenant PIN, but keep the phone in your hand. The only person who can effectively compromise this credit card system effectively would be the credit card company itself.
The only downside that I can see is that you couldn't use this system in areas without cell service. But even in that case, you could "pre-register" a transaction or two with no amount set, keep the one-time PINs handy, and use them when you don't have service.
The current system is terribly insecure - I've had 3-4 different compromises of my credit card numbers in the last couple years despite my being VERY careful with my data. Then I talk to the fraud department, sign the affidavit, get my credit back, blah blah blah...
The current system sucks. We need a better system.
Years ago, I used to have a connection with a recycling company in Sacramento with just this sort of marketplace. I would go down to their warehouse (a few hours drive from my hometown) and pick up a huge truckload of computers right off the pallets. Good deals, too. 3-5 year old computers, monitors, keyboards that had been well treated, for sale as scrap.
I took them to my hometown and made quite a good living reformatting them, putting some spit and polish on them, and selling them as "remanufactured" computers. I offered a generous (90 day) warrantee but honestly, it was rare that I had anybody take me up on it. They were generally high-quality machines that had been well treated so problems were, by far, the exception.
The big deal was making them LOOK nice. For keyboards, I used to use a garden hose, a nylon bristle broom, dish soap, and the sidewalk in front of my house. (which got lots of afternoon sun) I'd squirt dish soap all over the keyboards, spray them down with the hose, and stand over them, brushing them vigorously with the broom. After the grit was all out of them, I'd rinse them profusely with the hose washing out as much of the soap and grit as I could. Then I let them dry for a while. California valley sun is VERY warm, so it only took a day or so.
Surprisingly, some 90% of the keyboards worked perfectly after that, and looked almost new. A hour or so of work and $0.25 of soap would usually result in $200 or so worth of clean, fresh keyboards, otherwise attained at $1 a pop.
O/S software was easy - they often came preloaded with some old corporate software image. If there wasn't a license sticker, I'd just dump the registry for the license key, grab the O/S CD, and 45 minutes later was up and going. (sucked when MS changed their license terms to prevent resale like this!)
Since my margin was about 3:1, I could take the time to see that each system was well tested and stable before I sold. That's not true for many new systems sold, I might add. I actually made more money on the used systems per system than I did the new systems at 4-5x the cost!
Of course, this was back when a "new" computer STARTED at $1,500. I saw the writing on the wall when the purchase price dipped under $1,000, right around Y2K, and sold out. There's just no market for used computers in the 'states, since labor costs are high and prices are low enough to not be worth it.
But for the 3rd world, this doesn't surprise me at *all*. Computers passed the point of basic usability years ago. Heck, I have a 6 year old laptop that has survived 3 years of my own rigorous use, and has been passed down through 2 other employees since. It still works fine today, I used it to test Windows 7! It plays Hulu/Netflix videos just fine, and even does a passable job with many of the games out today. If it wasn't for running Vista under VMWare, I could still be using it today.
Slashdot Mirror
I was looking for a good place to crack a "Real Genius" joke. There's already a thread about popcorn... something about a "Real Genius" thought of that...
A mirror surface will harden the target, but even the best mirrors do not reflect all light and a combat laser can still burn a hole in it very fast.
Surprisingly, a mirror wouldn't work nearly as well as cheap glossy white paint.
Mirrors reflect (typically) 60-70% of the light that hits them, turning the rest into heat. Cheap, glossy, exterior-grade white paint often reflects in excess of 90% of the light back.
In other words, mirrors would turn about 4x as much of the light into heat as the white paint will. The difference is that mirrors reflect light without losing its coherency. White paint, on the other hand, just reflects the light in random directions.
Worried about teh lazers? Paint your tin foil hat white!
Now I just have to wait for my office to upgrade, and I'll get to spend another six months in Dependency Hell!
As a LOOOONNNNGGGG time RedHat user, what is this "Dependency Hell" that you speak of?
Rarely, I'll run into a dependency failure when using lots of 3rd party repos. Typically I just try again in a day or two, to find that the 3rd party repo has "caught up" with the main branch and order is restored. And even in this case, I still have a stable system afterward, it's just not updated until the deps are satisfied.
Sorry, but while deps were a royal pain back around RedHat 6.0 or so, since Yum/RHN came along, the deps problem has all but vanished for me. And if you are having deps problems with your 3rd party vendor, you need to look at your 3rd party vendor, not RedHat. If your 3rd party bothers to make RPMS and put up a repo (the latter is astonishingly easy once you get past the "build an RPM" part, which is usually just to use CheckInstall and your standard ./configure && make style packaging) then your deps problems should similarly all-but-disappear.
Methinks your software vendors are lazy.
It's the culmination of the Reaganomics era, where everyone "learned" that the almighty dollar was the only thing that mattered, and you get your bonuses based on quarterly performance, not on long-term performance.
Sure. Because before bad old Reagan entered the office, everybody only got bonuses after 10 SOLID YEARS of performance... and dollars didn't matter so nobody cared. No, the economic miracle of the United States, which began over a hundred years before Reagan was a gleam in his father's eye somehow managed to make it all the way to 1980 before people began thinking that dollars are "almighty" and that bonuses should be made in accordance with recent activity.
Yep. Makes sense me! (Even if it doesn't)
-Ben
The whole thing is rather disconcerting as we seem to be developing better ways to kill just as quickly as all our other tech is advancing but I don't see leaps in our ability to live peacefully or get along keeping up with it all.
The best way to live peacefully is to communicate. Perhaps if we had some global communication tool, that made it trivial to communicate ideas to anyone, anywhere in the world, at very low cost? Something decentralized, so that it can't be easily controlled by any one nation or government. It would have to be open, based on standards only. It would be vast, and would probably quickly consume other industries that are based on the dissemination of information.
Nations with oppressive regimes would suddenly have to deal with the newfound power of their population. They'd communicate using "peer-to-peer" technologies given weird names like "Twitter".
Nah. Probably would never happen, though.
25 thousand square miles of solar panels? I laughed out loud at that being considered a plausible solution to the energy crisis. You could power the entire world with the amount of money that would cost, using cheaper power like hydroelectric/wind.
Really? You need to find
A) Water that's falling, for hydro-electric. In case you hadn't noticed, there aren't that many more rivers of decent size that haven't been dammed (no pun intended) all to hell. Hydro-Electric is a non-starter for any more future development. There just isn't any.
B) Wind and a PLACE TO STORE THE POWER. Wind energy is cheap, but is only available when the wind blows. And that only has ZERO correlation to the when we need the power. See, in the American Southwest, we see a very distinct pattern of usage during the peak (summer) times of year. Every day, power usage spikes at about 2:00 PM, when everybody's air conditioner is running full tilt. Nicely, solar energy availability peaks at about 1:00 PM, so if we were smart about it, we could use solar to offset this horrific peak of power that otherwise maxes out the grid every year.
Also it would cost a fortune to maintain. Also why do they have to make roads out of them.. where did that come from? Just put them out on land somewhere, you don't have to drive all over them.
Driving on PV panels is teh stupid. But why not put them over the road, like a roof? Then you drive in relative "coolth" while the sun's heat is converted into electricity and/or re-radiated upwards instead of into your car. Cover parking lots, too. Wouldn't it be nice if your car didn't heat up to 150 degrees F when you parked at the local mall?
I was right there with you.
When I've pictured solar roads, I've pictures roads with a solar "roof" so that it's like you are driving on the bottom of a double-decker bridge. This keeps the road cool (saves fuel expenses on air conditioning) while not impacting actual driving. The only real cost is the scaffolding for the panels, which is usually dwarfed by the cost of the land the solar panels sit on. Since the road area is effectively free (or dang cheap) this is a win-win situation. Drivers don't have to roast in hot (Western US) sun, and the grid gets lots of juice at the time of day they are most likely to need it.
But the road itself!?!?! There are so many issues with this I don't know where to begin:
1) Dirt/grit/oil/grease. Ever walk barefoot on a road? Your feet are black within MINUTES. Ever walk barefoot on a freshly paved road? Not so much. Roads are nasty, dirty places with noxious dust from brakes, oil sling, grease droppings, and an occasional tire screetch smear. I can't imagine more than 50% of the light getting to the road in the first place, what with all the silt, dirt, sand, and the like. You want this to be see through?
2) Abrasion. So you have a road, covered with a fine layer of silt. Sandy, dusty, gritty stuff. And then, for good measure, you grind it all in with a 75,000 pound semi every 30 seconds or so. You still want this to be see through?
3) Expansion/Contraction. In the summer, the road surface hits 140 degrees. In the winter, it hits 10 below zero. With traffic, and snow plows - another big knife blad, with a 35,000 pound tractor behind it. Uh, yeah.
4) Accidents. So a semi crushes a small import at high speed. Pieces of metal go flying in all directions, and the chassis of the import becomes a 1,500 pound, 6 foot long knife blade being ground into the road at 65 miles an hour by 75,000 pounds of angry 18-wheel semi. Normal asphalt would have a nice groove in it 3/4 of an inch deep that would cause a "tick" noise as you drive over it. But what's that going to do to a PV road?
I'm not one who normally encourages negative responses to engineering challenges. But this strikes me as fundamentally... stupid. It's like using a hummer to drive fuel tanks of alcohol across the US and calling it "green shipping". Good luck getting anything north of 5% efficiency over 5 years.
Build a scaffold. Put the panels up above. And enjoy 50 years of quality cheap electricity, while making it cooler for the drivers and saving fuel to boot.
I drive a Toyota Matrix. It's no Lexus, but's it's plenty "good enough".
I live in a two-story, 2,000 Sq Ft home. It's no mansion, but it's quite nice, and it's "good enough".
My computer is an almost-3-year-old Dell running Fedora Core Linux. Although it was a bit spendy when I bought it, it's worth 1/10 of it's original value. I still use it because it's "good enough".
My shoes, purchased at Payless shoe source, black leather Airwalks. Are they the nicest shoes in the world? Well, they are if by nicest you mean "easy to come by for $30 or less". Oh, and "good enough".
Lame article is lame. We *always* compromise quality for price to find a healthy balance between the two. You don't drive a bulletproof limousine, nor do you (likely) travel to work every day in a private jet. Given a particular product marketplace, as features broaden, they become less and less important. The marketplace for the product as a whole commoditizes, and prices collapse.
This is the natural order of market progression, and is the march towards general social wealth. The author of this article needs a little Econ 101, as does the article submitter.
Are you *positive* that the VPN connection is uncrackable?
No, and nobody ever is. Which is why security protocols are so conservatively deployed. Protocols are proposed and analyzed by lots of people who are (hopefully) much smarter than you or I. Protocols that withstand years of this scrutiny and review are slowly trusted more and more (EG: SSL) over other protocols that get picked apart. (like WEP)
If it's going over wireless, then if someone is recording the cyphertext, they will be able to recover the VPN cyphertext out of the WPA cyphertext. If they then know of a way to recover the 'cleartext' from the VPN cyphertext, then you are still leaking your data.
This whole paragraph makes no sense at all, and makes it clear that you do not understand encryption, especially dual-key cryptography. Please RTFM.
If the VPN system is so secure, why aren't we using it for the wireless connection? That is, make the wireless network a VPN using the same algorithms you use for your VPN?
WEP, WPA, and AES are protocols that logically establish a sort of Virtual Private Network on otherwise public radio waves. The main difference between these protocols and a true VPN is that they aren't layered on top of IP, like a VPN, but are instead layered on the datagram protocol of the radio signal itself. The problem is that WEP was quickly implemented and was never really peer reviewed. Thus, it had numerous flaws that were discovered very quickly.
From a security standpoint, WEP is sort of like locking your ground-floor window. It allows you to announce your intention of privacy, but it's quite easily compromised by somebody with the digital equivalent of the nearest rock.
Yeah yeah, funny. But there's a very serious side to this joke. Where *are* all these cells going to come from? Well, it looks like the answer is just about here - YOU! See, scientists are rapidly unlocking the code behind what is a "stem cell" and are able to reprogram them to be whatever you want them to be.
In the (near!) future, you may be able to regenerate heart tissue, liver tissue, or (in my case) new teeth, simply by taking a small skin scraping, culturing the cells, reprogramming them into stem cells, or into whatever type of cell is actually needed - teeth, heart, liver, or whatever.
The resulting tissue could then be surgically implanted with zero risk of rejection, since they are cells from your own body, with your DNA/RNA and so on!
This is a brave new world that includes (at last!) a cure for Type I Diabetes, Parkinsons, heart disease, bad teeth, and too many other illnesses to name.
For example, there was a cure for Diabetes YEARS AGO called the Edmonton Protocol that had the unfortunate side effect of requiring hundreds of donor cadavers. I was, for a while, intensely excited (one of my oldest sons is Type 1 Diabetic) but the donor cadavers does present just a *bit* of a problem.
But suddenly, now, donors aren't a problem. If I need islet cells, I can donate a bit of skin tissue! Or even have a liposuction!
This isn't big. This isn't huge. This is world-changing.
Current residential ISP pricing is based on this model. If connections were priced no the assumption that you would actually use your 3mbps continuously all month, it would cost considerably more than $10 or $20 /mo.
There is no particular reason why this would be the case. Sure, they're selling packets, and there's the concept that if you buy more, it will cost more. People accept that because they buy milk and gasoline based on this idea.
But when you really get down to it, when you really break down a "packet" or a megabit stream or whatever, you find out very quickly that there's nothing there. A packet isn't an amount of anything greater than the actual number of quantum bits it would take to communicate that idea.
Here, in my office, I have a 1 Gb switch for my office network. It doesn't use any more power than the 100 Mb switch that it replaced, and it didn't use any more power than the 10 Mb hub that it replaced. So we have 100x the "wealth" being transferred at only an incremental one-time cost, and zero additional per-unit or per-volume cost. Even the wires are the same!
Sure, routers and equipment cost money. But they only cost money once, and then continue to transmit data at exponentially faster speeds compared to their predecessors. If we change the investment scheme so that a larger percent of the revenues are actually invested into equipment, (even though still a small fraction of the total revenue stream!) we'd find exponentially better service.
This is something that our "free market" telecommunications industry is anything but motivated to provide. Their motivation is clear - spend as little as possible, pocket as much of the cashola as possible. This is OK - it's what companies do - but it's still stupid, and it works against the viability of our nation over the long term even if it does mean that the phone company makes a bit more profit in the shorter term.
100 Mb to the house should be commonplace. There's absolutely no good reason why it isn't, other than the friction of the "free" marketplace.
Legislation that regulates competition is bad.
Really? Are you actually naive enough to believe this tripe? Where do you think the "free" market comes from? (ever heard of the Sherman Anti-trust act?) You drive to work every day in a car that doesn't give your children birth defects from pollution, and leaves you in a reasonable hope of surviving a crash at freeway speeds due to the legislation that regulates the competition between the auto companies.
Sounds kinda like biting the hand that feeds you when you talk incoherently like this...
Customers will decide if their carriers are doing whats best for them.
Unless they have no choice. If Comcast had the choice, the consumer (that's YOU) wouldn't have the choice.
People will talk, with or without the internet.
Sure - like they did in 1970, at $1 per minute. Or not. (My parents never let me chat with my grandparents on the phone)
As long as competitors are not locked out of the market by stupid government, bad businesses will die, better businesses will surface, and services will improve.
Sounds great. Except that it wasn't government that worked to stifle competition in the telecommunications industry through the 70s, it was AT&T. It was the "evilbad gubbmint" that freed the marketplace by splitting up AT&T into the "baby bells". In fact, many economists trace the beginnings of the Internet itself to this government-decreed split-up, since that was the first point where competition opened up enough to let lease lines become feasibly priced.
While the system is not always perfect, and sometimes business do the "wrong thing" (this is where government SHOULD come in), it is best for the government to act ON THE EXCEPTION rather than try and shape the course of the industry.
Sanity has just entered the discussion! Nice to see you! And this is where we might sort-of agree. See, Comcast is doing the "wrong thing". And they have enough marketshare in many of its jurisdictions that they can be considered a monopoly in many regions. And this is *exactly* where "gubbmint" needs to jump in and do its thing.
I like net neutrality as a concept, e.g. i don't want Comcast blocking my port 25, but on the other hand there will eventually have to be some use-based pricing because transfer does cost money. So if networks don't impose some usage caps or use QoS to provide multiple tiers, then we're just going to end up with metered service (like water, power, gas, phones and cell phones)... and that's going to hurt enthusiasts just as much if not more.
I pay another $10/month to have my bandwidth upgraded from 1.5 Mb to 3.0 Mb. In neither case is network neutrality even on the RADAR. Connection speed and/or bandwidth is NOT a net neutrality issue, so please don't waste all our time and bring it up as if it were.
Network neutrality is the idea that all valid packets are equal. Nothing more, nothing less.
If you are a carrier, you don't discriminate against a data packet because it appears to contain VOIP. You don't discriminate against a data packet because it comes from a company that you compete with. You don't discriminate against a packet because it's originator didn't pay their "protection money" this month. You don't use "traffic shaping" to make end services you offer "behave better" than other services from other networks.
That's a no-no.
Keep the network stupid - it's a world of ends and that's what it needs to be. And please, for the love of god, if you haven't clicked on the link at the beginning of this paragraph, PLEASE DO SO so you have some idea what network neutrality actually is, mmmkay?
Every so often, a foundational concept comes along that could affect development for decades or centuries hence. The concept of "network neutrality" is one of these.
Just imagine the future possibilities:
On one hand, you have a future where you can never be sure what's really "out there", where there are huge swaths of information that you simply can't access, not because you or the information owner have any disagreement, but because some third party that you don't even know has determined that you shouldn't or couldn't see it. In this world, many sites are slowed to the point of unusability simply because your carrier doesn't want to have to compete with them when they offer a similar service. Quality suffers due to the lack of open competition.
On the other extreme, we have a future in which the Internet consists of the "world of ends" so charmingly envisioned by Doc Searls and David Weinberger. In this world, every information provider competes on fairly level turf with everybody else. Services that are genuinely better are allowed to win out solely on their merits, and not on their competitive associations. Quality of service continues to progress at a lightning pace, friction for improvements is low, so the best man truly does win.
Some people would say this is esoteric, that it's not about the "real world". But these people miss the fact that in the world of the future, the Internet will be the primary means of communication around the world. Already we see whole industries being consumed and integrated into the Internet. I no longer have cable, no television antenna sits on my roof, since Hulu + Netflix does everything I ever asked of my satellite dish and then some. I no longer have a phone line, since Vonage lets me do what I wish, anywhere I like for less. I basically don't send letters anymore, Email does the job faster, better, and cheaper. It's easier for me to do my banking electronically than it is to drive downtown to the nearest bank branch.
The world of the future is the Internet. And it's up to us, our generation, to see that this gorgeous technology is established with social norms and laws that allow us to use it to its maximum potential. This is our time. SAY YES TO NETWORK NEUTRALITY, AS LOUDLY AND OFTEN AS YOU CAN.
The natural order of progression for any project like this is to tend towards conservatism.
See, in any big project, when you start out, you got nothing. So *anything* that is kinda sorta there is a vast improvement. And for a while, the changes come fast, heavy, and hard, as bugs are found, and details are filled in. You see a rapid growth, towards ideal.
But as you get closer to idea, the harder it gets to make it better. The Linux kernel was, at first, deeply concerned by simple things like stability, ability to reboot after an unexpected power outage, and getting permissions right, blah blah blah. But after 10 years of heavy development, things become so stable and mature that something that most people would never notice become a big deal - like the scheduler. (You think I personally pay ANY ATTENTION AT ALL to the scheduler used in the kernel that comes precompiled from my distro?)
So as the project matures, as the value of the intellectual property (source code, engineering drafts, whatever) rises, more and more attention is directed towards preserving past efforts and less effort is spent on improving it, simply because the potential value of improvement is decreased.
Wikipedia is following this course. It starts out a brash project, where the first question was simply: would people volunteer their time and knowledge to improve the encyclopedia without pay? Now, the idea is proven so successful there is a buzzword to describe it: crowd-sourcing.
Yes, values are changing. And they should. It's a reflection of the maturing state of Wikipedia!
Yes, yes it is - towards a day when the inner circle no longer has to use secret mailing lists, sock puppets, WP:CONFUSING, and the ol' boy network... They'll be the Law. And there will be no appeal.
Quoted is just one of many "END OF THE WORLD OMG I'M SO BETRAYEDED!" posts. The sound of a thousand 13-year olds biatching from their mother's basements as if the world owed 'em something. And they are all just pathetic and uninformed.
See, the license for Wikipedia is OPEN. You can download it, and fork your own damned wiki, complete with 3 MILLION quality articles to start with. And the cost to you for all this awesome shiat is nothing, nada, zip, zilch, zero, diddlysquat.
But hey, let's just ignore the facts, and whine and bellyache about the fact that the FREE (in just about every way) encyclopedia is being maintained (again, at no charge) by terms you don't like.
Geez, whiners! Don't like how it's being done? Grow a brass pair, and do it yourself! (or STFU)
Did you grow up somewhere drinking naturally non-fluoridated water? Did your land have a well rather than a hookup to city / county water supply?
Actually, yes. I grew up on a natural well in the country, and all that. However, there's still clearly a genetic component since my son is prone to cavities, while his older sister (that my wife had from another marriage) is not. Both have always lived on fluoridated water.
They're horrible, and I live in the United States, a culture where teeth are perfect and white or you are nothing. My wife has beautiful teeth, and despite the fact that we have nearly identical brushing and dental care habits, my teeth are horrid, yellow, and falling to pieces, hers are beautiful, white, and basically no cavities.
Sorry - not all teeth are created equal.
So here I am, 30-something, fairly affluent, and having horrid teeth. You think I wouldn't hesitate to spend a few Gs replacing my craptastic old teeth with new teeth with zero chance of rejection? Sure, they will go yellow quickly, just like the last ones did, but that means I'm in my 80s or later before my teeth are in any way unusual. And effectively, that means good teeth for life.
I've been waiting for this kind of treatment. Where do I sign up?
A properly designed security system fails gracefully by limiting the knowledge available at *every* step of the game.
Let's make a few assumptions:
1) The bank has a password generator. It's a simple key/value randomizer. It's very, very secure.
2) The end user has a cell phone. It may or may not be hacked.
3) The end user is attempting to get money or do something with the bank. It might be on a computer, or it might be a credit payment machine at a grocery store. The device can be reliably tracked (EG: IP address, or something similar) but it also may or may not be hacked.
You are the end user, and wish to make a credit card payment.
A) You swipe your card. The payment machine connects (indirectly) to the password generator, sending the balance to be paid. The password generator creates a key/password combo tied to the address for the device.
B) The password generator sends the key, password, and amount to be paid to the user's cell phone by SMS. The password generator sends only the key to the payment machine.
C) The end user gets the text message, and compares the key and amount charged to the machine. Verifying both, he enters in the password, and then a PIN (as now) completing the transaction.
D) Password generator compares the key, the source, the amount charged, and the password. If all match, the payment is approved and funds are delivered.
This protocol provides an attack window that is small and shallow.
A) If your credit card is stolen, the hax0r must have your cell phone to authorize a transaction. Value ~ worthless.
B) If your credit card AND cell phone are stolen, the hax0r must also know your PIN. Value ~ worthless
C) If your phone is hacked and hax0r sees your SMS messages, they can't use the key/password on any other payment gateway, since it's no more useful than any other random number for a purchase. And your PIN is never sent on the cell phone. Value ~ worthless.
D) If the credit machine is hacked, having the key, password, and balance doesn't do much since they can't charge for any amount other than the end user can verify, and also can't use the password for any other purchases without at least alerting the cell user.
E) This method drastically mitigates MITM attacks since the balance deducted is reviewed by the end user, and is only as good as the presence of the cell phone.
To defeat this system, the hax0r must:
1) Have a reliable means of reading YOUR cell phone messages while simultaneously blocking you from receiving them.
2) Have your PIN code.
3) Have a copy of your credit card.
Possible, perhaps. But still damned hard to do. And even if SMS were made vulnerable, *any* other communications channel can be just as effective. Email, pagers, even Twitter could be used. (the SMS messages don't exactly *have* to be private)
And while this protocol isn't perfect, and there are SOME weaknesses, these weaknesses are vastly reduced from the current "anybody can fake being you just by knowing the credit card number that you pass out to anyone you buy from" method that's used today.
Many times I text as a matter of politeness. If I have a short message that I don't want to interrupt someone over, but is more urgent than an email, I'll end a text. It's crazy conveniet. It's also useful when you have a 'sideband' during a phone conference.
Sure, pure voice is best when the needs of communication are rich, but it starts to feel 'heavy' when you telework closely with somebody for long.
A proper new secure OS from Microsoft would have to pull the same trick Apple did. Throw the old OS in a box, allow it to run in the new OS, and kick all old APIs to the curb. A good start would be the Singularity OS Microsoft has in it's research labs.
However, this road is fraught with danger for Microsoft. There is *decades* of third party code that depends on that old Win32 API. It may have its warts, but it's also the reason why everybody *must* have Windows. If they blackbox it and deprecate, then there will be screams and cries that will make the Vista fiasco seem like a little bickering by an old married couple.
Doubly dangerous for Microsoft is WINE, which runs the real risk of providing a better Windows than one which deprecates its own API.
So, deprecating their old API and requiring a new one for new development may be the "best" route, but remember, the switcharoo cost Apple something fierce, too.
Oh, I'm sure that the database was properly protected! I've seen quite a number of high-security environments that protect their databases with very cleverly written javascript that makes it all but impossible to hack!
Yet, somehow, those wascally l337 hax0rz still get in... (shrug)
The social security office could use a very similar protocol for setting up banking and credit accounts.
This is a *good* system and is roughly modelled after a system I designed for signing digital certificates.
And, do you want to talk about paranoia? Try designing a truly secure digital certificate system! It's harder than you think if you start with the assumption that any computer in the system could be hacked, but that still can't mean a system compromise.
But it doesn't matter if the cell phone company is compromised - or did you miss that bit?
The only thing that the cell phone company gets is the ability to approve the transaction that I already started. I don't give a shiat who reads the cell message. And if the cell network was hacked so that I get a bogus text message, then the transaction still doesn't work.
In other words, yes, perhaps it's possible to hack a GSM cell phone tower, but even so, the attack window is very, very small.
Compare that to today, where the attack window is so huge you could fly a dozen Airbus 380's through it in a parallel formation. Today, literally *EVERYBODY* you do business with has the ability to steal your credit card credentials!
That's just retarded.
These credit card processing companies had better get their acts together fast, or they'll be sunk by so many lawsuits that they won't be able to stay in business.
Yes, but there is still an underlying problem: The credit card payment system is inherently insecure. I'm not talking about the computers, I'm talking about the system at large. Credit card numbers are basically a password that you share with anybody who you buy stuff from. Any of these vendors by definition have all the information necessary to use your credit card.
What you can't do with the current system:
1) You can't "lend" your card to a subcontractor so that they can buy supplies, without opening yourself up to a world of hurt.
2) You can't trust that your identity isn't stolen at every possible transaction.
3) In the case of a leak, you can't be automatically alerted to attempts to use your credit card.
It could be some otherwise bored l337 h@x0r in Montana at his mom's house who cracks an online shopping cart, or the Russian Mafia, or the pimply guy who pumped your gas. All of them get the ability to "be you" simply by transacting as you, and so long as this fundamental insecurity remains unchanged, credit cards are and will continue to be problematic.
Me? I'm imagining something with my cell phone, a PIN like an ATM card, but one that's different for each transaction. In this manner:
1) I swipe my card.
2) The credit card gives me a challenge code, asks me for my PIN.
3) I get a text message on my cell, which has the challenge code on one line, and a one-time-PIN on the next line, and a third line with the amount charged.
4) I enter the one-time PIN, proving that I have the registered phone in my hand.
5) Then, I enter in my permanent PIN, just like I do now.
This protects me:
1) Anybody at the cell phone company can see the challenge and the response PIN, but it doesn't do them any good since these change with every card swipe.
2) Anybody at the store can see the whole transaction, but it doesn't matter since they don't have my phone.
3) Even the credit card processing center can't fudge the transaction because the amount of the charge was submitted prior to generating the one-time PIN, and I've already been made aware of the charge.
4) If somebody did get your card #, and tried to use it, you would know immediately that it was happening, and the amounts involved because you'd be getting notices of the transactions sent to your phone!
This would DRAMATICALLY reduce the security footprint of the credit card transactional system, and would easily allow for causual "lend him the credit card" scenarios, since you could give the card to someone, and even let them know your permenant PIN, but keep the phone in your hand. The only person who can effectively compromise this credit card system effectively would be the credit card company itself.
The only downside that I can see is that you couldn't use this system in areas without cell service. But even in that case, you could "pre-register" a transaction or two with no amount set, keep the one-time PINs handy, and use them when you don't have service.
The current system is terribly insecure - I've had 3-4 different compromises of my credit card numbers in the last couple years despite my being VERY careful with my data. Then I talk to the fraud department, sign the affidavit, get my credit back, blah blah blah...
The current system sucks. We need a better system.
Years ago, I used to have a connection with a recycling company in Sacramento with just this sort of marketplace. I would go down to their warehouse (a few hours drive from my hometown) and pick up a huge truckload of computers right off the pallets. Good deals, too. 3-5 year old computers, monitors, keyboards that had been well treated, for sale as scrap.
I took them to my hometown and made quite a good living reformatting them, putting some spit and polish on them, and selling them as "remanufactured" computers. I offered a generous (90 day) warrantee but honestly, it was rare that I had anybody take me up on it. They were generally high-quality machines that had been well treated so problems were, by far, the exception.
The big deal was making them LOOK nice. For keyboards, I used to use a garden hose, a nylon bristle broom, dish soap, and the sidewalk in front of my house. (which got lots of afternoon sun) I'd squirt dish soap all over the keyboards, spray them down with the hose, and stand over them, brushing them vigorously with the broom. After the grit was all out of them, I'd rinse them profusely with the hose washing out as much of the soap and grit as I could. Then I let them dry for a while. California valley sun is VERY warm, so it only took a day or so.
Surprisingly, some 90% of the keyboards worked perfectly after that, and looked almost new. A hour or so of work and $0.25 of soap would usually result in $200 or so worth of clean, fresh keyboards, otherwise attained at $1 a pop.
O/S software was easy - they often came preloaded with some old corporate software image. If there wasn't a license sticker, I'd just dump the registry for the license key, grab the O/S CD, and 45 minutes later was up and going. (sucked when MS changed their license terms to prevent resale like this!)
Since my margin was about 3:1, I could take the time to see that each system was well tested and stable before I sold. That's not true for many new systems sold, I might add. I actually made more money on the used systems per system than I did the new systems at 4-5x the cost!
Of course, this was back when a "new" computer STARTED at $1,500. I saw the writing on the wall when the purchase price dipped under $1,000, right around Y2K, and sold out. There's just no market for used computers in the 'states, since labor costs are high and prices are low enough to not be worth it.
But for the 3rd world, this doesn't surprise me at *all*. Computers passed the point of basic usability years ago. Heck, I have a 6 year old laptop that has survived 3 years of my own rigorous use, and has been passed down through 2 other employees since. It still works fine today, I used it to test Windows 7! It plays Hulu/Netflix videos just fine, and even does a passable job with many of the games out today. If it wasn't for running Vista under VMWare, I could still be using it today.