If anyone asks for your PIN, you can always give them a fake one, and they know this.
Not if you're standing at the ATM machine or in front of a WiFi connected laptop, and a bad PIN means your kneecap gets the first shot. The expectation that people behave in a certain way in respect to socially accepted norms, makes someone that doesn't abide by those norms very difficult for folks to deal with.
Someone in an earlier post mentioned the article in which a carjacker tried to steal a car protected by a fingerprint reader. The thief simply ripped the owners finger off and drove away.
In any case, my roommate's account was overdrawn for several days, acuring overdraft charges as well.
Overdraft is an option; don't enable it for any debit card linked account.
I'd never carry my bank's debit card if it wasn't also my ATM card.
Many banks use the same card as a debit card and ATM card. All the banks I deal with allow the debit card functionality to be disabled, while leaving the ATM functionality intact. By default they combine the functions to make the use of a debit card easy and convenient. I've just had to fill in a form at the branch to have the debit card disabled. If your bank won't allow this, change banks (and tell them why).
If this new scheme forces thiefs to switch to "Social Engineering", well, it's a good thing, since people can be educated about them.
Be careful what you wish for; social engineering comes in many forms.
[Points gun at head]: Give me your card.
What is the PIN?
[Pulls trigger]
You've just been socially engineered out of your funds, and life. Raising the bar on security doesn't always mean it's harder for a criminal, or safer for you.
While the limit is the same, the impact isn't. If a credit card is used improperly, your credit limit is temporarily reduced by the pilfered amount, until the state of the card can be restored. If a debit card is used improperly, your assets are temporarily reduced until the bank restores the funds.
The result of the first is that you may have to limit purchases for a while. The result of the second is that transactions in progress (bills, taxes, and other debts paid) may fail. You will likely be held accountable by those independent institutions for the failure. Even if the result is that they accept the delay, you will likely spend considerable time correcting the situation.
If you are going to use a debit card, create a separate account exclusively for the purpose. Limit the funding in the account to the amount you feel comfortable being without for an arbitrary period of time.
Remember, a debit card is advantageous to the bank, not to you. All things being equal (payment made when requested, so no interest charged), credit cards allow you to utilize the month of float (a short term interest-free loan). A debit card allows your bank to do the same - with your money, and without paying you for the privilege.
"Regardless of which side of the fence you sit on, could this take us closer to embedded chips under the skin?"
If it does work outside of your body, it won't work inside your body. There is no absolute way to prove identity. It's a bummer, I know.
You can prove (within acceptable limits) that some biometric data (like a DNA sample) comes from you, but there is a gap between that information and identity. Identity is solely a "web of trust" issue. Trying to solve identity theft with some piece of information (like a password) or biometric data (like a fingerprint) will only raise the bar for identity theft.
It's been a while since I was a mainframe guy (1977-1995), but IBM has one of the most extensive sets of documentation for their equipment that I've seen for any hardware software. They publish on CD (or did back in the 1990's) - there was too much paper documentation even back then. Absolutely every aspect is documented. Every single error/warning/informational message that any application or OScan issue is documented with explanations and operator actions (if required). Right down to the data structures used by the OS, there was nothing that was left undocumented. You could even pay to get access to the source code.
The documentation and source code are (or were) revenue generating portions of the business. If your company doesn't pay for them, they don't get them. In turn, this created some of the most exhaustively complete documentation in the world. It is (was?) a thing of beauty.
I didn't like Buffy or Angel, but loved Firefly. It reminded me in a lot of ways of the feeling I got from reading Heinlein's novels when I was younger, that never translated to the big (or little) screen.
I too would like to know how it can be paid for if no fee is charged especially given the high cost of infrastructure.
You mean like the free air conditioning in the summer and heat in the winter that folks expect when they go into any commercial building? Or the electricity? Or adequate lighting? Or the water fountains? Or bathrooms? Or garbage cans? Or escalators/elevators?
All these things have an enormous infrastructure cost (as well as ongoing maintenance and upgrade costs), and were once considered luxury items. Now they are just a cost of doing business or element of the standard of living, paid for by customers and tax payers. Everyone pays their small share, and the standard of living goes up.
The other day I was in a store looking at a piece of PC hardware. I wasn't sure whether it was supported in Linux, and the sales droid was mindless as usual. If I had a WiFi connection, I could have checked the web on my WiFi enabled PDA. It turns out it was supported, but since I was at home by the time I found that out, I ordered from an online retailer. Access to information can drive sales.
The other point is that folks loiter where there is free WiFi, specifically because it's not ubiquitous. If it were, they could be almost anywhere and there would be no reason to take up space in little coffee shops during peak hours.
The point is that there are already boxes of this type, and they already run Linux (direct from the manufacturer), and they can be had for less ($0-$5 after rebates). So the purpose served by this hack is what? It doesn't save money, it doesn't provide unavailable functionality, and it's not all that cool. It's like saying "Look! I bought a car, and I put new tires on it! N-E-W T-I-R-E-S!!!". If there were no 802.11g routers running Linux, then it would be cool. If it were a cheaper box that was made to provide the function of a more expensive box, then it would be cool. That it does neither is just not all that interesting.
ZyXEL is currently in violation of the GPL. They sell consumer grade equipment that runs Linux, Busybox and the webs web server (all GPL). However, they never mention the GPL in any docs or on their web site, and they refuse to provide source code.
My point is that masses of people _won't_ "just sit down with linux for a bit." They'll spend a few minutes on it and decide it's not good enough and go back to Windows.
If that were true, Mac OSX would have no user base, because it's different than Windows (not "not good enough"). Different is not a problem in itself. In fact, the less technically cabable the individual, the less they care about these minor differences (they have to "hunt and peck" the menus, since they don't remember where anything is anyway).
I've installed Linux for people (even young kids), and the only complaint I hear is that installing "software X" (usually a Windows program) is too hard or not possible. If I can find a Linux equivalent (or get it to work under WINE), they are fine. Usually it's not in a repository for yum/apt, so they can't install it themselves. If I can't get an equivalent - usually a proprietary app - then they return to Windows. They don't care about the OS. They want/need to run "software X".
That situation will not be changing in the short term, anymore than it has changed for Mac OSX. Some companies don't care about other platforms, period.
Eventually, this will become a non-issue. WINE is improving daily. Application developers (even Windows-only) are being more carefuly about their code, so it CAN run under WINE. Applications are being ported to run natively on Linux. Each day, someone else's stumbling block is removed, and a migration occurs. It just takes time.
If the argument were that simple, static linking would never occur.
The flip side of the argument is that installing a broken zlib will break all application that are dynamically linked, but have no effect on those that are statically linked.
Remember too that an upgrade to a dynamically linked function means that proper testing must include all software that uses that function. A statically linked application can be tested as a standalone unit.
The resulting isolation of points of failure and lower MTTR is often seen as an advantage in production environments.
I remember this specific situation occurring in a production environment I worked in. A common library was updated, causing the failure of multiple critical applications. The ones not impacted? Statically linked.
Both sides of the discussion clearly have advantages and disadvantages; they have to be weighed to determine the proper risk/benefit.
My wife and I (both computer scientists, which was a relatively new degree at the time), went to a computer store to check out the Macintosh in 1984. We were really impressed by MacPaint - being able to draw on screen at that time (as opposed to using something like a plotter) was a big deal. After filling the screen with various filled shapes and textures, I noticed the lasso selection tool, and wondered what it did. I selected an arbitrary region with it (even the concept of selection was new) and then noticed the little "dancing ants". I clicked in the middle of the selection and dragged... and the arbitary graphic region moved! We bought one right then.
The things we take for granted today were so astonishing when the Mac was introduced, that it's impossible for folks that have grown up with the technology to appreciate. In the intervening 21 years, few things have been as impressive as the Macintosh.
Many machines allow you to flash with a bootable CD. My Toshiba laptops (3 years old) and ASUS motherboard (1 year old) do. It's usually just a matter of using the bootable floppy image to create the bootable CD. Check with your manufacturer - if it can boot a CD, it will probably work. Usually they just consider the creation of a bootable CD to be too hard for their customers.
I typically go 2-3 weeks between charges, and it syncs via WiFi (802.11b). It works great with Windows, Mac OSX and Linux (with none of that pesky USB/udev configuration). You can get them for as little as $170 lightly used on EBay (I just bought a second unit for my wife). Full specs here.
I think they plan on providing a panel icon for linux (Gnome/KDE), but it isn't done yet. The quickstart keeps the OO common code resident (which is what is really consuming the resource). The script is stopped between idle periods - it only gets control when you close the last OO window to reload the common code. If you use OO frequently, and can afford a few MB of RAM overhead (there's no CPU overhead), it save a lot of time.
Why compromise? Use OpenOffice with the quick starter; you can be jotting a note (or using any of the OO applications) in 2-3 seconds. Just run this little script as a background process when you start your session on Linux:
#!/bin/bash while true do
ooffice -quickstart done
On Windows, enable the quick-start panel icon. I'm not sure about Mac OSX; it probably will work with the above script.
Slashdot Mirror
Not if you're standing at the ATM machine or in front of a WiFi connected laptop, and a bad PIN means your kneecap gets the first shot. The expectation that people behave in a certain way in respect to socially accepted norms, makes someone that doesn't abide by those norms very difficult for folks to deal with.
Someone in an earlier post mentioned the article in which a carjacker tried to steal a car protected by a fingerprint reader. The thief simply ripped the owners finger off and drove away.
Overdraft is an option; don't enable it for any debit card linked account.
I'd never carry my bank's debit card if it wasn't also my ATM card.
Many banks use the same card as a debit card and ATM card. All the banks I deal with allow the debit card functionality to be disabled, while leaving the ATM functionality intact. By default they combine the functions to make the use of a debit card easy and convenient. I've just had to fill in a form at the branch to have the debit card disabled. If your bank won't allow this, change banks (and tell them why).
Be careful what you wish for; social engineering comes in many forms.
[Points gun at head]: Give me your card.
What is the PIN? [Pulls trigger]
You've just been socially engineered out of your funds, and life. Raising the bar on security doesn't always mean it's harder for a criminal, or safer for you.
The result of the first is that you may have to limit purchases for a while. The result of the second is that transactions in progress (bills, taxes, and other debts paid) may fail. You will likely be held accountable by those independent institutions for the failure. Even if the result is that they accept the delay, you will likely spend considerable time correcting the situation.
If you are going to use a debit card, create a separate account exclusively for the purpose. Limit the funding in the account to the amount you feel comfortable being without for an arbitrary period of time.
Remember, a debit card is advantageous to the bank, not to you. All things being equal (payment made when requested, so no interest charged), credit cards allow you to utilize the month of float (a short term interest-free loan). A debit card allows your bank to do the same - with your money, and without paying you for the privilege.
s/If it does work outside of your body/If it doesn't work outside of your body/
If it does work outside of your body, it won't work inside your body. There is no absolute way to prove identity. It's a bummer, I know.
You can prove (within acceptable limits) that some biometric data (like a DNA sample) comes from you, but there is a gap between that information and identity. Identity is solely a "web of trust" issue. Trying to solve identity theft with some piece of information (like a password) or biometric data (like a fingerprint) will only raise the bar for identity theft.
It's been a while since I was a mainframe guy (1977-1995), but IBM has one of the most extensive sets of documentation for their equipment that I've seen for any hardware software. They publish on CD (or did back in the 1990's) - there was too much paper documentation even back then. Absolutely every aspect is documented. Every single error/warning/informational message that any application or OScan issue is documented with explanations and operator actions (if required). Right down to the data structures used by the OS, there was nothing that was left undocumented. You could even pay to get access to the source code.
The documentation and source code are (or were) revenue generating portions of the business. If your company doesn't pay for them, they don't get them. In turn, this created some of the most exhaustively complete documentation in the world. It is (was?) a thing of beauty.
I didn't like Buffy or Angel, but loved Firefly. It reminded me in a lot of ways of the feeling I got from reading Heinlein's novels when I was younger, that never translated to the big (or little) screen.
You mean like the free air conditioning in the summer and heat in the winter that folks expect when they go into any commercial building? Or the electricity? Or adequate lighting? Or the water fountains? Or bathrooms? Or garbage cans? Or escalators/elevators?
All these things have an enormous infrastructure cost (as well as ongoing maintenance and upgrade costs), and were once considered luxury items. Now they are just a cost of doing business or element of the standard of living, paid for by customers and tax payers. Everyone pays their small share, and the standard of living goes up.
The other day I was in a store looking at a piece of PC hardware. I wasn't sure whether it was supported in Linux, and the sales droid was mindless as usual. If I had a WiFi connection, I could have checked the web on my WiFi enabled PDA. It turns out it was supported, but since I was at home by the time I found that out, I ordered from an online retailer. Access to information can drive sales.
The other point is that folks loiter where there is free WiFi, specifically because it's not ubiquitous. If it were, they could be almost anywhere and there would be no reason to take up space in little coffee shops during peak hours.
The point is that there are already boxes of this type, and they already run Linux (direct from the manufacturer), and they can be had for less ($0-$5 after rebates). So the purpose served by this hack is what? It doesn't save money, it doesn't provide unavailable functionality, and it's not all that cool. It's like saying "Look! I bought a car, and I put new tires on it! N-E-W T-I-R-E-S!!!". If there were no 802.11g routers running Linux, then it would be cool. If it were a cheaper box that was made to provide the function of a more expensive box, then it would be cool. That it does neither is just not all that interesting.
ZyXEL is currently in violation of the GPL. They sell consumer grade equipment that runs Linux, Busybox and the webs web server (all GPL). However, they never mention the GPL in any docs or on their web site, and they refuse to provide source code.
Actually, about the same price as the ZigBee device.
Yeah, if only something like this existed.
If that were true, Mac OSX would have no user base, because it's different than Windows (not "not good enough"). Different is not a problem in itself. In fact, the less technically cabable the individual, the less they care about these minor differences (they have to "hunt and peck" the menus, since they don't remember where anything is anyway).
I've installed Linux for people (even young kids), and the only complaint I hear is that installing "software X" (usually a Windows program) is too hard or not possible. If I can find a Linux equivalent (or get it to work under WINE), they are fine. Usually it's not in a repository for yum/apt, so they can't install it themselves. If I can't get an equivalent - usually a proprietary app - then they return to Windows. They don't care about the OS. They want/need to run "software X".
That situation will not be changing in the short term, anymore than it has changed for Mac OSX. Some companies don't care about other platforms, period.
Eventually, this will become a non-issue. WINE is improving daily. Application developers (even Windows-only) are being more carefuly about their code, so it CAN run under WINE. Applications are being ported to run natively on Linux. Each day, someone else's stumbling block is removed, and a migration occurs. It just takes time.
If the argument were that simple, static linking would never occur.
The flip side of the argument is that installing a broken zlib will break all application that are dynamically linked, but have no effect on those that are statically linked.
Remember too that an upgrade to a dynamically linked function means that proper testing must include all software that uses that function. A statically linked application can be tested as a standalone unit.
The resulting isolation of points of failure and lower MTTR is often seen as an advantage in production environments.
I remember this specific situation occurring in a production environment I worked in. A common library was updated, causing the failure of multiple critical applications. The ones not impacted? Statically linked.
Both sides of the discussion clearly have advantages and disadvantages; they have to be weighed to determine the proper risk/benefit.
I've found Bill McCarty's SELinux book particularly useful for understanding the implementation of mandatory access controls on Linux.
My wife and I (both computer scientists, which was a relatively new degree at the time), went to a computer store to check out the Macintosh in 1984. We were really impressed by MacPaint - being able to draw on screen at that time (as opposed to using something like a plotter) was a big deal. After filling the screen with various filled shapes and textures, I noticed the lasso selection tool, and wondered what it did. I selected an arbitrary region with it (even the concept of selection was new) and then noticed the little "dancing ants". I clicked in the middle of the selection and dragged... and the arbitary graphic region moved ! We bought one right then. The things we take for granted today were so astonishing when the Mac was introduced, that it's impossible for folks that have grown up with the technology to appreciate. In the intervening 21 years, few things have been as impressive as the Macintosh.
Many machines allow you to flash with a bootable CD. My Toshiba laptops (3 years old) and ASUS motherboard (1 year old) do. It's usually just a matter of using the bootable floppy image to create the bootable CD. Check with your manufacturer - if it can boot a CD, it will probably work. Usually they just consider the creation of a bootable CD to be too hard for their customers.
I typically go 2-3 weeks between charges, and it syncs via WiFi (802.11b). It works great with Windows, Mac OSX and Linux (with none of that pesky USB/udev configuration). You can get them for as little as $170 lightly used on EBay (I just bought a second unit for my wife). Full specs here.
Small enclose and a free HD! Oh, and it plays music too, or something. USB 2.0 and FireWire.
I think they plan on providing a panel icon for linux (Gnome/KDE), but it isn't done yet. The quickstart keeps the OO common code resident (which is what is really consuming the resource). The script is stopped between idle periods - it only gets control when you close the last OO window to reload the common code. If you use OO frequently, and can afford a few MB of RAM overhead (there's no CPU overhead), it save a lot of time.
Why compromise? Use OpenOffice with the quick starter; you can be jotting a note (or using any of the OO applications) in 2-3 seconds. Just run this little script as a background process when you start your session on Linux:
#!/bin/bash
while true
do
ooffice -quickstart
done
On Windows, enable the quick-start panel icon. I'm not sure about Mac OSX; it probably will work with the above script.
The Fedora developers have documented the yum upgrade process in the Fedora Project Wiki, here.
Under the FC1->FC4 upgrade the answer is:
FC1 -> FC2
Just Upgrade using anaconda - save yourself a world of pain.
In other words, boot off the FC4 installation disk, and select "Upgrade" as the installation type.
Is that a nice way of saying "bitch"?
This sounds like someone is asking for an DRM/watermarking-type of application, that would survive open source inspection. Hmmm.