So as a cyclist, you would love for people who are riding things that weigh a lot more than you do and which can hit a hole and fly in to you at any moment.. to take their eyes off of the road, look down, refocus their eyes on their gas tank, make sure they're going a legal speed, and then look back up.
You should explain why you would prefer this situation over having the information already available to the motorcyclist without moving the head/refocusing the eyes at all.
RFID cards are pretty insecure, since there's no requirement that the user do anything before you can steal the data. I don't even know why they bothered with them. Once you have multiple cards with identical NFC systems in a physical wallet, you can't even use the excuse that it lets you tap your wallet without taking out the card. Most people have more than one credit card.
NFC in phones is neat. You don't have to use it for wallet-like stuff, you can use it for things that previously people would use IrDA (infrared) for: moving contacts, etc. It's only on when your screen is on, their antennas are pretty awful so they really only work rather close, and every thing I've seen that reads from the phone has an action the user of the phone has to take (i.e. google wallet: you have to enter a pin, android beam you have to 'tap to beam' from the source phone, etc.) NFC in phones isn't scary, but yes it can be disabled easily if you'd rather not have the rather minimal battery drain.
Using credit cards, *if you have the money to do so and pay it off every month* is a no-brainer. Get a rewards card and an interest-bearing checking account, and you get some more interest collected in the checking account until the credit card bill is paid, and the rewards from the credit card, even at 2%, are rather nice. Plus usually credit cards have other perks (if someone steals my wallet, I'm not responsible for the charges. I am out all of the cash they just stole though), often there's complimentary travel insurance, etc.
Now, credit cards charge fees to the merchants, so using them at stores you really like, or smaller chains might not be a 'nice' thing to do. But at large chains which have likely 1: negotiated lower fees and 2: have such a high percentage of people paying with cards that they already have adjusted their pricing of goods to accommodate for the likelihood of someone paying with a card, I don't feel guilty at all.
So in conclusion: RFID (NFC) physical credit cards (without any second factor): dumb Credit cards vs. cash: credit cards all the way. Actually carrying a balance on credit cards: exceedingly dumb Different mentality for cash vs. credit card: well, just know that it exists and intentionally go against that behavior, if you like. I'm very lucky to have a job and to not live paycheck to paycheck, so I can afford to have the 'credit card mentality' of comparing benefits before comparing price.
Actually I'm pretty sure it was at least her third husband. She was cheating on [then-current] husband with [former, second] husband, and putting the child of [former, first] husband in danger. This woman sounds like a class-act all around.
Obviously this assumes that 1) Currently unbricked kindles can be re-associated with a different account, and 2) The person it was stolen from can still brick a kindle even after re-association for a period of time, in case the first thing the thief does is re-associate it. Say, 48 hours to report your kindle stolen to Amazon, and they'll still disable it [and remove any charges made to your account, if that's possible from the Kindle, etc.].
Why not just provide a way to disable the kindle that is associated with an amazon account until that same account enables it again? Then I can disable it if I left it somewhere.. if I recover it, I can enable it. No one else can. The kindle should not say what the name of the account is or anything that the thieves can use to identify what account to try to hack in to either. There shouldn't need to be any human involvement in here, I've already authenticated who I am by being able to login (with a password, auto-login should not be sufficient).
I think so. I don't think they even intend to announce that they support OpenID. I think they're using it as a protocol because all the libraries are already written, but they recognize that you can't just go to random_website.com and use their id URL since 1) they won't let random_website.com use this service, and 2) their id URL is really really weird at the moment (and doesn't use email addresses or any personally identifiable information, sorry everyone else commenting).
I believe the story is just FUD, all around. The summary is wrong (it says it's not OpenID 2.0, Google's page says to use any OpenID 2.0 library). Google hasn't announced they're supporting OpenID, but they are [at least planning on] providing a service that uses OpenID under the hood to do OpenID-like things (namely a "Login With Google" option). I will be very surprised if Google advertises that they support OpenID and that everyone's gmail account is OpenID enabled with this implementation, since it's definitely not going to work for the vast majority of sites.
Actually, it IS OpenID 2.0 compatible from what I can tell, but the id to use is obscure. It is NOT backwards compatible to OpenID 1.0. It DOES require the site doing the authentication request to be approved by Google. It does NOT require modifications to any OpenID 2.0 compatible library that I can tell. It DOES recommend modifying your login UI to provide 'login with google', which is just a shortcut to going to OpenID on the special google openid URL.
They list a couple sites on the google group as having been authorized. I found google's special openid url and tried it on livejournal, twitterfeed (not listed on their approved sites list) and on one of the approved sites. Here's my results:
Livejournal: LJ gave me an error. I guess LJ is still 1.0, though I have no proof. Twitterfeed: Google gave me an error, saying I wasn't authorized to perform the action. The approved site gave me a 'login with google' option and also a 'login with openid' option. I used the openid one and put in the google openid URL. It brought me to the google openid signin page.
Nowhere did I enter in any personally identifiable information to any of these websites, it uses the same trick yahoo does where you can just put in yahoo.com and it'll work, and respond with the email if I allow it access (except currently google's openid URL is much more awkward). I'm not convinced that anything is going against the OpenID 2.0 spec here, though the fact that every site that wants to support this has to request permission seems kind of odd.
Except that amazon is listed right there in the article, at the very bottom (168 million). This is a misleading headline anyway, since it's Google, then YouTube/Other Google Sites, then All Yahoo Sites. Who knows, maybe all those searches were on google maps and gmail?
Why? Carmack wrote his first games for machines that had much less power than an iPhone. I think it'd actually be really fun to make a game that's really complex and pushing the limits of the hardware, even/especially if the hardware is really constrained; one would have to do clever tricks instead of brute-forcing the solution ("Oh by the time I release this, the GeForce 1 hojillion will be out and everyone will have 128 cores at 10 GHz each, and I can actually do this!")
So wait, because what emits noise is a certain way, and of certain dimensions, the things that pick up the noise had to change to accommodate? It works both ways. If our peak hearing range was tuned to listen to, say, the sound of a baby crying (note this is before puberty would have changed the frequency range common for use in adult communication), or the sound of one of our most common predators, or something similar, I imagine that spoken language communication would have adjusted itself to the hearing range rather than the other way around. Something that is variable amongst many humans seems most likely to be something that evolution would play with. I can't change what frequencies I'm listening for, but I can easily change what frequencies I'm emitting, and imagine that over time evolution would favor those that didn't have to do as many changes to effectively communicate in the most sensitive range, as opposed to people wildly/randomly communicating at a certain frequency range and then evolution getting better at understanding it.
Stop using verizon. My phone uses bluetooth (no cable involved) and windows treats it like a file system (IBM/Lenovo laptop) that I can browse and move stuff to/from the phone whenever I want. Mac OS X uses the bluetooth file transfer utility, and I think you have to do that if you're using a non-IBM/lenovo laptop as well (or an IBM/Lenovo laptop without their bluetooth stack). I use Cingular. Most GSM phones are the same. Verizon is the only one to cripple their bluetooth so badly, that I know of.
They did include auto-healing. And a way that allows you to specify when people heal, when people attack, whether or not they do it automatically or not, etc. You don't want them to do something/anything? They don't do it. You want them to cast Cure whenever they can if an Ally is below 50% health? Yeah, they can do that automatically too.
You CAN treat it like the other games, but guess what most of the other games were? Mashing the A/X/whatever button to accept the default menu option of attack, or down, X, down a bunch of times, X, to cast Firaga/Fire3/Whatever. Big deal. Unless there's strategy involved, I don't feel the need to destroy my thumb and my controller's buttons.. But if you want to, go right ahead -- the game isn't stopping you and removing all control over your characters, it's just removing the mind-numbingly boring generic fight scenes that have plagued the series since its inception. Is a random battle on a huge, open plain where a 40 foot tall monster snuck up on you, and now you have to hold down the X button on your turbo controller to 'Attack' it to death so much better than FFXII's system where you get to see them coming, run in a realistic fashion (and draw aggro), and take a hands-off / high-level approach to control the flow of the battle instead of the individual movements of each character?
And with that new enhancement to iTunes to allow people to get the (purchased!) data back off an iPod... it seems pretty obvious that this is where apple is heading. Previously, you would have been able to purchase it to the iPod and then it would have been stuck there. No more.
Encryption isn't magic. All you've done is substitute one set of unique information for another set of unique information, the fact that the information means nothing to you doesn't change it. If I read "CastrTroy, 1234-5678-9012-3456, 12/09" from a credit card, stuck ", $1000" on the end and sent it to the credit card company, that's no different than being able to read "oinasdfomasdfpmweasdfhqervsad, $1000". The credit card company still associates that random crap with you. It's always the same, so it means nothing.
There are ways around this, but maintaining the physical security of the card is one of the better ways. Not being able to shoot your wallet with radiation and get money back seems like a good first step.. having the data only available after physically plugging/sliding the card in to a reader AND be encrypted while still on the card (smart chip) using a public key granted to the store (so the store would be able to reproduce the data, but you wouldn't have any real information available to you to use on a different place, so all the stolen transactions are quite quickly tracked back) would be a good first start.
There's probably flaws in that plan that I'm unaware of.. though the fact that my credit card has one of these chips and I didn't ask for it to and have no idea how to turn it off is one of the flaws, I'm suspecting.:P
That makes sense. I wish that some other terminology had been used for distinguishing between physical size and lane count, but oh well. Thanks for the info!
Ok, I know I don't understand PCI Express, but isn't that 2*x16, and 2*x8? Yeah, it's 48 PCI-Express lanes, according to the page.. but saying that there's 4 x16 ports is a bit confusing, is it not?
U3 could be anything, a hardware technology, or whatever. None of the stickers made me think that just plugging it in was going to make it run something. I didn't get to the included apps, because to get to them, you plug it in and OH SHIT there they are.
NEVER NEVER NEVER NEVER NEVER (can I say this enough) run shit without asking the user. EVER. That's what I'm saying. I wouldn't have minded if it was there, and I could run it on my own, but that's not what happened.
I know how to turn it off, I shouldn't have to. The vista method someone else responded with works well. Pop up a dialog before running anything untrusted, and I'm sorry.. random disc goes in my computer, I don't automatically give anything and everything on it the same privileges my user has.
People only expect something to happen when they put that CD in their computer because it has always happened that way in their mind (well, anyone who started using CDs with Windows 95+). Floppies didn't usually do this. DOS didn't do this. MacOS X doesn't do this (it'll pop up a finder window, but that's about it).
Your parents are capable of following instructions, I'm sure? "Put the CD in the drive, wait 5 seconds. Double click the "My Computer" icon on the desktop (I hope you didn't rename it), then double click the CD icon, double click the program that says Install " isn't much harder than "Put the CD in the drive, wait 5 seconds. Depending on how your computer is set up, it might pop up automatically, or you might have to double click the "My Computer" icon (I hope you didn't rename it), then double click the CD icon, then double click the program that says Install ".
I had no idea what U3 was when I bought it, I certainly would have thought it would be opt-in. There was no information I could find that said "OMG We're installing stuff immediately!!eleven", and I went and looked after it did it. I see the U3 logo all over the place, but no information about its nasty behavior. Anyway, is this why the thumb drive doesn't get the proper removable usb icon when I plug it in to the mac? grr. So, in attempts to intentionally screw over (sorry, "help") the windows users, they screwed up the standards that say they really should be broadcasting this bit saying they're removable, and made it not as pleasant on the mac.
I've learned something here, it was bothering me why it didn't have the proper icon, now I know.
Slashdot Mirror
So as a cyclist, you would love for people who are riding things that weigh a lot more than you do and which can hit a hole and fly in to you at any moment.. to take their eyes off of the road, look down, refocus their eyes on their gas tank, make sure they're going a legal speed, and then look back up.
You should explain why you would prefer this situation over having the information already available to the motorcyclist without moving the head/refocusing the eyes at all.
RFID cards are pretty insecure, since there's no requirement that the user do anything before you can steal the data. I don't even know why they bothered with them. Once you have multiple cards with identical NFC systems in a physical wallet, you can't even use the excuse that it lets you tap your wallet without taking out the card. Most people have more than one credit card.
NFC in phones is neat. You don't have to use it for wallet-like stuff, you can use it for things that previously people would use IrDA (infrared) for: moving contacts, etc. It's only on when your screen is on, their antennas are pretty awful so they really only work rather close, and every thing I've seen that reads from the phone has an action the user of the phone has to take (i.e. google wallet: you have to enter a pin, android beam you have to 'tap to beam' from the source phone, etc.) NFC in phones isn't scary, but yes it can be disabled easily if you'd rather not have the rather minimal battery drain.
Electronic wallets will be nice, because it will hopefully let you get rid of all of those 'loyalty' cards: http://tomfishburne.com/2012/01/loyalty.html
Using credit cards, *if you have the money to do so and pay it off every month* is a no-brainer. Get a rewards card and an interest-bearing checking account, and you get some more interest collected in the checking account until the credit card bill is paid, and the rewards from the credit card, even at 2%, are rather nice. Plus usually credit cards have other perks (if someone steals my wallet, I'm not responsible for the charges. I am out all of the cash they just stole though), often there's complimentary travel insurance, etc.
Now, credit cards charge fees to the merchants, so using them at stores you really like, or smaller chains might not be a 'nice' thing to do. But at large chains which have likely 1: negotiated lower fees and 2: have such a high percentage of people paying with cards that they already have adjusted their pricing of goods to accommodate for the likelihood of someone paying with a card, I don't feel guilty at all.
So in conclusion:
RFID (NFC) physical credit cards (without any second factor): dumb
Credit cards vs. cash: credit cards all the way.
Actually carrying a balance on credit cards: exceedingly dumb
Different mentality for cash vs. credit card: well, just know that it exists and intentionally go against that behavior, if you like. I'm very lucky to have a job and to not live paycheck to paycheck, so I can afford to have the 'credit card mentality' of comparing benefits before comparing price.
Actually I'm pretty sure it was at least her third husband. She was cheating on [then-current] husband with [former, second] husband, and putting the child of [former, first] husband in danger. This woman sounds like a class-act all around.
Obviously this assumes that 1) Currently unbricked kindles can be re-associated with a different account, and 2) The person it was stolen from can still brick a kindle even after re-association for a period of time, in case the first thing the thief does is re-associate it. Say, 48 hours to report your kindle stolen to Amazon, and they'll still disable it [and remove any charges made to your account, if that's possible from the Kindle, etc.].
Why not just provide a way to disable the kindle that is associated with an amazon account until that same account enables it again? Then I can disable it if I left it somewhere.. if I recover it, I can enable it. No one else can. The kindle should not say what the name of the account is or anything that the thieves can use to identify what account to try to hack in to either. There shouldn't need to be any human involvement in here, I've already authenticated who I am by being able to login (with a password, auto-login should not be sufficient).
I think so. I don't think they even intend to announce that they support OpenID. I think they're using it as a protocol because all the libraries are already written, but they recognize that you can't just go to random_website.com and use their id URL since 1) they won't let random_website.com use this service, and 2) their id URL is really really weird at the moment (and doesn't use email addresses or any personally identifiable information, sorry everyone else commenting).
I believe the story is just FUD, all around. The summary is wrong (it says it's not OpenID 2.0, Google's page says to use any OpenID 2.0 library). Google hasn't announced they're supporting OpenID, but they are [at least planning on] providing a service that uses OpenID under the hood to do OpenID-like things (namely a "Login With Google" option). I will be very surprised if Google advertises that they support OpenID and that everyone's gmail account is OpenID enabled with this implementation, since it's definitely not going to work for the vast majority of sites.
Actually, it IS OpenID 2.0 compatible from what I can tell, but the id to use is obscure. It is NOT backwards compatible to OpenID 1.0. It DOES require the site doing the authentication request to be approved by Google. It does NOT require modifications to any OpenID 2.0 compatible library that I can tell. It DOES recommend modifying your login UI to provide 'login with google', which is just a shortcut to going to OpenID on the special google openid URL.
They list a couple sites on the google group as having been authorized. I found google's special openid url and tried it on livejournal, twitterfeed (not listed on their approved sites list) and on one of the approved sites. Here's my results:
Livejournal: LJ gave me an error. I guess LJ is still 1.0, though I have no proof.
Twitterfeed: Google gave me an error, saying I wasn't authorized to perform the action.
The approved site gave me a 'login with google' option and also a 'login with openid' option. I used the openid one and put in the google openid URL. It brought me to the google openid signin page.
Nowhere did I enter in any personally identifiable information to any of these websites, it uses the same trick yahoo does where you can just put in yahoo.com and it'll work, and respond with the email if I allow it access (except currently google's openid URL is much more awkward). I'm not convinced that anything is going against the OpenID 2.0 spec here, though the fact that every site that wants to support this has to request permission seems kind of odd.
Except that amazon is listed right there in the article, at the very bottom (168 million). This is a misleading headline anyway, since it's Google, then YouTube/Other Google Sites, then All Yahoo Sites. Who knows, maybe all those searches were on google maps and gmail?
Why? Carmack wrote his first games for machines that had much less power than an iPhone. I think it'd actually be really fun to make a game that's really complex and pushing the limits of the hardware, even/especially if the hardware is really constrained; one would have to do clever tricks instead of brute-forcing the solution ("Oh by the time I release this, the GeForce 1 hojillion will be out and everyone will have 128 cores at 10 GHz each, and I can actually do this!")
So wait, because what emits noise is a certain way, and of certain dimensions, the things that pick up the noise had to change to accommodate? It works both ways. If our peak hearing range was tuned to listen to, say, the sound of a baby crying (note this is before puberty would have changed the frequency range common for use in adult communication), or the sound of one of our most common predators, or something similar, I imagine that spoken language communication would have adjusted itself to the hearing range rather than the other way around. Something that is variable amongst many humans seems most likely to be something that evolution would play with. I can't change what frequencies I'm listening for, but I can easily change what frequencies I'm emitting, and imagine that over time evolution would favor those that didn't have to do as many changes to effectively communicate in the most sensitive range, as opposed to people wildly/randomly communicating at a certain frequency range and then evolution getting better at understanding it.
Having had to deal with their stuff, I really wish something had been around to warn me back then.
Yeah, you tell that MOFO.
Stop using verizon. My phone uses bluetooth (no cable involved) and windows treats it like a file system (IBM/Lenovo laptop) that I can browse and move stuff to/from the phone whenever I want. Mac OS X uses the bluetooth file transfer utility, and I think you have to do that if you're using a non-IBM/lenovo laptop as well (or an IBM/Lenovo laptop without their bluetooth stack). I use Cingular. Most GSM phones are the same. Verizon is the only one to cripple their bluetooth so badly, that I know of.
They already are sending me CAPTCHA'd images.
I had no idea you could do that, I was just asking someone earlier today actually.
n dows_xp.htm describes how to do it.
http://www.petri.co.il/disable_balloon_tips_in_wi
They did include auto-healing. And a way that allows you to specify when people heal, when people attack, whether or not they do it automatically or not, etc. You don't want them to do something/anything? They don't do it. You want them to cast Cure whenever they can if an Ally is below 50% health? Yeah, they can do that automatically too.
You CAN treat it like the other games, but guess what most of the other games were? Mashing the A/X/whatever button to accept the default menu option of attack, or down, X, down a bunch of times, X, to cast Firaga/Fire3/Whatever. Big deal. Unless there's strategy involved, I don't feel the need to destroy my thumb and my controller's buttons.. But if you want to, go right ahead -- the game isn't stopping you and removing all control over your characters, it's just removing the mind-numbingly boring generic fight scenes that have plagued the series since its inception. Is a random battle on a huge, open plain where a 40 foot tall monster snuck up on you, and now you have to hold down the X button on your turbo controller to 'Attack' it to death so much better than FFXII's system where you get to see them coming, run in a realistic fashion (and draw aggro), and take a hands-off / high-level approach to control the flow of the battle instead of the individual movements of each character?
hehe he said pubic.
Opera fanboy alert: Opera doesn't have ad supported mode anymore. Yes, that's right. It's free (cost), even though not free (speech)
And with that new enhancement to iTunes to allow people to get the (purchased!) data back off an iPod... it seems pretty obvious that this is where apple is heading. Previously, you would have been able to purchase it to the iPod and then it would have been stuck there. No more.
Encryption isn't magic. All you've done is substitute one set of unique information for another set of unique information, the fact that the information means nothing to you doesn't change it. If I read "CastrTroy, 1234-5678-9012-3456, 12/09" from a credit card, stuck ", $1000" on the end and sent it to the credit card company, that's no different than being able to read "oinasdfomasdfpmweasdfhqervsad, $1000". The credit card company still associates that random crap with you. It's always the same, so it means nothing.
:P
There are ways around this, but maintaining the physical security of the card is one of the better ways. Not being able to shoot your wallet with radiation and get money back seems like a good first step.. having the data only available after physically plugging/sliding the card in to a reader AND be encrypted while still on the card (smart chip) using a public key granted to the store (so the store would be able to reproduce the data, but you wouldn't have any real information available to you to use on a different place, so all the stolen transactions are quite quickly tracked back) would be a good first start.
There's probably flaws in that plan that I'm unaware of.. though the fact that my credit card has one of these chips and I didn't ask for it to and have no idea how to turn it off is one of the flaws, I'm suspecting.
That makes sense. I wish that some other terminology had been used for distinguishing between physical size and lane count, but oh well. Thanks for the info!
Ok, I know I don't understand PCI Express, but isn't that 2*x16, and 2*x8? Yeah, it's 48 PCI-Express lanes, according to the page.. but saying that there's 4 x16 ports is a bit confusing, is it not?
U3 could be anything, a hardware technology, or whatever. None of the stickers made me think that just plugging it in was going to make it run something. I didn't get to the included apps, because to get to them, you plug it in and OH SHIT there they are.
NEVER NEVER NEVER NEVER NEVER (can I say this enough) run shit without asking the user. EVER. That's what I'm saying. I wouldn't have minded if it was there, and I could run it on my own, but that's not what happened.
I know how to turn it off, I shouldn't have to. The vista method someone else responded with works well. Pop up a dialog before running anything untrusted, and I'm sorry.. random disc goes in my computer, I don't automatically give anything and everything on it the same privileges my user has.
People only expect something to happen when they put that CD in their computer because it has always happened that way in their mind (well, anyone who started using CDs with Windows 95+). Floppies didn't usually do this. DOS didn't do this. MacOS X doesn't do this (it'll pop up a finder window, but that's about it).
Your parents are capable of following instructions, I'm sure? "Put the CD in the drive, wait 5 seconds. Double click the "My Computer" icon on the desktop (I hope you didn't rename it), then double click the CD icon, double click the program that says Install " isn't much harder than "Put the CD in the drive, wait 5 seconds. Depending on how your computer is set up, it might pop up automatically, or you might have to double click the "My Computer" icon (I hope you didn't rename it), then double click the CD icon, then double click the program that says Install ".
*shrug*.
I had no idea what U3 was when I bought it, I certainly would have thought it would be opt-in. There was no information I could find that said "OMG We're installing stuff immediately!!eleven", and I went and looked after it did it. I see the U3 logo all over the place, but no information about its nasty behavior. Anyway, is this why the thumb drive doesn't get the proper removable usb icon when I plug it in to the mac? grr. So, in attempts to intentionally screw over (sorry, "help") the windows users, they screwed up the standards that say they really should be broadcasting this bit saying they're removable, and made it not as pleasant on the mac.
I've learned something here, it was bothering me why it didn't have the proper icon, now I know.