Why should it be fixed? Is it broken? In politics I kind of see the point, since it may be good to represent that sector of society. But in Computer Science why? I am all for giving women equal opportunity to enter Computer Science but beyond that I see no advantage. Why are we forcing people into careers that they do not want to do, just to make some statistic match what we think it should be. Maybe just maybe men and women are different, and in general want to do different jobs. This is shown in societies that have are considered to be more equal still have the same gender imbalance. It seems to me that as long as it goes against men it must be at least equal, but if it goes against women nothing. I hear no outcry saying we must imprison more women, or be more lenient with men on crimes, or even provide more support to because men are over-represented it the crime statistics. But if men and women are truly the same shouldn't those figures be the same too?
For me from the opposite side, yes people delaying task can make it go away I get frustrated and just do it myself. It is often less effort to do a task yourself than wait for some lazy person, to get off their buts and do it. Of course this comes with the added reward of no good deed goes unpunished, and people expect you to do it again next time.
I don't think it applies at all really. At least the experiment doesn't really show much. 5 minutes of minesweep instead of starting straight away is not really your typical procrastination is it? It is more like allowing yourself to wind down. The typical procrastination when there is not time limit, is more like at least 2 years of I will get around to it. If there is a time limit, the work is usually done at the last moment, not allowing your sleep deprived mind, to have breaks.
There is no reason to think this would actually scale to real life scenarios. If anything it probably shows that you should take breaks when you are working, more likely if you are not pressed for time.
Also clearly if 20% of adults admit to being procrastinators, (probably in reality more) then there are going to be some achievements made by them.
I fully admit I didn't read the article, its not procrastination, I don't ever intend to do that.
After thinking about this, what randsomware does (I think) I have not written any, is basically it encrypts your data, there is already open source code to do this. The biggest problems are how to get the money without being traced, being located in some third world country would help, and which files not to encrypt, if you make the computer unusable there would not be a way to demand your money if the computer simply did not start up. In fact why would you need to encrypt it at all just replace it with random data, they pay you, you say sorry, no can do. Maybe this is a good idea, that way people who write ransomware may loose there "good" reputation, and fewer people will pay.
Knowing when and which files got encrypted, could help you devise schemes to backup your files and check them so that you could restore them, in the case of attack.
Anti-malware code is a specialized field, and there are fewer than 50 companies who have much marketshare. Entry into this field is a high bar, requiring the trust of many people. Even then, many of the products are of poor quality, and/or have their own unethical behavior. An aspiring anti-malware author will have much greater difficulty breaking into the field than an ordinary app developer. There isn't much of a market for specialized anti-ransomware.
This is a request from one of those companies. It is in that companies interest to keep out as many competitors as it can. I am not saying they are wrong, just saying they have a conflict of interest.
As for trust, I have no real basis to trust these companies any more than any other. Any software that runs on my machine may potential compromise it. Name one sector of software companies that as more then 50 companies having much of a market share? Maybe games? Even still it not unheard of for games to install root kits on machine to stop cheating, or copying.
This is about randsomeware but do about finding faults in it, it is about not releasing the source code of that ransomware so other people can make better versions of it. Just like you don't want to release detailed instructions on how to make a nuclear bomb.
On one hand I can see the point, but understanding how ransomware works may also be useful in protecting yourself against it.
I agree moderating a reply to you or yourself should not be allowed, or possibly someone you replied to. But just because made post in a story shouldn't stop you moderating I generally read post in articles that I am interested in so it severely limits the moderation I can do. Also I think you should be able to change a moderation, I you read a post and think it is valid and then good counter argument is presented you should be able to change your mind.
Your analysis fails to take into account probabilities and long term consequence.
The likely hood of something bad is tiny, but maybe major. so if you calculate the expected value it is minor. Lets apply your analysis to crossing the street say hello to a friend.
1. Something bad, don't cross street nothing happens, nothing happens (ok you may call your friend later and say hi) 2. Something bad, you cross and get hit by a car, you die really bad. 3. Nothing bad, you don't cross same as 1 4. Nothing bad, you cross, you get to chat to a friend.
The fact every action, or inaction in life has risks associated with it, you need to assess those risk and do the action, even if there is a small possibility of something really bad happening, most people in the US drive every day, that is risky you could die.
Now for the long term consequences, if children are not allowed to go outside, walk to school by themselves, that requires parents who are busy, have jobs to go to and are tired, to consistently supervise them outside. They will drive them to school because it is faster, they will not go out as much as the children want because they have other things to do. Or do not enjoy those thing as much as the children do. This will lead to a lot children that are not as independent and active as they could be. That can lead to obesity and shorter lives for a lot of children. Even if the parents go out every time with there kids it may not lead to the children being very independent.
So possibly a few more children may be kidnapped, or killed if every child is not supervised outside (not really clear if that is true, a determined person maybe able to do this anyway), but a lot of children will die sooner the other way.
Governments should provide these in a open standard format, to the public for free. (they must or should have this information already) This should include speed limits, (permanent and temporary) they should have this information, taxes where used to make these roads, knowing how to use these roads to get from one place to another legally should be a public right.
If they are selling this information to companies, in order that they can sell it back to us, is just wrong.
That seems like it could be a good Idea, but if this could be like a laptop but much smaller, I always use it in a docking station anyway I hate using laptop screens. Travel between countries with just this in your pocket, instead of a laptop. No need worry about breaking the screen. Of course it only works if it is significantly more powerful than a phone, and can do what you need it to do as a full computer. Also another advantage for me at least is you can't use it while traveling, so no one can ask me to check my emails.
Not now but could easily be, if this was to become a standard method of payment that banks supported. You could make a usb dongle for old computers. To admit I do not have NFC in my cell phone, it is a feature phone. I don't know which phones do, certainly people in my office do but I do work in the IT industry and that may not be a fair sample. Then again I do not use my phone to make purchases either. people do seem to replace their phone often, every couple of years, not me of course, my phone is 10 years old. I would be willing to purchase a reader for my home computer though, if it meant I would not have to give out random companies on the internet my credit card information.
I admit that there would have to be a transition phase where both methods of payments where accepted, but eventually the old method could be phased out.
My whole problem is it the system is that it doesn't effect you much, nor anyone else, as an individual so you would be willing to accept it. But as a whole they become a monopoly controlling the whole legal system, setting external rates for lawyers, while lowering the cost for themselves. That is why I see it as a risk.
The reader would be in every shop, every cell phone, every computer, the reader could simply be a NFC reader which is in pretty much every smart phone now, the point is the reader does not have to be secure. All it does is, asks the bank I would like to authorize this transaction, the bank says here encrypt random number X appended with the pin with the cards private key. If you made the card itself enter the pin the reader could not even capture the pin (minor point as mentioned before). The user holds down the button which forms a circuit which allows the card to do the encryption.
What does the reader know? How to encrypt X+Pin for a given value of X, maybe the pin? big deal it could not use that ever again because the bank would not ever issue X again. You could also do offline transactions (at the vendors risk) by making X the current time, you would probably want to prefix a type in front of X. No more than 1 transaction within whatever accuracy you deem it is reasonable for a clock to have. You may need an account number there but that could be encrypted too, by sending a public key to the card as part of X.
You still have the problem of the transaction being more than what you think, (currently a problem anyway) There is a solution to this, and probably most credit card fraud, even without the other parts, simply text the person a receipt every time a credit card payment is made.
If you mean you could leave your card a home, or lose it, that is the same with a cash, or any authentication method that is something you have, unless you implant it, I don't want peoples appendages being cut off when people steal your money. "Something you have" I believe is the best form of authentication, because something you know has to be very simple and you cannot tell if someone else has captured it, and something you are, can never be changed, and must be done from a trusted reader, since if that reader captures that information, it can simply resend that information at any time (slightly modified of course since bio-metrics are never exactly the same). Of course you can combine them, but I believe the something you have is an essential part, if you want a high level of security.
Sorry for the long explanation, that is why I didn't want to go into the details of how to implement this.
First electronic payments, and credit are 2 separate things you should be able to use one without the other. You said in your post
Nothing at all to do with privacy
So tracking you down really is not relevant, but with facial recognition getting better all they need is a store camera to track you down, irrelevant on if you pay by cash or electronic methods.
No it is not, maybe you every time you buy on a credit card you worry about it being declined, but I don't, I do not purchase anything on a card that cannot afford to buy with cash.
You could make the same argument with cash, each time you pay for a particular good you, they could say no. I don't beg for anything if the shop doesn't give me the goods, or even slightly annoys me I say stuff off and go somewhere else. If you are talking about the bank kindly letting me take money out of my account, then unless you keep your money under your mattress you have the same scenario when take that money of of your account. You ask for your money and they say certainly SIR. If they refuse to give me my money they will be facing legal action (unless they are insolvent). I am not begging I am demanding nicely. I do accept certain security checks because I don't want them giving my money to anyone.
I understand that, your phone is not a secure anything, but it would require the criminal to actually track you down and steal from you, they could do that without even entering any details. Just like when you type your pin in any EFTPOS machine there can be cameras watching, (if the machine is not itself compromised) or next person can use an infra red camera to get your pin. This of course rely on actual physical access to your card. If your phone is on you and compromised it can broadcast a signal so they can then track you.
The solution doesn't stop you from ever being robbed, they can always just take your card and say give me your pin or I will kill you, but it increases the requirement from anybody in the world can access your money because you gave them your credit card number, to some random web site, to they must have the card, they must know your pin. The having your card is the hardest part since if you don't have it you will report it stolen.
Actually thinking about it, it probably would not need to be any bigger than a sim card, you could have it in a shielded slot on your phone, it physically connects it to your phone ready to authenticate 1 transaction.
The reader doesn't need to be safe just the card, that stores your private key, it would not need to be bigger than a credit card or a usb key. Your chip and pin card should already do a challenge response.
If readers became standard which they would if everybody paid this way then their would be no issue, the reader could even be wireless. I would be happy with that as long as a pin was entered on the device and was part of the challenge response. If you managed to get the pin from the device so what you couldn't make the transaction without the card.
The order also imposes a $50 million judgment against Lumos Labs, which will be suspended due to its financial condition after the company pays $2 million to the Commission. The order requires the company to notify subscribers who signed up for an auto-renewal plan between January 1, 2009 and December 31, 2014 about the FTC action and to provide a means to cancel their subscription.
So what? They shut down after paying only 2 Mil of 50 mil, how much did the directors/owners get in fees/dividends before shut they down. Why would they need to notify subscribers if they are shutting down anyway? What it suggest is they have taken most of the money out of the company already, and using a limited liability company to reduce their bill from 50 million to 2. And may continue to trade under a different holding company.
Oh yes I can quite easily see Insurance companies having there own set of lawyers that they mandate you use, they probably already have a set of lawyers.
Car insurance companies don't own car manufactures. They do not have deals with car companies. In medical insurance if you don't get the treatment you die. Medical cost have spun out of hand. Without actually doing it the experiment I could not tell which way it would go. But I would consider the right to justice a basic human right, not something you should have to insure yourself to get. Going to jail because you can't afford a good lawyer deprives you of part of your life. You can choose not to drive at all if it gets too expensive, you cannot choose not to be sued or wrongfully accused of a crime.
Saving money is not the point, having an efficient system is, the point is insurance can break the free market. If everybody gets lawyer insurance, because it is seen as essential, it will just encourage more litigation, I will cost you nothing to sue, since you have insurance anyway, higher price for lawyers, which will encourage rates. The US has the highest per capita medical spending in the world but ranks 34th in life expectancy. Clearly money well spent.
Have a external non-programmable card plugged in do a challenge response authentication. Make there be a physical action that must be performed on that card, eg enter pin, press a button.
Your details cannot be stolen since you never give them out. Your computer cannot just authenticate transactions on bulk because you need to press that button each time. This could also be a good way of logging into places.
You forgot that is just the earth, what about every other planets? You might say well it happened on earth, but that really that is just survivor bias. If it happened on mars we would be saying what are the chances of it happening on mars. Kind of like saying why is the right key always the last one I check.
I agree, A device where you can download and install arbitrary software from the internet is not a place where I want the authentication method for monetary transactions to be kept. Yes I know buying things online counts, but there is a solution for that too.
They did get away with it, https://gigaom.com/2013/01/31/... give me $24 Mil in revenue a year, I will gladly pay a one off $2 Mill fine, change my wording slightly e.g. stick the word "may" in it somewhere and continue trading as normal.
Slashdot Mirror
Why should it be fixed? Is it broken? In politics I kind of see the point, since it may be good to represent that sector of society. But in Computer Science why? I am all for giving women equal opportunity to enter Computer Science but beyond that I see no advantage. Why are we forcing people into careers that they do not want to do, just to make some statistic match what we think it should be. Maybe just maybe men and women are different, and in general want to do different jobs. This is shown in societies that have are considered to be more equal still have the same gender imbalance. It seems to me that as long as it goes against men it must be at least equal, but if it goes against women nothing. I hear no outcry saying we must imprison more women, or be more lenient with men on crimes, or even provide more support to because men are over-represented it the crime statistics. But if men and women are truly the same shouldn't those figures be the same too?
For me from the opposite side, yes people delaying task can make it go away I get frustrated and just do it myself. It is often less effort to do a task yourself than wait for some lazy person, to get off their buts and do it. Of course this comes with the added reward of no good deed goes unpunished, and people expect you to do it again next time.
There is some wisdom in Wally's philosophy http://dilbert.com/strip/2015-...
I don't think it applies at all really. At least the experiment doesn't really show much. 5 minutes of minesweep instead of starting straight away is not really your typical procrastination is it? It is more like allowing yourself to wind down. The typical procrastination when there is not time limit, is more like at least 2 years of I will get around to it. If there is a time limit, the work is usually done at the last moment, not allowing your sleep deprived mind, to have breaks.
There is no reason to think this would actually scale to real life scenarios. If anything it probably shows that you should take breaks when you are working, more likely if you are not pressed for time.
Also clearly if 20% of adults admit to being procrastinators, (probably in reality more) then there are going to be some achievements made by them.
I fully admit I didn't read the article, its not procrastination, I don't ever intend to do that.
After thinking about this, what randsomware does (I think) I have not written any, is basically it encrypts your data, there is already open source code to do this. The biggest problems are how to get the money without being traced, being located in some third world country would help, and which files not to encrypt, if you make the computer unusable there would not be a way to demand your money if the computer simply did not start up. In fact why would you need to encrypt it at all just replace it with random data, they pay you, you say sorry, no can do. Maybe this is a good idea, that way people who write ransomware may loose there "good" reputation, and fewer people will pay.
Knowing when and which files got encrypted, could help you devise schemes to backup your files and check them so that you could restore them, in the case of attack.
Anti-malware code is a specialized field, and there are fewer than 50 companies who have much marketshare. Entry into this field is a high bar, requiring the trust of many people. Even then, many of the products are of poor quality, and/or have their own unethical behavior. An aspiring anti-malware author will have much greater difficulty breaking into the field than an ordinary app developer. There isn't much of a market for specialized anti-ransomware.
This is a request from one of those companies. It is in that companies interest to keep out as many competitors as it can. I am not saying they are wrong, just saying they have a conflict of interest.
As for trust, I have no real basis to trust these companies any more than any other. Any software that runs on my machine may potential compromise it. Name one sector of software companies that as more then 50 companies having much of a market share? Maybe games? Even still it not unheard of for games to install root kits on machine to stop cheating, or copying.
This is about randsomeware but do about finding faults in it, it is about not releasing the source code of that ransomware so other people can make better versions of it. Just like you don't want to release detailed instructions on how to make a nuclear bomb.
On one hand I can see the point, but understanding how ransomware works may also be useful in protecting yourself against it.
I agree moderating a reply to you or yourself should not be allowed, or possibly someone you replied to. But just because made post in a story shouldn't stop you moderating I generally read post in articles that I am interested in so it severely limits the moderation I can do. Also I think you should be able to change a moderation, I you read a post and think it is valid and then good counter argument is presented you should be able to change your mind.
Your analysis fails to take into account probabilities and long term consequence.
The likely hood of something bad is tiny, but maybe major. so if you calculate the expected value it is minor. Lets apply your analysis to crossing the street say hello to a friend.
1. Something bad, don't cross street nothing happens, nothing happens (ok you may call your friend later and say hi)
2. Something bad, you cross and get hit by a car, you die really bad.
3. Nothing bad, you don't cross same as 1
4. Nothing bad, you cross, you get to chat to a friend.
The fact every action, or inaction in life has risks associated with it, you need to assess those risk and do the action, even if there is a small possibility of something really bad happening, most people in the US drive every day, that is risky you could die.
Now for the long term consequences, if children are not allowed to go outside, walk to school by themselves, that requires parents who are busy, have jobs to go to and are tired, to consistently supervise them outside. They will drive them to school because it is faster, they will not go out as much as the children want because they have other things to do. Or do not enjoy those thing as much as the children do. This will lead to a lot children that are not as independent and active as they could be. That can lead to obesity and shorter lives for a lot of children. Even if the parents go out every time with there kids it may not lead to the children being very independent.
So possibly a few more children may be kidnapped, or killed if every child is not supervised outside (not really clear if that is true, a determined person maybe able to do this anyway), but a lot of children will die sooner the other way.
Governments should provide these in a open standard format, to the public for free. (they must or should have this information already) This should include speed limits, (permanent and temporary) they should have this information, taxes where used to make these roads, knowing how to use these roads to get from one place to another legally should be a public right.
If they are selling this information to companies, in order that they can sell it back to us, is just wrong.
That seems like it could be a good Idea, but if this could be like a laptop but much smaller, I always use it in a docking station anyway I hate using laptop screens. Travel between countries with just this in your pocket, instead of a laptop. No need worry about breaking the screen. Of course it only works if it is significantly more powerful than a phone, and can do what you need it to do as a full computer. Also another advantage for me at least is you can't use it while traveling, so no one can ask me to check my emails.
Not now but could easily be, if this was to become a standard method of payment that banks supported. You could make a usb dongle for old computers. To admit I do not have NFC in my cell phone, it is a feature phone. I don't know which phones do, certainly people in my office do but I do work in the IT industry and that may not be a fair sample. Then again I do not use my phone to make purchases either. people do seem to replace their phone often, every couple of years, not me of course, my phone is 10 years old. I would be willing to purchase a reader for my home computer though, if it meant I would not have to give out random companies on the internet my credit card information.
I admit that there would have to be a transition phase where both methods of payments where accepted, but eventually the old method could be phased out.
My whole problem is it the system is that it doesn't effect you much, nor anyone else, as an individual so you would be willing to accept it. But as a whole they become a monopoly controlling the whole legal system, setting external rates for lawyers, while lowering the cost for themselves. That is why I see it as a risk.
The reader would be in every shop, every cell phone, every computer, the reader could simply be a NFC reader which is in pretty much every smart phone now, the point is the reader does not have to be secure. All it does is, asks the bank I would like to authorize this transaction, the bank says here encrypt random number X appended with the pin with the cards private key. If you made the card itself enter the pin the reader could not even capture the pin (minor point as mentioned before). The user holds down the button which forms a circuit which allows the card to do the encryption.
What does the reader know? How to encrypt X+Pin for a given value of X, maybe the pin? big deal it could not use that ever again because the bank would not ever issue X again. You could also do offline transactions (at the vendors risk) by making X the current time, you would probably want to prefix a type in front of X. No more than 1 transaction within whatever accuracy you deem it is reasonable for a clock to have. You may need an account number there but that could be encrypted too, by sending a public key to the card as part of X.
You still have the problem of the transaction being more than what you think, (currently a problem anyway) There is a solution to this, and probably most credit card fraud, even without the other parts, simply text the person a receipt every time a credit card payment is made.
If you mean you could leave your card a home, or lose it, that is the same with a cash, or any authentication method that is something you have, unless you implant it, I don't want peoples appendages being cut off when people steal your money. "Something you have" I believe is the best form of authentication, because something you know has to be very simple and you cannot tell if someone else has captured it, and something you are, can never be changed, and must be done from a trusted reader, since if that reader captures that information, it can simply resend that information at any time (slightly modified of course since bio-metrics are never exactly the same). Of course you can combine them, but I believe the something you have is an essential part, if you want a high level of security.
Sorry for the long explanation, that is why I didn't want to go into the details of how to implement this.
First electronic payments, and credit are 2 separate things you should be able to use one without the other. You said in your post
Nothing at all to do with privacy
So tracking you down really is not relevant, but with facial recognition getting better all they need is a store camera to track you down, irrelevant on if you pay by cash or electronic methods.
No it is not, maybe you every time you buy on a credit card you worry about it being declined, but I don't, I do not purchase anything on a card that cannot afford to buy with cash.
You could make the same argument with cash, each time you pay for a particular good you, they could say no. I don't beg for anything if the shop doesn't give me the goods, or even slightly annoys me I say stuff off and go somewhere else. If you are talking about the bank kindly letting me take money out of my account, then unless you keep your money under your mattress you have the same scenario when take that money of of your account. You ask for your money and they say certainly SIR. If they refuse to give me my money they will be facing legal action (unless they are insolvent). I am not begging I am demanding nicely. I do accept certain security checks because I don't want them giving my money to anyone.
I understand that, your phone is not a secure anything, but it would require the criminal to actually track you down and steal from you, they could do that without even entering any details. Just like when you type your pin in any EFTPOS machine there can be cameras watching, (if the machine is not itself compromised) or next person can use an infra red camera to get your pin. This of course rely on actual physical access to your card. If your phone is on you and compromised it can broadcast a signal so they can then track you.
The solution doesn't stop you from ever being robbed, they can always just take your card and say give me your pin or I will kill you, but it increases the requirement from anybody in the world can access your money because you gave them your credit card number, to some random web site, to they must have the card, they must know your pin. The having your card is the hardest part since if you don't have it you will report it stolen.
Actually thinking about it, it probably would not need to be any bigger than a sim card, you could have it in a shielded slot on your phone, it physically connects it to your phone ready to authenticate 1 transaction.
The reader doesn't need to be safe just the card, that stores your private key, it would not need to be bigger than a credit card or a usb key. Your chip and pin card should already do a challenge response.
This http://www.slipperybrick.com/2... has data entry any processing (power could be supplied by the reader) that is 7 years ago.
If readers became standard which they would if everybody paid this way then their would be no issue, the reader could even be wireless. I would be happy with that as long as a pin was entered on the device and was part of the challenge response. If you managed to get the pin from the device so what you couldn't make the transaction without the card.
That is a bit confusing really,
The order also imposes a $50 million judgment against Lumos Labs, which will be suspended due to its financial condition after the company pays $2 million to the Commission. The order requires the company to notify subscribers who signed up for an auto-renewal plan between January 1, 2009 and December 31, 2014 about the FTC action and to provide a means to cancel their subscription.
So what? They shut down after paying only 2 Mil of 50 mil, how much did the directors/owners get in fees/dividends before shut they down. Why would they need to notify subscribers if they are shutting down anyway? What it suggest is they have taken most of the money out of the company already, and using a limited liability company to reduce their bill from 50 million to 2. And may continue to trade under a different holding company.
Oh yes I can quite easily see Insurance companies having there own set of lawyers that they mandate you use, they probably already have a set of lawyers.
Car insurance companies don't own car manufactures. They do not have deals with car companies. In medical insurance if you don't get the treatment you die. Medical cost have spun out of hand. Without actually doing it the experiment I could not tell which way it would go. But I would consider the right to justice a basic human right, not something you should have to insure yourself to get. Going to jail because you can't afford a good lawyer deprives you of part of your life. You can choose not to drive at all if it gets too expensive, you cannot choose not to be sued or wrongfully accused of a crime.
Saving money is not the point, having an efficient system is, the point is insurance can break the free market. If everybody gets lawyer insurance, because it is seen as essential, it will just encourage more litigation, I will cost you nothing to sue, since you have insurance anyway, higher price for lawyers, which will encourage rates. The US has the highest per capita medical spending in the world but ranks 34th in life expectancy. Clearly money well spent.
Have a external non-programmable card plugged in do a challenge response authentication. Make there be a physical action that must be performed on that card, eg enter pin, press a button.
Your details cannot be stolen since you never give them out. Your computer cannot just authenticate transactions on bulk because you need to press that button each time. This could also be a good way of logging into places.
You forgot that is just the earth, what about every other planets? You might say well it happened on earth, but that really that is just survivor bias. If it happened on mars we would be saying what are the chances of it happening on mars. Kind of like saying why is the right key always the last one I check.
I agree, A device where you can download and install arbitrary software from the internet is not a place where I want the authentication method for monetary transactions to be kept. Yes I know buying things online counts, but there is a solution for that too.
They did get away with it, https://gigaom.com/2013/01/31/...
give me $24 Mil in revenue a year, I will gladly pay a one off $2 Mill fine, change my wording slightly e.g. stick the word "may" in it somewhere and continue trading as normal.