I use eBay a lot (500+ feedback) and have been mostly happy with them. They occasionally step on little guys, and their terms of service get a little creepier with every rewrite, but I still feel safe using them. They are open about technical problems, they keep the site design simple and clean, and they allow you to use your own HTML code and images in your auctions. And the fee structure has grown slowly and carefully, so it's still a good deal to sell on eBay.
But they are still a monopoly, and ONE OF THESE DAYS, the board of directors will be sitting around, thinking about ways to "monetize", "maximize", and "synergize", and they'll do something that SCREWS everybody. I can just smell it. Any day now, I'm expecting a massive fee increase, or a rewrite in the terms of service ("thanks to our partnership with the RIAA, CD sales are no longer allowed"), or some kind of limitation on the small guys, or something...it's coming... I can feel it.
And now by buying PayPal, they just got a little bigger, and they have just a little more control over your online auction life.....
*checks/etc/protocols* What the hell is protocol 11?
Do routers even route protocol 11? Would it make it to its DoS destination? Interesting. Per usual slashdot behaviour, I haven't read the articles yet, but I hope they discuss this a little more.
Note to Mr. Wheeler: when your shirt is the same color as the background of your web site, you might want to put a thin border around the picture with your favorite free image editing software.. though I'm wondering why exactly your picture is there at all..
"biggest to smallest" is the ISO standard. Read all about it here.
This has always made most sense to me too, and is completely unambiguous. I've been using it in my programs for years now (and since y2k, whenever I write dates by hand, checks, etc) and it looks like now many XML applications use it too.
If you've ever had to write a program to parse non-ISO dates from some other program's output, you'll wish the rest of the world used it too...
I really don't see any need for any other time system, especially one that's based on something OTHER than planetary movements. Yeesh....
On your Red Hat Linux server/firewall/whatever (easily adapted to any NTP setup, really):
ntp.conf:
server time.apple.com
server tick.usno.navy.mil
server tock.usno.navy.mil
# In case the network is down
server 127.127.1.0
fudge 127.127.1.0 stratum 10
and/etc/ntp/step-tickers has the IP addresses for those hosts, all one line (the Red Hat startup script uses these to set the clock at boot, in case it's WAY out of sync.):
Freedom of speech is being able to go in the center of a public square and say whatever you want. It's being able to put your ideas on the front page of a newspaper or pamphlet and distribute it without fear of persecution.
That being said, this may be a useful tool for some people, but I doubt it will be undetectable. Steganography is a tough problem. And encryption won't help you if the stego is detected, because the police will just put you in jail until you give them the key, since you must have something to hide when you use encryption...
hasn't spent much of his academic career breaking other people's cryptography
uses the clout of his dad to get funding
and of course, he's patenting it, which means it won't be of any use to anyone.
My guess is, he found some "smooth noise" generator and thought that it would make a good source of "random numbers", used, e.g., as a key schedule algorithm, and as soon as the patent is published (which it will be, thanks to the dumb patent office), it will be broken (it probably has a short "key" to set initial conditions, which will be easy to break) and this guy will be forgotten.
Though the cartoon connection is kinda cute and might get some press attention.
I was just thinking today, as I was compiling Apache 2.0 and Mozilla 1.0.1 from Rawhide SRPMs, how nice it would be to have a Red Hat 7.3.999 with the new KDE and Gnome (actually, I'm hoping Gnome 2.0 will be nice enough for me to switch back from KDE, or at least have a KDE with more of these little bugs fixed).
And of course I'd want Apache 2.0, Mozilla 1.latest, and whatever else. I guess since the gcc is upgraded this will be 8.0? I hope they change some more stuff besides Gnome, Apache, and GCC to justify a point-oh.
Anyway, I'm anxious for the offical release of whatever this is.
You are buying a lovely, crunchy Cellophane wrapper. It's yours, to do with as you please. You can even share(tm) with a friend! How's that for freedom?
As a bonus, when you buy this Cellophane, you also get a limited right to do certain things with the Box and shiny Plastic Disc inside. You may open the Box with your right hand, remove the Disc with your left, and insert it into an approved Device to view or listen to some Content. There are several Devices you may use for this purpose. After you view or listen to the Content (please do not fast-forward, although there are no commercials [yet], we don't want you getting into the habit), please return it to the box, and lock it away so no one else can use it. In fact if you want to just throw the whole thing away, and buy it again next time you want to view the Content, that's just fine with us. You'll even get another piece of Cellophane!!
how effective is advertisting on a handheld device
on
MP3 for Gameboy
·
· Score: 2
Richmond said the screen will also be used for advertising, meaning that some content could actually be offered with a free, ad-supported model.
Of course, we'll need a metal retainer to keep the screen situated eight inches away from your eyes while the advertisement is playing, but that's being worked on, and as soon as it's finished, the record companies are ready to sign on!
Remember, you're not just bound by a contract to watch all advertising... now you'll also be bound by a handy metal strap!
Why do they call it an exclamation point, when it's clearly not a point, but a point and line? I use exclamation mark. To be consistent with question point... er... question mark.. ?
I just order a PhatStackO'Books and this was one of them, haven't had a chance to read it through yet.
But flipping through, I was surprised how thorough it is. This isn't a book on how to set up your Apple AirPort or something (for some reason that's what I thought it was), it's hardcore on all the details including the radio and communications theory necessary to understand how the 802.11 physical layer works. Looks like the title is absolutely true, this is a definitive guide.
The most interesting thing I saw in my Magic days was the adult that showed up at a tourney. A "real" adult, not a "gamer" adult: neatly-trimmed gray hair & beard, nice clothes, no body odor (let me repeat that: the guy had obviously bathed in the last 24 hours), and an awesome handmade wooden box that he kept his cards in. He lost pretty quickly but obviously this was a guy who occasionaly left his house for reasons other than playing Magic.
For a second I thought I had entered a parallel universe where Magic was a normal leisure activity like any other, where diverse people could get together and play a fun and challenging game.
My fantasy was quickly shattered by a piercing obnoxious nasal laugh from the 300-lb woman in an undersized "I Grock Spock" T-shirt....
Re:Nothing like a little Carmack...
on
Doom3 and OpenGL2.0
·
· Score: 5, Funny
No kidding..
their implementation of hardware displacement
mapping is NOT quad based.... so even
if we don't use it because of the geometry amplification issues, I think it
will serve the noble purpose of killing dead any proposal to implement a quad
based solution.
Yes! I was thinking the same thing myself! Geometry amplification is key here.
support for both the fallback ARB_ extension path (without specular
highlights), and the NV10 NVidia register combiners path...... They don't support NV_vertex_program_1_1, which I use for the NV20
path, and when I hacked my programs back to 1.0 support for testing, an
issue did show up..
Definitely, any fool could see that! Watch those extension paths!
A GL2 driver won't give any theoretical advantage over the current back ends
optimized for cards with 7+ texture capability
It certainly won't! 7+ is definitely not the optimized back-end texture capability quad rendering shade vertex OpenGL. Specular highlight.. Phong.. wireframe.. raycasting... shadow cache.. texture map.. bump map... uh.. BFG 9000!!
ha ha.. it looks like many of my machines already had "ChallengeResponseAuthentication no" for at least the last few months. I'm going to go beat myself in the head with a brick now.
Okay, busy morning but glancing at the news, here's what I see:
There was a bug in the challenge/response code between 3.0-3.2.3. In fact, it's an "overflow" according the advisory. This means to me, it should be a fairly easy fix. Quote:
It is possible for a
remote attacker to send a specially-crafted reply that triggers an
overflow. This can result in a remote denial of service attack on the
OpenSSH daemon or a complete remote compromise.
In addition, this overflow only works when SKEY and/or BSD_AUTH is enabled. But this seems to be "not enabled...in many distributions". How about Linux? However, OpenBSD has BSD_AUTH enabled (natch). Quote:
At least one of these options must be enabled
before the OpenSSH binaries are compiled for the vulnerable condition to
be present. OpenBSD 3.0 and later is distributed with BSD_AUTH enabled.
The SKEY and BSD_AUTH options are not enabled by default in many
distributions.
And now to add insult to injury, the 3.3 I installed yesterday has a new different buffer overflow, so I have to jump to 3.4 now (does it have any new bugs too?)
I don't like to jump versions on production machines. I like to fix what's running for minimum disturbance.
Can someone please explain why this vulnerability was handled this way? Why wasn't there a maintainance release that just fixed the @#$@#% problem?
I know: since the bug affected so many people, Theo thought it would be better to bury the problem in his privsep code, instead of fixing it and letting the blackhats run "diff" and find it for an easy 0-day-'sploit. In other words, security by obscurity, just like the big guys. That stinks, if you ask me.
On the other hand, I charge by the hour when I upgrade my client's machines. So thanks Theo! $-)
1) Nobody is forcing us to work more than the amount necessary to survive. There's no reason why you couldn't get (for example) a part-time job and have a comfortable existence. If more people wanted part-time jobs, it would be more common and acceptable in our society. (i.e., people wouldn't say, hey that guy's lazy, he's wasting himself, selling himself short, etc.)
The problem is, as you say, North American excess and competitive impulses. People feel they have to work more than the next guy so they can buy things they don't need.
2) Mental illness has always been a big issue. But only lately has much of it even been considered "illness". Our understanding of mental illness has broadened considerable. I'd bet that your figure of 500% would apply to diagnoses, not the actually incidents of mental illness. This is what I've read.
What's great about this world is that you can choose your destiny. Nobody forces you to work 10+ hours a day.
I much prefer the problems of today than the problems of the past...
I used the FreeBSD port.. it did it all automatically it seems (and it used/usr/empty). It upgraded openssl as well, hopefully that didn't break anything.
Sure enough, now when I connect, there are 2 daemons, one running as root and the other not.
Does anybody know if there are any problems with FreeBSD (the letter just mentioned OpenBSD and NetBSD)...?
In the world of full disclosure, it's generally considered polite to initially only notify the vendor of a product and allow them a grace period to fix the security hole. This way, when the security hole is publicized, users will (hopefully) have a patch or upgrade to secure their systems.
Well, by releasing the info, the hole HAS been publicized. If you're a black-hat poking around in Apache or Cisco routers or whatever looking for rootable holes, wouldn't you instantly drop what you're doing and start looking for this hole? And if it's possible some already have an exploit, what's Theo waiting for? Give us more details.
I think full disclosure means "full disclosure", not just partial disclosure, not just, hey, there's a show-stopper bug in the code, but I promise if you upgrade it won't affect you. No workarounds, no details, not even if an exploit has been found in the wild or not.
Maybe if we knew the details of the bug we could fix it WITHOUT upgrading to the separated privs code. Maybe he wants us to upgrade to this new code because he thinks it's really cool and it strokes his ego, not because it's the only way to solve the hole.
<theory type="conspiracy">Hell, maybe the OpenSSH server has been hacked by Microsoft and a backdoor added to the new code; this message is a fake to get us to upgrade; and all non-Windows users are doomed....:-o </theory>
Well I just spent a few hours upgrading a handful of openssh installs and firewalling about a dozen others. This is weird though, is there NO other information about this hole except that it's "fixed" by 3.3?
If I have ssh blocked in/etc/hosts.allow, does that stop the bug? If I have AllowRootLogin off, does that stop the bug? Is it SSH protocol 1 or 2? Can this affect existing SSH connections? Is there any other work-around?????
I think we just saw TWO irresponsible announcements in the Open Source world, and I hope it's not a trend.
(SSH is one piece of software I do not like upgrading remotely..)
PS: I haven't gotten his message from Bugtraq yet. In fact I've only gotten 2 messages from Bugtraq today...weird...
Well, I saw a TV ad for Moby's new album the other day. I don't watch much TV, so I don't know if this is common now, but the only TV music ads I remember seeing recently were for Madonna, Yanni, and now Moby.
I think he's just past his prime. And I bet the record labels aren't trying real hard either, especially with all the hip new young talent they have to manufacture and push.
I liked Moby's earlier stuff, but I jumped ship after Everything Is Wrong. There's so much weird and cool stuff out there why stick to the formulaic crap?
I agree with the other posters, this is a bizarre thing for Moby to say. Does he have any proof that people are downloading his music any more than anyone else? Hell, I didn't even bother downloading it, I just don't care about Moby any more, and it's probably the same with most of the music-buying public.
I guess it's an easy thing to say: Hmm, my new album that isn't very good, sounds a lot like my last one, and is being promoted about 1/10 as much as other new albums, and it isn't selling well. MUST BE DEM MP3-TECHNO-SAVVY SONG-SWAPPING MANIACS! Oh yeah, and thanks to Christ, and remember: animals aren't ours to eat, wear, or say bad things about. Peace.
Slashdot Mirror
I use eBay a lot (500+ feedback) and have been mostly happy with them. They occasionally step on little guys, and their terms of service get a little creepier with every rewrite, but I still feel safe using them. They are open about technical problems, they keep the site design simple and clean, and they allow you to use your own HTML code and images in your auctions. And the fee structure has grown slowly and carefully, so it's still a good deal to sell on eBay.
But they are still a monopoly, and ONE OF THESE DAYS, the board of directors will be sitting around, thinking about ways to "monetize", "maximize", and "synergize", and they'll do something that SCREWS everybody. I can just smell it. Any day now, I'm expecting a massive fee increase, or a rewrite in the terms of service ("thanks to our partnership with the RIAA, CD sales are no longer allowed"), or some kind of limitation on the small guys, or something...it's coming... I can feel it.
And now by buying PayPal, they just got a little bigger, and they have just a little more control over your online auction life.....
*checks /etc/protocols* What the hell is protocol 11?
Do routers even route protocol 11? Would it make it to its DoS destination? Interesting. Per usual slashdot behaviour, I haven't read the articles yet, but I hope they discuss this a little more.
Hmm.......
Note to Mr. Wheeler: when your shirt is the same color as the background of your web site, you might want to put a thin border around the picture with your favorite free image editing software.. though I'm wondering why exactly your picture is there at all..
"biggest to smallest" is the ISO standard. Read all about it here. This has always made most sense to me too, and is completely unambiguous. I've been using it in my programs for years now (and since y2k, whenever I write dates by hand, checks, etc) and it looks like now many XML applications use it too.
If you've ever had to write a program to parse non-ISO dates from some other program's output, you'll wish the rest of the world used it too...
I really don't see any need for any other time system, especially one that's based on something OTHER than planetary movements. Yeesh....
On your Red Hat Linux server/firewall/whatever (easily adapted to any NTP setup, really):
/etc/ntp/drift /var/run/ntpd.pid /var/log/ntpd
/etc/ntp/step-tickers has the IP addresses for those hosts, all one line (the Red Hat startup script uses these to set the clock at boot, in case it's WAY out of sync.):
ntp.conf:
server time.apple.com
server tick.usno.navy.mil
server tock.usno.navy.mil
# In case the network is down
server 127.127.1.0
fudge 127.127.1.0 stratum 10
broadcastdelay 0.008
authenticate no
driftfile
pidfile
logfile
and
17.254.0.27 192.5.41.40 192.5.41.41 17.254.0.26 17.254.0.31
Then on your LAN, have all your other machines use this machine as the time server. That's it! Never set a clock again.
It's important to have accurate time for many protocols, including HTTP, and also to timestamp your logs accurately for forensics and evidence.
For even more accurate and secure local timeservers, run a GPS antenna to your roof and buy one of these products.
Freedom of speech is being able to go in the center of a public square and say whatever you want. It's being able to put your ideas on the front page of a newspaper or pamphlet and distribute it without fear of persecution.
That being said, this may be a useful tool for some people, but I doubt it will be undetectable. Steganography is a tough problem. And encryption won't help you if the stego is detected, because the police will just put you in jail until you give them the key, since you must have something to hide when you use encryption...
Yup, all the tell-tale signs are there:
My guess is, he found some "smooth noise" generator and thought that it would make a good source of "random numbers", used, e.g., as a key schedule algorithm, and as soon as the patent is published (which it will be, thanks to the dumb patent office), it will be broken (it probably has a short "key" to set initial conditions, which will be easy to break) and this guy will be forgotten.
Though the cartoon connection is kinda cute and might get some press attention.
Next?
I was just thinking today, as I was compiling Apache 2.0 and Mozilla 1.0.1 from Rawhide SRPMs, how nice it would be to have a Red Hat 7.3.999 with the new KDE and Gnome (actually, I'm hoping Gnome 2.0 will be nice enough for me to switch back from KDE, or at least have a KDE with more of these little bugs fixed).
And of course I'd want Apache 2.0, Mozilla 1.latest, and whatever else. I guess since the gcc is upgraded this will be 8.0? I hope they change some more stuff besides Gnome, Apache, and GCC to justify a point-oh.
Anyway, I'm anxious for the offical release of whatever this is.
You are buying a lovely, crunchy Cellophane wrapper. It's yours, to do with as you please. You can even share(tm) with a friend! How's that for freedom?
As a bonus, when you buy this Cellophane, you also get a limited right to do certain things with the Box and shiny Plastic Disc inside. You may open the Box with your right hand, remove the Disc with your left, and insert it into an approved Device to view or listen to some Content. There are several Devices you may use for this purpose. After you view or listen to the Content (please do not fast-forward, although there are no commercials [yet], we don't want you getting into the habit), please return it to the box, and lock it away so no one else can use it. In fact if you want to just throw the whole thing away, and buy it again next time you want to view the Content, that's just fine with us. You'll even get another piece of Cellophane!!
Richmond said the screen will also be used for advertising, meaning that some content could actually be offered with a free, ad-supported model.
Of course, we'll need a metal retainer to keep the screen situated eight inches away from your eyes while the advertisement is playing, but that's being worked on, and as soon as it's finished, the record companies are ready to sign on!
Remember, you're not just bound by a contract to watch all advertising... now you'll also be bound by a handy metal strap!
Why do they call it an exclamation point, when it's clearly not a point, but a point and line? I use exclamation mark. To be consistent with question point... er... question mark.. ?
YEah, they should've just said:
Whew, fourteen seventieths, that's SOME SERIOUS DOSH! Personally, I'd settle for a mere three twenty-sevenths.
I just order a PhatStackO'Books and this was one of them, haven't had a chance to read it through yet.
But flipping through, I was surprised how thorough it is. This isn't a book on how to set up your Apple AirPort or something (for some reason that's what I thought it was), it's hardcore on all the details including the radio and communications theory necessary to understand how the 802.11 physical layer works. Looks like the title is absolutely true, this is a definitive guide.
Here's a good example of "in rem" sillyness:
These forfeiture laws are a mockery of the constitution and are a throwback to the days when property used in a crime became property of the Crown.
<sarcasm>But hey, none of us are drug dealers so we have nothing to worry about when the government defecates on the constitution, right?</sarcasm>
Oh well.
The most interesting thing I saw in my Magic days was the adult that showed up at a tourney. A "real" adult, not a "gamer" adult: neatly-trimmed gray hair & beard, nice clothes, no body odor (let me repeat that: the guy had obviously bathed in the last 24 hours), and an awesome handmade wooden box that he kept his cards in. He lost pretty quickly but obviously this was a guy who occasionaly left his house for reasons other than playing Magic.
For a second I thought I had entered a parallel universe where Magic was a normal leisure activity like any other, where diverse people could get together and play a fun and challenging game.
My fantasy was quickly shattered by a piercing obnoxious nasal laugh from the 300-lb woman in an undersized "I Grock Spock" T-shirt....
No kidding..
Yes! I was thinking the same thing myself! Geometry amplification is key here.
Definitely, any fool could see that! Watch those extension paths!
It certainly won't! 7+ is definitely not the optimized back-end texture capability quad rendering shade vertex OpenGL. Specular highlight.. Phong.. wireframe.. raycasting ... shadow cache.. texture map.. bump map... uh.. BFG 9000!!
from the look-at-my-tiny-pointer dept.
Hey, it's not the size of your pointing device, it's how fast you can double-click, know what I'm sayin'?
ha ha.. it looks like many of my machines already had "ChallengeResponseAuthentication no" for at least the last few months. I'm going to go beat myself in the head with a brick now.
Okay, busy morning but glancing at the news, here's what I see:
There was a bug in the challenge/response code between 3.0-3.2.3. In fact, it's an "overflow" according the advisory. This means to me, it should be a fairly easy fix. Quote:
In addition, this overflow only works when SKEY and/or BSD_AUTH is enabled. But this seems to be "not enabled...in many distributions". How about Linux? However, OpenBSD has BSD_AUTH enabled (natch). Quote:
And now to add insult to injury, the 3.3 I installed yesterday has a new different buffer overflow, so I have to jump to 3.4 now (does it have any new bugs too?)
I don't like to jump versions on production machines. I like to fix what's running for minimum disturbance.
Can someone please explain why this vulnerability was handled this way? Why wasn't there a maintainance release that just fixed the @#$@#% problem?
I know: since the bug affected so many people, Theo thought it would be better to bury the problem in his privsep code, instead of fixing it and letting the blackhats run "diff" and find it for an easy 0-day-'sploit. In other words, security by obscurity, just like the big guys. That stinks, if you ask me.
On the other hand, I charge by the hour when I upgrade my client's machines. So thanks Theo! $-)
two points, all imho of course:
1) Nobody is forcing us to work more than the amount necessary to survive. There's no reason why you couldn't get (for example) a part-time job and have a comfortable existence. If more people wanted part-time jobs, it would be more common and acceptable in our society. (i.e., people wouldn't say, hey that guy's lazy, he's wasting himself, selling himself short, etc.)
The problem is, as you say, North American excess and competitive impulses. People feel they have to work more than the next guy so they can buy things they don't need.
2) Mental illness has always been a big issue. But only lately has much of it even been considered "illness". Our understanding of mental illness has broadened considerable. I'd bet that your figure of 500% would apply to diagnoses, not the actually incidents of mental illness. This is what I've read.
What's great about this world is that you can choose your destiny. Nobody forces you to work 10+ hours a day.
I much prefer the problems of today than the problems of the past...
I used the FreeBSD port.. it did it all automatically it seems (and it used /usr/empty). It upgraded openssl as well, hopefully that didn't break anything.
Sure enough, now when I connect, there are 2 daemons, one running as root and the other not.
Does anybody know if there are any problems with FreeBSD (the letter just mentioned OpenBSD and NetBSD)...?
In the world of full disclosure, it's generally considered polite to initially only notify the vendor of a product and allow them a grace period to fix the security hole. This way, when the security hole is publicized, users will (hopefully) have a patch or upgrade to secure their systems.
Well, by releasing the info, the hole HAS been publicized. If you're a black-hat poking around in Apache or Cisco routers or whatever looking for rootable holes, wouldn't you instantly drop what you're doing and start looking for this hole? And if it's possible some already have an exploit, what's Theo waiting for? Give us more details.
I think full disclosure means "full disclosure", not just partial disclosure, not just, hey, there's a show-stopper bug in the code, but I promise if you upgrade it won't affect you. No workarounds, no details, not even if an exploit has been found in the wild or not.
Maybe if we knew the details of the bug we could fix it WITHOUT upgrading to the separated privs code. Maybe he wants us to upgrade to this new code because he thinks it's really cool and it strokes his ego, not because it's the only way to solve the hole.
<theory type="conspiracy">Hell, maybe the OpenSSH server has been hacked by Microsoft and a backdoor added to the new code; this message is a fake to get us to upgrade; and all non-Windows users are doomed.... :-o </theory>
Well I just spent a few hours upgrading a handful of openssh installs and firewalling about a dozen others. This is weird though, is there NO other information about this hole except that it's "fixed" by 3.3?
If I have ssh blocked in /etc/hosts.allow, does that stop the bug? If I have AllowRootLogin off, does that stop the bug? Is it SSH protocol 1 or 2? Can this affect existing SSH connections? Is there any other work-around?????
I think we just saw TWO irresponsible announcements in the Open Source world, and I hope it's not a trend.
(SSH is one piece of software I do not like upgrading remotely..)
PS: I haven't gotten his message from Bugtraq yet. In fact I've only gotten 2 messages from Bugtraq today...weird...
Well, I saw a TV ad for Moby's new album the other day. I don't watch much TV, so I don't know if this is common now, but the only TV music ads I remember seeing recently were for Madonna, Yanni, and now Moby.
I think he's just past his prime. And I bet the record labels aren't trying real hard either, especially with all the hip new young talent they have to manufacture and push.
I liked Moby's earlier stuff, but I jumped ship after Everything Is Wrong. There's so much weird and cool stuff out there why stick to the formulaic crap?
I agree with the other posters, this is a bizarre thing for Moby to say. Does he have any proof that people are downloading his music any more than anyone else? Hell, I didn't even bother downloading it, I just don't care about Moby any more, and it's probably the same with most of the music-buying public.
I guess it's an easy thing to say: Hmm, my new album that isn't very good, sounds a lot like my last one, and is being promoted about 1/10 as much as other new albums, and it isn't selling well. MUST BE DEM MP3-TECHNO-SAVVY SONG-SWAPPING MANIACS! Oh yeah, and thanks to Christ, and remember: animals aren't ours to eat, wear, or say bad things about. Peace.
So, if a hacker grabs the data points for the eyes, and starts making some custom contact lenses for a replay attack.. what do we do?
If your credit card's stolen, you get a new one. What about your eyes?
I guess they'll have to fall back to some other identification for all the people with stolen eyes. Thus making the system useless.