Perhaps it is is the stuff of science fiction, but I believe that there exists a huge weakness with biometrics (actually, there are several, and they all come together to be one really big one.)
In a thread above, I posted an example of the problem of making identifications more secure, and how that causes a stronger economic interest to try to get around those more secure systems.
So, the idea here is that if there is a strong enough economic interest, someone will try to find a way of getting around these silly biometric readers.
And so here's my idea: Cloning.
When I first thought of this idea, I imagined some sort of criminal walking around with a baby holding it in front of the bank machine scanner. Actually, it doesn't need to be that inconvenient. Does anyone remember the article about scientists cloning a human ear onto the back of a mouse? If they can do that, it is perfectly conceivable that someone can clone an exact copy of my eye onto the back of a mouse. All someone would need is to carry that strange looking mouse around.
My thesis, once again, is that if the economic gain is large enough, then it will be worth putting the time and effort into getting around the identification system, and if the technology is available and advanced enough, cloning would be able to do it. And while getting access to my bank account may not be worth the trouble, getting access to my bank account, my computer, my house and my workplace may justify the expense involved.
The best part of this is what someone needs to do it--DNA. Heck, we shed plenty of DNA waking up in the morning and walking to the bathroom. It won't take much at all to make the clone. We are a long way away from security guards in front of hair salons, but maybe we should be a little alarmed about securing too many important things on something that may become very easy to copy.
And that is the big crutch of this system for future use.
Today, we use bank card + PINs. If you added to that system an iris scan, the process would be very secure, and then we can talk comfortably about 1 in 10 billion chances.
The thing is, if you were to say to a bank customer, we can make this more secure, if we also scan your iris too...then they won't want to do it. There is no strong interest for them in doing it, and they have to go through a third inconvenient process.
In order to get their irises scanned, you have to give them something, and that, in this instance, is the convenience of not having the card nor the PIN.
With that in mind, my thesis is that we won't have anymore security for very long with this type of system.
Since all you need is the iris to get money of the bank, there will exist an economic interest in figuring out a way of fooling the system. If you needed the card, the PIN and the iris, that economic interest would be squelched by the complexity.
Adding to that the fact that your iris may be the key to a lot of other future uses, like entering your workplace, or turning on your computer, then the economic interest of tricking these systems rises even higher (assuming you can use the same process for any scanner.)
I am reminded by a less complex example of this idea that occured just a few years ago.
California, in 1996, introduced a new PVC plastic driver's license, with digitized photo, special anti-counterfiting materials, blah blah blah.
The California BMV told everyone that this would be a more secure system that would reduce fraud, and expectations were raised. The assumption people were making was "s/he's got the new license, they must be legit."
Shortly after the license introduction, a huge amount of fraudulent licenses came up...perfect copies. It sure annoyed a lot of people, who spent millions getting this system into place, and then having perfect copies coming out.
The copies were genuine, from the BMV. BMV employees were paid as much as $5000 for each license. Since the economic interest of getting a genuine license had risen so much, there existed the a market for spending $5000 for one of those licenses, because you could do so much more with them since they had the reputation for security. If they couldn't do anything for you, except allow you to drive, the no one would be spending $5000 a piece.
All a "mugger" has to do is force you to stand in front of the machine for a few seconds and let your iris be scanned, and then take the proceeds which come out.
Admittedly, the same situation applies to our bank card + PIN scheme, but it is far more difficult for someone to force someone else to insert a card which they may or may not have and enter a pin which they may or may not know under duress. Which is why a person will just wait until after you removed money from the machine before mugging you.
same place, similar idea, different time
on
GEEK Unions?
·
· Score: 1
In case anyone has forgotten, I wrote a similar article about 8 months ago.
I read quickly through the posts, and many of the same ideas came up again. Frustratingly, it seems that many have misread the article (which was endemic to mine too) especially in the way that "union" is interepreted (I certainly wasn't thinking of the UAW when I wrote my article, I don't think Katz was thinking that either.)
Many people point to the IEEE and ACM as organizations something like but not exactly what both our articles propose. After reading the posts to this one, I think that a professional association, like the AMA is more desired over the former two.
Contrary to what many say, I believe that geeks can indeed come together in the form of such an association. While some were interested as a result of my article, I don't think the timing was right.
Damn...I even had a little name for it too...oh well.
As far as I can tell, you can get a hushmail.com account pretty anonymously. No information needs to be given to activate it, and if you are communicating with other hushmail users, your emails are encrypted, and you retrieve your mail through a secure web based interface.
I wonder if the hushmail server is based here in the US...or somewhere else?
--which takes an opposite view...that too much time is wasted on Dr. Evil, and not enough on other characters and Powers himself.
Personally, I find Powers, as a caricature, terribly amusing, at a low consumption level. After about five minutes, I find myself wanting to tear my hair out. The problem I had with the first film is that it was like a Saturday Night Live skit that was too long. (A common criticism.) Nevertheless, I find Powers so interesting, I'll probably see the film anyway.
Quality news and government support
on
DNA Encryption
·
· Score: 1
The BBC is of course state sponsored, by that nasty television tax. The biggest advantage of this has to do with the fact that the UK government forces the BBC to provide programming which the market would not have otherwise done. How big this advantage is, occupies debate. If the market would not have paid for the programming, the audience to see the programming probably doesn't exist either. On the other hand, it does allow some good shows to be produced and perhaps one of them may be a sleeper that suddenly has a tremendous impact on people.
However, privitization of the BBC is always talked about. These days, people in the UK, like here in the US, have access to satellite/cable television. Since there exists a good market for quality programming, there will be a channel with that programming. Competition is hurting the BBC, especially with regards to news. The news.bbc.co.uk web site is outstanding, and it is a result of severe competition in the news industry...huge investments were made to make it possible.
The thing is, the British, in general, have a higher demand for good quality news than Americans do. I need not remind people that the magazine "The Economist" is outstanding, and is not state sponsored.
Quality local news happens in the US, and it is the result of markets. A report is available which shows the percentage of households watching news in metropolitan areas. Columbus, Ohio, my current home, is rather low on the list, despite the size of its metro area population, consequently, the news isn't all that great. On the other hand, the other "C" cities--Cleveland and Cincinnati, are both in the top 10, and the news programming is more diverse and higher quality. Good broadcast jouralists strive to be in the higher rated cities, and it is no coincidence that Cincinnati has been a point on the way for some to become national anchors (including Jerry Springer, which is another story.)
My point is, Americans seem not to demand higher quality news (and it is not like it isn't available...for instance, the Macneil News Hour on PBS is very good, but underwatched. NPR is excellent, and is on par with BBC radio.)
I am not sure about the checks and balances statement. The BBC is more curtailed in coverning British government than American news organizations...because of tradition and law.
I prefer to think of it as obsessiveness on the part of HP. Unlike the TI's, a lot of the functions (like plotting, solving, or looking up equation libraries) were accessed by GUI menus...and that probably was overkill. It looked moderately attractive, but it really slowed performance.
With respect to plotting, which was terribly slower in comparison to the TI's, the HP was set to a bizarrely detailed plot by default, i.e. the amount of points it would calculate before plotting was excessive. Sure the plots were more exact, but unless you changed the default, things went pretty slowly.
But despite the slowness, the little group of people at my high school who owned 48's noted that it seemed like it just took longer for TI owners to do things. The feature set simply was not there, neither was RPN, which has to be experienced, at length, to be appreciated.
As a proud Ohioan...I always will say that our great state is a little bit on the underestimated side (well, except for maybe Dayton, which is just a big suburb of Cincinnati.)
The explanation as to how Cincy beat the other Ohio metropolitan areas is not the most explicit in the world; my impression is that Columbus is the more technology oriented area in Ohio.
Someone said that the Road Runner system in Columbus has the most users of any of the nation's cable modem networks (it certainly was one of the first.) Can anyone confirm that?
parochial schools are expensive too. The high school i graduated from (a catholic school) now costs over 5000 dollars a year. it keeps going up too.
In most states, the average yearly matriculation per student at a public school is at least $5000. That is way more than other nations...even New Zealand, Japan and England are far less (like in the $2000-$3000 range.) Here in Ohio, we spend $11 billion dollars yearly on public education (that's more than 1/3 of the entire state budget) and we are really only in the middle...about $6000 per student.) I guess the big question is...how does it cost so much?
The use of "riding" here is a rather unfortunate because, as you said, it is more likley to imply "moving." She did take the lid off, but, as I remember, the 20/20 documentary that they had on the case said that the burn occured at the drivethrough window. Unfortunately none of those articles are clear enough to direct us one way or another.
Please also read my earlier comments concenring this http://www.slashdot.org/comments.pl?sid=99/03/27 /1612238&threshold=0&commentsort=0&mode=th read&pid=1757#1965
Absolutely! The situation was predicated by several unusual factors:
1. She did in fact put the coffee between her legs. Let's talk about this as a "fact" and ignore the debate about whether it was stupid or not.
2. She received severe burns, costing $12,000 in hospital expenses.
3. The insurance company was not pleased by this...and forced her to sue for damages (not everyone realizes that health insurance companies can do that sort of thing.)
4. You can't just sue a Fortune 500 company for $12000, you need to do it for a "real" some of money.
5. In the course of investigating the company, internal McDonald's memos came to light showing that the company knew that the coffee makers were making coffee that was way too hot, and that customers and employees would be injured. However, they calculated that the injuries and costs/lawsuits associated with them would be less than fixing the makers. Therefore, this was a strong instance of negligence.
6. McDonald's lost primarily on negligence, and the fines were punitive, not in compensation to the person.
7. The fines were lowered to $500,000 anyway (many cases like this end up being reduced anyway.)
8. As far as I know...she still has not received the money.
my first ATM crash...
on
Quickielanch
·
· Score: 1
Actually, I have walked by an ATM machine, an older non-graphical one, that had a *nixy crash dump on it. (I guess I can't say that for sure, but it did not look like anything a Microsoft product would spit out.) I wish I had a camera to catch the moment...that does not happen all that often.
I very happily ran Prodigy with an 8088 and a 12 inch CGA monitor. I think I saw it on a 286 once, and it really did not seem to make all that much of a difference to me.
Slashdot Mirror
Perhaps it is is the stuff of science fiction, but I believe that there exists a huge weakness with biometrics (actually, there are several, and they all come together to be one really big one.)
In a thread above, I posted an example of the problem of making identifications more secure, and how that causes a stronger economic interest to try to get around those more secure systems.
So, the idea here is that if there is a strong enough economic interest, someone will try to find a way of getting around these silly biometric readers.
And so here's my idea: Cloning.
When I first thought of this idea, I imagined some sort of criminal walking around with a baby holding it in front of the bank machine scanner. Actually, it doesn't need to be that inconvenient. Does anyone remember the article about scientists cloning a human ear onto the back of a mouse? If they can do that, it is perfectly conceivable that someone can clone an exact copy of my eye onto the back of a mouse. All someone would need is to carry that strange looking mouse around.
My thesis, once again, is that if the economic gain is large enough, then it will be worth putting the time and effort into getting around the identification system, and if the technology is available and advanced enough, cloning would be able to do it. And while getting access to my bank account may not be worth the trouble, getting access to my bank account, my computer, my house and my workplace may justify the expense involved.
The best part of this is what someone needs to do it--DNA. Heck, we shed plenty of DNA waking up in the morning and walking to the bathroom. It won't take much at all to make the clone. We are a long way away from security guards in front of hair salons, but maybe we should be a little alarmed about securing too many important things on something that may become very easy to copy.
And that is the big crutch of this system for future use.
Today, we use bank card + PINs. If you added to that system an iris scan, the process would be very secure, and then we can talk comfortably about 1 in 10 billion chances.
The thing is, if you were to say to a bank customer, we can make this more secure, if we also scan your iris too...then they won't want to do it. There is no strong interest for them in doing it, and they have to go through a third inconvenient process.
In order to get their irises scanned, you have to give them something, and that, in this instance, is the convenience of not having the card nor the PIN.
With that in mind, my thesis is that we won't have anymore security for very long with this type of system.
Since all you need is the iris to get money of the bank, there will exist an economic interest in figuring out a way of fooling the system. If you needed the card, the PIN and the iris, that economic interest would be squelched by the complexity.
Adding to that the fact that your iris may be the key to a lot of other future uses, like entering your workplace, or turning on your computer, then the economic interest of tricking these systems rises even higher (assuming you can use the same process for any scanner.)
I am reminded by a less complex example of this idea that occured just a few years ago.
California, in 1996, introduced a new PVC plastic driver's license, with digitized photo, special anti-counterfiting materials, blah blah blah.
The California BMV told everyone that this would be a more secure system that would reduce fraud, and expectations were raised. The assumption people were making was "s/he's got the new license, they must be legit."
Shortly after the license introduction, a huge amount of fraudulent licenses came up...perfect copies. It sure annoyed a lot of people, who spent millions getting this system into place, and then having perfect copies coming out.
The copies were genuine, from the BMV. BMV employees were paid as much as $5000 for each license. Since the economic interest of getting a genuine license had risen so much, there existed the a market for spending $5000 for one of those licenses, because you could do so much more with them since they had the reputation for security. If they couldn't do anything for you, except allow you to drive, the no one would be spending $5000 a piece.
All a "mugger" has to do is force you to stand in front of the machine for a few seconds and let your iris be scanned, and then take the proceeds which come out.
Admittedly, the same situation applies to our bank card + PIN scheme, but it is far more difficult for someone to force someone else to insert a card which they may or may not have and enter a pin which they may or may not know under duress. Which is why a person will just wait until after you removed money from the machine before mugging you.
In case anyone has forgotten, I wrote a similar article about 8 months ago.
I read quickly through the posts, and many of the same ideas came up again. Frustratingly, it seems that many have misread the article (which was endemic to mine too) especially in the way that "union" is interepreted (I certainly wasn't thinking of the UAW when I wrote my article, I don't think Katz was thinking that either.)
Many people point to the IEEE and ACM as organizations something like but not exactly what both our articles propose. After reading the posts to this one, I think that a professional association, like the AMA is more desired over the former two.
Contrary to what many say, I believe that geeks can indeed come together in the form of such an association. While some were interested as a result of my article, I don't think the timing was right.
Damn...I even had a little name for it too...oh well.
As far as I can tell, you can get a hushmail.com account pretty anonymously. No information needs to be given to activate it, and if you are communicating with other hushmail users, your emails are encrypted, and you retrieve your mail through a secure web based interface.
I wonder if the hushmail server is based here in the US...or somewhere else?
See the Salon article
--which takes an opposite view...that too much time is wasted on Dr. Evil, and not enough on other characters and Powers himself.
Personally, I find Powers, as a caricature, terribly amusing, at a low consumption level. After about five minutes, I find myself wanting to tear my hair out. The problem I had with the first film is that it was like a Saturday Night Live skit that was too long. (A common criticism.) Nevertheless, I find Powers so interesting, I'll probably see the film anyway.
The BBC is of course state sponsored, by that nasty television tax. The biggest advantage of this has to do with the fact that the UK government forces the BBC to provide programming which the market would not have otherwise done. How big this advantage is, occupies debate. If the market would not have paid for the programming, the audience to see the programming probably doesn't exist either. On the other hand, it does allow some good shows to be produced and perhaps one of them may be a sleeper that suddenly has a tremendous impact on people.
However, privitization of the BBC is always talked about. These days, people in the UK, like here in the US, have access to satellite/cable television. Since there exists a good market for quality programming, there will be a channel with that programming. Competition is hurting the BBC, especially with regards to news. The news.bbc.co.uk web site is outstanding, and it is a result of severe competition in the news industry...huge investments were made to make it possible.
The thing is, the British, in general, have a higher demand for good quality news than Americans do. I need not remind people that the magazine "The Economist" is outstanding, and is not state sponsored.
Quality local news happens in the US, and it is the result of markets. A report is available which shows the percentage of households watching news in metropolitan areas. Columbus, Ohio, my current home, is rather low on the list, despite the size of its metro area population, consequently, the news isn't all that great. On the other hand, the other "C" cities--Cleveland and Cincinnati, are both in the top 10, and the news programming is more diverse and higher quality. Good broadcast jouralists strive to be in the higher rated cities, and it is no coincidence that Cincinnati has been a point on the way for some to become national anchors (including Jerry Springer, which is another story.)
My point is, Americans seem not to demand higher quality news (and it is not like it isn't available...for instance, the Macneil News Hour on PBS is very good, but underwatched. NPR is excellent, and is on par with BBC radio.)
I am not sure about the checks and balances statement. The BBC is more curtailed in coverning British government than American news organizations...because of tradition and law.
I prefer to think of it as obsessiveness on the part of HP. Unlike the TI's, a lot of the functions (like plotting, solving, or looking up equation libraries) were accessed by GUI menus...and that probably was overkill. It looked moderately attractive, but it really slowed performance.
With respect to plotting, which was terribly slower in comparison to the TI's, the HP was set to a bizarrely detailed plot by default, i.e. the amount of points it would calculate before plotting was excessive. Sure the plots were more exact, but unless you changed the default, things went pretty slowly.
But despite the slowness, the little group of people at my high school who owned 48's noted that it seemed like it just took longer for TI owners to do things. The feature set simply was not there, neither was RPN, which has to be experienced, at length, to be appreciated.
As a proud Ohioan...I always will say that our great state is a little bit on the underestimated side (well, except for maybe Dayton, which is just a big suburb of Cincinnati.)
The explanation as to how Cincy beat the other Ohio metropolitan areas is not the most explicit in the world; my impression is that Columbus is the more technology oriented area in Ohio.
Someone said that the Road Runner system in Columbus has the most users of any of the nation's cable modem networks (it certainly was one of the first.) Can anyone confirm that?
parochial schools are expensive too. The high school i graduated from (a catholic school) now costs over 5000 dollars a year. it keeps going up too.
In most states, the average yearly matriculation per student at a public school is at least $5000. That is way more than other nations...even New Zealand, Japan and England are far less (like in the $2000-$3000 range.) Here in Ohio, we spend $11 billion dollars yearly on public education (that's more than 1/3 of the entire state budget) and we are really only in the middle...about $6000 per student.) I guess the big question is...how does it cost so much?
The use of "riding" here is a rather unfortunate because, as you said, it is more likley to imply "moving." She did take the lid off, but, as I remember, the 20/20 documentary that they had on the case said that the burn occured at the drivethrough window. Unfortunately none of those articles are clear enough to direct us one way or another.
7 /1612238&threshold=0&commentsort=0&mode=th read&pid=1757#1965
Please also read my earlier comments concenring this
http://www.slashdot.org/comments.pl?sid=99/03/2
She got what she deserved.
So did McDonald's...and I have no memory of it being in a moving car.
Absolutely! The situation was predicated by several unusual factors:
1. She did in fact put the coffee between her legs. Let's talk about this as a "fact" and ignore the debate about whether it was stupid or not.
2. She received severe burns, costing $12,000 in hospital expenses.
3. The insurance company was not pleased by this...and forced her to sue for damages (not everyone realizes that health insurance companies can do that sort of thing.)
4. You can't just sue a Fortune 500 company for $12000, you need to do it for a "real" some of money.
5. In the course of investigating the company, internal McDonald's memos came to light showing that the company knew that the coffee makers were making coffee that was way too hot, and that customers and employees would be injured. However, they calculated that the injuries and costs/lawsuits associated with them would be less than fixing the makers. Therefore, this was a strong instance of negligence.
6. McDonald's lost primarily on negligence, and the fines were punitive, not in compensation to the person.
7. The fines were lowered to $500,000 anyway (many cases like this end up being reduced anyway.)
8. As far as I know...she still has not received the money.
Actually, I have walked by an ATM machine, an older non-graphical one, that had a *nixy crash dump on it. (I guess I can't say that for sure, but it did not look like anything a Microsoft product would spit out.) I wish I had a camera to catch the moment...that does not happen all that often.
I very happily ran Prodigy with an 8088 and a 12 inch CGA monitor. I think I saw it on a 286 once, and it really did not seem to make all that much of a difference to me.