Why do we still use words to communicate? For the same reason we program in a text-based language. We demand as much nuance in everyday communication as we do in software development.
I specialize in algorithms and have worked as a principal in VC-backed companies for over 15 years.
They won't care about fine details but they have to understand enough to know:
1) How easy is it to replicate your algorithm? 2) What enhancements/future features do you have in mind to stay ahead of the fast followers? 3) Why are you and your team uniquely able to pull this off?
Give enough details -- in fact, I'd suggest slides directly addressing these questions -- so you can back up the answers.
I don't think they paid for this particular prediction, since he's given it away for free. I doubt they are paying him for any decade-long forecasting. So saying he's supported by large corporations is not germane to the argument.
Just because there is a spike in traffic from Iran doesn't mean they haven't got Stuxnet under control at their nuclear facilities, does it? Maybe the worm is just still in the wild on other machines and the country is infected?
There is no way it is a hash of a fingerprint. What it is is a list of features (minutiae in some systems) of the fingerprint. These features cannot be used to reconstruct the fingerprint. They are, however, usable in other fingerprint systems, and also useful to replay into the same fingerprint system, so they should be treated as confidential/private.
I'm as big a privacy advocate as you'll find. But my main concern has always been that I want my private life to remain private to other humans, so that they could not exploit it for personal gain. Nowadays, there is so much information on so many people that I don't expect to get singled out in this regard. If the details of my private life are only available to and processed by machines, then it's not nearly as big a deal.
Problems occur when that information is available to humans. that is where I draw the line.
I read probably 5-10 articles per day on the NYT website. While there are alternatives for free online news, none match the quality. I don't know if that makes me a power reader or not. I do know it would be a little painful to not have access to at least 2-3 articles per day.
For the 5-10 articles I'd be willing to pay something, but probably $10 per year, not per month. If they are intent on getting it "really, really right" then they need to start with the price. $49.95 / month, as the failed TimesSelect charged, is a non-starter.
I find this to be a narrow-minded view, despite the points well-taken about research getting harder and harder in general.
Case in point: mobile-phone technology. How many patents have been generated from that? How many new jobs around the world? You'd have thought the "hard-part" of basic radio research was over long ago.
Sure, the low-hanging fruit has been plucked. However, we have so much more knowledge to build on and such better tools these days with which to do the research that, even though the overall job is harder, it can be done quicker and more efficiently than ever before.
Curves/trends are useful for predictions, until something comes along that no longer fits. And it's impossible to predict when that something will arrive. But if we don't fund basic research adequately, it'll likely take that much longer.
It is obvious that cell phones are not a safety hazard. That's the lie they want you to believe. If a cell phone could bring down a plane, they'd never allow them on there in the first place, as they'd be an obvious terrorist weapon. Think!
I was speaking in generalities, not your specific case. Obviously, the need for security is related to the pain in losing the device, and I agree that pain has to do with the sensitivity of the data you choose to store on it.
Given that both these models are business phones, users are likely to have sensitive emails and passwords stored on them. If you assume those passwords allow access to corporate databases and other secrets, one can make an argument for these devices containing information that is as valuable as that stored on a laptop.
Therefore, since the devices are easier to lose, the need to protect them is greater.
Millions of laptops are sold with fingerprint scanners nowadays. How many people do you know who have had their fingers cut off to access data? How many people have had their eyeballs popped out to fool retinal and iris scanners?
Most thieves look for convenient opportunities rather than bloody, messy, longer jail-sentence crimes.
And if you insist on fast-forwarding to a future where biometrics are the ONLY way to gain access, why do you assume no one in the future will solve the problem of cut-off fingers fooling a scanner? C'mon!
Why indeed? Encrypt it if you're worried, or for most people, just let the fingerprint unlock the phone so even unencrypted data is somewhat protected.
I think Toshiba is breaking new ground with this phone and its release is likely to start a trend. The need for security is actually higher for a mobile handset than for a laptop, as they get lost far more often.
And despite the various comments about cutting off fingers and lifting fingerprints, have we seen much of that in the laptop world? No. Will it happen one day? Maybe.
I've seen this phone at 3GSM, and the other point that is missing is that the fingerprint reader can also be used as a navigation device, both for menus on the phone itself as well as for a PC in close proximity. At 3GSM they are showing the phone controlling a powerpoint presentation on a laptop.
The whole point is that this shows that biometric templates are privacy-sensitive. Previously it was thought that they could be stored and promulgated without interfering with anyone's privacy, because it was thought to be infeasible to start from the template and reconstruct personally identifiable information about the subject.
No one in the biometrics industry ever thought that!
>Biometrics is something you have, not something you >know. That is > the key thing to learn here!
No. Biometrics is something you *are*. A card or other token is something you have. A password is something you know. They are all distinct and can all be used together.
While this is an interesting expolit, the sky isn't falling. Any and all biometric systems can be exploited, and in similar ways.
However, for this particular exploit to affect passport security and the like, the entire system would have to be automated, so that there would be no one to notice the perpetrator was holding a photo of someone else in front of his face as he walked by.
To guard against exploits like these in totally automated systems, the data that is fed into the matching system should be digitally signed, so that it is clear where the data is coming from (e.g. a real fingerprint sensor, etc.).
Even so, a fake face or a fake finger can indeed spoof many biometric systems. Luckily, border crossings and airport security has humans in the loop to prevent these kind of exploits (or to accept bribes to allow them!).
Slashdot Mirror
But we can draw pictures. Guess you missed that option.
Why do we still use words to communicate? For the same reason we program in a text-based language. We demand as much nuance in everyday communication as we do in software development.
I specialize in algorithms and have worked as a principal in VC-backed companies for over 15 years.
They won't care about fine details but they have to understand enough to know:
1) How easy is it to replicate your algorithm?
2) What enhancements/future features do you have in mind to stay ahead of the fast followers?
3) Why are you and your team uniquely able to pull this off?
Give enough details -- in fact, I'd suggest slides directly addressing these questions -- so you can back up the answers.
VCs never sign NDAs.
I don't think they paid for this particular prediction, since he's given it away for free. I doubt they are paying him for any decade-long forecasting. So saying he's supported by large corporations is not germane to the argument.
Just because there is a spike in traffic from Iran doesn't mean they haven't got Stuxnet under control at their nuclear facilities, does it? Maybe the worm is just still in the wild on other machines and the country is infected?
There is no way it is a hash of a fingerprint. What it is is a list of features (minutiae in some systems) of the fingerprint. These features cannot be used to reconstruct the fingerprint. They are, however, usable in other fingerprint systems, and also useful to replay into the same fingerprint system, so they should be treated as confidential/private.
I'm as big a privacy advocate as you'll find. But my main concern has always been that I want my private life
to remain private to other humans, so that they could not exploit it for personal gain. Nowadays, there is so
much information on so many people that I don't expect to get singled out in this regard. If the details of
my private life are only available to and processed by machines, then it's not nearly as big a deal.
Problems occur when that information is available to humans. that is where I draw the line.
I read probably 5-10 articles per day on the NYT website. While there are alternatives for free online news, none match the quality. I don't know if that makes me a power reader or not. I do know it would be a little painful to not have access to at least 2-3 articles per day.
For the 5-10 articles I'd be willing to pay something, but probably $10 per year, not per month. If they are intent on getting it "really, really right" then they need to start with the price. $49.95 / month, as the failed TimesSelect charged, is a non-starter.
I find this to be a narrow-minded view, despite the points well-taken about research getting harder and harder in general.
Case in point: mobile-phone technology. How many patents have been generated from that? How many new jobs around the world? You'd have thought the "hard-part" of basic radio research was over long ago.
Sure, the low-hanging fruit has been plucked. However, we have so much more knowledge to build on and such better tools these days with which to do the research that, even though the overall job is harder, it can be done quicker and more efficiently than ever before.
Curves/trends are useful for predictions, until something comes along that no longer fits. And it's impossible to predict when that something will arrive. But if we don't fund basic research adequately, it'll likely take that much longer.
Try supergetopt instead. Much easier to use and also open source.. 1.tgz
http://www.ibiblio.org/pub/Linux/devel/sugerget-1
With this code, you simply specify command-line strings and variables in a printf()
style format.
E.g. supergetopt( argc, argv,
"string1", "%d %d", function1,
"string2", "%s", function2 )
will call function1( int a, int b ) when string1 is on the command line,
and will call function2( char *s ) when string2 is used on the command line.
A whole lot easier than gperf, IMHO.
It is obvious that cell phones are not a safety hazard. That's the lie they want you to believe. If a cell phone could bring down a plane, they'd never allow them on there in the first place, as they'd be an obvious terrorist weapon. Think!
I think it's 100,000 since Google has made this technology available. Which means way before yesterday.
So much of what you say is so easily refuted it's not worth the effort. No wonder you posted as an AC.
I was speaking in generalities, not your specific case. Obviously, the need for security is related to the pain in losing the device, and I agree that pain has to do with the sensitivity of the data you choose to store on it.
Given that both these models are business phones, users are likely to have sensitive emails and passwords stored on them. If you assume those passwords allow access to corporate databases and other secrets, one can make an argument for these devices containing information that is as valuable as that stored on a laptop.
Therefore, since the devices are easier to lose, the need to protect them is greater.
Millions of laptops are sold with fingerprint scanners nowadays.
How many people do you know who have had their fingers cut off to access data?
How many people have had their eyeballs popped out to fool retinal and iris scanners?
Most thieves look for convenient opportunities rather than bloody, messy, longer jail-sentence crimes.
And if you insist on fast-forwarding to a future where biometrics are the ONLY way to gain access, why do you assume no one in the future will solve the problem of cut-off fingers fooling a scanner? C'mon!
The difference is that one didn't work very well, drained battery power if used often, and probably didn't have navigation capability.
Why indeed? Encrypt it if you're worried, or for most people, just let the fingerprint unlock the phone so even unencrypted data is somewhat protected.
I think Toshiba is breaking new ground with this phone and its release is likely to start a trend. The need for security is actually higher for a mobile handset than for a laptop, as they get lost far more often.
And despite the various comments about cutting off fingers and lifting fingerprints, have we seen much of that in the laptop world? No. Will it happen one day? Maybe.
I've seen this phone at 3GSM, and the other point that is missing is that the fingerprint reader can also be used as a navigation device, both for menus on the phone itself as well as for a PC in close proximity. At 3GSM they are showing the phone controlling a powerpoint presentation on a laptop.
Very cool!
No one in the biometrics industry ever thought that!
>Biometrics is something you have, not something you >know. That is
> the key thing to learn here!
No. Biometrics is something you *are*. A card
or other token is something you have. A password is something you know. They are all distinct and can all be used together.
While this is an interesting expolit, the sky isn't falling. Any and all biometric systems can be exploited, and in similar ways.
However, for this particular exploit to affect passport security and the like, the entire system would have to be automated, so that there would be no one to notice the perpetrator was holding a photo of someone else in front of his face as he walked by.
To guard against exploits like these in totally automated systems, the data that is fed into the matching system should be digitally signed, so that it is clear where the data is coming from
(e.g. a real fingerprint sensor, etc.).
Even so, a fake face or a fake finger can indeed spoof many biometric systems. Luckily, border crossings and airport security has humans in the loop to prevent these kind of exploits (or to accept bribes to allow them!).