Do you really believe that legalizing pot will bring any measurable improvements to US? There are thousands other problems which need to be solved before we even get to the point when thinking about legalizing marijuana should appear at the very end of our TODO list. If you start with pot, the only possible result is even further polarization of US population (and congress) which will make it even more difficult to make anything happen.
This is NOT story about some "little person" who gets his/here account cancelled. This is a story about bank censoring business because some one with power to cancel account does not like what this particular business doing. It does not matter what kind of business it is. The question is, unless business does something illegal, how is it bank's business to pass judgement?
To be allowed to do most of the things in this world, you have to meet some qualifications. How come that people can sit on Jury which sometimes deal with multi $100Ms verdicts without understanding anything about problems involved? Most of patent cases are based on "prior art" or luck of it. You have to be able to understand a LOT of things to be able to see that something was (or was not) prior art. I am sure that Marshal, TX is wonderful city, but I have serious doubts that it has many citizens who are up to speed with all modern technologies to be able to serve efficiently on Jury bench in all these patent cases.
Andrei
All true except number 5. As of now, you can not login into 2 different WoW accounts via same Battle.net account at the same time. When you trying to add second WoW account to your Battle.net account, you will get warning to this effect. They do mention that this limitation will be lifted in the future.
So MS try to do "right-thing" by hardening Vista. Due to they arrogance they ignored all 3-rd party security companies while doing it. Now they figure out that they can not ignore them after all. So instead of having properly designed 3-rd party integration APIs they will try to put together something quick -- and most likely undo at least some of the "right-things" in the process.
I think biggest problem with having biometrics "on-card" is that it is impossible to guarantee authenticity of the data. We are comparing person finger with finger stored on the card. Without communicating with some sort of centralized facility, we only can confirm that these two fingers match. One may argue that data can be signed with some really long certificate/key (as they are in NIST standard). But then you will need to verify certificate, which in turn will require "... communicating with some sort of centralized facility...". If we assume that we are going to have private part of certificate available "locally", than we will have two more problems. First one is physical security. Device which contains this certificate can be stolen and certificate extracted. Second one is inability to implement "aging" of certificates. No mater how long it is, if certificate stays valid "forever", it will be cracked.
So basically the only way to go is to assume that we can not trust any information on card. And verify fact that finger (and other biometrics) scanned at entry point match with finger (and other biometrics) stored in centralized data base for the person to whom this card was issued to. The only information we are using is some sort of ID. And this ID by itself does not provide any authentication. It just used to get proper biometrics records so we can do "match" instead of "search"
Reading through some other posts, I learned that fingerprints on the NIST card will be protected by certificate AND pin. Here we have another problem. One of the most important features of biometrics (at least for private sector) is that people will not need to remember passwords (and IT departments will not need to spend endless hours/$$$$ to reset these passwords). Once you introduce PIN, you will re-introduce problem of people forgetting such pin.
I think you are absolutely right. Biggest problem with having biometrics "on-card" is that it is impossible to guarantee authenticity of the data. We are comparing person finger with finger stored on the card. Without communicating with some sort of centralized facility, we only can confirm that these two fingers match. One may argue that data can be signed with some really long certificate/key. But then you will need to verify certificate, which in turn will require "... communicating with some sort of centralized facility...". If we assume that we are going to have private part of certificate available "locally", than we will have two more problems. First one is physical security. Device which contains this certificate can be stolen and certificate extracted. Second one is inability to implement "aging" of certificates. No mater how long it is, if certificate stays valid "forever", it will be cracked.
So basically the only way to go is to assume that we can not trust any information on card. And verify fact that finger (and other biometrics) scanned at entry point match with finger (and other biometrics) stored in centralized data base for the person to whom this card was issued to. The only information we are using is some sort of ID. And this ID by itself does not provide any authentication. It just used to get proper biometrics records so we can do "match" instead of "search"
Slashdot Mirror
Do you really believe that legalizing pot will bring any measurable improvements to US? There are thousands other problems which need to be solved before we even get to the point when thinking about legalizing marijuana should appear at the very end of our TODO list. If you start with pot, the only possible result is even further polarization of US population (and congress) which will make it even more difficult to make anything happen.
This is NOT story about some "little person" who gets his/here account cancelled. This is a story about bank censoring business because some one with power to cancel account does not like what this particular business doing. It does not matter what kind of business it is. The question is, unless business does something illegal, how is it bank's business to pass judgement?
I have serious doubts that coffee shop owner who refer to its clients as "fools" and brag about 800% markups is for real and/or successful.
To be allowed to do most of the things in this world, you have to meet some qualifications. How come that people can sit on Jury which sometimes deal with multi $100Ms verdicts without understanding anything about problems involved? Most of patent cases are based on "prior art" or luck of it. You have to be able to understand a LOT of things to be able to see that something was (or was not) prior art. I am sure that Marshal, TX is wonderful city, but I have serious doubts that it has many citizens who are up to speed with all modern technologies to be able to serve efficiently on Jury bench in all these patent cases. Andrei
One big difference, if you have proper training you can download source code for Ubuntu and check for backdoors. You can not do it with your Windows.
You should read more carefully. It is people who OPPOSE gay rights who have issues with they votes to become public.
Can you login to more then one of these accounts at the same time? My understanding that the answer is NO.
FYI: WOW is subscription based. You pay monthly fee to keep playing. Next time please check your facts before you post.
All true except number 5. As of now, you can not login into 2 different WoW accounts via same Battle.net account at the same time. When you trying to add second WoW account to your Battle.net account, you will get warning to this effect. They do mention that this limitation will be lifted in the future.
Any business which is retaining credit card numbers and other personal information has to be PCI compliant. What about DHS?
So MS try to do "right-thing" by hardening Vista. Due to they arrogance they ignored all 3-rd party security companies while doing it. Now they figure out that they can not ignore them after all. So instead of having properly designed 3-rd party integration APIs they will try to put together something quick -- and most likely undo at least some of the "right-things" in the process.
I think biggest problem with having biometrics "on-card" is that it is impossible to guarantee authenticity of the data. We are comparing person finger with finger stored on the card. Without communicating with some sort of centralized facility, we only can confirm that these two fingers match. One may argue that data can be signed with some really long certificate/key (as they are in NIST standard). But then you will need to verify certificate, which in turn will require "... communicating with some sort of centralized facility...". If we assume that we are going to have private part of certificate available "locally", than we will have two more problems. First one is physical security. Device which contains this certificate can be stolen and certificate extracted. Second one is inability to implement "aging" of certificates. No mater how long it is, if certificate stays valid "forever", it will be cracked.
So basically the only way to go is to assume that we can not trust any information on card. And verify fact that finger (and other biometrics) scanned at entry point match with finger (and other biometrics) stored in centralized data base for the person to whom this card was issued to. The only information we are using is some sort of ID. And this ID by itself does not provide any authentication. It just used to get proper biometrics records so we can do "match" instead of "search"
Reading through some other posts, I learned that fingerprints on the NIST card will be protected by certificate AND pin. Here we have another problem. One of the most important features of biometrics (at least for private sector) is that people will not need to remember passwords (and IT departments will not need to spend endless hours/$$$$ to reset these passwords). Once you introduce PIN, you will re-introduce problem of people forgetting such pin.
I think you are absolutely right. Biggest problem with having biometrics "on-card" is that it is impossible to guarantee authenticity of the data. We are comparing person finger with finger stored on the card. Without communicating with some sort of centralized facility, we only can confirm that these two fingers match. One may argue that data can be signed with some really long certificate/key. But then you will need to verify certificate, which in turn will require "... communicating with some sort of centralized facility...". If we assume that we are going to have private part of certificate available "locally", than we will have two more problems. First one is physical security. Device which contains this certificate can be stolen and certificate extracted. Second one is inability to implement "aging" of certificates. No mater how long it is, if certificate stays valid "forever", it will be cracked. So basically the only way to go is to assume that we can not trust any information on card. And verify fact that finger (and other biometrics) scanned at entry point match with finger (and other biometrics) stored in centralized data base for the person to whom this card was issued to. The only information we are using is some sort of ID. And this ID by itself does not provide any authentication. It just used to get proper biometrics records so we can do "match" instead of "search"