At what point did I say my friends all had the 4S? They have "iPhones" and I don't really know or care about the actual specs. All I know is that if we're in a bar or club in the evening, their cameras tend to take washed out or under-lit photos and mine doesn't. That isn't my opinion. It's theirs.
I don't understand why you believe Apple can be placated with some design tweaks and different features. Do you work for Apple or something? You're literally the only person posting on this story taking Apples side. I work for Google and I've seen how my colleagues have consistently worked long hours to innovate and create new features. The Galaxy Nexus is an amazing phone. It's thin, and light, and doesn't even have any hardware buttons on the front at all - yet Apple still are not happy. If you can't see why you're blind.
Apples goal is not to get competitors to "design around" their patents. This has happened several times already, the Samsung Galaxy 3 has even been called out by tech review sites for having a "lawyer approved design" (it's not rectangular, it does not have slide to unlock, etc). Apple keep coming, with newer and even more stupid patents, because their goal is not individuality, it is the utter destruction of all competitors. Steve Jobs himself said that in words so clear nobody can re-interpret them.
What's more, it's very hard to make an Android phone that doesn't share design elements with the iPhone these days, because Apple has copied Android many times in the past few years, for example, its notifications tray is identical to the design that first shipped in Android 1.0, and inferior to the one shipping in Jellybean. Android 1.0 also shipped with a universal search box and pluggable API for it, it shipped with suspend/resume multi-tasking that is extremely similar to the (very unique) design Android came up with, and so on.
But that doesn't explain why their UI, external design, and OS suddenly became indistinguishable.
Have you actually used a Galaxy Nexus? I have one in my pocket right now. It looks nothing like an iPhone. The physical design and the way the OS looks and feels are entirely different. Not only is the design different, the hardware is superior in many ways. My friends routinely get me to take photos at parties because in low lighting conditions the GN camera seems to do a better job than the iPhone.
This is the most stupid decision yet. The GN has a very distinct design to the iPhone.
You don't actually know what happened, so stop sounding as if you do. In fact nobody knows what happened because it was behind closed doors, making it a he said / she said type case. Which in turn means, there is no case. Woman says "he raped me", Assange says "no I didn't", you cannot exceed reasonable doubt therefore there is no case. The prosecutors in Sweden almost certainly know this, which is why it's so sketchy that they want him back "for questioning".
No they don't. Please demonstrate how you can buy my personal information from Facebook. My username there is i.am.the.real.mike..... I don't think you can, because for all its faults, Facebook does not sell personal information and neither does any other social or ad network I know of.
Why is it "reasonable" to attack artists that are in favor of systems to protect their livelyhood? Shouldn't you be attacking the pirates that motivate the creation of such systems in the first place? If piracy was not endemic there'd be no motivation to create such complicated things as a 3-strike system.
Erm, Occams Razor says there is a 5th possibility you seem keen to overlook - people who routinely pirate material even after multiple warnings aren't buying music from iTunes nor are they going to, so banning them doesn't cause any lost sales. But people who get caught a couple of times might well go legit.
Also, they have tried massive civil penalties, but a lot of pirates are poor so that they can't pay. And the legal system is so expensive and slow that it's a poor solution which doesn't scale to the number of offenders. Realistically, relying too heavily on the courts also locks out the little content producers who can't afford the justice system.
Example: my brother produced a high end sample library for musicians. We used a watermarking technology, so copies that were uploaded to torrent sites could be traced back to the uploader. It worked fine but the plan failed at the obvious point - he could not afford to take the offenders to court, especially as they were in another country (I did warn him about this and recommended stronger DRM, but it wasn't possible at the time). With a 3-strikes system he could potentially have filed a claim, except that apparently the claims process isn't exactly little guy friendly - due in part to the desire to cut down on false accusations and excessive paperwork. The end result is a solution that pleases nobody.
It's this kind of nonsense that is why I support the development of strong DRM systems. Legal approaches don't work when you have millions of criminals and people who have rationalized it to themselves, to the point where they'll never just pay the creators for what was made. They'll always rip others off and justify it somehow.
It's makes little difference for spammers because Facebooks approach to spam filtering is, to put it mildly, "nuke it from space". Mail sent to you that isn't from a friend goes into the "other" section and generates no notifications at all. The only way to even know you have received such a message is to make a habit of going into Messages and manually polling the "other" section to see if there are messages there.
This is insane. The reason people fought so hard to build strong spam filters that let strangers could mail each other is that the internet is about connecting people, even people who may not already be friends. I am not the type to have histrionics over changes Facebook makes, in fact I don't remember the last time I got really annoyed about a change they made. Far more of my friends care about the forced transition to Timeline than this. But Facebook fucked up email totally, which is why I don't use my @facebook.com address. I'm sure the average Facebook user never corresponds outside their circle of friends, but I have projects and interests that often mean wanting to contact people who don't know me (and vice versa). So it actually matters to me that people can find my email address and use it. Silently changing my settings like this pisses me off, and the absolute bullshit their PR flaks spouted about it just rubs salt in the wound. "Making addresses more consistent" - since when is consistency of domain name a factor in anything? What possible benefit does that have for anyone except them? Ugh. Google+ gets this right, incidentally.
I think you'll find that started after Apple began attempting to destroy all other companies. Motorola, being a company that invents important technologies, has its patents largely in pools licensed to others. I don't think anyone ever anticipated anything like what Jobs started, if they had, the terms around FRAND patents would likely look different.
That answer isn't a handwave. It's THE reason for interest based tracking. I understand that web sites are funded by advertising. So if I'm going to see adverts, they might as well be for services that interest me instead of crap that I don't care about. That's the benefit, right there.
Your "perceptions" about online advertising are based on paranoia, not reality. Web advertising companies don't have access to your postal address, telephone numbers or email addresses. All they know is requests arrive with a particular cookie in particular patterns, and if you optimize the ads served based on those statistics revenue goes up because people buy more stuff.
What exactly are the drawbacks of advertising networks interest-preference cookies? Can you make that concrete? What bad things could happen to me if I click "yes"?
That doesn't mean targeted ads are a bad idea. It means the advertisers are doing it wrong. Maybe they should be selling goods or services that are relevant to an Eve Online player instead.
I suspect what's actually happening here is re-marketing. The problem is, the ad networks don't know you play Eve Online at all. How would they know that? They see that you have an interest in the topic, but for all they know, you might have been simply checking it out, or you might have been reading some reviews about it, or whatever, but they don't know you're actually a player. So they take a guess and show you an ad for it. This is still right more often than showing you a completely random ad, so they won't stop doing this. The fix is not to say "targeted ads suck", the fix is to allow even more targeted ads so you see ads for, I don't know, ISK sellers or something. But that requires trusted information brokers, which there is a lack of today.
This is also one of the main flaws in bitcoin. There are a set amount, therefore there must be deflation if it ever takes off. Deflation encourages hoarding because money is likely worth more tomorrow than today. Hoarding encourages further deflation, and we go round.
There are several flaws in your argument.
The idea that deflation is inherently bad and leads to depressions is economic orthodoxy, but economics is not a particularly rigorous science. When this dogma has been investigated, as it was by economists at the Minnesota Fed, no evidence for it was found.
Bitcoin is not deflationary. Deflation requires the amount of currency to drop. Right now Bitcoin is actually in a form of hyper-inflation. In 100+ years, the rate of inflation will be so low it'll be effectively zero. At this point Bitcoin is best described as stable rather than deflationary. It can only be described as deflationary if you assume that prices which fall in line with economic growth is a bad thing (more goods/services mapping to the same quantity of currency units). However that's a circular argument. If falling prices led to economic growth ceasing, the deflation would automatically stop.
In practice, falling prices do not seem to lead to stagnation. There are plenty of examples of markets where prices have steadily fallen, due to technological progress, for long periods of time and they are thriving. Eg, mobile phones or computers in general.
In fact, the Bitcoin model makes a lot more sense than what we use today.
Today we have currencies that inflate at ridiculously high speeds. Even if you blindly trust the statistics put forth by western powers and assume a 2% inflation rate, that's a compound 2% remember. Over your lifetime the value of the currency will probably halve. In other countries the official inflation rates can be much worse. In Argentina it's more like 25%. In parts of Eastern Europe and Russia, 6% or higher. And as pointed out elsewhere, the definition of inflation keeps getting changed in the west.
This ruins societies because it makes it impossible to save for the future, and dealing with old age is one of societies most important problems. You cannot realistically put some money in a bank account and use that as your pension. So you have to "invest". Economists love this because they see "investment" as inherently a good thing. In reality what happens is that an entire society is desperately trying to outrun rampant inflation, resulting in huge waves of bogus, harmful and useless investment. Property bubbles are an obvious example in recent times, but there are others. A currency that stabilizes means that your savings increase in value exactly in line with the general rate of increase in prosperity. If you want to do better than the average, you can still invest, but you have to do it the old fashioned way - find something that deserves capital yet doesn't have it. There's no requirement to "invest" in a house on the assumption prices of property will constantly rise, or anything like that. It's a far more sane setup.
You don't seem to understand what a ponzi scheme is. Bitcoin is not set up to "make everyone a winner", nor has it ever been advertised that way. It's a currency that is issued at a steadily decreasing pace via a form of lottery in which anyone can take part. The value of that currency is arbitrary. It went up a lot last year and then came down again because it was very new, the market wasn't very deep and it got a ton of attention all at once. The value in recent times has been a lot more stable because the market got a lot bigger and deeper, inter-exchange arbitrage became better, and the attention of the press was elsewhere. This is a good thing.
“As today’s arrests show, the modern, high-tech bank heist does not require a gun, a mask, a note, or a getaway car. It requires only the Internet and ingenuity,” Manhattan U.S. Attorney Preet Bharara said in a written statement. “And it can be accomplished in the blink of an eye, with just a click of the mouse."
If Owen is jaded, it may have something to do with the legal nightmare he and his company had to endure after the theft. A month following the cyber heist, the firm’s bank – Plains Capital Bank – sued Hillary Machinery in a preemptive bid to convince a judge to declare that the bank’s online security was commercially reasonable and capable of protecting customers from the latest cyber threats.
Both parties later settled the dispute for an undisclosed amount. But there are many similar cases now working their way through U.S. courts, as more and more businesses and banks tussle over who is responsible for cyber heists that frequently net thieves hundreds of thousands of dollars.
More often than not, victimized businesses are left holding the bag. That’s because unlike consumers – who under U.S. law cannot be held liable for fraud against their accounts if they report the unauthorized activity promptly – businesses enjoy no such protections.
Lack of a salt makes no difference. Salting is designed to defeat rainbow table attacks. However no actual criminals who are cracking passwords are using rainbow tables. It's all done using GPUs, which don't care about salts. Also the summary of TFA is wildly misleading. 1 million attempts per second? Uh, no. Last I checked oclhashcat-plus was capable of about 50 billion attempts per second on a 4xATI5970 rig. You can break most "normal" passwords in under one second with such hardware.
He asked you to name a fact that supported creationism. You said "I accept natural selection as valid", which may or may not be a fact, but it isn't anything that supports creationism.
Look, if you want to take part in this type of debate, you need to be armed with the right tools. You believe (I assume, as you claim to be a creationist), that a Divine Entity created humans using His intelligence. A fact that supported that view would be, for instance, if we could talk to such a Divine Entity and he said that's how it went down (it wouldn't be proof, but it'd be a fact that could support your position). However there are no such facts and you have failed to provide any.
It actually is there already, at least in the current versions of the recovery interstitial. It says something like "Hey, this is important: We don't have a password recovery email address or phone number for your account. If you lose access, we may not be able to help you." and mentions that people without a phone number are much more likely to accidentally lose access to their account. I'm not sure we can make it much clearer than that, the more text on the screen the fewer people will read it.
Beyond being an avid reader of Slashdot comments (10+ years now!), I also work on Google account security, so am quite familiar with the phone number prompts you're seeing. Let me give you some background and maybe you can at least see our perspective on why we're doing this and why it's not necessarily "evil".
The traditional approach to handling users who forget their passwords, or otherwise need to be identified via a non-password based mechanism, is the secret question and answer. We have spent many years trying to make secret QA work. I myself wrote the code we use to correct typos, handle different abbreviations of street addresses, normalize unicode characters etc to try and increase the success rate. Other people have analyzed the types of questions/answers provided and encouraged users to select better ones. All to no avail. People just suck at choosing these options.... some people choose absurdly easy questions like "Do I like the incredible hulk?" or "In what month did I get married?". Lots of people forget the answer, even with the hint. The suggestions we provide (library card number, frequent flyer number) are often ignored as being too much hassle. Some questions looks superficially strong ("What is my mothers maiden name?") but we've seen fraudsters from Nigeria successfully research the answer to that question starting from nothing more than an email address! To top it all off, the success rate for good users is staggeringly low. Even with all the effort we put in to handling common mistakes, the success rate is rarely higher than 25%.
So we gave up on it. New Google accounts do not prompt you for a secret QA. Instead we ask for a phone number. The reason is that it's a kind of "second password" that cannot be guessed by random strangers unless you happen to publish it on the web (happens, but rare), most people have memorized it, and if we need a strong proof of authentication - like if you forget your password - we make an automated phone call. We have also been asking users to provide a phone number for existing accounts for the same reasons, our stats show users with phone numbers are dramatically less likely to lose their accounts.
You may think, well, I'll never forget my password so this is irrelevant. But nowadays we also use it as a second password in cases where we aren't sure a login is really coming from you (it seems unusual or suspicious in some way). You normally just have to type it in to confirm you know it. In very high risk cases, like using an IP that's been heavily abused before, we may want to send you a message.
You're right that the UI strongly encourages people to provide a number although it's still optional. I'd personally prefer to have the UI you suggest. However that will lead to a lot of users getting locked out of their accounts, no two ways about it. The alternatives for proving your identity are just so much harder. So there are no ideal solutions here. The numbers aren't used for anything else (certainly not advertising or anything like that).
Well, "security" is a huge topic and the mechanisms are constantly evolving. But there are some differences that are worth analyzing.
Both operating systems run apps in a sandbox, unlike desktop operating systems like Linux or Windows (OS X is starting to move in the mobile-ish direction). There are some tasks that the OS simply forbids apps to do entirely. In this regard they are similar, and in the absence of local root exploits it's much harder to write viruses that target such a system.
The main differences are as follows: the iOS sandbox is somewhat weaker than the Android sandbox. It restricts fewer things and in the past (not sure if it was fixed these days), key first-party apps such as the web browser were not sandboxed at all, which is how several generations of jailbreak worked. Android was designed from the ground up with the mentality that there should ideally not be an "us vs them" divide - Android treats all apps more or less the same, security-wise, meaning that the browser is just a regular app that runs in a permission-controlled sandbox like any other. This open design is one reason why the permissions UI on Android is more complex than for iOS - apps can do more things and the OS has to communicate that to you.
With a weaker sandbox and permissions system, Apple relies much more heavily on manual review and the ability to control what software you can run. Android, by default, will not install software from outside the Google Play market (which does have various forms of review by the way), but if you tick a box and acknowledge a warning box it will let you do so. This is another reason the sandbox is stronger - Android phones can and do run code controlled by nobody but the author. iOS requires Apple signatures in all cases. The impact of the weaker sandbox is also mitigated by the fact that iOS users upgrade at a faster rate than Android users do (though it's still nothing compared to systems like ChromeOS), so when sandbox escapes are found they can be fixed faster. Android is more vulnerable, which is why there's more of a rigorous approach to privilege minimization.
With the virus angle largely taken care of, "malware" on these platforms is being redefined to mean "software that does something the users probably won't like" rather than "software that does that, and also takes over your machine / hides from you / both". For instance if you install an off-market app on Android and the OS tells you "Services that cost you money: send SMS messages" when you install it, and then you install it and it sends premium SMS in the background, that's typically being classified as malware by various AV companies.... which is kind of fair, but the remedy is just to uninstall the app. These apps can't resist uninstallation or hide from you as desktop viruses can. And beyond obviously bad stuff like running up a phone bill, they're also starting to classify apps that have poor privacy practices or which are too aggressive with their advertising as "malware" which is rather questionable.
With regards to other features, like drive encryption, as of the latest releases I believe both operating systems are largely comparable. The biggest remaining difference of interest (at least to me) is the approach to secure boot. Apple uses a form of online authorization to personalize OS reimaging to the device, this is to avoid downgrade attacks where users jailbreak the device by reflashing to an older, vulnerable version of the OS. Android secure boot is largely up to the OEMs and their approaches differ.... some like the Google Nexus devices allow you to reflash to any OS image you like, including ones you compiled yourself. No authorization from anyone is required, however, the phone will do a data wipe before performing the reflash to stop people who stole your phone from stealing your data too. Other phones will only boot firmwares signed by the manufacturer and use eFuses to stop downgrades rather than a server.
Did you even read TFA? The article explicitly states that a Red Hat or "Linux community" key would be allowed and OEMs were even enthusiastic about it (Microsoft not involved), but Red Hat didn't want one for themselves and the overheads involved with running a "Linux community" key and keeping it secure enough were too high. How did you get from that to "only their private key will be permitted by default"?
Oddly enough, that's pretty much what I read routinely here on Slashdot. A trading platform that was managing large sums of money gets hacked after the datacenter providers get socially engineered into providing root on the box, and that's the fault of Bitcoin. Business accounts get drained from stupid US banks which think a secret question or JavaScript gathered browser profile is a "second factor", that's not even newsworthy enough to be a slashdot story because it happens all the time.
Insecure IT systems can affect any currency or payment system. The only difference is with Bitcoin you are in control - you can outsource security of your wallet to competing providers if you want, or handle it yourself, or invent entirely new security technologies. With a bank you can..... switch to one of a small number of other banks, which probably have the same policies.
Because charging Red Hat, a billion dollar company, $99 for access to signing services is not "monopoly abuse"? The author of TFA already pointed out that nothing stops somebody from providing the same services to the Linux community, but it's difficult and expensive and they can't be bothered, so it's easier to pay Microsoft to do it for them. As can anyone else.
Secure boots and trusted computing are fundamentally a good idea. Having OEMs provide a set of root keys to control what boots is a good idea. The problem is the creator of BobLinux who wants to have thousands of random users install his random kernel is indistinguishable technically from the creator of some boot sector malware who wants to have thousands of users permanently rooted. It becomes distinguishable once you have people who check out what the software is and signs it, which is the service Microsoft are providing - for very little, actually. As I said, apparently others don't feel like offering similar services when it's expensive to do and Microsoft are offering to do it cheaply. But they could.
Slashdot Mirror
At what point did I say my friends all had the 4S? They have "iPhones" and I don't really know or care about the actual specs. All I know is that if we're in a bar or club in the evening, their cameras tend to take washed out or under-lit photos and mine doesn't. That isn't my opinion. It's theirs.
I don't understand why you believe Apple can be placated with some design tweaks and different features. Do you work for Apple or something? You're literally the only person posting on this story taking Apples side. I work for Google and I've seen how my colleagues have consistently worked long hours to innovate and create new features. The Galaxy Nexus is an amazing phone. It's thin, and light, and doesn't even have any hardware buttons on the front at all - yet Apple still are not happy. If you can't see why you're blind.
Apples goal is not to get competitors to "design around" their patents. This has happened several times already, the Samsung Galaxy 3 has even been called out by tech review sites for having a "lawyer approved design" (it's not rectangular, it does not have slide to unlock, etc). Apple keep coming, with newer and even more stupid patents, because their goal is not individuality, it is the utter destruction of all competitors. Steve Jobs himself said that in words so clear nobody can re-interpret them.
What's more, it's very hard to make an Android phone that doesn't share design elements with the iPhone these days, because Apple has copied Android many times in the past few years, for example, its notifications tray is identical to the design that first shipped in Android 1.0, and inferior to the one shipping in Jellybean. Android 1.0 also shipped with a universal search box and pluggable API for it, it shipped with suspend/resume multi-tasking that is extremely similar to the (very unique) design Android came up with, and so on.
Have you actually used a Galaxy Nexus? I have one in my pocket right now. It looks nothing like an iPhone. The physical design and the way the OS looks and feels are entirely different. Not only is the design different, the hardware is superior in many ways. My friends routinely get me to take photos at parties because in low lighting conditions the GN camera seems to do a better job than the iPhone.
This is the most stupid decision yet. The GN has a very distinct design to the iPhone.
You don't actually know what happened, so stop sounding as if you do. In fact nobody knows what happened because it was behind closed doors, making it a he said / she said type case. Which in turn means, there is no case. Woman says "he raped me", Assange says "no I didn't", you cannot exceed reasonable doubt therefore there is no case. The prosecutors in Sweden almost certainly know this, which is why it's so sketchy that they want him back "for questioning".
No they don't. Please demonstrate how you can buy my personal information from Facebook. My username there is i.am.the.real.mike ..... I don't think you can, because for all its faults, Facebook does not sell personal information and neither does any other social or ad network I know of.
Why is it "reasonable" to attack artists that are in favor of systems to protect their livelyhood? Shouldn't you be attacking the pirates that motivate the creation of such systems in the first place? If piracy was not endemic there'd be no motivation to create such complicated things as a 3-strike system.
Erm, Occams Razor says there is a 5th possibility you seem keen to overlook - people who routinely pirate material even after multiple warnings aren't buying music from iTunes nor are they going to, so banning them doesn't cause any lost sales. But people who get caught a couple of times might well go legit.
Also, they have tried massive civil penalties, but a lot of pirates are poor so that they can't pay. And the legal system is so expensive and slow that it's a poor solution which doesn't scale to the number of offenders. Realistically, relying too heavily on the courts also locks out the little content producers who can't afford the justice system.
Example: my brother produced a high end sample library for musicians. We used a watermarking technology, so copies that were uploaded to torrent sites could be traced back to the uploader. It worked fine but the plan failed at the obvious point - he could not afford to take the offenders to court, especially as they were in another country (I did warn him about this and recommended stronger DRM, but it wasn't possible at the time). With a 3-strikes system he could potentially have filed a claim, except that apparently the claims process isn't exactly little guy friendly - due in part to the desire to cut down on false accusations and excessive paperwork. The end result is a solution that pleases nobody.
It's this kind of nonsense that is why I support the development of strong DRM systems. Legal approaches don't work when you have millions of criminals and people who have rationalized it to themselves, to the point where they'll never just pay the creators for what was made. They'll always rip others off and justify it somehow.
What kind of an argument is that? All kinds of things that don't have "physical impact" are illegal, and for good reasons.
It's makes little difference for spammers because Facebooks approach to spam filtering is, to put it mildly, "nuke it from space". Mail sent to you that isn't from a friend goes into the "other" section and generates no notifications at all. The only way to even know you have received such a message is to make a habit of going into Messages and manually polling the "other" section to see if there are messages there.
This is insane. The reason people fought so hard to build strong spam filters that let strangers could mail each other is that the internet is about connecting people, even people who may not already be friends. I am not the type to have histrionics over changes Facebook makes, in fact I don't remember the last time I got really annoyed about a change they made. Far more of my friends care about the forced transition to Timeline than this. But Facebook fucked up email totally, which is why I don't use my @facebook.com address. I'm sure the average Facebook user never corresponds outside their circle of friends, but I have projects and interests that often mean wanting to contact people who don't know me (and vice versa). So it actually matters to me that people can find my email address and use it. Silently changing my settings like this pisses me off, and the absolute bullshit their PR flaks spouted about it just rubs salt in the wound. "Making addresses more consistent" - since when is consistency of domain name a factor in anything? What possible benefit does that have for anyone except them? Ugh. Google+ gets this right, incidentally.
I think you'll find that started after Apple began attempting to destroy all other companies. Motorola, being a company that invents important technologies, has its patents largely in pools licensed to others. I don't think anyone ever anticipated anything like what Jobs started, if they had, the terms around FRAND patents would likely look different.
That answer isn't a handwave. It's THE reason for interest based tracking. I understand that web sites are funded by advertising. So if I'm going to see adverts, they might as well be for services that interest me instead of crap that I don't care about. That's the benefit, right there.
Your "perceptions" about online advertising are based on paranoia, not reality. Web advertising companies don't have access to your postal address, telephone numbers or email addresses. All they know is requests arrive with a particular cookie in particular patterns, and if you optimize the ads served based on those statistics revenue goes up because people buy more stuff.
What exactly are the drawbacks of advertising networks interest-preference cookies? Can you make that concrete? What bad things could happen to me if I click "yes"?
That doesn't mean targeted ads are a bad idea. It means the advertisers are doing it wrong. Maybe they should be selling goods or services that are relevant to an Eve Online player instead.
I suspect what's actually happening here is re-marketing. The problem is, the ad networks don't know you play Eve Online at all. How would they know that? They see that you have an interest in the topic, but for all they know, you might have been simply checking it out, or you might have been reading some reviews about it, or whatever, but they don't know you're actually a player. So they take a guess and show you an ad for it. This is still right more often than showing you a completely random ad, so they won't stop doing this. The fix is not to say "targeted ads suck", the fix is to allow even more targeted ads so you see ads for, I don't know, ISK sellers or something. But that requires trusted information brokers, which there is a lack of today.
You might as well claim that the internet is a ponzi scheme because some early adopters got rich.
There are several flaws in your argument.
In fact, the Bitcoin model makes a lot more sense than what we use today.
Today we have currencies that inflate at ridiculously high speeds. Even if you blindly trust the statistics put forth by western powers and assume a 2% inflation rate, that's a compound 2% remember. Over your lifetime the value of the currency will probably halve. In other countries the official inflation rates can be much worse. In Argentina it's more like 25%. In parts of Eastern Europe and Russia, 6% or higher. And as pointed out elsewhere, the definition of inflation keeps getting changed in the west.
This ruins societies because it makes it impossible to save for the future, and dealing with old age is one of societies most important problems. You cannot realistically put some money in a bank account and use that as your pension. So you have to "invest". Economists love this because they see "investment" as inherently a good thing. In reality what happens is that an entire society is desperately trying to outrun rampant inflation, resulting in huge waves of bogus, harmful and useless investment. Property bubbles are an obvious example in recent times, but there are others. A currency that stabilizes means that your savings increase in value exactly in line with the general rate of increase in prosperity. If you want to do better than the average, you can still invest, but you have to do it the old fashioned way - find something that deserves capital yet doesn't have it. There's no requirement to "invest" in a house on the assumption prices of property will constantly rise, or anything like that. It's a far more sane setup.
You don't seem to understand what a ponzi scheme is. Bitcoin is not set up to "make everyone a winner", nor has it ever been advertised that way. It's a currency that is issued at a steadily decreasing pace via a form of lottery in which anyone can take part. The value of that currency is arbitrary. It went up a lot last year and then came down again because it was very new, the market wasn't very deep and it got a ton of attention all at once. The value in recent times has been a lot more stable because the market got a lot bigger and deeper, inter-exchange arbitrage became better, and the attention of the press was elsewhere. This is a good thing.
Huh? Are you sure about that?
Lack of a salt makes no difference. Salting is designed to defeat rainbow table attacks. However no actual criminals who are cracking passwords are using rainbow tables. It's all done using GPUs, which don't care about salts. Also the summary of TFA is wildly misleading. 1 million attempts per second? Uh, no. Last I checked oclhashcat-plus was capable of about 50 billion attempts per second on a 4xATI5970 rig. You can break most "normal" passwords in under one second with such hardware.
He asked you to name a fact that supported creationism. You said "I accept natural selection as valid", which may or may not be a fact, but it isn't anything that supports creationism.
Look, if you want to take part in this type of debate, you need to be armed with the right tools. You believe (I assume, as you claim to be a creationist), that a Divine Entity created humans using His intelligence. A fact that supported that view would be, for instance, if we could talk to such a Divine Entity and he said that's how it went down (it wouldn't be proof, but it'd be a fact that could support your position). However there are no such facts and you have failed to provide any.
It actually is there already, at least in the current versions of the recovery interstitial. It says something like "Hey, this is important: We don't have a password recovery email address or phone number for your account. If you lose access, we may not be able to help you." and mentions that people without a phone number are much more likely to accidentally lose access to their account. I'm not sure we can make it much clearer than that, the more text on the screen the fewer people will read it.
Hi EzInKy,
Beyond being an avid reader of Slashdot comments (10+ years now!), I also work on Google account security, so am quite familiar with the phone number prompts you're seeing. Let me give you some background and maybe you can at least see our perspective on why we're doing this and why it's not necessarily "evil".
The traditional approach to handling users who forget their passwords, or otherwise need to be identified via a non-password based mechanism, is the secret question and answer. We have spent many years trying to make secret QA work. I myself wrote the code we use to correct typos, handle different abbreviations of street addresses, normalize unicode characters etc to try and increase the success rate. Other people have analyzed the types of questions/answers provided and encouraged users to select better ones. All to no avail. People just suck at choosing these options .... some people choose absurdly easy questions like "Do I like the incredible hulk?" or "In what month did I get married?". Lots of people forget the answer, even with the hint. The suggestions we provide (library card number, frequent flyer number) are often ignored as being too much hassle. Some questions looks superficially strong ("What is my mothers maiden name?") but we've seen fraudsters from Nigeria successfully research the answer to that question starting from nothing more than an email address! To top it all off, the success rate for good users is staggeringly low. Even with all the effort we put in to handling common mistakes, the success rate is rarely higher than 25%.
So we gave up on it. New Google accounts do not prompt you for a secret QA. Instead we ask for a phone number. The reason is that it's a kind of "second password" that cannot be guessed by random strangers unless you happen to publish it on the web (happens, but rare), most people have memorized it, and if we need a strong proof of authentication - like if you forget your password - we make an automated phone call. We have also been asking users to provide a phone number for existing accounts for the same reasons, our stats show users with phone numbers are dramatically less likely to lose their accounts.
You may think, well, I'll never forget my password so this is irrelevant. But nowadays we also use it as a second password in cases where we aren't sure a login is really coming from you (it seems unusual or suspicious in some way). You normally just have to type it in to confirm you know it. In very high risk cases, like using an IP that's been heavily abused before, we may want to send you a message.
You're right that the UI strongly encourages people to provide a number although it's still optional. I'd personally prefer to have the UI you suggest. However that will lead to a lot of users getting locked out of their accounts, no two ways about it. The alternatives for proving your identity are just so much harder. So there are no ideal solutions here. The numbers aren't used for anything else (certainly not advertising or anything like that).
Well, "security" is a huge topic and the mechanisms are constantly evolving. But there are some differences that are worth analyzing.
Both operating systems run apps in a sandbox, unlike desktop operating systems like Linux or Windows (OS X is starting to move in the mobile-ish direction). There are some tasks that the OS simply forbids apps to do entirely. In this regard they are similar, and in the absence of local root exploits it's much harder to write viruses that target such a system.
The main differences are as follows: the iOS sandbox is somewhat weaker than the Android sandbox. It restricts fewer things and in the past (not sure if it was fixed these days), key first-party apps such as the web browser were not sandboxed at all, which is how several generations of jailbreak worked. Android was designed from the ground up with the mentality that there should ideally not be an "us vs them" divide - Android treats all apps more or less the same, security-wise, meaning that the browser is just a regular app that runs in a permission-controlled sandbox like any other. This open design is one reason why the permissions UI on Android is more complex than for iOS - apps can do more things and the OS has to communicate that to you.
With a weaker sandbox and permissions system, Apple relies much more heavily on manual review and the ability to control what software you can run. Android, by default, will not install software from outside the Google Play market (which does have various forms of review by the way), but if you tick a box and acknowledge a warning box it will let you do so. This is another reason the sandbox is stronger - Android phones can and do run code controlled by nobody but the author. iOS requires Apple signatures in all cases. The impact of the weaker sandbox is also mitigated by the fact that iOS users upgrade at a faster rate than Android users do (though it's still nothing compared to systems like ChromeOS), so when sandbox escapes are found they can be fixed faster. Android is more vulnerable, which is why there's more of a rigorous approach to privilege minimization.
With the virus angle largely taken care of, "malware" on these platforms is being redefined to mean "software that does something the users probably won't like" rather than "software that does that, and also takes over your machine / hides from you / both". For instance if you install an off-market app on Android and the OS tells you "Services that cost you money: send SMS messages" when you install it, and then you install it and it sends premium SMS in the background, that's typically being classified as malware by various AV companies .... which is kind of fair, but the remedy is just to uninstall the app. These apps can't resist uninstallation or hide from you as desktop viruses can. And beyond obviously bad stuff like running up a phone bill, they're also starting to classify apps that have poor privacy practices or which are too aggressive with their advertising as "malware" which is rather questionable.
With regards to other features, like drive encryption, as of the latest releases I believe both operating systems are largely comparable. The biggest remaining difference of interest (at least to me) is the approach to secure boot. Apple uses a form of online authorization to personalize OS reimaging to the device, this is to avoid downgrade attacks where users jailbreak the device by reflashing to an older, vulnerable version of the OS. Android secure boot is largely up to the OEMs and their approaches differ .... some like the Google Nexus devices allow you to reflash to any OS image you like, including ones you compiled yourself. No authorization from anyone is required, however, the phone will do a data wipe before performing the reflash to stop people who stole your phone from stealing your data too. Other phones will only boot firmwares signed by the manufacturer and use eFuses to stop downgrades rather than a server.
Did you even read TFA? The article explicitly states that a Red Hat or "Linux community" key would be allowed and OEMs were even enthusiastic about it (Microsoft not involved), but Red Hat didn't want one for themselves and the overheads involved with running a "Linux community" key and keeping it secure enough were too high. How did you get from that to "only their private key will be permitted by default"?
Oddly enough, that's pretty much what I read routinely here on Slashdot. A trading platform that was managing large sums of money gets hacked after the datacenter providers get socially engineered into providing root on the box, and that's the fault of Bitcoin. Business accounts get drained from stupid US banks which think a secret question or JavaScript gathered browser profile is a "second factor", that's not even newsworthy enough to be a slashdot story because it happens all the time.
Insecure IT systems can affect any currency or payment system. The only difference is with Bitcoin you are in control - you can outsource security of your wallet to competing providers if you want, or handle it yourself, or invent entirely new security technologies. With a bank you can ..... switch to one of a small number of other banks, which probably have the same policies.
Because charging Red Hat, a billion dollar company, $99 for access to signing services is not "monopoly abuse"? The author of TFA already pointed out that nothing stops somebody from providing the same services to the Linux community, but it's difficult and expensive and they can't be bothered, so it's easier to pay Microsoft to do it for them. As can anyone else.
Secure boots and trusted computing are fundamentally a good idea. Having OEMs provide a set of root keys to control what boots is a good idea. The problem is the creator of BobLinux who wants to have thousands of random users install his random kernel is indistinguishable technically from the creator of some boot sector malware who wants to have thousands of users permanently rooted. It becomes distinguishable once you have people who check out what the software is and signs it, which is the service Microsoft are providing - for very little, actually. As I said, apparently others don't feel like offering similar services when it's expensive to do and Microsoft are offering to do it cheaply. But they could.