Your iHP-120 also has a non-removable battery which iRiver has no plans to offer replacements for. Enjoy your paperweight.
The battery is user-replacable without damaging the case, unlike an ipod. (Being an EE it didn't take long before I decided to take mine apart.)
If you actually read the specs on the battery used in the ihp-120 (instead of talking out your ass), you'd see that it designed to withstand years of daily use(unlike the original ipod batteries).
I expect I'll be able to use an ipod battery when the time comes.
Secrecy and Changability are *not* the primary criteria for authentication. The primary criteria is (and always will be): can someone else duplicate your authentication and pose as you?
Yes, but there are two key things there:
The information necessary to duplicate the key
The ability to dublicate the key
With biometrics, you're practically giving half of the fight away.
If the biometric is impossible to duplicate or bypass then it doesn't matter if it's unchangeable and obvious.
Be sure to claim your nobel prize when you invent the world's first 100% infallible security system.
if we do find a biometric that is near impossible to duplicate (possible candidate: a retinal scan of blood flow)
But you're just making an assumption there. I don't really see any compelling reason why that particular method couldn't be defeated. Clever use of an IR laser and a few mirrors might get one off to a good start. Retinal scanners aren't like quantum cryptography or anything, you're just hoping someone doesn't think of an easy way to fake it out. There's no physical or mathemaical law that you can point to.
this should be far superior to carrying around passwords in your head.
If you like being kidnapped, killed, or dismembered. Sometimes being able to just give someone the key is a good thing.
Biometrics are not all doom and gloom you know... Sure a biometric on it's own is not really very good for authentication, and does suffer from the problem of being hard to replace, but the strength of biometrics is not that they're secret (which no one should assume), but that they're hard to forge.
(ok not fingerprints!!!)
So you know how easy it is to forge fingerprints.....now take a moment and consider that it might be easy to forge OTHER biometrics too.
The real strength of biometrics is that people like to use them: they don't have to remember hard passwords, or need to change them regularly, and hence the likelihood of the security being properly used is far higher than that of people adhering to password policies.
But that was the whole point of my post:
It's a false security!
It's fundamentally flawed.
The idea with password policies is to make it hard to obtain or guess your secret password. If you start using biometrics, you're using something that is EASY to get. When designing a security system, it's just not reasonable for me to assume that my fingerprints are secret. Try implementing a biometric system and then telling your users that they are no longer allowed to touch flat, smooth surfaces.
In addition, the smartcard holds the copy of the fingerprint, so there's no privacy issues here either. Unlike many other biometric systems...
There are all kind of security issues with smart cards but that's a seperate discussion. The wild part here is that you haven't thought the whole thing through:
-Your smartcard stores your finger print
-What the heck is that going to be compared with unless you put your finger on an electronic device that belongs to someone else?
(There's no inherent protection for the privacy of you fingerprint there because I still get a copy of your fingerprint, and can store it if I so choose.)
-Now here's the real doozy.. Guess where I can get your fingerprint if I steal your smartcard: Off your smartcard! That's right, you use your fingers to take your smartcard out of your wallet, leaving fingerprints on it.
Sure, biometrics have issues, but which technology out there doesn't? Dismissing them out of hand is a touch knee-jerk for my taste...
It's not a knee-jerk response, I've thought the issue through. The concept itself is flawed.
I think biometrics can definately be useful when someone doesn't want to be identified, but in the situation where someone is actively trying to prove they have the correct key and knows the challenges they will face, the basic concept just doesn't work.
The basic challenge of getting the secret is removed, and the only challenge left is creating a forgery. It's like letting someone take an impression of you house key, and hoping that they can't find a blank and cut it.
It's not hard to come up with something that's as hard or even harder to forge than a given biometric, but is actually something that you can keep secret and change if necessary.
Biometrics used in combination with a traditional password scheme would be more secure than just the password itself.
I don't even advocate that.
As I said earlier, fingerprints and the like fail for any sort of security use becuase they are not secret.
And as for things like monitoring HOW you type your password, I think it's a bad idea. Personally, I probably have about 5 different typing styles depending on what else I'm doing and how much attention I'm paying. Then there's also the problem of "What it I break my finger?"
Personally, I'd rather have better locks on my can than a lock that monitors how fast I turn the key. While it can be argued that adding basically ANY step to a security system makes it more secure, the real think should consider it that energy is better expended elsewhere.
One cool password authentication scheme I've seen, was where your password was a series of tasks to be performed on a set of objects. The concept was that you could watch me enter my password once, but you wouldn't be able to access the system because the objects to perform the tasks on would change.
Even a keylogger wouldn't help with that situation.
The only way to get my password for be for me to tell you the set of tasks or for you to watch me enter my password many times.
Unfortunately, the guy's implementation was to difficult to use.
All feminists don't necessarily agree... just like "hacker" can have a whole bunch of different connotations, so can "feminist".
Yep. I believe in "equal rights" but I would never call myself a feminist.
I think egalitarian is a much better term to use, and much less likely to come back to haunt you.
The term feminist, is irrevocably assosciated with a social movement that has not always displayed the best behavior.
"A woman reading Playboy feels a little like a Jew reading a Nazi manual." -Gloria Steinem
And, like many other minority groups, we are often known by our extremists.
It's also worth noting that women are NOT a minority group.
I think that makes it all the more important for those of us who *aren't* extremists to use the term rather than abandon it.
I think it would be more important to examine the beliefs of those who created and defined the term and decide if you agree with them. Even the less extreme feminists, like Steinem have opinions that you might not agree with. Like this tidbit:
"I've yet to be on a campus where most women weren't worrying about some aspect of combining marriage, children, and a career. I've yet to find one where many men were worrying about the same thing." -Gloria Steinem
Forgive me if I actually respect a mother who raises her own child.
I work in the security industry (okay, so right now I'm on hiatus from the security industry while I finish my Master's, focusing in security) and I've yet to meet one single reputable ex-cracker.
I highly doubt that.
Perhaps you only know one person who admits to doing enough that you would call them a cracker, but I bet you know of a few more people that have at least done something akin to cracking, and probably a whole bunch more who've decided it would be better to never mention anything like that in their past, despite having done it.
Reading the article, I found absolutely nothing to indicate Raven's past is anything less than aboveboard.
I certainly wouldn't claim to know any specfic person's past
, but who DIDN'T have a trick or two up their sleeve in college?
I'm not saying something as serious as changing their grades, but little things that they knew they weren't supposed to be doing, but did anyways.
Now, I just need to figure out how to do strong biometric identification over ssh or SSL-imap...
I know you mean this as a joke, but I want to take a second to remind people why biometric authenticaion is stupid:
Your biometrics are not secret
Your biometrics are not changeable
When you're using somrt sort of key/password, you want it to meet the following criteria:
Secret
Changeable
Hard to duplicate
Hard to guess
Many of the best security systems rely on "something you know and something you have". This means that there is a physical object, and some sort of password.
Biometrics are stupid because they rely on the secrecy of something like your fingerprints, which you leave on everything you touch. They're just not secret. And they're not changeable once the secret is out and the bad guys have your fingerprints.
It makes me cringe every time I hear about biometrics being used as a substitute for passwords, credit card numbers etc. What happens when I get a copy of your fingerprint (using a only piece of tape and some talc)? I can go around making purchases as you, and it's not exactly like you can cancel your fingerprints and get new ones.
The only place biometrics really shine are the times when the person doesn't WANT to be identified. You kinda have to carry your fingerprints around with you. For everything else, they suck.
I would much rather fork over my credit cards at gunpoint than be kidnapped or have my fingers chopped off.
A poser SUV? What the fuck do you call a Cadillac SUV then, or 99% of the other SUVs on the market?
You just answered your own question. But as it's already been pointed out, they're still better than a CR-V
At least if I took my CR-V offroad and broke it I could replace it without breaking the bank!
I thought you said it had a great resale value....
Anyways, IMHO in general an SUV is not an offroad vehicle. It's a yuppie-mobile. The CR-V is an economical family car.
No it's an SUV. Don't take my word for it, ask the DMV, your insurance company, or the federal gov't. Do you even know what CR-V stands for?
The Wrangler solves a different problem. I'm sure it's a way better off-road vehicle. But who cares?
One would think you would, judging by the type of vehicle you bought. It's absolutely retarded to buy a vehicle with a center of gravity that high if you're never going to take it off road. Was it the worse gas mileage, or the possibility of rollover that sold you on this purchase?
Look around, you idiot. 99.99% of the people who are buying SUVs today will NEVER take them offroad, unless you count that big gravel patch in the Safeway parking lot offroad.
So maybe you should have bought a decent CAR then instead of a wanna-be SUV.
In the market segment your vehicle is from, the Wrangler is clearly the better choice. (Unless you're buying an SUV for silly yuppie reasons.) You made the choice to say the American vehicles suck, and I pointed out that there's an American vehicle better than the one you're driving.
If you go around making silly generalizations like "American cars suck", expect to get called on it.
Personally, I drive a Mazda, but I appreciate nice cars from ANY country.
Honda CR-V. 5 years old, 45k miles, good as new, seriously very close to mint condition. Check the resale value if you like.
So you bought a poser SUV with an artificially high resale value.
If you actually tried to take it offroad it would break.
An American Jeep Wrangler would embarass the crap out of you if you ever did go offroad.
Wow, biased much? No offense but I (and a ton of other people) would prefer to own some fine Japanese tinfoil, any day. Americans have produced some decent cars, but overall... suckage. IMHO of course.
Any your opinion clearly isn't an informed one. Tell a Jeep Wrangler owner what you think of his car and try playing follow-the-leader.
It amazes me that you'll call this guy biased when you bought the crap-fest Honda CR-V as opposed to the better-priced, Wrangler. If you compare the two objectively, the Jeep is just plain better.
Am I seeing things? A post which talks about how Dodges are reliable, and Honda Civics only last 7 years, is marked at +5 Insightful???
Anybody with *any* experience with Chrysler products, or Honda Civics, would moderate this as a troll, or perhaps humorous. There's a reason that Consumer Reports (among others) gives top ratings to Honda, and low-end ratings to anything Dodge.
You cleary know nothing about cars.
The car he was talking about had a slant-6 engine in it. Those are one of the most reliable engines EVER MADE. Try looking something up instead of talking out your ass.
Perhaps in the late 70's what you're saying is true, but now Civics are the most reliable cars on the road.
Hondas are over-rated. I'd take a GM 3800 V-6 (good for 300,000+ miles) over a Honda engine any day.
The idea of being a car snob over a Dodge is absurd. I owned one before, and I wouldn't wish one upon my worst enemy.
Well it certainly wasn't a Viper then. Did you ever stop to think that maybe the specfic model of car you purchase matters and THAT's why they cost different prices?
If you buy a cheap POS from ANY company you're getting a cheap POS. I've worked on old Civics, they're nothing impressive, especially when they leave your gf stuck on the other side of the country.
It always amazes me that people think their car will never break because it has an "H" on the hood. The trick to getting a good car is to research that specfic model and that specfic car. You couldn't give me a Dodge Neon, but I'd take a Buick LeSabre over a Honda Accord.
...and in 9/10 hard collisions between your rabbit and my A4, I will walk and you won't.
And what about collisions between your car and a Hummer?
The only thing attitudes like your do is contribute to the current "arms race" out there on the road where people buy bigger and bigger vehicles so they can "feel safe", knowing that when they are unable to aviod an accident using their vehicle's poor handling they'll crush the other guy like a bug.
While it's true that my 2600 pound sportscar isn't going to fare so well in a collision with a stolen army tank, I'll be able to avoid the accident in the first place.
So while you go barreling into that pile-up ahead, I'll be able to drive away.
Yup, I'm sure your 85 HP engine is faster than anything out there. I also agree that the catlike handling of P155 R13 tires is greatly underrated!
Ever hear of something called power to weight ratio?
You don't need giagantic tires and 300HP, when your car isn't a bloated, heavy pig (like the new GTO for example).
I've seen a VW Rabbit tear it up at the autocross, and it was really cool to watch this old guy in his beat-up rabbit hang with WRX's and Evo's. Sure, they would have ate him up in a straight line, but it was like watching Bruce Lee beat up Mike Tyson.
I have trouble jumping on the EV bandwagon because I'm not sure its as environmentally friendly as we'd like to believe. Where do you think the majority of your electricity comes from?
What suprises me is that people give no concern to the hundreds or thousands of pounds of toxic chemical EVs require in their batteries, and the limited lifetime of these batteries.
Imagine needing to dispose of 1000 pounds of lead every five years. How the @#$%^ is that good for the environment?
And of course you also get to go from:
chemical energy=>meechanical energy=>electrical energy=>long distance transmission=>voltage conversion=>chemical energy=>electrical energy=>mechanical energy
instead of simply going from chemical energy to mechanical energy.
And then of course there's the problem that batteries work like total shit in cold climates.
And then there are also energy density problems with electric vehicles. There are no battery powered rockets for a reason. Weight is the enemy when you're building a vehicle. It kills acceleration, braking, handling, fuel efficiency, etc.
IMO, the choice is between clean-fuel ICE's and fuel-cell powered vehicles.
The first big thing to make it hard to work on modern cars was the ECU. Code readers came out as a result. It's true that you can't get the really cool codes out of the computer without knowing all the manufacturer-specific information, like the position of mode doors, the values of sensors, and so on. However, the documentation still tells you how to go about testing all that stuff with nothing more complicated than a DVOM.
The reality is that cars are becoming harder to work on.
The problem is all to do with the computers.
Manufacturers are deliberately making it harder and hard to get diagnostic information from your car.
Let's contrast my old '87 Buick LeSabre, vs. my GF's 98 Toyota Tercel:
-On the Buick, if I want to read the trouble codes, I need a paperclip. That's it. That will let me access ALL the trouble codes. Clearing them is as simple as disconnecting the battery/removing a fuse.
-On the Tercel, I can't get the trouble codes until I buy a $150 code reader. Even then this code reader only gives me a faction of the functionality that it should. OBDII was designed for gov't emissions testing. In order to clear trouble codes you MUST have a reader, and your car will not pass inspection if it has uncleared codes.
Basically, here's my rant about OBDII:
There are too many interfaces, and they did not pick interfaces that were already industry standards. If they'd chose RS-232, code readers would be $100 less.
There's no requirement to blink trouble codes on the MIL (Malfunction Indicator Light). This can save you a lot of time and/or money.
ODBII requires manufactures to make only a tiny subset of the diagnostic information availible. It's bullshit. There's no way for you to do something like bleed the ABS system, for example.
You MUST have a $150+ reader to reset the codes.
Here's an example:
My GF's MIL comes on. We call around and find out that any shop is going to want $70 just to look at it. So I'm pretty much forced to buy a reader.
The trouble codes indicate a misfire. I replace a $5 set of spark plugs, problem fixed.
A problem that would have cost me $5 to fix on the Buick, cost me $155 on a newer car.
Now look, I'm willing to shell out $150 for a reader, but I want it do be able to do more than I can do on an older car with just a paper clip.
The way it's set up right now, $150 gets you your trouble codes, but if you want any of the things that you SHOULD be able to get with a computer interface (like TPS sensor status) you need to buy ANOTHER special purpose computer (if you lucky and it's even avaible for you model) or spend the value of the car itself on a computer.
The solution to all this BS is pretty simple:
No dealer-only diagnostics
Any non-engineering computer interfaces must meet a federal standard, and any deviations from this standard must be disclosed.
Right now I could build a car and cryptographically block you from doing anything but basic ODBII functions. If you want to do something as simple as bleed your brakes you MUST pay a dealer or you will not be able to properly bleed the ABS unit. Then it's both a market manipulation issue and a safety issue.
Don't most driver's license cards have barcodes on the back that liquor stores, etc. can scan?
Yes, but it's just a non-encrypted, stacked barcode with the same information as the front of the ID.
If you have the equipment to fake the front, a barcode generator is just a download away.
It's a hell of a lot easier to fake than blacklight sensitive ink, holograms, etc.
Of course no matter what they use for a security measure, it WILL be broken by college students who want to drink.
A better security measure would be letting people who are legally considered adults buy alcohol. (The day I sent in my draft card, I should have been able to buy beer.)
This would vastly reduce the market for fake IDs, making them much more expensive and harder to come by. Right now, there's a HUGE market of people under 21 willing to pay $50+ for a fake ID.
Me and my friend go out to buy some booze. I get through line just fine. He's next and hands them his passport (he's Mexican).
The clerk stands there for a minute with a really confused expression on her face and then says:
"I'm sorry, we can only accept and American passport."
My friend responded:
I'M NOT GOING TO CHANGE MY CITIZENSHIP JUST SO I CAN BUY ALCOHOL!
So after making them look like the idiots they were, he got to buy his booze.
I think it's a perfect example of how stupid things have become in America RE: alcohol.
There's something sort of arrogant about publishing your acceptance speech when you didn't even win.
Dude, it was on his 'blog.
Blogs are a place where people often post their casual musings, like what they'd say if XXX happened. It's not really any more arrogant than posting what you'd do if you won the lottery on slashdot.
Actually, your logic would be the sophistry, as the burden of "proof" lies as much with the atheists as it does with the theist.
No the theory itself is flawed. It's like me saying:
"I have an undetectable Nerf ball that floats above my head."
It's an obviously bad theory. The logical failure is the statement itself.
You must prove that God does not and can not exist as an atheist.
That's like me demanding that you must prove my Nerf ball does not exist. It's silly.
I'll be able to come up with arguments against any reason you can come up with for my Nerf ball's nonexistence, but that's because the original theory is flawed. The theory itself is sophistry.
Absence of evidence is not evidence of absence.
To those of us who believe in logic, science, and reason it is.
Your example isn't a good fit. Authority to act on behalf of a company is not binary.
Could the manager also sell you the actual Walmart store for $5? He is allowed to act on Walmart's behalf, right?
I understand your point, but we're not talking about someone who was clearly overstepping his bounds at the company.
The case of waste is quite similar to my example. The guy may have been working for AOL, but he was in a postition to make decisions, hence waste was developed and later released.
It's also worth noting that there are a fair number of programs listed as "open source" at nullsoft.
Was Winamp released under the GPL? If the answer is no then your post is meaningless.
How do you figure that?
Either he had the authority to act on behalf of Nullsoft or he did not. If he chose to use this authority to release winamp one way waste another, that would be at his discretion.
It is possible that Justin had authority to release binaries such as Winamp but no authority to release source.
People keep saying "well what if some internal document said XXX?"
What everyone seems to neglect is that people act as agents of the companies they work for.
If a manager at Walmart sells me a laptop for $10, he has that authority. Normally laptops sell for more than this, but this guy's a manager an I have a reasonable expectation that he can do this.
If it turns out the next day that his boss doesn't like it, they don't get the laptop back.
If we had to worry about internal agreements invalidating any contract made by employees who seemingly have the authority to do so, you'd never be able to trust a company to stick to an agreement. It would be too easy to weasel out.
I my Walmart example, maybe there's a document specfically saying he can't sell a laptop for less than $50. Why the hell should I know or care about it? The manager should know about it if he wants to keep his job, but in the end I still get my laptop for whatever he sells it to me for.
If Walmart doesn't like it they can fire the employee, or even go after him legally, but I'm in the clear. I bought my laptop at the price given to me by a Walmart representitive.
Re:Thank goodness for GPL conservators
on
VIA Pulls PadLockSL
·
· Score: 2, Insightful
This makes the assumption that the GPL license originally given for the original code is actually valid. The common point that people make is that Justin Frankel wrote the code while working for AOL, and depending on his contract with AOL, code he writes while working for them (or while in the office?) may be owned by AOL, meaning the license he put on the code may not be valid.
Nope.
There are really several possibilities here:
Fankel owns the code. If this is true, the GPL release is valid.
AOL owns the code.
If AOL owns the code and Frankel had no authority to release code, the release would be invalid.
But even if AOL owns the code... if Frankel, acting on behalf of AOL released the code, the GPL sticks.
That's the key thing here, Frankel is the person who released Winamp, etc.
It's fairly easy to suggest that he had the authority to release code. This makes his decision also Nullsoft's decision.
He essentially had the authority to represent Nullsoft and act in its interest, and so his actions should be legally treated as actions of nullsoft.
Any ruling that would let AOL retract the release of WASTE would make it ridiculously easy for companies to slip out of contracts they didn't like, but allowing companies to claim that the person who acted on their behalf (signing the contract) was not authorized, despite it seeming clear at the time that he was.
Example:
I could start a company and create a division called "emptysetsoft" and make Joe the head of it. Joe buys and sells houses as part of his duties for emptysetsoft. One day Joe makes a deal I don't like so I fire him, and then claim that Joe was making unauthorized deals. I demand that deal and only that deal be reversed.
See the problem? Joe clearly had the authority to make deals on behalf of emptysetsoft.
Has AOL claimed Frankel's releases of Winamp were unapproved and thus invalid? No.
Re:Software is void, revoked and terminated.
on
VIA Pulls PadLockSL
·
· Score: 1
Why are you so sure he indeed had the authority to do so (source code and all w/ a GPL license? Are you his boss, perhaps, or maybe a Nullsoft lawyer? Have you read the Nullsoft source release policy statement? Do you have the employee's job description on your desk? Are you bugging Nullsoft's corporate offices? Why are you so obviously authoritative on this issue? Inquiring minds want to know!
Just a quick little addendum:
Do I NEED all that shit when I sign a contract with another company?
No. There just needs to be a reasonable expectation that the person from the other company has the authority to enter into the contract.
If the person signing the contact with me, signs contacts for that company, then the company (in this case) AOL doesn't get to pick and choose which they will honor.
If the case was any different, it would be WAY too easy for companies to weasel out of contracts with each other.
Re:Software is void, revoked and terminated.
on
VIA Pulls PadLockSL
·
· Score: 1
Why are you so sure he indeed had the authority to do so (source code and all w/ a GPL license?
Because he's the guy who wrote and released their (Nullsoft's) software.
This is pretty much a case of the "nullsoft" division of AOL doing something that AOL decided it didn't like and then AOL claiming that there was no division and that all decisions had to go through them.
Maybe his bosses didn't like his decsion, but it's pretty obvious that he was in a position to make decisions on behalf of nullsoft.
Yes I know there is a roll-over risk with my truck as with anything that is fairly tall and narrow. but If you know how to drive there isn't a problem.
Yes it is. It limits your vehicle's cornering ability. It doesn't matter how well you know how to drive, you vehicle's handling capabilities are severely handicapped. Should something bad happen, you have less potential to do something about it than someone driving a decent car.
Besides if you know how to drive, you shouldn't need a 4WD SUV to feel confident on a ROAD.
I feel perfectly confident driving down the road in a CAR, except when somebody else is next to me with their suburban battle tank.
Slashdot Mirror
Yes, but there are two key things there:
With biometrics, you're practically giving half of the fight away.
If the biometric is impossible to duplicate or bypass then it doesn't matter if it's unchangeable and obvious.
Be sure to claim your nobel prize when you invent the world's first 100% infallible security system.
if we do find a biometric that is near impossible to duplicate (possible candidate: a retinal scan of blood flow)
But you're just making an assumption there. I don't really see any compelling reason why that particular method couldn't be defeated. Clever use of an IR laser and a few mirrors might get one off to a good start. Retinal scanners aren't like quantum cryptography or anything, you're just hoping someone doesn't think of an easy way to fake it out. There's no physical or mathemaical law that you can point to.
this should be far superior to carrying around passwords in your head.
If you like being kidnapped, killed, or dismembered. Sometimes being able to just give someone the key is a good thing.
Biometrics are not all doom and gloom you know... Sure a biometric on it's own is not really very good for authentication, and does suffer from the problem of being hard to replace, but the strength of biometrics is not that they're secret (which no one should assume), but that they're hard to forge. (ok not fingerprints!!!)
So you know how easy it is to forge fingerprints.....now take a moment and consider that it might be easy to forge OTHER biometrics too.
The real strength of biometrics is that people like to use them: they don't have to remember hard passwords, or need to change them regularly, and hence the likelihood of the security being properly used is far higher than that of people adhering to password policies.
But that was the whole point of my post:
It's a false security!
It's fundamentally flawed.
The idea with password policies is to make it hard to obtain or guess your secret password. If you start using biometrics, you're using something that is EASY to get. When designing a security system, it's just not reasonable for me to assume that my fingerprints are secret. Try implementing a biometric system and then telling your users that they are no longer allowed to touch flat, smooth surfaces.
In addition, the smartcard holds the copy of the fingerprint, so there's no privacy issues here either. Unlike many other biometric systems...
There are all kind of security issues with smart cards but that's a seperate discussion. The wild part here is that you haven't thought the whole thing through:
-Your smartcard stores your finger print
-What the heck is that going to be compared with unless you put your finger on an electronic device that belongs to someone else?
(There's no inherent protection for the privacy of you fingerprint there because I still get a copy of your fingerprint, and can store it if I so choose.)
-Now here's the real doozy.. Guess where I can get your fingerprint if I steal your smartcard: Off your smartcard! That's right, you use your fingers to take your smartcard out of your wallet, leaving fingerprints on it.
Sure, biometrics have issues, but which technology out there doesn't? Dismissing them out of hand is a touch knee-jerk for my taste...
It's not a knee-jerk response, I've thought the issue through. The concept itself is flawed.
I think biometrics can definately be useful when someone doesn't want to be identified, but in the situation where someone is actively trying to prove they have the correct key and knows the challenges they will face, the basic concept just doesn't work.
The basic challenge of getting the secret is removed, and the only challenge left is creating a forgery. It's like letting someone take an impression of you house key, and hoping that they can't find a blank and cut it.
It's not hard to come up with something that's as hard or even harder to forge than a given biometric, but is actually something that you can keep secret and change if necessary.
Biometrics used in combination with a traditional password scheme would be more secure than just the password itself.
I don't even advocate that.
As I said earlier, fingerprints and the like fail for any sort of security use becuase they are not secret.
And as for things like monitoring HOW you type your password, I think it's a bad idea. Personally, I probably have about 5 different typing styles depending on what else I'm doing and how much attention I'm paying. Then there's also the problem of "What it I break my finger?"
Personally, I'd rather have better locks on my can than a lock that monitors how fast I turn the key. While it can be argued that adding basically ANY step to a security system makes it more secure, the real think should consider it that energy is better expended elsewhere.
One cool password authentication scheme I've seen, was where your password was a series of tasks to be performed on a set of objects. The concept was that you could watch me enter my password once, but you wouldn't be able to access the system because the objects to perform the tasks on would change.
Even a keylogger wouldn't help with that situation.
The only way to get my password for be for me to tell you the set of tasks or for you to watch me enter my password many times.
Unfortunately, the guy's implementation was to difficult to use.
All feminists don't necessarily agree... just like "hacker" can have a whole bunch of different connotations, so can "feminist".
Yep. I believe in "equal rights" but I would never call myself a feminist.
I think egalitarian is a much better term to use, and much less likely to come back to haunt you.
The term feminist, is irrevocably assosciated with a social movement that has not always displayed the best behavior.
"A woman reading Playboy feels a little like a Jew reading a Nazi manual." -Gloria Steinem
And, like many other minority groups, we are often known by our extremists.
It's also worth noting that women are NOT a minority group.
I think that makes it all the more important for those of us who *aren't* extremists to use the term rather than abandon it.
I think it would be more important to examine the beliefs of those who created and defined the term and decide if you agree with them. Even the less extreme feminists, like Steinem have opinions that you might not agree with. Like this tidbit:
"I've yet to be on a campus where most women weren't worrying about some aspect of combining marriage, children, and a career. I've yet to find one where many men were worrying about the same thing." -Gloria Steinem
Forgive me if I actually respect a mother who raises her own child.
I work in the security industry (okay, so right now I'm on hiatus from the security industry while I finish my Master's, focusing in security) and I've yet to meet one single reputable ex-cracker.
I highly doubt that.
Perhaps you only know one person who admits to doing enough that you would call them a cracker, but I bet you know of a few more people that have at least done something akin to cracking, and probably a whole bunch more who've decided it would be better to never mention anything like that in their past, despite having done it.
Reading the article, I found absolutely nothing to indicate Raven's past is anything less than aboveboard.
I certainly wouldn't claim to know any specfic person's past , but who DIDN'T have a trick or two up their sleeve in college?
I'm not saying something as serious as changing their grades, but little things that they knew they weren't supposed to be doing, but did anyways.
I know you mean this as a joke, but I want to take a second to remind people why biometric authenticaion is stupid:
When you're using somrt sort of key/password, you want it to meet the following criteria:
Many of the best security systems rely on "something you know and something you have". This means that there is a physical object, and some sort of password.
Biometrics are stupid because they rely on the secrecy of something like your fingerprints, which you leave on everything you touch. They're just not secret. And they're not changeable once the secret is out and the bad guys have your fingerprints.
It makes me cringe every time I hear about biometrics being used as a substitute for passwords, credit card numbers etc. What happens when I get a copy of your fingerprint (using a only piece of tape and some talc)? I can go around making purchases as you, and it's not exactly like you can cancel your fingerprints and get new ones.
The only place biometrics really shine are the times when the person doesn't WANT to be identified. You kinda have to carry your fingerprints around with you. For everything else, they suck.
I would much rather fork over my credit cards at gunpoint than be kidnapped or have my fingers chopped off.
A poser SUV? What the fuck do you call a Cadillac SUV then, or 99% of the other SUVs on the market?
You just answered your own question. But as it's already been pointed out, they're still better than a CR-V
At least if I took my CR-V offroad and broke it I could replace it without breaking the bank!
I thought you said it had a great resale value....
Anyways, IMHO in general an SUV is not an offroad vehicle. It's a yuppie-mobile. The CR-V is an economical family car.
No it's an SUV. Don't take my word for it, ask the DMV, your insurance company, or the federal gov't. Do you even know what CR-V stands for?
The Wrangler solves a different problem. I'm sure it's a way better off-road vehicle. But who cares?
One would think you would, judging by the type of vehicle you bought. It's absolutely retarded to buy a vehicle with a center of gravity that high if you're never going to take it off road. Was it the worse gas mileage, or the possibility of rollover that sold you on this purchase?
Look around, you idiot. 99.99% of the people who are buying SUVs today will NEVER take them offroad, unless you count that big gravel patch in the Safeway parking lot offroad.
So maybe you should have bought a decent CAR then instead of a wanna-be SUV.
In the market segment your vehicle is from, the Wrangler is clearly the better choice. (Unless you're buying an SUV for silly yuppie reasons.) You made the choice to say the American vehicles suck, and I pointed out that there's an American vehicle better than the one you're driving.
If you go around making silly generalizations like "American cars suck", expect to get called on it.
Personally, I drive a Mazda, but I appreciate nice cars from ANY country.
Honda CR-V. 5 years old, 45k miles, good as new, seriously very close to mint condition. Check the resale value if you like.
So you bought a poser SUV with an artificially high resale value.
If you actually tried to take it offroad it would break.
An American Jeep Wrangler would embarass the crap out of you if you ever did go offroad.
Wow, biased much? No offense but I (and a ton of other people) would prefer to own some fine Japanese tinfoil, any day. Americans have produced some decent cars, but overall... suckage. IMHO of course.
Any your opinion clearly isn't an informed one. Tell a Jeep Wrangler owner what you think of his car and try playing follow-the-leader.
It amazes me that you'll call this guy biased when you bought the crap-fest Honda CR-V as opposed to the better-priced, Wrangler. If you compare the two objectively, the Jeep is just plain better.
Am I seeing things? A post which talks about how Dodges are reliable, and Honda Civics only last 7 years, is marked at +5 Insightful??? Anybody with *any* experience with Chrysler products, or Honda Civics, would moderate this as a troll, or perhaps humorous. There's a reason that Consumer Reports (among others) gives top ratings to Honda, and low-end ratings to anything Dodge.
You cleary know nothing about cars.
The car he was talking about had a slant-6 engine in it. Those are one of the most reliable engines EVER MADE. Try looking something up instead of talking out your ass.
Perhaps in the late 70's what you're saying is true, but now Civics are the most reliable cars on the road.
Hondas are over-rated. I'd take a GM 3800 V-6 (good for 300,000+ miles) over a Honda engine any day.
The idea of being a car snob over a Dodge is absurd. I owned one before, and I wouldn't wish one upon my worst enemy.
Well it certainly wasn't a Viper then. Did you ever stop to think that maybe the specfic model of car you purchase matters and THAT's why they cost different prices?
If you buy a cheap POS from ANY company you're getting a cheap POS. I've worked on old Civics, they're nothing impressive, especially when they leave your gf stuck on the other side of the country.
It always amazes me that people think their car will never break because it has an "H" on the hood. The trick to getting a good car is to research that specfic model and that specfic car. You couldn't give me a Dodge Neon, but I'd take a Buick LeSabre over a Honda Accord.
And what about collisions between your car and a Hummer?
The only thing attitudes like your do is contribute to the current "arms race" out there on the road where people buy bigger and bigger vehicles so they can "feel safe", knowing that when they are unable to aviod an accident using their vehicle's poor handling they'll crush the other guy like a bug.
While it's true that my 2600 pound sportscar isn't going to fare so well in a collision with a stolen army tank, I'll be able to avoid the accident in the first place.
So while you go barreling into that pile-up ahead, I'll be able to drive away.
Yup, I'm sure your 85 HP engine is faster than anything out there. I also agree that the catlike handling of P155 R13 tires is greatly underrated!
Ever hear of something called power to weight ratio?
You don't need giagantic tires and 300HP, when your car isn't a bloated, heavy pig (like the new GTO for example).
I've seen a VW Rabbit tear it up at the autocross, and it was really cool to watch this old guy in his beat-up rabbit hang with WRX's and Evo's. Sure, they would have ate him up in a straight line, but it was like watching Bruce Lee beat up Mike Tyson.
Imagine needing to dispose of 1000 pounds of lead every five years. How the @#$%^ is that good for the environment?
chemical energy=>meechanical energy=>electrical energy=>long distance transmission=>voltage conversion=>chemical energy=>electrical energy=>mechanical energy
instead of simply going from chemical energy to mechanical energy.
IMO, the choice is between clean-fuel ICE's and fuel-cell powered vehicles.
The reality is that cars are becoming harder to work on.
The problem is all to do with the computers.
Manufacturers are deliberately making it harder and hard to get diagnostic information from your car.
Let's contrast my old '87 Buick LeSabre, vs. my GF's 98 Toyota Tercel:
-On the Buick, if I want to read the trouble codes, I need a paperclip. That's it. That will let me access ALL the trouble codes. Clearing them is as simple as disconnecting the battery/removing a fuse.
-On the Tercel, I can't get the trouble codes until I buy a $150 code reader. Even then this code reader only gives me a faction of the functionality that it should. OBDII was designed for gov't emissions testing. In order to clear trouble codes you MUST have a reader, and your car will not pass inspection if it has uncleared codes.
Basically, here's my rant about OBDII:
Here's an example:
My GF's MIL comes on. We call around and find out that any shop is going to want $70 just to look at it. So I'm pretty much forced to buy a reader.
The trouble codes indicate a misfire. I replace a $5 set of spark plugs, problem fixed.
A problem that would have cost me $5 to fix on the Buick, cost me $155 on a newer car.
Now look, I'm willing to shell out $150 for a reader, but I want it do be able to do more than I can do on an older car with just a paper clip.
The way it's set up right now, $150 gets you your trouble codes, but if you want any of the things that you SHOULD be able to get with a computer interface (like TPS sensor status) you need to buy ANOTHER special purpose computer (if you lucky and it's even avaible for you model) or spend the value of the car itself on a computer.
The solution to all this BS is pretty simple:
No dealer-only diagnostics
Any non-engineering computer interfaces must meet a federal standard, and any deviations from this standard must be disclosed.
Right now I could build a car and cryptographically block you from doing anything but basic ODBII functions. If you want to do something as simple as bleed your brakes you MUST pay a dealer or you will not be able to properly bleed the ABS unit. Then it's both a market manipulation issue and a safety issue.
My '84 RX-7 GSL-SE will destroy your rabbit. :) Rotary engines + 5 speed transmission = rockin.
:)
My '86 RX-7 GXL can beat up your '84 RX-7 and only has 45K miles
Don't most driver's license cards have barcodes on the back that liquor stores, etc. can scan?
Yes, but it's just a non-encrypted, stacked barcode with the same information as the front of the ID.
If you have the equipment to fake the front, a barcode generator is just a download away.
It's a hell of a lot easier to fake than blacklight sensitive ink, holograms, etc.
Of course no matter what they use for a security measure, it WILL be broken by college students who want to drink.
A better security measure would be letting people who are legally considered adults buy alcohol. (The day I sent in my draft card, I should have been able to buy beer.)
This would vastly reduce the market for fake IDs, making them much more expensive and harder to come by.
Right now, there's a HUGE market of people under 21 willing to pay $50+ for a fake ID.
Why would they deny service to a paying customer?
Funny story:
Me and my friend go out to buy some booze. I get through line just fine. He's next and hands them his passport (he's Mexican).
The clerk stands there for a minute with a really confused expression on her face and then says:
"I'm sorry, we can only accept and American passport."
My friend responded:
I'M NOT GOING TO CHANGE MY CITIZENSHIP JUST SO I CAN BUY ALCOHOL!
So after making them look like the idiots they were, he got to buy his booze.
I think it's a perfect example of how stupid things have become in America RE: alcohol.
There's something sort of arrogant about publishing your acceptance speech when you didn't even win.
Dude, it was on his 'blog.
Blogs are a place where people often post their casual musings, like what they'd say if XXX happened. It's not really any more arrogant than posting what you'd do if you won the lottery on slashdot.
Actually, your logic would be the sophistry, as the burden of "proof" lies as much with the atheists as it does with the theist.
No the theory itself is flawed. It's like me saying:
"I have an undetectable Nerf ball that floats above my head."
It's an obviously bad theory. The logical failure is the statement itself.
You must prove that God does not and can not exist as an atheist.
That's like me demanding that you must prove my Nerf ball does not exist. It's silly.
I'll be able to come up with arguments against any reason you can come up with for my Nerf ball's nonexistence, but that's because the original theory is flawed. The theory itself is sophistry.
Absence of evidence is not evidence of absence.
To those of us who believe in logic, science, and reason it is.
Your example isn't a good fit. Authority to act on behalf of a company is not binary. Could the manager also sell you the actual Walmart store for $5? He is allowed to act on Walmart's behalf, right?
I understand your point, but we're not talking about someone who was clearly overstepping his bounds at the company.
The case of waste is quite similar to my example. The guy may have been working for AOL, but he was in a postition to make decisions, hence waste was developed and later released.
It's also worth noting that there are a fair number of programs listed as "open source" at nullsoft.
Was Winamp released under the GPL? If the answer is no then your post is meaningless.
How do you figure that?
Either he had the authority to act on behalf of Nullsoft or he did not. If he chose to use this authority to release winamp one way waste another, that would be at his discretion.
It is possible that Justin had authority to release binaries such as Winamp but no authority to release source.
People keep saying "well what if some internal document said XXX?"
What everyone seems to neglect is that people act as agents of the companies they work for.
If a manager at Walmart sells me a laptop for $10, he has that authority. Normally laptops sell for more than this, but this guy's a manager an I have a reasonable expectation that he can do this.
If it turns out the next day that his boss doesn't like it, they don't get the laptop back.
If we had to worry about internal agreements invalidating any contract made by employees who seemingly have the authority to do so, you'd never be able to trust a company to stick to an agreement. It would be too easy to weasel out.
I my Walmart example, maybe there's a document specfically saying he can't sell a laptop for less than $50. Why the hell should I know or care about it? The manager should know about it if he wants to keep his job, but in the end I still get my laptop for whatever he sells it to me for.
If Walmart doesn't like it they can fire the employee, or even go after him legally, but I'm in the clear. I bought my laptop at the price given to me by a Walmart representitive.
Nope.
There are really several possibilities here:
That's the key thing here, Frankel is the person who released Winamp, etc.
It's fairly easy to suggest that he had the authority to release code. This makes his decision also Nullsoft's decision. He essentially had the authority to represent Nullsoft and act in its interest, and so his actions should be legally treated as actions of nullsoft.
Any ruling that would let AOL retract the release of WASTE would make it ridiculously easy for companies to slip out of contracts they didn't like, but allowing companies to claim that the person who acted on their behalf (signing the contract) was not authorized, despite it seeming clear at the time that he was.
Example:
I could start a company and create a division called "emptysetsoft" and make Joe the head of it. Joe buys and sells houses as part of his duties for emptysetsoft. One day Joe makes a deal I don't like so I fire him, and then claim that Joe was making unauthorized deals. I demand that deal and only that deal be reversed.
See the problem? Joe clearly had the authority to make deals on behalf of emptysetsoft.
Has AOL claimed Frankel's releases of Winamp were unapproved and thus invalid? No.
Why are you so sure he indeed had the authority to do so (source code and all w/ a GPL license? Are you his boss, perhaps, or maybe a Nullsoft lawyer? Have you read the Nullsoft source release policy statement? Do you have the employee's job description on your desk? Are you bugging Nullsoft's corporate offices? Why are you so obviously authoritative on this issue? Inquiring minds want to know!
Just a quick little addendum:
Do I NEED all that shit when I sign a contract with another company?
No. There just needs to be a reasonable expectation that the person from the other company has the authority to enter into the contract.
If the person signing the contact with me, signs contacts for that company, then the company (in this case) AOL doesn't get to pick and choose which they will honor.
If the case was any different, it would be WAY too easy for companies to weasel out of contracts with each other.
Why are you so sure he indeed had the authority to do so (source code and all w/ a GPL license?
Because he's the guy who wrote and released their (Nullsoft's) software.
This is pretty much a case of the "nullsoft" division of AOL doing something that AOL decided it didn't like and then AOL claiming that there was no division and that all decisions had to go through them.
Maybe his bosses didn't like his decsion, but it's pretty obvious that he was in a position to make decisions on behalf of nullsoft.
Yes I know there is a roll-over risk with my truck as with anything that is fairly tall and narrow. but If you know how to drive there isn't a problem.
Yes it is. It limits your vehicle's cornering ability. It doesn't matter how well you know how to drive, you vehicle's handling capabilities are severely handicapped. Should something bad happen, you have less potential to do something about it than someone driving a decent car.
Besides if you know how to drive, you shouldn't need a 4WD SUV to feel confident on a ROAD.
I feel perfectly confident driving down the road in a CAR, except when somebody else is next to me with their suburban battle tank.