I read posts like this and fear for our future. Do you not realize that you cannot end asymetric warfare (i.e. terrorism but with a side-neutral label) through violence. The low-power side will always escallate the violence, a la the speach by Sean Connery in The Untouchables (they pull a knife, you pull a gun). Given this, the only way, the ONLY way, to end asymetric warfare through violence is to kill EVERY SINGLE PERSON on the opposing side. Despite all the dumb-ass kneejerk reactions like the parent, I doubt seriously if the world would stand by idly while Bush and Blair institute a global genocide policy on Muslims.
Funny how I find out about these things, but the daughter of a co-worker does special theater wiring and was involved in installing a system similar to the one in Denver. If the technology exists to put subtitle screens in the backs of seats that are not too obnoxious for opera-lovers, it certainly seems doable for "modern" movie theaters.
There are some side effects to the deposit laws. For example, places that charge deposits are the places where the deposits are typically redeemed (i.e. grocery stores). Most people don't bother carefully washing the cans/bottles before returning them, if at all. So, what you end up with is bags and bags cans that contain small amounts of sugar water being stored in the same facility where I buy my fish and chicken. Mmmm, salmonella!
Bah! Cynical is only the half of it. Note that the poll question wasn't "Should the FBI be able to search non-public records WITHOUT A JUDGE-ISSUED SEARCH WARRANT". There is pretty much no dispute about the FBI's ability to search if they have already convinced a judge that there is a reasonable reason (probable cause anyone?). The whole controversy about the "Library Clause" thingie from PA is that the judicial check of law enforcement's powers is eliminated if the investigator can figure out a reason to classify the suspect as a terrorist.
I'm surprised no one's done this yet, but anyway...
My hobby is computer security. Windows has been amazing for helping me understand all the ways that an attacker can break in and gain access to my bank records. I tried using FreeBSD as a target before, but my research was dismal, as I had to do so much to it in order for the attacker to have a path in. With Windows, I was compromized in under a minte. Thank you Bill Gates!
I read TFA, although admittedly after I'd already written one somewhat scathing post (trying to get a foe, I really am:-)
TFA left me somewhat curious. I wish there was more specific information about what the other evidence was. It isn't unheard of for a child to accuse someone of a crime (Salem witch hunt, anyone?), and I'm not sure what the specific searches were for. On the one hand, searching for "Lolitas" plural is one thing, but a Google for "Lolita" also turns up information on the Nabakov novel that was required reading in several classes I took in college. If the testimony of one person, and a person that the state considers unfit to make decisions about her own sexuality at that, a potentially vague Google search, and the highly-prejudicial use of the "PGP as indication of criminal intent", I can see the possibility that this guy was railroaded.
The GP wasn't saying that child pornographers and other reprobates should be able to get away scott free by encrypting the evidence. The point appears to have been that moves such as this are serving to errode the protections set forth in the Forth and Fifth Amendments.
Stating that encryption is relevant to the state's case is analogous to the state saying that the defendant's refusal to admit that they're guilty is relevant to their case. There are all sorts of legal uses for encryption, most of them perfectly understandable for the accused (and he still is only accused, not convicted, and should therefore be presumed innocent!) If this weren't so, then you might as well accuse the thousands of people in my company who have PGP on their desktops of being child pornographers and/or terrorists.
Yes, child pornography is bad, but that doesn't mean that the moment someone is accused of the crime we should throw out the constitutional protections guaranteed ALL citizens. Given the current political climate, people who use reasoning such as the parent turn my stomach more so than CONVICTED child pornographers. Bah!
As for concerns about 'hash security', isn't that what john-the-ripper is used for? Just because you can brute-force a password algorithm doesn't make it insecure. From the data provided, this is the equivalent of a 15-character password hash. The best password crackers can take months to crack 10-character password hashes. Then, even if they do figure out that a certain sequence of fingerprint identities matches up a specific hash - what? They somehow clone a finger and alter the dna to create your fingerprint so they can use the computer at the library?
Heh, insightful my ass. Sure, brute-forcing the hash of a 10 character password might take a while, but what if someone chose a poor hashing algorithm (check out the FMS attacks on WEP? What if I have a dictionary of precalculated hashes for known passwords (FBI fingerprint database anyone)? Using a modern computer, I can do a hash-to-hash comparison of hundreds of thousands of entries a second. Check out my other posts as to how this could be used.
I've read a number of posts with a similar "what's the big deal" attitude, and even replied to some. One thing that seems to come up frequently is the statement made in TFA about taking the library database and reconstructing fingerprints to tie in with those of law enforcement. What isn't mentioned, however, is the fact that law enforcement could take their database and identify the 15 points so that they DO have a cross reference point.
So, how is this useful? Say a crime is comitted. The LEO dusts the scene of the crime, comes up with a fingerprint. They check their records and find no matches. LEO asks himself "Who else has a database of fingerprints? The library!" Instead of reconstructing the library's database into fingerprints, calculate the same hash for the crime scene prints and search the library's database that way.
Still don't think its a problem? After all, your fingerprint would only be at the crime scene if you were the perpetrator. But wait! The crime occurred at your friends house, or maybe the house of the woman you don't want your wife to know about. Your prints match, even though you didn't commit the crime, so now you're a suspect. At absolute best, you have to explain to your wife what your fingerprints were doing on the victim's, er, personal enjoyment device. Also, there are plenty of things that an individual might chose to research at the library that they wouldn't at home (STDs? Laws to protect you from an abusive spouse/parent? Divorce attornies? Homosexuality support groups?) If your prints showed as a match to crime scene prints, there's a high probability that your surfing logs would become part of the public record.
Regardless of whether we believe that we can trust a particular organization to intentionally do the Right Thing(tm), all organizations are made up of people, and individual people make mistakes. Individual people optimize the rest of the world to suit their own priorities. Individual people, believe it or not, sometimes do things that their organization specifically forbids. If we don't question them, if we don't force them to explain to us why sacrificing my privacy and my liberty is worthwhile, then maybe we deserve the totalitarian regieme that the US is turning into.
First, bypassing biometric readers by using duplicated "credentials" is a documented fact. Google on gelatin fingerprint biometrics for the related discussion.
Second, if US Biometrics is, indeed, a major provider of these scanners, then acquiring a user's fingerprint gives not only access to the library computers, but also any other resource that uses the US Biometrics readers.
Next, given that the libraries are government institutions all from the same city (Naperville), anyone want to place bets on how long it takes other departments to start using the same technology? I can see the city records office deciding to use the same readers for anyone who wants access to the records archive. How about county records? License plate applications? State taxes? Granted, while those other institutions may have better security on their systems, all an attacker has to do is get the credentials from the easiest target (see point 2).
Biometrics have lots of issues. With identity theft, I can get new account numbers easily. New fingerprints? Ouch. How about when the bank closes your account? "Excuse me, sir, but the computer tells me your account has been canceled. I have to keep your finger." While I don't leave my Social Security Number everywhere I go, you can be sure that my fingerprints are. Granted, I'm not likely to sand off my fingerprints or never go anywhere without latex gloves on, but the fact that I leave fingerprints behind on nearly every item I touch means that it is possible to determine what those 15 points are by paying off the busboy at the Chinese resturant down the street from me.
The biggest problem here is the attitude presented by the parent. The continual grab for more and more personal information is creating a society in which the drones no longer question the invasion of their privacy. Anonymity and privacy are key to freedom. With the continued governmental errosion of both, the US is taking baby steps towards an Orwellian distopia. If retaining our freedom is a priority (and I'm not sure that it is for many people any more), then we MUST challenge every attempt by the government for "just one more little piece" of information in their database. We must inform these organizations that we are not willing to trade our fingerprints for a library book, our liberty for their convenience.
The company I work for makes use of a couple VR caves for engineering and product development. We can bring customers in and have them operate the new platform without having to actually build anything beyond a mock-up of the controls. Granted, it isn't perfect, but from what I've heard in talking with the engineers, it has really helped a lot with coming up with control chamber design.
Why do/.ers try to convert "normals" to OSS? Why do missionaries go to foreign countries to "save souls"? Why is the U.S. engaging in a new wave of militaristic imperialism? Because it makes them feel good. If I hold opinions that I can convince other people to believe, then I am right and I have demonstrated that I was smarter than the converts (i.e. I was doing it first, I was able to change their minds, etc.) It's about power, it's about authority, it's about ego. I suspect that there is an element of geeks trying to set trends, too, sort of the geek equivalent of being the first kid in school to be into 60's revival, being laughed at, and then having the rest of the country do it.
As for me, personally? I'm lazy. I only mention what I use if I am asked or actively convert if I'm expected to support the activity. For example, my father now uses Firefox, and I converted him because I was sick of all of the IE-specific questions I was having to research. My brothers both use IE, and I don't try to convert them because it isn't my problem. Frankly, I don't give a damn what everyone else does, but I'm libertarian, so I don't even advocate my style:-)
I don't think that anyone is saying that the pursuit of knowledge is a bad thing. The way I view it, I would have had a better time in college had I not been forced to take classes that a) did not relate to my chosen field, b) were taught by instructors who knew that 90% of the people in their class would never use this information, and c) were not interesting to me at all.
Had I not been forced to take all of those gen-ed classes (lecture-based life sciences, math for non-math majors, phys-ed, etc.) I would have taken other things that interested me but weren't in my major field. That would have expanded me from my combination of gen-ed and my major in English Literature to enable me to take classes in comp sci, art, etc.
The simple fact is, though, that virtually no one going in to college right out of HS is there for the pleasure of the pursuit of knowledge. It is constantly drilled into our heads that the only way to get a job that doesn't involve hair nets is to get that little piece of paper that proves that you can spend lots of money and pass lots of tests. The only people who are in college for the pursuit of knowledge are the people who've gone back after several years to get another degree.
Since we know that the American education system is both broken and a sham, we might as well make it fit the model we've all got. Treat grade/middle/high school like a career-tree program, with annual test to split kids off to their areas of competence. By high school, it should look mostly like a trade school/apprentice program so kids can get thier first jobs. While not necessarily ideal, it would at least get past that idiotic concept that one instructor can teach a class to kids from the whole range of the bell curve and do a good job for all. By getting the kids who can't/won't do the work out of the classes, the ones who are there will stand a chance of learning something and not being bored to death.
One thing I find noticablly missing from this discussion is the fact that a recording of a performance of Cage's 4'33" would not, in fact, be the audio equivalent of a zero-byte file. Cage's intention, as documented here was that there can be no such thing as listening to the total abcense of sound. A recording of a performance of 4'33" should include the ambient noises from the recording situation (made better now through improved recording techniques).
I guess that one could "perform" the performance by listening to the whole piece on a computer where the music file is 4'33" of nulls and end up listening to the ambient noise in the listening environment (my ears ringing, in my case, due to audio abuse I subjected them to in my youth), but that would probably be more of a computer-induced performance of the piece rather than an accoustic recording of another performance, which would include audience noises (i.e. people shifting in their seats, polite coughs, etc.) as well as environmental ones (i.e. air handling system cycling, wind movement in an outdoor environment, etc.)
I call BS. While there may be some people working in fractals who do the digital equivalent of "walking around, randomly photographing...", there are plenty of people producing beautiful images by hand selecting which equation, what coloring method, which colors, and, in more complicated instances, what layering techniques to use. In particular, check out the works of Sylvie Gallet, Damien Jones, and Kerry Mitchell (google on each name and take first link). Sure, they all use computers to produce the art, and each uses fractals as their medium, but each produces works of striking beauty and each has a style that is distinct to themselves.
If Ansel Adams can walk around in the wilderness and come upon a random scene of a small southwestern town with the sunset just at the exact right angle to illuminate the town and the rising moon in the background (description here), then it is, in fact, possible for people to take pictures of nearly random elements of our environment and have the output be art. There are many, many examples of so-called random photographs that are considered art. I can't thik of the name offhand, but there's a guy in New York who takes amazing portraits of people on the street by walking around with a camera, jumping in front of someone, and taking a flash photo of their face. Granted, I don't like everything he does, but that doesn't mean that he doesn't produce art, just art I don't like.
If the photograph, then, is art, then what sets the digital equivalent apart? The fact that there is no physical document? The fact that I didn't have to get my hands covered in developing fluid or paint all over my shirt? The simple fact is that mankind has been using new technologies and new techniques to make art ever since the first caveman picked up a piece of charcol and drew a buffalo on a cave wall. The camera that you hold to be such a lofty means of creating art was itself the subject of a similar discussion in the art community when it was first introduced, yet today, you'd be hard pressed to find anyone who'd disagree with the statement that you can make art with a camera.
In the end, I look at these "artists" turning their nose up at new methods as being elitist snobs who are unable or unwilling to recognize that art is not static, there is no standard definition, and there is no inherent quality that one can point to that seperates art from crap.
And its not just the CPU speed. The memory's got to be fast, the backplane needs to be able to move huge chunks of data between memory, CPU, and storage, the disk needs to be fast enough that it doesn't take days just to read the initial dataset. Stability is important, too. Imagine how you'd feel if you'd spent millions of years running a complex program looking for the answer to Life, the Universe, and Everything only to find that the computer was blown up at the last second?
The supercomputer farms have the benefits of economies of scale working for them. Since they're dealing with a variety of customer's needs, the equipment is always in use. The support staff has enough different things going on that they're kept entertained (ever tried dealing with a pissed-off, bored support guy?). All of this combines to make renting by the CPU hour a very attractive premise to anyone who isn't in the business of doing pure research.
Furthermore, many company applications don't have an easy way of scoping out future usage. I might have a job for a new product that's going to need 1000 CPUs for a week, because of the complex FEA involved, but once the product is developed and launched, I may only need a small fraction of that for ongoing improvements. I'm faced with the problem of buying 1000 CPUs, installing everything, configuring the OS and software, and hiring a staff of cluster-aware grunts to run it for its lifecycle, and then only using it for a week every two months.
From an accounting standpoint, it is hugely expensive. It gets worse when you factor in issues such as keeping the hardware/software current and the fact that the problems tend to scale relative to the power available (i.e. engineers with no previous grid experience think up problems to be solved based on uniprocessor loads, but once they figure out how to parallelize well, the scope of their models grows). For a company whose business is not grid computing (i.e. most companies), maintaining a trained, well-adjusted staff to care for an expensive piece of equipment that's only used 26 weeks a year is not worth the money.
Lots of companies (bigger companies, that is) have a use for this. Computational Fluid Dynamics (CFD) for modeling things like exhaust flow, noise propegation in an engine compartment, etc. and Finite Element Analysis (FEA) for figuring out necessary material strength for body panels (can you guess I work at a traditional manufacturer?) are both good candidates for grid computing. There are other places doing similar rentals, such as the NCSA in Champaign. They've been doing it for a few years, and it looks to be going fairly well.
I don't buy this argument. By your reasoning, I am stealing from the movie multiplex if I bring my own bag of popcorn to a show. By doing so, I've deprived the multiplex of the money that would have been generated by the sale of a bag of popcorn, so my consumption of my own popcorn is theft.
Granted, IANAL, but this seems to be the height of lunacy to me. I still love the quote from Heinlein's "Life-line":
There has grown up in the minds of certain groups in this country the notion that because a man or a corporation has made a profit out of the public for a number of years, the government and the courts are charged with the duty of guaranteeing such profit in the future, even in the face of changing circumstances and contrary public interest. This strange doctrine is not supported by statute nor common law. Neither individuals nor corporations have any right to come into court and ask that the clock of history be stopped, or turned back, for their private benefit.
Interesting concept, although it really makes me wonder: when The People stand up, against whom do they revolt? Its one thing to take up arms to overthrough a corrupt govenrment, but are we now saying that there's a need for a redefinition of "hostile takeover"?
In addition to the points of the previous poster, biometrics also introduce new risks. For example, while it is fairly easy to revoke a compromized password, revoking a finger is much more, how shall I say, painful. It also means that a determined attacker will now have to consider physical damage to the user (i.e. the eyeball from Minority Report).
Between Moore's Law and modern cracking techniques (dictionary attacks, hybrid attacks using both dictionary and brute force, and hash precalculation), nearly any 7-8 character password that will be easy for Joe User to remember is crackable in a very short period of time. Rather than blaming the users for security failure, we should be looking to improving the overall system.
There are a number of things that can be done. First, and most importantly, eliminate the use of protocols that pass usable credentials (password, reversable password hashes, etc.) across the network in the clear. This means no longer using telnet and FTP (except for kerberized versions), doing something with/about Microsoft's NTLM/LanMan hashes, and probably using client certificates as well as server certs for encrypted web traffic.
Beyond that, there are proven techniques that aren't too hard for users to understand. Time sequence tokens (i.e. RSA's SecurID) have been around for a long time and have yet to be broken except for when the attacker has access to the critical seed records. There was an article a while back (sorry, can't remember where) about a bank using a short list of PINs that they mail to the customers. Each time the customer logs in, they use one and cross it off. The system keeps track of it and automatically send a new list before the old one is exhausted.
The point here is that unless we get rid of the users, we will never be able to educate all users all the time. The best way to get the security levels that appear to be needed is to take the human element out of the process as much as possible.
Better than a boot password (the data is still readable on the hard drive if someone pulls it out), I really like the looks of some new products that are coming out with whole-disk encryption implemented in hardware. They use a USB dongle to hold the private keys, so the attacker would have to steal both the laptop AND the key to have access to the data. I'd much rather see that implemented on all company laptops (even desktops) than watch these companies monkeying around with biometrics.
Back in high school, I had a friend with very anti-military parents. One day, when Eddie was out, the Navy called and Eddie's mom answered. She told the recruiter that Eddie couldn't come to the phone because he was spending the night at his boyfriend's house. Eddie never got another call from any of the military branches:-)
We had one, but we returned it. Our house is 1/2 plush carpet and 1/2 laminate flooring. While the roomba did OK on the hard floor, it was rather surpurflous, as my Mother-in-Law lives with us and mops every day.
On the deep pile carpet, the roomba was nearly worthless. It lacks the suction power to clean deeply, the rotating corner brush gets bound up when going over deep carpet, and it takes so much power that we were only able to clean 1 12x12 room before having to go through a 12-hour charge cycle. Add to that the battery life problems we had (exchanged the first one after only 3 weeks because the battery died), and we really had no reason to keep it.
Slashdot Mirror
I read posts like this and fear for our future. Do you not realize that you cannot end asymetric warfare (i.e. terrorism but with a side-neutral label) through violence. The low-power side will always escallate the violence, a la the speach by Sean Connery in The Untouchables (they pull a knife, you pull a gun). Given this, the only way, the ONLY way, to end asymetric warfare through violence is to kill EVERY SINGLE PERSON on the opposing side. Despite all the dumb-ass kneejerk reactions like the parent, I doubt seriously if the world would stand by idly while Bush and Blair institute a global genocide policy on Muslims.
Funny how I find out about these things, but the daughter of a co-worker does special theater wiring and was involved in installing a system similar to the one in Denver. If the technology exists to put subtitle screens in the backs of seats that are not too obnoxious for opera-lovers, it certainly seems doable for "modern" movie theaters.
There are some side effects to the deposit laws. For example, places that charge deposits are the places where the deposits are typically redeemed (i.e. grocery stores). Most people don't bother carefully washing the cans/bottles before returning them, if at all. So, what you end up with is bags and bags cans that contain small amounts of sugar water being stored in the same facility where I buy my fish and chicken. Mmmm, salmonella!
Bah! Cynical is only the half of it. Note that the poll question wasn't "Should the FBI be able to search non-public records WITHOUT A JUDGE-ISSUED SEARCH WARRANT". There is pretty much no dispute about the FBI's ability to search if they have already convinced a judge that there is a reasonable reason (probable cause anyone?). The whole controversy about the "Library Clause" thingie from PA is that the judicial check of law enforcement's powers is eliminated if the investigator can figure out a reason to classify the suspect as a terrorist.
I'm surprised no one's done this yet, but anyway...
My hobby is computer security. Windows has been amazing for helping me understand all the ways that an attacker can break in and gain access to my bank records. I tried using FreeBSD as a target before, but my research was dismal, as I had to do so much to it in order for the attacker to have a path in. With Windows, I was compromized in under a minte. Thank you Bill Gates!
I read TFA, although admittedly after I'd already written one somewhat scathing post (trying to get a foe, I really am :-)
TFA left me somewhat curious. I wish there was more specific information about what the other evidence was. It isn't unheard of for a child to accuse someone of a crime (Salem witch hunt, anyone?), and I'm not sure what the specific searches were for. On the one hand, searching for "Lolitas" plural is one thing, but a Google for "Lolita" also turns up information on the Nabakov novel that was required reading in several classes I took in college. If the testimony of one person, and a person that the state considers unfit to make decisions about her own sexuality at that, a potentially vague Google search, and the highly-prejudicial use of the "PGP as indication of criminal intent", I can see the possibility that this guy was railroaded.
The GP wasn't saying that child pornographers and other reprobates should be able to get away scott free by encrypting the evidence. The point appears to have been that moves such as this are serving to errode the protections set forth in the Forth and Fifth Amendments.
Stating that encryption is relevant to the state's case is analogous to the state saying that the defendant's refusal to admit that they're guilty is relevant to their case. There are all sorts of legal uses for encryption, most of them perfectly understandable for the accused (and he still is only accused, not convicted, and should therefore be presumed innocent!) If this weren't so, then you might as well accuse the thousands of people in my company who have PGP on their desktops of being child pornographers and/or terrorists.
Yes, child pornography is bad, but that doesn't mean that the moment someone is accused of the crime we should throw out the constitutional protections guaranteed ALL citizens. Given the current political climate, people who use reasoning such as the parent turn my stomach more so than CONVICTED child pornographers. Bah!
As for concerns about 'hash security', isn't that what john-the-ripper is used for? Just because you can brute-force a password algorithm doesn't make it insecure. From the data provided, this is the equivalent of a 15-character password hash. The best password crackers can take months to crack 10-character password hashes. Then, even if they do figure out that a certain sequence of fingerprint identities matches up a specific hash - what? They somehow clone a finger and alter the dna to create your fingerprint so they can use the computer at the library?
Heh, insightful my ass. Sure, brute-forcing the hash of a 10 character password might take a while, but what if someone chose a poor hashing algorithm (check out the FMS attacks on WEP? What if I have a dictionary of precalculated hashes for known passwords (FBI fingerprint database anyone)? Using a modern computer, I can do a hash-to-hash comparison of hundreds of thousands of entries a second. Check out my other posts as to how this could be used.
I've read a number of posts with a similar "what's the big deal" attitude, and even replied to some. One thing that seems to come up frequently is the statement made in TFA about taking the library database and reconstructing fingerprints to tie in with those of law enforcement. What isn't mentioned, however, is the fact that law enforcement could take their database and identify the 15 points so that they DO have a cross reference point.
So, how is this useful? Say a crime is comitted. The LEO dusts the scene of the crime, comes up with a fingerprint. They check their records and find no matches. LEO asks himself "Who else has a database of fingerprints? The library!" Instead of reconstructing the library's database into fingerprints, calculate the same hash for the crime scene prints and search the library's database that way.
Still don't think its a problem? After all, your fingerprint would only be at the crime scene if you were the perpetrator. But wait! The crime occurred at your friends house, or maybe the house of the woman you don't want your wife to know about. Your prints match, even though you didn't commit the crime, so now you're a suspect. At absolute best, you have to explain to your wife what your fingerprints were doing on the victim's, er, personal enjoyment device. Also, there are plenty of things that an individual might chose to research at the library that they wouldn't at home (STDs? Laws to protect you from an abusive spouse/parent? Divorce attornies? Homosexuality support groups?) If your prints showed as a match to crime scene prints, there's a high probability that your surfing logs would become part of the public record.
Regardless of whether we believe that we can trust a particular organization to intentionally do the Right Thing(tm), all organizations are made up of people, and individual people make mistakes. Individual people optimize the rest of the world to suit their own priorities. Individual people, believe it or not, sometimes do things that their organization specifically forbids. If we don't question them, if we don't force them to explain to us why sacrificing my privacy and my liberty is worthwhile, then maybe we deserve the totalitarian regieme that the US is turning into.
First, bypassing biometric readers by using duplicated "credentials" is a documented fact. Google on gelatin fingerprint biometrics for the related discussion.
Second, if US Biometrics is, indeed, a major provider of these scanners, then acquiring a user's fingerprint gives not only access to the library computers, but also any other resource that uses the US Biometrics readers.
Next, given that the libraries are government institutions all from the same city (Naperville), anyone want to place bets on how long it takes other departments to start using the same technology? I can see the city records office deciding to use the same readers for anyone who wants access to the records archive. How about county records? License plate applications? State taxes? Granted, while those other institutions may have better security on their systems, all an attacker has to do is get the credentials from the easiest target (see point 2).
Biometrics have lots of issues. With identity theft, I can get new account numbers easily. New fingerprints? Ouch. How about when the bank closes your account? "Excuse me, sir, but the computer tells me your account has been canceled. I have to keep your finger." While I don't leave my Social Security Number everywhere I go, you can be sure that my fingerprints are. Granted, I'm not likely to sand off my fingerprints or never go anywhere without latex gloves on, but the fact that I leave fingerprints behind on nearly every item I touch means that it is possible to determine what those 15 points are by paying off the busboy at the Chinese resturant down the street from me.
The biggest problem here is the attitude presented by the parent. The continual grab for more and more personal information is creating a society in which the drones no longer question the invasion of their privacy. Anonymity and privacy are key to freedom. With the continued governmental errosion of both, the US is taking baby steps towards an Orwellian distopia. If retaining our freedom is a priority (and I'm not sure that it is for many people any more), then we MUST challenge every attempt by the government for "just one more little piece" of information in their database. We must inform these organizations that we are not willing to trade our fingerprints for a library book, our liberty for their convenience.
The company I work for makes use of a couple VR caves for engineering and product development. We can bring customers in and have them operate the new platform without having to actually build anything beyond a mock-up of the controls. Granted, it isn't perfect, but from what I've heard in talking with the engineers, it has really helped a lot with coming up with control chamber design.
Why do /.ers try to convert "normals" to OSS? Why do missionaries go to foreign countries to "save souls"? Why is the U.S. engaging in a new wave of militaristic imperialism? Because it makes them feel good. If I hold opinions that I can convince other people to believe, then I am right and I have demonstrated that I was smarter than the converts (i.e. I was doing it first, I was able to change their minds, etc.) It's about power, it's about authority, it's about ego. I suspect that there is an element of geeks trying to set trends, too, sort of the geek equivalent of being the first kid in school to be into 60's revival, being laughed at, and then having the rest of the country do it.
As for me, personally? I'm lazy. I only mention what I use if I am asked or actively convert if I'm expected to support the activity. For example, my father now uses Firefox, and I converted him because I was sick of all of the IE-specific questions I was having to research. My brothers both use IE, and I don't try to convert them because it isn't my problem. Frankly, I don't give a damn what everyone else does, but I'm libertarian, so I don't even advocate my style :-)
I don't think that anyone is saying that the pursuit of knowledge is a bad thing. The way I view it, I would have had a better time in college had I not been forced to take classes that a) did not relate to my chosen field, b) were taught by instructors who knew that 90% of the people in their class would never use this information, and c) were not interesting to me at all.
Had I not been forced to take all of those gen-ed classes (lecture-based life sciences, math for non-math majors, phys-ed, etc.) I would have taken other things that interested me but weren't in my major field. That would have expanded me from my combination of gen-ed and my major in English Literature to enable me to take classes in comp sci, art, etc.
The simple fact is, though, that virtually no one going in to college right out of HS is there for the pleasure of the pursuit of knowledge. It is constantly drilled into our heads that the only way to get a job that doesn't involve hair nets is to get that little piece of paper that proves that you can spend lots of money and pass lots of tests. The only people who are in college for the pursuit of knowledge are the people who've gone back after several years to get another degree.
Since we know that the American education system is both broken and a sham, we might as well make it fit the model we've all got. Treat grade/middle/high school like a career-tree program, with annual test to split kids off to their areas of competence. By high school, it should look mostly like a trade school/apprentice program so kids can get thier first jobs. While not necessarily ideal, it would at least get past that idiotic concept that one instructor can teach a class to kids from the whole range of the bell curve and do a good job for all. By getting the kids who can't/won't do the work out of the classes, the ones who are there will stand a chance of learning something and not being bored to death.
One thing I find noticablly missing from this discussion is the fact that a recording of a performance of Cage's 4'33" would not, in fact, be the audio equivalent of a zero-byte file. Cage's intention, as documented here was that there can be no such thing as listening to the total abcense of sound. A recording of a performance of 4'33" should include the ambient noises from the recording situation (made better now through improved recording techniques).
I guess that one could "perform" the performance by listening to the whole piece on a computer where the music file is 4'33" of nulls and end up listening to the ambient noise in the listening environment (my ears ringing, in my case, due to audio abuse I subjected them to in my youth), but that would probably be more of a computer-induced performance of the piece rather than an accoustic recording of another performance, which would include audience noises (i.e. people shifting in their seats, polite coughs, etc.) as well as environmental ones (i.e. air handling system cycling, wind movement in an outdoor environment, etc.)
I call BS. While there may be some people working in fractals who do the digital equivalent of "walking around, randomly photographing...", there are plenty of people producing beautiful images by hand selecting which equation, what coloring method, which colors, and, in more complicated instances, what layering techniques to use. In particular, check out the works of Sylvie Gallet, Damien Jones, and Kerry Mitchell (google on each name and take first link). Sure, they all use computers to produce the art, and each uses fractals as their medium, but each produces works of striking beauty and each has a style that is distinct to themselves.
If Ansel Adams can walk around in the wilderness and come upon a random scene of a small southwestern town with the sunset just at the exact right angle to illuminate the town and the rising moon in the background (description here), then it is, in fact, possible for people to take pictures of nearly random elements of our environment and have the output be art. There are many, many examples of so-called random photographs that are considered art. I can't thik of the name offhand, but there's a guy in New York who takes amazing portraits of people on the street by walking around with a camera, jumping in front of someone, and taking a flash photo of their face. Granted, I don't like everything he does, but that doesn't mean that he doesn't produce art, just art I don't like.
If the photograph, then, is art, then what sets the digital equivalent apart? The fact that there is no physical document? The fact that I didn't have to get my hands covered in developing fluid or paint all over my shirt? The simple fact is that mankind has been using new technologies and new techniques to make art ever since the first caveman picked up a piece of charcol and drew a buffalo on a cave wall. The camera that you hold to be such a lofty means of creating art was itself the subject of a similar discussion in the art community when it was first introduced, yet today, you'd be hard pressed to find anyone who'd disagree with the statement that you can make art with a camera.
In the end, I look at these "artists" turning their nose up at new methods as being elitist snobs who are unable or unwilling to recognize that art is not static, there is no standard definition, and there is no inherent quality that one can point to that seperates art from crap.
And its not just the CPU speed. The memory's got to be fast, the backplane needs to be able to move huge chunks of data between memory, CPU, and storage, the disk needs to be fast enough that it doesn't take days just to read the initial dataset. Stability is important, too. Imagine how you'd feel if you'd spent millions of years running a complex program looking for the answer to Life, the Universe, and Everything only to find that the computer was blown up at the last second? The supercomputer farms have the benefits of economies of scale working for them. Since they're dealing with a variety of customer's needs, the equipment is always in use. The support staff has enough different things going on that they're kept entertained (ever tried dealing with a pissed-off, bored support guy?). All of this combines to make renting by the CPU hour a very attractive premise to anyone who isn't in the business of doing pure research.
Furthermore, many company applications don't have an easy way of scoping out future usage. I might have a job for a new product that's going to need 1000 CPUs for a week, because of the complex FEA involved, but once the product is developed and launched, I may only need a small fraction of that for ongoing improvements. I'm faced with the problem of buying 1000 CPUs, installing everything, configuring the OS and software, and hiring a staff of cluster-aware grunts to run it for its lifecycle, and then only using it for a week every two months. From an accounting standpoint, it is hugely expensive. It gets worse when you factor in issues such as keeping the hardware/software current and the fact that the problems tend to scale relative to the power available (i.e. engineers with no previous grid experience think up problems to be solved based on uniprocessor loads, but once they figure out how to parallelize well, the scope of their models grows). For a company whose business is not grid computing (i.e. most companies), maintaining a trained, well-adjusted staff to care for an expensive piece of equipment that's only used 26 weeks a year is not worth the money.
Lots of companies (bigger companies, that is) have a use for this. Computational Fluid Dynamics (CFD) for modeling things like exhaust flow, noise propegation in an engine compartment, etc. and Finite Element Analysis (FEA) for figuring out necessary material strength for body panels (can you guess I work at a traditional manufacturer?) are both good candidates for grid computing. There are other places doing similar rentals, such as the NCSA in Champaign. They've been doing it for a few years, and it looks to be going fairly well.
I don't buy this argument. By your reasoning, I am stealing from the movie multiplex if I bring my own bag of popcorn to a show. By doing so, I've deprived the multiplex of the money that would have been generated by the sale of a bag of popcorn, so my consumption of my own popcorn is theft.
Granted, IANAL, but this seems to be the height of lunacy to me. I still love the quote from Heinlein's "Life-line":
There has grown up in the minds of certain groups in this country the notion that because a man or a corporation has made a profit out of the public for a number of years, the government and the courts are charged with the duty of guaranteeing such profit in the future, even in the face of changing circumstances and contrary public interest. This strange doctrine is not supported by statute nor common law. Neither individuals nor corporations have any right to come into court and ask that the clock of history be stopped, or turned back, for their private benefit.
Interesting concept, although it really makes me wonder: when The People stand up, against whom do they revolt? Its one thing to take up arms to overthrough a corrupt govenrment, but are we now saying that there's a need for a redefinition of "hostile takeover"?
In addition to the points of the previous poster, biometrics also introduce new risks. For example, while it is fairly easy to revoke a compromized password, revoking a finger is much more, how shall I say, painful. It also means that a determined attacker will now have to consider physical damage to the user (i.e. the eyeball from Minority Report).
Between Moore's Law and modern cracking techniques (dictionary attacks, hybrid attacks using both dictionary and brute force, and hash precalculation), nearly any 7-8 character password that will be easy for Joe User to remember is crackable in a very short period of time. Rather than blaming the users for security failure, we should be looking to improving the overall system.
There are a number of things that can be done. First, and most importantly, eliminate the use of protocols that pass usable credentials (password, reversable password hashes, etc.) across the network in the clear. This means no longer using telnet and FTP (except for kerberized versions), doing something with/about Microsoft's NTLM/LanMan hashes, and probably using client certificates as well as server certs for encrypted web traffic.
Beyond that, there are proven techniques that aren't too hard for users to understand. Time sequence tokens (i.e. RSA's SecurID) have been around for a long time and have yet to be broken except for when the attacker has access to the critical seed records. There was an article a while back (sorry, can't remember where) about a bank using a short list of PINs that they mail to the customers. Each time the customer logs in, they use one and cross it off. The system keeps track of it and automatically send a new list before the old one is exhausted.
The point here is that unless we get rid of the users, we will never be able to educate all users all the time. The best way to get the security levels that appear to be needed is to take the human element out of the process as much as possible.
Better than a boot password (the data is still readable on the hard drive if someone pulls it out), I really like the looks of some new products that are coming out with whole-disk encryption implemented in hardware. They use a USB dongle to hold the private keys, so the attacker would have to steal both the laptop AND the key to have access to the data. I'd much rather see that implemented on all company laptops (even desktops) than watch these companies monkeying around with biometrics.
Back in high school, I had a friend with very anti-military parents. One day, when Eddie was out, the Navy called and Eddie's mom answered. She told the recruiter that Eddie couldn't come to the phone because he was spending the night at his boyfriend's house. Eddie never got another call from any of the military branches :-)
We had one, but we returned it. Our house is 1/2 plush carpet and 1/2 laminate flooring. While the roomba did OK on the hard floor, it was rather surpurflous, as my Mother-in-Law lives with us and mops every day.
On the deep pile carpet, the roomba was nearly worthless. It lacks the suction power to clean deeply, the rotating corner brush gets bound up when going over deep carpet, and it takes so much power that we were only able to clean 1 12x12 room before having to go through a 12-hour charge cycle. Add to that the battery life problems we had (exchanged the first one after only 3 weeks because the battery died), and we really had no reason to keep it.