Speaking of doxpara.com, has anyone actually figured out how to use Mr. Kaminsky's stupid fucking tool? The extent of the instruction is "click here", which simply opens a new iframe to a URL that can't be found. I'm guessing that means my patching efforts worked, but I forgot to test BEFORE I patched, so I have no idea if that's the case. I did bother to actually to download sha1.js (the workhorse of the "Click Here" button), but then I figured, "I never RTFA, so why not just bitch about it on slashdot instead of figuring out what his code actually does.".
And as for Mr. Kaminsky, he's a total tool. The exploit and problem may be real, but he's irresponsibly milking it for all it's worth and then some by facilitating the spread of misinformation. NPR interviewed him and he totally agreed with their explanation of the ramifications of the exploit, which involved checking your bank balance. But your bank, which surely uses HTTPS, is the one place where a DNS hack WOULDN'T work because your browser would complain about the certificate*. Yet Mr. Kaminsky offered no corrections or caveats as the interviewer described the potential of not really being on your bank's web site.
* Yes yes, I know most users have been trained to ignore certificate errors thanks to the thousands of public and internal sites too cheap to buy a certificate signed by a trusted CA, but still, accessing your bank's web site is the worst possible example both because you would get a warning and because it's designed to generate unnecessary fear of the Internet. Fuck you. Mr. Kaminsky, you just lost all credibility in my book.
Well, if all the posts are filled with mindless, off-topic dribble about how, in Soviet Russia, we welcome the opportunity exploit Natalie Portman's hot grit-pouring overlords with our vulnerable DNS servers, then it's a safe bet your on slashdot.
It's Step 3 of the RIAA's plan.
Step 1: Fool consumers into giving up the ability to exercise their rights under copyright law via DRM.
Step 2: Scare those who won't cooperate by suing little girls and murdering kittens.
Step 3: ???
Step 4: Profit
We now know that step 3 is "Close down the business that runs the DRM key servers, forcing consumers to re-purchase all the music they thought they already owned. Wahahahaha." (Okay, I admit, the evil laugh at the end wasn't part of the official RIAA document.).
At first I was against the MPAA on this one, so thank you for reminding me of Mr. Cruise. Now I totally see it from their side and sympathize with their plight of trying to keep riffraff like him out. Did you see that guy on Ophra! If only she'd had the MPAA's lawyers, maybe she could have avoided that whole incident.
Who knows, he may be right, but I'm guessing cell phone related car accidents are a far greater risk than brain cancer. Of course, if you use your cell phone to text, you're at great risk of complete loss of language skills even WITHOUT the tumor, so don't go thinking your safe just 'cuz they don't cause cancer.
Ya, but I bet it'll be used mostly for pr0n. And I bet the bandwidth will suck too, so we'll just end up with a bunch of ASCII art pictures of naked aliens.
From TFA: "The paragraph is actually about clamping down on cheating. It says that an institution that offers an online program must prove that an enrolled student is the same person who does the work."
And how is a camera in my home proof? If I have access to the hardware, I can send any video footage I want. And as for proof, there's no proof that I do any assignment that takes place out of class at traditional universities either. It sound more like it will create a market for test taking centers that contract out to universities that offer distance learning. Fuck those who live out in the boonies.
That's ridiculous! Wiretaping should be strictly defined as actually physically connecting your equipment to a wire you don't own or lease. TCP/IP is strictly point-to-point. If they got your information via Tor, it's because you ran software that specifically sent information to their IP address (or some other IP the subsequently passed it to them). If you used Tor not knowing this, that's your own fault, not theirs. If you assumed the information was undecipherable but they found that it wasn't, that's also your fault, not theirs.
Some of you will argue "but what about cable modem?". I think it's the same issue. If you subscribe to cable modem instead of DSL and a neighbor on your hub reads your data (I've read this is possible, but I have DLS, so I haven't tried it), well, buyer beware. If you use an access point without encryption, that's also your own fault.
There was a time when we referred to the Internet as the "public network" and assumed that all traffic traveling over it was fair game and potentially accessible by anyone. Those who needed more security were responsible for encrypting their own traffic and had to either trust their encryption algorithms or find another way to communicate. It's this mentality that will keep the Internet secure. Assuming there's some sort of expectation of privacy and forking over large sums of cash to lawyers to fight about it later spells doom for privacy.
According to this article, Microsoft claims 400 Million Passport/Windows Live users worldwide. How is it that OpenID is becoming the defacto standard again?
Most products are less obviously useful than a perpetual motion machine, so consumers need to learn about them and figure out if and how the product's benefits outweigh its cost.
In that sense, advertising isn't quite the worthlessness you make it out to be. It's just communication, which is useful and which the internet a good start at an infrastructure for.
The problem is targeting advertising to the people for whom the cost of your product outweighs the benefits. The Internet takes communication from 1-way (broadcast/cable) to 2-way (TCP/IP), but still has some technical, artistic, and social challenges, specifically:
The last mile is still to slow to truly deliver the content we want. Though I think HD is a bit more than we need, I still prefer cable or even broadcast to tiny and low-res youtube-style videos.
Content creation and hosting is still prohibitively difficult. There's dozens of technologies for creating database-driven interactive websites (LAMP,.NET, J2EE, Rails, Flash,...). I think one will eventually emerge as a clear leader and become the defacto standard, and all content creators will know how to use it. But none of them make it easy to do anything you want yet. There's still quite a bit of technical knowledge necessary to use any of them (whew, I still got a job!). We also need to improve the mouse/keyboard/monitor physical UI and commoditize web app hosting (i.e. I create an app on my desktop via a GUI and with 1 click make it live at a hosting provider that has backup and bandwidth. And yes, I know Frontpage has had something like this for a long time, but good luck trying to develop a database-driven interactive web site with Frontpage.)
Part of the above item is that we're not sure what "anything you want" is yet. The artistic types are still figuring out how best to communicate via an interactive medium. Someone needs to do for interactive applications what Filippo Brunelleschi did for painting.
And, of course, targeted advertising and privacy are diametrically opposed. Sharing personal information has the potential for both benefits and drawbacks to consumers, so we need everything from a legal framework to a better understanding of how and who gets information by consumers.
I just thought of the perfect way to fix the patent system. If you sue over a patent and there are more than, say, 3 defendants, if the defendants can all demonstrate they came up with the technology independently of you and of each other, then your patent is invalidated. Clearly, if an idea is so simple that three different people or companies are able to implement it before you're able to file suit, it must be an obvious idea not worthy of patent protection.
What the heck kind of servers does he have? I can get a 3.0GHz quad-core, 8G of memory and 2T of storage in Kill-A-Watt) at full load (all 4 cores running at 100%) for about $2500. Wouldn't replacing his hardware with something energy efficient have been far more cost effective?
Listen to me everyone. It'll work!!! You see, oceans are the source of all life on the planet. If we dump enough of anything into them, it will kill all the life in the seas and eventually lead to the destruction of life world-wide, even the cockroaches. And since life is the primary source of CO2 in the atmosphere (even plants produce a net amount of CO2 at night when they're not photosynthesizing), this will decrease the level of CO2 in the atmosphere and prevent global warming.
Of course, it seems a lot simpler to just let Global Warming kill us all by itself, but that's beside the point. Lime in the oceans, if we can get enough of it, will surely work.
> but as the submitter chose to call himself Vote McCain in 2008!...
Yes, but he said "old Republicans can learn new tricks". That was just a cheap shot at a the questionably good Senator from Arizona. I say kudos to any candidate that realizes technology provides new opportunities to take politicians to task.
But in the end, I agree with you. McCain's on the wrong side of too many issues and Obama's flip-floping far worse than Kerry every did and ending on the wrong side of all the same issues as McCain (Healthcare [he seems to have dropped it], Amnesty for Telcos [he supported it]).
I'm not scared of the FBI having this technology. It's a good thing that will help catch criminals. What I'm worried about is prosecutors attempting to site a facial or iris recognition by a computer as evidence.
Good Scenario:
Suspect X is wanted and probably fleeing the country. The FBI gets data feeds from cameras at airports and train stations. The system recognizes Suspect X at DFW airport. The FBI calls security and they pick up suspect X.
Bad scenario:
Say the prosecutor needs to show that suspect X was at the crime scene at 8 AM. The system takes someone's photograph at the appropriate time and place and matches it to suspect X. But when the jury looks at the photograph, it's impossible for a human to tell if it's suspect X or not. But, since the computer says it is, the prosecution claims suspect X was at the crime scene at 8:00 AM.
What we need is/fewer/ TLD's, not more, you greedy ICANT bastards. I say we eliminate everything but.com,.gov, and.edu, and implement stricter controls to ensure only true government and education institutions can register in the later two. We could still allow the country-specific domain names for nations recognized by the UN, but here in the US, we should eliminate.us.
Existing registrations to other domains would be grandfathered in for 10 years before being phased out.
I think you're reading that wrong. Granted, in full/. for, I haven't RTFA, but from the summary, I understand that small businesses that have less than 200 transactions totaling less than $10,000 dollars will be excluded from the reporting requirement. But that $0.99 fun-size candy bar that you charged to your Wells Fargo VISA will be reported to the government, because both VISA and Wells Fargo have far more than 200 transactions and $10,000. So don't go thinking this doesn't effect you because your transactions are two few or two small. The provision simply protects small businesses (very small businesses) from burdensome reporting requirements, but all consumers are fair game.
Maybe you don't have this luxury, but I'd say quit if at all possible. If you have to do much convincing, he's probably not the type of person you really want to be working for long term anyway. You might want to go ahead and send the mass e-mail for him first though, (and go ahead and submit a copy to spamcop, et. al. yourself), as a little parting gift and free lesson in the value of a domain name and strictly followed anti-spam policy.
> A typical policy regards not allowing company data to leave the premises or that it must remain encrypted at all times.
This statement really goes to the heart of the matter. If it's encrypted at all times, no one can every even read that data. Obviously it MUST be decrypted at some point for use, but that doesn't stop many companies from having some vague and bonehead statement like "data must remain encrypted at all times." Are they just stupid? Maybe, but sometimes I bet such as a statement is intentional. If data gets stolen, the company's lawyers just pick whatever point the data was decrypted and site that as the employee's violation of the policy.
I'm all for fair use, but I think the judge went a bit too far. After all, the intended purpose of the disks seems pretty clear and promoting disincentives for record labels to distribute music for FREE to radio stations benefits no one except corrupt DJ. Fuck you, Tony.
> content providers could also use n-variant chips to sell metered access to software, music or movies because the chips can be programmed to switch from one variant to another at a particular time or after a file has been accessed a certain number of times.
By switching the chip's identity, wouldn't that disable not only the metered content I've consumed the appropriate amount of times but also all the other content that I may not have consumed yet? Or do I need a separate chip for each song I buy?
Obviously they're lying, since any 17-year-old nerd with a modem can hack into US government systems. Maybe "Global Thermonuclear War" just doesn't translate into mandarin.
But still, I believe the Chinese government isn't hacking into US computer systems. After all, what would they want with US intelligence when we can even get a simple thing like the presence of WMD's in Iraq right to avoid a 1/2 Trillion dollar (and climing) war! It's just not worth the effort.
Sounds like they just called and asked people of IM helps their productivity. This technique only shows that people/think/ IM helps their productivity. For all you IM'er out there, it doesn't. The only thing worse for productivity than IM is slashdot. So close your silly little window and finish one task before starting the next. If there's an emergency, well, the telephone's been around for close to a century now and verbal communication, the result of millions of years of evolution, is far more clear and concise than your silly little emoticons.
I don't disagree that faxed signatures, or pen-to-paper signatures of any sort for that matter, are next to useless and have been since the invention of the copy machine (possibly since writing became something that everyone learns to do). But what's the alternative? How does someone provide indisputable record that (s)he has had the chance to review and approve some bit of information?
I know everyone is thinking cryptographic signatures, but they're even worse. A cryptographic signature is only a secure as the private key and the algorithm. How do you educate the masses on how to properly protect their private key? How is it even possible to protect a private key if you have to sometimes connect the storage device to hardware that isn't yours. And yes, I know about RSA's tamper-proof devices that decrypt and sign data internally rather than making the private key available, but I've also seen demos of them being cracked (the crackers claimed 80% accuracy) when hooped up to the proper oscilloscopes. An as for the algorithms, how many of us even here on slashdot can say we truly understand them, even if we're confident that we could if we dedicated the time to studying them.
The point is that only a fool would claim that even cryptographic signatures are truly indisputable. But if we used a less disputable form of signature, the supposed signer would have a much weaker case when a signature is faked.
I recently had my credit card stolen. It cost me exactly $0. I simply told my bank which charges I didn't make, signed (paper on ink and faxed) a form stating that I didn't authorize the transactions and that I expected that if they found any signatures on receipts they would be faked. As a consumer, Visa and Mastercard's policies (and, by extension, my Bank's) give me zero liability, which is beyond even what the law requires. This makes credit cards not only the fastest and easiest form of payment, but the most secure to me as a consumer. If my bank wants to put a chip in my credit card that does cryptographic signatures to help minimize their losses, that's fine so long as they don't change their policy reguarding my liability. If I have to accept anything other than zero liability, I would immediatly cancle all of my credit cards and go to cash-only. That way, the most I can lose is what I have in my wallet, not the entire contents of my bank account and the instant line of credit that I never asked for.
I dread the day when people commonly use a form of authorization that the masses believe is indisputable. Security is attained through constant effort, not some "can't be cracked" system. And justice requires reason and careful examination of the facts, not blind faith in technology.
Slashdot Mirror
Speaking of doxpara.com, has anyone actually figured out how to use Mr. Kaminsky's stupid fucking tool? The extent of the instruction is "click here", which simply opens a new iframe to a URL that can't be found. I'm guessing that means my patching efforts worked, but I forgot to test BEFORE I patched, so I have no idea if that's the case. I did bother to actually to download sha1.js (the workhorse of the "Click Here" button), but then I figured, "I never RTFA, so why not just bitch about it on slashdot instead of figuring out what his code actually does.".
And as for Mr. Kaminsky, he's a total tool. The exploit and problem may be real, but he's irresponsibly milking it for all it's worth and then some by facilitating the spread of misinformation. NPR interviewed him and he totally agreed with their explanation of the ramifications of the exploit, which involved checking your bank balance. But your bank, which surely uses HTTPS, is the one place where a DNS hack WOULDN'T work because your browser would complain about the certificate*. Yet Mr. Kaminsky offered no corrections or caveats as the interviewer described the potential of not really being on your bank's web site.
* Yes yes, I know most users have been trained to ignore certificate errors thanks to the thousands of public and internal sites too cheap to buy a certificate signed by a trusted CA, but still, accessing your bank's web site is the worst possible example both because you would get a warning and because it's designed to generate unnecessary fear of the Internet. Fuck you. Mr. Kaminsky, you just lost all credibility in my book.
Well, if all the posts are filled with mindless, off-topic dribble about how, in Soviet Russia, we welcome the opportunity exploit Natalie Portman's hot grit-pouring overlords with our vulnerable DNS servers, then it's a safe bet your on slashdot.
It's Step 3 of the RIAA's plan. Step 1: Fool consumers into giving up the ability to exercise their rights under copyright law via DRM. Step 2: Scare those who won't cooperate by suing little girls and murdering kittens. Step 3: ??? Step 4: Profit We now know that step 3 is "Close down the business that runs the DRM key servers, forcing consumers to re-purchase all the music they thought they already owned. Wahahahaha." (Okay, I admit, the evil laugh at the end wasn't part of the official RIAA document.).
At first I was against the MPAA on this one, so thank you for reminding me of Mr. Cruise. Now I totally see it from their side and sympathize with their plight of trying to keep riffraff like him out. Did you see that guy on Ophra! If only she'd had the MPAA's lawyers, maybe she could have avoided that whole incident.
Who knows, he may be right, but I'm guessing cell phone related car accidents are a far greater risk than brain cancer. Of course, if you use your cell phone to text, you're at great risk of complete loss of language skills even WITHOUT the tumor, so don't go thinking your safe just 'cuz they don't cause cancer.
Ya, but I bet it'll be used mostly for pr0n. And I bet the bandwidth will suck too, so we'll just end up with a bunch of ASCII art pictures of naked aliens.
From TFA: "The paragraph is actually about clamping down on cheating. It says that an institution that offers an online program must prove that an enrolled student is the same person who does the work."
And how is a camera in my home proof? If I have access to the hardware, I can send any video footage I want. And as for proof, there's no proof that I do any assignment that takes place out of class at traditional universities either. It sound more like it will create a market for test taking centers that contract out to universities that offer distance learning. Fuck those who live out in the boonies.
That's ridiculous! Wiretaping should be strictly defined as actually physically connecting your equipment to a wire you don't own or lease. TCP/IP is strictly point-to-point. If they got your information via Tor, it's because you ran software that specifically sent information to their IP address (or some other IP the subsequently passed it to them). If you used Tor not knowing this, that's your own fault, not theirs. If you assumed the information was undecipherable but they found that it wasn't, that's also your fault, not theirs.
Some of you will argue "but what about cable modem?". I think it's the same issue. If you subscribe to cable modem instead of DSL and a neighbor on your hub reads your data (I've read this is possible, but I have DLS, so I haven't tried it), well, buyer beware. If you use an access point without encryption, that's also your own fault.
There was a time when we referred to the Internet as the "public network" and assumed that all traffic traveling over it was fair game and potentially accessible by anyone. Those who needed more security were responsible for encrypting their own traffic and had to either trust their encryption algorithms or find another way to communicate. It's this mentality that will keep the Internet secure. Assuming there's some sort of expectation of privacy and forking over large sums of cash to lawyers to fight about it later spells doom for privacy.
We've all met this admin before. He won't give you any rights that you may need to do your job because you could screw "his computers".
Yes, we have. I think his offical name is BOFH.
According to this article, Microsoft claims 400 Million Passport/Windows Live users worldwide. How is it that OpenID is becoming the defacto standard again?
Advertising is a ridiculous basis for an economy.
Most products are less obviously useful than a perpetual motion machine, so consumers need to learn about them and figure out if and how the product's benefits outweigh its cost.
In that sense, advertising isn't quite the worthlessness you make it out to be. It's just communication, which is useful and which the internet a good start at an infrastructure for.
The problem is targeting advertising to the people for whom the cost of your product outweighs the benefits. The Internet takes communication from 1-way (broadcast/cable) to 2-way (TCP/IP), but still has some technical, artistic, and social challenges, specifically:
I just thought of the perfect way to fix the patent system. If you sue over a patent and there are more than, say, 3 defendants, if the defendants can all demonstrate they came up with the technology independently of you and of each other, then your patent is invalidated. Clearly, if an idea is so simple that three different people or companies are able to implement it before you're able to file suit, it must be an obvious idea not worthy of patent protection.
What the heck kind of servers does he have? I can get a 3.0GHz quad-core, 8G of memory and 2T of storage in Kill-A-Watt) at full load (all 4 cores running at 100%) for about $2500. Wouldn't replacing his hardware with something energy efficient have been far more cost effective?
Listen to me everyone. It'll work!!! You see, oceans are the source of all life on the planet. If we dump enough of anything into them, it will kill all the life in the seas and eventually lead to the destruction of life world-wide, even the cockroaches. And since life is the primary source of CO2 in the atmosphere (even plants produce a net amount of CO2 at night when they're not photosynthesizing), this will decrease the level of CO2 in the atmosphere and prevent global warming. Of course, it seems a lot simpler to just let Global Warming kill us all by itself, but that's beside the point. Lime in the oceans, if we can get enough of it, will surely work.
> but as the submitter chose to call himself Vote McCain in 2008!... Yes, but he said "old Republicans can learn new tricks". That was just a cheap shot at a the questionably good Senator from Arizona. I say kudos to any candidate that realizes technology provides new opportunities to take politicians to task. But in the end, I agree with you. McCain's on the wrong side of too many issues and Obama's flip-floping far worse than Kerry every did and ending on the wrong side of all the same issues as McCain (Healthcare [he seems to have dropped it], Amnesty for Telcos [he supported it]).
I'm not scared of the FBI having this technology. It's a good thing that will help catch criminals. What I'm worried about is prosecutors attempting to site a facial or iris recognition by a computer as evidence. Good Scenario: Suspect X is wanted and probably fleeing the country. The FBI gets data feeds from cameras at airports and train stations. The system recognizes Suspect X at DFW airport. The FBI calls security and they pick up suspect X. Bad scenario: Say the prosecutor needs to show that suspect X was at the crime scene at 8 AM. The system takes someone's photograph at the appropriate time and place and matches it to suspect X. But when the jury looks at the photograph, it's impossible for a human to tell if it's suspect X or not. But, since the computer says it is, the prosecution claims suspect X was at the crime scene at 8:00 AM.
What we need is /fewer/ TLD's, not more, you greedy ICANT bastards. I say we eliminate everything but .com, .gov, and .edu, and implement stricter controls to ensure only true government and education institutions can register in the later two. We could still allow the country-specific domain names for nations recognized by the UN, but here in the US, we should eliminate .us.
Existing registrations to other domains would be grandfathered in for 10 years before being phased out.
I think you're reading that wrong. Granted, in full /. for, I haven't RTFA, but from the summary, I understand that small businesses that have less than 200 transactions totaling less than $10,000 dollars will be excluded from the reporting requirement. But that $0.99 fun-size candy bar that you charged to your Wells Fargo VISA will be reported to the government, because both VISA and Wells Fargo have far more than 200 transactions and $10,000. So don't go thinking this doesn't effect you because your transactions are two few or two small. The provision simply protects small businesses (very small businesses) from burdensome reporting requirements, but all consumers are fair game.
Maybe you don't have this luxury, but I'd say quit if at all possible. If you have to do much convincing, he's probably not the type of person you really want to be working for long term anyway. You might want to go ahead and send the mass e-mail for him first though, (and go ahead and submit a copy to spamcop, et. al. yourself), as a little parting gift and free lesson in the value of a domain name and strictly followed anti-spam policy.
> A typical policy regards not allowing company data to leave the premises or that it must remain encrypted at all times.
This statement really goes to the heart of the matter. If it's encrypted at all times, no one can every even read that data. Obviously it MUST be decrypted at some point for use, but that doesn't stop many companies from having some vague and bonehead statement like "data must remain encrypted at all times." Are they just stupid? Maybe, but sometimes I bet such as a statement is intentional. If data gets stolen, the company's lawyers just pick whatever point the data was decrypted and site that as the employee's violation of the policy.
I'm all for fair use, but I think the judge went a bit too far. After all, the intended purpose of the disks seems pretty clear and promoting disincentives for record labels to distribute music for FREE to radio stations benefits no one except corrupt DJ. Fuck you, Tony.
> content providers could also use n-variant chips to sell metered access to software, music or movies because the chips can be programmed to switch from one variant to another at a particular time or after a file has been accessed a certain number of times. By switching the chip's identity, wouldn't that disable not only the metered content I've consumed the appropriate amount of times but also all the other content that I may not have consumed yet? Or do I need a separate chip for each song I buy?
Obviously they're lying, since any 17-year-old nerd with a modem can hack into US government systems. Maybe "Global Thermonuclear War" just doesn't translate into mandarin.
But still, I believe the Chinese government isn't hacking into US computer systems. After all, what would they want with US intelligence when we can even get a simple thing like the presence of WMD's in Iraq right to avoid a 1/2 Trillion dollar (and climing) war! It's just not worth the effort.
Sounds like they just called and asked people of IM helps their productivity. This technique only shows that people /think/ IM helps their productivity. For all you IM'er out there, it doesn't. The only thing worse for productivity than IM is slashdot. So close your silly little window and finish one task before starting the next. If there's an emergency, well, the telephone's been around for close to a century now and verbal communication, the result of millions of years of evolution, is far more clear and concise than your silly little emoticons.
I don't disagree that faxed signatures, or pen-to-paper signatures of any sort for that matter, are next to useless and have been since the invention of the copy machine (possibly since writing became something that everyone learns to do). But what's the alternative? How does someone provide indisputable record that (s)he has had the chance to review and approve some bit of information?
I know everyone is thinking cryptographic signatures, but they're even worse. A cryptographic signature is only a secure as the private key and the algorithm. How do you educate the masses on how to properly protect their private key? How is it even possible to protect a private key if you have to sometimes connect the storage device to hardware that isn't yours. And yes, I know about RSA's tamper-proof devices that decrypt and sign data internally rather than making the private key available, but I've also seen demos of them being cracked (the crackers claimed 80% accuracy) when hooped up to the proper oscilloscopes. An as for the algorithms, how many of us even here on slashdot can say we truly understand them, even if we're confident that we could if we dedicated the time to studying them.
The point is that only a fool would claim that even cryptographic signatures are truly indisputable. But if we used a less disputable form of signature, the supposed signer would have a much weaker case when a signature is faked.
I recently had my credit card stolen. It cost me exactly $0. I simply told my bank which charges I didn't make, signed (paper on ink and faxed) a form stating that I didn't authorize the transactions and that I expected that if they found any signatures on receipts they would be faked. As a consumer, Visa and Mastercard's policies (and, by extension, my Bank's) give me zero liability, which is beyond even what the law requires. This makes credit cards not only the fastest and easiest form of payment, but the most secure to me as a consumer. If my bank wants to put a chip in my credit card that does cryptographic signatures to help minimize their losses, that's fine so long as they don't change their policy reguarding my liability. If I have to accept anything other than zero liability, I would immediatly cancle all of my credit cards and go to cash-only. That way, the most I can lose is what I have in my wallet, not the entire contents of my bank account and the instant line of credit that I never asked for.
I dread the day when people commonly use a form of authorization that the masses believe is indisputable. Security is attained through constant effort, not some "can't be cracked" system. And justice requires reason and careful examination of the facts, not blind faith in technology.