This is so clearly not true. It is to do with the programmers, but it's also to do with the tools. You *can* create object oriented style code in assembler, but it's so much easier if the compiler does this for you. It allows the programmer to exist at a higher level of abstraction with the messy details taken care of, and safe structures provided to use.
No. This is not true. With a PKI, at some point you have to trust someone. This can be a list of the public keys of a very small set of "root" certificate authorities, which can be stored locally, meaning no central communication required.
The private key is not required locally and is not embedded in the certificate. The private key is used to sign a certificate, and it never leaves the possession of the entity it belongs to. A public key lets you validate that the signature is correct (only the person with the matching private key could have produced it).
Public key cryptography changes the problem of having to previously share a secret with everyone you want to communicate with (symmetric crypto) to one of trusting that the public key of an entity you are dealing with is correct. This can be postponed indefinitely, with chains of certificates and signatures vouching for each other, but at some point you have to trust that a public key you use to validate the signature on a certificate is correct.
The advantage biometric data has is it is the only thing that is (hopefully) uniquely bound to the individual to whom you want to control access to something. This has the advantage that the individual can't (accidentally or otherwise) pass their access key, or password to someone else, and neither can it be stolen - as long as liveness is part of the measurement. Of course, then we have coercion... nothing is perfect.
It is often combined with other forms of authentication material (something you know, something you have).
I don't think you understand public key infrastructures. Certificates are a way of distributing signatures in a way that they can be verified locally without requiring communication. Each certificate gets signed by someone else, in a chain of trust.
Of course, if a hierarchical PKI is used, you will need to already trust the root certificate signers. If a web of trust is used (like PGP), you must make your own decision.
Check out Polaris. It's a way of giving each process on XP it's own ACL. Have a look at the rest of erights too if you want to get an idea of what people who put security *first* are thinking.
Funnily enough, if you start from a good place, security often follows on naturally without getting in the way, unlike most mainstream operating systems.
Also have a look at EROS - a pure capability operating system which allows such fine grained access control that the closest you can get to the Priniciple of Least Privilege with the most locked down system in windows is a joke when compared to it.
There I go shooting my mouth off again. I didn't catch your point about "unless the keys are available". I fully agree that this use of the TCP is firmly in the bad camp. Would a clause like this prohibit open source hackers from trying to run their code on such a device?
Oh great, so now we don't get to have a Trusted Computing Base that's will be as secure as Vista or its successor? The Trusted Computing Platform has good uses and bad. A good use is protecting the operating system *you* installed from modification by malware - a chain of trust extending up from the hardware - as long as you are in ultimate control of the TCP, of course.
I'm not too clear about the anti-DCMA provisions in GPL3, but frankly it worries me that this global license is being worded to get around bits of unbalanced U.S. legislation.
GPL needs to protect the freedom of the source code and derived code to be seen and modified by others, when software based on it is distributed, for a global audience. No more and no less than that - certainly not to tie too closely with any one country's current legal system, or to impose ideological restrictions on the nature of the code that can or can't be written using it.
I've worked in places with coding standards and without. Believe it or not, the places that had coding standards were much more fun places to be. But they were appropriate standards, not standards-for-the-sake-of-having-a-standard standards.
I can believe that standards which are imposed without any rhyme or reason, or that are just there because management think they are a good thing, won't work. But not having standards at all is not the solution to having bad standards. And standards are not the solution to having bad programmers either. Standardising common things can be useful if applied sensibly.
A simple example: in one place I worked, anyone who had to fix a problem quickly, for whatever reason, put a KLUDGE comment in the code, with a short explanation if necessary. This was an invaluable standard and required no enforcement. It was too useful for all of us later on to be able to see why this bit of code wasn't quite right and why.
This may or may not be useful to you, but here's a list of current research projects my college (in the UK) is undertaking at the moment. It might give some idea of what's considered interesting areas in crypto:
Personally, I think protocol analysis is pretty interesting, as the world gets increasingly networked up. Or investigate the practical effects of the recent breaks in hashing algorithms on other products that use the hashes (like digital signatures).
On the accidential web browsing front, that one gets on my nerves too. Simple solution: set up some new dummy user accounts on the phone and set them to be the default connection. Now when you bang the button, it can't connect, and you don't get billed.
I sympathise on the hard-to-use interfaces and unnecessary feature-bloat. I believe some manufacturers are actually going to produce simple phones in the near future, as they've realised there is a market for them.
For myself, I'm finding that the features on my phone are now at the genuinely useful stage. I can actually use the camera to take decent snapshots (2 megapixel, light, usable night mode). It has a 1Gb memory stick in it, which I load with MP3s over USB (bluetooth is a little slow). This happens automatically when I plug it in. It also syncs the address book. It has an FM radio, which I listen to walking to work. And the battery lasts a few days between charges.
I can totally understand others wanting more direct simplicity in each of their gadgets. Bring it on! For me, I'll only carry a single thing around with me, so having it all-in-one is what I want.
From what I heard, Microsoft paid low but gave out stock options. Since they were growing and growing and growing, unreasonably, but steadily, this was a great deal for new employees. Now they aren't growing, so the option thing isn't working anymore. I don't know what their current pay levels are like.
Yes, I like making people who are potentially going to offer me a great job feel really uncomfortable too. It's really funny to see them squirm. Briefly.
Having said that, I did once ask a similar question, but the *other way around*. I asked what they really *enjoyed* about their jobs. For a brief moment, I could see the little cogs whirring, them thinking "Oh my god, I can't mention last weekend when I had to code all bloody night to hit the deadline!". Then they realised that there were some pretty good things about the company, and they felt good telling me about it.
In fact, they opened up considerably once they got over the initial shock of the question. They even told me about some of the less ideal stuff, which I was quite happy to accept - all jobs have aspects that you don't like.
They offered me the job, I took it, and it was one of the best jobs I've ever had.
Very true. I have done this in my last position, and they rewrote my contract to this effect. I think they were surprised that anyone actually bothered to read the contract.
The funny thing was that I later granted them a license to use some of the software I did in my own time, in their own product. This was by way of a thankyou, as they had been really very helpful and flexible employers to me.
When the company finally fell victim to the fallout of the dot-com bust, the corporate sharks (lawyers), first tried to get me to sign away the rights to all my work. I refused. Then they tried to get me to sign papers accepting all liability for any damages that arose out of them using my software.
I refused, and pointed out that they were free to remove my software from their product. Then they waved a standard contract in my face and told me they owned it all already. I waved my contract back at them. A very nice feeling indeed:)
You may have nothing to hide but you may have something to worry about! I sure don't trust the government and civil service to build huge IT infrastructures that will actually work efficiently. And I'm not particularly comfortable with them building systems to monitor our movements, identity, financial transactions, major purchases, and then run data mining software to identify suspects, e.g. potential criminals. It's starting to feel a bit like Minority Report over here.
Of course, our great defence is that our government and civil service is so IT incompetant that they probably won't be able to make it work at all. But they will spend a lot of our money on trying to do it...
Re:The real 90s versus outdated 00s software
on
Java Is So 90s
·
· Score: 1
I suspect what is meant is that in the future there will be a vast number of legacy systems written in Java quietly working away mostly, and people won't realise that Java is still powering a lot of our infrastructure. We'll all have moved our gnat like attention on to Blog#Aspect.NET or whatever the current fad is. Similar to the situation with COBOL today.
I'm sorry, you're not representing the facts truthfully. I'm not an expert on biometrics, but I am studying for an MSc in Information Security, so I know a little on the subject.
To be honest, I don't think you even tried the search you suggested. I tried searching for "eye damage" and "retinal scanner" as you suggested, and found no good references at all. No medical discussions on eye damage in retinal scanners. No biometric industry discussions. Nothing.
I found a few sites discussing the popular misconception that retinal scanners damage the eye. It is acknowledged in the biometric industry that people get nervous with things involving eyes and other sensitive parts of the body.
These days, they work by shining a low power infrared beam into the eye. They are typically used in high security access control applications (they are very accurate), but they require considerable training to be able to use well. You have to keep your head quite still and be able to look into the machine with your eyes open.
Maybe things were as you say they were 10 years ago, but if you're going to make pronouncements about a technology on Slashdot, don't you think you might make the effort to get a little more up to date? I suggest you search for "retina scanner" and read up on it a bit.
Ummm... it may be relatively expensive, as all retinal id algorithms are patented, and requires reasonably high grade and unusual equipment to capture the biometrics.
I don't think you are correct to say it's sometimes damaging to the eye. I believe it uses low power infrared beams - no more damaging to your eye than regular opticians equipment. I suppose you could always slip while using it and bash your eye on a metal corner or something...
Do you have any evidence of eye damage from retinal id biometrics or are you just making some noise?
In security, the phrase "something you are" normally refers to an innate, unique characteristic (like a fingerprint) rather than a socially acquired and non-unique one (like being a Doctor).
No kidding. I almost removed Quicktime from my system after it hijacked how media played in Firefox. I spent ages going through the mozilla plug ins disabling all quicktime ones until I found out I needed to change how my browser displayed media files in the Quicktime config itself. Even after I disabled that, I still almost uninstalled it anyway, being quite shocked by the arrogance and rudeness it showed.
I hate media players in general... rude, ugly applications, the lot of them. Non-standard in behaviour, arrogant, spyware infested, oh, I could go on. I'm sick of being caught in the middle of the media player wars.
All I want is a media player to play media. That's it. I don't want a skin that makes it look like a Star Trek tricorder. I don't want the DRM. I don't want to organise my media the way it thinks I should. I don't want it to change the behaviour of my browser. Just play the goddamn media and get out of my face!
I shall consider myself lightened-up:) But seriously, it's not obvious to me that it would be useful for calculating results in quantum physics, just because it is based on that theory. Sounds likely, but IANAQP. "Obvious" and "quantum physics" aren't words I normally encounter close to one another;)
Slashdot Mirror
This is so clearly not true. It is to do with the programmers, but it's also to do with the tools. You *can* create object oriented style code in assembler, but it's so much easier if the compiler does this for you. It allows the programmer to exist at a higher level of abstraction with the messy details taken care of, and safe structures provided to use.
No. This is not true. With a PKI, at some point you have to trust someone. This can be a list of the public keys of a very small set of "root" certificate authorities, which can be stored locally, meaning no central communication required.
The private key is not required locally and is not embedded in the certificate. The private key is used to sign a certificate, and it never leaves the possession of the entity it belongs to. A public key lets you validate that the signature is correct (only the person with the matching private key could have produced it).
Public key cryptography changes the problem of having to previously share a secret with everyone you want to communicate with (symmetric crypto) to one of trusting that the public key of an entity you are dealing with is correct. This can be postponed indefinitely, with chains of certificates and signatures vouching for each other, but at some point you have to trust that a public key you use to validate the signature on a certificate is correct.
Read up on it, it's really fascinating.
The advantage biometric data has is it is the only thing that is (hopefully) uniquely bound to the individual to whom you want to control access to something. This has the advantage that the individual can't (accidentally or otherwise) pass their access key, or password to someone else, and neither can it be stolen - as long as liveness is part of the measurement. Of course, then we have coercion... nothing is perfect.
It is often combined with other forms of authentication material (something you know, something you have).
I don't think you understand public key infrastructures. Certificates are a way of distributing signatures in a way that they can be verified locally without requiring communication. Each certificate gets signed by someone else, in a chain of trust.
Of course, if a hierarchical PKI is used, you will need to already trust the root certificate signers. If a web of trust is used (like PGP), you must make your own decision.
Check out Polaris. It's a way of giving each process on XP it's own ACL. Have a look at the rest of erights too if you want to get an idea of what people who put security *first* are thinking.
http://www.erights.org/new.html
Funnily enough, if you start from a good place, security often follows on naturally without getting in the way, unlike most mainstream operating systems.
Also have a look at EROS - a pure capability operating system which allows such fine grained access control that the closest you can get to the Priniciple of Least Privilege with the most locked down system in windows is a joke when compared to it.
http://www.eros-os.org/
There I go shooting my mouth off again. I didn't catch your point about "unless the keys are available". I fully agree that this use of the TCP is firmly in the bad camp. Would a clause like this prohibit open source hackers from trying to run their code on such a device?
Oh great, so now we don't get to have a Trusted Computing Base that's will be as secure as Vista or its successor? The Trusted Computing Platform has good uses and bad. A good use is protecting the operating system *you* installed from modification by malware - a chain of trust extending up from the hardware - as long as you are in ultimate control of the TCP, of course.
I'm not too clear about the anti-DCMA provisions in GPL3, but frankly it worries me that this global license is being worded to get around bits of unbalanced U.S. legislation.
GPL needs to protect the freedom of the source code and derived code to be seen and modified by others, when software based on it is distributed, for a global audience. No more and no less than that - certainly not to tie too closely with any one country's current legal system, or to impose ideological restrictions on the nature of the code that can or can't be written using it.
Superb. Best comment I've read for a long time.
I've worked in places with coding standards and without. Believe it or not, the places that had coding standards were much more fun places to be. But they were appropriate standards, not standards-for-the-sake-of-having-a-standard standards.
I can believe that standards which are imposed without any rhyme or reason, or that are just there because management think they are a good thing, won't work. But not having standards at all is not the solution to having bad standards. And standards are not the solution to having bad programmers either. Standardising common things can be useful if applied sensibly.
A simple example: in one place I worked, anyone who had to fix a problem quickly, for whatever reason, put a KLUDGE comment in the code, with a short explanation if necessary. This was an invaluable standard and required no enforcement. It was too useful for all of us later on to be able to see why this bit of code wasn't quite right and why.
http://www.satirewire.com/news/aug02/encryption.sh tml
Nuff said.
This may or may not be useful to you, but here's a list of current research projects my college (in the UK) is undertaking at the moment. It might give some idea of what's considered interesting areas in crypto:
# current
http://www.isg.rhul.ac.uk/research/projects.shtml
Personally, I think protocol analysis is pretty interesting, as the world gets increasingly networked up. Or investigate the practical effects of the recent breaks in hashing algorithms on other products that use the hashes (like digital signatures).
On the accidential web browsing front, that one gets on my nerves too. Simple solution: set up some new dummy user accounts on the phone and set them to be the default connection. Now when you bang the button, it can't connect, and you don't get billed.
I sympathise on the hard-to-use interfaces and unnecessary feature-bloat. I believe some manufacturers are actually going to produce simple phones in the near future, as they've realised there is a market for them.
For myself, I'm finding that the features on my phone are now at the genuinely useful stage. I can actually use the camera to take decent snapshots (2 megapixel, light, usable night mode). It has a 1Gb memory stick in it, which I load with MP3s over USB (bluetooth is a little slow). This happens automatically when I plug it in. It also syncs the address book. It has an FM radio, which I listen to walking to work. And the battery lasts a few days between charges.
I can totally understand others wanting more direct simplicity in each of their gadgets. Bring it on! For me, I'll only carry a single thing around with me, so having it all-in-one is what I want.
From what I heard, Microsoft paid low but gave out stock options. Since they were growing and growing and growing, unreasonably, but steadily, this was a great deal for new employees. Now they aren't growing, so the option thing isn't working anymore. I don't know what their current pay levels are like.
Yes, I like making people who are potentially going to offer me a great job feel really uncomfortable too. It's really funny to see them squirm. Briefly.
Having said that, I did once ask a similar question, but the *other way around*. I asked what they really *enjoyed* about their jobs. For a brief moment, I could see the little cogs whirring, them thinking "Oh my god, I can't mention last weekend when I had to code all bloody night to hit the deadline!". Then they realised that there were some pretty good things about the company, and they felt good telling me about it.
In fact, they opened up considerably once they got over the initial shock of the question. They even told me about some of the less ideal stuff, which I was quite happy to accept - all jobs have aspects that you don't like.
They offered me the job, I took it, and it was one of the best jobs I've ever had.
Very true. I have done this in my last position, and they rewrote my contract to this effect. I think they were surprised that anyone actually bothered to read the contract.
:)
The funny thing was that I later granted them a license to use some of the software I did in my own time, in their own product. This was by way of a thankyou, as they had been really very helpful and flexible employers to me.
When the company finally fell victim to the fallout of the dot-com bust, the corporate sharks (lawyers), first tried to get me to sign away the rights to all my work. I refused. Then they tried to get me to sign papers accepting all liability for any damages that arose out of them using my software.
I refused, and pointed out that they were free to remove my software from their product. Then they waved a standard contract in my face and told me they owned it all already. I waved my contract back at them. A very nice feeling indeed
You may have nothing to hide but you may have something to worry about! I sure don't trust the government and civil service to build huge IT infrastructures that will actually work efficiently. And I'm not particularly comfortable with them building systems to monitor our movements, identity, financial transactions, major purchases, and then run data mining software to identify suspects, e.g. potential criminals. It's starting to feel a bit like Minority Report over here.
Of course, our great defence is that our government and civil service is so IT incompetant that they probably won't be able to make it work at all. But they will spend a lot of our money on trying to do it...
I suspect what is meant is that in the future there will be a vast number of legacy systems written in Java quietly working away mostly, and people won't realise that Java is still powering a lot of our infrastructure. We'll all have moved our gnat like attention on to Blog#Aspect.NET or whatever the current fad is. Similar to the situation with COBOL today.
I'm sorry, you're not representing the facts truthfully. I'm not an expert on biometrics, but I am studying for an MSc in Information Security, so I know a little on the subject.
To be honest, I don't think you even tried the search you suggested. I tried searching for "eye damage" and "retinal scanner" as you suggested, and found no good references at all. No medical discussions on eye damage in retinal scanners. No biometric industry discussions. Nothing.
I found a few sites discussing the popular misconception that retinal scanners damage the eye. It is acknowledged in the biometric industry that people get nervous with things involving eyes and other sensitive parts of the body.
These days, they work by shining a low power infrared beam into the eye. They are typically used in high security access control applications (they are very accurate), but they require considerable training to be able to use well. You have to keep your head quite still and be able to look into the machine with your eyes open.
Maybe things were as you say they were 10 years ago, but if you're going to make pronouncements about a technology on Slashdot, don't you think you might make the effort to get a little more up to date? I suggest you search for "retina scanner" and read up on it a bit.
Ummm... it may be relatively expensive, as all retinal id algorithms are patented, and requires reasonably high grade and unusual equipment to capture the biometrics.
I don't think you are correct to say it's sometimes damaging to the eye. I believe it uses low power infrared beams - no more damaging to your eye than regular opticians equipment. I suppose you could always slip while using it and bash your eye on a metal corner or something...
Do you have any evidence of eye damage from retinal id biometrics or are you just making some noise?
In security, the phrase "something you are" normally refers to an innate, unique characteristic (like a fingerprint) rather than a socially acquired and non-unique one (like being a Doctor).
Are you talking about Antitrust?
http://www.imdb.com/title/tt0218817/
No kidding. I almost removed Quicktime from my system after it hijacked how media played in Firefox. I spent ages going through the mozilla plug ins disabling all quicktime ones until I found out I needed to change how my browser displayed media files in the Quicktime config itself. Even after I disabled that, I still almost uninstalled it anyway, being quite shocked by the arrogance and rudeness it showed.
I hate media players in general... rude, ugly applications, the lot of them. Non-standard in behaviour, arrogant, spyware infested, oh, I could go on. I'm sick of being caught in the middle of the media player wars.
All I want is a media player to play media. That's it. I don't want a skin that makes it look like a Star Trek tricorder. I don't want the DRM. I don't want to organise my media the way it thinks I should. I don't want it to change the behaviour of my browser. Just play the goddamn media and get out of my face!
Sorry. I feel better now.
Spot on!
But I think you missed point 5 for Bush:
(5) Profit!!!
I shall consider myself lightened-up :) But seriously, it's not obvious to me that it would be useful for calculating results in quantum physics, just because it is based on that theory. Sounds likely, but IANAQP. "Obvious" and "quantum physics" aren't words I normally encounter close to one another ;)