Even for intra-European flights, I've been asked to take off my shoes and belt (and my pocket watch) and waddle through the metal detector gate while I hold up my pants with my hands. It's embarrasing, and certainly seems ineffective.
With that clarified: I thought that some of the distributed social networking projects offered exactly that (superb privacy capabilities). Regardless, Google+ seems to be a step in the right direction. Maybe not what everyone wants or needs, but a decent start.
I couldn't agree more. But we're not the press, so we're not allowed to form independent opinion. Or at least, that's what I've been told...
Will anyone ever create a social network firmly rooted in personal privacy? Are the two mutually exclusive?
Yes, and no. But there are other forces at work. In fact, there are a number of such projects ongoing already, and have been for years (because they can't commit the resources for a Google-style development pace, but that's another matter).
The most important point is this: For Facebook, and just as well for Google, the users are not the customers. The users are the product. As long as this remains the case, you can pretty much forget everything about personal privacy -- they need access to your information in order to sell it. There. It really is that simple.
That is why it is possible for an underbrush of open source projects to build a true social network --one that respects the individual-- because for these projects, ideology trumps profit. No wait, don't go away! It's a cliché, I know, but in this case it's very very important, as I'm sure you can understand if you consider it for just a moment.
As a fellow non-USian, one would think they'd post that information somewhere up-front, that it's not very useful outside their borders. One is left to wonder if they are designing such "user experiences" on purpose, or if they really are that dumb. Not that I am a huge Amazon customer, but still, it's plainly bad business.
That's gotta be the longest/. post someone has ever written for me.
I'm pretty sure I really can't follow how the topology of t-shirts relates to phreaking smart cards. I mean, I understand what you say about "what is a hole", in a topological sense, and also the impressiveness about us still talking to good ole Voyager, but I think it's fundamentally different from wirelessly reading an unpowered chip that is not designed for contactless transaction. Do you have a reference for this? That would be interesting. Sure, it's possible to trick everything from parking meters to voting machines, and obviously RFID and other meant-for-wireless devices, but I would expect a smart card reader to require physical contact with the pads of the chip, or at least be powered up for the duration of the "steal" -- phreaking, as it were.
On the topic of "hey customer, use this *new* tech, it's so much *easier* for you"... not so very long ago, the official personal digital signature solution of my country changed from a straight up OCES certificate to something called, of all things, an "Easy ID" which is neither easy nor a proper signature ID, and it's surrounded by so many glaring security issues that it stopped being even remotely entertaining a looong time ago... and yet this thing is *mandatory*, nay, the *only option*, for dealing with taxes, banks, institutions, you name it. Yuck. So I know all about "it's easier for you".
As for the CVV code, I actually make a point of memorizing it and scraping it off the card, exactly so that the pimply service attendand can't duplicate my card with a mere pencil and snippet of gum wrapper -- I've actually had store personnel tell me they "require" this information. Hilarity ensued, but I ended up walking out of the store with my desired purchase.
Thank you for your well-written posts. I fully understand your motivation, and wish your solution (AmEx dumb-card) would be an option where I live. I just have one question: what do you do for online purchases? I'm guessing it's the usual card-number-and-expiration-date-and-three-digit-code thing, and if so, do you trust that?
Also, I'm curious about the "remote hole" and the "concept of surface area" topic, which I don't understand. How is the non-RFID chip of a standard "smart card" vulnerable? No really, I'm not playing dumb or trolling -- I'd like to learn.
I'm sorry, but this is one occasion I cannot pass up.
"The Neverhood", by Microsoft, is a hilarious and not too challenging point and click adventure which requires almost no language skills (save for a few very specific bits of knowledge, such as the meaning of "bobby"). It may me a bit hard to come by, though.:-(
I loved how the Mac OS for years and years just consisted of two files, System and Finder (while Windows needed a few hundred files on a handful of floppies).
I still keep my original floppies for Apple ANSI Pascal v1.0, Microsoft Excel v1.0, and even a beta of MS Flight Simulator and a few other things. I don't think any of the floppies are readable any longer, though, and the Pascal floppy is mounted in a display frame next to my home workstation (being that I'm a professional software developer now and that's THE floppy that got me started).
Hmm, interesting. I was just about to say "BS" because the 128K (my first Mac, too) had a floppy drive... but it's true that we also had some instructional audio tapes. My, those were horrible, though.:-)
There are so many types of Android devices out there, developers have to factor in hardware variance anyway -- and the OS helps with that. There's no reason the same could not be done for permissions. In most cases, it wouldn't be anything a try/catch couldn't handle.
Of course, this would not mean that end users would have a new Big Stick to wave around, developers could easily pick up one of their own -- developers are free to respond to a denied permission by saying "sorry, no ads for me, no game for you". This would be a nice way to balance things out so that nobody gets screwed unless they too screwed around.
I can't believe there are people on Slashdot arguing in favor of crippled, DRM'd, locked-down systems.
I'm not, I'm just trying to see things their way. I haven't used a Mac since they started using colour. I fully agree that DRM is a Bad Thing, but DRM and lock-down are two different things -- all I'm trying to say here is, not all of us (viz., most of our parents) are cut out to bash on a command line, they just want things to Work, Dammit(tm). That's the kind of folks who let the technicians take care of oil changes, defragmentation, and what-have-you. Offering an OS upgrade as basically a one-click deal, well, that's one less phone call to the son-in-law who'd rather be out with his buddies.
Keep in mind, Apple has been all about vendor-lock-in almost from day one (that is to say, at least from the Lisa days), so this isn't exactly a horrible new thing... it's a horrible old thing.
My sentiments as well, it's a good thing if it allows non-tinkerers to safely not tinker, so to speak.
It's really not that much different from the "Women's Volvo" idea that Volvo toyed around with at one time, where you'd only fill up fuel and wind screen wiper fluid and actually couldn't open the bonnet even if you wanted to. But why would you want to, if you're just using it to get from A to B? If you're a tinkerer, get a more tinker-friendly car.
On the Apple side, the theory seems to be that you can't have their sw without their hw.
On the MS side, that would mean you can't have their sw without... what, exactly? It's nigh-on impossible to shut down the "IBM PC clone" platform, for which many of us would choose a *nix over Windows, anyhow. So we're looking at something akin to the lock-down that's going on on the Playstation platform (which seems to be somewhat ineffective, but shhh).
It's been a long time since that was my first raction to a Microsoft product, but this thing looks neat in every sense of the word -- a fine UI to throw some code together on a small display; and it reminds me of ChipWits, Lego Mindstorm and other such easily graspable perspectives on what is undeniably a very complicated topic.
The thing is, of course, how much integration this app has with the rest of the system. It can evidently hook into the file system, and I wonder if it can know, ask, or be told what other applications are installed and what they're up to (that is more or less what the HackMaster app did on PalmOS, which was exceedingly powerful yet relatively simple given that it was an event-driven (as opposed to multitasking) OS).
I say godspeed to this project, and I hope they'll allow others to follow in their footsteps.
Set it to brown noise and turn on oscillation, and you'll be golden. Use with good head phones. Or at least, works wonders for me when there are roadworks outside or coworkers jabbering on telephone conferences.
The key (no pun intended) is to make sure your public key is distributed as widely as possible in an authoritative way, hence key-signing parties. But in practice, how many key-signing parties have you ever been to, or even heard of? That's why, if I could give people my public key along with my email address, they'd immediately have the means to reach me "on a secure channel". Also, if you do need to share a crypto key, it had better be in a way that diminishes the risk of corruption (for manual entry, most commonly in the form of typos).
Anyway, the point is moot. My public key is published on my personal web site, and used by... nobody. What is really needed is some of the Big Movers such as GMail to properly support proper encryption (S/MIME and/or GPG) -- it's such a shame that, for instance, the FireGPG and GMail S/MIME plug-ins are discontinued instead of assimilated.
Why don't the smartphone manufacturers build this into every phone...?
Because smartphones are not pda's.
I *could* have imagined this making a comeback with the introduction of NFC features in phones, but then why doesn't this exist for Bluetooth? Sadly, today's phone manufacturers cater to the young must-have-a-new-phone-at-least-twice-a-year crowd who want 3D graphics and MyFaceckr integration and are perfectly happy with a mediocre *phone book* rather than a proper *address book*.
I have used *up* several Palm Pilots, and my brother has equally used *up* several Psion Series 5's, but we have had to move on and get smartphones (Android for me, iPhone for him), but we both secretly miss our beloved pda's incredibly much.
Slashdot Mirror
That is in all honesty a very good name for a shoulder-mounted gadget such as this. :-)
What a brain fart. Thank you.
Pi is exactly 1, if your numbering system uses base pi.
Even for intra-European flights, I've been asked to take off my shoes and belt (and my pocket watch) and waddle through the metal detector gate while I hold up my pants with my hands. It's embarrasing, and certainly seems ineffective.
Ah, but there's your problem: step #3.
You cannot expect private interests to be respected in a commercial undertaking.
With that clarified: I thought that some of the distributed social networking projects offered exactly that (superb privacy capabilities). Regardless, Google+ seems to be a step in the right direction. Maybe not what everyone wants or needs, but a decent start.
I couldn't agree more. But we're not the press, so we're not allowed to form independent opinion. Or at least, that's what I've been told ...
Will anyone ever create a social network firmly rooted in personal privacy? Are the two mutually exclusive?
Yes, and no. But there are other forces at work. In fact, there are a number of such projects ongoing already, and have been for years (because they can't commit the resources for a Google-style development pace, but that's another matter).
The most important point is this:
For Facebook, and just as well for Google, the users are not the customers. The users are the product.
As long as this remains the case, you can pretty much forget everything about personal privacy -- they need access to your information in order to sell it. There. It really is that simple.
That is why it is possible for an underbrush of open source projects to build a true social network --one that respects the individual-- because for these projects, ideology trumps profit. No wait, don't go away! It's a cliché, I know, but in this case it's very very important, as I'm sure you can understand if you consider it for just a moment.
lead paint eating retards [...] using it makes you seem like a twat.
As does this, you.
Have a fine day.
This.
As a fellow non-USian, one would think they'd post that information somewhere up-front, that it's not very useful outside their borders. One is left to wonder if they are designing such "user experiences" on purpose, or if they really are that dumb. Not that I am a huge Amazon customer, but still, it's plainly bad business.
In practice, what part of that sentence is true today?
How about this?
The right of the people ... shall ... be seized.
I kid, I kid. I'm far away and not really knowledgeable about these things.
That's gotta be the longest /. post someone has ever written for me.
I'm pretty sure I really can't follow how the topology of t-shirts relates to phreaking smart cards. I mean, I understand what you say about "what is a hole", in a topological sense, and also the impressiveness about us still talking to good ole Voyager, but I think it's fundamentally different from wirelessly reading an unpowered chip that is not designed for contactless transaction. Do you have a reference for this? That would be interesting. Sure, it's possible to trick everything from parking meters to voting machines, and obviously RFID and other meant-for-wireless devices, but I would expect a smart card reader to require physical contact with the pads of the chip, or at least be powered up for the duration of the "steal" -- phreaking, as it were.
On the topic of "hey customer, use this *new* tech, it's so much *easier* for you" ... not so very long ago, the official personal digital signature solution of my country changed from a straight up OCES certificate to something called, of all things, an "Easy ID" which is neither easy nor a proper signature ID, and it's surrounded by so many glaring security issues that it stopped being even remotely entertaining a looong time ago ... and yet this thing is *mandatory*, nay, the *only option*, for dealing with taxes, banks, institutions, you name it. Yuck. So I know all about "it's easier for you".
As for the CVV code, I actually make a point of memorizing it and scraping it off the card, exactly so that the pimply service attendand can't duplicate my card with a mere pencil and snippet of gum wrapper -- I've actually had store personnel tell me they "require" this information. Hilarity ensued, but I ended up walking out of the store with my desired purchase.
Thank you for your well-written posts.
I fully understand your motivation, and wish your solution (AmEx dumb-card) would be an option where I live. I just have one question: what do you do for online purchases? I'm guessing it's the usual card-number-and-expiration-date-and-three-digit-code thing, and if so, do you trust that?
Also, I'm curious about the "remote hole" and the "concept of surface area" topic, which I don't understand. How is the non-RFID chip of a standard "smart card" vulnerable? No really, I'm not playing dumb or trolling -- I'd like to learn.
I'm sorry, but this is one occasion I cannot pass up.
"The Neverhood", by Microsoft, is a hilarious and not too challenging point and click adventure which requires almost no language skills (save for a few very specific bits of knowledge, such as the meaning of "bobby"). It may me a bit hard to come by, though. :-(
I loved how the Mac OS for years and years just consisted of two files, System and Finder (while Windows needed a few hundred files on a handful of floppies).
I still keep my original floppies for Apple ANSI Pascal v1.0, Microsoft Excel v1.0, and even a beta of MS Flight Simulator and a few other things. I don't think any of the floppies are readable any longer, though, and the Pascal floppy is mounted in a display frame next to my home workstation (being that I'm a professional software developer now and that's THE floppy that got me started).
And I'll never forget the G 49D81A interrupt on the Mac SE, with those scanned-in(!) photos of the developers. So neat!
Hmm, interesting. I was just about to say "BS" because the 128K (my first Mac, too) had a floppy drive ... but it's true that we also had some instructional audio tapes. My, those were horrible, though. :-)
There are so many types of Android devices out there, developers have to factor in hardware variance anyway -- and the OS helps with that. There's no reason the same could not be done for permissions. In most cases, it wouldn't be anything a try/catch couldn't handle.
Of course, this would not mean that end users would have a new Big Stick to wave around, developers could easily pick up one of their own -- developers are free to respond to a denied permission by saying "sorry, no ads for me, no game for you". This would be a nice way to balance things out so that nobody gets screwed unless they too screwed around.
I can't believe there are people on Slashdot arguing in favor of crippled, DRM'd, locked-down systems.
I'm not, I'm just trying to see things their way. I haven't used a Mac since they started using colour. I fully agree that DRM is a Bad Thing, but DRM and lock-down are two different things -- all I'm trying to say here is, not all of us (viz., most of our parents) are cut out to bash on a command line, they just want things to Work, Dammit(tm). That's the kind of folks who let the technicians take care of oil changes, defragmentation, and what-have-you. Offering an OS upgrade as basically a one-click deal, well, that's one less phone call to the son-in-law who'd rather be out with his buddies.
Keep in mind, Apple has been all about vendor-lock-in almost from day one (that is to say, at least from the Lisa days), so this isn't exactly a horrible new thing ... it's a horrible old thing.
My sentiments as well, it's a good thing if it allows non-tinkerers to safely not tinker, so to speak.
It's really not that much different from the "Women's Volvo" idea that Volvo toyed around with at one time, where you'd only fill up fuel and wind screen wiper fluid and actually couldn't open the bonnet even if you wanted to. But why would you want to, if you're just using it to get from A to B? If you're a tinkerer, get a more tinker-friendly car.
...which would hurt much less!
On the Apple side, the theory seems to be that you can't have their sw without their hw.
On the MS side, that would mean you can't have their sw without ... what, exactly? It's nigh-on impossible to shut down the "IBM PC clone" platform, for which many of us would choose a *nix over Windows, anyhow. So we're looking at something akin to the lock-down that's going on on the Playstation platform (which seems to be somewhat ineffective, but shhh).
It's been a long time since that was my first raction to a Microsoft product, but this thing looks neat in every sense of the word -- a fine UI to throw some code together on a small display; and it reminds me of ChipWits, Lego Mindstorm and other such easily graspable perspectives on what is undeniably a very complicated topic.
The thing is, of course, how much integration this app has with the rest of the system. It can evidently hook into the file system, and I wonder if it can know, ask, or be told what other applications are installed and what they're up to (that is more or less what the HackMaster app did on PalmOS, which was exceedingly powerful yet relatively simple given that it was an event-driven (as opposed to multitasking) OS).
I say godspeed to this project, and I hope they'll allow others to follow in their footsteps.
...so you say. ;-p
http://www.simplynoise.com/
Set it to brown noise and turn on oscillation, and you'll be golden. Use with good head phones. Or at least, works wonders for me when there are roadworks outside or coworkers jabbering on telephone conferences.
Well, yes ... in theory.
The key (no pun intended) is to make sure your public key is distributed as widely as possible in an authoritative way, hence key-signing parties. But in practice, how many key-signing parties have you ever been to, or even heard of? That's why, if I could give people my public key along with my email address, they'd immediately have the means to reach me "on a secure channel". Also, if you do need to share a crypto key, it had better be in a way that diminishes the risk of corruption (for manual entry, most commonly in the form of typos).
Anyway, the point is moot. My public key is published on my personal web site, and used by ... nobody. What is really needed is some of the Big Movers such as GMail to properly support proper encryption (S/MIME and/or GPG) -- it's such a shame that, for instance, the FireGPG and GMail S/MIME plug-ins are discontinued instead of assimilated.
Why don't the smartphone manufacturers build this into every phone...?
Because smartphones are not pda's.
I *could* have imagined this making a comeback with the introduction of NFC features in phones, but then why doesn't this exist for Bluetooth? Sadly, today's phone manufacturers cater to the young must-have-a-new-phone-at-least-twice-a-year crowd who want 3D graphics and MyFaceckr integration and are perfectly happy with a mediocre *phone book* rather than a proper *address book*.
I have used *up* several Palm Pilots, and my brother has equally used *up* several Psion Series 5's, but we have had to move on and get smartphones (Android for me, iPhone for him), but we both secretly miss our beloved pda's incredibly much.