I would love to know the first cryptographically secure e-commerce transaction outside of a testbed environment. If something similar to the August 11, 1994 https: transaction occurred prior to that date, that would be worth contacting the author about. By similar, I mean a transaction in which the buyer used a cryptographically secure method to provide payment information directly to the seller, vs. using a non-secure method like email to provide payment information, using an intermediary like CompuServe or the Post Office ("cash on delivery") to manage the payment, or providing direct payment through some other means such as via telephone-voice-call/dialup-modem-direct-to-the-vendor/dedicated-data-line-direct-to-the-vendor/fax/mail/in-person/etc.
----- The article includes some important disclaimers not found in the summary:
* The 1971 ARPANET transaction "technically didn't count because money wasn't exchanged online: they only used the network to arrange a meeting place."
* The 1984 Videotext transation didn't count because the customer "paid for them in cash [at the time of delivery]. That's not exactly e-commerce."
Thanks to those who have already pointed out that you could buy things using Compu$erve (sorry, old habit$ die hard), Quantum Link, etc. and even via a telnet server before 1994.
Those mentioning buying things over BBSs (well, most BBSs anyways) and USENET are probably talking about using the network to arrange a purchase, not to actually conduct the purchase.
The only reasons NOT to have a user-accessible "factory reset" button is if the customer specifically doesn't want one (such as for anti-theft firmware where the customer does not want the thief disabling it without entering a code or possessing a hardware "key") or where there is a legal requirement to not allow the person in possession of the device to reset it (such as an ankle-monitor used by some people on parole, probation, or out on bond awaiting criminal trial).
Except for "so cheap they are disposable" devices and perhaps devices where there are national-security or very-strong-legal implications or where the end user specifically does not want one, there should always be a "reset switch" that is accessible to factory-authorized repair shops and, ideally, legal protection against price-gouging if an end user has to take the device into a factory-authorized shop to have it "reset" due to bricking.
Bad. 8 more years of time not working correctly. The fundamental issue is that the atoms in the atomic clocks just doesn't care what the Earth measures. If non-programmers want to know when the sun is overhead, they can go outside and look at it.
I was in a school once where a kid had special "zooming" glasses that greatly magnified a small portion of the field of vision.
Since they were probably classified as "medical devices" they probably weren't cheap, but today Google Glass or something similar probably could do the job.
I do not know how well these glasses worked when pointed at a modern computer screen (or, for that matter, a CRT).
An option like this should at least be considered. If it's not terribly expensive, it should be seriously considered.
Most medical devices should either be stand-alone or in a "closed network" such as a network that only includes patent-care devices in a single building and doctor-and nurse-accessible workstations around the building, but without any connection to any network or device that touches any outside network.
Exceptions like operating rooms used for tele-medicine/remote-operated-robo-surgery/etc. can be handled as special cases.
If you want to hack them, you'll need to use "out of band/side-channel" techniques like compromising the employees who have access to them or listening in on (and interpreting) the nearly-inevitable RF signals that the equipment puts on nearby wires or on the air, watching for vibrations on windows or pointing a camera to the room windows to see or "hear" the alarms or status lights as they go off, etc. Except for the "compromising the employees" bit or gaining physical access yourself, it's very hard to force a non-networked device to do your bidding except in a very rough way, such as by cutting of the power supply or triggering some condition that puts the device in a fail-safe mode.
... all homeopathy-related URLs would be added to a national "ISP blacklist" so they wouldn't be reachable by people in the UK without using a VPN or some such.
As much as is feasible, store files on the servers you have already.
I realize this may not be feasible if your "daytime bandwidth" or latency makes it impossible, but do it if you can.
I'll leave it up to others who know more than I do to answer your original question about open-source, centrally-managed, business-grade (read: vendor-supported and hack-resistant) solutions.
Oh, one more thing: this is a business. Unless you are going to dedicate a programming team to bug-fixing this and a security team to regularly audit it, spend the money on buying software from a reputable vendor who will stay on top of security bugs. Don't make the mistake of thinking "open source means fee as in beer" - if you do, you and your company will pay for it big time with the first preventable security breach.
Terrorists etc. who wanted to have been able to use one-time pads or personal couriers who memorized their messages since well before modern cryptography.
Sure, it was a bit more cumbersome and not always practical, and when implemented naively, it was vulnerable to rubber-hose cryptanalysis but then again, so is an encrypted smart-phone when you have access to someone who knows the password.
So, tell me again, if bad guys will continue to have these options, why is it a good idea to weaken all other forms of cryptography to the point where they are about as useful as SHA1 with a small key (if that)?
I'll add you should pay of your mortgage early, also.
You should either pay it off or pay into a reserve fund or other investment so you can pay off your mortgage on short notice if you want to.
The decision to actually pay off the mortgage or to build up a reserve fund will be based on several factors, including which gives you the best payoff (if your mortgage is net 3% after tax deductions and your investments are 4% net, then do not pay off the mortgage), your need for spare cash (having spare cash to spend on emergencies at the drop of a hat can be very valuable), and other factors.
Whether you contract or have a W2 job, learn to live on half of your net-pay-after-taxes. Yes, this means at least a decade or two of cheap housing, a cheap car, and hardly ever eating out or going to a movie.
You'll need the savings to get you through periods of unemployment, pay for education if you need to do some major re-training because your skills are too "niche" to get you past your current job, and pay for an involuntary early retirement or chronic under-employment if you are unfortunate enough to become unemployed after hitting 50.
At least do this until you've saved up enough that it's obvious you don't have to scrimp and save any more.
"Cram courses" that teach a programmer how to use a totally-new language, totally-new development environment, or even totally-new paradigm are probably useful and worth the time, but they may or may not be worth the money.
Ditto if the student is someone who has many years of experience thinking in logical terms that "map well" to the kinds of thinking that good programmers use every day. The 4 questions at the end of the article are a good ones anyone going this route should ask before they invest the time and money. Another good question is "is there a cheaper/faster/better way for me to learn what I want to learn besides going to a cram-course or coding academy?"
(warning - off-topic material head)
Then there are the "academies" that are designed to give you "more than passing familiarity" with programming but aren't designed to make you "job-ready." I'm thinking mainly summer camps for children and teenagers but also non-credit "life enrichment" courses for adults that teach basically the same skills you can learn in a "teach yourself FOO in N days" or "COMPLEX_TOPIC_FOO for dummies" books.
How many years before 64K displays become the norm?
These won't be your ordinary TV or PC displays though - there's not much point in cramming 64K into something that typically takes up 10%-30% (left to right) of an average viewer's field of vision. 16K, maybe, but 64K, not for your average viewer.
No, these will either be wall-sized displays that are intended for people to view "up close" at least some of the time, "virtual reality" displays that are intended to fill up almost all of the field of view, or "head-mount/eyeglass mount" displays like Google Glass that are intended to overlay rather than replace what our eyes area already seeing. For very large displays, such as continuous displays along the wall of a shopping center (think "OLED on a roll, cut to size"), we won't even be thinking in terms of "pixels per display" but rather "pixels per mm" and terms like "4K" as we use it today won't have any meaning.
What do the speed-comparisons look like if you compare urban areas (say, an urban/suburban area with over 50,000 people in it) in the US to urban areas in Europe?
What about rural areas to rural areas, counting only those areas within, say, 30 minutes of non-rush-hour drive-time of an urban area.
What about more distant rural areas?
--
Why "30 minutes of drive time"?
If there are roads that can get you to a city in 30 minutes or less, I would expect there is a not-horrendously-expensive way* to run fiber to your general vicinity and from there a path for decent wired, fixed-wireless, or mobile internet service. I won't assume the same if you are on the other side of difficult-to-cross terrain or if you are a long, long way away from a populated area.
*Assuming of course that regulatory burdens or private landowners who ether refuse access outright or who see the fiber-operator as their personal gold mine don't make running fiber too expensive to put in. I don't know how it is in Europe but in most of America if the local or state governments sign off on running fiber from "point A to point B through path C" the affected landowners will be paid for an easement (if one does not already exist) but they won't be able to say "no" nor will they be able to demand exorbitant payments for new easements.
Anything less would be tantamount to slavery and very likely to get tossed out of court.
OK, I exaggerate SLIGHTLY, but really, the payout better be at least the equivalent of minimum wage at 40 hours a week for 2 years or the company is going to lose the first lawsuit that has a good lawyer standing behind the plaintiff. Then again, that's "only" about $30K, or 3-6 month's wages for a lot of technical people, which isn't a lot.
Slashdot Mirror
I would love to know the first cryptographically secure e-commerce transaction outside of a testbed environment. If something similar to the August 11, 1994 https: transaction occurred prior to that date, that would be worth contacting the author about. By similar, I mean a transaction in which the buyer used a cryptographically secure method to provide payment information directly to the seller, vs. using a non-secure method like email to provide payment information, using an intermediary like CompuServe or the Post Office ("cash on delivery") to manage the payment, or providing direct payment through some other means such as via telephone-voice-call/dialup-modem-direct-to-the-vendor/dedicated-data-line-direct-to-the-vendor/fax/mail/in-person/etc.
-----
The article includes some important disclaimers not found in the summary:
* The 1971 ARPANET transaction "technically didn't count because money wasn't exchanged online: they only used the network to arrange a meeting place."
* The 1984 Videotext transation didn't count because the customer "paid for them in cash [at the time of delivery]. That's not exactly e-commerce."
Thanks to those who have already pointed out that you could buy things using Compu$erve (sorry, old habit$ die hard), Quantum Link, etc. and even via a telnet server before 1994.
Those mentioning buying things over BBSs (well, most BBSs anyways) and USENET are probably talking about using the network to arrange a purchase, not to actually conduct the purchase.
This. Especially for consumer devices.
The only reasons NOT to have a user-accessible "factory reset" button is if the customer specifically doesn't want one (such as for anti-theft firmware where the customer does not want the thief disabling it without entering a code or possessing a hardware "key") or where there is a legal requirement to not allow the person in possession of the device to reset it (such as an ankle-monitor used by some people on parole, probation, or out on bond awaiting criminal trial).
Except for "so cheap they are disposable" devices and perhaps devices where there are national-security or very-strong-legal implications or where the end user specifically does not want one, there should always be a "reset switch" that is accessible to factory-authorized repair shops and, ideally, legal protection against price-gouging if an end user has to take the device into a factory-authorized shop to have it "reset" due to bricking.
I thought the big selling point of Blackberry was security. This is anything but.
Oh well, it's not like they haven't caved to national governments before.
Bad. 8 more years of time not working correctly. The fundamental issue is that the atoms in the atomic clocks just doesn't care what the Earth measures. If non-programmers want to know when the sun is overhead, they can go outside and look at it.
There, fixed^H^H^H^H^Hbroke that for you. :)
I was in a school once where a kid had special "zooming" glasses that greatly magnified a small portion of the field of vision.
Since they were probably classified as "medical devices" they probably weren't cheap, but today Google Glass or something similar probably could do the job.
I do not know how well these glasses worked when pointed at a modern computer screen (or, for that matter, a CRT).
An option like this should at least be considered. If it's not terribly expensive, it should be seriously considered.
Most medical devices should either be stand-alone or in a "closed network" such as a network that only includes patent-care devices in a single building and doctor-and nurse-accessible workstations around the building, but without any connection to any network or device that touches any outside network.
Exceptions like operating rooms used for tele-medicine/remote-operated-robo-surgery/etc. can be handled as special cases.
If you want to hack them, you'll need to use "out of band/side-channel" techniques like compromising the employees who have access to them or listening in on (and interpreting) the nearly-inevitable RF signals that the equipment puts on nearby wires or on the air, watching for vibrations on windows or pointing a camera to the room windows to see or "hear" the alarms or status lights as they go off, etc. Except for the "compromising the employees" bit or gaining physical access yourself, it's very hard to force a non-networked device to do your bidding except in a very rough way, such as by cutting of the power supply or triggering some condition that puts the device in a fail-safe mode.
... all homeopathy-related URLs would be added to a national "ISP blacklist" so they wouldn't be reachable by people in the UK without using a VPN or some such.
</panic mode>
The fun part is that there's no way to get off the list. I've now have three Congressman and a Senator from two different States tell me this.
There is a way, but 3 Congressmen and 2 Senators isn't enough.
If you had 218 Congressmen and 51 Senators and the President on your side, that might be enough, but just to be safe, get 61 Senators on your side.
They can pass a "private relief act" type of bill to remove you from the watchlist. Once the President signs it, it will be law.
As much as is feasible, store files on the servers you have already.
I realize this may not be feasible if your "daytime bandwidth" or latency makes it impossible, but do it if you can.
I'll leave it up to others who know more than I do to answer your original question about open-source, centrally-managed, business-grade (read: vendor-supported and hack-resistant) solutions.
Oh, one more thing: this is a business. Unless you are going to dedicate a programming team to bug-fixing this and a security team to regularly audit it, spend the money on buying software from a reputable vendor who will stay on top of security bugs. Don't make the mistake of thinking "open source means fee as in beer" - if you do, you and your company will pay for it big time with the first preventable security breach.
Terrorists etc. who wanted to have been able to use one-time pads or personal couriers who memorized their messages since well before modern cryptography.
Sure, it was a bit more cumbersome and not always practical, and when implemented naively, it was vulnerable to rubber-hose cryptanalysis but then again, so is an encrypted smart-phone when you have access to someone who knows the password.
So, tell me again, if bad guys will continue to have these options, why is it a good idea to weaken all other forms of cryptography to the point where they are about as useful as SHA1 with a small key (if that)?
thus eliminate a bunch of American jobs. Bravo, Mr President!
Hmm, maybe the "birthers" were right, maybe Obama was born outside the United States after all! :P
Wait, what happened to "Ask Slashdot"?
And if Slashdot is asking, who is it asking?
Those old krusty KGB agents are lucky to copy it at reading speed.
It puts the "up" in "messed up".
This morning when I woke up I hadn't had sugar in over 8 hours.
If anything, I was feeling a bit hungry.
Is it time to unplug everything
Not necessarily. But it IS far past time to plug things in "just because we can" without thinking though the consequences.
I'll add you should pay of your mortgage early, also.
You should either pay it off or pay into a reserve fund or other investment so you can pay off your mortgage on short notice if you want to.
The decision to actually pay off the mortgage or to build up a reserve fund will be based on several factors, including which gives you the best payoff (if your mortgage is net 3% after tax deductions and your investments are 4% net, then do not pay off the mortgage), your need for spare cash (having spare cash to spend on emergencies at the drop of a hat can be very valuable), and other factors.
Whether you contract or have a W2 job, learn to live on half of your net-pay-after-taxes. Yes, this means at least a decade or two of cheap housing, a cheap car, and hardly ever eating out or going to a movie.
You'll need the savings to get you through periods of unemployment, pay for education if you need to do some major re-training because your skills are too "niche" to get you past your current job, and pay for an involuntary early retirement or chronic under-employment if you are unfortunate enough to become unemployed after hitting 50.
At least do this until you've saved up enough that it's obvious you don't have to scrimp and save any more.
You left out
* Teach Yourself Time Travel in 21 Days!
'Cause you're gonna need it if you hope to do the others in 3 weeks each.
"Cram courses" that teach a programmer how to use a totally-new language, totally-new development environment, or even totally-new paradigm are probably useful and worth the time, but they may or may not be worth the money.
Ditto if the student is someone who has many years of experience thinking in logical terms that "map well" to the kinds of thinking that good programmers use every day. The 4 questions at the end of the article are a good ones anyone going this route should ask before they invest the time and money. Another good question is "is there a cheaper/faster/better way for me to learn what I want to learn besides going to a cram-course or coding academy?"
(warning - off-topic material head)
Then there are the "academies" that are designed to give you "more than passing familiarity" with programming but aren't designed to make you "job-ready." I'm thinking mainly summer camps for children and teenagers but also non-credit "life enrichment" courses for adults that teach basically the same skills you can learn in a "teach yourself FOO in N days" or "COMPLEX_TOPIC_FOO for dummies" books.
using this script may get you fired and/or beaten to a pulp
and not necessarily in that order.
How many years before 64K displays become the norm?
These won't be your ordinary TV or PC displays though - there's not much point in cramming 64K into something that typically takes up 10%-30% (left to right) of an average viewer's field of vision. 16K, maybe, but 64K, not for your average viewer.
No, these will either be wall-sized displays that are intended for people to view "up close" at least some of the time, "virtual reality" displays that are intended to fill up almost all of the field of view, or "head-mount/eyeglass mount" displays like Google Glass that are intended to overlay rather than replace what our eyes area already seeing. For very large displays, such as continuous displays along the wall of a shopping center (think "OLED on a roll, cut to size"), we won't even be thinking in terms of "pixels per display" but rather "pixels per mm" and terms like "4K" as we use it today won't have any meaning.
What do the speed-comparisons look like if you compare urban areas (say, an urban/suburban area with over 50,000 people in it) in the US to urban areas in Europe?
What about rural areas to rural areas, counting only those areas within, say, 30 minutes of non-rush-hour drive-time of an urban area.
What about more distant rural areas?
--
Why "30 minutes of drive time"?
If there are roads that can get you to a city in 30 minutes or less, I would expect there is a not-horrendously-expensive way* to run fiber to your general vicinity and from there a path for decent wired, fixed-wireless, or mobile internet service. I won't assume the same if you are on the other side of difficult-to-cross terrain or if you are a long, long way away from a populated area.
*Assuming of course that regulatory burdens or private landowners who ether refuse access outright or who see the fiber-operator as their personal gold mine don't make running fiber too expensive to put in. I don't know how it is in Europe but in most of America if the local or state governments sign off on running fiber from "point A to point B through path C" the affected landowners will be paid for an easement (if one does not already exist) but they won't be able to say "no" nor will they be able to demand exorbitant payments for new easements.
My bank has a slot on the top and is shaped like a pig.
Of course I put significant quantities of cash into a Credit Union account.
Anything less would be tantamount to slavery and very likely to get tossed out of court.
OK, I exaggerate SLIGHTLY, but really, the payout better be at least the equivalent of minimum wage at 40 hours a week for 2 years or the company is going to lose the first lawsuit that has a good lawyer standing behind the plaintiff. Then again, that's "only" about $30K, or 3-6 month's wages for a lot of technical people, which isn't a lot.