Think about it, it takes 30-40 hours of prep to pass the GED test. But it takes 3,000-4,000 hours of time to graduate from regular high school. If you could really compress high-school by 100x then everybody should just get a GED and skip those four years of waste.
Obviously it doesn't work that way. Getting a GED has barely, if any, effect on long-term outcomes. As in, if you dropped out of high school you are probably just as screwed regardless of if you get a GED or not.
The next killer feature for smartphones will be phones that you can sit on - well sit on and not break.
Also, I expect to see them become a little more distributed. A "brain" you leave in your pocket 99% of the time plus seperate UI devices like pebble watch + headset or even google glass.
They could stop selling preferred placement and that would change my mind about their trustworthiness.
The problem isn't with their solution - selling access to data on merchants, their problem is trying to burn the candle at both ends by also selling a form of advertising.
Nah, its pretty crappy that you have to be as big as google to fight back. The telecom lobby is the largest lobby (bigger than oil) in the US, based on dollars spent.
Hey, thanks man for doing the legwork. Even if you get smacked down, trying to do the right thing for all of us is a big deal. I don't live anywhere near KC but I think what you are doing is important. It is certainly worth a lot more than 2 cents.
Comcast only has to beef up the areas that Google entered and that probably wouldn't include the FIOS areas
The more they do that, the more obvious it becomes to the rest of the country that they are abusing the monopoly positions they hold elsewhere. At some point citizen ire will become strong enough to overcome that cronyism.
You are correct. The situation ALREADY IS a privacy nightmare. Browserid does essentially nothing to improve it. Which was the entire point of my objection from the first post.
Also, any normal small shop can have 2-3 visits a day from providers and commercials trying to sell them stuff. So you're simply another guy trying to reach into their rather limited margins and there's no MBA that can break that.
Angie's List seems to have solved that problem - they charge people to look for reviewed service providers rather than charge the providers. Just a reversal of the typical "if you aren't paying for the product, you are the product" scenario.
Angie's List also sells "preferred placement" in searches and personally that's enough for me to distrust their whole operation. But I am a cynic.
As I know people on H1B can't be paid less than their US colleagues because you wouldn't be able to get H1B if they offer you smaller salary than average for this position.
(1) There is literally zero dollars allocated in the federal budget for enforcement of that provision.
(2) That provision is full of loopholes. Like this one:
Note that section (p) requires that the Department of Labor set up four prevailing wage levels based upon skill but section (n) only requires a prevailing wage for occupation and location. There is no statutory requirement that the employer pick the skill level that matches the employee.
Let's see this in action. According to Bureau of Labor Statistics data, the mean wage for a programmer in Charlotte, NC is $73,965. But the level 1 prevailing wage is $50,170. Most prevailing wage claims on H-1B applications use the level 1 wage driving down the cost of labor in this instance by nearly a third. What Americans don't know about H-1B visas could hurt us all
I'm not putting words into your mouth, I'm saying nothing has changed.
Nothing has changed == irrelevant.
Your problem is you are cherry picking from the three current systems - email verification, openid, and facebook/googleplus-style logins. Each of them has drawbacks. You keep shifting your argument based on the particular drawback to say that browserid is better, the problem is browserid does not eliminate any of those drawbacks, it just shuffles them around.
You: Eliminates multiple passwords Me: So does facebook/googleplus and openid
You: Just as vulnerable to tracking by 3rd party trackers as email verification Me: Facebook/googleplus stops 3rd party trackers
You: Stops googleplus/facebook/openid authorization provider from tracking you Me: So does email verification
See? There is no net benefit here, just a re-arranging of the deck chairs on the titanic.
Come on, don't try to put words in my mouth. It is MY OBJECTION and I don't care that it is based on email. OK? What I am objecting to is the fact that it uses a unique ID across multiple websites. THAT IS THE OBJECTION.
It improves upon those systems in one way, the authentication source never knows where the person signed into.
That is a benefit so small as to be meaningless. If anything this makes the situation worse because instead of just one company tracking you across all those logins now you have a unique id that any tracker can key off.
The fact BrowserID standardized on it doesn't reduce privacy for most people,
However it does not significantly INCREASE privacy for most people either. So what is the point?
And using your friend's computer to login still works. The credentials stored in your browser are temporary.
No, only some of the credentials are temporary. The private keys used to sign those temporary credentials are permanent. My point is not about leaving them behind for someone else to misuse, my point is that those private keys are not there to begin with. You can't sit down at someone else's browser and just use it to log in because those private keys used to sign the credential are only stored back on your own computer.
The objection to it was that it requires the site to know your email address, but most sites know this anyways.
No, my objection is that it provides a unique id across multiple websites. An id that will be used for tracking purposes. The fact that the unique id is an email address is really irrelevant.
The goal of BrowserID isn't to reduce user tracking across sites. Its goal is to reduce the use of passwords, something it does pretty well.
By that requirement, there is no functional improvement. It does it just as well as centralized single-sign on like openid/facebook/googleplus. Maybe even worse since the credentials are stored in the browser, making it difficult to sit down at friend's computer and use it to log in.
And most people have one email, and use it everywhere. This specification doesn't decrease their privacy because of that. If you are not already using multiple email addresses, you lose nothing by using browserid.
That is circular reasoning. If a goal of browserid is to increase the user's security, this system does not achieve that, it only maintains the status quo.
When you sign up to websites you usually use have to supply an email address.
That's what mailinator is for.
That is why Mozilla Persona uses email addresses, it's clearly an identity (unlike for example OpenID where are website/webpage is your identity). And you already needed an email address anyway.
I read that same line of reasoning too. It is flawed. There is little to no value in having the SAME identity across multiple websites. But it is infeasible for most people to have a unique email address for each website.
And you can create new identities for free, there are lots of free email providers.
Free is a relative term, creating a new email account for each website is a hassle. Computer systems should make things easier, not require extra hassle.
It would be fairly straightforward to have a single login authentication method that exposed a unique id to each login destination. That would eliminate cross-referencing.
If it wasn't based on your email address, it might be feasible for a firefox add-on to pregenerate a couple of hundred persona ids and then automagically assign them to each individual website that has a login. But, my guess is that the email address requirement makes that effectively impossible except for people who own their own domains.
So, if I am reading that right, personas do not directly leak every login to a central database. But, it does use the same id across different websites so if the website used a service to cross-reference ids with other websites the net result would be the same.
Given the massive proliferation of trackers that we already have, I think we would quickly see them include persona id tracking too.
Automated law enforcement is almost universally a terrible idea. Its the kind of thing an eager-beaver engineer without much real world exposure would come up with. Either that, or a fascist.
The world runs on slack. Not just laws, but pretty much every human interaction requires slack at some point. Slack is the lubricant that makes society work. Without slack the machinery of society will freeze up and burn out.
On the other side of the spectrum, too much slack and the wheels just spin without getting any traction. We need the right amount of slack - fortunately there is usually lots of meta-slack in determining what is the right amount of slack.
Google's sign-in is OpenID based and is explicit about what access you are granting to the website (usually just that they get to know your Google ID which is also your e-mail address).
If mozilla's personas system also exposes your email address, or some other id that is unique across multiple websites, then it is no better than OpenID.
So, either personas have better privacy than OpenID, and thus google's system deserves bashing too --- or personas are no better than OpenID and so I have to ask, why bother re-inventing the wheel?
Another thing to bust your conspiracy theory, we must by law pay a foreign worker Prevailing Wage so they are being paid fairly (compared to people in the same role in the particular geographic region - down to the county)
I am sure some H1B employers do abide by the law. But, in the entire history of the H1B program, there has never been a single dollar allocated to enforcement of that part of the law. Nobody checks. Ever.
To the best of my knowledge, there has been only one case of an employer being prosecuted for paying H1Bs below the prevailing wage - and that was reported by a displaced employee and the situation was so egregious that the case was basically a slam dunk.
Slashdot Mirror
Think about it, it takes 30-40 hours of prep to pass the GED test. But it takes 3,000-4,000 hours of time to graduate from regular high school. If you could really compress high-school by 100x then everybody should just get a GED and skip those four years of waste.
Obviously it doesn't work that way. Getting a GED has barely, if any, effect on long-term outcomes. As in, if you dropped out of high school you are probably just as screwed regardless of if you get a GED or not.
It's got what plants crave.
Lol. If brawndo actually had phosphorus it probably would have worked as a fertilizer.
The next killer feature for smartphones will be phones that you can sit on - well sit on and not break.
Also, I expect to see them become a little more distributed. A "brain" you leave in your pocket 99% of the time plus seperate UI devices like pebble watch + headset or even google glass.
They could stop selling preferred placement and that would change my mind about their trustworthiness.
The problem isn't with their solution - selling access to data on merchants, their problem is trying to burn the candle at both ends by also selling a form of advertising.
Nah, its pretty crappy that you have to be as big as google to fight back. The telecom lobby is the largest lobby (bigger than oil) in the US, based on dollars spent.
Hey, thanks man for doing the legwork. Even if you get smacked down, trying to do the right thing for all of us is a big deal. I don't live anywhere near KC but I think what you are doing is important. It is certainly worth a lot more than 2 cents.
Comcast only has to beef up the areas that Google entered and that probably wouldn't include the FIOS areas
The more they do that, the more obvious it becomes to the rest of the country that they are abusing the monopoly positions they hold elsewhere. At some point citizen ire will become strong enough to overcome that cronyism.
But it doesn't become a privacy nightmare either.
You are correct. The situation ALREADY IS a privacy nightmare. Browserid does essentially nothing to improve it. Which was the entire point of my objection from the first post.
Also, any normal small shop can have 2-3 visits a day from providers and commercials trying to sell them stuff. So you're simply another guy trying to reach into their rather limited margins and there's no MBA that can break that.
Angie's List seems to have solved that problem - they charge people to look for reviewed service providers rather than charge the providers. Just a reversal of the typical "if you aren't paying for the product, you are the product" scenario.
Angie's List also sells "preferred placement" in searches and personally that's enough for me to distrust their whole operation. But I am a cynic.
As I know people on H1B can't be paid less than their US colleagues because you wouldn't be able to get H1B if they offer you smaller salary than average for this position.
(1) There is literally zero dollars allocated in the federal budget for enforcement of that provision.
(2) That provision is full of loopholes. Like this one:
Note that section (p) requires that the Department of Labor set up four prevailing wage levels based upon skill but section (n) only requires a prevailing wage for occupation and location. There is no statutory requirement that the employer pick the skill level that matches the employee.
Let's see this in action. According to Bureau of Labor Statistics data, the mean wage for a programmer in Charlotte, NC is $73,965. But the level 1 prevailing wage is $50,170. Most prevailing wage claims on H-1B applications use the level 1 wage driving down the cost of labor in this instance by nearly a third.
What Americans don't know about H-1B visas could hurt us all
You lose the multiple passwords, which is the real security benefit. This is the claimed benefit. And it is successful.
Low hanging fruit right there:
https://blog.mozilla.org/beyond-the-code/2013/04/09/persona-beta2/
Persona: more privacy, better security while making developers and users happy!
More security is not THE claimed benefit, it is only A claimed benefit.
That's not the first time you under-represented the claims:
It's not about increasing privacy. It's about increasing security by killing extra passwords.
This entire sub-thread which I started is not about increasing security, despite your constant efforts to muddy the waters.
What exactly is a gonzo drummer? Stoned and completely off time?
https://www.youtube.com/playlist?list=PL94B59BC66603620A
I'm not putting words into your mouth, I'm saying nothing has changed.
Nothing has changed == irrelevant.
Your problem is you are cherry picking from the three current systems - email verification, openid, and facebook/googleplus-style logins. Each of them has drawbacks. You keep shifting your argument based on the particular drawback to say that browserid is better, the problem is browserid does not eliminate any of those drawbacks, it just shuffles them around.
You: Eliminates multiple passwords
Me: So does facebook/googleplus and openid
You: Just as vulnerable to tracking by 3rd party trackers as email verification
Me: Facebook/googleplus stops 3rd party trackers
You: Stops googleplus/facebook/openid authorization provider from tracking you
Me: So does email verification
See? There is no net benefit here, just a re-arranging of the deck chairs on the titanic.
Except that it is not irrelevant.
Come on, don't try to put words in my mouth. It is MY OBJECTION and I don't care that it is based on email. OK? What I am objecting to is the fact that it uses a unique ID across multiple websites. THAT IS THE OBJECTION.
It improves upon those systems in one way, the authentication source never knows where the person signed into.
That is a benefit so small as to be meaningless. If anything this makes the situation worse because instead of just one company tracking you across all those logins now you have a unique id that any tracker can key off.
The fact BrowserID standardized on it doesn't reduce privacy for most people,
However it does not significantly INCREASE privacy for most people either. So what is the point?
And using your friend's computer to login still works. The credentials stored in your browser are temporary.
No, only some of the credentials are temporary. The private keys used to sign those temporary credentials are permanent. My point is not about leaving them behind for someone else to misuse, my point is that those private keys are not there to begin with. You can't sit down at someone else's browser and just use it to log in because those private keys used to sign the credential are only stored back on your own computer.
The objection to it was that it requires the site to know your email address, but most sites know this anyways.
No, my objection is that it provides a unique id across multiple websites. An id that will be used for tracking purposes. The fact that the unique id is an email address is really irrelevant.
The goal of BrowserID isn't to reduce user tracking across sites. Its goal is to reduce the use of passwords, something it does pretty well.
By that requirement, there is no functional improvement. It does it just as well as centralized single-sign on like openid/facebook/googleplus. Maybe even worse since the credentials are stored in the browser, making it difficult to sit down at friend's computer and use it to log in.
We have the Axis of Evil and they have the Ominous Triangle.
Who can rock hardest?!!!
Who can guitar solo the longest?!!!
Who has the most gonzo drummer?!!!
It is like Bill & Ted's Bogus Journey but everybody forgot to be excellent to each other!
And most people have one email, and use it everywhere. This specification doesn't decrease their privacy because of that. If you are not already using multiple email addresses, you lose nothing by using browserid.
That is circular reasoning. If a goal of browserid is to increase the user's security, this system does not achieve that, it only maintains the status quo.
When you sign up to websites you usually use have to supply an email address.
That's what mailinator is for.
That is why Mozilla Persona uses email addresses, it's clearly an identity (unlike for example OpenID where are website/webpage is your identity). And you already needed an email address anyway.
I read that same line of reasoning too. It is flawed. There is little to no value in having the SAME identity across multiple websites. But it is infeasible for most people to have a unique email address for each website.
And you can create new identities for free, there are lots of free email providers.
Free is a relative term, creating a new email account for each website is a hassle. Computer systems should make things easier, not require extra hassle.
It would be fairly straightforward to have a single login authentication method that exposed a unique id to each login destination. That would eliminate cross-referencing.
If it wasn't based on your email address, it might be feasible for a firefox add-on to pregenerate a couple of hundred persona ids and then automagically assign them to each individual website that has a login. But, my guess is that the email address requirement makes that effectively impossible except for people who own their own domains.
Since when does a company obsessed with DRM release a game to bittorrent for free, before it's announced or launched?
Maybe the game is intended to be free to play with in-game purchases of crap as the primary funding model.
So, if I am reading that right, personas do not directly leak every login to a central database. But, it does use the same id across different websites so if the website used a service to cross-reference ids with other websites the net result would be the same.
Given the massive proliferation of trackers that we already have, I think we would quickly see them include persona id tracking too.
Automated law enforcement is almost universally a terrible idea. Its the kind of thing an eager-beaver engineer without much real world exposure would come up with. Either that, or a fascist.
The world runs on slack. Not just laws, but pretty much every human interaction requires slack at some point. Slack is the lubricant that makes society work. Without slack the machinery of society will freeze up and burn out.
On the other side of the spectrum, too much slack and the wheels just spin without getting any traction. We need the right amount of slack - fortunately there is usually lots of meta-slack in determining what is the right amount of slack.
Google's sign-in is OpenID based and is explicit about what access you are granting to the website (usually just that they get to know your Google ID which is also your e-mail address).
If mozilla's personas system also exposes your email address, or some other id that is unique across multiple websites, then it is no better than OpenID.
So, either personas have better privacy than OpenID, and thus google's system deserves bashing too --- or personas are no better than OpenID and so I have to ask, why bother re-inventing the wheel?
Another thing to bust your conspiracy theory, we must by law pay a foreign worker Prevailing Wage so they are being paid fairly (compared to people in the same role in the particular geographic region - down to the county)
I am sure some H1B employers do abide by the law. But, in the entire history of the H1B program, there has never been a single dollar allocated to enforcement of that part of the law. Nobody checks. Ever.
To the best of my knowledge, there has been only one case of an employer being prosecuted for paying H1Bs below the prevailing wage - and that was reported by a displaced employee and the situation was so egregious that the case was basically a slam dunk.
That page has a frickin 3.5MB image embedded in it. That's ridiculous.