Nah, there is a completely different cute redhead with precocious personality traits.
Honestly, I'm not impressed by their work.
I find most Whedon's work so campy that I just can't watch it. I usually leave the room, despite other geeks attempts to get me interested. One day, however, someone threw on the DVDs of the Firefly series and after seeing three episodes I was hooked. I went out and bought them a couple days later. I highly recommend giving Serenity/Firefly a try, it is one of the best sci-fi shows to come out in years.
Good biometric identification properly implimented (not necessarily easy to do, mind you) shouldn't be copyable or stealable.
This violates fundamental authentication principals. Anything that is "something you have" can be stolen and/or copied, it is just that some items are more difficult to steal/copy than others. There is no reason why the entire human body cannot be duplicated to a level that the Heisenburg uncertainty principals makes them indistinguishable. Maybe it is unlikely, but it is a mistake to assume it cannot and never will happen.
But a good fingerprint scanner properly implimented (say, with a security goon sitting there making sure the user puts their finger on the scanner, not someone else's) is more secure than relying on just "something you have" - a security goon watching people swipe cards can't easily tell if it's me swiping my Sonitrol or someone that mugged me scanning my Sonitrol.
What if they use a latex copy on a real thumb. Those are pretty hard to see, but are detectable by a really well made scanner. What if a thumb is cut off and surgically grafted onto another person. That would be pretty hard to detect by any scanner. I'm not saying biometrics are useless, it is just that their usefulness is limited to specific situations as part of a larger authentication scheme involving other "something you know" and "something you have" mechanism and under competent human observation. Implementing a poor security mechanism can lead to a false sense of security and be even worse than no formal security. Biometrics are largely misapplied and trying to make up an exception for them and tack it onto existing authentication theory is a mistake. Biometrics need to evaluated based upon their advantages and disadvantages within the context of "something you have."
Your argument begins by objecting to a widely accepted partitioning of the authentication space, but the reasoning you present seems only to support the partitioning as given.
Not so. Biometrics are something you have. A fingerprint, a keycard, and a brick wall with a barcode on it are all fundamentally, "something you have." Biometrics are a subset of "something you have" that has a particular set of criteria, just like keys. The only reason why some people try to classify them as something new, even though they meet every criteria for "something you have" is because in many cases they are a very poor "something you have" and when properly evaluated that is easy to see. For example, they are very commonly used to replace passwords resulting in replacing a "something you know" scheme with a very weak "something you have" scheme. Considered in that light, it is very hard to make any sales, so vendors try to avoid evaluation of biometrics based upon traditional, well proven, criteria and try to bill it as something new.
biometrics is not just something you have, but something you are, since they are based on nonsubstitutable parts of your person.
Biometrics are something you have. They can be copied or taken from you. They are just something that is difficult to change or replace. They function (within authentication theory) exactly like any other "something you have" by being presented to a person or device.
By contrast, something you have, such as a cryptographic token, is an artifact. Being an artifact carries quite a different set of characteristics than being a person, and requires a different analysis.
Now you're confusing nomenclature. A token is generally something you know stored on something you have. A physical device with a key on it is something you have. You claim that being a person carries a different set of characteristics, but authentication schemes can't identify what is a "person" only known physical characteristics that that person carries with them as part of their body. Having your thumb or someone else's thumb is no different than having your key or someone else's key. A thumb may be more evident when it is tampered with (although not necessarily) but it also is very inconvenient to change and is constantly exposed to copying. Fundamentally, however, it is still something you have.
Every biometric I have ever seen merely tests one or more body parts, all of which are each just "something you have" and do not differ in any fundamental way than any other "something you have." Like other poorly chosen "something you have" items though, almost all biometrics have some serious drawbacks and some advantages. What I object to is not evaluating them properly by claiming they are somehow fundamentally different. It is not so. An RFID chip embedded in your arm is not a biometric, but has almost all of the same advantages and drawbacks, as well as some additional benefits.
I did not focus very much upon why I object to the classification of biometrics as not "something you have" because I thought it would be somewhat self explanatory. Hopefully now though you can see the danger of bypassing the traditional definitions of authentication theory in order to try to make an exception for a series of "something you have" items in order to avoid having to properly evaluate them. Whenever I see "something you are" I curse the clever marketers that are willing to promote insecure authentication schemes based upon whiz-bang marketing and blinking lights instead of a solid, reasoned evaluation of the benefits and drawbacks. For people who are not familiar with authentication theory it is as if someone started quoting the theory of gravity as "every object attracts every other object, except airplanes and the earth because of airplanes hi-tech design" in order to sell airplanes. It is marketing bullshit, not science.
...but don't think that severing thumbs is a likely outcome.
The example I gave was not theoretical, it has already happened. Given how rare thumbprint locks are, I'd say that it is potentially worrying as a new, common crime. I'd not care to hazard a guess either way at this point.
The other fundimental isssue is that the biometric output needs to be compared with data that is 'on file'.
This is, or course, the most likely avenue of attack. It is somewhat mitigated in that a database can just store a one way hash of your fingerprint, but all it takes is one broken hash, one company that does not correctly implement the hash or does not implement a hash at all, or one man in the middle attack either over a network or using a fake reader (like the ones used to steal ATM card signatures now) and you're screwed. I'm sure you can get you bank to disallow your account to be accessed using thumbprints, but it will be a huge pain for everyone involved, and more of a pain as biometrics become more and more common. I would not worry so much about Visa, as they will probably implement a good hash, I'd worry about every single retailer you ever use.
"Something you have" that is unchangeable makes for a pretty poor authentication scheme and I'm glad at least some people can see that.
That is a pretty good idea for strong, hard to guess passwords, but most people only have a few of those, while they have many passwords where only a trivial attempt at security is needed. Using a single generic password for many purposes is one way to go, but is a little too insecure for my comfort. I usually choose a happy medium of convenience and security with the following scheme:
Make up a fairly strong password that should work in any environment (numbers, letters, special characters, no spaces, about six characters long). Use this password for all logins, but append or prepend a standard feature from the website or system in question. For example, use the password "W3%wr!" as your base password. When you login to Slashdot prepend "Sl" to have the password "SlW3%wr!" while for gmail your password is GmW3%wr!" and for the New York Times your password is "NyW3%wr!"
In this way, automated scripts run on compromised account data and then applied to popular sites will fail, but you still only need to remember one password. Sure if someone were to acquire information from several compromised accounts they could figure out the scheme and get into yet more accounts, but with all the low-hanging fruit out there that is pretty unlikely. This is not as secure as your system, but also does not require me to carry a reference card everywhere.
I strongly object to this bastardization of traditional authentication scheme theory. "Something you are" is a load of crap. It is an attempt to graft biometrics onto existing theory without evaluating how they really work. Biometrics identifiers are just something you have and need to be evaluated on their strengths and weaknesses on that basis. For the most part biometrics are something you have that you keep with you all the time and cannot easily remove or change. This is good in that it makes them harder to steal and less likely to be lost. This is bad because you cannot put them away somewhere safe and are constantly exposing them to the possibility of being copied. It is also bad because unlike other things you might have and use to authenticate, biometrics are almost impossible to change, so once compromised are a nearly permanent vulnerability. Finally, biometrics are bad because they can lead to the escalation of a crime in that their theft can be physically damaging. Take note of the man who was first kidnapped, then had his thumb cut off when car-jackers wanted to be able to start his fancy thumbprint lock car. Criminals don't need to be given extra motivation to commit mutilations.
Biometrics proliferate these days largely on their "cool" factor. The more blinking lights and high-tech gadgets the more secure it must be, right? Sadly they are being used to replace either the something you know or something you have in traditional biometric schemes, with the end result being less overall security. Biometrics have their place, and that is in a tightly controlled environment, supplemented by human observers to prevent copies from being easily used, and as an additional security measure on top of "something you know" and "something you have" that can't be copied from your beer glass at the bar. They do not belong in an authentication scheme in place of either a traditional "something you know" or "something you have" unless your goal is to have very, very convenient placebo security that is trivially bypassed by design.
It's like talking about outlawing unhealthy food. Government shall never tell us or even suggest what we should do. Unless they make it a law lol.
Did you even read the law in question? It is about government acquisition, not what private citizens or companies can do. It is a lot more like the government passing a law that says all food purchased by the government to be fed to government employees must contain a list of ingredients, and the preparation is subject to inspection so that they can make sure no poisons are being added. The only way someone might go to jail is if they buy food (or software) for the government that is not up to spec and may be poisoned. RTFA.
Giving preferential treatment to software just because it follows some creed is not the way to choose the best tools for the job and save the tax payers money.
What are you talking about? The Peruvian government just passed a law that says one criteria of software is important to them and if at all possible software should meet that criteria. It is a functional specification, not a creed and it is well defined in the law.
If the U.S. government passed a law that said, "to insure the safety of government employees all garments purchased by the government for employees should be flame retardant, unless there is a good reason to use flammable garments" would you complain that they were unfairly favoring the "inflammable" creed of clothing manufacture? Now maybe other factors like cost, warmth, resistance to small arms fire, etc. are more important for a given application, but there is nothing wrong with trying to get all clothing that does not easily burn.
This law is the result of lots of publicly owned information being available only by paying a toll to one foreign company. It addresses a real problem. It is giving preferential treatment to software that is better in one specific way (that they deem very important to them). It is just like making sure government clothing buyers don't skimp on clothing and buy unsafe garments to save money in the short term. Peru, and many other countries are tired of getting burned and are taking action. I applaud them.
I'm continually amazed that MS has such traction that F/OSS has to fight to get anywhere. If MS and Linux were cars (never mind old jokes) people would be buying magazines to compare, taking test drives, and asking their buddies which one to buy.
If Ford made an exclusive deal with every home builder and renter in the country so that whenever anyone bought a home or rented a apartment they were given a free Ford car rental (included in the price of the dwelling and with no option to opt out) people would probably all drive Ford cars. They would also consider anyone who went out and bought or built another car to be some sort of weirdo. Most home manufacturers would not be able to escape from this deal either since not getting a "free" car with your house would be a deal breaker, and no one would want a chevy since it could not use ford parts (the only kind sold in parts stores), could not get repaired anywhere (since 95% of repair places only worked on fords), and since there is a huge PR campaign spreading rumors that Ford brand gasoline (the only kind easily available) may not work properly in Chevy engines (even though it does).
Once a company, like MS or Ford, has that kind of monopoly or monopolies it is very easy for them to maintain that position, especially given how corrupt our legal system is. They can buy out, price out, or lock out any new competitors. It is illegal, but politicians listen to campaign contributions more than laws. Luckily we are not in that position with cars and hopefully we will not stay in that position with OS's and office applications. I don't care who is making the money, but I do care about the cost and quality of products and without competition one goes way up while the other goes way down. I'll leave it to you to guess which is which.
Re:What sort of "original" game do you propose?
on
Ask Sid Meier
·
· Score: 2, Informative
For the Doom 3 they did hire a professional writer and it showed... Diablo 2 had a nice story? How is "Diablo Came Back Halfway Around the World" a nice story?
Lets see, In Diablo 2 there were what twenty four subplots, and dozens of characters with unique dialogue in each city. There was the overarching plot narrated by an interesting character and the whole thing was interesting enough that most people I know actually paid attention and read or listened to all the back story about their quests.
With Doom 3 I felt that the story was just sort of extra crap. You didn't need to really know any of it to play the game, and frankly I don't even remember what most of it was. Yeah, we're supposed to kill these demons, and then these demons. This differs from the original how? It did not hold my interest at all. If you want to see an example of an FPS with a plot and story that is really integrated and captivating, check out Marathon 2, I think it is available as an open source project now. Super intelligent AI's strong arming you into accomplishing various tasks, lying to you, Aliens who are really, really alien, plots where you are double crossed, where alien machines screw with you, and an insane AI beams you here and there while spouting bad poetry at you. All of this in a series of settings where computers you interface with have valuable data as well as meaningless, but often amusing, information about the neighborhood. I guess I just don't see Doom 3 as comparing at all. To me the story of Doom 3 seemed neither clever nor engaging. I suppose everyone has personal preferences, I'm glad you liked it.
He said, "original copyright terms" which was 14 years originally, (with an extension possible). Since that time the laws have changed drastically and copyrights will no longer expire on any work for the foreseeable future, unless political power shifts away from big business. Every time they come close the terms are extended. This results in many works, like some of the author's original works, possibly disappearing or becoming unplayable within only a decade or so. It also means that the author's life work may vanish from public consciousness even before he dies, never to be recovered. That is certainly a concern of mine as a creative artist and something I's like to hear more popular artists comment upon.
Buddha, where do you morons come from?!? The previous poster asked a pertinent question from a well respected artist about the future of his work and the possibility that the current laws either encourage him to do more work, make his work unavailable to future generations (something many artists would be upset about), or do both simultaneously. Enough people were interested in the answer to that question to mod him up. Then some lowbrow whiner like yourself shows up complaining that someone asked an intelligent question and making a slew of wild accusations and assumptions. Why don't you grow up and stop making a jackass of yourself when someone asks an adult question and quit your moaning. Just skip comments like this by, I'm sure someone will mention farts or boobies later on to entertain you.
Re:What sort of "original" game do you propose?
on
Ask Sid Meier
·
· Score: 1
What I think would be fun is a detective type online RPG. It might require assigned roles (i.e. player 3 is secretly the murderer) but I think it might be the best way to achieve the flexibility of plot required to keep the game interesting. It would certainly be a challenge to code though.
Re:What sort of "original" game do you propose?
on
Ask Sid Meier
·
· Score: 2, Interesting
Diablo was not evolutionary.
I'll give you the benefit of the doubt and assume English is not your first language. I said that I would like to see games that are evolutionary (as far as graphics and gaming engine are concerned) and which are somewhat improved versions of existing games, except with a new plot, story elements, artwork etc. The Diablo series is evolutionary because Diablo 2 is a bunch of improvements on Diablo without changing anything major. I'd like to see a third version that is better yet, with the specific improvements I mentioned, which would be another evolutionary (rather than revolutionary) change.
Diablo was a Roguelike with a few fancy graphics tacked on.
Diablo was somewhat like rogue in that it had similar story elements and traditional equipment, levels, and other RPG elements, but the plot was completely different and the gameplay was completely different. The graphics were obviously improvements on ascii, there was sound, the control was via a mouse with the keyboard as secondary input, etc. etc.
why not count Doom 3 (which is Doom with fancier graphics) as "evolutionary"?
Doom 3 is evolutionary improvements on Doom 2 and Doom 1. Who would argue otherwise? The problem with Doom 3 is the lousy plot, and poor story telling. I actually look at games as being composed of three parts: gameplay, story, and display. The gameplay is the mechanics of play, what controls, what you can do, how fast it goes etc. Story is the plot and characters. Display is the graphics and sound. Doom 3 has a great display and the gameplay is OK, but nothing special. The story is crap. I wish gaming companies would hire few good writers rather than more code monkeys. Diablo 2 had a very nice story, the display was good too, but I'd like to see some evolutionary improvements to the gameplay.
Re:What sort of "original" game do you propose?
on
Ask Sid Meier
·
· Score: 1
I'm not the original poster, but I'll bet we both share something in common, we are not professional game designers. As a result of this we don't spend all day trying to come up with cool game ideas and are thus not particularly qualified to speak to what sort of new games can and should be made.
What I am is a consumer of games and I must say I've been pretty bored with all the unoriginal games that are just rehashed old games. I'd like to see some games that are evolutionary like the Diablo series except with better combat rather than more junk in the next version. I like fast and easy gameplay, but get bored with only having one or two ways to attack after a while. just adding attack high, medium, low, and block and making combos work would make the whole thing an order of magnitude more fun. I'd like to see some FPS games with engaging, clever, plots, like the old marathon series did. Games that make you want to read more about the plot, as part of the game rather than a game that has such a dull and contrived plot that you click past it as fast as possible to get back to the action. I'd like to see some traditional role playing games that actually stress the role playing parts, with online play where players can interact, need to speak to one another, and can customize actions. I'd like to see a strategic naval combat game with pseudo-random wind, current, and storm effects. There are plenty of other games I'd love to play if someone would make them, most of which I have never even thought of. In fact one of the few things I don't want to play is another game that is no different in plot or gameplay than an existing game. Better graphics are all well and good, but they are not a sufficient improvement to justify buying a new game. In fact in general I think far to much gaming effort goes into graphics as compared to story elements, artwork, and world building. There are some games out there that have gameplay that is a lot of fun, and I'd be happy to buy a sequel to, if the sequel was just more and better variations on the original. I'd happily shell out more money for a whole new series of Warcraft 3 campaigns, with a new plot, settings, and some new artwork. I already did so once with the Frozen throne expansion. I just wish there were more campaigns to buy that started at the beginning with new characters and plot and built up to larger things. I'd love for a company to build a base game and sell it at a reasonable price and then sell additional games that ran on the same engine and re-used most of the same elements but sold for $5-10 a pop. OK, game companies, this small segment of your audience has spoken. Bring on the new games.
...because you know everything has to be one or the other. It's not like some things could be beneficial when applied in certain ways (like traditional patents on non-obvious inventions) and yet be detrimental when used in other ways (patenting business ideas, existing inventions, existing common practices or ideas with "on the internet" appended, software patents, etc.). Can't someone please come up with simple absolute rules for everything so we don't have to think?
It's hard to let Slashdot tell me what to think when they post stories on _both_ sides of an argument!
Yeah we all hate it when a discussion site posts both good and bad things done by a person, organization, or process. That might foster, well discussion.
Man I hope you're trying to be funny, because some days I really can't tell on Slashdot anymore.
To my knowledge the contents of an EULA have never, ever mitigated the effects of marketing claims in a court of law in the United States. If you put up advertising claiming a product does something, it does not matter how many warnings or disclaimers you put in the EULA, instructions, included literature, etc. If the disclaimer is not on the advertisement proper, then a company will lose a case claiming the consumer was misled by their advertising. If you'd like to cite any court case where this has happened I'd be quite interested to read it.
In this particular instance, all the advertisement seems very vague, and does not actually claim it will find or remove "illegal" files from your computer (as I mentioned in my previous post).
In the South Park movie, Bill Gates got shot in the head and everyone in the theater laughed. Once South Park wants to kill you, the teeming masses will follow.
I saw that movie in an on campus theater, at a university, with an audience of hundreds and hundreds of engineers and scientists. That scene received a standing ovation, hoots, screams, cries of joy, thrown popcorn, and other jubilation that drowned out the movie for the next 5 minutes.
It does not matter what the EULA says. You can sue them for false advertising and damages that resulted from it if they claim it finds "illegal" music in their advertisements, when it really just finds music in particular formats. From a quick look, however, they claim all this does is find all music and video files as well ass P2P programs on your computer and leave it up to you to decide if they are illegal. Basically, it is useless except to make it easier for clueless people to delete all the mp3's on their machine. They might be liable for their claims that anything in your shared folders is likely to be illegal, since that is a very difficult statement to back up, but it is pretty iffy.
The fact that the overwhelming number of terrorists are now young Middle Eastern males has established a profile. Their ethnicity is a component of the profile, not the reason for it.
So just because they are stopping people based upon the fact that they are a certain race, because they profiled that race as a more likely threat, does not make it racial profiling? What is racial profiling if not establishing a profile based on someone's race? Sorry, you're just completely wrong. This is racial profiling, it's just that racial profiling is not always a bad thing, just a very dangerous thing. You see it is fine to have a profile of a particular criminal, i.e. we believe our killer is young, middle eastern, likes tacos, and often wears a blue hat, and then question people matching that profile. It is not all right to generalize a profile, i.e. we believe people who are young, middle eastern, and men are likely to be terrorists, and then question all people who are young middle eastern, and men because that is discriminating against a given, race, sex, or age. It is fine to stop a black person if you believe they have committed a crime, so long as you do not believe they have committed a crime because you see that they are black and assume black people are criminals.
I wear shoes on airplanes, travel alone, am a young male and take one-way trips. That means I fit the profile except I'm Caucasian. Does that mean I get searched more? Yup. Race is not the CAUSE of the search.
Actually, no that is not all right, at least not according to the U.S. constitution. Maybe in the U.K. they think that is fine, but here we have (or used to have) certain unalienable rights. One of them specifically enumerated is the right to be safe from unreasonable searches and seizures. If they have reason to believe you have committed a crime, you can be searched, otherwise it is technically unconstitutional. A friend of mine has a stack of little metal plates with the bill of rights on them. Every time he flies they take away his rights because it is pointy. Hell, did you read that story about the aged war hero pilot who had his constitutional medal of honor taken away from him before flying, because it was pointy? The ridiculous "security" officers who provide no security and are just there as a placebo did not even know what the medal was. Heck you're not allowed to bring nail clippers into the statue of liberty because of terrorists! You never know someone might hijack the statue and force the pilot to walk all over New York like in that Ghost Busters movie. It is sick and sad the our country has become so cowardly that this asinine removal of civil rights is allowed. The media has managed to whip up such a frenzy that ordinary people are scared of terrorists all the time, despite the fact that more people drown in buckets every year in the U.S. than are killed by terrorists.
And it is people like you who are happy to bend over and take it up the ass because you're so scared of the big bad terrorist that make it all happen. Who cares if America isn't free anymore so long as the boogey man on TV does not get you. You make me sick.
Production cost doesn't set an upper limit on sale price, but it certainly does set a lower one.
I think that was pretty well covered by my original post that said, "It[cost of manufacture] is a factor in deciding whether or not to make a product, and what features are included in a product..." It's not like companies decide, hey we're going to build and sell a car that runs on hydrogen or a digital music player that is really small and uses flash memory without first estimating how much it will cost, how much people will pay, and , hence, whether or not that device will then be profitable if manufactured. They start with what people will pay and what they can make for a given price point. It's true no one sells things for less than they cost to make, barring strategic items, but the decision making happens at a much earlier point in development than you imply.
Stance 1: They're selling you a CD.
If you buy a CD, you buy the limitation that it only plays on limited devices.
There is a problem with this. They aren't selling CDs in this case. Most consumers think they are buying CD players and they are in the record store with the CDs. Sometimes they are on a shelf labeled "CDs," your receipt may say CD, it looks just like a CD. It isn't a CD. It is an inferior imitation designed specifically to fool the consumer into thinking they are buying a CD, but it legally cannot be called a CD and is likely illegal to market as a CD. They are purposely misleading consumers and hoping no one notices. In my mind they deserve to be dragged into court to explain why they think this massive fraud should be allowed.
I'm always amused to see articles like this talking about profit margins and the like, as if the cost of production and marketing was a huge factor in deciding what to charge for a product. It is a factor in deciding whether or not to make a product, and what features are included in a product, but in how much to charge? You charge what people are willing to pay (actually what will make you the most profit when you balance the number of sales you will get at a given price point). I've worked at several start-up companies and seen the same scenario. We're doing OK, and getting by, hire some marketing experts to consult and they say, "well here's your problem, you're not charging enough." We quadruple the price of the product and suddenly get loads more sales. You see many people think price is equal to quality, or you get what you pay for. If you just raise the price drastically, buyers think your product is better. A good strategy seems to be seeing what your competitors are selling for, hyping one or two things you do better than them, hyping generally how much better your product is (using unspecific terms), and setting you price 10-20% higher than theirs. Everyone assumes since your product costs more it is better and 20% isn't huge, especially if they are spending their company's money instead of theirs.
Anyone who thinks the cost of producing a product has a lot to do with what it sells for is likely clueless.
Make all of TV on-demand and eliminate the need for PVRs in that sense.
That would be great, but monopolies and cartels love bundling. The Cable companies and TV studios are largely owned by the same corporations. The cable companies might be willing to give up their advertising and channels to the content providers, if they were still the delivery mechanism, but I don't see it happening without government intervention. Content providers like to sell entire shows, channels, and even groups of channels as a bundle and the cable companies enjoy the same. They have a much harder time forcing you to pay for dozens of channels and thousands of shows you don't want if they have the mechanism to deliver just the show you want to buy. It also opens them up to competition from independents, and they sure don't like having to compete based upon the quality of their shows.
From a user perspective, I think there will always be channels, but they may be more like book lists. The sci-fi channel will list hundreds of good sci-fi series and you can buy and watch any particular one. I don't see google moving into this anyway. As much as I enjoy watching random videos from DTV (which is a free version of exactly what you describe available over the internet) I don't see that the average person has the bandwidth or the means to get that video easily onto their TV. The market just isn't there unless you can come up with a huge source of content independent of the traditional production channels.
Is that cute red-head in Serenity?
Nah, there is a completely different cute redhead with precocious personality traits.
Honestly, I'm not impressed by their work.
I find most Whedon's work so campy that I just can't watch it. I usually leave the room, despite other geeks attempts to get me interested. One day, however, someone threw on the DVDs of the Firefly series and after seeing three episodes I was hooked. I went out and bought them a couple days later. I highly recommend giving Serenity/Firefly a try, it is one of the best sci-fi shows to come out in years.
Good biometric identification properly implimented (not necessarily easy to do, mind you) shouldn't be copyable or stealable.
This violates fundamental authentication principals. Anything that is "something you have" can be stolen and/or copied, it is just that some items are more difficult to steal/copy than others. There is no reason why the entire human body cannot be duplicated to a level that the Heisenburg uncertainty principals makes them indistinguishable. Maybe it is unlikely, but it is a mistake to assume it cannot and never will happen.
But a good fingerprint scanner properly implimented (say, with a security goon sitting there making sure the user puts their finger on the scanner, not someone else's) is more secure than relying on just "something you have" - a security goon watching people swipe cards can't easily tell if it's me swiping my Sonitrol or someone that mugged me scanning my Sonitrol.
What if they use a latex copy on a real thumb. Those are pretty hard to see, but are detectable by a really well made scanner. What if a thumb is cut off and surgically grafted onto another person. That would be pretty hard to detect by any scanner. I'm not saying biometrics are useless, it is just that their usefulness is limited to specific situations as part of a larger authentication scheme involving other "something you know" and "something you have" mechanism and under competent human observation. Implementing a poor security mechanism can lead to a false sense of security and be even worse than no formal security. Biometrics are largely misapplied and trying to make up an exception for them and tack it onto existing authentication theory is a mistake. Biometrics need to evaluated based upon their advantages and disadvantages within the context of "something you have."
Your argument begins by objecting to a widely accepted partitioning of the authentication space, but the reasoning you present seems only to support the partitioning as given.
Not so. Biometrics are something you have. A fingerprint, a keycard, and a brick wall with a barcode on it are all fundamentally, "something you have." Biometrics are a subset of "something you have" that has a particular set of criteria, just like keys. The only reason why some people try to classify them as something new, even though they meet every criteria for "something you have" is because in many cases they are a very poor "something you have" and when properly evaluated that is easy to see. For example, they are very commonly used to replace passwords resulting in replacing a "something you know" scheme with a very weak "something you have" scheme. Considered in that light, it is very hard to make any sales, so vendors try to avoid evaluation of biometrics based upon traditional, well proven, criteria and try to bill it as something new.
biometrics is not just something you have, but something you are, since they are based on nonsubstitutable parts of your person.
Biometrics are something you have. They can be copied or taken from you. They are just something that is difficult to change or replace. They function (within authentication theory) exactly like any other "something you have" by being presented to a person or device.
By contrast, something you have, such as a cryptographic token, is an artifact. Being an artifact carries quite a different set of characteristics than being a person, and requires a different analysis.
Now you're confusing nomenclature. A token is generally something you know stored on something you have. A physical device with a key on it is something you have. You claim that being a person carries a different set of characteristics, but authentication schemes can't identify what is a "person" only known physical characteristics that that person carries with them as part of their body. Having your thumb or someone else's thumb is no different than having your key or someone else's key. A thumb may be more evident when it is tampered with (although not necessarily) but it also is very inconvenient to change and is constantly exposed to copying. Fundamentally, however, it is still something you have.
Every biometric I have ever seen merely tests one or more body parts, all of which are each just "something you have" and do not differ in any fundamental way than any other "something you have." Like other poorly chosen "something you have" items though, almost all biometrics have some serious drawbacks and some advantages. What I object to is not evaluating them properly by claiming they are somehow fundamentally different. It is not so. An RFID chip embedded in your arm is not a biometric, but has almost all of the same advantages and drawbacks, as well as some additional benefits.
I did not focus very much upon why I object to the classification of biometrics as not "something you have" because I thought it would be somewhat self explanatory. Hopefully now though you can see the danger of bypassing the traditional definitions of authentication theory in order to try to make an exception for a series of "something you have" items in order to avoid having to properly evaluate them. Whenever I see "something you are" I curse the clever marketers that are willing to promote insecure authentication schemes based upon whiz-bang marketing and blinking lights instead of a solid, reasoned evaluation of the benefits and drawbacks. For people who are not familiar with authentication theory it is as if someone started quoting the theory of gravity as "every object attracts every other object, except airplanes and the earth because of airplanes hi-tech design" in order to sell airplanes. It is marketing bullshit, not science.
The example I gave was not theoretical, it has already happened. Given how rare thumbprint locks are, I'd say that it is potentially worrying as a new, common crime. I'd not care to hazard a guess either way at this point.
The other fundimental isssue is that the biometric output needs to be compared with data that is 'on file'.
This is, or course, the most likely avenue of attack. It is somewhat mitigated in that a database can just store a one way hash of your fingerprint, but all it takes is one broken hash, one company that does not correctly implement the hash or does not implement a hash at all, or one man in the middle attack either over a network or using a fake reader (like the ones used to steal ATM card signatures now) and you're screwed. I'm sure you can get you bank to disallow your account to be accessed using thumbprints, but it will be a huge pain for everyone involved, and more of a pain as biometrics become more and more common. I would not worry so much about Visa, as they will probably implement a good hash, I'd worry about every single retailer you ever use.
"Something you have" that is unchangeable makes for a pretty poor authentication scheme and I'm glad at least some people can see that.
That is a pretty good idea for strong, hard to guess passwords, but most people only have a few of those, while they have many passwords where only a trivial attempt at security is needed. Using a single generic password for many purposes is one way to go, but is a little too insecure for my comfort. I usually choose a happy medium of convenience and security with the following scheme:
Make up a fairly strong password that should work in any environment (numbers, letters, special characters, no spaces, about six characters long). Use this password for all logins, but append or prepend a standard feature from the website or system in question. For example, use the password "W3%wr!" as your base password. When you login to Slashdot prepend "Sl" to have the password "SlW3%wr!" while for gmail your password is GmW3%wr!" and for the New York Times your password is "NyW3%wr!"
In this way, automated scripts run on compromised account data and then applied to popular sites will fail, but you still only need to remember one password. Sure if someone were to acquire information from several compromised accounts they could figure out the scheme and get into yet more accounts, but with all the low-hanging fruit out there that is pretty unlikely. This is not as secure as your system, but also does not require me to carry a reference card everywhere.
Something you have (physical key)
Something you know (password)
Something you are (biometrics)
I strongly object to this bastardization of traditional authentication scheme theory. "Something you are" is a load of crap. It is an attempt to graft biometrics onto existing theory without evaluating how they really work. Biometrics identifiers are just something you have and need to be evaluated on their strengths and weaknesses on that basis. For the most part biometrics are something you have that you keep with you all the time and cannot easily remove or change. This is good in that it makes them harder to steal and less likely to be lost. This is bad because you cannot put them away somewhere safe and are constantly exposing them to the possibility of being copied. It is also bad because unlike other things you might have and use to authenticate, biometrics are almost impossible to change, so once compromised are a nearly permanent vulnerability. Finally, biometrics are bad because they can lead to the escalation of a crime in that their theft can be physically damaging. Take note of the man who was first kidnapped, then had his thumb cut off when car-jackers wanted to be able to start his fancy thumbprint lock car. Criminals don't need to be given extra motivation to commit mutilations.
Biometrics proliferate these days largely on their "cool" factor. The more blinking lights and high-tech gadgets the more secure it must be, right? Sadly they are being used to replace either the something you know or something you have in traditional biometric schemes, with the end result being less overall security. Biometrics have their place, and that is in a tightly controlled environment, supplemented by human observers to prevent copies from being easily used, and as an additional security measure on top of "something you know" and "something you have" that can't be copied from your beer glass at the bar. They do not belong in an authentication scheme in place of either a traditional "something you know" or "something you have" unless your goal is to have very, very convenient placebo security that is trivially bypassed by design.
It's like talking about outlawing unhealthy food. Government shall never tell us or even suggest what we should do. Unless they make it a law lol.
Did you even read the law in question? It is about government acquisition, not what private citizens or companies can do. It is a lot more like the government passing a law that says all food purchased by the government to be fed to government employees must contain a list of ingredients, and the preparation is subject to inspection so that they can make sure no poisons are being added. The only way someone might go to jail is if they buy food (or software) for the government that is not up to spec and may be poisoned. RTFA.
What do you do when kids go to their friend's house and make exact copies of items their friends bought from your store?
Giving preferential treatment to software just because it follows some creed is not the way to choose the best tools for the job and save the tax payers money.
What are you talking about? The Peruvian government just passed a law that says one criteria of software is important to them and if at all possible software should meet that criteria. It is a functional specification, not a creed and it is well defined in the law.
If the U.S. government passed a law that said, "to insure the safety of government employees all garments purchased by the government for employees should be flame retardant, unless there is a good reason to use flammable garments" would you complain that they were unfairly favoring the "inflammable" creed of clothing manufacture? Now maybe other factors like cost, warmth, resistance to small arms fire, etc. are more important for a given application, but there is nothing wrong with trying to get all clothing that does not easily burn.
This law is the result of lots of publicly owned information being available only by paying a toll to one foreign company. It addresses a real problem. It is giving preferential treatment to software that is better in one specific way (that they deem very important to them). It is just like making sure government clothing buyers don't skimp on clothing and buy unsafe garments to save money in the short term. Peru, and many other countries are tired of getting burned and are taking action. I applaud them.
I'm continually amazed that MS has such traction that F/OSS has to fight to get anywhere. If MS and Linux were cars (never mind old jokes) people would be buying magazines to compare, taking test drives, and asking their buddies which one to buy.
If Ford made an exclusive deal with every home builder and renter in the country so that whenever anyone bought a home or rented a apartment they were given a free Ford car rental (included in the price of the dwelling and with no option to opt out) people would probably all drive Ford cars. They would also consider anyone who went out and bought or built another car to be some sort of weirdo. Most home manufacturers would not be able to escape from this deal either since not getting a "free" car with your house would be a deal breaker, and no one would want a chevy since it could not use ford parts (the only kind sold in parts stores), could not get repaired anywhere (since 95% of repair places only worked on fords), and since there is a huge PR campaign spreading rumors that Ford brand gasoline (the only kind easily available) may not work properly in Chevy engines (even though it does).
Once a company, like MS or Ford, has that kind of monopoly or monopolies it is very easy for them to maintain that position, especially given how corrupt our legal system is. They can buy out, price out, or lock out any new competitors. It is illegal, but politicians listen to campaign contributions more than laws. Luckily we are not in that position with cars and hopefully we will not stay in that position with OS's and office applications. I don't care who is making the money, but I do care about the cost and quality of products and without competition one goes way up while the other goes way down. I'll leave it to you to guess which is which.
For the Doom 3 they did hire a professional writer and it showed... Diablo 2 had a nice story? How is "Diablo Came Back Halfway Around the World" a nice story?
Lets see, In Diablo 2 there were what twenty four subplots, and dozens of characters with unique dialogue in each city. There was the overarching plot narrated by an interesting character and the whole thing was interesting enough that most people I know actually paid attention and read or listened to all the back story about their quests.
With Doom 3 I felt that the story was just sort of extra crap. You didn't need to really know any of it to play the game, and frankly I don't even remember what most of it was. Yeah, we're supposed to kill these demons, and then these demons. This differs from the original how? It did not hold my interest at all. If you want to see an example of an FPS with a plot and story that is really integrated and captivating, check out Marathon 2, I think it is available as an open source project now. Super intelligent AI's strong arming you into accomplishing various tasks, lying to you, Aliens who are really, really alien, plots where you are double crossed, where alien machines screw with you, and an insane AI beams you here and there while spouting bad poetry at you. All of this in a series of settings where computers you interface with have valuable data as well as meaningless, but often amusing, information about the neighborhood. I guess I just don't see Doom 3 as comparing at all. To me the story of Doom 3 seemed neither clever nor engaging. I suppose everyone has personal preferences, I'm glad you liked it.
He said, "original copyright terms" which was 14 years originally, (with an extension possible). Since that time the laws have changed drastically and copyrights will no longer expire on any work for the foreseeable future, unless political power shifts away from big business. Every time they come close the terms are extended. This results in many works, like some of the author's original works, possibly disappearing or becoming unplayable within only a decade or so. It also means that the author's life work may vanish from public consciousness even before he dies, never to be recovered. That is certainly a concern of mine as a creative artist and something I's like to hear more popular artists comment upon.
Buddha, where do you morons come from?!? The previous poster asked a pertinent question from a well respected artist about the future of his work and the possibility that the current laws either encourage him to do more work, make his work unavailable to future generations (something many artists would be upset about), or do both simultaneously. Enough people were interested in the answer to that question to mod him up. Then some lowbrow whiner like yourself shows up complaining that someone asked an intelligent question and making a slew of wild accusations and assumptions. Why don't you grow up and stop making a jackass of yourself when someone asks an adult question and quit your moaning. Just skip comments like this by, I'm sure someone will mention farts or boobies later on to entertain you.
What I think would be fun is a detective type online RPG. It might require assigned roles (i.e. player 3 is secretly the murderer) but I think it might be the best way to achieve the flexibility of plot required to keep the game interesting. It would certainly be a challenge to code though.
Diablo was not evolutionary.
I'll give you the benefit of the doubt and assume English is not your first language. I said that I would like to see games that are evolutionary (as far as graphics and gaming engine are concerned) and which are somewhat improved versions of existing games, except with a new plot, story elements, artwork etc. The Diablo series is evolutionary because Diablo 2 is a bunch of improvements on Diablo without changing anything major. I'd like to see a third version that is better yet, with the specific improvements I mentioned, which would be another evolutionary (rather than revolutionary) change.
Diablo was a Roguelike with a few fancy graphics tacked on.
Diablo was somewhat like rogue in that it had similar story elements and traditional equipment, levels, and other RPG elements, but the plot was completely different and the gameplay was completely different. The graphics were obviously improvements on ascii, there was sound, the control was via a mouse with the keyboard as secondary input, etc. etc.
why not count Doom 3 (which is Doom with fancier graphics) as "evolutionary"?
Doom 3 is evolutionary improvements on Doom 2 and Doom 1. Who would argue otherwise? The problem with Doom 3 is the lousy plot, and poor story telling. I actually look at games as being composed of three parts: gameplay, story, and display. The gameplay is the mechanics of play, what controls, what you can do, how fast it goes etc. Story is the plot and characters. Display is the graphics and sound. Doom 3 has a great display and the gameplay is OK, but nothing special. The story is crap. I wish gaming companies would hire few good writers rather than more code monkeys. Diablo 2 had a very nice story, the display was good too, but I'd like to see some evolutionary improvements to the gameplay.
I'm not the original poster, but I'll bet we both share something in common, we are not professional game designers. As a result of this we don't spend all day trying to come up with cool game ideas and are thus not particularly qualified to speak to what sort of new games can and should be made.
What I am is a consumer of games and I must say I've been pretty bored with all the unoriginal games that are just rehashed old games. I'd like to see some games that are evolutionary like the Diablo series except with better combat rather than more junk in the next version. I like fast and easy gameplay, but get bored with only having one or two ways to attack after a while. just adding attack high, medium, low, and block and making combos work would make the whole thing an order of magnitude more fun. I'd like to see some FPS games with engaging, clever, plots, like the old marathon series did. Games that make you want to read more about the plot, as part of the game rather than a game that has such a dull and contrived plot that you click past it as fast as possible to get back to the action. I'd like to see some traditional role playing games that actually stress the role playing parts, with online play where players can interact, need to speak to one another, and can customize actions. I'd like to see a strategic naval combat game with pseudo-random wind, current, and storm effects. There are plenty of other games I'd love to play if someone would make them, most of which I have never even thought of. In fact one of the few things I don't want to play is another game that is no different in plot or gameplay than an existing game. Better graphics are all well and good, but they are not a sufficient improvement to justify buying a new game. In fact in general I think far to much gaming effort goes into graphics as compared to story elements, artwork, and world building. There are some games out there that have gameplay that is a lot of fun, and I'd be happy to buy a sequel to, if the sequel was just more and better variations on the original. I'd happily shell out more money for a whole new series of Warcraft 3 campaigns, with a new plot, settings, and some new artwork. I already did so once with the Frozen throne expansion. I just wish there were more campaigns to buy that started at the beginning with new characters and plot and built up to larger things. I'd love for a company to build a base game and sell it at a reasonable price and then sell additional games that ran on the same engine and re-used most of the same elements but sold for $5-10 a pop. OK, game companies, this small segment of your audience has spoken. Bring on the new games.
Are patents evil, or are they good?
...because you know everything has to be one or the other. It's not like some things could be beneficial when applied in certain ways (like traditional patents on non-obvious inventions) and yet be detrimental when used in other ways (patenting business ideas, existing inventions, existing common practices or ideas with "on the internet" appended, software patents, etc.). Can't someone please come up with simple absolute rules for everything so we don't have to think?
It's hard to let Slashdot tell me what to think when they post stories on _both_ sides of an argument!
Yeah we all hate it when a discussion site posts both good and bad things done by a person, organization, or process. That might foster, well discussion.
Man I hope you're trying to be funny, because some days I really can't tell on Slashdot anymore.
It does matter what the EULA says.
To my knowledge the contents of an EULA have never, ever mitigated the effects of marketing claims in a court of law in the United States. If you put up advertising claiming a product does something, it does not matter how many warnings or disclaimers you put in the EULA, instructions, included literature, etc. If the disclaimer is not on the advertisement proper, then a company will lose a case claiming the consumer was misled by their advertising. If you'd like to cite any court case where this has happened I'd be quite interested to read it.
In this particular instance, all the advertisement seems very vague, and does not actually claim it will find or remove "illegal" files from your computer (as I mentioned in my previous post).
In the South Park movie, Bill Gates got shot in the head and everyone in the theater laughed. Once South Park wants to kill you, the teeming masses will follow.
I saw that movie in an on campus theater, at a university, with an audience of hundreds and hundreds of engineers and scientists. That scene received a standing ovation, hoots, screams, cries of joy, thrown popcorn, and other jubilation that drowned out the movie for the next 5 minutes.
It does not matter what the EULA says. You can sue them for false advertising and damages that resulted from it if they claim it finds "illegal" music in their advertisements, when it really just finds music in particular formats. From a quick look, however, they claim all this does is find all music and video files as well ass P2P programs on your computer and leave it up to you to decide if they are illegal. Basically, it is useless except to make it easier for clueless people to delete all the mp3's on their machine. They might be liable for their claims that anything in your shared folders is likely to be illegal, since that is a very difficult statement to back up, but it is pretty iffy.
The fact that the overwhelming number of terrorists are now young Middle Eastern males has established a profile. Their ethnicity is a component of the profile, not the reason for it.
So just because they are stopping people based upon the fact that they are a certain race, because they profiled that race as a more likely threat, does not make it racial profiling? What is racial profiling if not establishing a profile based on someone's race? Sorry, you're just completely wrong. This is racial profiling, it's just that racial profiling is not always a bad thing, just a very dangerous thing. You see it is fine to have a profile of a particular criminal, i.e. we believe our killer is young, middle eastern, likes tacos, and often wears a blue hat, and then question people matching that profile. It is not all right to generalize a profile, i.e. we believe people who are young, middle eastern, and men are likely to be terrorists, and then question all people who are young middle eastern, and men because that is discriminating against a given, race, sex, or age. It is fine to stop a black person if you believe they have committed a crime, so long as you do not believe they have committed a crime because you see that they are black and assume black people are criminals.
I wear shoes on airplanes, travel alone, am a young male and take one-way trips. That means I fit the profile except I'm Caucasian. Does that mean I get searched more? Yup. Race is not the CAUSE of the search.
Actually, no that is not all right, at least not according to the U.S. constitution. Maybe in the U.K. they think that is fine, but here we have (or used to have) certain unalienable rights. One of them specifically enumerated is the right to be safe from unreasonable searches and seizures. If they have reason to believe you have committed a crime, you can be searched, otherwise it is technically unconstitutional. A friend of mine has a stack of little metal plates with the bill of rights on them. Every time he flies they take away his rights because it is pointy. Hell, did you read that story about the aged war hero pilot who had his constitutional medal of honor taken away from him before flying, because it was pointy? The ridiculous "security" officers who provide no security and are just there as a placebo did not even know what the medal was. Heck you're not allowed to bring nail clippers into the statue of liberty because of terrorists! You never know someone might hijack the statue and force the pilot to walk all over New York like in that Ghost Busters movie. It is sick and sad the our country has become so cowardly that this asinine removal of civil rights is allowed. The media has managed to whip up such a frenzy that ordinary people are scared of terrorists all the time, despite the fact that more people drown in buckets every year in the U.S. than are killed by terrorists.
And it is people like you who are happy to bend over and take it up the ass because you're so scared of the big bad terrorist that make it all happen. Who cares if America isn't free anymore so long as the boogey man on TV does not get you. You make me sick.
Production cost doesn't set an upper limit on sale price, but it certainly does set a lower one.
I think that was pretty well covered by my original post that said, "It[cost of manufacture] is a factor in deciding whether or not to make a product, and what features are included in a product..." It's not like companies decide, hey we're going to build and sell a car that runs on hydrogen or a digital music player that is really small and uses flash memory without first estimating how much it will cost, how much people will pay, and , hence, whether or not that device will then be profitable if manufactured. They start with what people will pay and what they can make for a given price point. It's true no one sells things for less than they cost to make, barring strategic items, but the decision making happens at a much earlier point in development than you imply.
Stance 1: They're selling you a CD. If you buy a CD, you buy the limitation that it only plays on limited devices.
There is a problem with this. They aren't selling CDs in this case. Most consumers think they are buying CD players and they are in the record store with the CDs. Sometimes they are on a shelf labeled "CDs," your receipt may say CD, it looks just like a CD. It isn't a CD. It is an inferior imitation designed specifically to fool the consumer into thinking they are buying a CD, but it legally cannot be called a CD and is likely illegal to market as a CD. They are purposely misleading consumers and hoping no one notices. In my mind they deserve to be dragged into court to explain why they think this massive fraud should be allowed.
I'm always amused to see articles like this talking about profit margins and the like, as if the cost of production and marketing was a huge factor in deciding what to charge for a product. It is a factor in deciding whether or not to make a product, and what features are included in a product, but in how much to charge? You charge what people are willing to pay (actually what will make you the most profit when you balance the number of sales you will get at a given price point). I've worked at several start-up companies and seen the same scenario. We're doing OK, and getting by, hire some marketing experts to consult and they say, "well here's your problem, you're not charging enough." We quadruple the price of the product and suddenly get loads more sales. You see many people think price is equal to quality, or you get what you pay for. If you just raise the price drastically, buyers think your product is better. A good strategy seems to be seeing what your competitors are selling for, hyping one or two things you do better than them, hyping generally how much better your product is (using unspecific terms), and setting you price 10-20% higher than theirs. Everyone assumes since your product costs more it is better and 20% isn't huge, especially if they are spending their company's money instead of theirs.
Anyone who thinks the cost of producing a product has a lot to do with what it sells for is likely clueless.
Make all of TV on-demand and eliminate the need for PVRs in that sense.
That would be great, but monopolies and cartels love bundling. The Cable companies and TV studios are largely owned by the same corporations. The cable companies might be willing to give up their advertising and channels to the content providers, if they were still the delivery mechanism, but I don't see it happening without government intervention. Content providers like to sell entire shows, channels, and even groups of channels as a bundle and the cable companies enjoy the same. They have a much harder time forcing you to pay for dozens of channels and thousands of shows you don't want if they have the mechanism to deliver just the show you want to buy. It also opens them up to competition from independents, and they sure don't like having to compete based upon the quality of their shows.
From a user perspective, I think there will always be channels, but they may be more like book lists. The sci-fi channel will list hundreds of good sci-fi series and you can buy and watch any particular one. I don't see google moving into this anyway. As much as I enjoy watching random videos from DTV (which is a free version of exactly what you describe available over the internet) I don't see that the average person has the bandwidth or the means to get that video easily onto their TV. The market just isn't there unless you can come up with a huge source of content independent of the traditional production channels.