Online would probably be better and cheaper - a subscription to Mozy or something else would likely be cheaper than a hundred dvd-r's, and take much, much less effort.
If someone controls your air supply and your only way out, then you've got a de-facto strong goverment and you don't get a say in it, want it or not. I'm 99% positive that anyone sending people to moon will ensure that these people get zero access to 'weapons of equalization'.
Homesteaders got the land due to the Homestead Act granting them the right to be left alone. On the moon, however, the benefits will belong to whoever can enforce their will locally by force - it likely won't be earth governments (since it's hard to climb the gravity well to punish 'colonies'), but I'd bet that it most likely will not be the hardworking grunts either - some power structure will easily control and exploit them.
If any US investor of significant size wants to invest in FB, he can set up a shell company in Bahamas and have that company purchase the shares - I'm sure GS lawyers can present it in a neat package with a ribbon around it.
China is leading in the production of creative minds - many of them educated in US universities; while US citizen enrollments in engineeering subjects is falling. Not only US seems to be losing the front position - it seems to be losing the engine with which to move forward.
Find a way to get to some actual free market competition somehow. Here in Europe there are offers for unlimited plans at 15-20 US dollars/month, but I don't talk that much, and easily get average bills of something like 8 USD/month.
There is no reason to charge 10c for a text message - I just saw here an ad targeted at teens on cheap/limited mobile plans, offering to subscribe to unlimited free SMS at something like 2 USD/month, and teens being teens, they'll probably send a thousand SMS for that.
This is the whole point - what you describe applies to USA and USA only. What I describe applies to pretty much everywhere else. In US media, talk of identity theft is prevalent as it is a widespread local problem. Globally talk of identity theft is not really common - however, you can't get a credit card online without any ID, this is also a local characteristic of US credit market.
Elsewhere the bank wouldn't be able to collect on any such debts, people would just claim "it wasn't me" and the bank most likely couldn't offer any binding evidence to prove that you're liable even if you used your own name/data. I've no idea why/how it works in USA - it might work if the burden of proof lies on the accused person, but such concept seems implausible to me.
Business will not value reliability until consumers will start so. Not all, but most consumers will choose lower price to slightly higher reliability. My stuff doesn't have to be 100% reliable - stuff breaks, I replace it; if it breaks in the first year or two, then I get a free replacement due to warranty laws in EU; so why should I choose to pay more for vague promises of higher reliability?
In that case, why not call it what it is, forget about the whole concept of security questions, and call it 'backup password', 'secondary password' or something like that?
The whole concept of 'security questions' is completely flawed for things such as email or facebook, even if you can choose the question and the information isn't posted on the net.
Private questions to which you would know such an answer would also be most likely known by your relatives - for example, your mother definitely knows her maiden name, but that doesn't mean that she should have an easy time reading your email. Funny details about your childhood would be known by your spouse, but if you're undergoing a nasty divorce, she shouldn't be able to post offending stuff from your facebook account.
There are no easy shortcuts - it's either something you know, something you have or something you are. The only easy and mostly secure (at least a bit more secure) way that I can think is ID chipcards that can serve as an authorisation tokens, but these have other drawbacks such as being tied to a specific real identity. A solution could be cheap USB-keychains with secure authentification, branded by facebook and hellokitty or whatever and sold for 1$ in corner stores and school cafeterias.
If retailers can advertise '50% discount' while offering the normal, expected price, then it's a symptom that your truth in advertising laws aren't working for the consumers.
If you have estabilished relation with your bank, it's according to however you have agreed to identify yourself. Of course, it wouldn't be only ID's - your wife or your father would likely know them, and they can't do stuff in your name. A code calculator issued by the bank would be the most likely way for small issues.
If you don't have such a relation, or larger amounts are involved, you'd have to come in person, show secure physical ID, and sign papers. Bank would require it, check it for forgeries (e.g. standard UV light checks, the same way as for cash), scan&store a copy of your ID document, verify against online registry of stolen/lost documents, and do it quite properly - since any losses would be to the bank, not you, so it's in their interests to do everything securely. If someone gives no-presence loan without verifying this ID, then it's their problem how to collect and their loss in case of fraud.
In short, the USA identity theft problem is not related to issues of identity, secrecy, ID's or whatever - it's caused by the fact that unsecure methods (asking for name, adress and social security number) are somehow considered binding to the named person.
Here 'identity theft' means that a criminal obtains your numbers (lost/stolen documents or data, as in US), puts them in a complex forged document with his photo, and comes to the bank. The complexity is pretty much limited to organised crime as forging ID's is harder than counterfeiting money, and the person which photo is in the document is pretty much disposable with a high risk of getting arrested on the spot. As a result of this, here identity theft is generally used for large scale money laundering, opening fictional companies, etc; not petty theft from acerage people, as it's not worth the effort and risk for a few thousand dollars.
The simple solution is to publish (on wikileaks?) the address of the responsible culprit - and the military and ex-military personnel will probably somehow manage to ensure that the data isn't used for malicious purposes.
WTF are you doing that gets a $36/mth cell phone bills?
In my country with a population density similar to california, the mobile operator average revenue is 7-15 $/mth per customer. If you exclude hyperactive teenagers and take not the consumer price but the corporate large customer rates, then it's even lower. The whole concept of anything like 9 cents/minute is effectively highway robbery price that people would pay only for semi-monopoly in case the government hasn't made sure that free market competition is acrually in place... From what I've seen in mobile operator cost side, the cost is at most 1-2 cents/minute. Add a generous 100% margin, and even $0.05 per minute is unreasonably expensive.
Both touch and gesture are extremely faulty from ergonomics/RSI viewpoint - they will not be and can not be 'the future', simply as the hands of homo sapiens simply won't tolerate handling touchscreens or gesturing 8 hours a day, 5 days a week - they'll get too tired much, much sooner; and if you *need* to use them still while tired, greet RSI and damage to your hands.
Mouse+keyboard causes problems for some people in excessive use and can often be fixed with proper positioning. Full-day use of touchscreens and gestures will cause problems for everyone.
Really, even a full day of having your hands touching but not resting on a touchscreen would be physically impossible. A full day of having your arms raised in whatever gesture would be physically impossible.
Touch/gesture interfaces are suitable for occasional use, but not for replacing your main workday interface. Sorry, but you'll have to find something else that involves a rested position of your main muscles.
The current Iran regime is in place only because USA had issues with previous one. If they don't like this Iran - well, if they still have the receipts, they can go back to the store and ask for a refund.
According to the TFA, this has killed at least 6 people in the last year, so in this case the communication between two machines was 'life and death'. Or wasn't it?
There are two main scenarios - reducing errors and reducing malice. Four-eyes in IT can often be circumvented intentionally, but still does great for reducing errors in important situations. Possibility for efficient after-action audits doesn't do anything for errors, but does wonders for reducing malicious actions, as potential offenders expect that they would get caught and not enjoy the expected benefits; eliminating greed as motivator is a great reduction and just leaves 'kamikaze' guys which are a true minority.
In any area - finance, inventory, management, operations, logistics, etc - there's no silver bullet solution that eliminates risks. However, many approaches can get an order of magnitude or two of risk reduction. To put it on a simple, though exagerrated example - I don't know the details, but in your opinion does google.com DNS entry have an administrator that is able to single-handedly change these settings? Many trivial things mayh be too risky to trust to a single person's typo or unexpected drowsiness or anything, even if that person is a true guru.
who is stopping your CEO from making those really bad decisions
The board; other executive officers, and limitations for class of big decisions that requite a vote of shareholders; (especially in non-public companies)
or your FD from siphoning the cash,
Periodic independent audit, as well as requirement of extra authorisation for amounts above X - in any well managed company FD can't siphon all cash without other officers getting dirty as well;
or a whole host of other areas where you trust one person to do a job?
There are no other areas where high-risk issues are trusted to one person without serious oversight. In most companies the IT management and auditing is either solved as well, or the only remaining weak point with this problem - that's why the article is there.
Valuing persons and treating them well is in no way a solution - compare 'security by obscurity' vs. 'security by goodwill' vs. 'security by prayer' and you'll find some similarities.
Four-eyes principle stops a lot of potential malice, as the likelihood of both keyholders being ethically faulty and not betraying each other is much, much lower than simple chance of one person being ethically faulty.
Installation of back doors along with a normal software upgrade is a prime reason why someone other than 'your prime sysop' needs to periodically verify stuff; if you don't mirror, then you ask for outside audit of stuff; have secure write-only logging of 'root' tasks to a system which is completely controlled by someone else, etc.
Of course, it depends on the risks - if the worst your sysadmin can do is shut down an informative website that you have, then it's no big deal. If it's a payment system that can fund a life-long vacation in the Bahama's for an opportunistic administrator, then we're talking about all such measures.
In addition, GPL doesn't mean that they have to provide the utility free of charge to anyone - they simply must include the source + GPL rights to those people that buy their product.
You really can taste if the animal has been fed from pastures or from industrial feedstock; and you can taste if the muscles have been used by the animal moving around. Good life? Well, there's some correlation with these issues and 'good life', but happiness is not so relevant.
Slashdot Mirror
Online would probably be better and cheaper - a subscription to Mozy or something else would likely be cheaper than a hundred dvd-r's, and take much, much less effort.
If someone controls your air supply and your only way out, then you've got a de-facto strong goverment and you don't get a say in it, want it or not.
I'm 99% positive that anyone sending people to moon will ensure that these people get zero access to 'weapons of equalization'.
As far as I remember, Open Office could read and write .docx formats easily, so wouldn't OO also qualify for this requirement?
Anything that actually happens is 'scientific' enough to investigate.
Nature and the truth doesn't care about what seems reasonable and interesting - what works, works, and should be studied scientifically.
Homesteaders got the land due to the Homestead Act granting them the right to be left alone. On the moon, however, the benefits will belong to whoever can enforce their will locally by force - it likely won't be earth governments (since it's hard to climb the gravity well to punish 'colonies'), but I'd bet that it most likely will not be the hardworking grunts either - some power structure will easily control and exploit them.
If any US investor of significant size wants to invest in FB, he can set up a shell company in Bahamas and have that company purchase the shares - I'm sure GS lawyers can present it in a neat package with a ribbon around it.
China is leading in the production of creative minds - many of them educated in US universities; while US citizen enrollments in engineeering subjects is falling.
Not only US seems to be losing the front position - it seems to be losing the engine with which to move forward.
Find a way to get to some actual free market competition somehow. Here in Europe there are offers for unlimited plans at 15-20 US dollars/month, but I don't talk that much, and easily get average bills of something like 8 USD/month.
There is no reason to charge 10c for a text message - I just saw here an ad targeted at teens on cheap/limited mobile plans, offering to subscribe to unlimited free SMS at something like 2 USD/month, and teens being teens, they'll probably send a thousand SMS for that.
With an optional upgrade, the office bot will be able perform these functions as well.
This is the whole point - what you describe applies to USA and USA only. What I describe applies to pretty much everywhere else. In US media, talk of identity theft is prevalent as it is a widespread local problem. Globally talk of identity theft is not really common - however, you can't get a credit card online without any ID, this is also a local characteristic of US credit market.
Elsewhere the bank wouldn't be able to collect on any such debts, people would just claim "it wasn't me" and the bank most likely couldn't offer any binding evidence to prove that you're liable even if you used your own name/data. I've no idea why/how it works in USA - it might work if the burden of proof lies on the accused person, but such concept seems implausible to me.
Business will not value reliability until consumers will start so.
Not all, but most consumers will choose lower price to slightly higher reliability. My stuff doesn't have to be 100% reliable - stuff breaks, I replace it; if it breaks in the first year or two, then I get a free replacement due to warranty laws in EU; so why should I choose to pay more for vague promises of higher reliability?
In that case, why not call it what it is, forget about the whole concept of security questions, and call it 'backup password', 'secondary password' or something like that?
The whole concept of 'security questions' is completely flawed for things such as email or facebook, even if you can choose the question and the information isn't posted on the net.
Private questions to which you would know such an answer would also be most likely known by your relatives - for example, your mother definitely knows her maiden name, but that doesn't mean that she should have an easy time reading your email. Funny details about your childhood would be known by your spouse, but if you're undergoing a nasty divorce, she shouldn't be able to post offending stuff from your facebook account.
There are no easy shortcuts - it's either something you know, something you have or something you are. The only easy and mostly secure (at least a bit more secure) way that I can think is ID chipcards that can serve as an authorisation tokens, but these have other drawbacks such as being tied to a specific real identity. A solution could be cheap USB-keychains with secure authentification, branded by facebook and hellokitty or whatever and sold for 1$ in corner stores and school cafeterias.
If retailers can advertise '50% discount' while offering the normal, expected price, then it's a symptom that your truth in advertising laws aren't working for the consumers.
If you have estabilished relation with your bank, it's according to however you have agreed to identify yourself. Of course, it wouldn't be only ID's - your wife or your father would likely know them, and they can't do stuff in your name. A code calculator issued by the bank would be the most likely way for small issues.
If you don't have such a relation, or larger amounts are involved, you'd have to come in person, show secure physical ID, and sign papers. Bank would require it, check it for forgeries (e.g. standard UV light checks, the same way as for cash), scan&store a copy of your ID document, verify against online registry of stolen/lost documents, and do it quite properly - since any losses would be to the bank, not you, so it's in their interests to do everything securely. If someone gives no-presence loan without verifying this ID, then it's their problem how to collect and their loss in case of fraud.
In short, the USA identity theft problem is not related to issues of identity, secrecy, ID's or whatever - it's caused by the fact that unsecure methods (asking for name, adress and social security number) are somehow considered binding to the named person.
Here 'identity theft' means that a criminal obtains your numbers (lost/stolen documents or data, as in US), puts them in a complex forged document with his photo, and comes to the bank. The complexity is pretty much limited to organised crime as forging ID's is harder than counterfeiting money, and the person which photo is in the document is pretty much disposable with a high risk of getting arrested on the spot. As a result of this, here identity theft is generally used for large scale money laundering, opening fictional companies, etc; not petty theft from acerage people, as it's not worth the effort and risk for a few thousand dollars.
The simple solution is to publish (on wikileaks?) the address of the responsible culprit - and the military and ex-military personnel will probably somehow manage to ensure that the data isn't used for malicious purposes.
WTF are you doing that gets a $36/mth cell phone bills?
In my country with a population density similar to california, the mobile operator average revenue is 7-15 $/mth per customer. If you exclude hyperactive teenagers and take not the consumer price but the corporate large customer rates, then it's even lower. The whole concept of anything like 9 cents/minute is effectively highway robbery price that people would pay only for semi-monopoly in case the government hasn't made sure that free market competition is acrually in place... From what I've seen in mobile operator cost side, the cost is at most 1-2 cents/minute. Add a generous 100% margin, and even $0.05 per minute is unreasonably expensive.
Both touch and gesture are extremely faulty from ergonomics/RSI viewpoint - they will not be and can not be 'the future', simply as the hands of homo sapiens simply won't tolerate handling touchscreens or gesturing 8 hours a day, 5 days a week - they'll get too tired much, much sooner; and if you *need* to use them still while tired, greet RSI and damage to your hands.
Mouse+keyboard causes problems for some people in excessive use and can often be fixed with proper positioning. Full-day use of touchscreens and gestures will cause problems for everyone.
Really, even a full day of having your hands touching but not resting on a touchscreen would be physically impossible. A full day of having your arms raised in whatever gesture would be physically impossible.
Touch/gesture interfaces are suitable for occasional use, but not for replacing your main workday interface. Sorry, but you'll have to find something else that involves a rested position of your main muscles.
The current Iran regime is in place only because USA had issues with previous one. If they don't like this Iran - well, if they still have the receipts, they can go back to the store and ask for a refund.
According to the TFA, this has killed at least 6 people in the last year, so in this case the communication between two machines was 'life and death'. Or wasn't it?
There are two main scenarios - reducing errors and reducing malice. Four-eyes in IT can often be circumvented intentionally, but still does great for reducing errors in important situations. Possibility for efficient after-action audits doesn't do anything for errors, but does wonders for reducing malicious actions, as potential offenders expect that they would get caught and not enjoy the expected benefits; eliminating greed as motivator is a great reduction and just leaves 'kamikaze' guys which are a true minority.
In any area - finance, inventory, management, operations, logistics, etc - there's no silver bullet solution that eliminates risks. However, many approaches can get an order of magnitude or two of risk reduction. To put it on a simple, though exagerrated example - I don't know the details, but in your opinion does google.com DNS entry have an administrator that is able to single-handedly change these settings? Many trivial things mayh be too risky to trust to a single person's typo or unexpected drowsiness or anything, even if that person is a true guru.
who is stopping your CEO from making those really bad decisions
The board; other executive officers, and limitations for class of big decisions that requite a vote of shareholders; (especially in non-public companies)
or your FD from siphoning the cash,
Periodic independent audit, as well as requirement of extra authorisation for amounts above X - in any well managed company FD can't siphon all cash without other officers getting dirty as well;
or a whole host of other areas where you trust one person to do a job?
There are no other areas where high-risk issues are trusted to one person without serious oversight. In most companies the IT management and auditing is either solved as well, or the only remaining weak point with this problem - that's why the article is there.
Valuing persons and treating them well is in no way a solution - compare 'security by obscurity' vs. 'security by goodwill' vs. 'security by prayer' and you'll find some similarities.
Four-eyes principle stops a lot of potential malice, as the likelihood of both keyholders being ethically faulty and not betraying each other is much, much lower than simple chance of one person being ethically faulty.
Installation of back doors along with a normal software upgrade is a prime reason why someone other than 'your prime sysop' needs to periodically verify stuff; if you don't mirror, then you ask for outside audit of stuff; have secure write-only logging of 'root' tasks to a system which is completely controlled by someone else, etc.
Of course, it depends on the risks - if the worst your sysadmin can do is shut down an informative website that you have, then it's no big deal. If it's a payment system that can fund a life-long vacation in the Bahama's for an opportunistic administrator, then we're talking about all such measures.
In addition, GPL doesn't mean that they have to provide the utility free of charge to anyone - they simply must include the source + GPL rights to those people that buy their product.
You really can taste if the animal has been fed from pastures or from industrial feedstock; and you can taste if the muscles have been used by the animal moving around. Good life? Well, there's some correlation with these issues and 'good life', but happiness is not so relevant.
In addition to the other security features, some extra additional obscurity only helps. In physical world much more so than digital, though.