You said it yourself - the problem is that they get it wrong, not that they do it. I use a regular expression that checks that it matches the RFC specification. A double hyphen passes, as does an address with a + in. I confirm the addresses afterward, the validation is just to check that they haven't done anything really stupid, like starting their street address in the "email address" field.
Validation is mostly about helping the user - I can't tell if they've put an incorrect address/email address/name/whatever, but I can save them the hassle of having to redo the form if they make an obvious mistake.
This setup varies from alarm to alarm. Check in time can be long, and on a cheap system you'll often find a long check in interval with no other protection. However, other systems have much shorter intervals - I've seen as short as 30 seconds. If a packet is missed it is also common to require a resend (possibly on a different frequency) in a rather shorter time frame. Of course on something you buy from a chain store for $20 the sensors will likely be trivial to disable - but then these tend to be susceptible to rather less sophisticated attacks.
The most inventive system I've seen polled the wireless sensors once every 5 minutes and generated a fault after 2 misses. However, this was combined with several radio detectors that were wired in to the base station. If these detected radio noise on the frequencies used they would require the sensors to reply immediately or trigger a fault. Quite why the original engineer didn't just wire the other sensors in too I don't know, but it was a pretty clever setup.
Heh yeah, I have a similar story. My friend recently bought a new laptop, which came with Vista preinstalled. The first time it booted up it did its first-boot initialization - which caused a crash. On reboot it crashed again. And again. It took 5 or 6 restarts before it became usable, and even then the keyboard bindings were totally wrong.
He's actually totally happy with it now, but whoever created the image for that particular model was clearly a complete idiot.
If DRM restricted what I did to things I am legally allowed to I wouldn't mind - because that would be no restriction on me at all. Such a system would, for me, be totally transparent - I would neither know nor care whether the files carried DRM.
I would support a system that limited use to that which is legal (although I accept that this might not work in countries where the law is stricter). If I could play my music on my devices, take it with me when I move around, use it for whatever I want, I wouldn't have any issue with the files being impossible to share with other people or distribute. I don't do those things, and I recognize that if people get their music for free instead of buying it then the industry that produces that music has some pretty big problems. I work for a small music label, and we're having to massively scale back our operation because we aren't selling music like we used to. Is there demand for it? Well, we get a few thousand downloads a week on bittorrent, so I think there is. You can buy our music at 2 euros per album (9 euros for the physical CD version), we offer previews of everything, unlimited free re-downloads, choice of format and no DRM. We go massively out of our way to ensure that it is easy, painless and risk free to buy our music, because people said that they download illegally because it's a superior product. In our case, it's not. It's normally a lower quality version, it takes longer to download over bittorrent, and it comes with none of our after-sales support. People pirate it anyway because when it comes down to it they don't want to pay anything. There is no magic business model to fix this. People want the music, but they prefer not to pay and file sharing services allow them to get exactly what they want.
I understand that it's a pipe dream. I admit that there are significant technical hurdles, and that I can't see any solutions that don't involve magic. But I don't see any objection to DRM that works properly. DRM that allows you to listen to music you've bought but doesn't allow you to give it to everyone else.
I'm not desperate. My job is secure, my future is secure. But there's no point continuing to claim that this is a reaction to the music industry's stupidity. People have seen that they can get their music for free, with no perceived risk to themselves, and they like it. There is no new business plan that will cause those who have taken to downloading music to buy it again. And unless something changes that, it will continue to become more and more unprofitable to produce music, and we will start to see that reflected in the music that gets produced.
The problem with a system like this is that if you can build a program to find all the images of aardvarks, so can I. You can modify your images a bit, but you can't make any big changes without potentially losing the "aardvarkness" of the image, and modern image comparison algorithms are pretty good at identifying largely similar images. If I know what you might ask me to identify and where your images come from I can do trivial comparisons.
This ignores several other problems. Copyright is one - you can't just pull images from Google. Reliability is another; in all three of your searches once you get beyond the first page, the results become rather harder to identify - unless you can rely on your users to know that a boat is tagged as an octopus, as are some toys, a hand.. then you're going to have to do some substantial pruning, which rather diminishes the "completely automated" aspect of the CAPTCHA.
I suspect, in fact, that any system using images taken from Google images (or another public online source) would probably be more reliably solved by a computer program than by a human - once you know the database being used, the accuracy of robust image comparison functions normally breaks 90%, and unlike humans it can succeed even when Google has tagged a random object as an animal. By enlisting Google's public database you can expand your database, but if the hacker can search the same database that you use then that isn't really much help.
The flaw is a necessary effect of the basis of the system. The system works because it is (currently) not possible to use a computer to categorise images of animals. This also means, though, that to use the system you need a database of animal pictures that have been categorised by humans, and this database needs to be unavailable to the public. Such databases exist only for popular pets - which basically means cats and dogs.
In a rational world, just using a private, personal account for state buisiness would be enough to get her fired.
Why would a "rational world" dole out a harsh punishment for an infraction regardless of the reasons behind it or the severity of the consequences? Surely a rational world would weigh up what actually happened, and if it was an accidental, innocent transgression with no real ill-effects would refrain from firing her? In other words they would make the punishment fit the crime, rather than applying the same treatment to every transgressor.
I was in a crash when the driver of the minibus I was in was distracted by changing the radio station. I wouldn't however support a ban on changing radio stations while driving, because the problem, as always, wasn't the action itself but the way it was carried out.
There's no reason changing radio stations, eating, using a phone or many other simple tasks can't be done safely. The accident I was in happened because the driver was looking down at the controls of the radio for an extended period while trying to tune it in just right; obviously looking away from the road and not thinking about driving for an extended period is an unsafe thing to do while behind the wheel! Whether you want to change radio station, eat, dial a phone or anything else, the question to ask yourself is whether you can do it safely without interfering with your ability to drive - if you can there's no problem.
Could you create a protocol that always operated at maximum bandwidth and which filled that extra bandwidth with bogus or random data to make intercepting and extracting useful information cost prohibative (money, resources, computation limits, etc)?
Yes, a proof of concept is online at http://youtube.com. Originally they used/dev/random, but that is a useful resource. Using Britney Spears clips with user comments enabled allows for truly useless noise.
Well yes, but saying that is rather missing the point. Most people don't want to connect the microphone and speaker sockets on their computer, or position a microphone in front of the speakers, or even watch their network traffic to look for the original file. They want a button they can press when they hear a song they like that lets them save it on their computer to play it whenever they want. And they are willing to pay for that - as long as it's cheap and easy. Since amazon is easy for most people (because they've used it before, so they know how it works and have an account) they are a natural partner for this scheme. Myspace's player is just advertising really - they don't care if a few people who wouldn't have bought the song anyway manage to save it for free as long as some people who hear it click the "buy" button.
Perhaps once it's been running for a while Google won't need to improve their algorithms at all. Hell, they could probably abandon them completely and move to a human-moderated index.
Slight problem with that - how does anything new then get added to the index. Since very few people move beyond the first page of search results all that this can possibly achieve is to reorder the first page a little. And that's discounting the botnets that will certainly be brought to bear the moment anything like this becomes reality.
I'm not an expert by any stretch of the imagination, but I read an article about this in last week's Economist which suggests that the overall number and size of clouds wouldn't be affected, it would be the size of the water particles in them, smaller particles making the clouds more reflective. This suggests that any effect on the weather would be tiny.
The point raised in the Economist, however, was that there are potential problems with this. Firstly, if we ever stopped spraying the heat level would be back to "normal" in a couple of days; this is good because it allows us to stop the change if it turns out to be a bad idea, but it also means that if something were to go wrong and the ships stopped we could see huge temperature changes overnight. Secondly, this doesn't help with other problems associated with excess CO2 - the one they mentioned was the changed pH of the ocean, which would affect animals' ability to create shells and could have huge knock-on effects.
Regarding being easier and safer to just stop using fossil fuels - that's not really an option. We can't possibly just stop overnight, we don't have any alternative. Even if measures like this, or the other suggestions (e.g. fertilizing the oceans with iron to promote growth of algae) don't just solve the problem, they may prove to be vital if a huge climate-related disaster becomes imminent and we need to stop climate change quickly to get some breathing room. Even if we don't use them, the option to buy ourselves 20 years if it becomes necessary is comforting. Perhaps too comforting, of course, when moral hazard comes into play.
I don't know how much truth there is to the number, but from various/. articles I've heard a 5% failure rate widely claimed for electronic devices. I understand that this deals with the whole device and not the batteries, but we're comparing 5% to less than.001%.
This is hardly a meaningful comparison! We aren't talking about a fault that renders the device unusable, we're talking about it spontaneously combusting, and that certainly doesn't happen in those 5% of "failures".
You compare this to car accidents - you need to remember that the vast majority of car accidents are both minor and caused by driver error. If people's cars started catching fire randomly - even if the fire was only the size of a nano - there would be quite an outcry.
We're in the process of rolling this feature out to all Gmail and Google Apps users, so check back in your Settings menu if you don't see it right away.
Not only that - the technique seems overly simplistic and rather optimistic.
The M3 has three high security features: 1) Sidebar. This means that the peaks on the key are milled at an angle and rotate the pins as well as lifting them 2) Slider. This is like a long, horizontal pin that must be depressed. 3) Key control.
The third of these - key control - is not relevant to the feasability of duplicating the key.
The slider is the weaker security measure. Its main use is in preventing M3 keys being duplicated on standard key blanks or milled out of sheets of metal. The only problem is that, since the M3 keyway is quite wide, it is possible to insert a separate pick and depress the slider - apparently this is possible with a paperclip. However it must be remembered that the M3 can ship with custom keyways, and as such the fact that a "standard" M3 is vulnerable to this simple attack doesn't mean that it will be possible against the White House.
The side bar is what seems to me to be the biggest obstacle. The authors of this attack claim to be able to make a copy of any key simply by using a photo of the key and some plastic. However, judging angles from a photograph is far from easy, and the M3 is built to very tight tolerances, meaning that the rotations must be accurate. If you get the angles wrong you risk jamming the lock; not a problem with the authors' test locks, where they could simply start again, but a big problem in a break-in.
Finally, the article talks about Medeco locks being "unpickable" and this being the first time locksmiths have ever heard of it being attackable. This is untrue - it is possible (albeit extremely difficult) to pick an M3 with standard picks. Specialist picks also exist for the M3 which make it much easier (although it is still a good lock). And it is worth pointing out that this is not a blanket attack against high-security locks; other brands use techniques such as dimples milled into the side of the key, which would be immune to this technique.
Basically what I'm trying to say is that this seems much less of a big deal than the article author seems to think. Bypassing your own lock is very different that "destroying the security" completely.
You're still ignoring the fact that it's very difficult to check large numbers of people's DNA. A big point in favour of normal identity shopping is that you can check lots of people - which is very important when not all of them will sell their passports. If you've got to match more criteria you need to check more people to get as many matches - and with biometrics this is going to be very hard.
The day when real biometrics are included on passports is a long way off, and honestly I hope it never comes - but even if it does, the birthday problem will be enough to enable identity shopping.
I don't think this is true. Firstly, just because you're using biometrics the visual check doesn't disappear - you now have a much higher bar to jump to get through on someone else's passport. Secondly, identity shopping for biometrics would be far from easy; you can't just wander around looking for people that resemble you, you need to be able to check a lot of people's DNA. Thirdly, this isn't an application of the birthday problem. You aren't trying to find two random people with similar passports, you're trying to find someone with a passport that is a close fit for a specific person - there's a big difference.
On the much broader platform of the internet, there is no universally determinable MORE IMPORTANT data. Example: How is a phone call from one kid about the smell of farts (VOIP data) more important than a video about Ron Paul's efforts distributed via P2P? There is no qualitative value that can be placed on the data beyond any data that may be important to simply maintain network function.
This doesn't have to be about more important though - or at least it doesn't have to be about more important to a person.
Different technologies need different things; P2P simply needs the highest average bandwidth it can get - and it doesn't make much difference if that's through bursts of 5s at 110 and 5s at 90 or a constant 100. VOIP doesn't need as much bandwidth as it can get - it might be happy with one fifth the bandwidth the P2P program can use. But it needs that bandwidth to be available consistently.
Throttling and separating data doesn't have to be about slowing down P2P access; it can simply mean recognising that different programs use the internet in different ways, and what is useful for a P2P application isn't necessarily perfect for other applications.
This doesn't have to be about discrimination against some users. Another user posted the analogy of the postal service, and I think it's quite a good one. At the sorting office, some letters are prioritised for dispatch, not because they are more important but because they require further processing or simply have to travel farther. This isn't a way of treating peoples post differently, it's a way to ensure that everyone's letters get through on time. This system could be used in much the same way - let P2P applications have their bandwidth. When the network isn't saturated give them all they can eat, even if it's more than they pay for - and 99% of the time the network isn't saturated. When the network becomes saturated - probably for a short period of time - prioritise VOIP and streaming video packets. Not because the content or the user is more important, but because the application requires consistent throughput to a much greater extent.
Sharing doesn't have to mean 100% equal 100% of the time. This is a reaction to a bad situation - massive overselling of the finite network resources. But even if there were enough resources for everyone 24/7, dynamic throttling would allow near 100% use all the time - which is a much better solution for the user than having the network at 50% use if only 50% of users are online.
Slashdot Mirror
You said it yourself - the problem is that they get it wrong, not that they do it. I use a regular expression that checks that it matches the RFC specification. A double hyphen passes, as does an address with a + in. I confirm the addresses afterward, the validation is just to check that they haven't done anything really stupid, like starting their street address in the "email address" field.
Validation is mostly about helping the user - I can't tell if they've put an incorrect address/email address/name/whatever, but I can save them the hassle of having to redo the form if they make an obvious mistake.
This setup varies from alarm to alarm. Check in time can be long, and on a cheap system you'll often find a long check in interval with no other protection. However, other systems have much shorter intervals - I've seen as short as 30 seconds. If a packet is missed it is also common to require a resend (possibly on a different frequency) in a rather shorter time frame. Of course on something you buy from a chain store for $20 the sensors will likely be trivial to disable - but then these tend to be susceptible to rather less sophisticated attacks.
The most inventive system I've seen polled the wireless sensors once every 5 minutes and generated a fault after 2 misses. However, this was combined with several radio detectors that were wired in to the base station. If these detected radio noise on the frequencies used they would require the sensors to reply immediately or trigger a fault. Quite why the original engineer didn't just wire the other sensors in too I don't know, but it was a pretty clever setup.
preferably with a substitute message saying message was dropped because sender.
Did you design the error messages for Windows?
Heh yeah, I have a similar story. My friend recently bought a new laptop, which came with Vista preinstalled. The first time it booted up it did its first-boot initialization - which caused a crash. On reboot it crashed again. And again. It took 5 or 6 restarts before it became usable, and even then the keyboard bindings were totally wrong.
He's actually totally happy with it now, but whoever created the image for that particular model was clearly a complete idiot.
You could ask a friend to download it and mail a CD
This is Slashdot, you insensitive clod!
If DRM restricted what I did to things I am legally allowed to I wouldn't mind - because that would be no restriction on me at all. Such a system would, for me, be totally transparent - I would neither know nor care whether the files carried DRM.
I would support a system that limited use to that which is legal (although I accept that this might not work in countries where the law is stricter). If I could play my music on my devices, take it with me when I move around, use it for whatever I want, I wouldn't have any issue with the files being impossible to share with other people or distribute. I don't do those things, and I recognize that if people get their music for free instead of buying it then the industry that produces that music has some pretty big problems. I work for a small music label, and we're having to massively scale back our operation because we aren't selling music like we used to. Is there demand for it? Well, we get a few thousand downloads a week on bittorrent, so I think there is. You can buy our music at 2 euros per album (9 euros for the physical CD version), we offer previews of everything, unlimited free re-downloads, choice of format and no DRM. We go massively out of our way to ensure that it is easy, painless and risk free to buy our music, because people said that they download illegally because it's a superior product. In our case, it's not. It's normally a lower quality version, it takes longer to download over bittorrent, and it comes with none of our after-sales support. People pirate it anyway because when it comes down to it they don't want to pay anything. There is no magic business model to fix this. People want the music, but they prefer not to pay and file sharing services allow them to get exactly what they want.
I understand that it's a pipe dream. I admit that there are significant technical hurdles, and that I can't see any solutions that don't involve magic. But I don't see any objection to DRM that works properly. DRM that allows you to listen to music you've bought but doesn't allow you to give it to everyone else.
I'm not desperate. My job is secure, my future is secure. But there's no point continuing to claim that this is a reaction to the music industry's stupidity. People have seen that they can get their music for free, with no perceived risk to themselves, and they like it. There is no new business plan that will cause those who have taken to downloading music to buy it again. And unless something changes that, it will continue to become more and more unprofitable to produce music, and we will start to see that reflected in the music that gets produced.
Anyone who thinks different can suck my cock.
Big mistake. This is Slashdot - everyone will disagree with you, but it'll be a lot worse for you than for them...
The problem with a system like this is that if you can build a program to find all the images of aardvarks, so can I. You can modify your images a bit, but you can't make any big changes without potentially losing the "aardvarkness" of the image, and modern image comparison algorithms are pretty good at identifying largely similar images. If I know what you might ask me to identify and where your images come from I can do trivial comparisons.
This ignores several other problems. Copyright is one - you can't just pull images from Google. Reliability is another; in all three of your searches once you get beyond the first page, the results become rather harder to identify - unless you can rely on your users to know that a boat is tagged as an octopus, as are some toys, a hand.. then you're going to have to do some substantial pruning, which rather diminishes the "completely automated" aspect of the CAPTCHA.
I suspect, in fact, that any system using images taken from Google images (or another public online source) would probably be more reliably solved by a computer program than by a human - once you know the database being used, the accuracy of robust image comparison functions normally breaks 90%, and unlike humans it can succeed even when Google has tagged a random object as an animal. By enlisting Google's public database you can expand your database, but if the hacker can search the same database that you use then that isn't really much help.
Their flaw was limiting it to just dogs and cats.
The flaw is a necessary effect of the basis of the system. The system works because it is (currently) not possible to use a computer to categorise images of animals. This also means, though, that to use the system you need a database of animal pictures that have been categorised by humans, and this database needs to be unavailable to the public. Such databases exist only for popular pets - which basically means cats and dogs.
In a rational world, just using a private, personal account for state buisiness would be enough to get her fired.
Why would a "rational world" dole out a harsh punishment for an infraction regardless of the reasons behind it or the severity of the consequences? Surely a rational world would weigh up what actually happened, and if it was an accidental, innocent transgression with no real ill-effects would refrain from firing her? In other words they would make the punishment fit the crime, rather than applying the same treatment to every transgressor.
I was in a crash when the driver of the minibus I was in was distracted by changing the radio station. I wouldn't however support a ban on changing radio stations while driving, because the problem, as always, wasn't the action itself but the way it was carried out.
There's no reason changing radio stations, eating, using a phone or many other simple tasks can't be done safely. The accident I was in happened because the driver was looking down at the controls of the radio for an extended period while trying to tune it in just right; obviously looking away from the road and not thinking about driving for an extended period is an unsafe thing to do while behind the wheel! Whether you want to change radio station, eat, dial a phone or anything else, the question to ask yourself is whether you can do it safely without interfering with your ability to drive - if you can there's no problem.
Could you create a protocol that always operated at maximum bandwidth and which filled that extra bandwidth with bogus or random data to make intercepting and extracting useful information cost prohibative (money, resources, computation limits, etc)?
Yes, a proof of concept is online at http://youtube.com. Originally they used /dev/random, but that is a useful resource. Using Britney Spears clips with user comments enabled allows for truly useless noise.
Here's [oynot.com] a spread sheet you can play with to calculate ROI [...] I haven't looked at it
You, sir, are the first honest slashdotter I've encountered.
Well yes, but saying that is rather missing the point. Most people don't want to connect the microphone and speaker sockets on their computer, or position a microphone in front of the speakers, or even watch their network traffic to look for the original file. They want a button they can press when they hear a song they like that lets them save it on their computer to play it whenever they want. And they are willing to pay for that - as long as it's cheap and easy. Since amazon is easy for most people (because they've used it before, so they know how it works and have an account) they are a natural partner for this scheme. Myspace's player is just advertising really - they don't care if a few people who wouldn't have bought the song anyway manage to save it for free as long as some people who hear it click the "buy" button.
Perhaps once it's been running for a while Google won't need to improve their algorithms at all. Hell, they could probably abandon them completely and move to a human-moderated index.
Slight problem with that - how does anything new then get added to the index. Since very few people move beyond the first page of search results all that this can possibly achieve is to reorder the first page a little. And that's discounting the botnets that will certainly be brought to bear the moment anything like this becomes reality.
I'm not an expert by any stretch of the imagination, but I read an article about this in last week's Economist which suggests that the overall number and size of clouds wouldn't be affected, it would be the size of the water particles in them, smaller particles making the clouds more reflective. This suggests that any effect on the weather would be tiny.
The point raised in the Economist, however, was that there are potential problems with this. Firstly, if we ever stopped spraying the heat level would be back to "normal" in a couple of days; this is good because it allows us to stop the change if it turns out to be a bad idea, but it also means that if something were to go wrong and the ships stopped we could see huge temperature changes overnight. Secondly, this doesn't help with other problems associated with excess CO2 - the one they mentioned was the changed pH of the ocean, which would affect animals' ability to create shells and could have huge knock-on effects.
Regarding being easier and safer to just stop using fossil fuels - that's not really an option. We can't possibly just stop overnight, we don't have any alternative. Even if measures like this, or the other suggestions (e.g. fertilizing the oceans with iron to promote growth of algae) don't just solve the problem, they may prove to be vital if a huge climate-related disaster becomes imminent and we need to stop climate change quickly to get some breathing room. Even if we don't use them, the option to buy ourselves 20 years if it becomes necessary is comforting. Perhaps too comforting, of course, when moral hazard comes into play.
If you don't have a person's email address, then they're not exactly your 'friend', are they?
Clearly you're not new here...
I don't know how much truth there is to the number, but from various /. articles I've heard a 5% failure rate widely claimed for electronic devices. I understand that this deals with the whole device and not the batteries, but we're comparing 5% to less than .001%.
This is hardly a meaningful comparison! We aren't talking about a fault that renders the device unusable, we're talking about it spontaneously combusting, and that certainly doesn't happen in those 5% of "failures".
You compare this to car accidents - you need to remember that the vast majority of car accidents are both minor and caused by driver error. If people's cars started catching fire randomly - even if the fire was only the size of a nano - there would be quite an outcry.
We're in the process of rolling this feature out to all Gmail and Google Apps users, so check back in your Settings menu if you don't see it right away.
Not only that - the technique seems overly simplistic and rather optimistic.
The M3 has three high security features:
1) Sidebar. This means that the peaks on the key are milled at an angle and rotate the pins as well as lifting them
2) Slider. This is like a long, horizontal pin that must be depressed.
3) Key control.
The third of these - key control - is not relevant to the feasability of duplicating the key.
The slider is the weaker security measure. Its main use is in preventing M3 keys being duplicated on standard key blanks or milled out of sheets of metal. The only problem is that, since the M3 keyway is quite wide, it is possible to insert a separate pick and depress the slider - apparently this is possible with a paperclip. However it must be remembered that the M3 can ship with custom keyways, and as such the fact that a "standard" M3 is vulnerable to this simple attack doesn't mean that it will be possible against the White House.
The side bar is what seems to me to be the biggest obstacle. The authors of this attack claim to be able to make a copy of any key simply by using a photo of the key and some plastic. However, judging angles from a photograph is far from easy, and the M3 is built to very tight tolerances, meaning that the rotations must be accurate. If you get the angles wrong you risk jamming the lock; not a problem with the authors' test locks, where they could simply start again, but a big problem in a break-in.
Finally, the article talks about Medeco locks being "unpickable" and this being the first time locksmiths have ever heard of it being attackable. This is untrue - it is possible (albeit extremely difficult) to pick an M3 with standard picks. Specialist picks also exist for the M3 which make it much easier (although it is still a good lock). And it is worth pointing out that this is not a blanket attack against high-security locks; other brands use techniques such as dimples milled into the side of the key, which would be immune to this technique.
Basically what I'm trying to say is that this seems much less of a big deal than the article author seems to think. Bypassing your own lock is very different that "destroying the security" completely.
My mistake - but the point is still valid. You can't walk through a city centre looking out for people with similar fingerprints and retinas to you!
You're still ignoring the fact that it's very difficult to check large numbers of people's DNA. A big point in favour of normal identity shopping is that you can check lots of people - which is very important when not all of them will sell their passports. If you've got to match more criteria you need to check more people to get as many matches - and with biometrics this is going to be very hard.
The day when real biometrics are included on passports is a long way off, and honestly I hope it never comes - but even if it does, the birthday problem will be enough to enable identity shopping.
I don't think this is true. Firstly, just because you're using biometrics the visual check doesn't disappear - you now have a much higher bar to jump to get through on someone else's passport. Secondly, identity shopping for biometrics would be far from easy; you can't just wander around looking for people that resemble you, you need to be able to check a lot of people's DNA. Thirdly, this isn't an application of the birthday problem. You aren't trying to find two random people with similar passports, you're trying to find someone with a passport that is a close fit for a specific person - there's a big difference.
I don't know whether it's true or not, but the Wikipedia article suggests that aluminium is an exception.
On the much broader platform of the internet, there is no universally determinable MORE IMPORTANT data. Example: How is a phone call from one kid about the smell of farts (VOIP data) more important than a video about Ron Paul's efforts distributed via P2P? There is no qualitative value that can be placed on the data beyond any data that may be important to simply maintain network function.
This doesn't have to be about more important though - or at least it doesn't have to be about more important to a person.
Different technologies need different things; P2P simply needs the highest average bandwidth it can get - and it doesn't make much difference if that's through bursts of 5s at 110 and 5s at 90 or a constant 100. VOIP doesn't need as much bandwidth as it can get - it might be happy with one fifth the bandwidth the P2P program can use. But it needs that bandwidth to be available consistently.
Throttling and separating data doesn't have to be about slowing down P2P access; it can simply mean recognising that different programs use the internet in different ways, and what is useful for a P2P application isn't necessarily perfect for other applications.
This doesn't have to be about discrimination against some users. Another user posted the analogy of the postal service, and I think it's quite a good one. At the sorting office, some letters are prioritised for dispatch, not because they are more important but because they require further processing or simply have to travel farther. This isn't a way of treating peoples post differently, it's a way to ensure that everyone's letters get through on time. This system could be used in much the same way - let P2P applications have their bandwidth. When the network isn't saturated give them all they can eat, even if it's more than they pay for - and 99% of the time the network isn't saturated. When the network becomes saturated - probably for a short period of time - prioritise VOIP and streaming video packets. Not because the content or the user is more important, but because the application requires consistent throughput to a much greater extent.
Sharing doesn't have to mean 100% equal 100% of the time. This is a reaction to a bad situation - massive overselling of the finite network resources. But even if there were enough resources for everyone 24/7, dynamic throttling would allow near 100% use all the time - which is a much better solution for the user than having the network at 50% use if only 50% of users are online.