I'll give up that use case in exchange for not having drivers trying to snapshot billboards running into me.
Cars have passengers too. People go from A to B on foot. You get the larger point, right?
That was a side comment, there's plenty of other technologies already in widespread use.
None of them nail pattern recognition under adverse conditions. Microsoft Tag does a stellar job there.
And yet Google's own version of this doesn't include that extra data-mining step.
1. Yes it does. It's called AdSense.
2. You assumed the data mining step. Don't take your assumption as a truism.
3. Data mining is not synonymous with privacy violation. "3 million new yorkers viewed your ad" is not the same as "IP address x.y.z.w viewed your ad"
4. This will only lead to an unrelated tangent. I'll just remind you that all the same privacy concerns that apply to any online service you use, be it webmail, search, social networking, video streaming, whatever. Your footprint on this very site is larger than anything you would ever leave on MS's tagging service in a lifetime of use.
I don't need to get to Microsoft to call a phone number encoded in a 2d barcode.
Don't use the app -- nobody is forcing you. Why did you even bother reading this thread if you were so disinclined?
I don't need Microsoft to be accessible to use someone else's site.
Don't use the app -- nobody is forcing you. Why did you even bother reading this thread if you were so disinclined?
And don't tell me "Microsoft won't be down" for something that's peripheral to their business after last Friday's debacle.
Don't tell me what not to tell you. Uptime of MS's service isn't really a concern. Do you realize you're comparing several hundred thousands (if not millions) of people simultaneously attempting to get a multi GB download -- you're comparing that to people sending around 15 bytes of data to a web service and fetching mostly URLs and phone numbers back? Look -- your mind was made up before you even read anything -- you were never going to give this app a fair shake -- but this is getting pretty desperate on your part.
No - you got the scenario wrong. Assume you want to send a 100-word message to the user (let's say it's some sort of advisory or whatever - that's immaterial). You do not want to create a website for this purpose -- it's a static message, a website is overkill, has a cost and maintenance hassle for you.
QR code: encode the message into the code. Pro: you don't need to rely on service uptime. Con: too much data in the tag -- pattern recognition might fail.
Microsoft tag: the tag still just contains an identifier, and will hit MS's service to fetch your message (not your website -- you didn't want one for this scenario). Pro: pattern recognition should be reliable. Con: reliance on service uptime, and customers having data plans.
The world's not black and white my friend. There's shades of grey and some CMYK in it as well:)
I don't completely understand it, but apparently it does help. From what I understand, the data is actually encoded into the brightness (4 levels) rather than the color -- but the color helps the camera to calibrate itself to get a better image or something like that.
Then there's an actual scale comparison, but the Microsoft one is only an encoded link, so it contains less data than the tags it's compared with.
That's kind of the point though. For tags/barcodes/whatever to be useful, you gotta be able to read the barcode in all kinds of unfavorable conditions. Low-res cellphone cameras, from a moving vehicle pointing at a billboard, varying light conditions, distances, and angles. The whole idea is to not encode reams of data, and to optimize the the tag as best possible for the pattern recognition to succeed. And they nailed this part -- I suggest giving it a try if you have a phone that will work.
There's no reason you can't swipe your iPhone over a UPC and look it up online (I've done that with my cue-cat).
UPCs don't store a phone numbers, vCards, URLs, or messages.
A nice side-effect of this is also the ability for publishers to gather reporting data on how many times it was seen." Nice. Right. Plus, Microsoft gets that data as well.
Kinda like search ads served by google, gmail, hulu, yahoo, live search etc.?
if the server's down or you're not online you're stuck.
Kinda like webmail? How were you planning to look up that UPC if you weren't online btw?
Isn't Opera Mobile configured to be the default browser on the HTC Diamond? Let me know what version of Opera Mobile you're running and I can give you instructions to set it as default. Or you can do a search. I feel your pain dude (or at least I used to until I set Opera as the default)..
Many services uses a subscription based system where a 2D-code, only has a function as long as the subscription beeing paid. Guess what system MS in using? Real info or interpreted/serverbased?
You make it sound like a really damning accusation.. I'm still trying to figure out what the problem is..
Say Epic decides to put a Microsoft Tag on the box of Gears of War 3. On scanning it, you get directed to a website with your gamer stats for GoW3. Epic created a tag and associated their data (the URL of their site) with it, and paid Microsoft some fee for the service. You scanned it, got sent to their site, didn't pay anybody anything. I don't understand why you would have a problem with that.
In terms of the privacy implications (MS knowing that you looked up this URL) - that's a bit paranoid wouldn't you say? Are you saying you don't use webmail or something? Or do you not use Google because they know what you're searching for? You've probably left a footprint on this very site that's far greater than anything you will ever leave by scanning a barcode. Sure there are questions about privacy, data retention, etc. -- but it's no different than any online service you have ever used.
It's possible that I'm wrong about that. Is there a standard for QR codes that describes the formatting of say, a URL or a vCard, etc. etc.? Such a standard would be required for a QR code scanning app to handle the information intelligently (for example, recognize that it just scanned in a URL, so launch web-browser and go there). This scenario works pretty well for Microsoft Tags right now.
The other thing I was implying regarding the limit - if you have a 100-word message that you need to convey - a QR code with that much information becomes impossible to scan with a cellphone camera. A Microsoft Tag will just work because the message itself isn't encoded in the tag.
Having said that, if you don't have a data connection, you're SOL right there.
Apparently, they aren't too sensitive to color distortions -- the data seems to be stored in the brightness as opposed to the color. I don't really understand the technical stuff behind it, but see here for an example of monochrome or two-tone tags that work
A QR code stores the data in the tag itself so (AFAIK) it can have variable size. It's black and white and the shapes are smaller. So the pattern recognition can be harder, might not work well with low resolution cameras, and there are practical limits on how much information you can encode into the tag.
Microsoft tag's strength is pattern recognition. It looks to me like the tag has been designed with low-res cameras, variable distances and light conditions in mind. Scanning has been working for me from all kinds of distances and screen angles, and it's been super-quick.
To achieve this it looks like MS had to make the tag data a fixed length and use the data essentially as an index number. Sure, you gotta go through their service, but well, they're providing a service (duh).. They've announced that the tag scanning app, and the act of scanning a tag will always be free services. Creating a tag is free right now while the service is in beta, but I'm sure they'll start charging a fee at some point. If/when that happens, an entity interested in creating a tag simply needs to weigh the cost/benefit and decide if it's worth it.
About MS having your data -- well, for example if you're in an airport and you see a tag that says "scan here for arrival/departure info" -- you scan it, it takes you to a page with flight info. How's that different from say, doing a search query and reaching the same website? Ultimately, the person/entity creating the tag will link the data (URL, vCard, whatever) to it. If they're not comfortable with this data residing on an MS server, why would they create the tag in the first place? You, as the consumer, the person scanning the tag, aren't uploading your data on MS's server.
Similar but not the same - the combination of color/shapes seems to make the pattern recognition for this very reliable and quick. If you have a smartphone give it a shot and you'll see what I mean. The code in your link is a QR code -- scanning one of those is usually hit-or-miss (and usually more miss than hit).
Another key difference - a QR code stores the data in the code itself, limiting what you can do with it. These Tags are just a GUID or something like it. The scanning app on your phone will send that number to a service (MS hosted -- that's the monetization I guess). The service responds with the data - which could be a message, URL, vCard, or phone number.
I can see a bunch of useful applications for stuff like this:
- Flight Arrival/Departure Info: tags can be posted at easily visible locations around the airport with a sign "scan here for arrival/departure info".
- Business Cards: You could print a tag (with your vCard associated with it) on your business card. Now for a business contact to get your contact info, all they have to do is scan the tag. No fiddling with data entry on a tiny-ass qwerty to enter a name, phone number, etc.
I got screwed (grade-wise) in a lab assignment once for using those instructions. I had to write a program in assembly to read a file, take a word as input from the user, and output the number of times that word occurs in the file. DOS interrupts did the job for reading the file, and getting user input..
Anyway - long story short - my code was good but the bastard who was checking my assignment wasn't familiar with repnz scasb (or rather rep and derivates, and scas and derivatives - or SIMD instructions in general). He kept asking me for a "more elegant" approach - by which he meant a version that he could understand. I stood there stumped 'cos I couldn't think of anything more elegant in the proper sense of the word. I'm still carrying the scars from that assignment..
You can just opt to use the older menu system if you don't like the new taskbar. No idea if it's possible to turn off the dock in OS-X. But I can never understand why slashdotters are so obsessed with claiming they're being forced to do stuff. You don't have to use either OS. Buy something else, use something else. If the alternatives aren't compelling, well, you made your choice either way -- nobody forced your hand.
That depends: see REPNZ and SCASB and cousins, for example.
But I'll grant you this -- a loop in a high-level language will generally become a goto in assembly. Compiler optimization will sometimes have the last word on the matter, but in general you're right.
Because at the same time DRM is supposed to enable one to show the content (and thus give the key to the individual holding a copy) and exactly at the same time its supposed to stop unlicensed copies (thus preventing the exact same person using the exact same keys to copy the exact same media in a different way).
You're oversimplifying.
1. The user won't explicitly have access to the encryption/decryption key -- it's the application that will have that.
2. The onus is now on the application to allow/disallow actions that an authorized person is able to carry out with a particular piece of content.
3. The application (say MS word in this case) will probably need to be signed into a particular root of trust.
4. Only an application that plays by the rules will be signed into that root of trust.
5. The application itself won't handle the encrypt/decrypt operations (or the content key) -- it'll call into some library to do that.
So in the end you have two points of attack -- you can attack the application to get at the decrypted data -- or you can attack the library to get at the content key. Attacking the application is probably easier. In any case, either approach will require malice on the part of the user -- and the user is on record as someone who has obtained a content key to the doc in question. The rest depends on the value of the information that was stolen, results of the investigation, etc.
Note: I don't actually know anything about the implementation details of this solution from MS -- but this is fairly run-of-the-mill stuff for DRM systems, so I don't expect this is very different.
The only solution to the problem at hand only giving access to these documents to employees you know you can trust.
Not really.
MS's solution gives him control of:
- Who has access to the document
- What actions they can take with it (print, copy-paste, forward, etc.)
- How long they have access
It also ensures that there's an audit trail that can be followed in the event of leaks.
I can still go out, get my digital camera, and take some pictures of my monitor which I can send out.
Pen and paper will work fine as well -- that doesn't make the DRM scheme invalid. If it's a question of serious IP theft, you are on record as somebody who has had access the document in the event of an investigation happening if somebody files charges.
True. Besides, the staggering level of sadness Ken Starks expresses is almost as comical as the teacher's overjealousness. Both of them are missing the point. Linux or Windows will both do the job and then some when it comes to educating kids. Starks and the teacher trying to indoctrinate the kids into their respective camps is what's harmful.
Not to cause a flame war... The Darwin kernel is open sourced, and has active development teams both inside and outside of Apple... The same CANNOT be said for Microsoft software.
You sure about the flame war part?:)
Anyway - you're essentially equating open-source development with secure development practices, which is a fallacy -- you can be any combination of open/closed and secure/insecure. I have absolutely no insight into the security aspects of Apple's development processes whether it's banned APIs, developer education, security audits (code audits), actual attacks, static source analyzers or what have you -- so I wouldn't call the OS-X kernel insecure. At the same time, open source development by itself isn't enough for me to call it secure.
The pretext to this is that you're in the market for a new computer. It's conceivable that for the price of a Mac you will get a PC + Vista + AV that meets your needs. Of course there are other factors (like you might just want a Mac no matter what -- or you need to run xyz program that's only available on one of these options), but I'm just pointing out that moving to a Mac for security purposes isn't an automatic choice.
Also note that the very nature of malware is changing (think cross-site scripting attacks and such). These kind of attacks might not necessarily care what OS you're running -- they might just succeed against say IE, or Firefox on any OS, or say Safari on whatever OS, or even all of them..
Slashdot Mirror
I'll give up that use case in exchange for not having drivers trying to snapshot billboards running into me.
Cars have passengers too. People go from A to B on foot. You get the larger point, right?
That was a side comment, there's plenty of other technologies already in widespread use.
None of them nail pattern recognition under adverse conditions. Microsoft Tag does a stellar job there.
And yet Google's own version of this doesn't include that extra data-mining step.
1. Yes it does. It's called AdSense.
2. You assumed the data mining step. Don't take your assumption as a truism.
3. Data mining is not synonymous with privacy violation. "3 million new yorkers viewed your ad" is not the same as "IP address x.y.z.w viewed your ad"
4. This will only lead to an unrelated tangent. I'll just remind you that all the same privacy concerns that apply to any online service you use, be it webmail, search, social networking, video streaming, whatever. Your footprint on this very site is larger than anything you would ever leave on MS's tagging service in a lifetime of use.
I don't need to get to Microsoft to call a phone number encoded in a 2d barcode.
Don't use the app -- nobody is forcing you. Why did you even bother reading this thread if you were so disinclined?
I don't need Microsoft to be accessible to use someone else's site.
Don't use the app -- nobody is forcing you. Why did you even bother reading this thread if you were so disinclined?
And don't tell me "Microsoft won't be down" for something that's peripheral to their business after last Friday's debacle.
Don't tell me what not to tell you. Uptime of MS's service isn't really a concern. Do you realize you're comparing several hundred thousands (if not millions) of people simultaneously attempting to get a multi GB download -- you're comparing that to people sending around 15 bytes of data to a web service and fetching mostly URLs and phone numbers back? Look -- your mind was made up before you even read anything -- you were never going to give this app a fair shake -- but this is getting pretty desperate on your part.
No - you got the scenario wrong. Assume you want to send a 100-word message to the user (let's say it's some sort of advisory or whatever - that's immaterial). You do not want to create a website for this purpose -- it's a static message, a website is overkill, has a cost and maintenance hassle for you.
QR code: encode the message into the code. Pro: you don't need to rely on service uptime. Con: too much data in the tag -- pattern recognition might fail.
Microsoft tag: the tag still just contains an identifier, and will hit MS's service to fetch your message (not your website -- you didn't want one for this scenario). Pro: pattern recognition should be reliable. Con: reliance on service uptime, and customers having data plans.
The world's not black and white my friend. There's shades of grey and some CMYK in it as well :)
I don't completely understand it, but apparently it does help. From what I understand, the data is actually encoded into the brightness (4 levels) rather than the color -- but the color helps the camera to calibrate itself to get a better image or something like that.
Then there's an actual scale comparison, but the Microsoft one is only an encoded link, so it contains less data than the tags it's compared with.
That's kind of the point though. For tags/barcodes/whatever to be useful, you gotta be able to read the barcode in all kinds of unfavorable conditions. Low-res cellphone cameras, from a moving vehicle pointing at a billboard, varying light conditions, distances, and angles. The whole idea is to not encode reams of data, and to optimize the the tag as best possible for the pattern recognition to succeed. And they nailed this part -- I suggest giving it a try if you have a phone that will work.
There's no reason you can't swipe your iPhone over a UPC and look it up online (I've done that with my cue-cat).
UPCs don't store a phone numbers, vCards, URLs, or messages.
A nice side-effect of this is also the ability for publishers to gather reporting data on how many times it was seen." Nice. Right. Plus, Microsoft gets that data as well.
Kinda like search ads served by google, gmail, hulu, yahoo, live search etc.?
if the server's down or you're not online you're stuck.
Kinda like webmail? How were you planning to look up that UPC if you weren't online btw?
coming soon
I'm sorry -- but that's just dumb. Or a silly attempt at fud.
How is your scenario any different from: 2) Computer "Please call this number to start game". If someone is that stupid they deserve to get swindled.
Isn't Opera Mobile configured to be the default browser on the HTC Diamond? Let me know what version of Opera Mobile you're running and I can give you instructions to set it as default. Or you can do a search. I feel your pain dude (or at least I used to until I set Opera as the default)..
Many services uses a subscription based system where a 2D-code, only has a function as long as the subscription beeing paid. Guess what system MS in using? Real info or interpreted/serverbased?
You make it sound like a really damning accusation.. I'm still trying to figure out what the problem is..
Say Epic decides to put a Microsoft Tag on the box of Gears of War 3. On scanning it, you get directed to a website with your gamer stats for GoW3. Epic created a tag and associated their data (the URL of their site) with it, and paid Microsoft some fee for the service. You scanned it, got sent to their site, didn't pay anybody anything. I don't understand why you would have a problem with that.
In terms of the privacy implications (MS knowing that you looked up this URL) - that's a bit paranoid wouldn't you say? Are you saying you don't use webmail or something? Or do you not use Google because they know what you're searching for? You've probably left a footprint on this very site that's far greater than anything you will ever leave by scanning a barcode. Sure there are questions about privacy, data retention, etc. -- but it's no different than any online service you have ever used.
You can take your cellphone into a lounge/coffee shop/etc. -- try doing that with the TV :)
It's possible that I'm wrong about that. Is there a standard for QR codes that describes the formatting of say, a URL or a vCard, etc. etc.? Such a standard would be required for a QR code scanning app to handle the information intelligently (for example, recognize that it just scanned in a URL, so launch web-browser and go there). This scenario works pretty well for Microsoft Tags right now.
The other thing I was implying regarding the limit - if you have a 100-word message that you need to convey - a QR code with that much information becomes impossible to scan with a cellphone camera. A Microsoft Tag will just work because the message itself isn't encoded in the tag.
Having said that, if you don't have a data connection, you're SOL right there.
Apparently, they aren't too sensitive to color distortions -- the data seems to be stored in the brightness as opposed to the color. I don't really understand the technical stuff behind it, but see here for an example of monochrome or two-tone tags that work
You're right -- my bad -- those are Datamatrix codes.
Yeah -- those are QR codes. If you have a G1 (I think) or Nokia you should be able to scan that..
Well, there's obviously tradeoffs associated:
A QR code stores the data in the tag itself so (AFAIK) it can have variable size. It's black and white and the shapes are smaller. So the pattern recognition can be harder, might not work well with low resolution cameras, and there are practical limits on how much information you can encode into the tag.
Microsoft tag's strength is pattern recognition. It looks to me like the tag has been designed with low-res cameras, variable distances and light conditions in mind. Scanning has been working for me from all kinds of distances and screen angles, and it's been super-quick.
To achieve this it looks like MS had to make the tag data a fixed length and use the data essentially as an index number. Sure, you gotta go through their service, but well, they're providing a service (duh).. They've announced that the tag scanning app, and the act of scanning a tag will always be free services. Creating a tag is free right now while the service is in beta, but I'm sure they'll start charging a fee at some point. If/when that happens, an entity interested in creating a tag simply needs to weigh the cost/benefit and decide if it's worth it.
About MS having your data -- well, for example if you're in an airport and you see a tag that says "scan here for arrival/departure info" -- you scan it, it takes you to a page with flight info. How's that different from say, doing a search query and reaching the same website? Ultimately, the person/entity creating the tag will link the data (URL, vCard, whatever) to it. If they're not comfortable with this data residing on an MS server, why would they create the tag in the first place? You, as the consumer, the person scanning the tag, aren't uploading your data on MS's server.
Forgot to mention: Easiest way to install it is to point your phone to http://gettag.mobi/
To give it a whirl, scan any of the tags in this article (same as the main story link).
Similar but not the same - the combination of color/shapes seems to make the pattern recognition for this very reliable and quick. If you have a smartphone give it a shot and you'll see what I mean. The code in your link is a QR code -- scanning one of those is usually hit-or-miss (and usually more miss than hit).
Another key difference - a QR code stores the data in the code itself, limiting what you can do with it. These Tags are just a GUID or something like it. The scanning app on your phone will send that number to a service (MS hosted -- that's the monetization I guess). The service responds with the data - which could be a message, URL, vCard, or phone number.
I can see a bunch of useful applications for stuff like this:
- Flight Arrival/Departure Info: tags can be posted at easily visible locations around the airport with a sign "scan here for arrival/departure info".
- Business Cards: You could print a tag (with your vCard associated with it) on your business card. Now for a business contact to get your contact info, all they have to do is scan the tag. No fiddling with data entry on a tiny-ass qwerty to enter a name, phone number, etc.
Yep, that's good stuff..
I got screwed (grade-wise) in a lab assignment once for using those instructions. I had to write a program in assembly to read a file, take a word as input from the user, and output the number of times that word occurs in the file. DOS interrupts did the job for reading the file, and getting user input..
Anyway - long story short - my code was good but the bastard who was checking my assignment wasn't familiar with repnz scasb (or rather rep and derivates, and scas and derivatives - or SIMD instructions in general). He kept asking me for a "more elegant" approach - by which he meant a version that he could understand. I stood there stumped 'cos I couldn't think of anything more elegant in the proper sense of the word. I'm still carrying the scars from that assignment..
You can just opt to use the older menu system if you don't like the new taskbar. No idea if it's possible to turn off the dock in OS-X. But I can never understand why slashdotters are so obsessed with claiming they're being forced to do stuff. You don't have to use either OS. Buy something else, use something else. If the alternatives aren't compelling, well, you made your choice either way -- nobody forced your hand.
That depends: see REPNZ and SCASB and cousins, for example.
But I'll grant you this -- a loop in a high-level language will generally become a goto in assembly. Compiler optimization will sometimes have the last word on the matter, but in general you're right.
How does crap like this make it to the front page?
You have got to be new here. It's an anti-MS article. Don't criticize other people p0rn stash..
Because at the same time DRM is supposed to enable one to show the content (and thus give the key to the individual holding a copy) and exactly at the same time its supposed to stop unlicensed copies (thus preventing the exact same person using the exact same keys to copy the exact same media in a different way).
You're oversimplifying.
1. The user won't explicitly have access to the encryption/decryption key -- it's the application that will have that.
2. The onus is now on the application to allow/disallow actions that an authorized person is able to carry out with a particular piece of content.
3. The application (say MS word in this case) will probably need to be signed into a particular root of trust.
4. Only an application that plays by the rules will be signed into that root of trust.
5. The application itself won't handle the encrypt/decrypt operations (or the content key) -- it'll call into some library to do that.
So in the end you have two points of attack -- you can attack the application to get at the decrypted data -- or you can attack the library to get at the content key. Attacking the application is probably easier. In any case, either approach will require malice on the part of the user -- and the user is on record as someone who has obtained a content key to the doc in question. The rest depends on the value of the information that was stolen, results of the investigation, etc.
Note: I don't actually know anything about the implementation details of this solution from MS -- but this is fairly run-of-the-mill stuff for DRM systems, so I don't expect this is very different.
The only solution to the problem at hand only giving access to these documents to employees you know you can trust.
Not really.
MS's solution gives him control of:
- Who has access to the document
- What actions they can take with it (print, copy-paste, forward, etc.)
- How long they have access
It also ensures that there's an audit trail that can be followed in the event of leaks.
I can still go out, get my digital camera, and take some pictures of my monitor which I can send out.
Pen and paper will work fine as well -- that doesn't make the DRM scheme invalid. If it's a question of serious IP theft, you are on record as somebody who has had access the document in the event of an investigation happening if somebody files charges.
True. Besides, the staggering level of sadness Ken Starks expresses is almost as comical as the teacher's overjealousness. Both of them are missing the point. Linux or Windows will both do the job and then some when it comes to educating kids. Starks and the teacher trying to indoctrinate the kids into their respective camps is what's harmful.
Not to cause a flame war ... The Darwin kernel is open sourced, and has active development teams both inside and outside of Apple ... The same CANNOT be said for Microsoft software.
You sure about the flame war part? :)
Anyway - you're essentially equating open-source development with secure development practices, which is a fallacy -- you can be any combination of open/closed and secure/insecure. I have absolutely no insight into the security aspects of Apple's development processes whether it's banned APIs, developer education, security audits (code audits), actual attacks, static source analyzers or what have you -- so I wouldn't call the OS-X kernel insecure. At the same time, open source development by itself isn't enough for me to call it secure.
Yes and no -- it depends.
The pretext to this is that you're in the market for a new computer. It's conceivable that for the price of a Mac you will get a PC + Vista + AV that meets your needs. Of course there are other factors (like you might just want a Mac no matter what -- or you need to run xyz program that's only available on one of these options), but I'm just pointing out that moving to a Mac for security purposes isn't an automatic choice.
Also note that the very nature of malware is changing (think cross-site scripting attacks and such). These kind of attacks might not necessarily care what OS you're running -- they might just succeed against say IE, or Firefox on any OS, or say Safari on whatever OS, or even all of them..