The article doesn't seem to say that a group of randomly selected people were forced to play video games, so I suppose that he tested those who already played hours of video games each day.
In that case, the link could easily be the other way around: people who got short tempers, don't plan ahead and are easily distracted are more likely than others to play video games (presumably because video games don't yell at them for being that way)
Seems much more likely to me...
(Of course this only applies to people who don't read Slashdot;-)
It also works a lot better than ClearCase; it's faster, and because it doesn't need to do a checkout before it can write, you can still use all the refactoring tools; the ClearCase plugin for Websphere Studio Application Developer (based on Eclipse 1) isn't smart enough to do that for you.
Regarding the library thing, I guess I'm lucky. I've got these pango-related libs:
Sorry, can't help you there. I usually run jdk1.4 from Sun, but just tried Blackdown 1.3.1 and it works as well.
I can't figure out how it resolves font names. I don't have a font called 'Sans'. I have lucidasans and a lot of other sans-serif fonts. I don't know too much about X font mechanisms, and I'm not sure if SWT/GTK has its own font-name alias files, uses X fonts directly, or perhaps even uses Java2D to load TrueType fonts.
If you know how to do that, I'd suggest creating a font-name alias for 'Sans' to some font.
Some more detail: you can change the font from the preferences menu in Eclipse, but you need to start it first. (duh too) It shows a list with mostly X font names, as well as "sans" and "serif". Those two fonts don't show up with xlsfonts or xfontsel on my machine. The "system default" is "Sans", and it doesn't seem to use the GTK theme font in any way.
I'm running Debian (unstable) and have no major problems running Eclipse 2.0 - GTK.
You should see the CVS (Team) integration, by the way, that alone makes it a great IDE.
I've had it open for a week without running into the file handle problem, maybe you used an interim version (integration or nightly build) that has this quirk? You might want to try a newer build in that case.
I've been using the GTK version of Eclipse (integration builds) for the last two months without major problems.
It (gtk version) used to suck half a year ago, but it is fast and quite stable now. One big bonus: it understands the scroll-wheel on your mouse now.
Strange thing: Eclipse has no syntax-colored XML editor. However it has a specialized editor for Eclipse plugin descriptors (plugin.xml files) with a nice syntax-colored xml editor tab. And if you create a plugin using the plugin-creation wizard, you can select an "XML file editor". The generated plugin is a nice syntax-colored XML editor, no programming is required. That's a complex way to activate a useful feature.
This is really old news. Sniffing a logitech wireless keyboard is terribly simple; you know the company in the office nextdoors has one?
The follow these steps:
* buy the same type of logitech keyboard
* check if they're running windoze or linux
* depending one above check, repeat:
- press 'adjust frequency' button on logitech
appliance
- for windoze, press ALT-F4 a few times
- for unixen, type "rm -rf/" a few times
- check for screams
- if you hear screams, stop repeating these steps (or not:)
Not really. I've bored my collegues with my complaints about the stupidity of system adminstrators more than once, and these complaints all went exactly along the lines of the fake RFC.
I've you're a hacker that wanted to continue sending secret information from within a firewall to outside the firewall, they could do exactly what the RFC described (the may save some time by simply sending it to some CGI script, but implementing full IP is certainly an option)
Firewalls, on outgoing connections, really provide no security at all, but make any kind of efficiency in a new IP-based protocol impossible:-)
Hey, it's not as though ordinary phones have suddenly disappeared. Maybe you aren't that old, but there used to be a time when cellphones didn't exist, you know.
Perhaps you should take a Cultural Anthropology 101 class and learn something about the history of what we consider "property" and how young the modern meaning of it is. It may not change your opinion but you will be able to put it forward with a few well-put arguments that may convince people or at least interest them.
You may also learn about the proper use of the words "fornicate", "bovine" and "dung".
Whatever they are, those guys at Microsoft aren't dumb.
It takes balls for a half-a-trillion-dollar company to take on the role of troller on Slashdot. I mean, it could easily backfire, but so far they are playing out the differences nicely between the supporters of the GPL and the people who seem to be offended at the very notion that it requires something in return from them.
Nah, that's not true. The only two things to be done in real-time in this proposed algorithm is sending the time at which the "snapshot" of the keystream must be made from Alice to Bob, and recording some part of the keystream at the time of the snapshot. Encrypting the message by Alice (XOR) with the snapshot taken from the keystream can be done later (but not much later or the snapshot on the harddisk may have been compromised), the ciphertext is then sent from Alice to Bob, and Bob can decrypt the message when he wants for as long as he keept the snapshot from the keystream on his disk.
So this is not your problem, there are way bigger problems if you want to introduce this algorithm in practice.
Like, if Carol is the one that's broadcasting a keystream, then Mallory could be trying to introduce noise (continuously) into the keystream to make it biased, and she could try to find the bias back in the ciphertext from Alice to Bob if she can intercept it. For example, if the bias allows Mallory to find out at what time the snapshot from the keystream was made, she could try to crack the private key that Alice used to encrypt the first message that contained the time of the snapshot to Bob, en then Mallory could decrypt any future communications between Alice and Bob because she knows when to listen and record the keystream.
Or the bias in itself could help Mallory to decrypt the ciphertext.
Or... Mallory could pretend to be Carol and use an algorithmic PRNG to generate a keystream that seems to be random. But if the algorithm has the right properties, Mallory could either recreate any part of the keystream if she knows at which time the snapshot was made by Alice and Bob, or even more advanced she could use some knowledge of the plaintext (like if it was in English) and determine at which point in time the snapshot must have been taken from her algorithmic PRNG.
I'm very sorry, but this is nonsense. All he has to do is officially grant OpenSSH the use of the trademark "SSH" in a legally binding contract, and there's no more question of trademark dillution.
He will then have every means to defend himself should Microsoft use the term "SSH" against his wishes.
It's a good thing that he is clear and objective about his stand towards OpenSSH, but that doesn't make his claim in itself more ethical than any other trademark claim.
I think you worked at those "e-mail marketing companies" (what a nice euphemism) for a bit too long.
The right to free speech doesn't include the right to invade someones privacy or disrupt other people's means of communications.
Just you wait when a political figure starts calling people on the phone at 3AM with an autodialler.
OTOH, I'm more in favor or requiring specific labelling for advertisements, opt-in or not. It makes it easier to filter for end-users, but it also makes it easier for ISP's to bill eachtother at their network boundaries. Ultimately, the cost will then end up with the spammer or with the ISP that doesn't want to tell who was spamming from behind such-and-such IP number. When spammers are reliable footed the bill for their actions, their gone forever within a few days.
The Linux kernel source certainly shows some smart, lean code. But it is so lacking of commentary in the source code that it's unbelievable. It seems the whole idea is that if you can't figure out what the kernel does by looking at the C statements, you're not worth working with the source anyway.
This may attract extremely smart people who like to code new stuff, but turns away many other types of people who normally do boring maintenance work, try to fix bugs, use existing code to add a simular feature, etc. etc.
I personally prefer source code that is doesn't hurt the eyes when you look at it a few weeks after the previous time: many comments, empty lines and whitespace inserted to identify logically seperate parts of the code, etc, etc.
When people release a work under the GPL license, they're making a statement. They're saying: you can use my source code, for free, and you may also charge a price for the work that you derive from it, BUT.
And the but is: you should also license your derived work under the GPL. And if you think that is too big a price to pay, that's okay. You don't have to use that particular GPL-ed piece of code. You can find open source code that is license with a different license, many BSD-like licenses are less restrictive about which license you use for your derived work.
But you have to give credit to people who think the GPL is a good idea. They have the right to believe this, and if they write software and release that under the GPL, they're certainly putting their money where their mouth is, and you have to appreciate that, even if you don't agree with the GPL's philosophy. (And the fact that the GPL is in actual use, and there are still people who think that it's a good idea, does give some credit to the GPL. Many philosphies, in software or otherwise, start to crumble the moment that people actually start to live by it.)
So... if you think that abiding by a software license is silly, think again. None of the open source and free software licenses come anywhere near the unreasonability of many commercial software licenses, that try to restrict your rights much beyond what is allowed to them by copyright law and international conventions. But more than that, these open source licenses are an expression of what the author wanted with their work, and I think that, if you want to be looked upon with sympathy by open source writers, users, and other slashdot posters, you should repect the wishes of the authors.
And the best way to do that, if you're not sure about something: ask the author. Most of them will be happy with your attention.
As much as the author of the above mentioned web page may be an 'arrogant dweeb' (quoting one of my fellow posters) he's certainly not one of the commercial-savvy dweebs.
I mean, his page is being slashdotted. He could have driven to DoubleClick at 200Mph, but instead he chose to do this. I love it:-)
if (document.all)
location.href="http://aspalliance.com/dagon/";
else
if (document.referrer.toLowerCase().indexOf("slashdot.org")>-1)
location.href="http://www.microsoft.com/windows/ie/";
else
document.write(arrogant message);
Then I wonder what phantom-OS I've been running on my laptop for the last three quarters of a year.
Vaporware is something that doesn't exist, sometimes (okay, my paranoia says 'most of the time' in the case of one specific company) it is only a marketing concept without a single bit of code.
When talking about an open-source project in which the source is open all the way through the development traject, you can hardly talk about vaporware. So it had a -test tag attached to its version number.. I've had it running quite well since the 2.3.99pre releases and although much was changed in the implementation, the only thing I've noticed is a few bugs disappearing and sometimes a slight speed increase.
For 90% of the kinds of everyday applications, C/C++ doesn't outperform Java, or the other way around, by more than a few percent.
When it comes to heavy-duty bit manipulations, such as in cryptographics or graphical algorithms, Java doesn't do too well, but with JDK1.3 and HotSpot, I think the speed of Java is great for all other purposes.
The biggest problem IMO is the download. To make a client or standalone application, you still need the multi-megabyte JRE download. I guess it's like Netscape vs. MSIE; if you write a Windows or Linux app in C you get to use libraries that most people have already installed, just like MSIE is pre-installed.
But for servlets, Java is great since your users don't need the download. Easy to program, many libraries included and since they're standard, you don't have three third-party components using three different libraries that do about the same. You get increased security for free; no need to worry about buffer-overflow or formatting string attacks. An ASP that knows a bit about Java2 security (okay, it's too complicated for non-experts IMO) can easily put servlets from different customers in different sandboxes where they cannot interfere..
Now when gcj, japher or Kaffe and Classpath are complete, I hope all the major Linux distributions will carry a full GPL-ed Java implementation so every Linux developer can depend on Java being pre-installed.
Too bad I signed Sun's non-disclosure license for jdk1.1 a few years ago, since Classpath wants to make a clean-room implementation.:-(
I think you show an interesting case of double standards. I could think of a million people who'd say '7 years for being a bit of a nuisance?? Be glad that he only used it for a bit of junk mail, so he drew attention to the security hole in the mail server he hacker before it was used to steal credit cards.'
While you may think that 'ethical hacking' is okay, how do you know you're not ethically hacking into a life-support machine where you accidentally cause someones' death? In a less extreme case, who are you to decide for someone else that they should appreciate you showing that their security sucks? (If a site promotes such attempts, then have fun. I have no problem with that.)
While you most probably won't do any harm if you break into just about anything, like a car or house, to show that it was improperly secured, and you just leave a note and leave, it will leave people feeling violated. I think that's the same for uninvited 'ethical hacking': it may be your ethics, but its not very ethical or legal to force your ethics upon other people..
But then, I may have failed to interpet your post as complete sarcasm.
I'm no Newton, but perhaps the opposite and equal force is exerted on the electromagnetic field, which has energy, hence mass, so it the magnet could push itself away from its electromagnetic field. The asymmetry may just allow for that.
Then again, it may not.
The problem with such smart cards is not that users can break the system, but that the issuers abuse it to store more information than they tell the user about.
Because encryption techniques are used, smart cards can store data that only "authorized" people can access, and the user may not be authorized. You may think that your smart card only contains your personal info, but the supermarket may be using it to store your buying habits, your doctor may use to to store his personal opinion of you, the bank may store your credit history on it, and you don't know who has the keys to read the data...
The privacy problem is IMHO just as big as the security problem.
Anonymous money, protected against double spending, is possible using the techniques developed by David Chaum (see Bruce Schneiers' book about cryptographic algorithms, in which it is described)
An "anonymous" ID would be more difficult, since if you keep the id long enough, someone is bound to link it up with your name and store it in a database, after which any transaction with that id can be traced to your.
By not using an ID, but with transferable karma points, would perhaps be possible with similar techniques as anonymous digital cash, but the problem is that the set of "karma endorsals" by other people would probably be enough of an ID by itself and could be linked to you.
Slashdot Mirror
The article doesn't seem to say that a group of randomly selected people were forced to play video games, so I suppose that he tested those who already played hours of video games each day.
;-)
In that case, the link could easily be the other way around: people who got short tempers, don't plan ahead and are easily distracted are more likely than others to play video games (presumably because video games don't yell at them for being that way)
Seems much more likely to me...
(Of course this only applies to people who don't read Slashdot
It also works a lot better than ClearCase; it's faster, and because it doesn't need to do a checkout before it can write, you can still use all the refactoring tools; the ClearCase plugin for Websphere Studio Application Developer (based on Eclipse 1) isn't smart enough to do that for you.
/usr/lib/li bpangoft2-1.0.so.0.0.3 /usr/lib/libpangoxft-1.0.s o.0@ /usr/lib/libp angox-1.0.so.0@ /usr/lib/libpangoxft-1.0.so. 0.0.3 /usr/lib/lib pangox-1.0.so.0.0.3
Regarding the library thing, I guess I'm lucky. I've got these pango-related libs:
/usr/lib/libpango-1.0.so.0@
/usr/lib/libpango-1.0.so.0.0.3
/usr/lib/libpangoft2-1.0.so.0@
and the same libswt-pi-gtk-2047.so
Works like a charm...
Sorry, can't help you there. I usually run jdk1.4 from Sun, but just tried Blackdown 1.3.1 and it works as well.
I can't figure out how it resolves font names. I don't have a font called 'Sans'. I have lucidasans and a lot of other sans-serif fonts. I don't know too much about X font mechanisms, and I'm not sure if SWT/GTK has its own font-name alias files, uses X fonts directly, or perhaps even uses Java2D to load TrueType fonts.
If you know how to do that, I'd suggest creating a font-name alias for 'Sans' to some font.
Some more detail: you can change the font from the preferences menu in Eclipse, but you need to start it first. (duh too) It shows a list with mostly X font names, as well as "sans" and "serif". Those two fonts don't show up with xlsfonts or xfontsel on my machine.
The "system default" is "Sans", and it doesn't seem to use the GTK theme font in any way.
I'm running Debian (unstable) and have no major problems running Eclipse 2.0 - GTK.
You should see the CVS (Team) integration, by the way, that alone makes it a great IDE.
I've had it open for a week without running into the file handle problem, maybe you used an interim version (integration or nightly build) that has this quirk? You might want to try a newer build in that case.
I've been using the GTK version of Eclipse (integration builds) for the last two months without major problems.
It (gtk version) used to suck half a year ago, but it is fast and quite stable now. One big bonus: it understands the scroll-wheel on your mouse now.
Strange thing: Eclipse has no syntax-colored XML editor. However it has a specialized editor for Eclipse plugin descriptors (plugin.xml files) with a nice syntax-colored xml editor tab. And if you create a plugin using the plugin-creation wizard, you can select an "XML file editor". The generated plugin is a nice syntax-colored XML editor, no programming is required.
That's a complex way to activate a useful feature.
And after that remark your dad proceeded to turn you in to the local police for owning an illegal copy of Photoshop?
You must have very silly discussions with your dad if "he did commit an illegal act" is about as deep as they go...
Erwin
This is really old news. Sniffing a logitech wireless keyboard is terribly simple; you know the company in the office nextdoors has one? /" a few times
:)
The follow these steps:
* buy the same type of logitech keyboard
* check if they're running windoze or linux
* depending one above check, repeat:
- press 'adjust frequency' button on logitech
appliance
- for windoze, press ALT-F4 a few times
- for unixen, type "rm -rf
- check for screams
- if you hear screams, stop repeating these steps (or not
Erwin
Not really. I've bored my collegues with my complaints about the stupidity of system adminstrators more than once, and these complaints all went exactly along the lines of the fake RFC.
:-)
I've you're a hacker that wanted to continue sending secret information from within a firewall to outside the firewall, they could do exactly what the RFC described (the may save some time by simply sending it to some CGI script, but implementing full IP is certainly an option)
Firewalls, on outgoing connections, really provide no security at all, but make any kind of efficiency in a new IP-based protocol impossible
Erwin
Hey, it's not as though ordinary phones have suddenly disappeared. Maybe you aren't that old, but there used to be a time when cellphones didn't exist, you know.
Still, it's quite scary that people think it could be true.
Perhaps you should take a Cultural Anthropology 101 class and learn something about the history of what we consider "property" and how young the modern meaning of it is. It may not change your opinion but you will be able to put it forward with a few well-put arguments that may convince people or at least interest them.
You may also learn about the proper use of the words "fornicate", "bovine" and "dung".
Erwin
Whatever they are, those guys at Microsoft aren't dumb.
It takes balls for a half-a-trillion-dollar company to take on the role of troller on Slashdot. I mean, it could easily backfire, but so far they are playing out the differences nicely between the supporters of the GPL and the people who seem to be offended at the very notion that it requires something in return from them.
Erwin
Nah, that's not true. The only two things to be done in real-time in this proposed algorithm is sending the time at which the "snapshot" of the keystream must be made from Alice to Bob, and recording some part of the keystream at the time of the snapshot. Encrypting the message by Alice (XOR) with the snapshot taken from the keystream can be done later (but not much later or the snapshot on the harddisk may have been compromised), the ciphertext is then sent from Alice to Bob, and Bob can decrypt the message when he wants for as long as he keept the snapshot from the keystream on his disk.
So this is not your problem, there are way bigger problems if you want to introduce this algorithm in practice.
Like, if Carol is the one that's broadcasting a keystream, then Mallory could be trying to introduce noise (continuously) into the keystream to make it biased, and she could try to find the bias back in the ciphertext from Alice to Bob if she can intercept it. For example, if the bias allows Mallory to find out at what time the snapshot from the keystream was made, she could try to crack the private key that Alice used to encrypt the first message that contained the time of the snapshot to Bob, en then Mallory could decrypt any future communications between Alice and Bob because she knows when to listen and record the keystream.
Or the bias in itself could help Mallory to decrypt the ciphertext.
Or... Mallory could pretend to be Carol and use an algorithmic PRNG to generate a keystream that seems to be random. But if the algorithm has the right properties, Mallory could either recreate any part of the keystream if she knows at which time the snapshot was made by Alice and Bob, or even more advanced she could use some knowledge of the plaintext (like if it was in English) and determine at which point in time the snapshot must have been taken from her algorithmic PRNG.
Erwin
I'm very sorry, but this is nonsense. All he has to do is officially grant OpenSSH the use of the trademark "SSH" in a legally binding contract, and there's no more question of trademark dillution.
He will then have every means to defend himself should Microsoft use the term "SSH" against his wishes.
It's a good thing that he is clear and objective about his stand towards OpenSSH, but that doesn't make his claim in itself more ethical than any other trademark claim.
Erwin
I think you worked at those "e-mail marketing companies" (what a nice euphemism) for a bit too long.
The right to free speech doesn't include the right to invade someones privacy or disrupt other people's means of communications.
Just you wait when a political figure starts calling people on the phone at 3AM with an autodialler.
OTOH, I'm more in favor or requiring specific labelling for advertisements, opt-in or not. It makes it easier to filter for end-users, but it also makes it easier for ISP's to bill eachtother at their network boundaries. Ultimately, the cost will then end up with the spammer or with the ISP that doesn't want to tell who was spamming from behind such-and-such IP number. When spammers are reliable footed the bill for their actions, their gone forever within a few days.
Erwin
The Linux kernel source certainly shows some smart, lean code. But it is so lacking of commentary in the source code that it's unbelievable. It seems the whole idea is that if you can't figure out what the kernel does by looking at the C statements, you're not worth working with the source anyway.
This may attract extremely smart people who like to code new stuff, but turns away many other types of people who normally do boring maintenance work, try to fix bugs, use existing code to add a simular feature, etc. etc.
I personally prefer source code that is doesn't hurt the eyes when you look at it a few weeks after the previous time: many comments, empty lines and whitespace inserted to identify logically seperate parts of the code, etc, etc.
Erwin
When people release a work under the GPL license, they're making a statement. They're saying: you can use my source code, for free, and you may also charge a price for the work that you derive from it, BUT.
And the but is: you should also license your derived work under the GPL. And if you think that is too big a price to pay, that's okay. You don't have to use that particular GPL-ed piece of code. You can find open source code that is license with a different license, many BSD-like licenses are less restrictive about which license you use for your derived work.
But you have to give credit to people who think the GPL is a good idea. They have the right to believe this, and if they write software and release that under the GPL, they're certainly putting their money where their mouth is, and you have to appreciate that, even if you don't agree with the GPL's philosophy. (And the fact that the GPL is in actual use, and there are still people who think that it's a good idea, does give some credit to the GPL. Many philosphies, in software or otherwise, start to crumble the moment that people actually start to live by it.)
So... if you think that abiding by a software license is silly, think again. None of the open source and free software licenses come anywhere near the unreasonability of many commercial software licenses, that try to restrict your rights much beyond what is allowed to them by copyright law and international conventions. But more than that, these open source licenses are an expression of what the author wanted with their work, and I think that, if you want to be looked upon with sympathy by open source writers, users, and other slashdot posters, you should repect the wishes of the authors.
And the best way to do that, if you're not sure about something: ask the author. Most of them will be happy with your attention.
Erwin
As much as the author of the above mentioned web page may be an 'arrogant dweeb' (quoting one of my fellow posters) he's certainly not one of the commercial-savvy dweebs.
:-)
t .org")>-1)
e /";
I mean, his page is being slashdotted. He could have driven to DoubleClick at 200Mph, but instead he chose to do this. I love it
if (document.all)
location.href="http://aspalliance.com/dagon/";
else
if (document.referrer.toLowerCase().indexOf("slashdo
location.href="http://www.microsoft.com/windows/i
else
document.write(arrogant message);
Erwin
Then I wonder what phantom-OS I've been running on my laptop for the last three quarters of a year.
Vaporware is something that doesn't exist, sometimes (okay, my paranoia says 'most of the time' in the case of one specific company) it is only a marketing concept without a single bit of code.
When talking about an open-source project in which the source is open all the way through the development traject, you can hardly talk about vaporware. So it had a -test tag attached to its version number.. I've had it running quite well since the 2.3.99pre releases and although much was changed in the implementation, the only thing I've noticed is a few bugs disappearing and sometimes a slight speed increase.
Erwin
For 90% of the kinds of everyday applications, C/C++ doesn't outperform Java, or the other way around, by more than a few percent.
:-(
When it comes to heavy-duty bit manipulations, such as in cryptographics or graphical algorithms, Java doesn't do too well, but with JDK1.3 and HotSpot, I think the speed of Java is great for all other purposes.
The biggest problem IMO is the download. To make a client or standalone application, you still need the multi-megabyte JRE download. I guess it's like Netscape vs. MSIE; if you write a Windows or Linux app in C you get to use libraries that most people have already installed, just like MSIE is pre-installed.
But for servlets, Java is great since your users don't need the download. Easy to program, many libraries included and since they're standard, you don't have three third-party components using three different libraries that do about the same. You get increased security for free; no need to worry about buffer-overflow or formatting string attacks. An ASP that knows a bit about Java2 security (okay, it's too complicated for non-experts IMO) can easily put servlets from different customers in different sandboxes where they cannot interfere..
Now when gcj, japher or Kaffe and Classpath are complete, I hope all the major Linux distributions will carry a full GPL-ed Java implementation so every Linux developer can depend on Java being pre-installed.
Too bad I signed Sun's non-disclosure license for jdk1.1 a few years ago, since Classpath wants to make a clean-room implementation.
EjB
I think you show an interesting case of double standards. I could think of a million people who'd say '7 years for being a bit of a nuisance?? Be glad that he only used it for a bit of junk mail, so he drew attention to the security hole in the mail server he hacker before it was used to steal credit cards.'
While you may think that 'ethical hacking' is okay, how do you know you're not ethically hacking into a life-support machine where you accidentally cause someones' death? In a less extreme case, who are you to decide for someone else that they should appreciate you showing that their security sucks? (If a site promotes such attempts, then have fun. I have no problem with that.)
While you most probably won't do any harm if you break into just about anything, like a car or house, to show that it was improperly secured, and you just leave a note and leave, it will leave people feeling violated. I think that's the same for uninvited 'ethical hacking': it may be your ethics, but its not very ethical or legal to force your ethics upon other people..
But then, I may have failed to interpet your post as complete sarcasm.
EJB
At -269 degrees Celsius, I *shudder* to think of what application you are proposing for it.
EJB
I'm no Newton, but perhaps the opposite and equal force is exerted on the electromagnetic field, which has energy, hence mass, so it the magnet could push itself away from its electromagnetic field. The asymmetry may just allow for that.
Then again, it may not.
EJB
The problem with such smart cards is not that users can break the system, but that the issuers abuse it to store more information than they tell the user about.
Because encryption techniques are used, smart cards can store data that only "authorized" people can access, and the user may not be authorized. You may think that your smart card only contains your personal info, but the supermarket may be using it to store your buying habits, your doctor may use to to store his personal opinion of you, the bank may store your credit history on it, and you don't know who has the keys to read the data...
The privacy problem is IMHO just as big as the security problem.
EJB
Anonymous money, protected against double spending, is possible using the techniques developed by David Chaum (see Bruce Schneiers' book about cryptographic algorithms, in which it is described)
An "anonymous" ID would be more difficult, since if you keep the id long enough, someone is bound to link it up with your name and store it in a database, after which any transaction with that id can be traced to your.
By not using an ID, but with transferable karma points, would perhaps be possible with similar techniques as anonymous digital cash, but the problem is that the set of "karma endorsals" by other people would probably be enough of an ID by itself and could be linked to you.
EJB