But that IS what the article is saying. The skilled hacker activity of anonymous is very limited, and if those heads were cut off, then there would really just be a network of voluntary DDOS bots, which isn't really anything all that unique since traditional botnets can do the same thing.
Does it bother anyone else that most of the ideas he is asking someone to take from WebOS already exist in Android Honeycomb and ICS?
Switching apps is a two click process with screens nicely organized from recent and running apps. The windows are similarly organized for switching apps. System wide accounts have been supported since at least Android 2.1 (Eclair) Keyboard is more a preference and not really anything special compared to some of the keyboards available on Android. Notifications... hello... this has been in Android for as long as I can remember. Settings access in ICS is available directly from the notification pull down and is available directly from the clock in Honeycomb.
The multiple screens thing is the only thing that WebOS has from the article that Android doesn't currently have, if not has had for a while now. It's still a nice right up on the capabilities of WebOS, but to pretend that the ideas are not already out there in other platforms is silly.
If I stay awake until I get tired, I stay awake for 24 hours at a time and then sleep for 12. I just lucked out because I'm able to sleep alright after 16 hours awake, though it does make for brutal mornings. For a few weeks one summer though I went to a 24/12 schedule and it was the best couple weeks ever even if people had trouble getting used to when I was available and when I wasn't. Apparently it is fairly common to have a longer than 24 hour circadian rhythm. I know someone had put together a 6, 28 hour day a week schedule that could be done if you have flexible enough hours, though thus far I have not been in a situation where the hours are flexible enough to try it.
Because if you call up and say I would like 50 copies at only X they say to take a hike since it is clearly worth the asking prices if you need that many copies. If you are only getting one copy, then you aren't using it full time. Any place that needs more than one copy, I'd expect that at least one copy should be full price since clearly it is being used by at least one person full time.
That's why a good Strongs concordance and a parallel Bible app are a wonderful thing. Cross a good academic translation like the 2010 NIV with a good literal like Youngs and a good traditional like NASB, throw in a good concordance and dictionary and read the full passage and related passages for context and it isn't too bad, but yeah, some parts require careful study.
That's a fair point. I guess it is more accurate to say that it is grammatically difficult to translate it in such a way that the contextual clues lead to the correct meaning of the word.
Ok, my bad, the word is yom, it can mean day or afternoon or age or daily or eternity or entire or lifetime or long or perpetually... the word doesn't translate well to a term we have in English, but in short, it roughly translates as "when you eat from the tree you will die". Also, even if you assume the 24 hour day is the correct translation, in a very real sense, Adam did die at that point even if it took time for him to physically die. The Bible clearly refers to both spiritual death and physical death and the spiritual death was at the time of eating from the tree.
That's the true ideal behind OSS though. At the end of the day, the objective of any OSS that is going to be successful needs to be to make money to pay development teams. This works because the software itself is a loss leader to support or some other marketable service. This is no different from what Google is doing with Android. They front the development and on official distributions they add their ad supported services to give them an income stream. It is perfectly allowed to bypass their revenue streams if you want with your own build of Android, though personally I believe in supporting Google in their effort since they were providing a free platform first and then only trying to use other service based mechanisms to try to profit from it.
It's true that their services are not OSS, nor would I really expect them to be. Services don't really lend themselves to OSS well since they have a cost to operate (since they require servers and the like) and this makes it very hard to successfully run one if you were to fragment your service providers by releasing the software that provides the service. There would also be no real possible revenue stream for supporting the service providers and would result in data fragmentation. They do however provide their services freely. I agree with the articles analysis that Open APIs are not the same thing as OSS and it is scary (and arguably stupid) to use one if it could put you at odds with the provider, but I don't really see much of a viable economic model for open source hosted services with major data requirements.
Unfortunately it isn't vanishingly rare. That said, I agree with you that it isn't justification for infringing on the rights of the innocent. It should be possible to come up with a system that still allows for judicial review without leaving loop holes for abuse. Might it be more technically difficult and costly? Sure, but such is the price of liberty.
Yeah, this is probably the best name and actually, you could even maintain domain ownership but simply setup DNS records for it with the entry point on his server doing a permanent redirect so that search sites will catch on to the update and the URL will re-write. I've never let go of a domain name that I actually used intentionally and was thankfully able to reclaim the one that I had that accidentally lapsed, but we had something where we wanted transition from people using gccafe.com to wiicafe.com when the Wii first came out and we did it via a permanent redirect on the web server. Making it so your DNS directs to their web server for the necessary sub domains ensures that your server doesn't get hit with significant load, though you could do a permanent redirect on your own web server as well if you wanted to re-purpose the domain while leaving a redirect up.
"With the July 11, 2008 release of the iPhone 3G, Apple and AT&T changed the U.S. pricing model from the previous generation. Following the de facto model for mobile phone service in the United States, AT&T will subsidize a sizable portion of the upfront cost for the iPhone 3G followed by charging moderately higher monthly fees over a minimum two year contract."
While the contract was required, the phone was NOT subsidized. Apple made less on the phone, AT&T just made more. I understand how you made the mistake, but you are still incorrect.
Ok, fine, in that case you simply made an argument you knew to be bullshit and hoped people were stupid enough to not realize the fact your argument was bullshit. The original iPhone released at $599 for the top sized model without contract compensation. The current iPhone costs $849 unsubsidized. That would be a $250 increase or almost 50% more. You would be the idiot that wanted us to believe the prices were dropping and was arguing that prices had not gone up.
While I agree with you about the above poster not understanding prices, you failed pretty hard too. An iPhone costs the same as an iPad for the same reason a laptop costs more than a similar desktop. The hardware is smaller, and therefore more expensive. It is more complicated to design, requires better heat management and smaller parts. The screen resolution also has to be higher which means more difficult to produce screen panels. All in all, it is actually a small wonder than the iPad doesn't cost less than the iPhone, though I would hazard that it probably has faster hardware to hit a target sweet spot price point as selected by Apple's marketing department.
Also, Windows was well established before Linux was even remotely close to competitive in terms of hardware support and simplicity. Now the learning curve is probably one of the main issues for people and that keeps the software from becoming available. At this point, if Linux could get a big enough market share to get major software titles behind it, chances are good it would be hard for MS to keep Windows in the forefront, but for now, Linux has a chicken and egg problem it has to address.
I really and truly hope you are trolling... for your sake. If not, Android didn't steal shit. All that changed with phones was that the tech got smaller and multi-touch enabled gestures. Beyond that, the interfaces are no more similar than iOS is to Palm OS (sans gestures because of the lack of multi-touch capable screens.) Gestures themselves were a non-innovative invention as everyone had wanted to be able to do them for a long time.
What Apple did do is build out a market through marketing. They mass marketed the success of their iPod to market the iPhone as a phone version of the iPod. They used a brand people knew in order to launch it in to the main stream. It wasn't technical innovation on their part, simply good business sense. Now they are simply trying to sue to keep other competitors from taking over their market share. It's that simple.
It's more accurate to say real security is impossible. If someone really wants to get at you, they will. Security is all about making it easier to get the next guy so it isn't worth the effort.
Oh, and if what you are thinking with asymmetric crypto is to do a bitcoin like thing where the merchant would have to hand the receipt to be digitally signed and then send it in to the merchant bank, they would still need to know which bank to send it to and which account it is associated with. The account information would still have to be transmitted in the encrypted communication, the signing would simply help ensure that a vendor doesn't try to charge things that they are not authorized to charge. That is an interesting idea, but you would still use symmetric cryptography to exchange the information.
Um, I don't think things work the way you think they do. With respect, you do not understand what you are talking about and are in significantly over your head. Thumb prints don't give a definitive hash, it's more like a quasi-match that looks close enough. Every scan of your finger print looks different and has to be analyzed so you couldn't reproduce the same hash later. Even if it could make a uniform cache, using asymmetric crypto in this case makes no sense at all. Asymmetric is inherently and substantially weaker than symmetric cryptography which is the only thing you should trust for long term storage on a device like a phone where communication of the key is not necessary. Your third point doesn't seem to do any good at all as the service could easily be spoofed or ignored. Your forth point is wrong as it is already protected over the air. You have to communicate the payment mechanism (the card) somehow. You encrypt it via a one time challenge/response generated by both the terminal and the client. This is how it ALREADY works! On your fifth point, again, this is how it already works. Google wallet uses a Google Cash card which is a prepaid card that you add funds to.
As for your additional ideas, 1) why use your phone to make a purchase online when the TPM in the laptop could do it directly without the need to do any additional work with the phone? 2) Already doable via either NFC, Bluetooth or WiFi, granted, the private key still has to be stored on the device if you wish to do it certificate based and symmetric would still be more secure. 3)This is already possible and is one of the things that the article actually faulted google for. I'm not sure if it will work directly with quick books, but a detailed transaction log is available.
In short, most of your "great ideas" are either bad ideas or already implemented (and the exact things the article is complaining about) while most of the "problems" and "solutions" you provide are full of holes and/or simply don't work.
The fact is this article itself is bullshit. They store critical information securely on the device and tie it to a trusted platform module. The company is just bitching that in their opinion, they think that some of the data google doesn't bother storing in secure storage shouldn't be left outside. Some of the information I suppose I could arguably agree on (like saying that balances might be available), but much of it is total bullshit. For example, they complain that they could access someone's name and e-mail address... really??? No kidding, it's a phone... I'm pretty sure I could find that on anyone's phone under contacts.
I'm not sure this is true though because of the fact this only accounts for controllable variables and insurance almost always has uncontrollable variables. This really isn't that different from health insurance companies giving money back for practicing healthy habits. In the case of car insurance, your driving habits may help limit your risk of causing an accident, but they do reasonably little to prevent someone else from hitting you. If you are an alert driver then you may be more able to avoid it, but these kinds of stats wouldn't really indicate level of attentiveness.
There are still many unknown factors. I suppose in the truest sense you are correct as the carrier is assuming risks from less unknowns, but they are also effectively taking on more risk from other factors if they decrease the cost while keeping the coverage the same. For full disclosure, I work in the insurance industry.
Better info I found a bit later on wikipedia "By space program, 18 NASA astronauts (4.1%) and four Russian cosmonauts (0.9% of all the people launched) died while in a spacecraft." So not only is it fairly high (over 4% by population carried in to space), but Russia had a significantly better safety record, so it at least in theory was avoidable.
Your argument seems decent until you consider the overall population size you are dealing with. Not that many people have been launched in to space. There have only been 165 manned launches of which 2 resulted in fatalities. That's more than 1% error. That's still a pretty significantly high margin, even in comparison to other forms of exploration (at least recently). We certainly have gotten better than we were in the past, but I wouldn't say that it was all that impressive either.
That's a really interesting idea for public consumption, though I would still prefer the media to have direct access to a real time feed, either through accounts on the same site or through a steady supply of decryption keys for a radio they purchase. There are a lot of situations where the need for real time monitoring is high in order to ensure adequate news coverage. It also does serve as a positive check and balance as well, though to ensure it would remain a check and balance, it would have to be procedural that all news agencies could get the keys (otherwise the police department could threaten to cut off keys if the station reported in a way they didn't like).
That all said, I firmly agree with the notion of securing law enforcement communications. It is a key step towards fighting higher levels of sophistication and higher levels of technology use by criminals and should make things safer and better for everyone provided that proper checks and balances are maintained.
Slashdot Mirror
But that IS what the article is saying. The skilled hacker activity of anonymous is very limited, and if those heads were cut off, then there would really just be a network of voluntary DDOS bots, which isn't really anything all that unique since traditional botnets can do the same thing.
Does it bother anyone else that most of the ideas he is asking someone to take from WebOS already exist in Android Honeycomb and ICS?
Switching apps is a two click process with screens nicely organized from recent and running apps.
The windows are similarly organized for switching apps.
System wide accounts have been supported since at least Android 2.1 (Eclair)
Keyboard is more a preference and not really anything special compared to some of the keyboards available on Android.
Notifications... hello... this has been in Android for as long as I can remember.
Settings access in ICS is available directly from the notification pull down and is available directly from the clock in Honeycomb.
The multiple screens thing is the only thing that WebOS has from the article that Android doesn't currently have, if not has had for a while now. It's still a nice right up on the capabilities of WebOS, but to pretend that the ideas are not already out there in other platforms is silly.
If I stay awake until I get tired, I stay awake for 24 hours at a time and then sleep for 12. I just lucked out because I'm able to sleep alright after 16 hours awake, though it does make for brutal mornings. For a few weeks one summer though I went to a 24/12 schedule and it was the best couple weeks ever even if people had trouble getting used to when I was available and when I wasn't. Apparently it is fairly common to have a longer than 24 hour circadian rhythm. I know someone had put together a 6, 28 hour day a week schedule that could be done if you have flexible enough hours, though thus far I have not been in a situation where the hours are flexible enough to try it.
Because if you call up and say I would like 50 copies at only X they say to take a hike since it is clearly worth the asking prices if you need that many copies. If you are only getting one copy, then you aren't using it full time. Any place that needs more than one copy, I'd expect that at least one copy should be full price since clearly it is being used by at least one person full time.
That's why a good Strongs concordance and a parallel Bible app are a wonderful thing. Cross a good academic translation like the 2010 NIV with a good literal like Youngs and a good traditional like NASB, throw in a good concordance and dictionary and read the full passage and related passages for context and it isn't too bad, but yeah, some parts require careful study.
That's a fair point. I guess it is more accurate to say that it is grammatically difficult to translate it in such a way that the contextual clues lead to the correct meaning of the word.
Ok, my bad, the word is yom, it can mean day or afternoon or age or daily or eternity or entire or lifetime or long or perpetually... the word doesn't translate well to a term we have in English, but in short, it roughly translates as "when you eat from the tree you will die". Also, even if you assume the 24 hour day is the correct translation, in a very real sense, Adam did die at that point even if it took time for him to physically die. The Bible clearly refers to both spiritual death and physical death and the spiritual death was at the time of eating from the tree.
He didn't say when he would die now did he?
Just fast forward to Song of Solomon. It has plenty of tits for you.
That's the true ideal behind OSS though. At the end of the day, the objective of any OSS that is going to be successful needs to be to make money to pay development teams. This works because the software itself is a loss leader to support or some other marketable service. This is no different from what Google is doing with Android. They front the development and on official distributions they add their ad supported services to give them an income stream. It is perfectly allowed to bypass their revenue streams if you want with your own build of Android, though personally I believe in supporting Google in their effort since they were providing a free platform first and then only trying to use other service based mechanisms to try to profit from it.
It's true that their services are not OSS, nor would I really expect them to be. Services don't really lend themselves to OSS well since they have a cost to operate (since they require servers and the like) and this makes it very hard to successfully run one if you were to fragment your service providers by releasing the software that provides the service. There would also be no real possible revenue stream for supporting the service providers and would result in data fragmentation. They do however provide their services freely. I agree with the articles analysis that Open APIs are not the same thing as OSS and it is scary (and arguably stupid) to use one if it could put you at odds with the provider, but I don't really see much of a viable economic model for open source hosted services with major data requirements.
Unfortunately it isn't vanishingly rare. That said, I agree with you that it isn't justification for infringing on the rights of the innocent. It should be possible to come up with a system that still allows for judicial review without leaving loop holes for abuse. Might it be more technically difficult and costly? Sure, but such is the price of liberty.
Yeah, this is probably the best name and actually, you could even maintain domain ownership but simply setup DNS records for it with the entry point on his server doing a permanent redirect so that search sites will catch on to the update and the URL will re-write. I've never let go of a domain name that I actually used intentionally and was thankfully able to reclaim the one that I had that accidentally lapsed, but we had something where we wanted transition from people using gccafe.com to wiicafe.com when the Wii first came out and we did it via a permanent redirect on the web server. Making it so your DNS directs to their web server for the necessary sub domains ensures that your server doesn't get hit with significant load, though you could do a permanent redirect on your own web server as well if you wanted to re-purpose the domain while leaving a redirect up.
Ack, forgot to reference that, it is from wikipedia's page on history of the iPhone. http://en.wikipedia.org/wiki/History_of_the_iPhone
"With the July 11, 2008 release of the iPhone 3G, Apple and AT&T changed the U.S. pricing model from the previous generation. Following the de facto model for mobile phone service in the United States, AT&T will subsidize a sizable portion of the upfront cost for the iPhone 3G followed by charging moderately higher monthly fees over a minimum two year contract."
While the contract was required, the phone was NOT subsidized. Apple made less on the phone, AT&T just made more. I understand how you made the mistake, but you are still incorrect.
Ok, fine, in that case you simply made an argument you knew to be bullshit and hoped people were stupid enough to not realize the fact your argument was bullshit. The original iPhone released at $599 for the top sized model without contract compensation. The current iPhone costs $849 unsubsidized. That would be a $250 increase or almost 50% more. You would be the idiot that wanted us to believe the prices were dropping and was arguing that prices had not gone up.
While I agree with you about the above poster not understanding prices, you failed pretty hard too. An iPhone costs the same as an iPad for the same reason a laptop costs more than a similar desktop. The hardware is smaller, and therefore more expensive. It is more complicated to design, requires better heat management and smaller parts. The screen resolution also has to be higher which means more difficult to produce screen panels. All in all, it is actually a small wonder than the iPad doesn't cost less than the iPhone, though I would hazard that it probably has faster hardware to hit a target sweet spot price point as selected by Apple's marketing department.
Also, Windows was well established before Linux was even remotely close to competitive in terms of hardware support and simplicity. Now the learning curve is probably one of the main issues for people and that keeps the software from becoming available. At this point, if Linux could get a big enough market share to get major software titles behind it, chances are good it would be hard for MS to keep Windows in the forefront, but for now, Linux has a chicken and egg problem it has to address.
I really and truly hope you are trolling... for your sake. If not, Android didn't steal shit. All that changed with phones was that the tech got smaller and multi-touch enabled gestures. Beyond that, the interfaces are no more similar than iOS is to Palm OS (sans gestures because of the lack of multi-touch capable screens.) Gestures themselves were a non-innovative invention as everyone had wanted to be able to do them for a long time.
What Apple did do is build out a market through marketing. They mass marketed the success of their iPod to market the iPhone as a phone version of the iPod. They used a brand people knew in order to launch it in to the main stream. It wasn't technical innovation on their part, simply good business sense. Now they are simply trying to sue to keep other competitors from taking over their market share. It's that simple.
It's more accurate to say real security is impossible. If someone really wants to get at you, they will. Security is all about making it easier to get the next guy so it isn't worth the effort.
Oh, and if what you are thinking with asymmetric crypto is to do a bitcoin like thing where the merchant would have to hand the receipt to be digitally signed and then send it in to the merchant bank, they would still need to know which bank to send it to and which account it is associated with. The account information would still have to be transmitted in the encrypted communication, the signing would simply help ensure that a vendor doesn't try to charge things that they are not authorized to charge. That is an interesting idea, but you would still use symmetric cryptography to exchange the information.
Um, I don't think things work the way you think they do. With respect, you do not understand what you are talking about and are in significantly over your head. Thumb prints don't give a definitive hash, it's more like a quasi-match that looks close enough. Every scan of your finger print looks different and has to be analyzed so you couldn't reproduce the same hash later. Even if it could make a uniform cache, using asymmetric crypto in this case makes no sense at all. Asymmetric is inherently and substantially weaker than symmetric cryptography which is the only thing you should trust for long term storage on a device like a phone where communication of the key is not necessary. Your third point doesn't seem to do any good at all as the service could easily be spoofed or ignored. Your forth point is wrong as it is already protected over the air. You have to communicate the payment mechanism (the card) somehow. You encrypt it via a one time challenge/response generated by both the terminal and the client. This is how it ALREADY works! On your fifth point, again, this is how it already works. Google wallet uses a Google Cash card which is a prepaid card that you add funds to.
As for your additional ideas, 1) why use your phone to make a purchase online when the TPM in the laptop could do it directly without the need to do any additional work with the phone? 2) Already doable via either NFC, Bluetooth or WiFi, granted, the private key still has to be stored on the device if you wish to do it certificate based and symmetric would still be more secure. 3)This is already possible and is one of the things that the article actually faulted google for. I'm not sure if it will work directly with quick books, but a detailed transaction log is available.
In short, most of your "great ideas" are either bad ideas or already implemented (and the exact things the article is complaining about) while most of the "problems" and "solutions" you provide are full of holes and/or simply don't work.
The fact is this article itself is bullshit. They store critical information securely on the device and tie it to a trusted platform module. The company is just bitching that in their opinion, they think that some of the data google doesn't bother storing in secure storage shouldn't be left outside. Some of the information I suppose I could arguably agree on (like saying that balances might be available), but much of it is total bullshit. For example, they complain that they could access someone's name and e-mail address... really??? No kidding, it's a phone... I'm pretty sure I could find that on anyone's phone under contacts.
I'm not sure this is true though because of the fact this only accounts for controllable variables and insurance almost always has uncontrollable variables. This really isn't that different from health insurance companies giving money back for practicing healthy habits. In the case of car insurance, your driving habits may help limit your risk of causing an accident, but they do reasonably little to prevent someone else from hitting you. If you are an alert driver then you may be more able to avoid it, but these kinds of stats wouldn't really indicate level of attentiveness.
There are still many unknown factors. I suppose in the truest sense you are correct as the carrier is assuming risks from less unknowns, but they are also effectively taking on more risk from other factors if they decrease the cost while keeping the coverage the same. For full disclosure, I work in the insurance industry.
Better info I found a bit later on wikipedia
"By space program, 18 NASA astronauts (4.1%) and four Russian cosmonauts (0.9% of all the people launched) died while in a spacecraft." So not only is it fairly high (over 4% by population carried in to space), but Russia had a significantly better safety record, so it at least in theory was avoidable.
Your argument seems decent until you consider the overall population size you are dealing with. Not that many people have been launched in to space. There have only been 165 manned launches of which 2 resulted in fatalities. That's more than 1% error. That's still a pretty significantly high margin, even in comparison to other forms of exploration (at least recently). We certainly have gotten better than we were in the past, but I wouldn't say that it was all that impressive either.
That's a really interesting idea for public consumption, though I would still prefer the media to have direct access to a real time feed, either through accounts on the same site or through a steady supply of decryption keys for a radio they purchase. There are a lot of situations where the need for real time monitoring is high in order to ensure adequate news coverage. It also does serve as a positive check and balance as well, though to ensure it would remain a check and balance, it would have to be procedural that all news agencies could get the keys (otherwise the police department could threaten to cut off keys if the station reported in a way they didn't like).
That all said, I firmly agree with the notion of securing law enforcement communications. It is a key step towards fighting higher levels of sophistication and higher levels of technology use by criminals and should make things safer and better for everyone provided that proper checks and balances are maintained.