The entire app-store ecosystem falls apart if Apple does not have this policy.
What, like the Google Play ecosystem fell apart? Like Amazon's app store fell apart?
Or maybe, just possibly, people might just for once be able to buy an app without paying an excessive device based tax that contributes to the astonishingly high profit margins of a Foxxcon device marketer.
You want worldwide free trade for the things you buy? Well, that's nice, you deserve no less than worldwide free trade in the things you sell.
That's the single biggest flaw with globalism right now. I have no issue with using cheap production to reduce the cost of goods and raise the standard of living in other countries. I greatly resent people in those countries enjoying a quality of life that I can't afford because they can buy the same luxuries at significantly lower cost while I'm prevented from enjoying those same benefits.
By what magic force should a company charge the same for a product
In the EU it's illegal for me to import branded goods from Asia that I paid full retail price there for, so that I can sell them for a 100% profit here while still undercutting the brand's wholesale prices here.
I don't mind companies finding a price that the market will bear. I have serious issues with companies using legislation to prevent me competing with them by arbitraging on their own prices.
If you're willing to buy (whatever) for twice the price of your neighbor, you can't really blame me for selling it to you at that price.
If you're willing to charge my neighbour half the price, don't fucking complain when I nip over to his house and pay the price he's paying.
Sorry, you appear to be suggesting that it's reasonable for a boss to demand that his staff vote for him in an election for public office.
Telling the whole world "I voted for the other guy" or even "Vote for the other guy" should not be grounds for sacking someone. The alternative is coercement of employees and that's corrupt and should be illegal.
Tell me, did you kill the nursery teacher for changing your daughters' nappies? Because I'm betting you weren't there, and that there was considerable contact to the groin area.
"oh, but that's different" you'll claim? Guess what. Legal contact is still legal contact. If you don't like that, don't put your daughters there and try and get the law changed.
Shit, email me when you daughters hit 16, I'll bring them here and show you some extensive contact.
There is a difference between being an atheist, which is what I am, and being a rabid anti-theist
I think it's because people are bored, frustrated and frankly offended by the religious justifications claimed by people imposing artificial constraints and laws on behaviour.
Calling out the ignorant and/or malicious people that both do this, and that propagate the archaic superstitions involved is a necessary step towards preventing such behaviour. It doesn't require an active belief in the non-existence of anything.
current orthodoxy simply said all the creation stories and so on up until Moses or thereabouts was intended as allegory and myth, not statements of factual history
Ah, religious revisionism. "Oh shit, the public are too well educated to belief that obvious bullshit now. Lets admit it's a con - but it's ok, they'll believe the rest still"
I look forward to the point in the future where all the creation stories and so on up until the end of the Bible or thereabouts is acknowledged as allegory and myth, not statements of factual history.
Your views distress me. Can I suggest that for your own life & liberty you avoid airports? You'll only get yourself hurt, while achieving nothing of consequence - psychopaths murdering airport staff will merely lead to a crackdown on psychopaths.
A disproportionate response will not change anything for the positive - see also the security theatre and its lack of benefits to the flying public..
Ah, I misinterpreted your question. You're talking about the customer IDing the bank when it calls them.
As a customer I just don't trust inbound calls. As a bank employee, I have to find mechanisms that balance customer service with security, without pissing off the customer. Any suggestions on how to achieve this bank ID check?
Incidentally, obscurity would be naive to throw away, even though it can't be relied on. It's not an illusion, it's just of limited value and insufficient.
I recall reading an article some time ago that drew attention to the prevalence of agitated middle-class young adults as suicide bombers in attacks against Israel.
Welcome to asymmetric warfare. I go to war with a militarily superior enemy, you bet I'm going to hit the soft targets.
If I can get a decade of worldwide TV coverage, destroy the way of life of my enemy and inspire a generation to join my cause then I'm going to consider that soft target a bloody good choice.
Anybody declares war on my country, I wont pretend for a moment that they can't hurt me because I'm a civilian. I'll defend my country.
Someone feels up my daughter and I will be ok with the prison time that comes for beating a TSA thug to death.
Someone however makes your daughter cry by patting her down because her psychotic father has demonstrated so little control that he can't be trusted not to try and hide weapons on here, and you'll kill them for doing their job?
Pass my commiserations on to your daughter. I hope she manages to escape you soon.
Can someone knowledgable in cryptography explain why a "one-time pad" system isn't a good solution security wise for online banking?
Because it's got nothing to do with cryptography. A one-time pad is a shared key use to encrypt/decrypt information, where - use of the key just once adds to its security by providing far less data from which to try and spot patterns and decrypt the message. - by not using a shared key, fewer copies exist, reducing the chance of acquiring a copy
A one-time transaction code is an authentication mechanism. It's a token saying, "Yeah, this transaction is real". If I know your one-time transaction code, I can attach it to my transaction and it'll still say, "Yeah, this transaction is real" whether it is or not.
So if I can get you to tell me your transaction code - or better yet, your next ten codes - I can issue a transaction with your confirmation that it's valid. The bank merely checks that you've validated the transaction and completes it, and I walk away with $5k.
No crytography was involved (which is why I've answered, despite being a muppet when it comes to cryptography).
the Fiducary Agent should be liable if any party presents with a document or data perporting to represent the individual and thereafter disburses money without it being properly the desire of the individual.
Without even being a lawyer, it seems to me that the obvious counter argument in this situation is that by giving the security access codes away, the customer was authorising (and de facto expressing the desire for) the criminal to access the funds.
To translate that into UK law: - someone randomly generates a credit card number/pin combination and uses it to steal cash: Bank is liable - customer gives their card number/pin to a criminal, who uses it to access that account: customer is liable.
The law is already heavily on the consumer's side in the UK (which is understandable, as the banks tend to be better able to cover the losses) but if banks become 100% liable for all fraudulent activity, people would soon start complaining about the difficulty of accessing their money.
Ok, so the phishing-in-the-middle is into my account. What can he do there?
Oh - that's right. Nothing. You see, no new transactions can be created that aren't signed using the token. As the signing process includes the amount being transferred, and part of the account number to which it's being transferred, it's highly unlikely that the phisher is going to have an account available with the correct characteristics to intercept a new payment I'm initiating.
Ok, letting someone else see the funds you have in your account, potentially eavesdrop on anything you do while in your bank website and risk them capturing secret information isn't a good thing. SecurID-type tokens are not 100% secure. But frankly they add significant security and fraud prevention, help the customer retain faith in their bank and do prevent less sophisticated attacks.
The entire app-store ecosystem falls apart if Apple does not have this policy.
What, like the Google Play ecosystem fell apart? Like Amazon's app store fell apart?
Or maybe, just possibly, people might just for once be able to buy an app without paying an excessive device based tax that contributes to the astonishingly high profit margins of a Foxxcon device marketer.
Family connections plus some ability to pass tests gets you chosen to be a pilot.
Not in the UK. But hey, talk bullshit all you like.
Oh, right - so now I have to lie to my boss to keep my job, and publicly support someone that I intend to vote against?
Sorry, I don't support totalitarianism.
I completely agree with you.
You want worldwide free trade for the things you buy? Well, that's nice, you deserve no less than worldwide free trade in the things you sell.
That's the single biggest flaw with globalism right now. I have no issue with using cheap production to reduce the cost of goods and raise the standard of living in other countries. I greatly resent people in those countries enjoying a quality of life that I can't afford because they can buy the same luxuries at significantly lower cost while I'm prevented from enjoying those same benefits.
By what magic force should a company charge the same for a product
In the EU it's illegal for me to import branded goods from Asia that I paid full retail price there for, so that I can sell them for a 100% profit here while still undercutting the brand's wholesale prices here.
I don't mind companies finding a price that the market will bear. I have serious issues with companies using legislation to prevent me competing with them by arbitraging on their own prices.
If you're willing to buy (whatever) for twice the price of your neighbor, you can't really blame me for selling it to you at that price.
If you're willing to charge my neighbour half the price, don't fucking complain when I nip over to his house and pay the price he's paying.
Sorry, you appear to be suggesting that it's reasonable for a boss to demand that his staff vote for him in an election for public office.
Telling the whole world "I voted for the other guy" or even "Vote for the other guy" should not be grounds for sacking someone. The alternative is coercement of employees and that's corrupt and should be illegal.
Oooh, aren't you the big man.
Tell me, did you kill the nursery teacher for changing your daughters' nappies? Because I'm betting you weren't there, and that there was considerable contact to the groin area.
"oh, but that's different" you'll claim? Guess what. Legal contact is still legal contact. If you don't like that, don't put your daughters there and try and get the law changed.
Shit, email me when you daughters hit 16, I'll bring them here and show you some extensive contact.
There is a difference between being an atheist, which is what I am, and being a rabid anti-theist
I think it's because people are bored, frustrated and frankly offended by the religious justifications claimed by people imposing artificial constraints and laws on behaviour.
Calling out the ignorant and/or malicious people that both do this, and that propagate the archaic superstitions involved is a necessary step towards preventing such behaviour. It doesn't require an active belief in the non-existence of anything.
current orthodoxy simply said all the creation stories and so on up until Moses or thereabouts was intended as allegory and myth, not statements of factual history
Ah, religious revisionism. "Oh shit, the public are too well educated to belief that obvious bullshit now. Lets admit it's a con - but it's ok, they'll believe the rest still"
I look forward to the point in the future where all the creation stories and so on up until the end of the Bible or thereabouts is acknowledged as allegory and myth, not statements of factual history.
Thanks, I was worried about my reading comprehension skills for a moment there.
Your views distress me. Can I suggest that for your own life & liberty you avoid airports? You'll only get yourself hurt, while achieving nothing of consequence - psychopaths murdering airport staff will merely lead to a crackdown on psychopaths.
A disproportionate response will not change anything for the positive - see also the security theatre and its lack of benefits to the flying public..
Ah, I misinterpreted your question. You're talking about the customer IDing the bank when it calls them.
As a customer I just don't trust inbound calls. As a bank employee, I have to find mechanisms that balance customer service with security, without pissing off the customer. Any suggestions on how to achieve this bank ID check?
Incidentally, obscurity would be naive to throw away, even though it can't be relied on. It's not an illusion, it's just of limited value and insufficient.
Interesting. You're raising a different argument entirely.
You do realise that it's possible to object to that behaviour without fucking killing someone?
That's the overreaction to which I responded, not the initial incident. Do try and get a sense of perspective here.
I accept that entirely. I just don't see it as justification for testerone fueled knee-jerk rage reactions in response.
Hmm. Good spot, I'm describing the use of a card reader, not a generic SecurID token.
You're right, can't do transaction signing with those.
What's wrong with proportionate response? Someone assaults your daughter, have them arrested and prosecuted.
Is that so hard?
And those unfortunate children brainwashed into carrying out suicide attacks are typically teenagers living in abject poverty
Are you sure about this? http://en.wikipedia.org/wiki/Suicide_attack#Profile_of_attackers
I recall reading an article some time ago that drew attention to the prevalence of agitated middle-class young adults as suicide bombers in attacks against Israel.
Especially, "pregnant". Sure. So that's not 14lb of semtex tucked up your jumper then, you really are going to fly while pregnant?
Civilians deserved to die because of this?
Welcome to asymmetric warfare. I go to war with a militarily superior enemy, you bet I'm going to hit the soft targets.
If I can get a decade of worldwide TV coverage, destroy the way of life of my enemy and inspire a generation to join my cause then I'm going to consider that soft target a bloody good choice.
Anybody declares war on my country, I wont pretend for a moment that they can't hurt me because I'm a civilian. I'll defend my country.
Someone feels up my daughter and I will be ok with the prison time that comes for beating a TSA thug to death.
Someone however makes your daughter cry by patting her down because her psychotic father has demonstrated so little control that he can't be trusted not to try and hide weapons on here, and you'll kill them for doing their job?
Pass my commiserations on to your daughter. I hope she manages to escape you soon.
Can someone knowledgable in cryptography explain why a "one-time pad" system isn't a good solution security wise for online banking?
Because it's got nothing to do with cryptography. A one-time pad is a shared key use to encrypt/decrypt information, where
- use of the key just once adds to its security by providing far less data from which to try and spot patterns and decrypt the message.
- by not using a shared key, fewer copies exist, reducing the chance of acquiring a copy
A one-time transaction code is an authentication mechanism. It's a token saying, "Yeah, this transaction is real". If I know your one-time transaction code, I can attach it to my transaction and it'll still say, "Yeah, this transaction is real" whether it is or not.
So if I can get you to tell me your transaction code - or better yet, your next ten codes - I can issue a transaction with your confirmation that it's valid. The bank merely checks that you've validated the transaction and completes it, and I walk away with $5k.
No crytography was involved (which is why I've answered, despite being a muppet when it comes to cryptography).
Cryptographic transaction signing. Already implemented on my bank account.
the Fiducary Agent should be liable if any party presents with a document or data perporting to represent the individual and thereafter disburses money without it being properly the desire of the individual.
Without even being a lawyer, it seems to me that the obvious counter argument in this situation is that by giving the security access codes away, the customer was authorising (and de facto expressing the desire for) the criminal to access the funds.
To translate that into UK law:
- someone randomly generates a credit card number/pin combination and uses it to steal cash: Bank is liable
- customer gives their card number/pin to a criminal, who uses it to access that account: customer is liable.
The law is already heavily on the consumer's side in the UK (which is understandable, as the banks tend to be better able to cover the losses) but if banks become 100% liable for all fraudulent activity, people would soon start complaining about the difficulty of accessing their money.
Ok, so the phishing-in-the-middle is into my account. What can he do there?
Oh - that's right. Nothing. You see, no new transactions can be created that aren't signed using the token. As the signing process includes the amount being transferred, and part of the account number to which it's being transferred, it's highly unlikely that the phisher is going to have an account available with the correct characteristics to intercept a new payment I'm initiating.
Ok, letting someone else see the funds you have in your account, potentially eavesdrop on anything you do while in your bank website and risk them capturing secret information isn't a good thing. SecurID-type tokens are not 100% secure. But frankly they add significant security and fraud prevention, help the customer retain faith in their bank and do prevent less sophisticated attacks.
A routing and account number are merely identifiers of an account. They do not authorise any action against that account.
It's like your name. I know your name: zippthorne. That doesn't authorise me to post on Slashdot using your account.
Differentiate between identifiers and authentication and authorisation.