Re: Stop with the mobile requirement already
Chicken and egg question. Why do you need an authenticator that doesn't require a Web connection for a service that basically requires you to connect to the Web?
4735 posts • joined 10 Jun 2009
Chicken and egg question. Why do you need an authenticator that doesn't require a Web connection for a service that basically requires you to connect to the Web?
It defeated the purpose of the fob: it's meant to be kept separate from the card so the thief/mugger steals the card but doesn't realize it has a fob until it's too late to go back for a second mugging. Sure, if the perp knows about it, they'll go for the fob, too, but at that point you're already up Crap Creek.
"Why does it seem to me the goal is 0% fraud ? When did that suddenly become the aim ?"
Because it's being demanded by the customers due to all the hype about card detail theft, and they won't settle for anything less.
"Back in the pre-internet days (yes, there really was such a time), it was more credit than debit card fraud (since we used to use cheques*) banks tolerated a certain amount of fraud, for a certain amount of money spent on security. I suspect it's still the same.
So rather than thrashing around for the "perfect" security (i.e.0% fraud), people should be thinking what can give me 1% fraud, for a reasonable (i.e. no damaging my profits too much) amount ?"
I suspect their margins are shrinking, lowering their tolerance levels. That and the investors are likely complaining about bleeding money.
"Does it really matter if the odd £10 dodgy transaction gets passed, as long as you catch the unusual £5000 a stolen/cloned card would be used for ?"
That was before fraudsters learned how to get around this by simply using quantity over quality. One £10 scam is tolerable but try a million of them. Savvy scammers have learned how to "smurf," or suck a card just enough to prevent it being flagged and then letting it sit. They're also tying geographic information to cards so thieves can perform transactions in the boob's hometown, making it harder to detect. In such an environment, the inch becomes the mile, drawing the fight into an all or nothing conflict.
Well, for many, their mobile is the only second factor available to them, so if you want 2FA, it's mobile or bust. If you declare 2FA bust, then you now have to figure out how to build a security system that's tamper-proof, turnkey simple, and doesn't require a second factor? Last time I checked, that means the general public is not accepting anything less than the impossible.
"Can't remember your password?
Re-set immediately just by using the details on the card and the date of birth.
Its not like my DOB is very secret."
So how do you tell the difference between a real customer with a bad memory and an intruder who did the research?
"The "password problem" is also very solvable: by a password manager. I remember exactly 2 passwords, both are quite secure; all the others are randomly generated passwords. While this isn't perfect, and a second ("2 factor") authorization is indeed desirable for financial systems, but that's nothing new; every bank already does that, as do some services like Dropbox."
Then someone breaks your master password. Or your memory's so bad you can't even remember that password. And the moment someone says, "Tough!", that someone loses at least one customer. So what are you going to do? Customers are demanding turnkey solutions that don't rely on memory and won't take no for an answer.
No, as the NSA has said, they've been let in through the front door, in this case by the equipment manufacturers. Sort of like gaining access to a gated area by hiring someone with the keys. Furthermore, I may be wrong, but authentication may not take place until the network connection has been established. Otherwise, you end up with what I call the Spike Milligan problem (he is quoted in a joke of, "Open the crate using the crowbar you will find inside.").
That would be funny...if I got the joke (meaning you failed at failing).
The point being if 10-30% of the general American population suddenly vanished, I doubt the ones in power would care for more than 24 hours. They would still have their riches and there would still be people to fight over. Barring some populist revolution (and given the average attention span, the bread, and the circuses, by the time they finally noticed...) we're probably already too late to change anything before it all crumbles. It's the latter days of Rome all over again. So pick your descent: slow in the handbasket or quick in the bullet train.
To the author:
Perhaps you don't realize it, but the general sentiment is that Congress (especially the upcoming one run by the Republicans) will be even less-inclined to listen to the American public than the one in place now. They're pro-business and minarchist; if they had any real say (say a Republican President), they'd dissolve the FCC. So there's a kind of "now or never" fervor.
Lastly, thanks to the way Congress is set up, there's basically no way to set up any real oversight in anything that matters. Simply put, anything you try gets smothered by counter-lobbying by the big firms who can easily spend six or even nine figures like it's nothing. And they consider it constitutionally sacrosanct and impossible to quash.
Perhaps. It's like with CPUs. They were probably running into a hard limitation set simply by the size of the electron, which is fixed and sets a size floor. If storing data requires an absolute minimum of electrons to work, then you flat-out can't get any smaller, just as CPUs aren't likely to shrunk much further due to physics properties that kick in at those sizes. It's like trying to cram a baker's dozen into an egg carton: something's gonna break.
So it's the end of the line. Now everyone's going to be scratching their heads and wondering, "What now?"
But what happens when all those 1000+ drives fill up because the Big Data just got TOO Big Data? That's what I'm pointing at. Big Data is growing faster than the drives would normally be able to keep pace. Even if you left room to slot in more drives (and the power costs this would entail), it would just keep growing until it reaches Brobdingnagian proportions and you reach the point where swapping out for bigger drives becomes more economical and continuing to grow your data center.
Thing is, you still forgot to notice that other factors doesn't necessarily include such specifics as drive speed and bus but also other things such as the sheer amount of data that people and firms want to store. This created an externality that put a ceiling on the service life of a drive independent of mechanical reliability.
But note your own words: "other factors being equal". The problem in the past has been the increasing amount of data to be stored has historically made existing drives too small by the time five years came up (there's your "other factor"). I still remember the time around 1990 when 200MB was considered pretty big. By around 2000, it was 20GB, then 200GB, and now we're routinely doing multiple terabytes. Thing is, that pace as noted has started to slow. Now capacity is harder to boost up (which I hate since longer-term bulk storage stinks on the consumer end), much as the GHz wall was hit. So now, much as CPUs have moved to multiple cores, drives need to move in another direction: in this case, longevity. Maybe the longevity won't necessarily some from spinning rust but in improvements in SSD tech; just saying that if the customers want longer-lasting drives, someone will deliver it somehow and the give-and-take of price will then ensue.
PS. Maybe the 100mpg carburetor doesn't exist, but people started demanding more efficient cars because of scary-high petrol prices, and manufacturers eventually started delivering. Now, gas/electric hybrids are becoming more and more commonplace.
"If the ISPs and email providers actually wanted to greatly reduce the spam, then they would go after the spammers' business models."
How do they do that when many spammers are now employing botnets to make their e-mails look like they're coming from someone else. IOW, how do you trace the botmaster? Especially if they're based in a hostile country?
As I've noted before, does it HAVE to be a desktop? Instead of say a graphical network terminal, where a tablet with a keyboard and mouse attached? Done that way, perhaps several desktops can be replaced with one server that serves multiple network computers. Which becomes cheaper long-term: several desktops or one big server and network computing links to them?
I'm talking the office environment. If you need it for a private or personal business, well that's your prerogative. But you'd also be the exception. Enterprises, as content creators, will always need the horsepower. Thing is, thanks to improved portable computing and networking capability, man and machine really don't necessarily have to be in the same room anymore. Indeed, barring outlying circumstances like social interaction, why bother with an actual office? Meanwhile, computing has morphed into something that doesn't necessarily need a single muscleman processor to accomplish. By necessity, we've become much more adept at finding ways to slice the jobs into smaller bits that can be parallelized. Even some of the toughest ones like video encoding can be split effectively if you do a little analysis first (for example, detecting scenes and splitting by them would not incur losses because each segment would be split at key frames).
"The difference is productivity. On a desktop with a mouse and a full numeric keypad I can fill out a spreadsheet with data from three different sources, draw a chart, copy it into a document, format it nicely, and email it to twenty recipients. All within five minutes."
What about network computing which would let you do the same things by connecting to some headerless server somewhere and do the same things with a keyboard+mouse attached by On-The-Go? Why does it always have to be a genuine honking workstation actually sitting on your desk?
Lucky you. You're the exception except for the water. But most infrastructure is privately owned and operated. This is particularly true for communications infrastructure like telephone and cable. For the small towns, de jure infrastructure monopolies are pretty much the rule since they're the only way utilities would agree to reach all the way out to them; otherwise, they'd just go "no deal" and leave them high and dry. And if anyone tried to make the infrastructure government-owned, the minarchists would be crying abuse, waste, and taxes. Either that or the threat of China and Russia taking over the Internet. It's basically boiling down to a no-win situation.
I don't know. I think their thought is sort of like, "Give an inch, they take a mile." The idea is that if you allow them to prioritize traffic one way, two things will happen. First, people will abuse the system and, for example, disguise torrent traffic as video or SIP streams (or simply encrypt everything so you can't tell what's what). This will then push the providers to say, in the interests of prioritizing "proper" traffic, they'll have to filter some other, necessarily improper, way. IOW, it becomes the thought that the only proper filtering is NO filtering because it creates a slippery slope.
No, it's two entirely different countries. In America, most utility infrastructure is privately owned by the utility providers (probably the only exceptions are plumbing-related--water and sewage--and that's due to them being underground, usually under publicly-owned roads). Everything else clearly has ownership tags attached. I see power poles marked property of the power company (private) and buried cable markers with the logo of the phone company. So if utilities are publicly-owned, why the private ownership tags?
Actually, a natural monopoly IS NOT a "de jure" monopoly. On the contrary, it's a "de facto" monopoly created due to its existence being something of a "necessary evil": IOW, we need it, but we don't like what it does to the place. Take utilities such as gas. These utilities are needed for modern society to function, but as a necessity, these utilities require significant amounts of infrastructure that raises lots NIMBY issues. We DON'T WANT more than one set of utility infrastructure crowding our communities, so we naturally choose a winner to avoid this.
They're privatised monopolies because no one WANTS a second set of pipes and so on. It's a NIMBY thing.
Congress hates Obama already, and to them a do nothing Congress is a winning scenario. As for the Attorney General, fast chance on getting a confirmation from a GOP-led Senate.
"So, Mr President, the insinuation that this is all in the FCC's hands is just not correct. The simplest solution here is to clarify the wording of the Act. Once that is done, the FCC can - and must - apply it as written. I appreciate that this may not be an easy task to accomplish but it really is the only way forward."
Just one problem. Congress will soon be in full Republican control. And the republicans are likely to be pushed by minarchist Tea Partiers who would gladly clarify the Act by simply stirking it. Meaning they'll be going in precisely the opposite direction from what President Obama (and apparently the general public) want. So if amending the Act is not an option, what now?
Thing is, most customers in the US are used to flat-rate prices with the word "unlimited" attached. Plus some users are getting cheeky and abusing the QOS tags.
No can do. The Telecommunications Act, passed in 1934, explicitly puts the authority on Congress's table. They do this because the TCA can be amended by later Congresses (and it's been amended at least twice by later Acts). The President's EOs can ONLY be used to enforce terms spelled out in the Act (thus why it's called the Executive branch), and since the Federal Communications Commission is enabled by the Act itself, not by the President, Obama has no direct influence over the FCC. If he tries to overstep, someone in Congress can challenge the constitutionality of the EO in the courts (and EOs HAVE been ruled unconstitutional in the past).
"That would be the FiOS that Verizon has decided to stop expanding four years ago? The one that people can't even get in rural towns such as New York?"
New York? That's an old city. Across the water, the same can be said of London. They share the same problem. They're old cities, meaning they're all built up and full of old infrastructure that's more or less still in use. That means you can't tear anything up for fear of tearing something up you're not supposed to (hint: New York does not allow implosion demolition in case the collapse messes up stuff underneath). So you have to ask yourself: how does New York put in new infrastructure without messing up all the old infrastructure (on which lives can depend) in the process?
"I worry that the banner of 'Net Neutrality' is sufficiently vague and poorly informed that it will be used as the name of convenience for a regime that nobody wants -- universally crappy bandwidth."
But without the ability to prioritize, raw last mile bandwidth becomes a point of competition. If everyone is doling out universally-crappy bandwidth, the first to deliver universally-not-so-crappy bandwidth at decent rates is going to attract attention...and steal customers. You would think the incumbents would take notice at that point, much as how T-Mobile's audacity (pretty much forced being #3 in the mobile market) is making AT&T and Verizon take notice.
"So what happens in a Civil War when both teams theoretically have home field advantage?"
It's just like with sports. Home field differs from skirmish to skirmish, depending on whose ground the battle is taking place. That's why one has to wonder how the Army would storm a town where the people know where and how to hide and ambush. And it's unlikely that the Army would be led by a hometown person since it's likely he or she has family there he/she would want to protect (meaning hometowners are among the most likely to defect).
"The problem is elsewhere - the gun nut lobby fav argument is that the gun is the means of defending against the big bad argument. This is supposedly, somehow, logical despite the government having drones, cruise missiles, stealth aircraft and being able to take you out on short order anywhere around the globe."
It is QUITE logical given the most powerful army in the world couldn't land a decisive blow against the likes of jungle and desert guerillas (see Vietnam and Iraq). Using that as a history, it seems no technology in the world can stand up well against home-field advantage.
Show me a way to do geographic denial through compact pure mechanical means, THEN we'll talk.
Not hindered since radio antennae are mounted externally and then fed to the radio by a wire.
That said, what's to stop someone from gutting out the interfering material or installing some kind of repeater?
"Using your phone while driving, to photograph someone using their phone while driving, sounds like a brilliant plan with but one tiny flaw... :D"
What? Like doing this from the passenger's seat?
But when natural-born citizens target and bomb national infrastructure (Oklahoma City, 1995), it begs a bigger question, "WHO can you trust?" And if the answer is "No one," what's the point of civilization then?
"You should be exiting the building on a crappy ADSL service from a crappy ISP, and looping back in via the big bad internet."
It would be better still to set up a small intranet backed by a modem. Some people are LUCKY to have dialup access (it can happen: middle of nowhere with view of the south sky blocked somehow--no satellite), so they still need to be considered.
"Oh wait, you meant will it warn you as the admin of the system in advance of a failure? Erm, ah, ... Yeah, they really should do that."
Correct me if I'm wrong, but is the most frequent point of failure in a SSD less the memory chips and more the controller that herds them all (which makes any redundant chips moot)?
And Americans liked the idea as well. They adopted a simple design of their own that became the M-3 SMG. Their main justifications were price and mass productions. At 1/10 the price of a Tommy Gun and easily made at stamping plants, it gave the troops a simple but useful arm for urban and forest combat. Later on, IIRC, they took the idea even further with a bare-bones pistol design: the original Liberator. It wasn't pretty or pretty accurate, but they were dead simple to use to the point each one came with pictorial instructions and can be dropped by the bushel to your favorite insurgent group out to topple America's Enemy of the Week.
About the only reliable options left after Verizon and AT&T are T-Mobile and Sprint. T-Mobile's the most reasonable at this time: they use GSM-based phones, provide some nice perks albeit with less coverage area, and are pretty much forced to focus on customers (since they need to steal who they can from the big two).
Having said that, how long do you think before the big two find some way to track you in spite of VPNs?
"Edit: How is this not already a class-action by some opportunistic lawyers? I don't live in the Land Of The Litigious for nothing, ya know!"
Because both Verizon and AT&T have lawyers of their own, and there's not specific law that states, "Thou shalt not track thy customers."
Alice and Mallory are involved in a menage a trois with Gene behind Bob's back. In the process, Gene stole everyone's private keys behind their backs...
"To be fair, I'm actually quite impressed with BT's FTTC rollout overall. Of course I'd like universal FTTP, but FTTC's a good stepping stone (it puts a fibre node within a few hundred metres of everywhere with FTTC, giving much better service than ADSL without the cost and long wait of individual fibre pulls). "
I may be wrong, but I think the problem with FTTC is that a FTTP setup is a whole other kettle of fish, meaning when you transition to the latter, you basically have to tear nearly everything down again due to the very different equipment involved.
"'You have no right to see me NAKED!'
It wasn't that long ago that you had no right to protect your privacy. There once was a time when ordinary people pretty much had no expectation of privacy because there were eyes and ears enough to spy on everything in the community. Only with the congregation of cities has personal privacy become more feasible. However, the advent of abundant means of surveillance has now shrunk the possible radius of privacy back down nearly to the proverbial "zero space." And it's not just the government or big business driving it. It's the old bane of the village, the snoopy neighbor, putting the nail in the coffin. And since it's you vs. the world, you're going to end up losing.
It's time to face facts. Sooner or later, unless you're one of the uber-elite, you WILL have no expectation of privacy in future.
"So all we need to do is come up with a technology that allows us to screw with gay abandon (or rather, with heterosexual abandon) without having lots of children as a result. That technology was developed in the 1960s, in the form of a pill - perhaps the most important invention in history, and so important it is simply called 'the' pill."
That's assuming (1) women are willing to take the pill, which may not be culturally acceptable and (2) evolution doesn't find a way to subvert the subversion. Some women have become pregnant even with the pill.
"Wherever the pill is available, and women are moderately well educated, to the point of being able to make rational choices rather than be browbeaten by the agents of superstitions exported from the bronze age, fertility rates are below replacement levels. This situation is so widespread that, even with demographic lag, we can expect population to stabilise in the next few decades at around the 10billion mark - well within the carrying capacity of the planet."
I wonder if that's less to do with the pill and more to do with women's lib which makes women voluntarily forgo sex for careers and such. Is there a way to separate the two? Furthermore, where's the evidence that 10 billion humans is still a sustainable population, especially as people seek higher technological levels which increase the per-human total costs of living?
But the presence of such a camp means you can get funding by CHALLENGING such a camp. And if it's EASIER to do that (which if the claim is mostly specious), then why aren't people claiming funding for research that proves his rival wrong?
"Btw you may not realise but Atheism is not believing in religion. It is not a belief but absence of. Like science"
I've said it before: a lack of belief is itself a belief: a belief in nothing. It's the stance that matters, much as a barrel is a barrel whether it is full or not. But the point stands. Unless you're willing to believe that most of the scientific world, regardless of boundaries, is in on a vast conspiracy, you'd have to consider ALL the scientists that research the climate and wonder how a very sizable chunk of them are coming to the same general conclusion, because logic dictates only two possible choices: either they're ALL in on it (and with a conspiracy, size goes against you) or they're all coming to the same conclusions independently, which bolster the cases of everyone else.
" As an example I ask you to walk into any faith building and see what the consensus is and of course they will exclude the daft opinions of those who would be sceptic which is everyone else not of that exclusive version of belief."
I challenge you assumption on this premise: would you get the same consensus from a church, a mosque, a temple, and just about any other place of worship imaginable? I'm just wondering because the breadth of consensus appears to span across national, political, and even economic lines, aligning people who aren't necessarily motivated by money (because they're already state-funded, for example) religion (mainly-secular groups) or politics (the various privately-funded groups).
Lemme put it like this. When have a Catholic, Muslim, Jew, Bhuddist, AND Atheist ever agreed on the same thing at the same time?
"...but unfortunately customers are going to end up paying data rate for PTSN calls (technical term is hosed)."
And this is any different from a SkypeOut or SIP call HOW? In any event, many customers get data allotments in their plans, so this isn't as big a deal as it's being made out to be. Furthermore, this helps hasten the retirement of 2G and eventually 3G circuit-switched networks which frees up their spectrum to use with the more-efficient LTE.
Unless, of course, you just vanished and the identity you used was faked/stolen. Who would know where to track you down...?
PS. It may help in future to employ the "Joke Alert" icon or some kind of Sarcasm Mode indicator. Text just doesn't lend itself well to sarcasm clues.
Be prepared to pay likely $700+ in Early Termination Fees if you try that move. Even if you try to weasel out with an early-out clause, all of them stipulate you turn in the phone as a condition of using that early-out clause. Even T-Mobile isn't stupid. If you cancel one of their un-plans, they bill you for the balance of the phone you were paying in installments.
That would be tough to do considering Disney ALSO owns ABC and ESPN not to mention the Touchstone Pictures label for their non-kiddy content. It's like trying to boycott Walmart. You can try, but odds are you'll be paying more money, wasting gas, or (if no alternative is available) just plain starving.