tom moody

good discussion of fingerprinting as overrated authentication method

From Naked Capitalism comments:

QuarterBack
April 21, 2017 at 7:30 am

I have worked in information systems security for 30 years, and I have advised that biometric authentication is a bad technology approach. At the end of the day, the digital representation of your biometric data is just a digital token every bit as match as the magnetic stripe data on your card. The big difference is that if your biometric data is compromised, you cannot be issued new biology. [emphasis added --tm] Every biometric marker can be collected without you even knowing (referred to as “non-cooperative” collection) with simple technologies. Once someone has your biometric data, they can authenticate or digitally sign as you. Further, the general consensus of the movie-watching public is (incorrectly) that biometrics are the strongest authentication method, making it more difficult to repudiate.

Biometrics are a good technology for identification, but not for authentication. [good as in efficient, not as in ethically sound --tm] These two security concepts are often conflated. Identication is basically just your username used to reference who you are, whereas authentication is the method of confirming that an identity is who you think it is. Biometric identifiers add convenience in performing the identity step, but add nothing in terms of security any more than your username or email address alone would.

philnc
April 21, 2017 at 8:41 am

Twenty years in IT, over ten in identity management, have allowed me a ring-side seat to this particular circus. We all really want to believe the PowerPoints, but they’ve all fallen short. Most of the discussion has focused on the physical limitations of particular technologies, like the poor quality resolution of past fingerprint scanners, but never reaches the more important practical weaknesses of any single or even two factor concept like that proposed here. As QuarterBack points out, probably the most dangerous aspect of any biometric auth scheme is that the factor (or factors) used cannot be changed (no reissuing as with a new credit account number or digital certificate). Therefore if stolen the only option for the victim is to be forever barred from using that scheme. [emphasis added --tm] And as QB also points out, fingerprints are one of the easiest biometric factors to acquire, without the owner ever knowing about it.

In sum, there are a lot of approaches better than this from an identity management point of view. [such as? --tm] Unfortunately fingerprint scanner tech already has (totally unjustified) cache[t] with a credulous public, and can make a lot of money for manufacturers, so it’s almost certain to show up in force over and over. Here’s hoping it doesn’t take off.

QuarterBack
April 21, 2017 at 10:18 am

Thanks philnc. BTW, for a real life example of the problem of using non-revocable identification factors for authentication, look no further than the history of using social security numbers for this purpose. In the past, “what is your social security number?” was a common method of authenticating. That did not work out so well, because SSN was too easy to acquire. Also, as many (unfortunately) may know, that when your SSN is compromised, it initiates a cascade of subsequent problems. Even then, in extreme circumstances, you can get a new SSN, but good luck with that. I have to say, that it boggles my mind that many organizations (including banks) still use last-4 of SSN for authentication (someone might steal you SSN, but the last-4 is MUCH more secure?).

Another problem with biometrics for identification, is that unchangeable identifier can be used (by anyone with knowledge of it) to track or monitor you forever. If your identity (say a username or account number) is compromised, you could always get another one. I recommend compartmentalizing identifiers in many cases on a system by system basis. Governments will always have some ability to stitch these separate identifiers together, but you don’t want just any grifter or hedge fund player to be able to monitor you.

- tom moody

April 21st, 2017 at 10:57 am

Posted in computers-R-stupid

awning repair (midtown)

awning

- tom moody

April 21st, 2017 at 9:14 am

Posted in photos - cell

the case for trust-busting (and why it might not apply to Silicon Valley)

Matt Stoller argues against current Silicon Valley monopolies not because they concentrate power into the hands of a few knuckleheads but because they stifle innovation, whatever that means at this point (he adopts this frame because he is writing for Business Insider -- in his youth he was a blogger for Open Left, a platform where "good tech" was a means to a political end and not an end in itself). He gives a short history of circumstances where trust-busting led to, let's call it positive technological change:

In 1956, a Republican administration and AT&T signed a consent decree forbidding AT&T from competing in any but common carrier communications services. The decree also forced AT&T to license its patents in a non-discriminatory manner to all comers.

One of those patents was for something called the transistor, which two small companies — Texas Instruments and Motorola — would commercialize.

In the 1960s and 1970s, an antitrust suit against IBM caused the company to unbundle its hardware and software, leading to the creation of the American software industry. It treated suppliers for its new personal computing business with kid gloves, including a small company called Micro-Soft. In the 1990s, a suit against Microsoft allowed another startup named Google to offer an innovative search engine and ad business without fear that Microsoft would use its control of the browser to strangle it.

The great business historian Alfred Chandler, in his book on the electronic century, called antitrust regulators the "Gods" of creation. Antitrust was originally understood as a uniquely American "charter of economic liberty".

But there hasn't been a Sherman Act Section 2 anti-monopolization case for 15 years. And the anti-merger Clayton Act is not being enforced. Neither Bush, nor Obama, nor Trump (so far), has seen fit to stop the monopolists from buying their way into dominance and blocking innovation.

His conclusion is suspect, however:

It is time for leaders in Silicon Valley to start demanding from our government the birthright of every American, which is an open market for commerce, innovation, and personal liberty.

It is time to demand antitrust, so that what once were innovative upstarts, and are now Kings, do not stop the next wave of innovation. Then there will be so much more to invest in, so much more to invent, and so much more to actually create.

That's like saying Bell Telephone should have led the demand to become Baby Bells. It's the disempowered who exert the pressure, not the overlords, by means of organized resistance, boycotts and counter-education. Stoller's analogies break down in the case of Silicon Valley, because crap like Amazon and Facebook is actually hugely popular. To think about breaking them up, you would have to also be thinking about changing your behavior -- throwing away your iPhone and not using Amazon to shop. And there's the rub -- consumers are too addicted to do that.
It's hard to see anything other than infrastructure collapse or societal breakdown causing a change in the Silicon Valley style of monopolistic stranglehold. Even if the internet becomes two-tiered due to cable company pressure, people won't feel it enough to protest if they are using one or two companies to do everything "online."

- tom moody

April 21st, 2017 at 9:13 am

Posted in computers-R-stupid

kraf and florian

Label misprint of Kraftwerk's Ralf & Florian LP (1975), via Discogs:

kraf_and_florian

You know, Kraf & Florian, those German techno dudes. I actually own the misprinted version (purchased from a cutout bin) and either forgot or never noticed the error until yesterday. Here are some scans from Discogs of the outer sleeve of some other owner's slightly soiled copy:

ralf_and_florian_sleeve

ralf_and_florian_sleeve_back

This was back when they had hair, and were relaxed and having a good time, before the addition of two percussionists and the pose of ultimate robotic regimentation that commenced with Trans Europe Express and The Man Machine and still hasn't ended. Members have come and gone, like replaceable parts (including Florian) so now it's just Ralf Hütter and some substitutes -- the MOMA-ready incarnation of the band.

- tom moody

April 19th, 2017 at 10:05 am

Posted in music - others

him bomb good

Some choice bits from Antiwar.com's Justin Raimondo on our deranged commentary class (edited slightly for the post-Snowden landscape):

[T]he minute [Trump] starts bombing foreigners he’s suddenly not so bad after all. Over at the Washington Post, David Ignatius ... says he’s “becoming a credible foreign policy leader.” Ruth Marcus opines that we’re witnessing “the normalization of Donald Trump.” Finally, she enthuses, “rationality is dawning” on the forty-fifth President! Among the liberal elite, the hosannas were well nigh universal.

And

Fareed Zakaria’s joy over the bombing seemed to indicate that, for him, it was practically an erotic experience. And this weird bloodlust wasn’t limited to the liberal precincts of the commentariat – far from it. When we dropped the MOAB on Afghanistan, Kimberly Guilfoyle practically had an orgasm over at Fox News. Sitting there in her low cut red dress, her breasts heaving with passion, her lips parted, and an ecstatic smile plastered on her heavily made-up face, she hailed the bombing as if it were the climax – so to speak – of a pornographic movie: “America is back!” Oh, yeeeesssss!!!!

Just to keep some balance here, Fareed Zakaria's breasts were also heaving.

- tom moody

April 19th, 2017 at 10:05 am

Posted in around the web

LP and commentary

deeppurple

deeppurple_label

Images and commentary via Discogs:

drunk_DP2

- tom moody

April 18th, 2017 at 11:37 am

around the web

Ex-Billmon commenter-turned-blogger "b." at Moon of Alabama offers detailed, generally plausible counter-narratives to the media's insidious fictions of the moment. One such popular trope is "North Koreans are so cra-a-a-azy." Perhaps, b. suggests, the threat of imminent invasion from the South, egged on by you-know-who (us), forces the North to commit so much labor to the military that they are starving for lack of farm hands. Having a credible nuclear deterrent allows them to build their civilian economy, in particular, food production. That's not so crazy.

Clintonite crazies (speaking of crazies) have been huffing and HuffPo-ing about Steve Bannon as the next Goebbels, pumping this Breitbart amateur up to superpowered levels of Machiavellian skill. Ian Welsh suggests some of Bannon's nativist schtick wasn't such a bad thing, and with him out, the neocons and neolibs are rushing in: "He was the guy, along with Trump on the campaign trail, who wanted the Muslim ban, aye. But he also favored rewriting trade deals, hitting China on manufacturing (it is true that China no longer keeps its currency low, but they did for ages and gutted US manufacturing), bringing those jobs back to America, improving relations with Russia, and, oh yeah, not getting involved in stupid Middle Eastern wars other than fighting ISIS."

Benjamin Studebaker has a Political Strategy for a Better Europe that sounds wrong to me: "In this way we can partner the integrationist and protectionist lefts together -- by pairing a genuine threat of exit in the periphery with a strong push for federalism in the core, we can split the neoliberals off from the right nationalists in the core countries and force them into making concessions. What the left needs is a good cop, bad cop routine, where the British, French, Dutch, and German leftists are the good cops and the Greek, Italian, Spanish, and Portuguese leftists are the bad cops." You'll have to read the whole post to make sense of that excerpt but surely he has this backward: his "bad cops" have everything to lose by acting up; it's leftists in the fat and sassy countries who should be causing trouble (and making alliances with nativists, even) to thwart the globalist leeches.

- tom moody

April 18th, 2017 at 11:37 am

Posted in around the web

censorship, 1970s-style

Going through the Discogs database recalled this racy LP cover (how could anyone forget this?):

R-7510479-1448134551-4775

That was briefly in stores in the US, but by the end of the year (1974) the "censored version" appeared:

R-1490978-1223717686

Kind of eerie! If you're concerned about a transgressive female image, don't use half-measures. Just show some trees. This was decades before the erased-in-Photoshop genre appeared (e.g. removing the victims of the Kent State shooting using the "clone tool") so it seems almost presciently eerie.

- tom moody

April 17th, 2017 at 10:32 am

sorkinthink loses elections

The concluding paragraphs of a Current Affairs essay on the grip a still-popular TV show (that I never managed to watch) has on Clintonite Dems:

Through its idealized rendering of American politics and its institutions, The West Wing offers a comforting avenue of escape from the grim and often dystopian reality of the present. If the show, despite its age, has continued to find favor and relevance among liberals, Democrats, and assorted Beltway acolytes alike, it is because it reflects and affirms their worldview with greater fidelity and catharsis than any of its contemporaries.

But if anything gives that worldview pause, it should be the events of the past eight years. Liberals got a real life Josiah Bartlet in the figure of Barack Obama, a charismatic and stylish politician elected on a populist wave. But Obama’s soaring speeches, quintessentially presidential affect, and deference to procedure did little to fundamentally improve the country or prevent his Republican rivals from storming the Congressional barricades at their first opportunity. Confronted by a mercurial TV personality bent on transgressing every norm and truism of Beltway thinking, Democrats responded by exhaustively informing voters of his indecency and hypocrisy, attempting to destroy him countless times with his own logic, but ultimately leaving him completely intact. They smugly taxonomized as “smart” and “dumb” the very electorate they needed to win over, and retreated into an ideological fever dream in which political success doesn’t come from organizing and building power, but from having the most polished arguments and the most detailed policy statements. If you can just crush Trump in the debates, as Bartlet did to Richie, then you’ve won. (That’s not an exaggeration of the worldview. Ezra Klein published an article entitled “Hillary Clinton’s 3 debate performances left the Trump campaign in ruins,” which entirely eliminated the distinction between what happens in debates and what happens in campaigns. The belief that politics is about argument rather than power is likely a symptom of a Democratic politics increasingly incubated in the Ivy League rather than the labor movement.)

Now, facing defeat and political crisis, the overwhelming liberal instinct has not been self-reflection but a further retreat into fantasy and orthodoxy. Like viewers at the climax of The West Wing’s original run, they sit waiting for the decisive gestures and gratifying crescendos of a series finale, only to find their favorite plotlines and characters meandering without resolution. Shockingly, life is not a television program, and Aaron Sorkin doesn’t get to write the ending.

The West Wing is many things: a uniquely popular and lavish effort in prestige TV; an often crisply-written drama; a fictionalized paean to Beltway liberalism’s foundational precepts; a wonkish celebration of institutions and processes; an exquisitely-tailored piece of political fanfiction.

But, in 2017, it is foremost a series of glittering illusions to be abandoned.

- tom moody

April 17th, 2017 at 10:14 am

Posted in general

response

red3

- tom moody

April 12th, 2017 at 1:09 pm