You *will* be chipped. Whether you like it or not.
-
@acrow said in You *will* be chipped. Whether you like it or not.:
@Gąska said in You *will* be chipped. Whether you like it or not.:
@JBert said in You *will* be chipped. Whether you like it or not.:
@Gąska said in You *will* be chipped. Whether you like it or not.:
@loopback0 so all we have to do is convince the customer base that formally verified security is something they really need!
...Yeah, I can see how that's not happening.
Actually, ISO 9001 is about "quality". Are you thinking of ISO 27001?
I meant 9001. I knew it wasn't exactly on topic, but it was still a good example of companies pouring money down the hole despite not getting anything tangible from it.
You DO get something tangible from it.
You get to be a subcontractor to companies that want to be ISO9001 compliant for whatever reason.I need some word to differentiate snake oil from things with actual value. "Tangible" doesn't work apparently. Any better suggestions?
-
@Gąska said in You *will* be chipped. Whether you like it or not.:
@topspin ISO 9001 costs way more than 5 cents and companies still do it.
Mostly in circumstances where not doing it will cost more (in e.g. lost sales). Lots of potential customers are still under the deluded impression that ISO-9001 certification means that a supplier's product won't be crap.
All it guarantees is that the certificated company paid the auditors enough money and prostitutes to pass the audit.
Err. Sorry, I meant that all it guarantees is that the certificated company produces consistent quality. It can be consistently crap provided that the company can fix the process on those occasions when it glitches and produces good stuff.
But the thing about the prostitutes is worth keeping in mind.
-
@Steve_The_Cynic see above.
-
@acrow said in You *will* be chipped. Whether you like it or not.:
This is, if the coils are exactly identical and aligned just right, they will resonate perfectly, in which case distance gets dropped from the equation, literally. Apparently, distance is only a factor if they are certain un-ideal components in the coil-system already. Someone even made a nice demonstration of this by lighting an 80W bulb via 2 coils across the room.
Apparently, that is. I heard this in passing in university, of which I've been graduated and out for five years already. So don't quote me on that.I'm no electrical engineer, but being able to ignore distance altogether seems very dubious to me.
-
@hungrier I'm also no EE, but I thought RFID et al used near-field effects, which only exist within the distance of a few wavelengths and is why range is so limited.
-
@mott555 That may be the case for passive tags, but there are active RFID tags which (to my layman understanding) are radio transmitters with tens or hundreds of meters of range.
-
@anonymous234
It's like your car insurance. They publish the "real" rate, and then a bunch of line item discounts. But, of course, you (like any sane individual) only really care about the bottom line, and you'll go with whichever company has the best cash-on-the-barrelhead price, and then six months down the road when the Driver We've Never Insured Before 47% discount goes away, you'll have no idea why they're charging so much and this should be illegal!!!
-
@acrow said in You *will* be chipped. Whether you like it or not.:
distance gets dropped from the equation
So... what you're saying is that when ol' Tesla finishes building Wardenclyffe in 2057, he'll be able to indiscriminately read our payment chips and identity information?
@hungrier said in You *will* be chipped. Whether you like it or not.:
seems very dubious to me
Good. We're safe then.
-
@anonymous234 said in You *will* be chipped. Whether you like it or not.:
@tharpa said in You *will* be chipped. Whether you like it or not.:
The last company I worked for had their stated rates for health insurance. Oh, wait, did we forget to mention that there's a $600 surcharge if you smoke? And that you have to prove that you and your spouse (if applicable) don't smoke? How do you do that? You just have to submit a hair sample.
I am pretty sure that's not legal.
You can't advertise something for $100 and then when they're about to buy say "that offer's only valid if you agree to have sex with me".
It's probably not completely legal, but it may not fit all definitions of the word "advertising", either. They didn't publish these rates, exactly, but they did give them to prospective employees upon request.
The humorous example you gave is illegal for different reasons.
-
@anotherusername said in You *will* be chipped. Whether you like it or not.:
@anonymous234 As long as they didn't really forget to mention that the advertised rate was for non-smokers, I think it'd be fine.
They didn't forget. The notification of the surcharge was in a separate place than the statement of the rates. So it wasn't like there was two columns, one for non-smokers, and one for smokers. You would look at the table, see the price, and then find out later about the surcharge.
-
@hungrier said in You *will* be chipped. Whether you like it or not.:
I'm no electrical engineer, but being able to ignore distance altogether seems very dubious to me.
I did study electrical engineering (and thus had my dose of on electromagnetism courses), but it's been a rather long time, and EM is a very strange and complicated field.
AFAIR, "ignore distance altogether" is an exaggeration (maybe true in some first-order approximation or something). What you can do is "focus" the electromagnetic wave. Essentially the total power of the wave over an entire closed surface is constant (ignoring losses, which are very small in air; but not e. g. in water). So if you can prevent the wave from getting wider (and thus spreading out over a bigger surface), its power remains constant no matter the distance. This is the effect that creates "antenna gain".
However there is a theoretical limit to this (a "gaussian beam" I think), which is attained for example by lasers. Even the best-focused laser beam will expand with distance, albeit very slowly.
The problem with this technique when dealing with non-contact cards is that, the more the beam is focused, the less the distance is important but the more you'll have to position your card precisely in the beam or the reader won't see it.
Resonance is more relevant to the amount of power you can transmit between the reader and the RFID chip, which is obviously relevant to range, too, but will only get you that far.
-
@ixvedeusi said in You *will* be chipped. Whether you like it or not.:
@hungrier said in You *will* be chipped. Whether you like it or not.:
I'm no electrical engineer, but being able to ignore distance altogether seems very dubious to me.
I did study electrical engineering (and thus had my dose of on electromagnetism courses), but it's been a rather long time, and EM is a very strange and complicated field.
Which is why I steered well clear of that field, in favor of software and embedded systems engineering. Seemed much more sane. At the time.
@Applied-Mediocrity said in You *will* be chipped. Whether you like it or not.:
@acrow said in You *will* be chipped. Whether you like it or not.:
distance gets dropped from the equation
So... what you're saying is that when ol' Tesla finishes building Wardenclyffe in 2057, he'll be able to indiscriminately read our payment chips and identity information?
Sure, as long as you position the cards just right. Or the tower. But the cards are lighter. Oh, and you need just the right shape of card, too.
-
Why would an injected chip be more secure than a chip in a card that you carry?
Sure, a card can be separated from your body, but both are just as easy to duplicate or intercept, which is far less suspicious than missing a card.... or an arm.
-
@xaade: if the security is done properly, intercepting/duplicating is more difficult than mere theft (think of SSL for example: even if you can eavesdrop an encrypted connection, you can't do much with it). A card can be easily stolen without the owner noticing immediately, while an injected chip can't.
There's also the "convenience" aspect... which makes little sense, unless you have to use readers so frequently it makes a difference. Guess what the people who push those injectable chips have in mind?
-
@acrow Welcome to the forum!
-
@xaade said in You *will* be chipped. Whether you like it or not.:
duplicate or intercept
I believe the idea is that neither of these is possible because the protocols and hardware are, in theory, write-only and resistant to replay attacks. But a card is still susceptible to theft or physical attacks, whereas an embedded chip is significantly harder to pull off such an attack.
-
@sloosecannon said in You *will* be chipped. Whether you like it or not.:
I believe the idea is that neither of these is possible because the protocols and hardware are, in theory, write-only and resistant to replay attacks.
Apparently depends on the tag. If you have a proper tag for use as a key, the reader sends a number of bits, and the card applies some cryptographic function to the bits and returns the result. The key is configurable. But as far as I've been able to tell, not all tags do this, and some of the simpler ones are really just dumb memory. A lot of places apparently also just rely on a per-tag unique ID (and sometimes not-so-unique ID).
-
@cvi said in You *will* be chipped. Whether you like it or not.:
@sloosecannon said in You *will* be chipped. Whether you like it or not.:
I believe the idea is that neither of these is possible because the protocols and hardware are, in theory, write-only and resistant to replay attacks.
Apparently depends on the tag. If you have a proper tag for use as a key, the reader sends a number of bits, and the card applies some cryptographic function to the bits and returns the result. The key is configurable. But as far as I've been able to tell, not all tags do this, and some of the simpler ones are really just dumb memory. A lot of places apparently also just rely on a per-tag unique ID (and sometimes not-so-unique ID).
And if that is used, it's dumb as shit. Embedding one of those is plain idiotic.
So I guess it's probably what I should expect...
-
@cvi: yup, there are different types of contactless tags, from simple memories with little or no security (like those NFC tags you can tap with your smartphone to visit a URL), to full-blown crypto processors with high-end security.
Of course, in theory you would use the later to implement access control to sensitive stuff, not the former. And of course, in practice, the former gets chosen because "it's cheaper".
-
Ol' Dabbsy on the subject:
-
Serendipitous juxtaposition in my Slashdot RSS feed...