Well, daily standup (or end of day.. ) I actually do like, as long as they are _actually_ short.. it's more the "stuff that just came up" type stuff I'm talking about.

To be honest, I find a pending meeting to be a bit distracting, and kind of find it annoying when people do exactly that. You've already interrupted me to tell me about the meeting (even if electronically), and now I'm going to be distracted thinking about it until it happens. May as well just ask your question now and get it over with the way I see it.

Different things for different folks I guess.

Amazed that neither the GPL nor the legal uncertainties surrounding BSD at the time (hey, remember those days!) were really focused on, but meh. I think like everything else that became wildly popular in spite of plenty of seemingly equivalent or better alternatives, it just came down to dumb luck and momentum.

Somehow Linux got the ball rolling, people gathered around it, it gained steam, and here we are.

And I'll add, if it's your idea to create an anonymous but secure connection using PKI to send your biometric identity, that's no better than a password. Infact, it's worse than a password, because (as was the original point), all it takes is your super secret biometric identity to be compromised once, at which point your screwed.

Yes, but how do you validate that the public key I send you is actually my public key? You have to already have it or it has to be stores somewhere that the other party trusts, bringing us right back to our original problem.

PKI lets two parties communicate securely without having ever spoken, and it lets one party validate that something was actually sent by another party _if they have the other parties public key and can trust it_.

Biometrics doesn't add anything useful to this equation that I see. Sure you can use some biometric information as a private key and generate a public key, but what does that give you over using some random number to generate a public key. It still comes down to the party at the other end having that public key and being reasonably sure it's yours.

Sure, but how do they apply to confirming an identity and not a capability.

Maybe I'm too thick to get it, but I can't see how say, a bank, can validate that you are who you say you are without at least knowing _something_ about you that you can than verify through whatever means.

Right, but there has to be a public key involved at some point.

As with DRM, if the thing that decides if you are valid can be in your hands (so to speak), you may as well assume it will be compromised.

There's no way I can think of to pass on a piece of information describing yourself to another party without that party having to know that information already to validate it, and if they do, it can be stolen and replayed.

I can kinda see the appeal of an implanted device, but yeah, there's no reason such a system couldn't be a fob you carry around with you (or somewhat unfortunately more likely, baked into your phone).

Assuming it was based on current public key encryption, even if broken an attacker would still need to harvest private keys from users to make use of it. That's gonna require special equipment (portable reader of some kind) and time.

Sure, damage would be done, but it wouldn't be the apocalypse. I suspect you'd see less impact than you do with current CC theft. AES being broken would be a far bigger deal on the internet where it would be much easier to apply the attack in a wide spread manner.

The problem with this, and biometrics in general, is that there is only one you.

You can't revoke your "vein pattern" any more than you can revoke your fingerprint. Using your same biometric information for everything has the same pitfalls as using the same password for everything, and you are just one sketchy gas station away from someone getting a copy.

If you are going to implant something, why not implant a challenge/response system with a public/private key and strong cryptography, like you know, we've been doing on the internet with a good amount of success. A random very large number is just as good as any biometric information, and at least you can change it.

Privacy isn't of great concern to many. It's not even an issue of comprehension. There are people who understand the privacy implications of things like facebook, but still happily participate because the social aspects are more appealing to them.

Social media in general has caught on because a great many people _want_ to share everything about themselves to everyone. Sites like what you linked to do a fairly poor job of convincing such people because they:

- Tend to focus on unrelatable things (like oppression in other countries, or oppression of people at home they can't personally relate to).
- Are written from an opposite viewpoint where privacy is just automatically an important thing that everyone should want. If social media has shown us anything, it's not to many people. The FSF is at the forefront of this too. When you write a blathering piece where you just assume your position from the beginning, people who don't already agree just roll their eyes, and the only ones you convince are those who already agreed.
- Not the case here, but often times focus on rare events where some shared information is used against them.

Very least, going as far as running a server at home, even one that's basically a pre-configured appliance, is a fairly extreme step for most non-geeks to take unless you can make a really compelling argument that doesn't involve dystopian futures and acid mines.

I get that NAT isn't a firewall, but I think it makes a nice second layer.

Lets say I'm using shorewall, and for whatever reason I break my config and don't notice.

Consider: (big bad internet) -- (broken shorewall + nat) -- (internal boxes)

Suddenly you can't get to anything I was forwarding (which I'll probably notice) and yes there are probably effective attacks to get at my internal boxes through the nat, but at least it's not wide open as I imagine it would be in a configuration without nat.

It's compelling arguments like that which will surely convince people to give a shit about ipv6.

I doubt they'll go this route, but what would make sense to me would be to give customers the option to request a direct connection.

Between cell phones and people who have no interest in running a server (even unintentionally), there's probably only a small portion of people out there who really need a direct connection, and there are probably plenty of IPs to support them if you put everyone else on CGN.