I don't dispute that they may have been grossly incompetent. But that doesn't change the fact that the idea is fundamentally unsound, if for no other reason than that there are vastly too many things that could go wrong. (Among them, things that don't accidentally go wrong but which someone can make go wrong.)

I agree with that line in the report, on all 3 counts:

> If they've done nothing wrong, they have nothing to worry about.

Are you kidding? The whole point of this is that you can have ALL of your stuff taken without the slightest hint you've done anything wrong. That's the whole point of this "due process" thing. It ensures that there is actually a reason to mess with you.

They can take your stuff and never give it back and they don't even have to try to prosecute you or anything.

You just lose your stuff and have to deal with all of the nice fallout of that.

Chances are, it will be a COMPUTER that spits out an audit request to trigger all nonsense.

Think automated DMCA takedown.

BTW, your attitude is how the really heinous stuff can happen. All of this bogus "it can't happen to me" or "it can only happen to the bad people" enables things like the purges of Stalin and Hitler's various atrocities. (our own japanese internment camps too btw)

The maximum hit from a credit card fraud is $50. However, most people have more than one card. So you have to consider that your total potential liability from a credit card theft is n($50) where n is the number of cards you have.

That can easily go into the hundreds perhaps even the thousands.

So the risk associated with a single breach of all of your credit cards is really no better than you getting mugged while having a fat wallet full of cash.

Yes, this much is obvious.

I stipulated before we got into that discussion that we were discussing ONLY Spencer's experiment, nothing else. You agreed to that condition. And now, you're violating it by extrapolating my comments to a completely different context. Which is no surprise to me at all. And it is equally of no interest to me, except where you distort my meaning by using my words out of context.

Hahahaha. I have already stated my reasons, so let's be clear: I already know the answer to the problem, and that answer is supported by multiple textooks and experts in the field. So please explain to me what possible motivation I might have to bother, much less bet, Prof. Cox about it?

As I wrote earlier, if you feel you would like to make such a bet, go ahead. If I had been "afraid" of what you would find, I would not have encouraged you to do so. I just have zero reason to do it myself.

If I were a "real skeptic", I would have researched the real answer to this problem. But wait... I actually did! Unlike you, who found some equation for "electrical heating power" which applies to a space that is air-filled and subject to conduction and convection, I looked up the actual power equations for a vacuum-filled space with only radiant heat transfer.

Spencer's experiment is not "atmospheric radiation". It involves a vacuum.

The rest of your comment is similar irrelevant straw-man fluff, attempting to support your fallacy.

One hack can compromise the credit cards for MILLIONS of people.

"Hacking your wallet" requires a particular person to target you specifically and physically.

In order to do as much damage as a single credit card breach can, everyone in New York City would have to be the victim of a pickpocket at the same time. The great thing about computing is automation. You can fuck up on a grand scale really quickly and really easily.

What choice did he have? That's a serious question. As others have pointed out, look at what was done to Assange and Manning.

Even if he didn't care about getting punished, as a government captive he would not have been able to keep supplying more of the information he had gathered.

And who would YOU give it to? Let's get real here. Anybody inside the U.S. who had it was likely to be arrested and confined.

I mean seriously. You aren't looking at ANYTHING from his point of view. As an actual, practical matter, what he did was completely sensible and rational.

They don't call him a Chinese Patriot or a Russian Patriot. They call him an American Patriot. And rightly so.

You don't seem to be asking yourself why an American Patriot (and we have plenty of evidence he is) had to flee to China and then Russia.

Ask yourself that. Give it some genuine, deep thought. Then get back to us.

NFC is usually ON by default. You have to have something resembling a clue in order to turn it off.

If NFC is off on a phone it's not because "someone couldn't figure it out".

> Yup, multiple credit cards have been able to survive over the long term.

Yes. And multiple credit cards have also died out and been pushed out of the market.

Although the situation now seems pretty stagnant and has been for awhile. Your lack of awareness for the dead alternatives seems to confirm this.

NO, it is not. It is a terrible idea. There are many reasons why:

First off, it's based on a premise that is known to be broken: a "web of trust". We already have a very good example of that type of system failing, and failing big time: SSL Certificates.

SSL Certificates are a web authentication scheme that depend on Certificate Authorities (CAs) to certify that a particular site is legitimate and unique. So far so good. BUT... then a number of problems arose that should be harsh lessons.

[1] Some CAs sold multiple certificates to the same domain name... a definite no-no.

[2] Some CAs (even some of the same CAs as above) sold multiple identical certificates to different parties. This is not just a no-no but it completely breaks the whole scheme.

[3] In a web audit done a couple of years ago, security firms found that as many as 80% of existing SSL Certificates were installed improperly. For example, being installed on a subdomain when it should be installed on the main domain name.

The upshot is: the CA system is largely (but not completely ) a failure. AND this is the important thing: it hasn't failed because it was badly designed, these failures are all human error. (Including, as in point 2, intentional or fraudulent "error".) So what it boils down to is: the people you are supposed to trust in this "web of trust" have proven to be untrustworthy.

NSTIC is trying to build an authentication system based on this same basic model: a "web of trust". You are supposed to trust the "authority" responsible for verifying that authentication. We have seen with SSLs how that kind of system can badly fall down. And in this case it's even worse, because the "authority" you are supposed to trust is the government itself.

When was the last time you knew the people in your government to be worthy of that kind of trust? You've got Eric Holder, the EPA, FCC, FAA all making intrusive and even blatantly illegal regulations. And despite what NSTIC claims, this basically amounts to a kind of "national ID".

I would never cooperate with such a system, either in the sites I build, or as an individual surfing the web.

Also, you say it might be a good system "if done right". When was the last time you knew of government doing something like this right?

Sure: an ObamaCare website that cost nearly $400 Million and is still down a lot. (I am aware the govt. claims that money was not spent on the website, but in fact if you trace the contracts, almost all of it was.)

I dunno about this. I think I'll move along to the next article now.

The latter. Even if the fan can stand brief immersion, it probably isn't suitable for something that is exposed to water jets.

So the ideal system would probably be something like this:

[1] Water blocks on CPU and GPU, and possibly another air-water heat exchanger somewhere internally to keep the internal ambient temperature down.

[2] At least one internal fan to circulate the air, keeping for example the memory modules (which should have large heat sinks) cool.

[3] The coolant goes to an exchanger attached to a large external heat sink which is sufficient to passively cool the system in dry air. Ideally the heat sink fins would be oriented vertically to take advantage of convection, as well as shedding water properly. Then you're covered if the water is intermittent, or just not there. if water does come along, so much the better.

Are you trying to cheap this off or do it right?

If you're going cheap, put it in an ammo box. Force through it with a duct fan, I'd weld flanges onto the box (since I've got my MIG up and running now) to attach the up and down pipes. This solves your air circulation problems to the point that you might not even need fans in the box. Ammunition cases have rubber seals. You may have to inspect the boxes carefully to find one with a good seal. You'll still need a drain as well, and it should have a long hose attached to prevent spray, and a restrictor to prevent bugs.

If you can do anything you want, water cool it and make a water block to go on the outside of a truly well-sealed box. Monitor the temps in the box and run seti, folding@home etc for heat if necessary.

Or, how about a waterproof enclosure which can't handle direct spray inside of a bigger box with drains which will deflect it? That's how cars work. It's remarkably effective