krrose27 - Slashdot User

Canadian Mint To Create Digital Currency 298

Posted by samzenpus on Wednesday April 11, 2012 @09:19PM from the no-coins-for-you dept.

Oldcynic writes "The Canadian mint has allowed 500 developers to enter a contest to create a new digital currency. The currency would allow micro payments using electronic devices. From the article: 'Less than a week after the government announced the penny’s impending death, the Mint quietly unveiled its digital currency called MintChip. Still in the research and development phase, MintChip will ultimately let people pay each other directly using smartphones, USB sticks, computers, tablets and clouds. The digital currency will be anonymous and good for small transactions — just like cash, the Mint says. To make sure its technology meets the gold standard in a world where digital transactions are gaining steam, the Mint is holding a contest for software developers to create applications using the MintChip.'" It looks like the Canadian Mint might have a bit of Sweden envy.

Comment Re:Requires self-signed applet with full privilege (Score 1) 86

by krrose27 on Monday April 09, 2012 @03:38AM (#39616919) Attached to: Scientists Release Working Prototype Of CAPTCHA-Based Password Assistant

A security researcher asking people to blindly trust strangers........

IMO they really aren't. As it is uploaded unobfusacated and anyone can download it. It then takes 2 seconds to drop it in to the one of many java decompilers and you can read it yourself.

Who can blame them for not spending a couple of hundred dollars on a sining cert? I can't for a proof of concept.

If end users are expected to decompile the code and inspect it every time it downloads (or updates) then this isn't a solution for the +99% of internet users who don't know Java. As for me, I'd rather spend the little extra time typing in a second password without this CAPTCHA scheme and not decompiling & inspecting code.

My point is that this is a proof of concept. For some reason people are irrationally flipping out (imo). When the fact is they could have distributed it in a desktop launchable (just the jar) form (requiring more user work(executing a command and or more complicated.. java != your friend) and people would never see any code signing issue. The fact is that to make it easier you get a warning since they don't want to shell out hundreds for a proof of concept. Can you blame them? My statement was more of a blanket that they aren't trying to hide anything. Since they chose to deliver it in the fashion they did everyone flipped out. As a java dev I see where they are coming from and wanted to make the point that they aren't doing anything fishy and could be easily checked on. Just logical.

Slashdot Top Deals