Draw On Google Maps

After playing with the Google Maps API, I learnt a few things:

• Latitude and longitude of my whereabouts. Find yours by dragging the map or clicking the arrows, and then double-click your target.
• My usual walk to the MTR station along the red path is healthier. (No red path for Internet Explorer because I don't like adding strange stuff. Get Firefox, please.)
• Satellite has two l's.

Google Maps Is Almost Here

I'm unimaginative;

and they adventure;

and we (involuntarily) fear;

and everyone blogs.

Un-official Is Always Sweet

I will probably go if the museums have some love.

When Content Is Not King

Devoid of Content (via angiemckaig.com).

Btw, New York Times Link Generatior rocks.

Banks Lose The Money But You Are The Victim

Bruce Schneier clarifies:

Fraudulent transactions have nothing to do with the legitimate account holders. Criminals impersonate legitimate users to financial intuitions. That means that any solution can't involve the account holders. That leaves only one reasonable answer: financial intuitions need to be liable for fraudulent transactions. They need to be liable for sending erroneous information to credit bureaus based on fraudulent transactions.

They can't claim that the user must keep his password secure or his machine virus free. They can't require the user to monitor his accounts for fraudulent activity, or his credit reports for fraudulently obtained credit cards. Those aren't reasonable requirements for most users. The bank must be made responsible, regardless of what the user does.

If you think this won't work, look at credit cards. Credit card companies are liable for all but the first $50 of fraudulent transactions. They're not hurting for business; and they're not drowning in fraud, either. They've developed and fielded an array of security technologies designed to detect and prevent fraudulent transactions. They've pushed most of the actual costs onto the merchants. And almost no security centers around trying to authenticate the cardholder.

That's an important lesson. Identity theft solutions focus much too much on authenticating the person. Whether it's two-factor authentication, ID cards, biometrics, or whatever, there's a widespread myth that authenticating the person is the way to prevent these crimes. But once you understand that the problem is fraudulent transactions, you quickly realize that authenticating the person isn't the way to proceed.

Again, think about credit cards. Store clerks barely verify signatures when people use cards. People can use credit cards to buy things by mail, phone, or Internet, where no one verifies the signature or even that you have possession of the card. Even worse, no credit card company mandates secure storage requirements for credit cards. They don't demand that cardholders secure their wallets in any particular way. Credit card companies simply don't worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction.

Meanwhile, we're spending on Two-factor Authentication for Internet Banking.