×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sound-Based System Promises Chipless Phone Payment

timothy posted more than 2 years ago | from the how-many-baud-on-that-thing? dept.

Cellphones 186

CWmike writes "While near-field communication gradually emerges to turn mobile phones into payment devices, startup Naratte is introducing a system it claims can do roughly the same thing without adding a chip to the handset. On Monday, Naratte introduced Zoosh, a technology that lets phones exchange transaction information via inaudible sound waves. As with NFC, the phone user would just put the phone near to a point-of-sale terminal to redeem a coupon or make a purchase. NFC provides short-range radio communication between phones and point-of-sale devices so users can just tap or point their phones at the device to make a purchase. NFC uses specialized chips, which are already built into a few phones such as the Google Nexus S sold by Sprint Nextel, and are expected in more handsets in the future. Zoosh involves software that utilizes the speaker and microphone in a handset to send and receive audio signals with another device, similar to the way early modems exchange data by sending tones through the handsets of desk phones cradled in coupler devices. The company has posted a video that shows how it works. Between this and barcodes (which Starbucks says is working well already, thank you very much), is NFC already irrelevant?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

186 comments

Inaudible to people, perhaps.. (2)

intellitech (1912116) | more than 2 years ago | (#36508076)

But I bet a microphone could still pick it up..

And, on a side note, this is oddly reminiscent of Phreaking [wikipedia.org] .. Payments with tones and all.. even if they are "inaudible."

Re:Inaudible to people, perhaps.. (4, Informative)

gehrehmee (16338) | more than 2 years ago | (#36508096)

Doesn't mean replaying it would get you anything, if it's cryptographically sound.

Re:Inaudible to people, perhaps.. (0)

Anonymous Coward | more than 2 years ago | (#36508140)

true but its easier to pick up arbitrary sound waves than it is radio waves. for people who don't know what they're doing, thats half the battle.

Re:Inaudible to people, perhaps.. (1)

MobileTatsu-NJG (946591) | more than 2 years ago | (#36508230)

true but its easier to pick up arbitrary sound waves than it is radio waves.

Heh. No it's not.

"Um, excuse me, get that microphone out of my face."

Re:Inaudible to people, perhaps.. (1)

xanadu-xtroot.com (450073) | more than 2 years ago | (#36509194)

Heh. No it's not. "Um, excuse me, get that microphone out of my face."

OH!

So they have little gnomes inside the quarterback's helmets so their voice can be picked up calling plays ON THE FIELD to be broadcast on TV? Cool. I gotta order me a couple microphone holding mini-gnomes. Maybe I could finally find out the things my wife tells her mom...


M.

Re:Inaudible to people, perhaps.. (1)

Anonymous Coward | more than 2 years ago | (#36509414)

It's probably easier to pick up the RF, since there will be way more background noise with the sound waves at a distance than with the RF frequencies. A Pringles can and some wire would be more discreet than a long distance microphone with a parabolic reflector.

Re:Inaudible to people, perhaps.. (2)

dbIII (701233) | more than 2 years ago | (#36508566)

Doesn't mean replaying it would get you anything, if it's cryptographically sound.

It had better be. We don't want any chipless phishing.

Re:Inaudible to people, perhaps.. (2)

mspeedie (186600) | more than 2 years ago | (#36508788)

Correct, phish with out chips is just half a meal!

Re:Inaudible to people, perhaps.. (1)

WidgetGuy (1233314) | more than 2 years ago | (#36508964)

And hardly worth the effort if there's not plenty of malt vinegar on hand!

Damn! Now I'm Jonesin' for fish and chips. It's nearly midnight. Oh, well, this is off-topic anyhow. Reset!

Re:Inaudible to people, perhaps.. (0)

Anonymous Coward | more than 2 years ago | (#36509890)

it still sucks. you have to press a button and open an app, nfc chips can stay dormant and turn on when in range.
 
also, barcodes work, but they've been sent over sms for more than a decade. they just happen to be not so convinient as a credit card. really, the simplest solution would just have a credit card slot in your phone.

Re:Inaudible to people, perhaps.. (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#36508186)

If a microphone couldn't pick it up, the system wouldn't work. Unless the designers are unbelievable morons, they will presumably keep in mind that the carrier is trivially sniff-able and encrypt the link.

Re:Inaudible to people, perhaps.. (0)

Anonymous Coward | more than 2 years ago | (#36509854)

Just place fake emitters nearby, and have the user hold the phone very close to the real one. Any sniffer would have to be closer to the real one than the fakes to pick out the signal from noise.

Re:Inaudible to people, perhaps.. (3, Informative)

c0lo (1497653) | more than 2 years ago | (#36508324)

But I bet a microphone could still pick it up..

I don't know... might work better than radio waves - the attenuation of RF in air might not beat the attenuation of sound waves. The higher the frequency, the higher the attenuation [npl.co.uk] of the ultrasound in air (dry air: 0.6 dB/m at 50 kHz, 1.8 dB/m at 100 kHz). Add some directional elements, use a small emitting power and what's not in direct line of emission might be drowned by noise at a distance of 0.1-1m.

And, on a side note, this is oddly reminiscent of Phreaking

Hmmm... yes, but I think in this case the danger will come from rogue bats flying around that pay terminal (hold you fire, it's just a lame joke)

Re:Inaudible to people, perhaps.. (3, Informative)

adolf (21054) | more than 2 years ago | (#36508672)

dry air: 0.6 dB/m at 50 kHz, 1.8 dB/m at 100 kHz

No. Sound is not so linear as that. You cannot take a chart that says sound is attenuated by 1800dB at 1km and simply divide by 1000 to get the attenuation at 1m.

Remember inverse-square law: Check it out. [gsu.edu] (And more here [sengpielaudio.com] .)

All that aside: The simplified rule of thumb for sound at audible frequencies, for a spherical waveform (such as that emitted by a phone), is that sound falls off at a rate of 6dB for each doubling of distance.

So, if you're making noise that measures 80dB@10cm, you get the following results at these increasing distances:

74dB@20cm
68dB@40cm
62dB@80cm

etc.

And we only care about frequencies in the audible range, despite the implication in TFS, or it will be completely unable to work with existing phones (which is the main point of the thing to begin with). To wit: Combine Nyquist theory with the shitty analog electronics and 48KHz (at best!) ADC/DAC in a phone, and the resultant system must be either audible to a sufficiently-close non-damaged human ear, or else be completely non-functional.

So, there's no point in even discussing how well the thing might behave at 50 or 100KHz, because that's never going to work with existing phones.

And the whole argument is moot, anyway: The transport layer for this sort of payment system, whether RFID or barcodes or acoustic signalling or Bluetooth or avian carrier, will be recordable by a sufficiently-motivated and clever person. It therefore must have strong security (whether cryptographic or otherwise), or it will fail and be exploited. And if it does have strong security, it doesn't matter if it's recordable or not, since any recovered data will be useless to the eavesdropping party.

Re:Inaudible to people, perhaps.. (2)

c0lo (1497653) | more than 2 years ago | (#36509070)

All that aside: The simplified rule of thumb for sound at audible frequencies, for a spherical waveform (such as that emitted by a phone), is that sound falls off at a rate of 6dB for each doubling of distance.

With directional elements, the wave-front is no longer spherical - assuming a beam (plane-wave front), the exponential attenuation (due to absorption) holds.
But, you are right for the back-scattered sound - this will degrade much faster not only because of the absorption, but also because it won't be an almost planar wave-front anymore.

And we only care about frequencies in the audible range, despite the implication in TFS, or it will be completely unable to work with existing phones (which is the main point of the thing to begin with). To wit: Combine Nyquist theory with the shitty analog electronics and 48KHz (at best!) ADC/DAC in a phone, and the resultant system must be either audible to a sufficiently-close non-damaged human ear, or else be completely non-functional.

The human ear is able to pick up to 20 kHz [wikipedia.org] , and people over 40 are able to hear at most 16-18 kHz (if ever). This is why 22 kHz is meant to be the absolute upper frequency to digitally encode on an Audio CD and thus 44 kHz the maximum sampling rate required for "absolute audiophile perfection".
All the above as an estimation for what frequency a ADC/DAC in a smart phone can be capable of: my guess - an upper limit of 30-36 kHz. Given the amount of information that a NFP requires (hundreds of bytes, including an encryption key), the fact that tone encoding is not sensitive to amplitude/power variations, the fact that directionality of sound is easier to implement than in RF, the band between 20 to 30 kHz may be just enough to implement the NFP with a better protection for eavesdropping than using radio. This will raise the cost for the eavesdropping party, thus requiring a higher level of motivation than a near-field type of payments usually offer - most of the NFP services I know are capped to $50-$100/payment.

It therefore must have strong security (whether cryptographic or otherwise), or it will fail and be exploited. And if it does have strong security, it doesn't matter if it's recordable or not, since any recovered data will be useless to the eavesdropping party.

I don't argue with that. It is only a (almost academic) discussion which transport can be implemented cheaper: I argue that the acoustic one may be the one - but I'm not sure.

Re:Inaudible to people, perhaps.. (1)

adolf (21054) | more than 2 years ago | (#36509490)

With directional elements, the wave-front is no longer spherical - assuming a beam (plane-wave front), the exponential attenuation (due to absorption) holds.

With a best-case cylindrical waveform, the rule of thumb slides to 3dB per doubling of distance.

And so what? Phones aren't made with directional elements. They don't emit cylindrical waveforms. There's one or more little electret mics, and an earspeaker that each operate through a small hole. These arrangements are not things that are known for their superb directionality, but rather the opposite.

Often, there's also a small loudspeaker (used for speakerphone, ringer, etc) which is also not designed to be directional (so you can, you know, hear it ring).

And it doesn't matter. I'll repeat it again: TFA is about hardware that exists today. And today's hardware doesn't work in the way that you're going on about.

If we're going to go about changing the hardware to fit, then the concept described in TFA loses its merit over other technologies.

The human ear is able to pick up to 20 kHz, and people over 40 are able to hear at most 16-18 kHz (if ever). This is why 22 kHz is meant to be the absolute upper frequency to digitally encode on an Audio CD and thus 44 kHz the maximum sampling rate required for "absolute audiophile perfection".

Let us not muddy the waters with a discussion of "audiophile perfection." You'll bring out the trolls, many of whom would tell you everything there is that is wrong with recordings at 44.1KHz.

And you're wrong about why 44.1kHz was selected, but that's OK -- lots of folks are wrong about it. 44.1kHz was chosen as a sampling rate both because it was greater than ~20kHz*2, and it fit neatly into the digital recorders of the time (which generally consisted of a U-matic [wikipedia.org] video deck with a PCM adapter [wikipedia.org] , the Sony PCM-1600 [google.com] being the first of such beasts available).

In other words, 44.1kHz was convenient, and was in keeping with KISS. A Nyquist limit of 22.5kHz merely is a product of the implementation, not a design goal to allow audiophilic nirvana. (Reference [columbia.edu] with maths).

All the above as an estimation for what frequency a ADC/DAC in a smart phone can be capable of: my guess - an upper limit of 30-36 kHz. Given the amount of information that a NFP requires (hundreds of bytes, including an encryption key), the fact that tone encoding is not sensitive to amplitude/power variations, the fact that directionality of sound is easier to implement than in RF, the band between 20 to 30 kHz may be just enough to implement the NFP with a better protection for eavesdropping than using radio.

No. The band from 20 to 30kHz doesn't work. The maximum sampling rate that can be reasonably expected to be supported by a reasonably modern, existing (remember the context) phone is 48kHz, which means that frequencies above 24kHz cannot be handled at all. Remember, this is supposed to work with existing devices.

Furthermore, I would be absolutely shocked if any of the speakers or microphones (along with the associated filters, amplifiers, and other analog componentry) on a handset were useful at all above 15kHz in any reliable fashion across different devices. Remember, this is supposed to work with existing devices, wherein the primary design consideration is voice audio over the telephone network (which tops out at 4KHz, anyway), with a small side of watching stupid videos on Youtube. KISS, etc.

Now, given the wavelengths involved, it might actually be easier to design a small directional loudspeaker for high frequencies, than it is to design a (say) small 2.4GHz antenna. But that doesn't matter because by that point we are, again, back into the category of new designs. (Remember, this is supposed to work with existing devices.)

Re:Inaudible to people, perhaps.. (1)

AK Marc (707885) | more than 2 years ago | (#36509136)

So, there's no point in even discussing how well the thing might behave at 50 or 100KHz, because that's never going to work with existing phones.

That was my question. Given that my phone lists its speaker and mic as 20-20k Hz (or close enough to that), how can something make a sound that the phone can hear that I can't? Or, as you point out, given the chips in the phone, it is limited in what it can output and receive from an electrical perspective as well.

If you are going through the trouble of redesigning the phone anyway, is this really going to save money?

Re:Inaudible to people, perhaps.. (1)

adolf (21054) | more than 2 years ago | (#36509538)

If you are going through the trouble of redesigning the phone anyway, is this really going to save money?

No, it won't save money if it requires a new design. And that new design won't save any space.

The only thing this tech has going for it is that it is a purely software solution.

And as a software solution, it is limited by the constraints of the hardware. And that hardware is limited to producing and recording audible sounds, since it is (well, you know) audio hardware.

Re:Inaudible to people, perhaps.. (0)

Anonymous Coward | more than 2 years ago | (#36509862)

The speaker response probably falls off gradually rather than suddenly, but it's possible that the drivers, D to A converters etc ignore any frequncy outside the audible band anyway.

Re:Inaudible to people, perhaps.. (0)

Anonymous Coward | more than 2 years ago | (#36508540)

zoosh! your wallet is empty. seriously though, if there were smart enough to make the sound only good for a single transaction for that time/date/store/amount then it wouldn't matter too much if it was overheard.

Re:supermarket noise will make it unusable (0)

Anonymous Coward | more than 2 years ago | (#36509772)

supermarket noise will make it unusable, since sound is not directed (yes I have heard of directed sound systems which can be installed on ships but not on pocket phone)

Doesn't solve the POS problem still (0)

Anonymous Coward | more than 2 years ago | (#36508152)

Where do all these Zoosh enabled POS systems exist? Google is already pushing NFC (with Apple obviously ready to jump in, in the near future), so I'm not sure how an upstart with no ability to penetrate the POS market, can possibly survive. The only negative that Zoosh seems to be fixing is that you don't need the NFC chip, but with a multitude of NFC chips, add in SIM nfc chips, and SD NFC chips, I'm not too sure if it's even a problem anymore.

Do Not Want (0)

Anonymous Coward | more than 2 years ago | (#36508210)

Cash is King, baby.

Re:Do Not Want (1)

zonky (1153039) | more than 2 years ago | (#36508548)

Actually, I dislike carrying much cash, and I don't want NFC either. I don't want any payment system i can't authorise/use a PIN on at time of sale. I wouldn't walk around with $500 in my wallet for me to lose, I don't want an unauthenticated NFC system either than people can spend without intervention.

Re:Do Not Want (1)

Neil Boekend (1854906) | more than 2 years ago | (#36509532)

I'd use it for small payments and I'd never have a lot or money on it. Now I use my "chipknip" [wikipedia.org] for small payments. For example paying for parking, or for my meal at work (can't even pay that in another way).
I'd put about 20 on it at any given "charging" so there never is much on it, just enough to pay these things.

Re:Do Not Want (1)

antifoidulus (807088) | more than 2 years ago | (#36509656)

Those RFID cards are awesome. In Japan I use Suica, I love it. Not only is it more convenient than dealing with cash, it also can be completely anonymous like cash. Registering your name is optional when you buy the card, the only advantage to registering is that if you lose your card you can get a new one with same amount of money on it.

Re:Do Not Want (1)

Neil Boekend (1854906) | more than 2 years ago | (#36509876)

My card is not RFID. It's more like a SIM card (but credit card sized). The communication is contact based. It's not anonymous (since it's coupled to my bank account, although you can buy anonymous ones in a few places. Usually that's used for foreigners, for example to allow them to eat in our cafeteria.) and if I lose it I lose the money (that's why I do not put much on it). However the system was started in 1996, before RFID became the default. Within a couple of years all new bank cards (PIN cards) came with it.

So... (1)

Bieeanda (961632) | more than 2 years ago | (#36508226)

NFC requires specialized chips. This audio-based solution does too, but the summary handwaves it because a tiny handful of phones already has it. I'm not sure about anyone else, but I smell a false premise.

NFC irrelevant? (3, Informative)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#36508236)

Has NFC already been reduced to a glorified mag-stripe; but with more options for carriers to get their pound of flesh out of the transaction? If so, then yes, a cheaper way of communicating with the POS arguably threatens its relevance.

However, if that deplorable possibility hasn't come to pass, then this seems like only a partial replacement. With NFC, as with the prior RFID stuff, you get the handy option of having passive, antenna-powered tags that can interact with powered devices. You can also have two powered devices talk to each other, some combination depending on the circumstances. With this audio mechanism, and QR codes, and the like, you have the advantage of using hardware that is already there 'for free' because it has other uses; but your versatility is limited: The audio-based system, unless some very clever and likely not cheap piezo/MEMS system were to be hacked together, will only work between two powered devices. QR codes are tolerant of unpowered tags, indeed their tags are cheaper than RFID ones; but you are restricted to dumb tags only. No challenge/response authentication or anything unless two devices with screens and cameras are flashing QR codes at each other as a crude form of two-way communications interface, in which case both of the devices have to be fairly sophisticated and powered.

Re:NFC irrelevant? (1)

AmiMoJo (196126) | more than 2 years ago | (#36510244)

There is also the practical issue of having to maintain working speakers and microphones on the read. With NFC the reader can be completely airtight but for sound you will need holes for air to pass through. In a busy station where there is a lot of dust and people might have wet hands if they just came in out of the rain a sealed unit has obvious advantages.

Most secure is cash. (1)

Troke (1612099) | more than 2 years ago | (#36508240)

The most secure transactions you can make is cash out of your wallet. Only person who can take it then is a mugger (or a girlfriend) and at least then I know when it happens and how much is missing. All these alternative payment systems (including debit and credit cards) are ripe for the taking because of the numerous hands and systems that touch the payment information along the way.

Re:Most secure is cash. (2)

stabiesoft (733417) | more than 2 years ago | (#36508636)

Agreed, and the local coffee shop I go to gives me a discount for using the green stuff. It puzzles me how all these customers come in and use a credit card for a 2 dollar purchase. The dirty looks the cashier gives to these people is "priceless".

Relevant Research (1)

Anonymous Coward | more than 2 years ago | (#36508258)

I once experimented with the idea of using a high frequency(19khz-22khz) wav forms to transmit 1-30hz pulses into the brain via sound(think subliminal advertising) and found it incredible that most current cell phone mics are very adapt at receiving and playing it back very clearly, so there might be some merit to this idea.

Re:Relevant Research (1)

dynamo (6127) | more than 2 years ago | (#36509134)

I once experimented with the idea of using a high frequency(19khz-22khz) wav forms to transmit 1-30hz pulses into the brain via sound(think subliminal advertising) and found it incredible that most current cell phone mics are very adapt at receiving and playing it back very clearly, so there might be some merit to this idea.

What was the result of your experimentation? Seriously.

2600 Hz anyone (0)

Anonymous Coward | more than 2 years ago | (#36508288)

Why don't they just use 2600 Hz so I can pull a whistle out of a box of cereal and make payments? How many chirps are a quarter? This tech company has not learned from AT&T's past mistakes.

My cell phone will listen to your cell phone and get your money and stuff.

Re:2600 Hz anyone (0)

Anonymous Coward | more than 2 years ago | (#36508338)

Obviously. Similarly, since my phone has WiFi, it reads all your phone's email!

What's that? You use encryption? Well, that's just because you're a genius. Nobody involved with this system would ever think of that...

Re:2600 Hz anyone (1)

DarwinSurvivor (1752106) | more than 2 years ago | (#36508500)

It sounds stupid, but judging by the past actions of almost every financial institution in the world, any encryption they use will not even be worth it.

Re:2600 Hz anyone (1)

Guppy (12314) | more than 2 years ago | (#36508956)

I dunno, I'd feel pretty silly leaning over a grocery checkout counter and yelling "eeeEEEE Ksssssssshhhh.."

Re:2600 Hz anyone (0)

Anonymous Coward | more than 2 years ago | (#36509502)

Exactly. It's the 80s all over again

NFC works with cheap RFID + has security element (1)

ad454 (325846) | more than 2 years ago | (#36508304)

One key advantage is that you can use your phone with a free Android app to read and write onto cheap (read+write-many or read+write-once or read-only) HF based HFID tags that cost a few cents and are field powered:

https://market.android.com/details?id=com.nxp.nfc.tagwriter&feature=related_apps [android.com]

Imagine the possibilities... Product tags, WiFi setup including WPA2 keys for guests, bulletin messaging in areas with poor signals, etc. In addition, the NFC chips being used on these phones have a security crypto chip that is isolated from the main device and can act as a hardware security token capable of full PKI (RSA, ECC, X509v3, CMS, ...), in addition to being used for electronic payment, transit fares, etc. Google Wallet is just one example. But since NFC is compatible with ISO14443, you can also use it with Paypass, Clipper, Suica, Octopus, etc.

How much do you think it costs to embed microphones and audio processing electronics? Not to mention the resources needed to support this including external power, and potential problems in noisy environments.

Re:NFC works with cheap RFID + has security elemen (1)

inputdev (1252080) | more than 2 years ago | (#36508412)

How much do you think it costs to embed microphones and audio processing electronics? Not to mention the resources needed to support this including external power, and potential problems in noisy environments.

I'd guess the microphone + audio processing electronics will come to less than $1, and they will only be necessary where payments are being accepted - I think a better question is how much the NFC chips will cost in every phone. Noisy environments are likely going to still work because the data transmitted can be relatively little (a few K in a few seconds is probably enough). You have a good point about product tags / etc. but I'm not convinced that we need more than the barcode.

Re:NFC works with cheap RFID + has security elemen (1)

Jane Q. Public (1010737) | more than 2 years ago | (#36509542)

I think an even better question is how long it will be before people with sniffers find a vulnerability in the system.

Don't try to tell me it isn't possible. If Chris Paget can read RFIDs out of passports from 30 feet away and inside his car (equipment cost: $1500), then how easy will it be to sniff active systems like NFC from across the room and behind a wall?

And please don't try to tell me that the transactions are "secure". People have found vulnerabilities in just about every kind of electronic payment system in existence. Banks haven't even been able to make their cards very secure, and there is no way in hell NFC is going to be any "safer" than cards.

Frankly, I think NFC is a disaster trying to happen. Maybe not right away, but once it becomes prevalent, and criminals become highly motivated to find its weak spots.

The problems I see are:

(a) It is a solution without a problem. Other than the ability to use RFIDs as you mention, I don't see that NFC solves or reduces any real problems that currently exist with cards or scanners.

(b) NFC introduces some physical vulnerabilities that cards and scanners do not share: such as the active transmission of financial information via RF.

(c) It is relatively expensive when cheaper solutions already exist.

I could go on but the point is that I simply do not see much in the way of benefit, yet there are significant negatives.

back to capt'n crunch (2)

fermion (181285) | more than 2 years ago | (#36508310)

There was a time when the cost of a long distance call was exorbitant. Fortunately the phone company ran validation over the same lines of communication, and it was possible to reverse engineer the tones ATT used to get free long distance. The lesson learned is that if the user has access to the validation channel, and the validating code is simple and unencrypted, then it will be hacked and abused. Given the limitations of the cell phone microphone and the network, I would wonder how complex the tone could be, and how easy it would be to hack to steal product or money.

Re:back to capt'n crunch (1)

phantomfive (622387) | more than 2 years ago | (#36508550)

I'm guessing it is A) encrypted and B) VERY hard to whistle that tune. In any case, radio signals can be picked up just as easily as sound waves, so this probably isn't much different than NFC in terms of security.

Re:back to capt'n crunch (1)

Charliemopps (1157495) | more than 2 years ago | (#36508742)

I can just as easily take a picture of your credit card number with my cellphone. I don't need to reverse engineer a damned thing.

Not that I want this... or a credit card. When I want to spend money, I have to go to the bank and fill out a withdraw slip. If I don't want whatever it was I was going to buy bad enough to do that... I didn't need it in the first place.

Re:back to capt'n crunch (1)

Hognoxious (631665) | more than 2 years ago | (#36509806)

I can just as easily take a picture of your credit card number with my cellphone.

Without me seeing you do it? Don't think so.

Re:back to capt'n crunch (1)

sam0737 (648914) | more than 2 years ago | (#36509360)

Same for NFC and mag-strip. Access to audio maybe easier than NFC signal, but it's still "open" to user. Same for SSL...it's all in-band and accessible.
Last time I read a NFC related spec, a asymmetric encryption/PKI is employed.

If phone company run the signal in-band today with the signal signed with PKI, etc etc, it's just as secure as running it out-of-band. It's just we didn't have the technology to do that efficiently a few decades ago.

bring it on... (0)

Anonymous Coward | more than 2 years ago | (#36508342)

i got my capt'n crunch whistle ready!

I completely refuse (4, Insightful)

holophrastic (221104) | more than 2 years ago | (#36508418)

Right now, I have an AMEX in my wallet. It's the best. Unlike my six other credit cards, my AMEX has no chip, no PIN, and no magic. Ok ok, it has a magstripe. The point is that in order to use it, I open my wallet, swipe my card, sign my signature, and walk away. That's great. It's convenient because it takes fewer than 10 seconds, and it's super-secure, because it requires me to take out my wallet, and to use my card within a millimetre of the magstripe reader. And it's super legal too, because my signature is a legal tool that means something, and it's very criminal to forge someone else's signature. Finally, it's super-safe for me, because if anyone, anywhere in the world uses my credit account for any reason in any way, I'm not responsible for the charge. That's perfect.

The reason I don't use my other credit cards is very simple. They suck. The chip can be read from many yards away, through my pocket. So it's not secure. I need to remember a different PIN for each, so it's not convenient. I'm not allowed to use the same PIN for each -- that's against the card agreement, and rightfully so. And here's the worst part. If someone else uses my card, and uses my PIN, it doesn't matter how they got it it, I'm still responsible to pay it. Read your agreement. Ask for it. That's what it says. It says that you are responsible for any purchase made using your PIN. My PIN is not 32 characters long. It's just a handful of digits that anyone could notice, and remember easier than a phone number.

Now, we're talking about using my phone. A device that can break, die, crash, or get lost. Unlike my wallet, my phone moves from my pocket to my hand way more often. It discharges too. So now if my battery dies, I won't be able to buy a new one. Suck on that for a while. How's that for a buried shovel? So it won't be safe. It won't be secure because whatever information is being passed is being passed through the air, and is no more secure than any airwave transmission. And by using ordinary soundwaves, it can be detected by any microphone that ever existed -- including other phones. My credit card can't intercept other credit cards, unless it's covered in cheese when I swipe it. And by the way, jamming is just as bad. So it's not secure in any way.

Not to mention the most annoying part of all. I just refuse to use a modem ever again. I don't want to hear that sound again. I don't want to wonder why my 16800 is connecting at 14400. I don't want to know why no one has ever gotten 56000 ever, with any 56000 modem. And I don't want to have to explain to someone what BAUD means ever again.

I'm done with that shit.

Re:I completely refuse (1)

glwtta (532858) | more than 2 years ago | (#36508652)

Finally, it's super-safe for me, because if anyone, anywhere in the world uses my credit account for any reason in any way, I'm not responsible for the charge. That's perfect.

That's great, but it's a feature of your account agreement, it has nothing to do with the technology used to authenticate the transaction.

Re:I completely refuse (3, Interesting)

holophrastic (221104) | more than 2 years ago | (#36508750)

See, I used to think that, but it's the other side that makes it true. Certainly any agreement could say that if someone uses my PIN, I wouldn't be responsible. They don't, but they could, but they don't. And you can flip that any way you like. But a signature is different. A signature isn't a part of my agreement. A signature is a legal device.

The primary reason that my credit account can't charge me for fraudulent charges is because I never agreed to those charges. And in today's legal world, the only reason that I need to pay my credit card bill is because every restaurant has me sign a piece of that says "I agree to pay above total amount in accordance with card issuer's agreement".

It's not the account agreement; it's the law, and the concept of a signature as a binding contract. A PIN is based on the idea that no one else knows my PIN. A signature is based on the idea that no one else can bind me to a contract. The day that the law changes, and says that using someone else's PIN is criminal, then I'll be happy. But right now, you're allowed to use someone else's PIN. That's not illegal. It's illegal to steal, but that doesn't stop my having to pay my credit card bill. Contrast that with the idea that it was always illegal to sign someone else's name, even with their permission and consent. You simply aren't allow to sign someone else's signature, under any circumstance, for any reason whatsoever.

So that's the reason that I say it's a problem with the technology. The technology failed to consider the legal ramifications of such a change. To say that it's not the technology's fault is like playing football during during recess (do they still have recess?) and calling interference when the ball hits a tree. That's not interference, the tree was there before you threw the ball.

Re:I completely refuse (0)

Anonymous Coward | more than 2 years ago | (#36509316)

It IS illegal to use someone else's pin with their (presumably stolen) credit card. It's illegal to impersonate someone else to defraud them. It's illegal to steal. None of this matters to a criminal, THEY DON'T GIVE A SHIT. It's not going to make a difference when someone takes your identity and run with it, you're still going to spend weeks ringing the card companies and talking to the police and your bank manager, whether you use AMEX, MasterCard, VISA, whatever, and whether you use signature, PIN or digital-authentication. Eventually it'll be covered by indemnity insurance, meaning the bank eats the cost.

And signatures don't provide you with the security you believe, because no shop attendants or banks actually check signatures on receipts, withdrawal slips etc. The only thing that protects you from fraud in both cases is the credit cards implicit or explicit indemnity insurance against fraud and theft.

Technology that makes it harder to defraud you is a good thing, because it means you're less likely to be defrauded, and so you're going to spend less effort resolving cases where it does occur. It also saves SOMEONE (not necessarily you) money, because the risk and hence cost of indemnity insurance is less.

You SHOULD know that your AMEX is no different to VISA or Mastercard, that all someone needs is the name and numbers written on the front and back of the card to perform a card-not-present transaction, such as that used to purchase things online. It is actually a shame that no technical mechanism is in place to authenticate against the card and PIN when making online purchases. This in spite of the technology being readily available and used for all manner of other things (see Kerberos, SSL, etc).

Re:I completely refuse (2)

fast turtle (1118037) | more than 2 years ago | (#36509388)

I guess you didn't understand GP's point. If he didn't sign for it or authorize the charge, he's not responsible for more then $50 USD in debt in the States, unlike those smart cards, where the agreements are starting to include the improper use of a PIN making the customer completely responsible for the transaction.

Because of that, I will never go with one of the smart cards as sticking with the old system means I still have the limit on damages of $50 USD instead of having no recourse.

Re:I completely refuse (2)

holophrastic (221104) | more than 2 years ago | (#36509638)

Just as the previous reply says, you're forgetting that for all of the things being equal, with a PIN, you have to first pay your VISA. With my signature, I don't have to pay AMEX while I'm fighting everything else. That's the difference. When someone steals my card, I still have my money to fight them. When someone steals your card, and charges $15'000, first, you lose $15'000. And if you don't pay it, then you lose your credit rating, and your lawyer won't even take your case.

See the protection? Read your agreement. Read the line that says that you pay for absolutely any charge made with your PIN.

As for the signature that isn't checked by anyone, you're wrong. It's checked when I say it should be checked. When I say it's not my purchase, AMEX calls the store, and asks for that slip. Then they look at it, send it to me, and ask me if it's my signature. I say no. They then believe me.

Re:I completely refuse (0)

Anonymous Coward | more than 2 years ago | (#36509970)

> The technology failed to consider the legal ramifications of such a change.

Oh, it was considered. This was the whole point. Within the banking industry, the change from signatures to chip'n'pin was referred to as a 'liability shift'. Because there is no longer a signature, the bank is not liable in law for fraudulent transactions - the retailer and/or cardholder is.

In the UK at least, a card transaction authenticated by signature is covered by the same law as a cheque and the law makes the bank responsible for verifying that the signature is authentic. A PIN is not covered by this law, and that's why the banks wanted it.

Re:I completely refuse (0)

Anonymous Coward | more than 2 years ago | (#36509888)

The reason I don't use my other credit cards is very simple. They suck. The chip can be read from many yards away, through my pocket. So it's not secure.

Wow, you found a remote hole ... in a smart card?

do phones really need a 4th radio ? (1)

obarthelemy (160321) | more than 2 years ago | (#36508422)

Smartphones already have 3 radios: Phone, Wifi, Bluetooth. Do we really need, or want, a 4th one ?

Re:do phones really need a 4th radio ? (1)

glwtta (532858) | more than 2 years ago | (#36508612)

I would think they need exactly as many radios as are needed to support the features that people want?

But, and that's where I draw the line, not a single one more than that!

Re:do phones really need a 4th radio ? (0)

Anonymous Coward | more than 2 years ago | (#36508632)

Nope. They just need one radio, a terahertz processor, and a software-controlled radio.

Re:do phones really need a 4th radio ? (1)

dynamo (6127) | more than 2 years ago | (#36509150)

Good point, except I think they'd be able to do software-controlled radio without the terahertz processor, a next generation dual core might work.

No secure element means no security (1)

swillden (191260) | more than 2 years ago | (#36508484)

Mobile handsets are well on their way to becoming general-purpose computing platforms, with all of the security problems that entails. I think we have reason to be hopeful that it won't get as bad as Windows-based PCs are, but the fact is that the security of the handset is never going to be something we can really rely on.

To me, that means that if we want to use them for payment, we need to have a device in the phones which can securely store and use cryptographic keys, and contain and execute software that can be trusted to make appropriate security decisions. NFC is almost* exactly what's required for that, because the NFC chips are smart card chips -- small 8 or 16-bit computers in packages that have been specifically designed for years to resist intrusion. Are they perfect? No, nothing is. But they are the result of a decades-long arms race between attackers and designers, and they really are pretty darned secure. When competent security engineers who accurately understand their security strengths and weaknesses craft solutions and protocols using them, the result is orders of magnitude more secure than the main processor on a mobile handset.

I don't really care whether you use RF or audio or direct electrical connection to facilitate communication between reader and phone, to make it anything like secure you need a secure processor to handle the crypto. So you need the chip, period. But that's okay, because the incremental cost of an NFC chip added to a mobile phone is trivial.

And if you're adding an SE (or even just upgrading the SIM to make it featureful enough to handle the payment ops), the cost of the additional RF hardware needed by NFC is practically irrelevant, so why not do RF? I know Zoosh says this ultrasonic thing works in noisy environments -- but I'm really skeptical that it works in noisy ultrasonic environments. I'm also skeptical about the claimed low cost of merchant terminals, especially given that NFC-capable devices are already being produced in volume.

* The reason for my hedge "almost" is that I/O still has to pass through the main handset. In the case of communications with various back-end servers, whether via NFC or the cellular network or audio or whatever else, that's mostly okay because those back-end servers can have HSMs and do end-to-end security with the SE. "Mostly", because we'll still need the handset to provide the UI for users to authenticate, approve transactions, etc. What would really be awesome is if the phone had a mode where the SE could take control of the UI and cut the main handset OS out of the loop -- and maybe also have an LED on the phone that is hard-wired ONLY to the SE so that when that light is on you know the SE is in control. But there are many, many reasons why that is infeasible with current-generation SEs, and those coming for the next few years. And when it does become possible, the increased level of software complexity will undoubtedly come with exploitable security defects. It's a hard problem.

Still, even without my ideal situation, the result of combining an SE, well-designed protocols and a handset UI/network, etc. will provide a huge increase in security vs current electronic payment systems.

Re:No secure element means no security (1)

paulo.casanova (2222146) | more than 2 years ago | (#36508564)

Mate, I'm with you. This is really funny but I'm going to quote a page from Microsoft [microsoft.com] . And it says something very interesting: Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore. Now just let it make payments on you behalf and someone please explain how hell doesn't get loose.

Of course, unless you're using a Secure cryptoprocessor [slashdot.org] on your mobile phone, to encode encryption keys and so on but I really doubt it. Really. Cell phones were not designed for security. Sure, credit cards can be stolen too but: they require your signature or they require a PIN and, AFAIK, you cannot install software on your credit card...

Re:No secure element means no security (1)

Jane Q. Public (1010737) | more than 2 years ago | (#36509582)

Regardless of what hardware is either in the phone or in the terminal, NFC still has to do handshakes, ACKs, and send financial transactions over RF... and it will be sniffable. Will the encryption and security be up to the task? I am doubtful. Not because the cryptography is weak, but because there is nearly always some kind of flaw in the implementation.

NFC irrelevant? (1)

stinerman (812158) | more than 2 years ago | (#36508510)

I don't know about that. Sure they've only won 5 of the last 14 Super Bowls, but they've won the last two. I wouldn't write them off just yet.

Resolve Problem ... (1)

ryanw (131814) | more than 2 years ago | (#36508628)

I think I have an easy solution to this. I'm not an analog expert by any stretch of the imagination, but I did use modems (300 baud modem all the way up to a 56k).

If you could make a cradle where you slide the phone into it, the purchaser's phone would send it's public_key to the purchasing system, which would then send it's public_key back to the purchaser's phone -- encrypted with the purchaser's public_key. Then the purchaser's phone would send the payment information encrypted with the public_key of the purchasing system -- and the acknowledgement of successful transaction would be sent back encrypted with the purchaser's public_key, then one more final "ack" from the purchaser's device to the system saying that it received the transaction confirmation. DONE.

I don't know how much bandwidth is there between the microphone and the speakers, but instead of just relying on the 'inaudible space', why not use the whole bandwidth? They're close enough, it won't be that much of a bother if it's in the cradle. I can't imagine this to be nearly as fast as swiping a credit card. But if you consider, swiping the credit card, waiting for the authentication, then waiting for the signature, then waiting for the printing out of the receipt, etc. That whole thing can take a minute or so depending. So if this system basically made it so that your receipts are all electronic (no paper print out required when using this system), no requiring another signature to use the device, and all you have to do is slide your phone in a slot for 30 seconds to a minute to complete the transaction, it nulls out the time and makes for effective use of technology.

It might FEEL like you're waiting forever for the handshake.. but people would just need to realize what busy work they're saving themselves, and plus the store is saving a ton of headaches as well not having to keep track of the physical paper receipt signatures. The credit card processors would appreciate that as well.

To really make this "safe" as well, you could have the software on the phone require a password to be entered on the device to "unlock" the encrypted "credit card information" within the phone for 2 minutes or whatever. After that 2 minutes of you entering the password, it auto locks and requires the password to be entered again. So if you loose your phone or someone steels it, they don't knwo your password to unlock your credit card information in the phone....

Anyway, there's my free $0.02 on how to make this work. :)

Re:Resolve Problem ... (1)

tftp (111690) | more than 2 years ago | (#36509782)

If you could make a cradle where you slide the phone into it, the purchaser's phone would send it's public_key to the purchasing system, which would then send it's public_key back to the purchaser's phone -- encrypted with the purchaser's public_key.

There is no reason to encrypt public keys - they are public, after all.

Then the purchaser's phone would send the payment information encrypted with the public_key of the purchasing system -- and the acknowledgement of successful transaction would be sent back encrypted with the purchaser's public_key

How do you know who you are paying to? You need to have those public keys signed, so that:

  1. The buyer knows that he pays to Albertsons Groceries and Stuff, and not to MS-13 Cyber Crime Gang. It could be a good racket to reconnect a couple of wires under the desk during the night. Even if the setup lasts one day, it's a good take.
  2. The store knows that the customer uses his legitimate account, and not a fake one that won't survive validation by the bank.

All these issues are well known from HTTPS. If your phone needs to validate signatures of store keys it has to have keys of CAs on it, and those need to be managed in some way. Don't forget revocation, keys will be inevitably lost.

But if you consider, swiping the credit card, waiting for the authentication, then waiting for the signature, then waiting for the printing out of the receipt, etc. That whole thing can take a minute or so depending.

This is not the bottleneck, and there is no reason to optimize that phase. It rarely takes more than 15-20 seconds to confirm the transaction and to print the receipt. You know what takes forever? Checks, if someone in front of you is antisocial enough to use them.

no requiring another signature to use the device, and all you have to do is slide your phone in a slot for 30 seconds to a minute to complete the transaction

As other posters already mentioned, phones get lost quite often. With this system in place muggers will be hunting for phones. Do you want the thief to empty your bank account while you are laying in a ditch? Your {G,B}F will also be able to pay with your phone when you least expect it - and there is no way to prove that it wasn't you.

To really make this "safe" as well, you could have the software on the phone require a password to be entered on the device to "unlock" the encrypted "credit card information" within the phone for 2 minutes or whatever.

How is it different from using a debit card? Besides, the same attack applies to the phone: the mugger beats you until you reveal the password. Even worse - with the debit card the mugger can't verify it instantly; but with the phone he can enter it right in the dark alley, where you are laying on the ground, and check if you lied. [There is a possibility of duress codes, though, but they aren't implemented by US banks, AFAIK.]

it nulls out the time and makes for effective use of technology.

Paying for stuff is never a problem. Getting money to be able to pay is what you need to focus on :-) This and other phone-based "technologies" are just contrived ways to use the phone where it shouldn't be used. Might as well connect a toothbrush to it, set to "vibrate" and enjoy your new Sonicare :-)

Payment systems are supposed to be simple and cheap. Many people don't know how to use technology. Other people don't have money to buy phones. Other people don't want phones. A phone is not a requirement to live in the country. Even a card is not required, cash is still accepted. If you can't drop cards then you have to have yet another payment system connected to your cash register. What for? What is gained? A phone is MUCH HEAVIER than a plastic card, and it costs more, and it has to be charged, and it can run malware, and it's always connected to who knows what. You don't want to forget your phone in that cradle either.

Yet another thought is about sanitary issues. Your phone touches your hand and your face. You try to keep it clean. However imagine that you need to slide your phone into a cradle where thousands of strangers also slide your phones in! I think it's a terrorist's dream. The plastic card never touches your face, and the contaminated area is very small (the mag strip.)

To summarize, this method may be fun and games, but business-wise it probably won't get much traction. Essentially, there is only one group of people that might use it - teenagers, and for one reason only - because it's fun. They aren't very rich, though. Grandmas will keep using plastic regardless of how much you want them to switch. Businessmen will keep using Gold (or whatever) American Express because it's a status symbol. Contractors and businesses will keep writing checks because they are easy to keep track of. Middle-aged men will continue to use their credit cards because of the safety and protection they afford.

Text a One-Time-Password (2)

Doc Ruby (173196) | more than 2 years ago | (#36508648)

I don't understand why the specific method of the phone giving the cash register some money is some kind of roadblock. Why the phone needs some new method of communicating with the cash register. The phone has a million ways to send a message to the cash register and get a message back. Why can't the phone just text a One-Time Password to the cash register? Or use HTTPS? Or USSD, the GSM infrastructure high priority message used for topping off prepaid phones? Or any of a number of other comms techniques? Phones in Scandinavia have been texting parking meters, and getting texted when the meter's running down, for years. The money can be transferred by digital "check" between banks, or the telco can collect micropayment notices to be paid back like a credit card at the end of the month - or your phone privileges are cut off by the telcos cartel, harsher than a credit rating hit.

The infrastructure for these transactions are everywhere already. I'm impressed by the cleverness of this "inaudible" signaling, but it all seems an unnecessary waste of time.

Re:Text a One-Time-Password (1)

rushdale94 (2148614) | more than 2 years ago | (#36508882)

OTP texting (SMS) may not be secure enough. With users being allowed to keep their phone numbers when switching mobile operators, there is a risk that the text may go to a "hacker" instead of the mobile owner.

Re:Text a One-Time-Password (1)

dynamo (6127) | more than 2 years ago | (#36509160)

Ideally you don't want to communicate over a non-local network to make a local transaction, that's why. For security and because it just makes sense.

How is this more convenient than cards? (1)

chemicaldave (1776600) | more than 2 years ago | (#36508794)

Or cash even? It takes me 2 seconds to get my wallet out. How long are you willing to wait for this app to start up and finish a transaction with the register?

Dont the DACs only output sound up to 20KHz? (1)

DavoMan (759653) | more than 2 years ago | (#36508804)

It will be cool hearing a little 'DoodleyBIP!' sound when ya buy things!!!!

But seriously. For this to be an advantage it would have to run as an application requiring no hardware changes, and would be subject to the same restrictions.
Like say - a limited range of frequencies (about 50Hz up to 18Khz to be conservative). Humans can hear all of that, and its even dangerous to be too loud at high frequencies.

chipless maybe, but not chirpless (1)

markhahn (122033) | more than 2 years ago | (#36508848)

but seriously, shouldn't the question be whether EM or audio has a more usable SNR in the random retail environment?

Do not expose personal info (0)

Anonymous Coward | more than 2 years ago | (#36509000)

Any system which expose buyer's info is bad.

Money is better.

If you compare a system to current one in security and privacy, you will find all new system is bad.

Do not accept a payment system which expose buyer's personal info. Even a small portation.

There are no benefit to do that.

People, think carefully, a wallet is better than any high-tech payment system.

Implementation can be done without give out the personal info. The store should generate a one-time transaction identifier, the buyer then receive that id, pay the bill with any means without give out personal info. Do not allow tracking please.

More intermediaries won't work (1)

DogDude (805747) | more than 2 years ago | (#36509008)

There are an endless supply of IPO driven, marketing oriented, bullshit companies like this one trying to make the next payment system. The truth is: none of them will work. Not one. Every one of these guys is in it to get a piece of the action. I don't blame them. There's an ungodly amount of money to be made, but that's exactly the reason why it won't work. Merchants pay about 2-3% already for accepting credit cards. That's a metric shit ton of money right there, and no merchant in his right mind is going to cough up an extra percentage point or two for some stupid gimmick like this. Credit cards and cash work fine. There's no problem for these moronic companies to solve.

But the reason why NFC is 'taking off'... (1)

the-s-dog (1305457) | more than 2 years ago | (#36509116)

... is because it puts the money-making opportunity in the hands of telco's, who can further argue that one needs to upgrade a phone every 2 years?

Reinventing the wheel (1)

simgod (563459) | more than 2 years ago | (#36509512)

Such a system already exists. It has been used in Slovenia for about 10 years. It was developed by Ultra d.o.o. and is called Moneta/M-pay.

I had this idea myself recently ... (1)

burisch_research (1095299) | more than 2 years ago | (#36509624)

... and built it. My system's called BitChirp, and can encode up to 512 bits. It works. Too bad these guys beat me to market :(

Again (1)

Kim0 (106623) | more than 2 years ago | (#36509734)

There have been myriads of systems like this.
I was contacted by a french company doing the same, with their own sound encoding system,
which was quite similar to DTFM of the keys on old keypad tones.
Then there were a similar system made by an european crypto-key calculator producer,
which actually used DTFM.

The principle is so simple that any good crypto programmer could have made it with an
ordinary modem. I take this as a strong sign that this kind of technology, including
near field communications, are hindered by some other factor, such as disinterest from banks.

Re:Again (1)

tftp (111690) | more than 2 years ago | (#36509872)

I take this as a strong sign that this kind of technology, including near field communications, are hindered by some other factor, such as disinterest from banks.

  • Banks would have to provide phones to their account holders - and that's quite expensive!
  • Alternatively, they can provide software for existing phones. But then they have to support thousands of models! It's a nightmare.
  • Such a system is not under bank's control. There will be various people who want their cut. The bank is not in business of giving money out.
  • Such a system has to be sufficiently secure, so that the customers don't sue the bank and that the bank doesn't lose too much money on fraudulent transactions.
  • Customers don't feel any urgency in parting with their money. I can certainly wait a few seconds while the transaction clears, and I do want my receipt.
  • Vendors are in no hurry to pay for another gizmo that won't increase their revenue. There would be no customers who come, want to buy stuff, note that the phone pay is not available, and leave.

This leaves only peddlers of those new technologies, who are doing their best to sell the idea to phone companies. And phone companies want to insert themselves into the payment chain - for a fee, of course. Everyone else is indifferent. The gas station that I usually use has some sort of wireless pay thingie, I guess, but I gain nothing from using it (even if I had it) as opposed to using a c/c. The thingie would be just one more item to carry and lose, and one more bill to pay.

Old is new (0)

Anonymous Coward | more than 2 years ago | (#36510120)

Does this mean the "squeeeeeeeeee squuuuuuaallllllllll brrrrrrrbrbrbrbrbbrbrbtttt bong! bong!" sound is coming back?!

No battery, no phone... No phone, no Zoosh... (0)

Anonymous Coward | more than 2 years ago | (#36510160)

An NFC phone is just a phone with a contactless card implanted in it, and like those contactless cards, the NFC chip in the phone can be (are) powered thru the magnetic field generated by the POS, so can work even when the phone ran out of battery; Zoosh, by its software nature, needs a powered phone to oparate: no battery, no Zoosh... no money.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...