I'm not so sure Postman's view of ChatGPT would have been entirely negative. One thing he might have liked -- perhaps very much -- is that the medium is linear, rational, and conversational. Compared to watching the "peek-a-boo world" news shows on TV he decried, having long, deep conversations on some topic of interest with ChatGPT looks quite good indeed. I'm pretty sure he would not have liked the reliance on technology, however.
Sounds reasonable, and worth nothing that TV's dominant use case is entertainment, whereas it is ChatGPT's minority use case.
ChatGPT is less applicable to _Amusing Ourselves To Death_ and most applicable to his _Technopoly_ book.
Taken straight from Wikipedia:
> This is exemplified, in Postman's view, by the computer, the "quintessential, incomparable, near-perfect" technology for a technopoly. It establishes sovereignty over all areas of human experience based on the claim that it "'thinks' better than we can".
In the computer age Postman experienced, the IBM database system was the dominant mode of computing technolopy, and had mainly the High Modernist faults of a false claim to control and order. ChatGPT and other generative models much more directly attack the supremacy of human thinking, and make it much easier for us to cede control.
If you consider AOTD mostly about types of media, and how each media has effects on our society, then I think it clearly applies to chatGTP. These AI bots are becoming a Nee form of media that we interact with.
I’m not sure what Postman would say about them though. It may be too early to understand how people engage with them. Postman preferred newspaper to tv, since the former encouraged deeper thinking and the latter was focused on appearance and emotion. ChatGTP can encourage one to dive into a subject. On the other hand, Postman made a big example of how a society based on newspapers was excited for the Lincoln Douglass debates, and what it said about a civilization that wanted to spend hours engaging in intellectual debate. Does chatGTP encourage that king of society? It is hard for me to say yes.
I think in part it will depend on what these tools become. There is a path where they become worse than TV, just feeding us canned answers and short TikTok videos. But there is also an outcome where they are more like A Young Ladies Illustrated Primer and become very powerful ways to engage deeper with subjects. Interesting times …
I think Postman might have liked a more interactive medium for entertainment. So the idea of having a Socratic discussion with ChatGPT rather than passively watching TV, where the program flits from "10 people dead in mass shooting" to "and now this... a Corgi that barks on key!"
But I'm thinking more of the immediate adoption of ChatGPT and similar tools to generate writing. What I took away from "Amusing Ourselves to Death" as a primary concern was the effects on discourse and thinking.
I need to re-read (well, re-re-re-read) AoTD because Postman's central theme was about the population being distracted by trivia and entertainment, but along side of that he discusses the transition from oral culture to written / print culture to electronic media culture.
He made a good case that our transition to electronic media has, bluntly, dulled our ability to reason. There's a set of critical skills that people use to engage with written text (though Postman might have been somewhat generous about this) that they don't use with TV News, etc.
So the idea of leaning on ChatGPT to generate written content, I think, would've alarmed him quite a bit. I'd love to read his thoughts on that, though maybe he'd be just as happy not to see these technologies come to life.
I wanted something like this as well, and I have a prototype of something much simpler (using node2vec to generate embeddings using data from Wikidata and DBpedia (and Twitter)). It doesn't really do what you want, but you might find it interesting.
Clover CEO here. Won't comment on a competing device but this may not work the way you think. In Clover's approach the touch controller input isn't reaching the Application Processor running Android when in PIN entry mode. You can do patent search if you're interested.
That would be in line with the requirements. You go through stringent certification with the software and hardware that has access to the actual PIN and then show that the application and application hardware never really has any access to it so that you can customize/update your software.
This is the easy part.
The hard part I remember was establishing secure communication between all components in the system (initializing HSMs, injecting keys). I remember helping designing the process and writing hundreds of documents describing various security-related procedures like how the HSM racks are inspected, how the keys to the racks are fetched from the safes, how there are multiple safes for multiple security officers, how the officers are prevented from ever having access to other safes, how fetching anything from safes requires logging and using tamper-evident containers, how the logs are inspected, and so on.
I have designed a special cryptographic protocol so that we could generate and inject keys to the devices in KIF (Key Injection Facility) and separately to our database (to establish communication with the terminal). Fun.
Agree the people and process side is very difficult to do well. Familiar with all those and more -- we have extremely good, dedicated employees who care deeply about doing those things right.
We have some fun stories on this topic, like when we were using our PCI PIN approved secure room in our development office for the first time. We papered over the cage to prevent a security camera from being able to see employees entering PINs on the HSM. An eager employee papered over this cage a little too well cutting off the natural flow of air. And then there was a bug in our offline CA code and we spent 30 minutes in that air deprived cage while debugging occured :) finally the bug was fixed, we issued the cert on our first production device, and stepped out to get a breath of fresh air. Obviously this isn't our daily driver secure CA room :)
I have few more stories like the time when I closed the HSM rack door a bit too energetically and caused outage to entire company as we had to bring in third security officer to re-initialize it.
We also had special screens created for all cameras in the datacenter to block view on the HSM racks.
The biggest issue was, just before end-to-end test we figured out we forgot one of critical procedures (it was establishing authenticity of the HSM used) and we had to scramble to get new HSM and to re-establish all cryptographic material (so new storage keys, etc.)
What you're describing sounds like another backdoor of its own!
The general problem with most "industry security" approaches is that they simplistically attempt to wrestle ultimate Godmode-control for themselves, rather than working towards eliminating it.
Clover has had an offline feature for payments on all our devices (except our dongle/peripheral solution). It's very heavily used -- thanks to flakey ISPs, routers, WiFi, cellular, etc. We often see people go for a day or two offline.
We let you set limits on count/amount/time of offline transactions. After you come back online we send email a report telling you how many offline transactions you did and how many authorized and didn't authorize. This serves as a feedback loop to encourage fixing connectivity issues.
Thanks for this - I was wondering how they got the PIN considering plain text offline PIN has been deprecated for years. My understanding is that the liability shift is in effect for plaintext PINs, but maybe not in the NA/Canada region.
It's complicated. U.S. EMV credit is (virtually) all chip and signature. Debit is split between PIN and signature. US Debit Common AID is Online PIN, but you can legally do PIN bypass ("no cvm") or even fall back (or have user select) the card brand's application on the card (instead of the US Debit Common AID), in which case for Visa it will be signature and for Mastercard it will be online PIN. Politics and posturing.
I've only ever seen one merchant (Target) that requires the chip. Every other store is still using the mag stripe. In fact, while travelling this weekend, I used my card in a dozen new stores. But none used the chip.
I run a subsidiary of First Data (called Clover). I wrote and published the code for a few reasons:
- so I could answer questions more accurately and thoroughly during press interviews and with current and prospective partners. Nothing beats running code for this.
- My team doesn't trust me to write production code much any more but I need my kicks. ;)
- I'd like for people to understand Apple Pay crypto well -- it's the best I've seen in the payments industry. I'd like to even see something like this standardized for protecting cardholder data (both for card-present/POS transactions and e-commerce), where 3DES/DUKPT is still standard practice.
- There's been some misunderstandings that Apple Pay In-App is a closed system and you need to partner with them to use it. This is an existence proof that this is not the case.
- For people who are their own processor/gateway (e.g. very large companies), this gives them a bit of a head start on understanding what they need to do.
First Data has a commercialized version of Apple Pay in their new e-commerce gateway: http://www.payeezy.com/ (not to mention many gateways which process through First Data and support Apple Pay).
