Slashdot Mirror

Actually, the cost of the infrastructure to protect against this is likely under two million dollars if done correctly. The consumer devices would total $2.844 billion at $18 per consumer, although many of us like the $50 Yubikey 4 devices (these each store thousands of FIDO U2F credentials).

It would take maybe 4 months of a single $120,000 programmer's time to integrate FIDO security with a CRA's Web-based authentication platform, or $40k per CRA (the change is something our own programming team here would implement in a couple days and spend a couple weeks testing). The banks literally need a $6 USB cable at each teller to connect to a FIDO device.

With 94,725 bank branches and $6 USB cables at each of three teller stations, you're talking about $1,705,050 of cables. Each teller is sitting in front of a computer already, and they're using Web-based applications to navigate accounts these days. Add the $40k per CRA and you've got $1,825,050. That leaves $174,950, plus any bulk discounts the banks get on cables, to leverage additional programmer time for more QA on the back-end.

Do note that the CRAs aren't the only ones who need software changes: the banks need their online banking forms and other automated software to pass the FIDO challenge through to the client as well, or else the CRAs need an app that lets you authorize a hard credit check via FIDO over a side channel (a likely initial transition). Still, we can get there with just changes to the CRA software on their end, and with an opt-in transition period where you can but aren't required to force each CRA to deny any hard credit check that doesn't get a FIDO authentication from you (the CRAs must do so if requested).

Training for this takes about 15 minutes and, let's face it, we can fit that into the downtime the tellers have during the slow periods. We can make that zero cost.

Identity theft cost $16,000,000,000 in 2016, versus $2,000,000 of one-time bare-minimum infrastructure costs and $2,844,000,000 of one-time consumer-end costs. The devices themselves are rugged and can last over a decade (because of their duty cycle--plugged in only when in use--they should be able to last longer than you), but let's say four years. That's $711,000,000 per year: identity theft costs 22.5 times as much. If people didn't lose their physical security devices or drop them in the toilet more-frequently than an average once per ten years, it'd be $284,000,000 per year or 1/56 the cost of identity theft.

Note that these devices have practical use otherwise, as easy 2FA on your Google and Facebook accounts. They're a type of thing consumers might actually buy and use anyway (consumers DO actually buy and use them, just not on the scale I describe).

So, yeah, I am preparing an act of Congress to hit the House floor the moment I begin my term. I've just been having a slight amount of trouble getting contributions to my campaign, and am running entirely on my own time and money--I estimate I can fund maybe half what I need in the extreme, but only am going in about 1/4 (and it's accounted as a loan, so if my campaign is far over-funded I can withdraw what I've contributed from whatever contributions remain at the end--so if people give me a million dollars, in the end, they're helping pay for my house as well as my Congressional victory. I make no apology for this; the campaign comes first).

Well. I've been at this for a month, too, so there's that. It's not even election season.

They've been around since 1899 and this is the first major breach. A huge legacy company that went to Internet-based services, and this is their first major breach. That's pretty amazing.

You won't get perfect security. Everything that allows access into itself will get hacked.

The solution is to not do it that way.

Equifax gets hacked, but you have a hardware device which Equifax uses to identify you? That device doesn't share a secret, but instead accepts a challenge and returns a response signed using a non-revealed private key? Well, looks like the hacker got nothing they can use to positively identify themselves to you.

Hacker may have changed the public keys associated with your account? Okay, drop all public keys, tell all users they can't open new credit accounts until they walk into their bank and physically present identification so the bank can re-associate their hardware FIDO device to Equifax, TransUnion, and Experian.

Done. It'll get hacked to hell and it won't matter much. You have to hack the FIDO device, which has a much smaller attack surface, a narrow window of attack (only when it's plugged in), and is generally difficult to actually attack anyway. It's such a small amount of code you can actually make it provably-secure--you can make every interaction possible defined. Hacking or stealing the FIDO device gets you ONE person's key, and they can call in to their bank and have that canceled.

The likelihood of an actual attack is near-zero, and the severity is near-zero because your contingency is you call your bank and cancel your trusts with the CRAs and then everything except opening new credit accounts works until you walk into a bank and re-establish trust.

Well, that's part of my Congressional platform. It's a hell of a campaign: I'm going to stop identity theft, lower taxes, make Social Security permanently-solvent, and end poverty.

Federal compensatory time legislation and corresponding rules about accounting for outside-hours work are on my list of major issues. Salaried workers in this country work on average 47 hours, and get paid for only 40; it is time to deal with that.

I am also considering a 32-hour work week, although this one requires more careful planning and execution, if we are to execute it at all. It should be much easier after deploying Universal Social Security.

Federal compensatory time legislation and corresponding rules about accounting for outside-hours work are on my list of major issues. Salaried workers in this country work on average 47 hours, and get paid for only 40; it is time to deal with that.

I am also considering a 32-hour work week, although this one requires more careful planning and execution, if we are to execute it at all. It should be much easier after deploying Universal Social Security.

Federal compensatory time legislation and corresponding rules about accounting for outside-hours work are on my list of major issues. Salaried workers in this country work on average 47 hours, and get paid for only 40; it is time to deal with that.

I am also considering a 32-hour work week, although this one requires more careful planning and execution, if we are to execute it at all. It should be much easier after deploying Universal Social Security.

Federal compensatory time legislation and corresponding rules about accounting for outside-hours work are on my list of major issues. Salaried workers in this country work on average 47 hours, and get paid for only 40; it is time to deal with that.

I am also considering a 32-hour work week, although this one requires more careful planning and execution, if we are to execute it at all. It should be much easier after deploying Universal Social Security.

We set things like working hours by the Free Labor Standards act in the United States. We don't have a Federal compensatory time rule, so employers can work you for 60 hours if you're salaried and pay 40. On average, a salaried employee works 47 hours per week--about 1 extra unpaid day.

Federal compensatory time legislation and corresponding rules about accounting for outside-hours work are on my list of major issues. A 32-hour work week is on the table for consideration, although this one requires more careful planning and execution, if we are to execute it at all.

My wife and I go to bed at a reasonable time each night (10PM) and get up at 6AM, no need for an alarm clock. Yes, it takes discipline.

Some folks are fully-rested in three hours of sleep per night. Why aren't you?

We set things like working hours by the Free Labor Standards act in the United States. We don't have a Federal compensatory time rule, so employers can work you for 60 hours if you're salaried and pay 40. On average, a salaried employee works 47 hours per week--about 1 extra unpaid day.

Federal compensatory time legislation and corresponding rules about accounting for outside-hours work are on my list of major issues. A 32-hour work week is on the table for consideration, although this one requires more careful planning and execution, if we are to execute it at all.

My wife and I go to bed at a reasonable time each night (10PM) and get up at 6AM, no need for an alarm clock. Yes, it takes discipline.

Some folks are fully-rested in three hours of sleep per night. Why aren't you?

We set things like working hours by the Free Labor Standards act in the United States. We don't have a Federal compensatory time rule, so employers can work you for 60 hours if you're salaried and pay 40. On average, a salaried employee works 47 hours per week--about 1 extra unpaid day.

Federal compensatory time legislation and corresponding rules about accounting for outside-hours work are on my list of major issues. A 32-hour work week is on the table for consideration, although this one requires more careful planning and execution, if we are to execute it at all.

My wife and I go to bed at a reasonable time each night (10PM) and get up at 6AM, no need for an alarm clock. Yes, it takes discipline.

Some folks are fully-rested in three hours of sleep per night. Why aren't you?

Kurzweil's explanation is a logical problem because he essentially says, "Well, I don't know, but we'll think of something!"

You don't invent jobs. Humans create demand by consuming. Unless you eliminate 100% of all jobs involved in every component of the supply chain, the only outcome is humans become capable of buying more, humans buy more, and the demand for jobs increases.

New jobs come when people find ways to use fewer humans by using a new type of process requiring a new skill profile. We actually have researcher jobs that try to do this all the time--research isn't a new type of job.

Imagine that we invented AIs that matched the average human intellect.

For a machine to be able to reason like a human, it has to be able to reason about itself. People talk about robots being able to program, to solve complex social problems, and so forth; to achieve this in any meaningful respect, the machine has to be able to reason about itself, its being.

You are that machine. If we create an AI that can think on the level of a human, it will start thinking it deserves rights and wages and free time. Now you've just created metal immigrants.

we should consider serious alternatives such as UBI.

We should consider Universal Social Security.

A new deal?

We don't have enough time in any case. The next election cycle is next year.

I need more information on Net Neutrality. All I've been able to come up with is a jumbled mess about false choice: in theory, you just vote with your dollars and go to an ISP who doesn't throttle Netflix or whatever; in practice, Verizon and Comcast do it, and the other small players are either not carrying big enough pipes to make Netflix useful or not carrying enough customers to make Netflix profitable. Net Neutrality prevents the tyranny of false choice between capable suppliers who won't and willing suppliers who can't.

So far, I haven't been able to build a strong, defensible argument, though, so the best I've got is "Vote YES for Net Neutrality!" It's no good saying anything if I can't argue on it at-length.