We have very similar "levels" in the US, unsurprisingly.
The police may conduct a "voluntary interview" with a person. At this point, they do not need reasonable suspicion that anything has happened; think of it as a "friendly chat." The person being interviewed is under no obligation to talk with the police and may leave the interview at any time. If you are a suspect being questioned at this level, the proper response to all questions is simply "Am I being detained, or am I free to leave?"
If the police have reasonable suspicion (a very low bar) of a crime, they may conduct a "custodial interview." At this point, the suspect being questioned is being detained, and is not free to leave. At this point, the suspect should be informed of their constitutional rights (Miranda warning). If you are a suspect being questioned at this level, the proper response is, "I would like to speak with a lawyer before answering any questions"
If the police have probable cause (bar gets higher, but still pretty low), they may then place a person under arrest. Arrest here means formally charging a person with a crime, mugshots, fingerprints, etc. If you're considered a flight risk, you might go to jail until the court date.
Of course, to get a conviction, the police / prosecutors need to prove beyond reasonable doubt all elements of the crime. A primer on the "levels" of proof:
- Reasonable suspicion: Something bad may have happened, and you might be related to it (there's a broken car window, and you were nearby). - Probable cause: Something bad happened, and you probably are related to it (there's a recently-broken car window, and you were running) - Preponderance of the evidence: Something happened, and it's more likely than not that you did it (recently-broken car window of your ex, and you were running away from the car) - Clear and convincing evidence: Something happened, and it's pretty darn clear you did it (recently-broken car window of your ex, you sent a menacing text saying "watch out", and you were running from the scene) - Proof beyond reasonable doubt: Something happened, and there's no other reasonable explanation (same scenario, but there's a rock on the driver's side window with your fingerprints and an eyewitness that saw you do it) - Incontrovertible evidence / Proof beyond all doubt: Something happened, and there's no other explanation (same scenario, but you're the only other person on an island, there's well-lit HD video evidence from multiple angles showing the crime, and you confessed)
Let's assume for a moment that the furloughed employees don't get their back pay (dick move, but they are not necessarily entitled to back pay for work not performed). IIRC, only 350,000 are furloughed while the other 450,000 are working without pay. According to the FLSA, these are due liquidated damages (double pay) for a missed paycheck. So, let's run the numbers:
800,000 paid $2500/mo (say, $85/day). Shutdown now 21 days old, so we've saved ~$1.4B. But, the 450,000 still working need to be paid, so these people are collectively owed ~$1.6B.
By your math, every day the shutdown lasts costs the govt. ~$10M in salary and penalties alone. If you give the furloughed workers back pay, you're talking about losing ~$70M every day, just from salary expenses alone. Once you tack on the cleanup (both figuratively and literally), we've probably already spent the $5B on this shutdown. To double down and throw $5B more at a pet project is beyond the pale at this point.
You have a legal right to engage in lawful activities, that's close enougfhtht for me.
You also have a legal right to choose to NOT engage in lawful activities. In this case, employees of the lottery commission choose NOT to play the lottery, and in exchange, they get a paycheck from their employer. The immediate family also presumably benefits from this compensation and also waives their "legal right" to play the lottery.
It's simple: if you want to play the lottery, don't work for the lottery commission. There are very similar rules in most areas of legalized gambling; I know that Vegas also has rules about regulators gambling. As a regulator, you want to avoid even the appearance of impropriety.
Right now, one of the things that is trending, is groups of doctors that cover full range of the human anatomy are banding together and selling shares in health club type thing...you pay x annually and you're covered for most of your health needs.
Huh, that's a novel idea! I'm so glad that someone came up with a great way of making things work in the 21st century!
Since these "health club shares" are so exclusive, let's call the annual payment a "premium" because it's so awesome. Of course, we can't have someone who pays this "premium" going to the doctor too much, so we'll charge them a small amount every time they see the doctor. Let's call this a "cooperative payment".. no, that's too long... "co-payment" is much better! Now, of course, this group of doctors is going to need a name. Because we're trying to keep everyone in good health, instead of calling this a "health club" because that sounds too much like a gym, let's call this a "good-health-keeping club"... no too long again... "health maintenance club" is much better. But wait, this group of doctors is so large, it's not really a "club", more like an "organization".
You know what I just described? Freaking INSURANCE (specifically, an HMO)!! It's not new or novel! Now, here's what was happening pre-ACA:
OK, now that we have our "club", we don't want anybody to actually USE our doctors and make us pay more than we're collecting annually, so we won't let anyone in who has ever had a heart attack, stroke, cancer, or currently has diabetes (type I or II, don't care), is overweight, has high cholesterol, is over 55 or smokes. Now, to make sure that we don't pay too much, we're only going to provide $50,000/year of coverage, after that, you're on your own, and we won't pay for more than $250,000 over your lifetime. Oh, and although we're a comprehensive network for all of your health care needs, we won't cover you for having a baby, get depressed, or need most specialty care. Also, since only half of our subscribers are women, we aren't going to make everyone pay for those icky women's exams, so we won't pay for those either. Basically, you can see your family doctor (make sure to pay your co-payment up front, please!) and then it's on the streets for you!
Does that sound like an awesome way of going about things? Note that all of the above exclusions/limitations are REAL riders that I have PERSONALLY experiences with insurance pre-ACA.
I love how someone can take an old idea, repackage it and then "this will save all of our problems!!"
That sounds really complex, and potentially expensive as the number of devices scales. Also, fragile and difficult to maintain.
The easiest way is just use LUKS and a secure passphrase.
If you want to restrict knowledge of the passphrase to admins but allow users to reboot, that's a harder problem. However, If you have a TPM chip, you can use it to secure a random LUKS passphrase that unlocks only in a verified clean boot. You'll need trustedGRUB and tpm-luks, but it does secure against fairly sophisticated attacks. It even allows someone to have physical access to the machine WITHOUT having total access.
If you're concerned about the CIA/NSA/FBI/TLA coming into your space and performing a cold boot attack, this won't help, but then again, there are very few technological defenses against a determined nation state adversary.
If only there were a way to define a generic way to tell if two "things".... let's call them "objects".. relate to each other when doing sorting. Then, for each "object", you could compare it to another "object" and see if it is less than, greater than, or equal to the other.
I know, we can make a generic "function" of an "object", and call it.... "less". If you're in a sane language (sorry, Java), you could even use the "<" symbol to compare two "objects". Then, any sort algorithm can use this function to compare two "objects" and figure out where it should go in the list.
Then, we can put this algorithm in some sort of "library"... maybe a "standard library" in which sort algorithm developers can implement different sorting methods. Then the programmer uses this "standard library" to sort his/her list of "objects".
Apologies to anyone who's using C and actually DOES need to implement their own sort, but if you're using literally any language developed in the past 30 years, you have no business implementing your own sort function outside of a homework assignment. The only potential exception to this is if you are in fact a developer of sorting algorithms, and all 3 of them know who they are.
Not necessarily. Think about Edward Snowden, who had to pass through all kinds of security to get access to the data that he leaked. Would it have been easier for him to go to Initech and be their lead sysadmin, leaking all of their proprietary data? Certainly, but the perceived reward to him wasn't worth the risk of doing that. However, his perceived reward in leaking the NSA documents was so great that he undertook a concerted effort to undermine the many levels of security they had in place.
Note: I'm not advocating for/against Snowden. Just using him as an example that not every person goes for the lowest hanging fruit.
It's my understanding of current case law (IANAL) that a combination to a safe is considered "testimony," and thus protected under the 5th amendment. A safe key, on the other hand is not (this is why I specifically chose a combination). Of course, nothing prevents the police from going to the manufacturer for help in opening the safe, though nothing obligates the safe manufacturer to help.
On a related note, if your passphrase is "I totally killed those 3 guys on October 26, 2006", that's probably testimony that would (SHOULD) be protected under the 5th amendment.
Besides, nobody can FORCE anything from your mind ( https://xkcd.com/538/ notwithstanding). The worst they can do is throw you in jail until you comply (or they get bored). Worst case, they convict you for "obstruction of justice" or some similar nonsense. If you're facing a surefire Murder 1 conviction if you do reveal your key, there's simply not much incentive to help out; you'd have to weigh the value of the unencrypted data with the consequences of not revealing your key.
For historical examples, see the origins of "pressing for an answer": https://en.wikipedia.org/wiki/.... If you entered a plea, the trial could continue, and if convicted, they killed you AND took all your property (leaving your family destitute). If you never entered a plea, you simply died under the weights, but your family got to keep your estate. So, standing mute was a rational decision if you knew there was enough evidence to convict because the punishment for not entering a plea (death) was better than being convicted (death AND bankruptcy).
Absolutely. However, I don't believe that anyone is compelled to divulge the combination to a safe; rather law enforcement hires someone to forcibly open the safe. If they can't open the safe without destroying the contents inside, that's just too bad.
There's no reason to make smartphones that can't be searched... with a warrant.
You can absolutely search my encrypted smartphone with a warrant. How much information you'll get out of it without my key is debatable, but nobody gets to know my passwords (aka combination). If the police are able to crack the encryption, good for them. However, I'll continue to trust math to keep my secrets safe.
That type of encryption is for the government, not for joe six-pack.
The problem with that thinking is it leaves you open to spying from everyone, not just the government. Let's assume we allow some cryptosystem that has a back door / master key. To implement the system, you have to publish the specs which will be viewable to all (don't get me started on export control; it'll get out). Someone much smarter than you or I will realize the back door and exploit it to snoop on highly sensitive encrypted traffic... say online banking. Then joe six-pack gets a little pissed when he finds out that his bank account was raided and now he has no money. Oh, and since it was his password that was used to withdraw all that money, the bank won't be returning that money.
So, how does joe six-pack feel about broken encryption now?
That said, you could probably use a synchronized random number generator as the shared pad data.
No; a true OTP is NOT the same as pseudo-random OTP. For an illustration of this concept, let's assume that your adversary knows your algorithm for generating the pads but has no information about the shared secret between you and your partner. To make things easier on your opponent, let's assume that he knows that you plan to encrypt a 1GB plain-text ASCII file.
In the case of a true OTP, you and your partner must share 1GB of data securely. Because the pad is truly random, any 1GB ciphertext is equally likely, so your opponent must consider every combination of 1GB, meaning 2^(8e10) equally likely ciphertexts. This is basically secure for all eternity. Also complicating the matter is that for a given ciphertext, all plaintexts are equally likely. So, the opponent doesn't know if you said "Attack the beach at noon" or "Attack the beach at dawn" or "jcfpeb k,spq djte96bslg1Hw"
Now, in the case of a pseudo-random OTP, let's assume that the seed of your PRNG is 32 bits, so you only have to share a very small secret securely. However, there are now only 2^(32) possible ciphertexts that the opponent needs to check. This is a much more practical problem, and he can use some simple checks to see if the decrypted message "makes sense", and choose the most likely plaintext.
In reality, nobody uses a OTP because if you can securely communicate the length of the pad, you can just as easily communicate the entire message. What is used instead is public-key encryption where your partner can encrypt a message, but only you can decrypt it. Of course, this is a few orders of magnitude harder than symmetric encryption, which is why you'll typically use the public-key encryption to share a disposable secret key, which is then used to seed a symmetric encryption method (your pseudo-random OTP would be one of those). In reality, this is still pretty secure, as the key is typically in the range of 128+ bits, meaning a key space of 2^128 for a brute-force attack, which is still pretty infeasible. However, it is not completely 100% secure against any decryption as a One-Time pad is.
Proper multi-factor authentication is ALWAYS "something you have" and "something you know". The idea is that if someone steals the thing you know (i.e. password), then they have to also steal something you have (i.e. hardware token / smartcard / phone, you name it). The hope is that even if you don't notice that your password is compromised, you'll notice when you lose your phone. Similarly, if someone copies the smartcard you have, they still don't know the PIN to access your account.
The hack of fingerprint databases illustrates this. For example, someone with access to the hacked OPM databse can steal/copy your smartcard and can now impersonate you at will if you've relied on Smartcard + Fingerprints. Now, "something you have" could certainly be your fingerprint, but 2-factor auth is NOT "something you have" and "something else you have." Just like the bank's "security questions" are not two-factor auth, because they're "something you know" and "something else you know."
The only exception is if you're 15 years old and it's literally your first job, and in that case it's probably appropriate that the offer is for minimum wage.
So, if I'm 21 and graduating from college, I'm supposed to have enough saved to be able to turn down that first offer? I don't know about you, but I worked >50 hours / week in college (making between $10 - $20/hr at various jobs in early 2000's), and I barely kept the tuition bills paid. Granted, I basically had no debt coming out of college, which put me ahead of a lot of my peers, but I wasn't in any position to say no to a job offer and live on my luxurious (non-existent) savings.
Now that I'm ~15 years out, I do have the freedom to turn down job offers, but it's because I started out with no debt and have been able to save. For those starting off in the hole, saying "no" is a luxury they won't have for a LONG time.
Reminds me of warnings on grape juice concentrate sold during prohibition: "After dissolving the brick in a gallon of water, do not place the liquid in a jug away in the cupboard for twenty days, because then it would turn into wine."
Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"
Well, of COURSE I didn't resell the license - that would be silly! I sold a license, but I had to pay a royalty to my wholly-owned Irish subsidiary for selling the license. It's complete coincidence that the royalty rate is 99% of the gross sales on the licenses. Thus, you can only tax me on the 1% profit that I made on that license, and that's BEFORE I deduct anything else (I'm sure I can find 1% to expense somewhere else - furniture depreciation sounds like a good idea!).
It's kinda like capital gains tax. If I sell $100 worth of MS stock, I'm not taxed on $100. Rather, I'm taxed on the difference between what I paid for it and what I got for it. If I paid $90 for that stock, I only owe taxes on $10 of capital gains income. Things get really tricky when selling for a loss, but I don't want to complicate the matter.
I know it's an oversimplification, but that's essentially the tricks that they're using. When you remove all of the accounting mumbo jumbo, it reveals the tricks for what they are: dirty, slimy ways to avoid paying taxes. (That being said, all the tricks are legal, and if I could use the tricks, I would use them to the fullest extent allowed by law as well).
Actually, from my understanding of the loophole works this way:
MS sells a license to use Windows for $100 in Colorado. This is counted as US income. However, in the US, we don't tax revenue, we tax profit. This means that if MS had expenses of $100 for that particular license, then it would owe no US income tax on that sale. Conveniently, they have a wholly-owned subsidiary based in Ireland (but headquartered in the Cayman Islands) that is willing to sell that license for precisely $100. And just like that, no US corporate income tax for ANY license!
Granted, you now need a way to get out of the Irish income tax (which is lower than US income tax), and that's where the Dutch Sandwich comes into play. I know I'm oversimplifying things, but when you can set up new companies and transfer the "assets" for essentially the cost of a few lawyers and filing fees, avoiding taxes becomes pretty easy.
How can you have a standard like that if it doesn't dictate teaching methods? This is especially true for math where you don't just regurgitate the correct answer. The method is a part of the correct answer. For that you pretty much have to "dictate the teaching method".
Actually, math is probably the LAST subject where you want to "dictate the teaching method". There are over 10 ways to prove the Fundamental Theorem of Algebra; all of them are "correct" and give the answer. By dictating the teaching method, you are stating that all other proofs are incorrect, which is patently wrong.
It doesn't matter how you get 62 + 36 = 98. You can draw squares and lines, column addition, grouping by 5's, or counting on your fingers! All are valid ways of finding the answer. Some may be more efficient than others, which can impact your ability to get through all of the questions, but as long as you get the right answer, it doesn't matter how.
It's like saying "We have a programming problem, please use C to solve it". Any programmer worth his salt would walk away immediately. C may be the right approach, or the best approach could be Java, PHP, or even LISP. It's better to teach multiple methods of doing something simple, so that way when you get to something complex, you have the skills to solve it AND (more importantly) the skills to know what tool to use.
I've run into scenarios with both IBM and MS where I'm looking for a specific error code, and I get into this: Q: What is ERR:174027? A: That's EDONTKNOWWTF Q: What is EDONTKNOWWTF? A: That's ERR:174027 *Bashes head into wall*
Commercial software might have better documentation, but a lot of the help still comes from blogs of people having the same error, which IS NOT documentation!
but wouldn't the tricky/slimy answer be "let them search it, so then all of the evidence gets thrown out"?
No, because then you've consented to the search, and there's no restriction on what they can do. By remaining silent, you likely consented to a search. Alarmingly, by remaining silent, you can waive your right to remain silent (see Salinas v. Texas).
Another one of those rights that can use some excercise is the right to walk away from a police encounter. Just because a cop wants to talk to you doesn't mean that you have to talk to him. Granted, it's a good idea to not be a dick, as the cops can legally ruin your day. Be polite and direct without agreeing or admitting to anything is the best course of action.
Don't get physical/let them do as they please, then lawyer up."
I consider that bad advice, because it discourages people from exercising their right to defend themselves against unlawful arrest, a right that has been repeatedly verified and upheld in court.
Of course, as with any exercising any right, you do so at your own peril.
I think this piece of advice was more aimed about keeping you safe, not keeping you "right". If you start fighting with a cop because he's illegally searching your phone, you might end up catching a bullet. Since you were fighting with the cop, he thought his life was in danger, so the shooting could be "justified", even if the initial search was illegal.
You can be right, but if you're dead, it's really a pointless victory, isn't it? If the search is illegal, you can get it tossed in court (VERY easily), and then you can go after the police for damages. If you're dead, who cares?
Doing this in your head the traditional way would be hard.
Not really; the steps are (working from the right, of course): 1 < 8, so 1 becomes 11, 2 becomes 1, and 11 - 8 =3 1 (previously 2) < 4, so 1 becomes 11 and 3 becomes 2, 11 - 4 = 7 2 (previously 3) > 1, so 2 - 1 = 1
Answer: 173. Took me all of 10 seconds. I needed to remember at most 3 pieces of information at once (the fact that I borrowed plus what digits I had already solved). That's well under the 5 - 9 items that people can hold in short-term memory. With this method, I just need to know how to count to 20 really well, and if I'm really stuck, I can use my fingers + toes!. I use this method ALL THE TIME when tipping, to figure out "what tip to I need to make the bill X".
Granted, if I'm subtacting 10-digit numbers, the "traditional" method can get tough to do entirely in your head, which brings me to...
[T]his is the kind of math that makes people think they can't do it without assistance from paper or a calculator.
When was the last time you NEEDED to add/subtract a 3+ digit number and you didn't have a pen/paper or a calculator with you? I don't even have a smart phone, and I've got a calculator on my cell phone if things get really tricky.
But doing 52 + 21 is much easier, and doing 73 + 100 is also quite easy.
Where did 52 come from?? There's no 52 in the problem anywhere! And why are we adding 100?
The "traditional" method only looks at a single digit at a time, so you only need to know how to add 2 single digit numbers (and carry or borrow). With your method, you need to first know that 48 + X = 100, so X = 52. You're no longer doing arithmetic in your head, now you're doing algebra in your head!
And, frankly, even if the research isn't mistaken, but is later superseded by more advances, we should start thinking about how to attach references to those sorts of things too -- lawyers do it when drafting a statute that replaces a previous one, to avoid confusion. Scientists should figure out a mechanism to do the same.
If only there was a mechanism to refer to or cite previous work. I know... we can call them references, or citations! Awesome, I should publish a new paper telling everyone that they should use this system!!
1) bitcoin value goes up and down, so does everything else. Live with it or dont use it.
Not everything goes up and down at the rate of bitcoin. Over the past year, the exchange rate of a bitcoin has ranged from $36 to $1151. If we consider BTC the "currency" and a single USD the "commodities basket", that gives us a deflation rate of 96%! Even if you look at today's exchange rate of ~$650, it still gives us a deflation rate of 94.5%. Never in the history of the United States has deflation gone higher than 20%. Deflation is generally considered a very bad thing in economics, and it usually coincides with a major recession.
2) Storing your bitcoins on a server owned by someone else is like giving your cash to someone you dont know. Maybe it will still be there, maybe it wont.
I just gave my entire pay check to someone I don't know! I don't know the teller at my local bank! HOLY CRAP! I should run over there to make sure that my money is still there!!! Oh, right, that's what this whole FDIC thing is meant to prevent; I like the regulation of my bank. It means that I don't have to hoard my cash and hire an armed guard to protect it while I work.
As many have stated, BTC is an investment, and a speculative one at that. A currency, it is not.
Slashdot Mirror
We have very similar "levels" in the US, unsurprisingly.
The police may conduct a "voluntary interview" with a person. At this point, they do not need reasonable suspicion that anything has happened; think of it as a "friendly chat." The person being interviewed is under no obligation to talk with the police and may leave the interview at any time. If you are a suspect being questioned at this level, the proper response to all questions is simply "Am I being detained, or am I free to leave?"
If the police have reasonable suspicion (a very low bar) of a crime, they may conduct a "custodial interview." At this point, the suspect being questioned is being detained, and is not free to leave. At this point, the suspect should be informed of their constitutional rights (Miranda warning). If you are a suspect being questioned at this level, the proper response is, "I would like to speak with a lawyer before answering any questions"
If the police have probable cause (bar gets higher, but still pretty low), they may then place a person under arrest. Arrest here means formally charging a person with a crime, mugshots, fingerprints, etc. If you're considered a flight risk, you might go to jail until the court date.
Of course, to get a conviction, the police / prosecutors need to prove beyond reasonable doubt all elements of the crime. A primer on the "levels" of proof:
- Reasonable suspicion: Something bad may have happened, and you might be related to it (there's a broken car window, and you were nearby).
- Probable cause: Something bad happened, and you probably are related to it (there's a recently-broken car window, and you were running)
- Preponderance of the evidence: Something happened, and it's more likely than not that you did it (recently-broken car window of your ex, and you were running away from the car)
- Clear and convincing evidence: Something happened, and it's pretty darn clear you did it (recently-broken car window of your ex, you sent a menacing text saying "watch out", and you were running from the scene)
- Proof beyond reasonable doubt: Something happened, and there's no other reasonable explanation (same scenario, but there's a rock on the driver's side window with your fingerprints and an eyewitness that saw you do it)
- Incontrovertible evidence / Proof beyond all doubt: Something happened, and there's no other explanation (same scenario, but you're the only other person on an island, there's well-lit HD video evidence from multiple angles showing the crime, and you confessed)
Let's assume for a moment that the furloughed employees don't get their back pay (dick move, but they are not necessarily entitled to back pay for work not performed). IIRC, only 350,000 are furloughed while the other 450,000 are working without pay. According to the FLSA, these are due liquidated damages (double pay) for a missed paycheck. So, let's run the numbers:
800,000 paid $2500/mo (say, $85/day). Shutdown now 21 days old, so we've saved ~$1.4B.
But, the 450,000 still working need to be paid, so these people are collectively owed ~$1.6B.
By your math, every day the shutdown lasts costs the govt. ~$10M in salary and penalties alone. If you give the furloughed workers back pay, you're talking about losing ~$70M every day, just from salary expenses alone. Once you tack on the cleanup (both figuratively and literally), we've probably already spent the $5B on this shutdown. To double down and throw $5B more at a pet project is beyond the pale at this point.
You have a legal right to engage in lawful activities, that's close enougfhtht for me.
You also have a legal right to choose to NOT engage in lawful activities. In this case, employees of the lottery commission choose NOT to play the lottery, and in exchange, they get a paycheck from their employer. The immediate family also presumably benefits from this compensation and also waives their "legal right" to play the lottery.
It's simple: if you want to play the lottery, don't work for the lottery commission. There are very similar rules in most areas of legalized gambling; I know that Vegas also has rules about regulators gambling. As a regulator, you want to avoid even the appearance of impropriety.
Right now, one of the things that is trending, is groups of doctors that cover full range of the human anatomy are banding together and selling shares in health club type thing...you pay x annually and you're covered for most of your health needs.
Huh, that's a novel idea! I'm so glad that someone came up with a great way of making things work in the 21st century!
Since these "health club shares" are so exclusive, let's call the annual payment a "premium" because it's so awesome. Of course, we can't have someone who pays this "premium" going to the doctor too much, so we'll charge them a small amount every time they see the doctor. Let's call this a "cooperative payment" .. no, that's too long... "co-payment" is much better! Now, of course, this group of doctors is going to need a name. Because we're trying to keep everyone in good health, instead of calling this a "health club" because that sounds too much like a gym, let's call this a "good-health-keeping club"... no too long again... "health maintenance club" is much better. But wait, this group of doctors is so large, it's not really a "club", more like an "organization".
You know what I just described? Freaking INSURANCE (specifically, an HMO)!! It's not new or novel! Now, here's what was happening pre-ACA:
OK, now that we have our "club", we don't want anybody to actually USE our doctors and make us pay more than we're collecting annually, so we won't let anyone in who has ever had a heart attack, stroke, cancer, or currently has diabetes (type I or II, don't care), is overweight, has high cholesterol, is over 55 or smokes. Now, to make sure that we don't pay too much, we're only going to provide $50,000/year of coverage, after that, you're on your own, and we won't pay for more than $250,000 over your lifetime. Oh, and although we're a comprehensive network for all of your health care needs, we won't cover you for having a baby, get depressed, or need most specialty care. Also, since only half of our subscribers are women, we aren't going to make everyone pay for those icky women's exams, so we won't pay for those either. Basically, you can see your family doctor (make sure to pay your co-payment up front, please!) and then it's on the streets for you!
Does that sound like an awesome way of going about things? Note that all of the above exclusions/limitations are REAL riders that I have PERSONALLY experiences with insurance pre-ACA.
I love how someone can take an old idea, repackage it and then "this will save all of our problems!!"
That sounds really complex, and potentially expensive as the number of devices scales. Also, fragile and difficult to maintain.
The easiest way is just use LUKS and a secure passphrase.
If you want to restrict knowledge of the passphrase to admins but allow users to reboot, that's a harder problem. However, If you have a TPM chip, you can use it to secure a random LUKS passphrase that unlocks only in a verified clean boot. You'll need trustedGRUB and tpm-luks, but it does secure against fairly sophisticated attacks. It even allows someone to have physical access to the machine WITHOUT having total access.
If you're concerned about the CIA/NSA/FBI/TLA coming into your space and performing a cold boot attack, this won't help, but then again, there are very few technological defenses against a determined nation state adversary.
If only there were a way to define a generic way to tell if two "things".... let's call them "objects".. relate to each other when doing sorting. Then, for each "object", you could compare it to another "object" and see if it is less than, greater than, or equal to the other.
I know, we can make a generic "function" of an "object", and call it.... "less". If you're in a sane language (sorry, Java), you could even use the "<" symbol to compare two "objects". Then, any sort algorithm can use this function to compare two "objects" and figure out where it should go in the list.
Then, we can put this algorithm in some sort of "library"... maybe a "standard library" in which sort algorithm developers can implement different sorting methods. Then the programmer uses this "standard library" to sort his/her list of "objects".
Apologies to anyone who's using C and actually DOES need to implement their own sort, but if you're using literally any language developed in the past 30 years, you have no business implementing your own sort function outside of a homework assignment. The only potential exception to this is if you are in fact a developer of sorting algorithms, and all 3 of them know who they are.
I speak from experience... Even with the breaker off, a capacitor can still deliver a nasty electric shock.
For fun, disassemble a disposable camera with the battery out. Only getting its power from a removed AA battery, the process can be.... electrifying.
Not necessarily. Think about Edward Snowden, who had to pass through all kinds of security to get access to the data that he leaked. Would it have been easier for him to go to Initech and be their lead sysadmin, leaking all of their proprietary data? Certainly, but the perceived reward to him wasn't worth the risk of doing that. However, his perceived reward in leaking the NSA documents was so great that he undertook a concerted effort to undermine the many levels of security they had in place.
Note: I'm not advocating for/against Snowden. Just using him as an example that not every person goes for the lowest hanging fruit.
And of course GPS is nothing more than very accurate clocks in orbit. So you're still using a clock to get your longitude (4 of them, in fact!).
It's my understanding of current case law (IANAL) that a combination to a safe is considered "testimony," and thus protected under the 5th amendment. A safe key, on the other hand is not (this is why I specifically chose a combination). Of course, nothing prevents the police from going to the manufacturer for help in opening the safe, though nothing obligates the safe manufacturer to help.
On a related note, if your passphrase is "I totally killed those 3 guys on October 26, 2006", that's probably testimony that would (SHOULD) be protected under the 5th amendment.
Besides, nobody can FORCE anything from your mind ( https://xkcd.com/538/ notwithstanding). The worst they can do is throw you in jail until you comply (or they get bored). Worst case, they convict you for "obstruction of justice" or some similar nonsense. If you're facing a surefire Murder 1 conviction if you do reveal your key, there's simply not much incentive to help out; you'd have to weigh the value of the unencrypted data with the consequences of not revealing your key.
For historical examples, see the origins of "pressing for an answer": https://en.wikipedia.org/wiki/.... If you entered a plea, the trial could continue, and if convicted, they killed you AND took all your property (leaving your family destitute). If you never entered a plea, you simply died under the weights, but your family got to keep your estate. So, standing mute was a rational decision if you knew there was enough evidence to convict because the punishment for not entering a plea (death) was better than being convicted (death AND bankruptcy).
Safes can be opened ... with a warrant.
Absolutely. However, I don't believe that anyone is compelled to divulge the combination to a safe; rather law enforcement hires someone to forcibly open the safe. If they can't open the safe without destroying the contents inside, that's just too bad.
There's no reason to make smartphones that can't be searched ... with a warrant.
You can absolutely search my encrypted smartphone with a warrant. How much information you'll get out of it without my key is debatable, but nobody gets to know my passwords (aka combination). If the police are able to crack the encryption, good for them. However, I'll continue to trust math to keep my secrets safe.
That type of encryption is for the government, not for joe six-pack.
The problem with that thinking is it leaves you open to spying from everyone, not just the government. Let's assume we allow some cryptosystem that has a back door / master key. To implement the system, you have to publish the specs which will be viewable to all (don't get me started on export control; it'll get out). Someone much smarter than you or I will realize the back door and exploit it to snoop on highly sensitive encrypted traffic... say online banking. Then joe six-pack gets a little pissed when he finds out that his bank account was raided and now he has no money. Oh, and since it was his password that was used to withdraw all that money, the bank won't be returning that money.
So, how does joe six-pack feel about broken encryption now?
That said, you could probably use a synchronized random number generator as the shared pad data.
No; a true OTP is NOT the same as pseudo-random OTP. For an illustration of this concept, let's assume that your adversary knows your algorithm for generating the pads but has no information about the shared secret between you and your partner. To make things easier on your opponent, let's assume that he knows that you plan to encrypt a 1GB plain-text ASCII file.
In the case of a true OTP, you and your partner must share 1GB of data securely. Because the pad is truly random, any 1GB ciphertext is equally likely, so your opponent must consider every combination of 1GB, meaning 2^(8e10) equally likely ciphertexts. This is basically secure for all eternity. Also complicating the matter is that for a given ciphertext, all plaintexts are equally likely. So, the opponent doesn't know if you said "Attack the beach at noon" or "Attack the beach at dawn" or "jcfpeb k,spq djte96bslg1Hw"
Now, in the case of a pseudo-random OTP, let's assume that the seed of your PRNG is 32 bits, so you only have to share a very small secret securely. However, there are now only 2^(32) possible ciphertexts that the opponent needs to check. This is a much more practical problem, and he can use some simple checks to see if the decrypted message "makes sense", and choose the most likely plaintext.
In reality, nobody uses a OTP because if you can securely communicate the length of the pad, you can just as easily communicate the entire message. What is used instead is public-key encryption where your partner can encrypt a message, but only you can decrypt it. Of course, this is a few orders of magnitude harder than symmetric encryption, which is why you'll typically use the public-key encryption to share a disposable secret key, which is then used to seed a symmetric encryption method (your pseudo-random OTP would be one of those). In reality, this is still pretty secure, as the key is typically in the range of 128+ bits, meaning a key space of 2^128 for a brute-force attack, which is still pretty infeasible. However, it is not completely 100% secure against any decryption as a One-Time pad is.
NO! A million times no!
Proper multi-factor authentication is ALWAYS "something you have" and "something you know". The idea is that if someone steals the thing you know (i.e. password), then they have to also steal something you have (i.e. hardware token / smartcard / phone, you name it). The hope is that even if you don't notice that your password is compromised, you'll notice when you lose your phone. Similarly, if someone copies the smartcard you have, they still don't know the PIN to access your account.
The hack of fingerprint databases illustrates this. For example, someone with access to the hacked OPM databse can steal/copy your smartcard and can now impersonate you at will if you've relied on Smartcard + Fingerprints. Now, "something you have" could certainly be your fingerprint, but 2-factor auth is NOT "something you have" and "something else you have." Just like the bank's "security questions" are not two-factor auth, because they're "something you know" and "something else you know."
The only exception is if you're 15 years old and it's literally your first job, and in that case it's probably appropriate that the offer is for minimum wage.
So, if I'm 21 and graduating from college, I'm supposed to have enough saved to be able to turn down that first offer? I don't know about you, but I worked >50 hours / week in college (making between $10 - $20/hr at various jobs in early 2000's), and I barely kept the tuition bills paid. Granted, I basically had no debt coming out of college, which put me ahead of a lot of my peers, but I wasn't in any position to say no to a job offer and live on my luxurious (non-existent) savings.
Now that I'm ~15 years out, I do have the freedom to turn down job offers, but it's because I started out with no debt and have been able to save. For those starting off in the hole, saying "no" is a luxury they won't have for a LONG time.
Reminds me of warnings on grape juice concentrate sold during prohibition: "After dissolving the brick in a gallon of water, do not place the liquid in a jug away in the cupboard for twenty days, because then it would turn into wine."
Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"
Well, of COURSE I didn't resell the license - that would be silly! I sold a license, but I had to pay a royalty to my wholly-owned Irish subsidiary for selling the license. It's complete coincidence that the royalty rate is 99% of the gross sales on the licenses. Thus, you can only tax me on the 1% profit that I made on that license, and that's BEFORE I deduct anything else (I'm sure I can find 1% to expense somewhere else - furniture depreciation sounds like a good idea!).
It's kinda like capital gains tax. If I sell $100 worth of MS stock, I'm not taxed on $100. Rather, I'm taxed on the difference between what I paid for it and what I got for it. If I paid $90 for that stock, I only owe taxes on $10 of capital gains income. Things get really tricky when selling for a loss, but I don't want to complicate the matter.
I know it's an oversimplification, but that's essentially the tricks that they're using. When you remove all of the accounting mumbo jumbo, it reveals the tricks for what they are: dirty, slimy ways to avoid paying taxes. (That being said, all the tricks are legal, and if I could use the tricks, I would use them to the fullest extent allowed by law as well).
Actually, from my understanding of the loophole works this way:
MS sells a license to use Windows for $100 in Colorado. This is counted as US income. However, in the US, we don't tax revenue, we tax profit. This means that if MS had expenses of $100 for that particular license, then it would owe no US income tax on that sale. Conveniently, they have a wholly-owned subsidiary based in Ireland (but headquartered in the Cayman Islands) that is willing to sell that license for precisely $100. And just like that, no US corporate income tax for ANY license!
Granted, you now need a way to get out of the Irish income tax (which is lower than US income tax), and that's where the Dutch Sandwich comes into play. I know I'm oversimplifying things, but when you can set up new companies and transfer the "assets" for essentially the cost of a few lawyers and filing fees, avoiding taxes becomes pretty easy.
How can you have a standard like that if it doesn't dictate teaching methods? This is especially true for math where you don't just regurgitate the correct answer. The method is a part of the correct answer. For that you pretty much have to "dictate the teaching method".
Actually, math is probably the LAST subject where you want to "dictate the teaching method". There are over 10 ways to prove the Fundamental Theorem of Algebra; all of them are "correct" and give the answer. By dictating the teaching method, you are stating that all other proofs are incorrect, which is patently wrong.
It doesn't matter how you get 62 + 36 = 98. You can draw squares and lines, column addition, grouping by 5's, or counting on your fingers! All are valid ways of finding the answer. Some may be more efficient than others, which can impact your ability to get through all of the questions, but as long as you get the right answer, it doesn't matter how.
It's like saying "We have a programming problem, please use C to solve it". Any programmer worth his salt would walk away immediately. C may be the right approach, or the best approach could be Java, PHP, or even LISP. It's better to teach multiple methods of doing something simple, so that way when you get to something complex, you have the skills to solve it AND (more importantly) the skills to know what tool to use.
Have you ever USED IBM, Oracle or MS software?
I've run into scenarios with both IBM and MS where I'm looking for a specific error code, and I get into this:
Q: What is ERR:174027?
A: That's EDONTKNOWWTF
Q: What is EDONTKNOWWTF?
A: That's ERR:174027
*Bashes head into wall*
Commercial software might have better documentation, but a lot of the help still comes from blogs of people having the same error, which IS NOT documentation!
I didn't RTFA
Clearly
but wouldn't the tricky/slimy answer be "let them search it, so then all of the evidence gets thrown out"?
No, because then you've consented to the search, and there's no restriction on what they can do. By remaining silent, you likely consented to a search. Alarmingly, by remaining silent, you can waive your right to remain silent (see Salinas v. Texas).
Actually, no.
"Am I being detained, or am I free to go?"
Another one of those rights that can use some excercise is the right to walk away from a police encounter. Just because a cop wants to talk to you doesn't mean that you have to talk to him. Granted, it's a good idea to not be a dick, as the cops can legally ruin your day. Be polite and direct without agreeing or admitting to anything is the best course of action.
Don't get physical/let them do as they please, then lawyer up."
I consider that bad advice, because it discourages people from exercising their right to defend themselves against unlawful arrest, a right that has been repeatedly verified and upheld in court.
Of course, as with any exercising any right, you do so at your own peril.
I think this piece of advice was more aimed about keeping you safe, not keeping you "right". If you start fighting with a cop because he's illegally searching your phone, you might end up catching a bullet. Since you were fighting with the cop, he thought his life was in danger, so the shooting could be "justified", even if the initial search was illegal.
You can be right, but if you're dead, it's really a pointless victory, isn't it? If the search is illegal, you can get it tossed in court (VERY easily), and then you can go after the police for damages. If you're dead, who cares?
Take a better example, like:
321
- 148.
Doing this in your head the traditional way would be hard.
Not really; the steps are (working from the right, of course):
1 < 8, so 1 becomes 11, 2 becomes 1, and 11 - 8 =3
1 (previously 2) < 4, so 1 becomes 11 and 3 becomes 2, 11 - 4 = 7
2 (previously 3) > 1, so 2 - 1 = 1
Answer: 173. Took me all of 10 seconds. I needed to remember at most 3 pieces of information at once (the fact that I borrowed plus what digits I had already solved). That's well under the 5 - 9 items that people can hold in short-term memory. With this method, I just need to know how to count to 20 really well, and if I'm really stuck, I can use my fingers + toes!. I use this method ALL THE TIME when tipping, to figure out "what tip to I need to make the bill X".
Granted, if I'm subtacting 10-digit numbers, the "traditional" method can get tough to do entirely in your head, which brings me to...
[T]his is the kind of math that makes people think they can't do it without assistance from paper or a calculator.
When was the last time you NEEDED to add/subtract a 3+ digit number and you didn't have a pen/paper or a calculator with you? I don't even have a smart phone, and I've got a calculator on my cell phone if things get really tricky.
But doing 52 + 21 is much easier, and doing 73 + 100 is also quite easy.
Where did 52 come from?? There's no 52 in the problem anywhere! And why are we adding 100?
The "traditional" method only looks at a single digit at a time, so you only need to know how to add 2 single digit numbers (and carry or borrow). With your method, you need to first know that 48 + X = 100, so X = 52. You're no longer doing arithmetic in your head, now you're doing algebra in your head!
And, frankly, even if the research isn't mistaken, but is later superseded by more advances, we should start thinking about how to attach references to those sorts of things too -- lawyers do it when drafting a statute that replaces a previous one, to avoid confusion. Scientists should figure out a mechanism to do the same.
If only there was a mechanism to refer to or cite previous work. I know... we can call them references, or citations! Awesome, I should publish a new paper telling everyone that they should use this system!!
1) bitcoin value goes up and down, so does everything else. Live with it or dont use it.
Not everything goes up and down at the rate of bitcoin. Over the past year, the exchange rate of a bitcoin has ranged from $36 to $1151. If we consider BTC the "currency" and a single USD the "commodities basket", that gives us a deflation rate of 96%! Even if you look at today's exchange rate of ~$650, it still gives us a deflation rate of 94.5%. Never in the history of the United States has deflation gone higher than 20%. Deflation is generally considered a very bad thing in economics, and it usually coincides with a major recession.
2) Storing your bitcoins on a server owned by someone else is like giving your cash to someone you dont know. Maybe it will still be there, maybe it wont.
I just gave my entire pay check to someone I don't know! I don't know the teller at my local bank! HOLY CRAP! I should run over there to make sure that my money is still there!!! Oh, right, that's what this whole FDIC thing is meant to prevent; I like the regulation of my bank. It means that I don't have to hoard my cash and hire an armed guard to protect it while I work.
As many have stated, BTC is an investment, and a speculative one at that. A currency, it is not.