Keeping votes secret while counting them in voting machines has been compared to providing secure DRM to publishers. Given any kind of determined attack it's almost impossible to secure. I don't think block-chain is going to help much with that.
Of course all of this is in a theoretical framework where machine manufacturers are probably open source, competent and actually care if their machines are secure. Realistically most of these guys would just put the block-chain in to look secure and then back door everything.
> "why enabling internet access to something like this?", precisely because of understanding that an internet connection makes any system vulnerable.
We were all basically told by every security expert anywhere not to use voting machines (and if we did to print the votes on paper). On top of this that all the vendors actually chosen to produce voting machines very much sucked at security and didn't care about it. Why would you be surprised after the bureaucrats went ahead and used those voting machines that they'd also hook them up to the internet?
If *your* wife had at most 2 months to live, seriously, would YOU be working? (okay, husband whatever)
He obviously felt he really needed the work, especially the benefits. Why would he risk his chances of getting the job by complaining about extra off-hours work during the interview process? Why would he share any of this with the writer of the article when it doesn't fit with his agenda? (brand new lawsuit pending)
From TFA:
the woman didn’t entertain temporary alternative arrangements, such as working from home if needed. She simply insisted he needed to be available at the office 24/7.
His words.
Typically even a soul-sucking HR drone isn't going to "insist on 24/7 availability" if it's not in the job requirements. These people follow a script, and if it wasn't in the script she wouldn't have been asking for it.
Do you really think the distinction between a cryptographer and a cryptanalyst is going to survive from actual job requirements though to the publication of this article? Besides, isn't an applications heavy firm going to put some crypt-analytic duties on any actual cryptographers they do have?
I mean, they're not inventing the next Twofish, AES, or elleptical encryption scheme, they're just implementing and adapting existing technology for the most part.
"available 24/7" doesn't mean awake all the time, it means being near a phone (more likely beeper etc) for when the important call does come in.
and 24/7 on call hours as a requirement is a bit of a red flag. Any team environment should be able to "hand the beeper off" so you don't wind up doing much more than 50% on call hours.
Although, having urgent family issues that could call you away at any moment pretty much precludes you from any on call duty at all.
If you legitimately had available PTO (Paid Time Off) and they didn't let you use it under those circumstances... That's really messed up, you would probably own them in court. In fact, even without PTO, that's against the Family Leave Act.
Surely if you were recruiting for a job which requires someone to be physically available after hours (or travel away from home half the month, or whatever) this would be discussed at the interview, and put in the job contract?
Heck, even with root, are you sure you can trust the manufacturers enough not to be keeping something and sharing it with "the authorities". SIM cards, SOC, hidden hardware functionality. Do we really know what those devices are/aren't doing below the OS level?
> Bluerays are still quality superior to streaming,
What are you talking about? The guy at Best Buy who wanted to sell me a 4k TV, since that's all they had anymore, said "internet streaming" was a good source of 4k video. (I get the feeling they didn't have many "ultra" blue-rays yet...)
I almost laughed at the thought of who could be that selfish with their bandwidth... Then got a little scared inside.
> I was more referring to exporting to the European market and the post-Brexit British market,
Ya, um. Considering both sides of the Atlantic have been ping-ponging the extensions back and forth every 20 or so years to keep Steam Boat Willie in chains. I really don't think that's as big a problem as it sounds assuming we're careful to abide by the letter of the treaties *except* where they are copyright foo-barred.
As to the fifth amendment. We just need to legally establish that copyrighted content is not private property, being a publicly granted government monopoly with limited purposes in the first place. Of course, this is very different than trade secret property or any other private / secret data individuals have right and ownership to. Or, 1) repeal all retroactive term extensions, they were illegal in the first place. 2) Only apply the new "60-year" law (should be 20) only to works created from this day forward. 3) There'll be some middle-works with insanely long term-lengths, oh-well.
That's 1 / 2 the North American problem. The other half is stop using fossil fuel burning vehicles. (bikes, post-grid-update electrics, stay at home, maybe hydrogen)
Of course, my boss claims solar based on mirrors (not the chemically polluting photovoltaics) can displace nuclear in places where hydro isn't feasible. But I say build out the nukes first then worry about something better. We know fossil fuels are going to end us, I'd rather lose a couple cities every 200 years than the entire human race.
Yeah, it's a great time to break out new cryptographic technology to a giant slow-moving market. It's not like there's anything on the horizon that could cause a problem.
We run general purpose computers. Can't we trust our own operating systems enough to think they might store a couple bits of secretish data? If not, what good is any encryption since the attackers get every session key anyway? (not to mention the keylogger with the raw password and the memory debugger that sees every block encrypted and decrypted)
The only thing a dongle provides is certainty that another computer can't impersonate a fully compromised device without the dongle. Of course, dongle-failure could very well lock you out of your own services. (and with a back-door in place, session hijacking is very possible)
Many sites, like gmail for example, require "registering" each new device via phone IM or pre-shared key. This happens after password success. Secret keys are then created and stored as securely as the device is maintained. Only if the device is deeply compromised will they be stolen.
If we create a landscape where 90% of computers AREN'T compromised thoroughly this really isn't that horrible. Throw in a bit of geo-location and email warnings about every interesting event (password change, new device registration, stale device login, Computer moved to Ukraine) and really things aren't all that bleak especially for services used every day or even once a week.
Then of course, there's cracking down on IP's and ISP's generating compromising packets, but that's a whole other subject. See: 18 U.S. Code 2701 - Unlawful access to stored communications
Have their ISP shut down the IP connecting them to the internet. Once the infected broken device is removed, their NATed sub-network can have internet again.
Easy password resets are a bigger problem than never changing passwords. Nothing worse than getting my account compromised because someone ELSE changed the password.
Slashdot Mirror
Keeping votes secret while counting them in voting machines has been compared to providing secure DRM to publishers. Given any kind of determined attack it's almost impossible to secure. I don't think block-chain is going to help much with that.
Of course all of this is in a theoretical framework where machine manufacturers are probably open source, competent and actually care if their machines are secure. Realistically most of these guys would just put the block-chain in to look secure and then back door everything.
> "why enabling internet access to something like this?", precisely because of understanding that an internet connection makes any system vulnerable.
We were all basically told by every security expert anywhere not to use voting machines (and if we did to print the votes on paper). On top of this that all the vendors actually chosen to produce voting machines very much sucked at security and didn't care about it. Why would you be surprised after the bureaucrats went ahead and used those voting machines that they'd also hook them up to the internet?
> So you think we should just ignore all of the massive amount of evidence from a dizzying array of sources,
Ya we should. Just like we ignored the research of a dizzying number of security experts who said voting with computers is stupid. (not was, is)
Flash was a security nightmare that's a given. It deserved to die and we're better off without it.
But c'mon. secure smartphones? They're even worse.
If *your* wife had at most 2 months to live, seriously, would YOU be working? (okay, husband whatever)
He obviously felt he really needed the work, especially the benefits. Why would he risk his chances of getting the job by complaining about extra off-hours work during the interview process? Why would he share any of this with the writer of the article when it doesn't fit with his agenda? (brand new lawsuit pending)
From TFA:
the woman didn’t entertain temporary alternative arrangements, such as working from home if needed. She simply insisted he needed to be available at the office 24/7.
His words.
Typically even a soul-sucking HR drone isn't going to "insist on 24/7 availability" if it's not in the job requirements. These people follow a script, and if it wasn't in the script she wouldn't have been asking for it.
Do you really think the distinction between a cryptographer and a cryptanalyst is going to survive from actual job requirements though to the publication of this article? Besides, isn't an applications heavy firm going to put some crypt-analytic duties on any actual cryptographers they do have?
I mean, they're not inventing the next Twofish, AES, or elleptical encryption scheme, they're just implementing and adapting existing technology for the most part.
"available 24/7" doesn't mean awake all the time, it means being near a phone (more likely beeper etc) for when the important call does come in.
and 24/7 on call hours as a requirement is a bit of a red flag. Any team environment should be able to "hand the beeper off" so you don't wind up doing much more than 50% on call hours.
Although, having urgent family issues that could call you away at any moment pretty much precludes you from any on call duty at all.
If you legitimately had available PTO (Paid Time Off) and they didn't let you use it under those circumstances... That's really messed up, you would probably own them in court. In fact, even without PTO, that's against the Family Leave Act.
Surely if you were recruiting for a job which requires someone to be physically available after hours (or travel away from home half the month, or whatever) this would be discussed at the interview, and put in the job contract?
What makes you think it wasn't?
Ya, cause windows on windows is such a great idea for core applications.
Try installing that "64-bit" version. Pretty sure devenv.exe is still going in "Program Files(x86)".
See: https://docs.microsoft.com/en-...
About **still** using msvsmon.exe to debug 64-bit in 32-bit VS...
This ^^
Heck, even with root, are you sure you can trust the manufacturers enough not to be keeping something and sharing it with "the authorities". SIM cards, SOC, hidden hardware functionality. Do we really know what those devices are/aren't doing below the OS level?
> Bluerays are still quality superior to streaming,
What are you talking about? The guy at Best Buy who wanted to sell me a 4k TV, since that's all they had anymore, said "internet streaming" was a good source of 4k video. (I get the feeling they didn't have many "ultra" blue-rays yet...)
I almost laughed at the thought of who could be that selfish with their bandwidth... Then got a little scared inside.
> I was more referring to exporting to the European market and the post-Brexit British market,
Ya, um. Considering both sides of the Atlantic have been ping-ponging the extensions back and forth every 20 or so years to keep Steam Boat Willie in chains. I really don't think that's as big a problem as it sounds assuming we're careful to abide by the letter of the treaties *except* where they are copyright foo-barred.
As to the fifth amendment. We just need to legally establish that copyrighted content is not private property, being a publicly granted government monopoly with limited purposes in the first place. Of course, this is very different than trade secret property or any other private / secret data individuals have right and ownership to. Or, 1) repeal all retroactive term extensions, they were illegal in the first place. 2) Only apply the new "60-year" law (should be 20) only to works created from this day forward. 3) There'll be some middle-works with insanely long term-lengths, oh-well.
That's 1 / 2 the North American problem. The other half is stop using fossil fuel burning vehicles. (bikes, post-grid-update electrics, stay at home, maybe hydrogen)
Of course, my boss claims solar based on mirrors (not the chemically polluting photovoltaics) can displace nuclear in places where hydro isn't feasible. But I say build out the nukes first then worry about something better. We know fossil fuels are going to end us, I'd rather lose a couple cities every 200 years than the entire human race.
Yeah, it's a great time to break out new cryptographic technology to a giant slow-moving market. It's not like there's anything on the horizon that could cause a problem.
We run general purpose computers. Can't we trust our own operating systems enough to think they might store a couple bits of secretish data? If not, what good is any encryption since the attackers get every session key anyway? (not to mention the keylogger with the raw password and the memory debugger that sees every block encrypted and decrypted)
The only thing a dongle provides is certainty that another computer can't impersonate a fully compromised device without the dongle. Of course, dongle-failure could very well lock you out of your own services. (and with a back-door in place, session hijacking is very possible)
Many sites, like gmail for example, require "registering" each new device via phone IM or pre-shared key. This happens after password success. Secret keys are then created and stored as securely as the device is maintained. Only if the device is deeply compromised will they be stolen.
If we create a landscape where 90% of computers AREN'T compromised thoroughly this really isn't that horrible. Throw in a bit of geo-location and email warnings about every interesting event (password change, new device registration, stale device login, Computer moved to Ukraine) and really things aren't all that bleak especially for services used every day or even once a week.
Then of course, there's cracking down on IP's and ISP's generating compromising packets, but that's a whole other subject.
See: 18 U.S. Code 2701 - Unlawful access to stored communications
Have their ISP shut down the IP connecting them to the internet. Once the infected broken device is removed, their NATed sub-network can have internet again.
You can't use a system without "testing" it in some way.
Purposely taking control of a computer system above your sanction is breaking the law.
These are OK:
Oops my keyboard slipped and I accidentally typed: John Smith'
Oops my name is: O'Riley
Not OK:
Robert'); DROP TABLE Students; --
Crime is a waste, it produces no goods or resources.
A link isn't "instructions". It's just the address of where to find something.
What you're saying is like prosecuting me for prostitution if I tell you there's a brothel at 411 B street.
In 2086, copyright will be lifetime + 140 years (or 160 years for works for hire). Steamboat Willie can never enter the public domain after all...
Easy password resets are a bigger problem than never changing passwords. Nothing worse than getting my account compromised because someone ELSE changed the password.
Society (aka "the market"), not government, controls what businesses can exist.
If a business is messed up enough, people will eventually vote with their feet.
Wouldn't you have a lot more control over the Carnot cycle at a power plant? (run hotter, cool, cooler)