For example, scaling the network up to 2000 transactions per second would result in a Bitcoin node downloading about 1 MB per second. No big deal, until you realize that means each node will need about 2.6 TB of bandwidth each month, and that's just to handle the needs of 10% of the population of the United States, assuming 5 transactions per person per day.
As pointed out by another poster, 2.6 TB of transfer quota per month is trivial even by today's standards: anyone can afford that. And should Bitcoin ever scale to those levels it won't be relying on today's resources, it'll be relying on tomorrow's. So your own example falls apart almost immediately.
Also, rather than just guessing what the US population "needs" why not take a look at existing networks? 2000tps is about a fifth of VISA traffic for the whole world. Of course not every transaction goes via VISA, but it should indicate to you that maybe your numbers are once again a bit sketchy.
You can read an article I wrote a long time ago here: http://en.bitcoin.it/wiki/Scalability. It goes over the various ways the system scales up. Performance is unintuitive, there's no substitute for just working it out on the back of an envelope. Bear in mind we live in a world where single websites can generate a large fraction of total internet traffic and not go bankrupt.
What you call "out of circulation" could also just as well be called "savings". By forcing savings to be spent via taxes on them, all you actually do is artificially move spending that would have happened in future into the present day.
This is terrible outcome for two reasons. One is that it results in huge liabilities for future spending - we can see this in the various insolvent pension schemes that are looming on the horizon (e.g. CALPERS which will never catch up to where it needs to be by now).
The second is that the so-called "growth" in the economy that results is in reality merely some arbitrary economic activity: the fact that it took place can be measured, hence growth, but whether it was actually useful or increased societies wealth is harder to measure and often explicitly ignored. If by taxing savings you force people to instead put their money into a housing bubble, that then triggers a construction boom, this appears to central bankers/planners to be successful economic growth whereas in reality it's merely a gross misallocation of resources towards investments that wouldn't normally make any kind of economic sense.
You can't have a printing press controlled by humans and not have it be ultimately end up abused for political purposes. Central bankers are not somehow magically immune from bad decision making just because they're unelected and unaccountable: they are explicitly given their mission by politicians and their mission is economic growth at any cost, even if it means sacrificing long term stability for short term gain: exactly the same thing as the politicians mission.
We can easily see this in recent times, with central banks desperately trying to jack their economies via free money in order to try and solve political problems, like recessions or possible Eurozone breakups. Does this really make long term sense? No - running the printing presses at full speed in order to make something, anything, happen is not a sensible economic policy. Nor is doing so to bail out profligate and badly managed countries to achieve the entirely emotional and political goal of keeping them inside the Eurozone. And indeed Draghi resisted the latter for a long time, but eventually the public pressure being heaped on him daily ("Draghi will destroy the euro" etc) got too much and he caved.
This is why Bitcoin has the most sensible economic policy of all. Long term, it's meant to have no inflation and no deflation. It's meant to provide a stable monetary base. And critically, it's independent of any individuals who will inevitably give into temptation to try and shape things through money creation.
Haha, yeah, anyone who can take on the US Government and win is by definition an expert in national security. By now he probably also read more documents on national security than even the most highly cleared guys. He had everything from the minutiae of NSA tech to reports written for the inspector general. Given the rampant lying that occurs inside the security state he's probably the only guy with any clarity on how things really work at all, especially because judging from previous behaviour around the Wikileaks incidents, a lot of the NSA/DoD guys will have refused to read any of the public reports in case they get "contaminated" by classified materials!
Lots already. Even if you ignore the Constitution, people running the NSA and general security state have been caught lying to Congress (a crime), lying to the kangeroo FISA court meant to be overseeing them (contempt of court), lying to regular courts about whether defendents were being informed about the origin of evidence against them (more contempt of court), violating FISA court orders (more contempt), and re-interpreting the PATRIOT Act in such a way that even the guy who wrote the damn thing was shocked - that's just normal law breaking: you aren't supposed to be able to "reinterpret" laws however you see fit.
But when you ask "is there a way to charge anyone with a crime", I think you already know that the answer is yes just because there are so many vaguely worded laws in the USA that basically anyone can be charged with some kind of crime. What matters is whether you actually ARE charged, and that's an entirely politically driven decision.
That's the situation in the USA. In the UK the laws are much worse and much vaguer, believe it or not, to the extent that there's basically no functioning oversight at all - the UK equivalent of FISA is not only not a court, it's actually staffed by anonymous people! There's no way to find out who even sits on it. And they have never ruled against the intelligence services even once: FISA Court has at least made a token effort to appear useful. RIPA, the law that is claimed to authorise such collection, is so vaguely worded as to be basically useless as a law - it would appear to authorise practically anything. And the Prime Minister, unlike Obama, has rejected the very notion that there might be a debate at all - simply asserting that if GCHQ does it, it must be by definition be OK.
So even though the situation in the USA is dire, it's actually not as bad as it could be.
And how many of those $50 tablets were approved by Google and run the Google apps suite? I thought the answer was "almost none of them".
The article gives no useful info - assuming any such dispute exists at all, it could be for any reason: seems like the blog is just assuming it must be the dual boot capability because that's what gets traffic. But if for some reason that was the issue, Asus or anyone else could ship devices running the regular open source Android, sans Gmail/Maps/Play Store, without having to deal with Google.
Such tools have been around for a long time in the Windows world. The reason is division of labour. One of the dirty secrets about malware that lots of people hate to hear is that vast quantities of it get in through people pirating software and movies (which demand special "codecs"). After all why bother finding zero day exploits when you can just bind your malware to a Photoshop crack and watch hundreds of thousands of people come to you?
The opportunity is so vast that the black market divided into different job categories. There were the spammers who would buy bots from bot bot herders. The herders would buy "installs" of their bots from installers. The installers would buy binders from binder developers, obtain cracked versions of popular programs, use the binders to join the bots with the apps and then upload them to torrent sites. The installers weren't programmers so binders needed point and click GUIs, but that's OK, the value add they provided was knowing how to get around the blocks the torrent sites tried (uselessly) to put in place to stop this, along with simple brute force of numbers.
Often binders would also be combined with tools called crypters, which do what you'd expect, they just polymorphically encrypt the newly bound crack+app. Crypter developers competed based on how "FUD" their product was (fully undetectable). When AV companies learned to spot their decryption stubs, they'd modify it a bit and release a new version.
I watched this market for a little while a few years ago which is how I know all this lingo. It appeared to be a large and thriving industry. All driven by the greed of pirates.
Er, it is implemented in the client! S/MIME has been implemented by all non-webmail clients for years. When used correctly it's more or less transparent: every email is signed (you get an smime.p7s attachment), and if you receive a signed mail and have S/MIME configured too, your client can/will automatically encrypt the response.
But there are reasons it's not widely used: in the consumer space, most people don't bother getting an email address cert (even though Comodo and StartSSL give them away for free, it takes 2 minutes). And in the corporate space, often you don't actually want employees using end to end encryption, because you need the ability to do things like have internal messaging archives that are searchable, you need the ability to do document discovery when you get sued, employees suck at key management and keep losing them, etc.
Encrypted asynchronous messaging is just a tremendously hard problem. Look at agl's Pond project to get a flavor for what doing it seriously takes.
The money sitting in the Caribbean wasn't earned in the USA anyway. It's sitting there waiting for either:
1) The USA to drop its stupid double taxation policies (the money was already taxed once, where it was earned, and most countries try to avoid double taxing in this situatoin). In that case the money could be reallocate to the USA and spent there, where it would of course eventually get taxed again in the process of being paid out as wages or buying things, but at least just moving it into the states wouldn't be a taxable event.
2) A use for it to crop up outside the USA.
Obviously there's nothing you can spend billions of dollars on in the Caribbean - that's just a holding area until the money finds somewhere to be more useful.
Interesting. I just checked: the Flash bundled with my Chrome is the older version (but it's sandboxed to some extent). So then I opened up Firefox and checked the plugin version, and discovered it was already at the newest patched version. I don't recall any update, so I guess the Flash Player plugin updated itself in the background without me noticing, and actually managed to do that faster than Chrome did. Impressive!
They won't let you renounce citizenship if the embassy official thinks you are doing it for tax reasons. Even if they don't think that, they charge a giant "exit tax" and can levy fines for previous non-filings (even if you were, e.g. born to a US parent but never actually lived there).
Basically US citizenship is a modern form of slavery. The scary thing, from my perspective as a non-US citizen, is that once FATCA infrastructure is in place, there's really nothing to stop them extending the list of criteria for people who are considered "US persons" for tax purposes. The US has vast debt and a crippled, dysfunctional politics that can't agree on tax rises or spending cuts. The obvious solution for them is to tax foreigners, which is exactly what FATCA is designed to achieve. However FATCA doesn't fully activate until 2017 according to the current schedule so there's time left yet.
More to the point, I'm struggling to get excited about this idea - the document is probably right that high speed car chases are extremely dangerous. The people in the article going "zomg what if it goes off accidentally in traffic" amaze me. What if it goes off accidentally? Er, the car glides to a halt. What if someone is in a high speed car chase? Better not be a pedestrian in the way....
I'm usually pretty concerned about erosions of civil liberties, but seriously, if you're being chased by the cops and you're a human rights activist - things already went so badly wrong that being able to outdrive the pursuers seems like the least of your problems.
The questions about whether it could be made secure are very real and important, for sure, but again.... if you're worried about hackers stopping cars, well, nothing stops some random asshat from dropping nails on a motorway either.
Pretty sure that those things are not problems to do with how these specific laws are written, they're fundamental flaws in the trial process and thus the judiciary itself. If such basic rules are being ignored then by definition you wouldn't know if an accused person was actually a traitorous spy or not, would you, because the system would be unable to come to any trustworthy conclusion.
Er, no. Go read a history of Google. The search engine came first and for several years they had no idea how to fund it at all. They sold search services to Yahoo and Netscape. They put their code in a box and tried to sell the Google Search Appliance. They did a bunch of other random things before they eventually tried out keyword based advertising. To say the search engine was a byproduct of a desire to serve ads just makes you look like an idiot who is making stuff up as you go along.
I'd love to believe that, but I think what did it is more like what the OP said - lots of apps could be bought off the shelf for not much money, that did everything interesting. I mean, I learned programming on a BBC Micro in the 80's, which was a great machine back then, but it was *handwave* 10x as expensive as the game-price-subsidised NES boxes and I couldn't write competitive or even interesting video games for it as a kid, because I didn't have enough skill. So not surprising that most people lost interest.
EMV offers no additional protection whatsoever in a card present scenario unless the customer is required to enter a PIN. Which as you know.. convenience blah blah, speed blah, reasons. And nobody will.
You realize that hundreds of millions of people around the world routinely type in PIN numbers for every transaction, right? I've typed in a PIN for every card payment I've made for years, as have all my friends and family. We're not dead yet. I fail to see why Americans are somehow unable to deal with this when everyone else can.
Anyway, you don't seem to understand how EMV rollouts work. People are not given a choice about PIN authentication. You do it, often into a portable device that is a bit like a specialised mobile phone but with a PIN pad, card slot, display and 3G connection that the waitress brought over to your table. The banks insist on it and so do the merchants. It takes about as much time as signing with a pen does.
Because most of these exploits being fixed are not remotely exploitable unless you deliberately download and run malicious Java code. If you write a JavaScript engine in Java, then you can't have use-after-free exploits in your JavaScript engine, to give an example of once recent Chrome vulnerability. You could have other ways bad JavaScript can escape the interpreter, but memory management or overflow errors won't be amongst them.
I'm hoping it's just ignorance of how EMV actually works that makes you say that. Some people are under the mistaken belief that EMV means account details are encrypted (yes their are private keys on it), or that EMV somehow protects your account details from being used to charge your account - and they're wrong on both counts.
You should read the EMV wiki page. When used with DDA cards, which modern cards all are, it protects against cloning of the card and thus protects card-present transactions. Yes, EMV cards still have magstripe data on them which can be stolen and used for online merchants where the card is not present, but there are other systems that are working on making online transactions more secure as well (like 3D-Secure). The combination of these things is an upgrade.
You're assuming it would have made any difference. Remember that these systems have to store the data whilst the transactions are in flight. No, the solution has been known for decades - it's EMV, and every Slashdot story on these card breaches contains exactly the same discussions about how the USA needs to upgrade. Seriously, the USA is more than 10 years behind by now. It doesn't just dick over Americans. The need to be able to travel to the USA means banks everywhere else still need to support stupid magstripe or chip'n'signature transactions. If the USA upgraded it'd become more easier to start aggressively targeting the remaining magstripe transactions with tougher risk analysis and that would cut card-present fraud everywhere.
No, you haven't understood what these vulnerabilities are about. They're all issues that affect you if you download and run malicious Java programs from the internet, which describes applets that are often disabled in the browser anyway. Not "any Java program that talks to the network is remotely exploitable". So if you aren't a malicious programmer then your code is still secure.
As I said above, I'm thinking of C++. You'll find a lot of C++ programs that use unsafe calls, but even if they are STL only, you can still easily do things like use after free and other bugs.
(Trouble is, so are many people who put "C++" on their resumes...)
No, I'm not. I'm quite fluent in C++ thanks and know how to use the STL. Yes, well written C++ is much better than your typical C app. Unfortunately, even codebases like WebKit that are worked on primarily by experienced, well paid engineers from places like Apple and Google routinely contain exploits in them that would have been avoided by the use of managed languages (not that I think WebKit should be written in Java).
The problem with Java is that the exploits are in Oracle's hands, not ours. We can't fix them even if we know what they are...
I think you missed the memo about Java going open source.
The other problem with Java is that if I install the runtime on my machine to run a little corporate desktop app it also ends up in the web browser, exposed to every single web page I visit. In what universe was that a good idea?
Not so long ago this was considered entirely unremarkable. Browser plugins were a very common and widely used idea, not just Java but Flash, QuickTime, ActiveX, Shockwave (aka Macromedia Director) and so on.
The cost of exposing surface area to malicious code was massively underestimated by practically the entire computing industry, for over a decade. Organized crime has repeatedly exploited that fact and now people are much more realistic about the difficulty of handling malicious code or data: the world learned the hard way that there are lots of ingenious ways to take control of a program that's handling malicious input, especially when those programs are written in unsafe languages!
You can get bad programmers in any language. That doesn't tell you much. The problem with C/C++ is that even extremely good programmers in these languages still write code that is exploitable from time to time. Things like over-engineering or memory bloat can be trained out of people. Some kinds of buffer overflows too. But if one class in your program is bloated and overly verbose, your app will still work. If one class in your C++ program incorrectly uses scanf or starts a thread with a pointer to something on the stack, that can result in your company getting hacked and massive damage beig inflicted.
A zero rate of inflation – or even a constant rate of inflation – is theoretically impossible. Those who have implemented it have destroyed their economies.
Where do people get this crap? Inflation in Switzerland has routinely touched zero had periods below zero (i.e. deflation) in recent times. Switzerland is one of the worlds wealthiest countries.
Fortunately I live in the US, which like most developed countries, where nobody has “first access to money”, so I don’t have to contend with that issue. And by money I assume you mean currency which, of course, is very different then money.
I think you'll find semantic distinctions between money and currency are pointless for anything except confusing people and making you feel like you won debates when actually you lost. Of course there are people who get first access to money in the USA - banks do, when they write it into your account and charge you interest for the privilege.
A lot of people can't/won't distinguish between "Java sandboxing isn't good", "Java the language isn't good" and "Java the platform isn't good".
Java sandboxing is clearly not good enough for real world use and most browser makers have realised this and disabled it. On the other hand, it's only in very recent times that browsers got sandboxes and some common ones like Firefox still don't. That fact was exploited recently to de-anonymize Tor users. So it's not like Java is alone here. Pretty much every attempt to sandbox malicious code has failed badly.
Java the language is mediocre at best, though its strength is not to be fun or pleasant but good for large projects with large teams. Lots of people try to build enormous codebases in PHP, JavaScript or Python which are dramatically worse for the task, so apparently that message hasn't really got through (unfortunately by the time a project notices this it's usually too late to switch to anything else).
Java the platform has got a lot better in recent years. The worst excesses of the "enterprise Java" world, with its ridiculously over-engineered libraries and XML config files everywhere, have largely been left behind. There are now quite a lot of slick and modern frameworks. The JVM has come to support other languages much better in recent years and there are now quite a few very cool and interesting languages like Scala, Ceylon or Kotlin targeting the JVM that have really good Java interop, so you have access to lots of libraries. There's an apt-get style dependency management system and central repository so depending on those libraries is a breeze, and Java IDEs (IntelliJ in particular) finally became really fast and slick. Also, JavaFX is turning into a really nice replacement for Swing, so your Java GUIs can finally feel modern and fit in natively amazingly well. JavaFX can be OpenGL/DX accelerated when the hardware supports it so you can get a consistent 60fps, it's got a great animation framework, a nice GUI builder tool, lots of visual effects along with the basics like charting components. And even an embedded WebKit if you want that. I've been playing with JFX in the Java 8 previews and it's really quite impressive.
Slashdot Mirror
As pointed out by another poster, 2.6 TB of transfer quota per month is trivial even by today's standards: anyone can afford that. And should Bitcoin ever scale to those levels it won't be relying on today's resources, it'll be relying on tomorrow's. So your own example falls apart almost immediately.
Also, rather than just guessing what the US population "needs" why not take a look at existing networks? 2000tps is about a fifth of VISA traffic for the whole world. Of course not every transaction goes via VISA, but it should indicate to you that maybe your numbers are once again a bit sketchy.
You can read an article I wrote a long time ago here: http://en.bitcoin.it/wiki/Scalability. It goes over the various ways the system scales up. Performance is unintuitive, there's no substitute for just working it out on the back of an envelope. Bear in mind we live in a world where single websites can generate a large fraction of total internet traffic and not go bankrupt.
What you call "out of circulation" could also just as well be called "savings". By forcing savings to be spent via taxes on them, all you actually do is artificially move spending that would have happened in future into the present day.
This is terrible outcome for two reasons. One is that it results in huge liabilities for future spending - we can see this in the various insolvent pension schemes that are looming on the horizon (e.g. CALPERS which will never catch up to where it needs to be by now).
The second is that the so-called "growth" in the economy that results is in reality merely some arbitrary economic activity: the fact that it took place can be measured, hence growth, but whether it was actually useful or increased societies wealth is harder to measure and often explicitly ignored. If by taxing savings you force people to instead put their money into a housing bubble, that then triggers a construction boom, this appears to central bankers/planners to be successful economic growth whereas in reality it's merely a gross misallocation of resources towards investments that wouldn't normally make any kind of economic sense.
You can't have a printing press controlled by humans and not have it be ultimately end up abused for political purposes. Central bankers are not somehow magically immune from bad decision making just because they're unelected and unaccountable: they are explicitly given their mission by politicians and their mission is economic growth at any cost, even if it means sacrificing long term stability for short term gain: exactly the same thing as the politicians mission.
We can easily see this in recent times, with central banks desperately trying to jack their economies via free money in order to try and solve political problems, like recessions or possible Eurozone breakups. Does this really make long term sense? No - running the printing presses at full speed in order to make something, anything, happen is not a sensible economic policy. Nor is doing so to bail out profligate and badly managed countries to achieve the entirely emotional and political goal of keeping them inside the Eurozone. And indeed Draghi resisted the latter for a long time, but eventually the public pressure being heaped on him daily ("Draghi will destroy the euro" etc) got too much and he caved.
This is why Bitcoin has the most sensible economic policy of all. Long term, it's meant to have no inflation and no deflation. It's meant to provide a stable monetary base. And critically, it's independent of any individuals who will inevitably give into temptation to try and shape things through money creation.
Haha, yeah, anyone who can take on the US Government and win is by definition an expert in national security. By now he probably also read more documents on national security than even the most highly cleared guys. He had everything from the minutiae of NSA tech to reports written for the inspector general. Given the rampant lying that occurs inside the security state he's probably the only guy with any clarity on how things really work at all, especially because judging from previous behaviour around the Wikileaks incidents, a lot of the NSA/DoD guys will have refused to read any of the public reports in case they get "contaminated" by classified materials!
Lots already. Even if you ignore the Constitution, people running the NSA and general security state have been caught lying to Congress (a crime), lying to the kangeroo FISA court meant to be overseeing them (contempt of court), lying to regular courts about whether defendents were being informed about the origin of evidence against them (more contempt of court), violating FISA court orders (more contempt), and re-interpreting the PATRIOT Act in such a way that even the guy who wrote the damn thing was shocked - that's just normal law breaking: you aren't supposed to be able to "reinterpret" laws however you see fit.
But when you ask "is there a way to charge anyone with a crime", I think you already know that the answer is yes just because there are so many vaguely worded laws in the USA that basically anyone can be charged with some kind of crime. What matters is whether you actually ARE charged, and that's an entirely politically driven decision.
That's the situation in the USA. In the UK the laws are much worse and much vaguer, believe it or not, to the extent that there's basically no functioning oversight at all - the UK equivalent of FISA is not only not a court, it's actually staffed by anonymous people! There's no way to find out who even sits on it. And they have never ruled against the intelligence services even once: FISA Court has at least made a token effort to appear useful. RIPA, the law that is claimed to authorise such collection, is so vaguely worded as to be basically useless as a law - it would appear to authorise practically anything. And the Prime Minister, unlike Obama, has rejected the very notion that there might be a debate at all - simply asserting that if GCHQ does it, it must be by definition be OK.
So even though the situation in the USA is dire, it's actually not as bad as it could be.
And how many of those $50 tablets were approved by Google and run the Google apps suite? I thought the answer was "almost none of them".
The article gives no useful info - assuming any such dispute exists at all, it could be for any reason: seems like the blog is just assuming it must be the dual boot capability because that's what gets traffic. But if for some reason that was the issue, Asus or anyone else could ship devices running the regular open source Android, sans Gmail/Maps/Play Store, without having to deal with Google.
Such tools have been around for a long time in the Windows world. The reason is division of labour. One of the dirty secrets about malware that lots of people hate to hear is that vast quantities of it get in through people pirating software and movies (which demand special "codecs"). After all why bother finding zero day exploits when you can just bind your malware to a Photoshop crack and watch hundreds of thousands of people come to you?
The opportunity is so vast that the black market divided into different job categories. There were the spammers who would buy bots from bot bot herders. The herders would buy "installs" of their bots from installers. The installers would buy binders from binder developers, obtain cracked versions of popular programs, use the binders to join the bots with the apps and then upload them to torrent sites. The installers weren't programmers so binders needed point and click GUIs, but that's OK, the value add they provided was knowing how to get around the blocks the torrent sites tried (uselessly) to put in place to stop this, along with simple brute force of numbers.
Often binders would also be combined with tools called crypters, which do what you'd expect, they just polymorphically encrypt the newly bound crack+app. Crypter developers competed based on how "FUD" their product was (fully undetectable). When AV companies learned to spot their decryption stubs, they'd modify it a bit and release a new version.
I watched this market for a little while a few years ago which is how I know all this lingo. It appeared to be a large and thriving industry. All driven by the greed of pirates.
Er, it is implemented in the client! S/MIME has been implemented by all non-webmail clients for years. When used correctly it's more or less transparent: every email is signed (you get an smime.p7s attachment), and if you receive a signed mail and have S/MIME configured too, your client can/will automatically encrypt the response.
But there are reasons it's not widely used: in the consumer space, most people don't bother getting an email address cert (even though Comodo and StartSSL give them away for free, it takes 2 minutes). And in the corporate space, often you don't actually want employees using end to end encryption, because you need the ability to do things like have internal messaging archives that are searchable, you need the ability to do document discovery when you get sued, employees suck at key management and keep losing them, etc.
Encrypted asynchronous messaging is just a tremendously hard problem. Look at agl's Pond project to get a flavor for what doing it seriously takes.
How do you intend to stop IT departments reconfiguring computers they themselves purchased?
I don't think you thought that one through. At all. It's not even a reasonable goal.
The money sitting in the Caribbean wasn't earned in the USA anyway. It's sitting there waiting for either:
1) The USA to drop its stupid double taxation policies (the money was already taxed once, where it was earned, and most countries try to avoid double taxing in this situatoin). In that case the money could be reallocate to the USA and spent there, where it would of course eventually get taxed again in the process of being paid out as wages or buying things, but at least just moving it into the states wouldn't be a taxable event.
2) A use for it to crop up outside the USA.
Obviously there's nothing you can spend billions of dollars on in the Caribbean - that's just a holding area until the money finds somewhere to be more useful.
Interesting. I just checked: the Flash bundled with my Chrome is the older version (but it's sandboxed to some extent). So then I opened up Firefox and checked the plugin version, and discovered it was already at the newest patched version. I don't recall any update, so I guess the Flash Player plugin updated itself in the background without me noticing, and actually managed to do that faster than Chrome did. Impressive!
They won't let you renounce citizenship if the embassy official thinks you are doing it for tax reasons. Even if they don't think that, they charge a giant "exit tax" and can levy fines for previous non-filings (even if you were, e.g. born to a US parent but never actually lived there).
Basically US citizenship is a modern form of slavery. The scary thing, from my perspective as a non-US citizen, is that once FATCA infrastructure is in place, there's really nothing to stop them extending the list of criteria for people who are considered "US persons" for tax purposes. The US has vast debt and a crippled, dysfunctional politics that can't agree on tax rises or spending cuts. The obvious solution for them is to tax foreigners, which is exactly what FATCA is designed to achieve. However FATCA doesn't fully activate until 2017 according to the current schedule so there's time left yet.
More to the point, I'm struggling to get excited about this idea - the document is probably right that high speed car chases are extremely dangerous. The people in the article going "zomg what if it goes off accidentally in traffic" amaze me. What if it goes off accidentally? Er, the car glides to a halt. What if someone is in a high speed car chase? Better not be a pedestrian in the way ....
I'm usually pretty concerned about erosions of civil liberties, but seriously, if you're being chased by the cops and you're a human rights activist - things already went so badly wrong that being able to outdrive the pursuers seems like the least of your problems.
The questions about whether it could be made secure are very real and important, for sure, but again .... if you're worried about hackers stopping cars, well, nothing stops some random asshat from dropping nails on a motorway either.
Pretty sure that those things are not problems to do with how these specific laws are written, they're fundamental flaws in the trial process and thus the judiciary itself. If such basic rules are being ignored then by definition you wouldn't know if an accused person was actually a traitorous spy or not, would you, because the system would be unable to come to any trustworthy conclusion.
Er, no. Go read a history of Google. The search engine came first and for several years they had no idea how to fund it at all. They sold search services to Yahoo and Netscape. They put their code in a box and tried to sell the Google Search Appliance. They did a bunch of other random things before they eventually tried out keyword based advertising. To say the search engine was a byproduct of a desire to serve ads just makes you look like an idiot who is making stuff up as you go along.
I'd love to believe that, but I think what did it is more like what the OP said - lots of apps could be bought off the shelf for not much money, that did everything interesting. I mean, I learned programming on a BBC Micro in the 80's, which was a great machine back then, but it was *handwave* 10x as expensive as the game-price-subsidised NES boxes and I couldn't write competitive or even interesting video games for it as a kid, because I didn't have enough skill. So not surprising that most people lost interest.
You realize that hundreds of millions of people around the world routinely type in PIN numbers for every transaction, right? I've typed in a PIN for every card payment I've made for years, as have all my friends and family. We're not dead yet. I fail to see why Americans are somehow unable to deal with this when everyone else can.
Anyway, you don't seem to understand how EMV rollouts work. People are not given a choice about PIN authentication. You do it, often into a portable device that is a bit like a specialised mobile phone but with a PIN pad, card slot, display and 3G connection that the waitress brought over to your table. The banks insist on it and so do the merchants. It takes about as much time as signing with a pen does.
Because most of these exploits being fixed are not remotely exploitable unless you deliberately download and run malicious Java code. If you write a JavaScript engine in Java, then you can't have use-after-free exploits in your JavaScript engine, to give an example of once recent Chrome vulnerability. You could have other ways bad JavaScript can escape the interpreter, but memory management or overflow errors won't be amongst them.
You should read the EMV wiki page. When used with DDA cards, which modern cards all are, it protects against cloning of the card and thus protects card-present transactions. Yes, EMV cards still have magstripe data on them which can be stolen and used for online merchants where the card is not present, but there are other systems that are working on making online transactions more secure as well (like 3D-Secure). The combination of these things is an upgrade.
You're assuming it would have made any difference. Remember that these systems have to store the data whilst the transactions are in flight. No, the solution has been known for decades - it's EMV, and every Slashdot story on these card breaches contains exactly the same discussions about how the USA needs to upgrade. Seriously, the USA is more than 10 years behind by now. It doesn't just dick over Americans. The need to be able to travel to the USA means banks everywhere else still need to support stupid magstripe or chip'n'signature transactions. If the USA upgraded it'd become more easier to start aggressively targeting the remaining magstripe transactions with tougher risk analysis and that would cut card-present fraud everywhere.
No, you haven't understood what these vulnerabilities are about. They're all issues that affect you if you download and run malicious Java programs from the internet, which describes applets that are often disabled in the browser anyway. Not "any Java program that talks to the network is remotely exploitable". So if you aren't a malicious programmer then your code is still secure.
As I said above, I'm thinking of C++. You'll find a lot of C++ programs that use unsafe calls, but even if they are STL only, you can still easily do things like use after free and other bugs.
No, I'm not. I'm quite fluent in C++ thanks and know how to use the STL. Yes, well written C++ is much better than your typical C app. Unfortunately, even codebases like WebKit that are worked on primarily by experienced, well paid engineers from places like Apple and Google routinely contain exploits in them that would have been avoided by the use of managed languages (not that I think WebKit should be written in Java).
I think you missed the memo about Java going open source.
Not so long ago this was considered entirely unremarkable. Browser plugins were a very common and widely used idea, not just Java but Flash, QuickTime, ActiveX, Shockwave (aka Macromedia Director) and so on.
The cost of exposing surface area to malicious code was massively underestimated by practically the entire computing industry, for over a decade. Organized crime has repeatedly exploited that fact and now people are much more realistic about the difficulty of handling malicious code or data: the world learned the hard way that there are lots of ingenious ways to take control of a program that's handling malicious input, especially when those programs are written in unsafe languages!
You can get bad programmers in any language. That doesn't tell you much. The problem with C/C++ is that even extremely good programmers in these languages still write code that is exploitable from time to time. Things like over-engineering or memory bloat can be trained out of people. Some kinds of buffer overflows too. But if one class in your program is bloated and overly verbose, your app will still work. If one class in your C++ program incorrectly uses scanf or starts a thread with a pointer to something on the stack, that can result in your company getting hacked and massive damage beig inflicted.
Where do people get this crap? Inflation in Switzerland has routinely touched zero had periods below zero (i.e. deflation) in recent times. Switzerland is one of the worlds wealthiest countries.
But you don't have to take my word for it. Professional economists have studied the link between deflation and depression and found it does not exist.
I think you'll find semantic distinctions between money and currency are pointless for anything except confusing people and making you feel like you won debates when actually you lost. Of course there are people who get first access to money in the USA - banks do, when they write it into your account and charge you interest for the privilege.
A lot of people can't/won't distinguish between "Java sandboxing isn't good", "Java the language isn't good" and "Java the platform isn't good".
Java sandboxing is clearly not good enough for real world use and most browser makers have realised this and disabled it. On the other hand, it's only in very recent times that browsers got sandboxes and some common ones like Firefox still don't. That fact was exploited recently to de-anonymize Tor users. So it's not like Java is alone here. Pretty much every attempt to sandbox malicious code has failed badly.
Java the language is mediocre at best, though its strength is not to be fun or pleasant but good for large projects with large teams. Lots of people try to build enormous codebases in PHP, JavaScript or Python which are dramatically worse for the task, so apparently that message hasn't really got through (unfortunately by the time a project notices this it's usually too late to switch to anything else).
Java the platform has got a lot better in recent years. The worst excesses of the "enterprise Java" world, with its ridiculously over-engineered libraries and XML config files everywhere, have largely been left behind. There are now quite a lot of slick and modern frameworks. The JVM has come to support other languages much better in recent years and there are now quite a few very cool and interesting languages like Scala, Ceylon or Kotlin targeting the JVM that have really good Java interop, so you have access to lots of libraries. There's an apt-get style dependency management system and central repository so depending on those libraries is a breeze, and Java IDEs (IntelliJ in particular) finally became really fast and slick. Also, JavaFX is turning into a really nice replacement for Swing, so your Java GUIs can finally feel modern and fit in natively amazingly well. JavaFX can be OpenGL/DX accelerated when the hardware supports it so you can get a consistent 60fps, it's got a great animation framework, a nice GUI builder tool, lots of visual effects along with the basics like charting components. And even an embedded WebKit if you want that. I've been playing with JFX in the Java 8 previews and it's really quite impressive.