This is especially true given that the insane climb in zero-day prices in recent years has largely been driven by governments starting to buy them up as weapons. You cannot outbid entities that are able to both tax and print money, it's simply impossible. All that would do is result in the NSA spending more on zero days to ensure they still win, and bankrupt a lot of useful software companies.
If you're thinking of the RNG thing, actually some banks did still have the logs which is why they were able to identify the problem in the first place. But yes not all banks are so careful.
Don't get me wrong. It's good that people research EMV, and the task isn't easy. I respect the Cambridge team for that reason. But when they talk to the media or about their work in general, they act as if friendly fraud doesn't exist and EMV is just one giant scam by banks. That's ridiculous. "Friendly fraud" (that's the technical term for it) where the consumer defrauds the bank/merchant is not only a thing, but a highly prevalent and measurable thing. EMV protects sellers by shifting payment security to the buyer, who is typically the one who can most affect it, by keeping their PIN safe. It's not OK that banks don't seem to be pen-testing their own systems aggressively enough, although of course as the system is closed we don't know about the mistakes their own development teams did catch. But it's not useless, and nor is the liability shift. After all, in commerce it takes two to tango.
You mean the system that is processing many, many orders of magnitude more transactions that bitcoin? So many that bitcoin as it currently exists couldn't even begin to handle them without major overhaul?
The amount of mining done is irrelevant to transaction loads, it essentially controls the risk ratios for any given specific transaction that might be reversed. You get the same level of security for the same amount of mining regardless of whether that mining protects 100,000 transactions or 10 million.
Bitcoin can fairly easily scale to loads experienced by existing payment networks. PayPal only handles about 40-50 transactions per second, it's not very much. Visa does more like 10,000 per second, which a solid multi-core server could easily chew through with good optimisation of the software: processing a Bitcoin transaction is a lot cheaper than rendering your average PHP-driven, complicated database backed webpage. You can read a back of the envelope analysis of how Bitcoin scales here.
It's hilarious how its proponents have zero sense of perspective about their favourite little toy.
I think it's rather sad (not hilarious) how its detractors have zero understanding about how the system actually works, but decide to trash it anyway.
AFAIK with Chip-and-PIN, you would need a lot more time with the card, some expensive hardware, and some reverse-engineering skills instead of just click-the-copy-button skills.
Actually it's better than that. Nobody knows how hard it is to clone an EMV card because I'm pretty sure it's never been done (by the non-banking industry). All the attacks on EMV that have been mounted are things like obscure protocol attacks that could be detected by the bank, attacks on very old first generation cards that didn't have CPUs inside them, attacks on weak random number generators inside ATM's and the other sorts of attacks you'd expect to see on an enormous and widely deployed cryptographic system. There have been a few amusingly convoluted social engineering schemes as well.
Some say EMV is the largest crypto system in history, larger even than SSL, and that would not surprise me. But what nobody has reported so far is cloned cards (at least not cloned DDA cards which is what most of the industry is using now for some time already).
The idea that EMV is broken or security theater is an idea pushed by exactly one group, AFAIK, the research group at Cambridge. They've done great work researching flaws in the system and ensuring public sector bug research keeps up with the criminal worlds research, but they also love making dramatic press releases and getting their names on TV, so every time they discover a new (invariably patchable) weakness, they declare it's game over and the entire system is worthless. Not so.
You're just making stuff up to suit your argument. There is no evidence that BTC will ever be stable. The very nature of it's inability to be centrally regulated will guarantee that it can never be stable. Regulation is a stabilising force, it's why prosperous, healthy and wealthy countries all have the most regulations. Don't get caught in the Tea Party anarchist hype. If you want anarchy go take a holiday in Mogadishu or Kabul and then come back and tell us how well that works out.
What a ridiculous load of nonsense. Firstly, I'm not making stuff up to suit my argument. There really have been periods of stability. For instance I remember that when Bitcoin was at about $5 it stayed there for around 6 months or so, iirc, and after that it spent another six months floating around $10-$12 mark, which is the sort of volatility associated with national currencies. The reason is that back then it wasn't in the media much, governments weren't paying attention and so on. When I argue that in future it will be stable again, it's an argument based on both common sense and historical experience.
Regulation is a stabilising force? Regulation is an ossifying force. If you confuse "stagnant " with "stable" then it might superficially appear that way, but all it really does is lock in the status quo. The global recession of 2008 started in America, it was triggered by subprime US housing loans, and the USA has probably the most heavily regulated financial sector in the entire world. It's also got one of the most backwards. The USA still uses cheques, it still uses 1970's era magstripe credit cards, most online banks don't even seem to use two-factor authentication, internal wire transfers take days and are not free: all these things are commonplace outside the USA. If regulation is so great, why is the financial system in the USA such a mess despite vast, sprawling financial regulatory bureaucracies?
Finally, your belief that I'm a tea-partier is hilarious. I'm not even American. I think the tea party are a bunch of nutters. They're certainly not for small government, that would require them to heavily slash military spending, something they are very visibly not doing. I certainly don't want to live in Somalia. However Somalia's problem is not lack of financial regulation (there aren't even any banks there), it's very recent and massive wars that wrecked any semblence of civilisation.
In fact, it's funny you bring up Somalia, because badly thought out financial regulations (around making bankers liable for the crimes of their account holders regardless of whether the bankers knew anything) are about to start killing large numbers of innocent Somalis. Somalia relies heavily on the diaspora sending back money to their families, in particular from the UK. Many of those families use money from family members who work abroad to buy food. British banks have all terminated the accounts of money transmitting firms who send money into Somalia because they're afraid the US government will accuse them of aiding al Shabab. Barclays was the last bank to allow these companies to have an account, and the threat of the Somali diaspora being cut off from their families was so great that 45 MP's wrote to Barclay's, begging them to not comply with the governments own financial regulations! Barclays didn't listen of course, nor would you if you faced jail sentences for the actions of account-holders-of-account-holders, and a UK court had to force them to keep the accounts open via injunctions. God knows how that will play out.
If you investigate what it takes to be compliant with US state money transmitter laws you will see there's no possible way for Caldwell to ever comply. Most estimates I see say it takes several years and between 3-10 million dollars to come into compliance with these regulations. He'd have to have his fingerprints be taken 47 times. Effectively, being labelled this way (it's a vague set of rules) is a death sentence for any small company. So no the difference is no "as subtle as a nuclear weapon". Given a set of laws so absurdly hard to comply with that basically only one new company in living memory has succeeded (PayPal), and that is the subject of a book called "The PayPal Wars", there's practically little difference between that and being explicitly banned.
The inability to charge back is the #1 reason that prevents any consumer from perceiving it as a safe currency against vendor fraud. It serves no benefit to the consumer.
Minor correction - dispute mediated transactions have been a part of the design since day one. The problem is lack of surrounding infrastructure like "file dispute" buttons in wallets and the various protocols needed to organise that, companies that run dispute mediation services with those protocols and so on. But there is widespread consensus that it's a good idea and basically, it's just waiting for someone to do the design and implementation work to make it happen.
Its incredible volatility is the #1 reason that prevents any vendor from seriously adopting it.
It's certainly a PITA at the moment, yes, although when Bitcoin is out of the public eye and governments aren't busy banning it there have been relatively long stretches of peace and stability. During those times you HAVE seen vendors price things in Bitcoins, actually, although yes most prefer to peg to an exchange rate.
Over time the instability will go away because governments will all decide on their policies around it, the technology will mature and become boring, most people will have heard about it and decided what they think, etc. The huge volatility you see at the moment is because almost every day there's some important piece of news that affects people's perception of future value.
As to the/r/bitcoin posters, yes, the over-excitability there is quite something. But that doesn't mean all people who use Bitcoin or like it think the same way.
I think only the most naive anarchists argued that (and I've called them on it many times before in various Bitcoin forums). The gamble being made there is effectively that given a choice, a government would choose not to become totalitarian and oppressive, and would prefer to give up some control over the financial system.
Well, only an idiot would believe China would do that. They are already totalitarian and oppressive, no surprise they'd be willing to jail anyone who uses Bitcoin.
In contrast, many European countries are sorting out how they're going to handle it. See the recent announcement from Denmark saying that Bitcoin is fully legal, and people who want to run exchanges don't even have to be regulated as financial institutions at all! It seems very unlikely that the governments of Norway or Denmark are going to start jailing anyone who sells sandwiches for coins.
America is somewhere in the middle. It's not as free or liberal as most of the smaller European states, but it's not as oppressive as China. Hence the confused approach there where the US government is saying one day Bitcoin is cool and it's all OK, and then next day threatening Bitcoin businesses with jail time. They can't quite decide which direction to go in, it seems.
"No one governing" the Euro is what almost caused the collapse of the EU over one small state having credit difficulties.
Er, no. What people were worried about was that heavily indebted countries would voluntarily choose to exit the Euro so they could inflate away their debts by printing money as fast as possible, and bulk exits of countries from the Euro would cause problems. The "solution", if you want to call it that, was that after resisting for a long time the ECB (actually Mario Draghi) gave into immense political and personal pressure to start open-ended Euro printing in order to essentially reallocate money from savers in Germany and other northern states to heavily indebted, often highly corrupt governments in the south. In order to preserve the fiction that Europe is one big happy family all sharing the same wonderful currency, the ECB agreed to a global tax on all Euro savings everywhere and made lots of people who managed their finances appropriately very very unhappy!
This is not actually solving any problems - it just sends a powerful message from governments that only suckers try to save money because governments will inevitably confiscate it from you in order to pay for (e.g.) absurdly generous pensions in Greece or elsewhere.
Bitcoin does not allow governments to do this. If Europe had been running on Bitcoin at the time, then those governments would have had to go through an actual default and inflict the pain on the people who lent them the money - but on the other hand, if Europe was run on Bitcoin, it's very unlikely the southern countries could have got into so much debt in the first place. Who was lending such vast sums to countries that had such basic, fundamental fiscal problems? Banks, of course, banks who knew they would be bailed out (with yet more money printing) if something went truly tits up. They gambled that politicians cared more about keeping the Euro than protecting savers, and they were right. If Europe used Bitcoin for everything, the "moral hazard" of banking would not exist as they would know that nobody could bail them out, and they'd have far fewer deposits to play with anyway (or maybe none). As a result, far less money would have been invested into places like Greece and the economic distortions such huge borrowing allowed would have never happened.
Just a few minor corrections (I had multiple private email conversations with Satoshi over a couple of years before he disappeared).
The bitcoin site was registered via an anonymous DNS registrar that specialises in anonymous speech. For a short while he also used an email account from the same service, again, a service dedicated specifically to anonymous speech. I've seen no evidence it was selected due to any links to Japan.
I don't know where you got the idea that his writing style was that of a native Japanese speaker. He never once wrote anything in Japanese or even referred to Japanese culture. His writing style was actually that of a British guy: full of British English spellings and mannerisms. Also, he timestamped the genesis block by including a headline about the British banking bailouts from The Times. That's a British newspaper that is most commonly referred to outside the UK as "The London Times" due to its rather generic name. It would be rare for an American or Japanese person to refer to it just as "The Times". Finally, his forum account was set to GMT and his posting activity was during evenings GMT.
Having worked with his code and the man himself, at least for a short while, I think Satoshi was very likely to be a single person, who lives in the UK. But that said, I've never dug any deeper because he clearly wished to have his privacy and I think it would be a sad day if Satoshi's real identity were revealed without his permission.
X.509 already supports this and complex, non-hierarchical trust schemes are frequently used.
The problem is it doesn't make any difference because you still need to be able to connect to servers that are only signed by one CA, and you have no way to know ahead of time how many signers there should be for any given host. And if all clients accept one signer, why would anyone pay for two?
This idea fails for another reason - many CA's validate your websites identity by connecting to it. If you take control of a server/domain name or MITM it temporarily, you can probably find at least 3 CA's that validate ID in the same way and get all three to issue a bogus cert.
X.509 already has a name constraints extension. The problem with TLS is not necessarily its features or design, but that often solutions or upgrades become difficult to deploy because the standard for "this works" is "every device on the planet can connect", a standard that is often unreachable when you start thinking about buggy SSL stacks in embedded devices that never get upgraded.
IF you were willing to accept, say, a 10% error rate for old devices connecting to your server, you could do all kinds of upgrades (caveat; I pulled 10% out of thin air), but in practice people are rarely willing to accept such losses in backwards compatibility for new features. TLS is a victim of its own success, in a way.
It's strange that every single defender of the firearms ban justs ignores the Swiss status quo.
Swiss culture doesn't have much in common with US culture. For one, the people are nowhere near as politically divided or generally so extreme. For another it has a working health system that's capable of handling mental illness. And for another, the gun culture is really not the same no matter what the NRA might claim. In the US you have cases of people walking into bars and restaurants with loaded guns, even in urban areas. The only time I see guns in public in Switzerland is when army reservists are moving around, or when someone is going to a gun club. People don't carry them around as part of normal everyday life.
My understanding is that whilst obtaining a gun in the UK is certainly possible with enough effort (but it's much harder than in the USA where they're lying about everywhere), the real issue is ammo. Last I heard gangs in parts of the UK were trying to make their own ammo at home and the result was of a much lower quality that killed far less frequently than professionally manufactured ammo.
Being an island, gun control in the UK is extremely feasible. Unfortunately I don't know if that has many implications for the USA. The problem is that even if some states wanted to try it, the borders are so porous that there's no real way to stop guns coming in from other states. The USA will remain the source of routine mass shootings for the forseeable future, unless there's a massive and radical culture shift that stops assocating guns with freedom.
It's not gone, it's not being updated any more. But the old code still works fine and uses the current UI conventions.
It sucks that Chrome on Android is closed source vs on desktops where it's open. Unfortunately, if it were open source, it'd immediately be forked by OEMs and operators and then Google would lose the ability to quickly update it. Fast updates, especially for security, are a key part of the Chrome brand to end users much moreso than being open source is:(
They deserve to get crap for *this* and any other positive actions aren't a get-out-of-jail-free card.
No, we don't. Look. I know some guys on the Android team, I've emailed back and forth with Diane and other Android designers before. They are not idiots and do not spend all day smoking cigars in dark rooms trying to figure out ways to violate peoples privacy.
The "feature" that was "removed" was a debug UI that wasn't actually ever accessible via the phones user interface, it had to be activated using undocumented internal APIs. It wasn't visible in the UI because it's extremely easy to break your apps or entire phone by adjusting those settings, and giving hundreds of millions of users a convenient way to brick their own device by screwing with system process permissions is not how you build mass-market products.
Android is designed, for better or worse, to tell you precisely what apps can do and then you can take it or leave it. Most platforms don't bother to break down what apps can do for you - Android is not perfect but it's still better than most of its competitors in that regard. The reason you can't edit app permissions selectively is that this would be a nightmare for app designers: there are lots of permissions, so you'd have to write your app to handle all the possible combinations of permissions that the user might have deactivated. What if you install a web browser, and the user accidentally or stupidly disables internet access permission? Apps would just end up doing manual permission checks and re-presenting the same screen you already see at install time.
Now I'd personally like to see an ability to apps to ask users to grant a few permissions at runtime for cases where a permission is for a truly optional subfeature of the app, or the need for it is best explained by context. Location requests would often fall into that category. But permission nag dialogs can be annoying as well, so I understand why Android puts it all up front.
Anyway, regardless of what you believe about the Android permissions model, seeing this as some kind of corporate mega-conspiracy is dumb and immature. It's a set of decisions that balance competing user interface design priorities. That's it.
Read the link you provide - startCollectors is not required when the browser supports the proper crypto RNG, Chrome does, and they only support Chrome. So there is no bug.
A bigger problem is the possibility of back doors. Their privacy policy merely asserts that they would rather shut the service down than add a back door, but when the men in black come knocking they won't be given any choice in the matter so this assertion is worthless. What's more Chrome apps silently auto update. I won't be too harsh on them for this though because fixing it would require them to split the RSA key used for signing updates, find people in other jurisdictions who can review their code (assuming it's open source - their website didn't seem to say), and generally making the whole process deterministic. BTW if the authors are reading this comment, I have an open source RSA threshold signature library (but which isn't publicly available, it's the result of some academic research project). Feel free to email me and I will send it onwards. It might make it possible to ensure app updates have to be signed by a large group of people before they take effect.
The guy who owned that transaction was already located. His name is Dustin and he is not Satoshi. What's more, these transactions had aroused interest before, been researched, the guy who owned them was not really trying to hide his identity and publicly confirmed they were his. And all this was available just by doing a google search on the address in question.
This is the second time Shamir has associated his name with research which contains elementary mistakes, makes wild claims and is funded by the Citi Foundation (as in, Citibank). What is going on?
Yeah, great. So the idiots who want free movies will get DPI implemented across the board, thus dramatically lowering the bar for all other kinds of censorship in future. This whole thing reminds me of the drug war. These tele-addicts simply don't have any lines they won't cross in order to get their fix, and attempts to stop them thus spiral downards into ever harsher and more aggressive monitoring and control.
BITTORRENT USERS - JUST BUY THE DAMN MOVIES ALREADY.
A lot of banks outside the EU already are pretty secure, using hardware second factors to authorize logins and wire transfers to unknown/new destinations.
If you see bank details being sold that only have a username/password, it's probably an American bank. The 2-factor auth system used outside the USA is based on EMV (it's a variant called CAP). In the US they never deployed EMV aka chip and PIN so the banks don't have any pre-existing secure hardware issued to end users they can auth themselves with.
Yes, they were doing pretty great, so great that the name "Celtic Tiger" was invented specifically to describe the Irish economy.
Like most economies that have inflationary currencies, this led to exuberance and dumping of money into a housing bubble, on the theory that whilst money inflates away houses don't. Being in the Euro had nothing to do with this, it's a disease that affected the USA and the UK as well, even though they have their own currencies and central banks. In fact these governments (but especially the UK) were all desperately trying to push people into the housing bubble due a massive and misguided social engineering program rooted in the belief that home-ownership is an end rather than a means.
But this is not specific to Ireland. It's actually a problem fundamental to an environment with compound inflation (recall that at 2% per year, prices go up every year by more than the previous year because inflation is expressed as a percentage rise on the previous year, not a fixed reference point).
Quoting the wikipedia article I linked:
During that time, Ireland experienced a boom, which transformed it from one of Europe's poorer countries into one of its wealthiest. The causes of Ireland's growth are the subject of some debate, but credit has been primarily given to state-driven economic development; social partnership among employers, government and unions; increased participation by women in the labour force; decades of investment in domestic higher education; targeting of foreign direct investment; a low corporation tax rate; an English-speaking workforce; and membership of the European Union which provided transfer payments and export access to the Single Market.
So they went from one of the poorest countries in Europe to being equal to some of the best in only a couple of decades, and a big chunk of that was due to low corporation tax (but not necessarily low taxes in general, mind you) combined with access to the single market.
The Irish people love their low corporation taxes and did not really raise them even during the global recession, because they have attracted tons of very high-skilled jobs from well known, rich corporations - companies like Apple, Google, Intel and others. The latter two alone created tens of thousands of jobs, which in a small country is a Big Deal, and they're far from the only ones. So not surprisingly, a policy that has created a spigot of good local jobs is popular - a government with higher tax revenues but that spends it all on welfare is not obviously a better state to be in.
This isn't necessarily a strategy that can be replicated everywhere: Ireland was catching up from behind during its boom years, not accelerating ahead of all the other countries. And some of its appeal to international companies was the fact that it wasn't very rich, so wages weren't extremely high. But there are other parts of Europe that are now also behind (think: Spain, Portugal, northern England), so perhaps they can consider whether the same strategy would help.
Some will say this leads to a race to the bottom, and there's some truth to that, but the question is does it matter? It's not like taxing corporations is the only way to raise revenue. Indeed, if you trace a money flow, you'll see that when someone buys something, there's sales tax/VAT paid on that. Then (ignoring the case where the money is sent back to HQ abroad for a moment), it's booked as profit and tax is paid on that too, and then the company pays its wages and possibly pays employment taxes as part of that, and of course property taxes for the place where the employees work, the employee pays income taxes on their wages as well, and in some places also pays a wealth tax at the end. So by the time the money has flowed from one person to another (which is what we really care about, given that economies are ultimately made of and in service of people), it's been taxed many times repeatedl
They do business in Italy. They get money in Italy.
They do business in Ireland and they sell to customers in Italy. The whole point of the EU is it's a single market, that means, you can establish your company once and sell to everyone within that market. If you set up in Ireland and sell to Italians, not only is that not tax evasion, that is the point of the EU in the first place!
These companies have all had exactly the same tax arrangements for years and as Apple point's out in the article, have been repeatedly audited and passed. In fact Italy appears to have audited Apple three years in a row, which seems only explainable as harassment - tax audits are supposed to be semi-random spot checks to ensure compliance. If you pass an audit, getting audited the next year is just a waste of time and money for all concerned.
What's happening now is that a lot of governments around the world, having spent many decades promoting trade and economic integration when times were good and they had excessively cheap credit, now decided that maybe free trade isn't such a hot idea after all. After all, it might mean that other countries who you trade with end up more appealing to do business in. Ireland has had a long-standing policy of aggressively attracting international businesses with low tax rates, it's a very popular policy amongst the people in Ireland, and in fact until their government foolishly panicked and committed to a full bailout of their banks their economy was doing great. If the Italians are now mad about it, they have two choices:
1) Start rolling back the EU single market, then they can pass rules that say "if you want to sell stuff to Italians, you must run your business out of Italy and pay whatever taxes we want to do that" (of course this means some companies won't bother)
2) Deal with it and find other sources of revenue, whilst enjoying the fact that when Italian companies sell to the Irish, the Italians get to keep the corporate tax from that.
Right now governments are trying to do both simultaneously, which is why they grind to a halt in an internal deadlock of contradictions and you get bizarre setups like companies buying things from themselves.
Apple specifically will "solve itself" after a while because probably, Ireland will start making them corporation tax in Ireland safe in the knowledge that it's still more appealing than the alternatives. However this will not satisfy other members of the EU who dislike tax competition.
By the way, your post is very emotional. Tax should not be an emotional topic. Tax is (or rather should be) a technical matter in which people analyze the most efficient ways to raise the revenues governments need to function. Whether corporation tax is even a good idea at all is a matter of some debate in academic circles - the fact that you're trying to tax an entity that doesn't actually have any specific physical location is one reason why everyone ends up feeling like it's "not fair".
Slashdot Mirror
This is especially true given that the insane climb in zero-day prices in recent years has largely been driven by governments starting to buy them up as weapons. You cannot outbid entities that are able to both tax and print money, it's simply impossible. All that would do is result in the NSA spending more on zero days to ensure they still win, and bankrupt a lot of useful software companies.
Er, my Nexus 5 doesn't have any advertising or "scumware" on it out of the box, as far as I can tell. What are you talking about?
If you're thinking of the RNG thing, actually some banks did still have the logs which is why they were able to identify the problem in the first place. But yes not all banks are so careful.
Don't get me wrong. It's good that people research EMV, and the task isn't easy. I respect the Cambridge team for that reason. But when they talk to the media or about their work in general, they act as if friendly fraud doesn't exist and EMV is just one giant scam by banks. That's ridiculous. "Friendly fraud" (that's the technical term for it) where the consumer defrauds the bank/merchant is not only a thing, but a highly prevalent and measurable thing. EMV protects sellers by shifting payment security to the buyer, who is typically the one who can most affect it, by keeping their PIN safe. It's not OK that banks don't seem to be pen-testing their own systems aggressively enough, although of course as the system is closed we don't know about the mistakes their own development teams did catch. But it's not useless, and nor is the liability shift. After all, in commerce it takes two to tango.
The amount of mining done is irrelevant to transaction loads, it essentially controls the risk ratios for any given specific transaction that might be reversed. You get the same level of security for the same amount of mining regardless of whether that mining protects 100,000 transactions or 10 million.
Bitcoin can fairly easily scale to loads experienced by existing payment networks. PayPal only handles about 40-50 transactions per second, it's not very much. Visa does more like 10,000 per second, which a solid multi-core server could easily chew through with good optimisation of the software: processing a Bitcoin transaction is a lot cheaper than rendering your average PHP-driven, complicated database backed webpage. You can read a back of the envelope analysis of how Bitcoin scales here.
I think it's rather sad (not hilarious) how its detractors have zero understanding about how the system actually works, but decide to trash it anyway.
Actually it's better than that. Nobody knows how hard it is to clone an EMV card because I'm pretty sure it's never been done (by the non-banking industry). All the attacks on EMV that have been mounted are things like obscure protocol attacks that could be detected by the bank, attacks on very old first generation cards that didn't have CPUs inside them, attacks on weak random number generators inside ATM's and the other sorts of attacks you'd expect to see on an enormous and widely deployed cryptographic system. There have been a few amusingly convoluted social engineering schemes as well.
Some say EMV is the largest crypto system in history, larger even than SSL, and that would not surprise me. But what nobody has reported so far is cloned cards (at least not cloned DDA cards which is what most of the industry is using now for some time already).
The idea that EMV is broken or security theater is an idea pushed by exactly one group, AFAIK, the research group at Cambridge. They've done great work researching flaws in the system and ensuring public sector bug research keeps up with the criminal worlds research, but they also love making dramatic press releases and getting their names on TV, so every time they discover a new (invariably patchable) weakness, they declare it's game over and the entire system is worthless. Not so.
It could go down either for porn or "hate speech", which Cameron is wasting no time adding to the filters. The lulz will be heavy then.
What a ridiculous load of nonsense. Firstly, I'm not making stuff up to suit my argument. There really have been periods of stability. For instance I remember that when Bitcoin was at about $5 it stayed there for around 6 months or so, iirc, and after that it spent another six months floating around $10-$12 mark, which is the sort of volatility associated with national currencies. The reason is that back then it wasn't in the media much, governments weren't paying attention and so on. When I argue that in future it will be stable again, it's an argument based on both common sense and historical experience.
Regulation is a stabilising force? Regulation is an ossifying force. If you confuse "stagnant " with "stable" then it might superficially appear that way, but all it really does is lock in the status quo. The global recession of 2008 started in America, it was triggered by subprime US housing loans, and the USA has probably the most heavily regulated financial sector in the entire world. It's also got one of the most backwards. The USA still uses cheques, it still uses 1970's era magstripe credit cards, most online banks don't even seem to use two-factor authentication, internal wire transfers take days and are not free: all these things are commonplace outside the USA. If regulation is so great, why is the financial system in the USA such a mess despite vast, sprawling financial regulatory bureaucracies?
Finally, your belief that I'm a tea-partier is hilarious. I'm not even American. I think the tea party are a bunch of nutters. They're certainly not for small government, that would require them to heavily slash military spending, something they are very visibly not doing. I certainly don't want to live in Somalia. However Somalia's problem is not lack of financial regulation (there aren't even any banks there), it's very recent and massive wars that wrecked any semblence of civilisation.
In fact, it's funny you bring up Somalia, because badly thought out financial regulations (around making bankers liable for the crimes of their account holders regardless of whether the bankers knew anything) are about to start killing large numbers of innocent Somalis. Somalia relies heavily on the diaspora sending back money to their families, in particular from the UK. Many of those families use money from family members who work abroad to buy food. British banks have all terminated the accounts of money transmitting firms who send money into Somalia because they're afraid the US government will accuse them of aiding al Shabab. Barclays was the last bank to allow these companies to have an account, and the threat of the Somali diaspora being cut off from their families was so great that 45 MP's wrote to Barclay's, begging them to not comply with the governments own financial regulations! Barclays didn't listen of course, nor would you if you faced jail sentences for the actions of account-holders-of-account-holders, and a UK court had to force them to keep the accounts open via injunctions. God knows how that will play out.
If you investigate what it takes to be compliant with US state money transmitter laws you will see there's no possible way for Caldwell to ever comply. Most estimates I see say it takes several years and between 3-10 million dollars to come into compliance with these regulations. He'd have to have his fingerprints be taken 47 times. Effectively, being labelled this way (it's a vague set of rules) is a death sentence for any small company. So no the difference is no "as subtle as a nuclear weapon". Given a set of laws so absurdly hard to comply with that basically only one new company in living memory has succeeded (PayPal), and that is the subject of a book called "The PayPal Wars", there's practically little difference between that and being explicitly banned.
Minor correction - dispute mediated transactions have been a part of the design since day one. The problem is lack of surrounding infrastructure like "file dispute" buttons in wallets and the various protocols needed to organise that, companies that run dispute mediation services with those protocols and so on. But there is widespread consensus that it's a good idea and basically, it's just waiting for someone to do the design and implementation work to make it happen.
It's certainly a PITA at the moment, yes, although when Bitcoin is out of the public eye and governments aren't busy banning it there have been relatively long stretches of peace and stability. During those times you HAVE seen vendors price things in Bitcoins, actually, although yes most prefer to peg to an exchange rate.
Over time the instability will go away because governments will all decide on their policies around it, the technology will mature and become boring, most people will have heard about it and decided what they think, etc. The huge volatility you see at the moment is because almost every day there's some important piece of news that affects people's perception of future value.
As to the /r/bitcoin posters, yes, the over-excitability there is quite something. But that doesn't mean all people who use Bitcoin or like it think the same way.
I think only the most naive anarchists argued that (and I've called them on it many times before in various Bitcoin forums). The gamble being made there is effectively that given a choice, a government would choose not to become totalitarian and oppressive, and would prefer to give up some control over the financial system.
Well, only an idiot would believe China would do that. They are already totalitarian and oppressive, no surprise they'd be willing to jail anyone who uses Bitcoin.
In contrast, many European countries are sorting out how they're going to handle it. See the recent announcement from Denmark saying that Bitcoin is fully legal, and people who want to run exchanges don't even have to be regulated as financial institutions at all! It seems very unlikely that the governments of Norway or Denmark are going to start jailing anyone who sells sandwiches for coins.
America is somewhere in the middle. It's not as free or liberal as most of the smaller European states, but it's not as oppressive as China. Hence the confused approach there where the US government is saying one day Bitcoin is cool and it's all OK, and then next day threatening Bitcoin businesses with jail time. They can't quite decide which direction to go in, it seems.
Er, no. What people were worried about was that heavily indebted countries would voluntarily choose to exit the Euro so they could inflate away their debts by printing money as fast as possible, and bulk exits of countries from the Euro would cause problems. The "solution", if you want to call it that, was that after resisting for a long time the ECB (actually Mario Draghi) gave into immense political and personal pressure to start open-ended Euro printing in order to essentially reallocate money from savers in Germany and other northern states to heavily indebted, often highly corrupt governments in the south. In order to preserve the fiction that Europe is one big happy family all sharing the same wonderful currency, the ECB agreed to a global tax on all Euro savings everywhere and made lots of people who managed their finances appropriately very very unhappy!
This is not actually solving any problems - it just sends a powerful message from governments that only suckers try to save money because governments will inevitably confiscate it from you in order to pay for (e.g.) absurdly generous pensions in Greece or elsewhere.
Bitcoin does not allow governments to do this. If Europe had been running on Bitcoin at the time, then those governments would have had to go through an actual default and inflict the pain on the people who lent them the money - but on the other hand, if Europe was run on Bitcoin, it's very unlikely the southern countries could have got into so much debt in the first place. Who was lending such vast sums to countries that had such basic, fundamental fiscal problems? Banks, of course, banks who knew they would be bailed out (with yet more money printing) if something went truly tits up. They gambled that politicians cared more about keeping the Euro than protecting savers, and they were right. If Europe used Bitcoin for everything, the "moral hazard" of banking would not exist as they would know that nobody could bail them out, and they'd have far fewer deposits to play with anyway (or maybe none). As a result, far less money would have been invested into places like Greece and the economic distortions such huge borrowing allowed would have never happened.
Just a few minor corrections (I had multiple private email conversations with Satoshi over a couple of years before he disappeared).
The bitcoin site was registered via an anonymous DNS registrar that specialises in anonymous speech. For a short while he also used an email account from the same service, again, a service dedicated specifically to anonymous speech. I've seen no evidence it was selected due to any links to Japan.
I don't know where you got the idea that his writing style was that of a native Japanese speaker. He never once wrote anything in Japanese or even referred to Japanese culture. His writing style was actually that of a British guy: full of British English spellings and mannerisms. Also, he timestamped the genesis block by including a headline about the British banking bailouts from The Times. That's a British newspaper that is most commonly referred to outside the UK as "The London Times" due to its rather generic name. It would be rare for an American or Japanese person to refer to it just as "The Times". Finally, his forum account was set to GMT and his posting activity was during evenings GMT.
Having worked with his code and the man himself, at least for a short while, I think Satoshi was very likely to be a single person, who lives in the UK. But that said, I've never dug any deeper because he clearly wished to have his privacy and I think it would be a sad day if Satoshi's real identity were revealed without his permission.
X.509 already supports this and complex, non-hierarchical trust schemes are frequently used.
The problem is it doesn't make any difference because you still need to be able to connect to servers that are only signed by one CA, and you have no way to know ahead of time how many signers there should be for any given host. And if all clients accept one signer, why would anyone pay for two?
This idea fails for another reason - many CA's validate your websites identity by connecting to it. If you take control of a server/domain name or MITM it temporarily, you can probably find at least 3 CA's that validate ID in the same way and get all three to issue a bogus cert.
These are hard problems. Simple as that.
X.509 already has a name constraints extension. The problem with TLS is not necessarily its features or design, but that often solutions or upgrades become difficult to deploy because the standard for "this works" is "every device on the planet can connect", a standard that is often unreachable when you start thinking about buggy SSL stacks in embedded devices that never get upgraded.
IF you were willing to accept, say, a 10% error rate for old devices connecting to your server, you could do all kinds of upgrades (caveat; I pulled 10% out of thin air), but in practice people are rarely willing to accept such losses in backwards compatibility for new features. TLS is a victim of its own success, in a way.
Swiss culture doesn't have much in common with US culture. For one, the people are nowhere near as politically divided or generally so extreme. For another it has a working health system that's capable of handling mental illness. And for another, the gun culture is really not the same no matter what the NRA might claim. In the US you have cases of people walking into bars and restaurants with loaded guns, even in urban areas. The only time I see guns in public in Switzerland is when army reservists are moving around, or when someone is going to a gun club. People don't carry them around as part of normal everyday life.
My understanding is that whilst obtaining a gun in the UK is certainly possible with enough effort (but it's much harder than in the USA where they're lying about everywhere), the real issue is ammo. Last I heard gangs in parts of the UK were trying to make their own ammo at home and the result was of a much lower quality that killed far less frequently than professionally manufactured ammo.
Being an island, gun control in the UK is extremely feasible. Unfortunately I don't know if that has many implications for the USA. The problem is that even if some states wanted to try it, the borders are so porous that there's no real way to stop guns coming in from other states. The USA will remain the source of routine mass shootings for the forseeable future, unless there's a massive and radical culture shift that stops assocating guns with freedom.
It's not gone, it's not being updated any more. But the old code still works fine and uses the current UI conventions.
It sucks that Chrome on Android is closed source vs on desktops where it's open. Unfortunately, if it were open source, it'd immediately be forked by OEMs and operators and then Google would lose the ability to quickly update it. Fast updates, especially for security, are a key part of the Chrome brand to end users much moreso than being open source is :(
No, we don't. Look. I know some guys on the Android team, I've emailed back and forth with Diane and other Android designers before. They are not idiots and do not spend all day smoking cigars in dark rooms trying to figure out ways to violate peoples privacy.
The "feature" that was "removed" was a debug UI that wasn't actually ever accessible via the phones user interface, it had to be activated using undocumented internal APIs. It wasn't visible in the UI because it's extremely easy to break your apps or entire phone by adjusting those settings, and giving hundreds of millions of users a convenient way to brick their own device by screwing with system process permissions is not how you build mass-market products.
Android is designed, for better or worse, to tell you precisely what apps can do and then you can take it or leave it. Most platforms don't bother to break down what apps can do for you - Android is not perfect but it's still better than most of its competitors in that regard. The reason you can't edit app permissions selectively is that this would be a nightmare for app designers: there are lots of permissions, so you'd have to write your app to handle all the possible combinations of permissions that the user might have deactivated. What if you install a web browser, and the user accidentally or stupidly disables internet access permission? Apps would just end up doing manual permission checks and re-presenting the same screen you already see at install time.
Now I'd personally like to see an ability to apps to ask users to grant a few permissions at runtime for cases where a permission is for a truly optional subfeature of the app, or the need for it is best explained by context. Location requests would often fall into that category. But permission nag dialogs can be annoying as well, so I understand why Android puts it all up front.
Anyway, regardless of what you believe about the Android permissions model, seeing this as some kind of corporate mega-conspiracy is dumb and immature. It's a set of decisions that balance competing user interface design priorities. That's it.
Lol. Citation needed.
Read the link you provide - startCollectors is not required when the browser supports the proper crypto RNG, Chrome does, and they only support Chrome. So there is no bug.
A bigger problem is the possibility of back doors. Their privacy policy merely asserts that they would rather shut the service down than add a back door, but when the men in black come knocking they won't be given any choice in the matter so this assertion is worthless. What's more Chrome apps silently auto update. I won't be too harsh on them for this though because fixing it would require them to split the RSA key used for signing updates, find people in other jurisdictions who can review their code (assuming it's open source - their website didn't seem to say), and generally making the whole process deterministic. BTW if the authors are reading this comment, I have an open source RSA threshold signature library (but which isn't publicly available, it's the result of some academic research project). Feel free to email me and I will send it onwards. It might make it possible to ensure app updates have to be signed by a large group of people before they take effect.
The guy who owned that transaction was already located. His name is Dustin and he is not Satoshi. What's more, these transactions had aroused interest before, been researched, the guy who owned them was not really trying to hide his identity and publicly confirmed they were his. And all this was available just by doing a google search on the address in question.
This is the second time Shamir has associated his name with research which contains elementary mistakes, makes wild claims and is funded by the Citi Foundation (as in, Citibank). What is going on?
Yeah, great. So the idiots who want free movies will get DPI implemented across the board, thus dramatically lowering the bar for all other kinds of censorship in future. This whole thing reminds me of the drug war. These tele-addicts simply don't have any lines they won't cross in order to get their fix, and attempts to stop them thus spiral downards into ever harsher and more aggressive monitoring and control.
BITTORRENT USERS - JUST BUY THE DAMN MOVIES ALREADY.
A lot of banks outside the EU already are pretty secure, using hardware second factors to authorize logins and wire transfers to unknown/new destinations.
If you see bank details being sold that only have a username/password, it's probably an American bank. The 2-factor auth system used outside the USA is based on EMV (it's a variant called CAP). In the US they never deployed EMV aka chip and PIN so the banks don't have any pre-existing secure hardware issued to end users they can auth themselves with.
Yes, they were doing pretty great, so great that the name "Celtic Tiger" was invented specifically to describe the Irish economy.
Like most economies that have inflationary currencies, this led to exuberance and dumping of money into a housing bubble, on the theory that whilst money inflates away houses don't. Being in the Euro had nothing to do with this, it's a disease that affected the USA and the UK as well, even though they have their own currencies and central banks. In fact these governments (but especially the UK) were all desperately trying to push people into the housing bubble due a massive and misguided social engineering program rooted in the belief that home-ownership is an end rather than a means.
But this is not specific to Ireland. It's actually a problem fundamental to an environment with compound inflation (recall that at 2% per year, prices go up every year by more than the previous year because inflation is expressed as a percentage rise on the previous year, not a fixed reference point).
Quoting the wikipedia article I linked:
So they went from one of the poorest countries in Europe to being equal to some of the best in only a couple of decades, and a big chunk of that was due to low corporation tax (but not necessarily low taxes in general, mind you) combined with access to the single market.
The Irish people love their low corporation taxes and did not really raise them even during the global recession, because they have attracted tons of very high-skilled jobs from well known, rich corporations - companies like Apple, Google, Intel and others. The latter two alone created tens of thousands of jobs, which in a small country is a Big Deal, and they're far from the only ones. So not surprisingly, a policy that has created a spigot of good local jobs is popular - a government with higher tax revenues but that spends it all on welfare is not obviously a better state to be in.
This isn't necessarily a strategy that can be replicated everywhere: Ireland was catching up from behind during its boom years, not accelerating ahead of all the other countries. And some of its appeal to international companies was the fact that it wasn't very rich, so wages weren't extremely high. But there are other parts of Europe that are now also behind (think: Spain, Portugal, northern England), so perhaps they can consider whether the same strategy would help.
Some will say this leads to a race to the bottom, and there's some truth to that, but the question is does it matter? It's not like taxing corporations is the only way to raise revenue. Indeed, if you trace a money flow, you'll see that when someone buys something, there's sales tax/VAT paid on that. Then (ignoring the case where the money is sent back to HQ abroad for a moment), it's booked as profit and tax is paid on that too, and then the company pays its wages and possibly pays employment taxes as part of that, and of course property taxes for the place where the employees work, the employee pays income taxes on their wages as well, and in some places also pays a wealth tax at the end. So by the time the money has flowed from one person to another (which is what we really care about, given that economies are ultimately made of and in service of people), it's been taxed many times repeatedl
They do business in Ireland and they sell to customers in Italy. The whole point of the EU is it's a single market, that means, you can establish your company once and sell to everyone within that market. If you set up in Ireland and sell to Italians, not only is that not tax evasion, that is the point of the EU in the first place!
These companies have all had exactly the same tax arrangements for years and as Apple point's out in the article, have been repeatedly audited and passed. In fact Italy appears to have audited Apple three years in a row, which seems only explainable as harassment - tax audits are supposed to be semi-random spot checks to ensure compliance. If you pass an audit, getting audited the next year is just a waste of time and money for all concerned.
What's happening now is that a lot of governments around the world, having spent many decades promoting trade and economic integration when times were good and they had excessively cheap credit, now decided that maybe free trade isn't such a hot idea after all. After all, it might mean that other countries who you trade with end up more appealing to do business in. Ireland has had a long-standing policy of aggressively attracting international businesses with low tax rates, it's a very popular policy amongst the people in Ireland, and in fact until their government foolishly panicked and committed to a full bailout of their banks their economy was doing great. If the Italians are now mad about it, they have two choices:
1) Start rolling back the EU single market, then they can pass rules that say "if you want to sell stuff to Italians, you must run your business out of Italy and pay whatever taxes we want to do that" (of course this means some companies won't bother)
2) Deal with it and find other sources of revenue, whilst enjoying the fact that when Italian companies sell to the Irish, the Italians get to keep the corporate tax from that.
Right now governments are trying to do both simultaneously, which is why they grind to a halt in an internal deadlock of contradictions and you get bizarre setups like companies buying things from themselves.
Apple specifically will "solve itself" after a while because probably, Ireland will start making them corporation tax in Ireland safe in the knowledge that it's still more appealing than the alternatives. However this will not satisfy other members of the EU who dislike tax competition.
By the way, your post is very emotional. Tax should not be an emotional topic. Tax is (or rather should be) a technical matter in which people analyze the most efficient ways to raise the revenues governments need to function. Whether corporation tax is even a good idea at all is a matter of some debate in academic circles - the fact that you're trying to tax an entity that doesn't actually have any specific physical location is one reason why everyone ends up feeling like it's "not fair".