The judges ruling explicitly disagrees with you. Did you even read it? Let me quote the relevant parts.
The issue is whether the conduct actually alleged falls foul of S.107 (2A) not, as I fear Mr Cooper was urging, that no offence in law actually exists. It does exist unless or until S.107 (2A) is amended or repealed
Accordingly Mr Jones argues (@ para 15 of his written submissions of 31st October 2011) “O’Dwyer would not be able to avail himself of the “mere conduit” defence enumerated in Regulation 17 because he was intimately involved in deciding who was allowed to post links on the TVShack websites, which links would be osted” (etc) & ( para 16 continues) “ a plain reading of the phrase “make available” in this context makes clear O’Dwyer “made available copyrighted material”.
... and finally the judge was in no mood for angels-on-pinheads arguments:
I also have in mind the mischief Parliament had in mind. Accordingly in my judgement I am satisfied the conduct alleged in the instant request meets the dual criminality test and would be an offence in this jurisdiction.
That seems pretty sensible. The guy was making large sums of money by running a site that very clearly was designed for piracy. He wasn't some innocent middleman who was abused. He profited handsomely off piracy knowing full well copyright infringement was illegal, and is now being extradited for it.
I'm a Brit and think there are quite a few things wrong with the US/UK extradition treaties that are in place, but the judges ruling is easy to read and logically sound. What he did was an offence under UK law. It would not infringe his human rights to be tried abroad. So what's the big deal? My only concern with this is that the UK Govt didn't prosecute him itself.
A judge dropped all charges against the officer: excessive assult, tampering with evidence, destroying evidence, and lying under oath.
The officer is still on active duty to this day.
(Google terms to use: Officer Admitted To Deleting Incriminating Statements )
Thanks for the reference. It results in only one hit, the story about Chris Dye, which appears to date from last month. The latest I could find is that he's been suspended, arrested, and posted bond whilst the investigation is ongoing. I couldn't find any reference to a judge dropping all charges, could you post that?
The fundamental issue here is that escrow doesn't work very well because you have to trust the escrow provider with the money, which means escrow providers need to be highly trusted. As any good escrow provider is almost by definition a specialist (in violins or whatever), they tend to not get the economies of scale you need to build trusted brand and thus are hard to find plus have high fees.
The ideal solution would be for payment processors to allow specialized dispute mediators to be nominated in a trade. If there is a dispute, the payment processor would go with the decision of the mediator, who would at no point have access to the underlying funds. Therefore the need for trust is radically reduced and the mediation market would become more liquid as a result.
Unfortunately this ideal solution is unlikely to happen because payment processing is a winner-takes-all market (they are "trusted middlemen"). PayPal has no real incentive to solve this problem because their customers have few alternatives. Interestingly, Bitcoin offers a solution to these problems, because it offers escrow protocols that allow for low-trust third parties. Briefly, buyers can lock coins to a 2-of-3 threshold signature (other mixes are possible) consisting of your key, the sellers key, and an escrow providers key. In the case of no dispute buyer and seller sign to release the coins. In the case of a dispute the escrow provider mediates and selects the winner. In no case can the escrow provider take the coins for themselves, therefore you need much less trust - you just need to believe they will arbitrate fairly, not that they will safely keep the escrowed money. Currently these protocols aren't fully implemented - the core support is there, but there's no GUI for it. Once that's done it could solve the violin sellers problem, because both buyer and seller could have selected a dispute mediator that specialized in antique musical instruments acceptable to both parties, and once the decision is made the payment becomes irreversible.
It's not about altruism, it's about longer term incentives. If Bitcoin fails to work properly because people hoard transactions then the worth of your own Bitcoin using business and stored value goes down.
There are plenty of other responses possible to this problem though, if it ever actually happens (nobody has observed people failing to relay transactions for profit today). One is to simply have rebroadcast nodes that don't verify transactions or blocks and thus are very cheap to run, which simply ensure good broadcast connectivity. Another is to accept that people, merchants in particular, have an incentive to get their transactions to as many miners as possible, and miners have incentives to get transactions, so it's very likely these people will find each other some way without relying on broadcast. Nothing in Bitcoin actually requires P2P broadcast of transactions, it's just convenient.
Yeah, hardly denial. Let me post my response to the thread here to make it more visible. The summary is that this is not a new argument, but the MSR researchers certainly went deeper into it than most people do. Long term broadcast/floodfill is likely to become less important for other reasons beyond nodes deciding not to relay (which is not a problem observed in practice).
This point has been discussed on the forum several times over the last couple of years. It's not a novel criticism though I'm glad the smart people at MSR are taking a hard look at Bitcoin. Hopefully they may see this thread and jump in with their thoughts.
Note that it's not just miners who have an incentive to not relay transactions. In theory, you could run a non-mining node that co-operates with a mining node. When you receive a transaction with a fee, you send it directly to the mining node and no others, in return for a small cut of the profits. It's unlikely to happen for a long time (if ever), as currently you could argue there's actually no incentive to include transactions at all - yet people still do.
I agree with Gregory, transaction broadcast is a simple and useful technique in the early days of the network, but if Bitcoin continues to grow and evolve we'll see a move away from it - it's often unnecessary, inefficient and has some strange incentive structures like the paper says. I'm not sure trying to fix it is the right approach.
What would replace it? I've argued in the past that senders should never attach fees because they aren't the one who actually cares about payment confirmation (they know they are trustworthy). Instead senders should send a free transaction directly to the receiver. They can then decide what to do with it - attach a fee (2nd tx) and broadcast, upload it directly to miners, or if you have high confidence in the sender to not double spend simply keep it around and pass it on to somebody else as part of a new payment.
Stefan has argued for an insurance company scheme in which merchants protect themselves against the risk of double spending by paying small premiums. In this setup, the receiver would have another option - transmit the received transaction straight to the insurance company. They'd verify it was valid and broadcast it in such a way that as many miners as possible are likely to receive it. Miners have incentives to connect directly to the insurance company nodes (or intermediate backbone nodes) and the insurance companies have incentives to make it easy for them. Broadcast over 10,000 connections really isn't a big deal for modern computers so I'm not worried about this kind of scalability.
Of course, this takes us a little bit further from the purist "zero trust" design that Satoshi was aiming for. Starting a new insurance company would (in the absence of functioning broadcast) be harder because you'd have to find all the miners. That doesn't worry me much - the long term future of mining is as a professional business, it's already gone that way to some extent, and all the incentives are aligned. Miners have an incentive to be visible and merchants/insurers have an incentive to seek them out. Whether that's done via a naive P2P broadcast or something more sophisticated, only time will tell.
It's rare to see companies take such a long term view of their business, but Comcast sure is doing it now. I know from seeing it being done at work, huge IPv6 deployments are not trivial things!
I also am an interviewer at Google. I did my 177th interview today. I think swillden covered most of the points. He isn't trying to claim that Google interviewers are perfect. Exactly the opposite - he's explaining (a) the process and (b) why interviews/interviewers might seem to suck at times.
Interviewing is hard, it's a skill that is difficult to learn and therefore many people don't have it. You really have to do a lot of interviews to get any good at it, and most companies don't hire a whole lot, so that's one reason why many interviewers at many firms are bad at it. Google has a different problem - it hires a whole lot, all the time, so the only way to scale that is to have lots of interviewers. The result is that some are very experienced and others are, frankly, not. Interview training also isn't as rigorous as I think it could be - I feel I mostly learned just by doing it, with the obvious negative implications for how candidates perceive Google.
I'm not going to try and defend colleagues who ask stupid questions like "why are manhole covers round?". These sorts of things aren't useful and these days, we strongly encourage people to not ask them. I've seen all kinds of interview questions be asked over the years here and it's rare, in my experience, to see questions like that. Especially in phone interviews, these days we try and select more experienced interviewers and also require actual code to be written. It is an actual requirement of the interview to write code, and it's quite hard to write any kind of interesting program in only 30-40 minutes, so I usually spend the whole interview on that.
There are a few comments above from people saying things like, well I'm a Java guy and I was asked to write a linked list in C, or I was a PHP guy and asked to do bit masking, so what's up with that? It used to be the case, and to some extent still is, that Google engineers are expected to be a jack of all trades. That is we try and avoid having "java guys" and "c++ guys". I work in a mix of languages and environments as part of my job and probably always will. I say "to some extent" because over time I think we have hired quite a few people who are mad elite JavaScript/Java jockeys, but aren't really comfortable with questions about how to tightly optimize an RPC stack - that's OK but interviewers at Google are typically given a lot of leeway to decide who they want to work with, and I usually expect people to have some kind of understanding of what happens inside a computer. I often give good scores to people who do not know C++ or are somewhat rusty, but I do expect somebody who is only familiar with Java (or C# which is close enough) to have a really deep understanding of things like the JVM, how it works, the costs of garbage collection and other standard constructs, etc. Even if you think you're only going to design nice AJAXy frontends because that's what you did for the last few years, it's very likely you will want a long career at Google and that means having the flexibility to work on "big iron" type systems as well as other things. Also, if you don't have some kind of knowledge about that, you'll probably write code that is several times more expensive to run than necessary (seen this quite a few times).
Because interviewers are given such a free reign in what they ask and how they score, other interviewers may well take a different approach or value different things. In particular if you're quite young (in terms of experience which usually means a new grad) we tend to accept intelligence, analytical ability and remembering CS theory in place of extensive programming experience.
Sandboxing applications isn't so bad, and I think this is correct and inevitable. The fear comes purely from the fact that Apple has historically been very abusive with its app store policies, they aren't there purely to ensure security but are also used to simply crush apps some Apple executive didn't like, eg the "no competition" clauses.
Given Apples flaky approach to app store approvals, it's not unexpected that many people see this as the end of the Mac as an open(ish) computing platform. Given there aren't very many platforms, Microsoft tends to follow Apples lead these days, and Linux has never overcome its problems to go mainstream - that's a cause for concern indeed.
The good news is that there is Android, which gets it right - strong app sandboxing with an opt out checkbox you can tick if you want to. And it's open source so even if it stops being right tomorrow (unlikely), it's still a strong foundation others could build off. The bad news is that Android does not run on laptops or desktop machines, and does not have the enormous collection of industrial-strength apps like Photoshop, Office etc that MacOS/Win32 does.
Yup, there is also a paper I wrote a while ago on delegated voting. Essentially you form a decision tree. Voters can delegate their vote to other people based on topic, with a "catch all" delegation of their local representative for anything that they don't take themselves or delegate to anyone else. It has the nice property that it can be implemented in a basically backwards compatible way - for people who don't care about politics nothing needs to change, but decisions have far more democratic legitimacy. Nobody can ever say their voice wasn't heard.
It seems to me that a P2P DNS alternative should act as nothing more than a P2P lookup of the already-existing and conventional DNS data. If enough people think that www.example.com resolves to 1.2.3.4, that's what it should resolve to under P2P DNS. There's no reason that a trust / reputation system couldn't do this, and still be secure to those people who trust nobody.
The issue is how you define "enough people" such that it's not trivially exploited by having a single guy rent a bunch of proxies. CPU time isn't a perfect substitute, but it's easier to steal IPs than CPU power (people tend to notice when their computer slows down and heats up). If you purely use signatures, you have to find some way of building that up so it's not dependent on a SPOF.
But I tend to think P2P DNS is not that useful. DNS is already distributed. If you don't like US policies, get a domain name in some other country. Moving your domain name but not the underlying servers solves nothing because then they'll just take your servers or your IP addresses. If you want/need full anonymity, Tor already provides a P2P secure DNS along with hiding of the underlying IP address. If you don't want that, regular DNS works ok.
Bitcoins are about as easy to steal as the contents of many commercial US bank accounts today, ie they are vulnerable to malware. The existing banking system hasn't solved this consistently, see Krebs on Security for an endless stream of stories about e-banking thefts. The difference is that Bitcoin has a bunch of features that can be used to make effective security, like multi-signed coins. It allows you to lock up coins such that n-of-m signatures are required, eg, from your PC and also your cell phone (2 factor authentication), or 2-of-3 for things like funds held by a group of business partners.
Because Bitcoin is an open protocol, with a remarkably flexible design, I think there'll be quite a bit of security related innovation over the next couple of years.
With regards to smart property, yes, it's kind of a sci-fi idea - but we are discussing alternatives to the existing, broken, semi-collapsed system aren't we? What do you expect, exactly? BTW to "collect the collateral" you can sell it again to a local buyer and take the funds. That 3rd party turns up and takes ownership of the car.
I doubt there'd be many fractional reserve Bitcoin banks because they'd be very unstable (cannot be bailed out).
But anyway, you're going along with the economic orthodoxy - the kind of thinking that got us into this mess in the first place. Is a slow fall in prices inherently bad? Economics is not a science because you can't do experiments. Instead it's based on trying to explain history with theories. The US Fed did a study of deflation and depressions which concluded this:
Are deation and depression empirically linked? No, concludes a broad historical study of ination and real
output growth rates. Deation and depression do seem to have been linked during the 1930s. But in the rest
of the data for 17 countries and more than 100 years, there is virtually no evidence of such a link.
Don't be fooled by neat arguments that contradict real-world experience. Here's a simpler example if you don't want to read the paper: if you wait 6 months, it's almost guaranteed you can get a better mobile phone for the same money as today. In effect there is strong deflationary pressure in this market, hoarding "gets you more". However people still buy mobile phones, because the value of having a phone today is more than the value of a better phone tomorrow.
Anyway, Bitcoin is scheduled to inflate at least a little bit until about 2140. At that point if some growing economy had fully adopted it, there'd be a slow decline in prices as more trade and services got mapped to the same quantity of coins (they have enough resolution that this is unlikely to cause inconvenience). I actually think this would lead to a more stable economy, because in a world where everyone is forced to invest their savings by the mathematics of inflation you unsurprisingly get groupthink and waves of asset bubbles (ie, in housing). This can cause havoc with peoples retirements. Being able to effectively invest in the growth of the economy as a whole by simply keeping your money safe is likely to lead to a fairer, more stable society over the long run.
The most fundamental aspect of Banks is the guarantee that any money you give them, is money you're going to get back, even if the bank goes bankrupt, you'll still get your money(up to a certain amount).
I agree that Bitcoin doesn't solve all issues that caused the recession, it is not a silver bullet. But Bitcoin does solve the issue of "will I get my money back" quite directly.
Think about what you just wrote. Why do you have to worry about whether your savings will randomly vanish due to no fault of your own? You say that banks "provide the guarantee that any money you give them, is money you'll get back" and then immediately admit that this very limited guarantee is actually provided by the government, which pays for it with bonds, which tend to be bought by central banks that inflate the currency in order to do so. This framework of guarantees and regulations is only necessary because banks spend your money (loan it out), then turn around and claim via your bank balance that they didn't.
Bitcoin solves this problem by letting you be your own bank. It's infeasible today because even if you want to live an entirely cash-based life (you don't), nobody else you interact with does. They want electronic payments via the banking system because cash is inconvenient. With Bitcoin, your "wallet" is just a file. It can be encrypted, secured, backed up however you like. You can pay somebody else to do it for you, or do it yourself, as you see fit. Think about that not just in consumer terms but from the perspective of a large business.
The other problem with living a cash-based life is that currencies inflate pretty fast. In the west we tend to think we have it good because we see only a compounded 2-4% inflation rate, but in some countries like Russia it is as high as 10% or even higher. All of these rates are pretty huge measured over a lifetime. Bitcoin is designed to enforce limited inflation. Right now its inflation rate is also very high (it's actually hyperinflating) but that rate is also fairly predictable over the long run.
People tend to see Bitcoin in terms of one problem or the other, ie, "that is a bad idea because when the banks need bailing you, you can't inflate Bitcoin to pay for it!" - except that you shouldn't be needing bank bailouts in a hypothetical Bitcoin economy because the only money that is invested is money you specifically chose to invest, knowing the risks. You are never 'forced' to invest merely through the act of depositing money.
Another criticism of a Bitcoin economy I see is that without banks, credit would be harder to obtain. But that isn't necessarily true. Minimizing trust through cryptography increases competition, and why not for credit as well? Think about how using smart property as collateral for a loan can bring about a quantum leap in the competitiveness of the credit markets.
At any rate, whilst it's fascinating to think about these topics, it's worth remembering that Bitcoin is an interesting exercise just as a payments system for the internet. It doesn't actually need to be adopted wholesale by a country in order to prove useful.
I think the outlines of a convincing alternative are coming into view.
The sources of the worlds current problems are complicated and messy. But there are two big themes.
One is that democracy increasingly feels undemocratic, a hobsons choice between two nearly identical sets of alternatives. Party democracy was for the longest time the only reasonable way of doing things, but modern technology offers us the potential for something better, namely delegated voting. By allowing people to automatically delegate their votes by topic, it gives decisions much greater democratic legitimacy and consequently reduces the power of "bad" lobbying (as opposed to "good" lobbying, ie, persuasion of the people through education and argument). This isn't directly related to the financial crisis. But societies current problems aren't purely about finance. They're about a feeling of powerlessness, a feeling that a small elite runs the show for their own benefit. And in the USA perhaps a feeling that politics is getting ever crazier and more influenced by lobbyists.
The other big theme is of course the financial system itself: how it seems to be constantly on the verge of collapse, how it went so wrong that the world entered recession and how nobody seems to have any ways to fix it. I know there are a lot of skeptics on Slashdot, but I think together Bitcoin and Ripple are the most concrete proposals for an alternative financial system. Banks and the financial system are so powerful today because they are trust aggregators and we cannot currently do without that, the result being that they cannot be allowed to fail. This results in the well known "moral hazard" - the profits are privatized but the risks are socialized, and nobody can opt out.
The underlying principle of Bitcoin is minimizing the need for trust. There's a lot more to Bitcoin than just sending and receiving payments. It's a complete framework for distributed contracts, an HTML of transactions if you will. The potential of the protocol is still being explored, but what's clear is that where previously you may have needed large, 'trustable' institutions to perform various kinds of of trades, now you can do them with cryptography instead. This in turn makes finance more competitive and thus democratic, by reducing the barriers to entry and allowing smaller lesser-known companies to compete on an equal footing. The 99% have a chance at doing the work of the 1%, which means the inequalities between finance and the rest of us should even out somewhat.
Are these proposals perfect? No. They are, however, concrete and specific ideas that can be debated on the details, rather than merely slogans to be thrown around.
You only have to profile the architecture one time, which this team has already done.
That's why I said, unless the team release everything, which hopefully they won't do. Cheap RFID cards vulnerable to power analysis? Is this really research worthy of public funding at all?
Or, there's an even simpler explanation: the attack in question is based on side-channel attacks that are not easy to exploit. From TFA:
It takes about seven hours to crack the security on one card and get its 112-bit encryption key, the researchers said. It only works if you've already spent months profiling the card's architecture, behavior and responses.
I think selling cards that aren't resistant to side channel attacks like this is a perfectly reasonable decision. Lots of hardware is vulnerable to this kind of ultra-intensive probing (eg, the Xbox).
Like anything in engineering, these cards boil down to a cost/benefit analysis. If you use these cards in your canteen, how likely are you to go up against a team of people who spend months doing blackbox analysis of the cards? If that isn't likely, it makes sense to save money.
I am not even sure this counts as a "crack". Unless the German team release absolutely everything, the basic analysis would have to be repeated by whoever wants to recreate the attack. If you have that much money and expertise, there are probably easier ways into a secure facility than hacking the door locks (eg, bribing/blackmailing someone on the inside).
But isn't wealth disparity just something stupid people complain about?
It's confusing because there are different causes of wealth disparity. People who work hard vs people who are lazy, for instance, doesn't tend to bother people a whole lot.
What we have today though is the case where some people are essentially privileged by the system. They aren't the beneficiaries of wealth disparity because they're smarter, or harder working, or even just luckier than everyone else. They're the beneficiaries because a broken system funnels wealth their way. It's this system that provokes civil unrest. It's not even the people - at some level, I think everyone understands that in theory they could be a banker, or a politician, or whatever. But in practice not everyone can be a part of that privileged elite.
Maybe you don't believe me that there is such a thing as unfair wealth disparity. Consider this. Somebody smarter than me has created an investment fund. It consistently outperforms the market. How do they do it? The fund tracks the investments of US Senators, in particular junior Democrats. It turns out that US politicians are largely exempt from the laws that make insider trading illegal. Unsurprisingly then, they do a lot of insider trading, and profit off that. By copying what they do, you can potentially get a little bit of that (unless of course everyone starts doing it). But why is this fair? One rule for them, one for the rest is the very often the foundation of civil unrest.
I sorely doubt that crytographic security and analysis will solve this problem. That part of Bitcoin's apparent wonder and magic won't solve anything. Tracing where the money goes won't solve the issue; it all goes to the same 1%. The money isn't being stolen to provide it to the 1%; consumers give it to them willingly.
I'm not sure I'd describe the money as handed over "willingly".
The system we have now is characterized by large bank bailouts, and massive amounts of new money being created in order to try and restart the economy. Consider the position of your average bank executive both before and after the bailout. Did you ever hear of a poor banker? I never did. It's notable that in big cities, the most central and most expensive property is often owned by banks. There's a good reason for this - in western societies pretty much everyone needs a bank. It's not optional.
At the most basic level landlords, electricity companies, water companies and so on won't accept bags of cash in payment, they want bank transfers. Cash is inconvenient, and governments attempt to make it moreso via anti money laundering laws.
Another reason is that the currencies we use today all suffer from grinding inflation. Most governments target around 2%. That sounds low, but it's compounded 2% every year. Over your lifetime the currency will if the targets are always met more than halve in value. In practice inflation will not be a solid 2% per year, some years it will be higher. This reality forces people to invest.
Intuitively you'd think that having worked for a lifetime, by the time you retire society would "owe you one" and those IOUs (in the form of savings) would be enough to get you through retirement. In practice your savings will have shrivelled up by the time you need them most, so you are forced to invest through pension funds, banks and other institutional investors. If those investment funds fail, you can have huge problems later on in life - which is what happened to my parents. This is the inevitable consequence of a currency that every year grows by more than the previous year. An entire society is forced to invest whether they like it or not, whether they're skilled or not - is it any wonder we seem to experience a never-ending series of bubbles? Economists even promote this as a good thing - they point to the massive misallocation of resources and claim it's productive activity!
Because banks are essentially aggregators of trust, and critical to societies functioning, there aren't very many of them and starting new banks is absurdly difficult: people won't trust a completely new bank, and part of the trust existing banks have comes from enormous piles of regulation that are very expensive to comply with. This is why people say bankers are a part of the 1% - short of being invited by that existing 1% to join them, via a job offer, your chances of reaching that position by your own hard work are close to zero. And if you're in the 99%, you have no choice but to let that 1% cream off the top.
So what about Bitcoin? In a hypothetical country that adopted Bitcoin as its national currency, there would probably still be bank-like entities. There would still be investment funds and so on. But some things would look very different. For one, financial services would be a far more competitive market because instead of having to trust brands that were built up over a period of decades you can trust mathematics instead. As a trivial example Bitcoin allows for dispute mediators (escrow services) who cannot steal/spend the payments they are mediating. You don't have to trust that a bitbank is fulfilling its reserve requirements (or trust that a government is watching them), you could audit them yourself. And because the currency would be stable (or at least inflating very slowly and predictably), it'd be quite feasible to save for the long term. Instead of desperately trying to find something (anything) that will "double your money", you could build up a retirement fund a little each year.
I work for Google on anti-hijacking and account security. The message you saw is very common. The cause is that there was an attempt to abuse your account to spam your friends. One of the popular tools that does this identifies itself to Gmail as various types of mobile phone, which is why it shows up as such in your account history. In fact, it's a regular program that runs on the desktop. No XSS involved.
In this case, it sounds like we detected the hijacking attempt, rejected the spam, sent your account to phone verification and forced you to choose a new password. This is a standard procedure for when we detect a hijack attempt at mail send time. We're getting better at stopping these attempts at login time using heuristics, so it'll become less common in future.
The USA is not a police state. However, these stories are concerning because of the direction they suggest. Not that dodgy government watchlists are new or somehow confined to the US, but they show what can happen when law enforcement powers are not kept in check.
The biggest problem with these sorts of lists is because there are no working checks or balances, they are very easily abused for political intimidation. Don't think that happens? Of course it happens. Democracies are based on the assumption that informed debate amongst citizens leads to better decisions. When the government gets hold of easily abused tools like blacklists, it's not surprising to find random people who merely oppose the policy of the day end up being targeted.
Hrmm. There are several parts of the FBIs story here that aren't internally consistent.
It's pretty well known by now thanks to Hollywood and TV shows that police can track mobile phones by triangulating signal strengths at different cell towers. Heck, phones do it themselves these days. The fixes can be fairly accurate in urban areas. There's no need for the phone to be making a call in order to be traced this way, because as the article points out, towers can talk to the phone any time they want.
Presumably, phone companies require a warrant of some kind before performing this type of trace. This leads me to wonder if fake base stations like the Stingray devices have any use at all beyond avoiding phone companies legal processes. I could buy the explanation that a fake base station lets you get slightly more accurate fixes on the phones location, except that apparently even with these devices the best they were able to get was to a particular apartment block and they had to do old fashioned detective work to get closer. "Nearest block" is about as good as modern smartphones can do by themselves.
There are a few other puzzlers in there. The government claim they can't reveal the devices capabilities without compromising future investigations, and then go on to state quite clearly that the devices can't intercept calls or data and that's why they don't feel they need a proper search warrant. This makes sense. Some kind of roving fake base station in an FBI van wouldn't be able to route calls successfully. And the GPRS/3G protocols don't terminate data encryption at the base station, but rather further back in the core network. But that implies the person being traced would be able to notice - if the data connection stops working, or calls fails to place, it could be a sign you're being traced. Time to switch the phone off. That could even be automated by a smartphone app. Is that trivial workaround what they're afraid of?
Another puzzler. The 3G/UMTS protocols have the handset authenticate the network exactly to protect against fake base station attacks. How does the StingRay device handle this? Presumably, the major networks have all been required to hand over their root keys/certs so the FBI can emulate them. It makes you wonder how secure these keys can really be, if there are cops running around with the keys inside a box. If one of these devices got lost or was somehow sold to the wrong people, how hard would a key rotation be? Presumably you'd have to replace the SIMs? Again, this seems like a lot of problems that could easily be avoided by tracing the target device with the direct co-operation of the phone companies.
I'd like to think there's a purely technical reason for the use of these things, but given the FBIs prevarication over exactly what kind of warrants they are getting, I'd be worried it's more a legal dodge.
No, that's stupid. What's dangerous is willfully breaking the law under the assumption you won't get caught. It's not like copyright laws are new or complicated. I've never met anyone who seriously thought sharing their music folder was legal, they all knew it wasn't and decided they didn't care.
Slashdot Mirror
That seems pretty sensible. The guy was making large sums of money by running a site that very clearly was designed for piracy. He wasn't some innocent middleman who was abused. He profited handsomely off piracy knowing full well copyright infringement was illegal, and is now being extradited for it.
I'm a Brit and think there are quite a few things wrong with the US/UK extradition treaties that are in place, but the judges ruling is easy to read and logically sound. What he did was an offence under UK law. It would not infringe his human rights to be tried abroad. So what's the big deal? My only concern with this is that the UK Govt didn't prosecute him itself.
Thanks for the reference. It results in only one hit, the story about Chris Dye, which appears to date from last month. The latest I could find is that he's been suspended, arrested, and posted bond whilst the investigation is ongoing. I couldn't find any reference to a judge dropping all charges, could you post that?
The fundamental issue here is that escrow doesn't work very well because you have to trust the escrow provider with the money, which means escrow providers need to be highly trusted. As any good escrow provider is almost by definition a specialist (in violins or whatever), they tend to not get the economies of scale you need to build trusted brand and thus are hard to find plus have high fees.
The ideal solution would be for payment processors to allow specialized dispute mediators to be nominated in a trade. If there is a dispute, the payment processor would go with the decision of the mediator, who would at no point have access to the underlying funds. Therefore the need for trust is radically reduced and the mediation market would become more liquid as a result.
Unfortunately this ideal solution is unlikely to happen because payment processing is a winner-takes-all market (they are "trusted middlemen"). PayPal has no real incentive to solve this problem because their customers have few alternatives. Interestingly, Bitcoin offers a solution to these problems, because it offers escrow protocols that allow for low-trust third parties. Briefly, buyers can lock coins to a 2-of-3 threshold signature (other mixes are possible) consisting of your key, the sellers key, and an escrow providers key. In the case of no dispute buyer and seller sign to release the coins. In the case of a dispute the escrow provider mediates and selects the winner. In no case can the escrow provider take the coins for themselves, therefore you need much less trust - you just need to believe they will arbitrate fairly, not that they will safely keep the escrowed money. Currently these protocols aren't fully implemented - the core support is there, but there's no GUI for it. Once that's done it could solve the violin sellers problem, because both buyer and seller could have selected a dispute mediator that specialized in antique musical instruments acceptable to both parties, and once the decision is made the payment becomes irreversible.
It's not about altruism, it's about longer term incentives. If Bitcoin fails to work properly because people hoard transactions then the worth of your own Bitcoin using business and stored value goes down.
There are plenty of other responses possible to this problem though, if it ever actually happens (nobody has observed people failing to relay transactions for profit today). One is to simply have rebroadcast nodes that don't verify transactions or blocks and thus are very cheap to run, which simply ensure good broadcast connectivity. Another is to accept that people, merchants in particular, have an incentive to get their transactions to as many miners as possible, and miners have incentives to get transactions, so it's very likely these people will find each other some way without relying on broadcast. Nothing in Bitcoin actually requires P2P broadcast of transactions, it's just convenient.
Yeah, hardly denial. Let me post my response to the thread here to make it more visible. The summary is that this is not a new argument, but the MSR researchers certainly went deeper into it than most people do. Long term broadcast/floodfill is likely to become less important for other reasons beyond nodes deciding not to relay (which is not a problem observed in practice).
It's rare to see companies take such a long term view of their business, but Comcast sure is doing it now. I know from seeing it being done at work, huge IPv6 deployments are not trivial things!
I also am an interviewer at Google. I did my 177th interview today. I think swillden covered most of the points. He isn't trying to claim that Google interviewers are perfect. Exactly the opposite - he's explaining (a) the process and (b) why interviews/interviewers might seem to suck at times.
Interviewing is hard, it's a skill that is difficult to learn and therefore many people don't have it. You really have to do a lot of interviews to get any good at it, and most companies don't hire a whole lot, so that's one reason why many interviewers at many firms are bad at it. Google has a different problem - it hires a whole lot, all the time, so the only way to scale that is to have lots of interviewers. The result is that some are very experienced and others are, frankly, not. Interview training also isn't as rigorous as I think it could be - I feel I mostly learned just by doing it, with the obvious negative implications for how candidates perceive Google.
I'm not going to try and defend colleagues who ask stupid questions like "why are manhole covers round?". These sorts of things aren't useful and these days, we strongly encourage people to not ask them. I've seen all kinds of interview questions be asked over the years here and it's rare, in my experience, to see questions like that. Especially in phone interviews, these days we try and select more experienced interviewers and also require actual code to be written. It is an actual requirement of the interview to write code, and it's quite hard to write any kind of interesting program in only 30-40 minutes, so I usually spend the whole interview on that.
There are a few comments above from people saying things like, well I'm a Java guy and I was asked to write a linked list in C, or I was a PHP guy and asked to do bit masking, so what's up with that? It used to be the case, and to some extent still is, that Google engineers are expected to be a jack of all trades. That is we try and avoid having "java guys" and "c++ guys". I work in a mix of languages and environments as part of my job and probably always will. I say "to some extent" because over time I think we have hired quite a few people who are mad elite JavaScript/Java jockeys, but aren't really comfortable with questions about how to tightly optimize an RPC stack - that's OK but interviewers at Google are typically given a lot of leeway to decide who they want to work with, and I usually expect people to have some kind of understanding of what happens inside a computer. I often give good scores to people who do not know C++ or are somewhat rusty, but I do expect somebody who is only familiar with Java (or C# which is close enough) to have a really deep understanding of things like the JVM, how it works, the costs of garbage collection and other standard constructs, etc. Even if you think you're only going to design nice AJAXy frontends because that's what you did for the last few years, it's very likely you will want a long career at Google and that means having the flexibility to work on "big iron" type systems as well as other things. Also, if you don't have some kind of knowledge about that, you'll probably write code that is several times more expensive to run than necessary (seen this quite a few times).
Because interviewers are given such a free reign in what they ask and how they score, other interviewers may well take a different approach or value different things. In particular if you're quite young (in terms of experience which usually means a new grad) we tend to accept intelligence, analytical ability and remembering CS theory in place of extensive programming experience.
Sandboxing applications isn't so bad, and I think this is correct and inevitable. The fear comes purely from the fact that Apple has historically been very abusive with its app store policies, they aren't there purely to ensure security but are also used to simply crush apps some Apple executive didn't like, eg the "no competition" clauses.
Given Apples flaky approach to app store approvals, it's not unexpected that many people see this as the end of the Mac as an open(ish) computing platform. Given there aren't very many platforms, Microsoft tends to follow Apples lead these days, and Linux has never overcome its problems to go mainstream - that's a cause for concern indeed.
The good news is that there is Android, which gets it right - strong app sandboxing with an opt out checkbox you can tick if you want to. And it's open source so even if it stops being right tomorrow (unlikely), it's still a strong foundation others could build off. The bad news is that Android does not run on laptops or desktop machines, and does not have the enormous collection of industrial-strength apps like Photoshop, Office etc that MacOS/Win32 does.
DuckDuckGo is essentially a bing scraper site.
Yes. Everyone is set up with a delegation to their local MP by default. So if you do absolutely nothing your vote is cast the same way as today.
Delegation is recursive, which vote would be considered for the next level in the chain?
Yup, there is also a paper I wrote a while ago on delegated voting. Essentially you form a decision tree. Voters can delegate their vote to other people based on topic, with a "catch all" delegation of their local representative for anything that they don't take themselves or delegate to anyone else. It has the nice property that it can be implemented in a basically backwards compatible way - for people who don't care about politics nothing needs to change, but decisions have far more democratic legitimacy. Nobody can ever say their voice wasn't heard.
The issue is how you define "enough people" such that it's not trivially exploited by having a single guy rent a bunch of proxies. CPU time isn't a perfect substitute, but it's easier to steal IPs than CPU power (people tend to notice when their computer slows down and heats up). If you purely use signatures, you have to find some way of building that up so it's not dependent on a SPOF.
But I tend to think P2P DNS is not that useful. DNS is already distributed. If you don't like US policies, get a domain name in some other country. Moving your domain name but not the underlying servers solves nothing because then they'll just take your servers or your IP addresses. If you want/need full anonymity, Tor already provides a P2P secure DNS along with hiding of the underlying IP address. If you don't want that, regular DNS works ok.
See my other post below for deflation.
Bitcoins are about as easy to steal as the contents of many commercial US bank accounts today, ie they are vulnerable to malware. The existing banking system hasn't solved this consistently, see Krebs on Security for an endless stream of stories about e-banking thefts. The difference is that Bitcoin has a bunch of features that can be used to make effective security, like multi-signed coins. It allows you to lock up coins such that n-of-m signatures are required, eg, from your PC and also your cell phone (2 factor authentication), or 2-of-3 for things like funds held by a group of business partners.
Because Bitcoin is an open protocol, with a remarkably flexible design, I think there'll be quite a bit of security related innovation over the next couple of years.
With regards to smart property, yes, it's kind of a sci-fi idea - but we are discussing alternatives to the existing, broken, semi-collapsed system aren't we? What do you expect, exactly? BTW to "collect the collateral" you can sell it again to a local buyer and take the funds. That 3rd party turns up and takes ownership of the car.
I doubt there'd be many fractional reserve Bitcoin banks because they'd be very unstable (cannot be bailed out).
But anyway, you're going along with the economic orthodoxy - the kind of thinking that got us into this mess in the first place. Is a slow fall in prices inherently bad? Economics is not a science because you can't do experiments. Instead it's based on trying to explain history with theories. The US Fed did a study of deflation and depressions which concluded this:
Don't be fooled by neat arguments that contradict real-world experience. Here's a simpler example if you don't want to read the paper: if you wait 6 months, it's almost guaranteed you can get a better mobile phone for the same money as today. In effect there is strong deflationary pressure in this market, hoarding "gets you more". However people still buy mobile phones, because the value of having a phone today is more than the value of a better phone tomorrow.
Anyway, Bitcoin is scheduled to inflate at least a little bit until about 2140. At that point if some growing economy had fully adopted it, there'd be a slow decline in prices as more trade and services got mapped to the same quantity of coins (they have enough resolution that this is unlikely to cause inconvenience). I actually think this would lead to a more stable economy, because in a world where everyone is forced to invest their savings by the mathematics of inflation you unsurprisingly get groupthink and waves of asset bubbles (ie, in housing). This can cause havoc with peoples retirements. Being able to effectively invest in the growth of the economy as a whole by simply keeping your money safe is likely to lead to a fairer, more stable society over the long run.
I agree that Bitcoin doesn't solve all issues that caused the recession, it is not a silver bullet. But Bitcoin does solve the issue of "will I get my money back" quite directly.
Think about what you just wrote. Why do you have to worry about whether your savings will randomly vanish due to no fault of your own? You say that banks "provide the guarantee that any money you give them, is money you'll get back" and then immediately admit that this very limited guarantee is actually provided by the government, which pays for it with bonds, which tend to be bought by central banks that inflate the currency in order to do so. This framework of guarantees and regulations is only necessary because banks spend your money (loan it out), then turn around and claim via your bank balance that they didn't.
Bitcoin solves this problem by letting you be your own bank. It's infeasible today because even if you want to live an entirely cash-based life (you don't), nobody else you interact with does. They want electronic payments via the banking system because cash is inconvenient. With Bitcoin, your "wallet" is just a file. It can be encrypted, secured, backed up however you like. You can pay somebody else to do it for you, or do it yourself, as you see fit. Think about that not just in consumer terms but from the perspective of a large business.
The other problem with living a cash-based life is that currencies inflate pretty fast. In the west we tend to think we have it good because we see only a compounded 2-4% inflation rate, but in some countries like Russia it is as high as 10% or even higher. All of these rates are pretty huge measured over a lifetime. Bitcoin is designed to enforce limited inflation. Right now its inflation rate is also very high (it's actually hyperinflating) but that rate is also fairly predictable over the long run.
People tend to see Bitcoin in terms of one problem or the other, ie, "that is a bad idea because when the banks need bailing you, you can't inflate Bitcoin to pay for it!" - except that you shouldn't be needing bank bailouts in a hypothetical Bitcoin economy because the only money that is invested is money you specifically chose to invest, knowing the risks. You are never 'forced' to invest merely through the act of depositing money.
Another criticism of a Bitcoin economy I see is that without banks, credit would be harder to obtain. But that isn't necessarily true. Minimizing trust through cryptography increases competition, and why not for credit as well? Think about how using smart property as collateral for a loan can bring about a quantum leap in the competitiveness of the credit markets.
At any rate, whilst it's fascinating to think about these topics, it's worth remembering that Bitcoin is an interesting exercise just as a payments system for the internet. It doesn't actually need to be adopted wholesale by a country in order to prove useful.
I think the outlines of a convincing alternative are coming into view.
The sources of the worlds current problems are complicated and messy. But there are two big themes.
One is that democracy increasingly feels undemocratic, a hobsons choice between two nearly identical sets of alternatives. Party democracy was for the longest time the only reasonable way of doing things, but modern technology offers us the potential for something better, namely delegated voting. By allowing people to automatically delegate their votes by topic, it gives decisions much greater democratic legitimacy and consequently reduces the power of "bad" lobbying (as opposed to "good" lobbying, ie, persuasion of the people through education and argument). This isn't directly related to the financial crisis. But societies current problems aren't purely about finance. They're about a feeling of powerlessness, a feeling that a small elite runs the show for their own benefit. And in the USA perhaps a feeling that politics is getting ever crazier and more influenced by lobbyists.
The other big theme is of course the financial system itself: how it seems to be constantly on the verge of collapse, how it went so wrong that the world entered recession and how nobody seems to have any ways to fix it. I know there are a lot of skeptics on Slashdot, but I think together Bitcoin and Ripple are the most concrete proposals for an alternative financial system. Banks and the financial system are so powerful today because they are trust aggregators and we cannot currently do without that, the result being that they cannot be allowed to fail. This results in the well known "moral hazard" - the profits are privatized but the risks are socialized, and nobody can opt out.
The underlying principle of Bitcoin is minimizing the need for trust. There's a lot more to Bitcoin than just sending and receiving payments. It's a complete framework for distributed contracts, an HTML of transactions if you will. The potential of the protocol is still being explored, but what's clear is that where previously you may have needed large, 'trustable' institutions to perform various kinds of of trades, now you can do them with cryptography instead. This in turn makes finance more competitive and thus democratic, by reducing the barriers to entry and allowing smaller lesser-known companies to compete on an equal footing. The 99% have a chance at doing the work of the 1%, which means the inequalities between finance and the rest of us should even out somewhat.
Are these proposals perfect? No. They are, however, concrete and specific ideas that can be debated on the details, rather than merely slogans to be thrown around.
That's why I said, unless the team release everything, which hopefully they won't do. Cheap RFID cards vulnerable to power analysis? Is this really research worthy of public funding at all?
I think selling cards that aren't resistant to side channel attacks like this is a perfectly reasonable decision. Lots of hardware is vulnerable to this kind of ultra-intensive probing (eg, the Xbox).
Like anything in engineering, these cards boil down to a cost/benefit analysis. If you use these cards in your canteen, how likely are you to go up against a team of people who spend months doing blackbox analysis of the cards? If that isn't likely, it makes sense to save money.
I am not even sure this counts as a "crack". Unless the German team release absolutely everything, the basic analysis would have to be repeated by whoever wants to recreate the attack. If you have that much money and expertise, there are probably easier ways into a secure facility than hacking the door locks (eg, bribing/blackmailing someone on the inside).
It's confusing because there are different causes of wealth disparity. People who work hard vs people who are lazy, for instance, doesn't tend to bother people a whole lot.
What we have today though is the case where some people are essentially privileged by the system. They aren't the beneficiaries of wealth disparity because they're smarter, or harder working, or even just luckier than everyone else. They're the beneficiaries because a broken system funnels wealth their way. It's this system that provokes civil unrest. It's not even the people - at some level, I think everyone understands that in theory they could be a banker, or a politician, or whatever. But in practice not everyone can be a part of that privileged elite.
Maybe you don't believe me that there is such a thing as unfair wealth disparity. Consider this. Somebody smarter than me has created an investment fund. It consistently outperforms the market. How do they do it? The fund tracks the investments of US Senators, in particular junior Democrats. It turns out that US politicians are largely exempt from the laws that make insider trading illegal. Unsurprisingly then, they do a lot of insider trading, and profit off that. By copying what they do, you can potentially get a little bit of that (unless of course everyone starts doing it). But why is this fair? One rule for them, one for the rest is the very often the foundation of civil unrest.
I'm not sure I'd describe the money as handed over "willingly".
The system we have now is characterized by large bank bailouts, and massive amounts of new money being created in order to try and restart the economy. Consider the position of your average bank executive both before and after the bailout. Did you ever hear of a poor banker? I never did. It's notable that in big cities, the most central and most expensive property is often owned by banks. There's a good reason for this - in western societies pretty much everyone needs a bank. It's not optional.
At the most basic level landlords, electricity companies, water companies and so on won't accept bags of cash in payment, they want bank transfers. Cash is inconvenient, and governments attempt to make it moreso via anti money laundering laws.
Another reason is that the currencies we use today all suffer from grinding inflation. Most governments target around 2%. That sounds low, but it's compounded 2% every year. Over your lifetime the currency will if the targets are always met more than halve in value. In practice inflation will not be a solid 2% per year, some years it will be higher. This reality forces people to invest.
Intuitively you'd think that having worked for a lifetime, by the time you retire society would "owe you one" and those IOUs (in the form of savings) would be enough to get you through retirement. In practice your savings will have shrivelled up by the time you need them most, so you are forced to invest through pension funds, banks and other institutional investors. If those investment funds fail, you can have huge problems later on in life - which is what happened to my parents. This is the inevitable consequence of a currency that every year grows by more than the previous year. An entire society is forced to invest whether they like it or not, whether they're skilled or not - is it any wonder we seem to experience a never-ending series of bubbles? Economists even promote this as a good thing - they point to the massive misallocation of resources and claim it's productive activity!
Because banks are essentially aggregators of trust, and critical to societies functioning, there aren't very many of them and starting new banks is absurdly difficult: people won't trust a completely new bank, and part of the trust existing banks have comes from enormous piles of regulation that are very expensive to comply with. This is why people say bankers are a part of the 1% - short of being invited by that existing 1% to join them, via a job offer, your chances of reaching that position by your own hard work are close to zero. And if you're in the 99%, you have no choice but to let that 1% cream off the top.
So what about Bitcoin? In a hypothetical country that adopted Bitcoin as its national currency, there would probably still be bank-like entities. There would still be investment funds and so on. But some things would look very different. For one, financial services would be a far more competitive market because instead of having to trust brands that were built up over a period of decades you can trust mathematics instead. As a trivial example Bitcoin allows for dispute mediators (escrow services) who cannot steal/spend the payments they are mediating. You don't have to trust that a bitbank is fulfilling its reserve requirements (or trust that a government is watching them), you could audit them yourself. And because the currency would be stable (or at least inflating very slowly and predictably), it'd be quite feasible to save for the long term. Instead of desperately trying to find something (anything) that will "double your money", you could build up a retirement fund a little each year.
I work for Google on anti-hijacking and account security. The message you saw is very common. The cause is that there was an attempt to abuse your account to spam your friends. One of the popular tools that does this identifies itself to Gmail as various types of mobile phone, which is why it shows up as such in your account history. In fact, it's a regular program that runs on the desktop. No XSS involved.
In this case, it sounds like we detected the hijacking attempt, rejected the spam, sent your account to phone verification and forced you to choose a new password. This is a standard procedure for when we detect a hijack attempt at mail send time. We're getting better at stopping these attempts at login time using heuristics, so it'll become less common in future.
The USA is not a police state. However, these stories are concerning because of the direction they suggest. Not that dodgy government watchlists are new or somehow confined to the US, but they show what can happen when law enforcement powers are not kept in check.
The biggest problem with these sorts of lists is because there are no working checks or balances, they are very easily abused for political intimidation. Don't think that happens? Of course it happens. Democracies are based on the assumption that informed debate amongst citizens leads to better decisions. When the government gets hold of easily abused tools like blacklists, it's not surprising to find random people who merely oppose the policy of the day end up being targeted.
Hrmm. There are several parts of the FBIs story here that aren't internally consistent.
It's pretty well known by now thanks to Hollywood and TV shows that police can track mobile phones by triangulating signal strengths at different cell towers. Heck, phones do it themselves these days. The fixes can be fairly accurate in urban areas. There's no need for the phone to be making a call in order to be traced this way, because as the article points out, towers can talk to the phone any time they want.
Presumably, phone companies require a warrant of some kind before performing this type of trace. This leads me to wonder if fake base stations like the Stingray devices have any use at all beyond avoiding phone companies legal processes. I could buy the explanation that a fake base station lets you get slightly more accurate fixes on the phones location, except that apparently even with these devices the best they were able to get was to a particular apartment block and they had to do old fashioned detective work to get closer. "Nearest block" is about as good as modern smartphones can do by themselves.
There are a few other puzzlers in there. The government claim they can't reveal the devices capabilities without compromising future investigations, and then go on to state quite clearly that the devices can't intercept calls or data and that's why they don't feel they need a proper search warrant. This makes sense. Some kind of roving fake base station in an FBI van wouldn't be able to route calls successfully. And the GPRS/3G protocols don't terminate data encryption at the base station, but rather further back in the core network. But that implies the person being traced would be able to notice - if the data connection stops working, or calls fails to place, it could be a sign you're being traced. Time to switch the phone off. That could even be automated by a smartphone app. Is that trivial workaround what they're afraid of?
Another puzzler. The 3G/UMTS protocols have the handset authenticate the network exactly to protect against fake base station attacks. How does the StingRay device handle this? Presumably, the major networks have all been required to hand over their root keys/certs so the FBI can emulate them. It makes you wonder how secure these keys can really be, if there are cops running around with the keys inside a box. If one of these devices got lost or was somehow sold to the wrong people, how hard would a key rotation be? Presumably you'd have to replace the SIMs? Again, this seems like a lot of problems that could easily be avoided by tracing the target device with the direct co-operation of the phone companies.
I'd like to think there's a purely technical reason for the use of these things, but given the FBIs prevarication over exactly what kind of warrants they are getting, I'd be worried it's more a legal dodge.
No, that's stupid. What's dangerous is willfully breaking the law under the assumption you won't get caught. It's not like copyright laws are new or complicated. I've never met anyone who seriously thought sharing their music folder was legal, they all knew it wasn't and decided they didn't care.