* Profile a specific target's electricity use (discussed above) * Cut off power at a specific time (discussed above) * Get the meter to report slightly higher usage than actual, to defraud the customer * Get the meter to report slightly lower usage than actual, to defraud the electricity company (or for the lulz) * Get the meter (or many meters) to report obviously false readings to lower consumer confidence in the devices, cost the electricity companies lots of money, to raise awareness that such devices can be hacked, or just for the lulz * Other reasons???
Note to anyone even thinking about hacking a meter without permission of all affected parties: Don't. Not only is it almost certainly a crime, it's just bad form. It's also probably not so hard that anyone over the age of 14 will think "d00d, that guy has skillz" when your "hack" becomes public. More likely, people will think "dude, that was lame." If you really want to hack an electric meter, buy one, hook it up to your testbed environment (you DO have a testbed environment, right? right???) and hack away.
Just wait 10-20 years and commercial quantum-computers will be common enough that the key can be re-created and the data recovered. So if you have been hit by "ransomware," clone the disk and put both copies in a closet somewhere. Every year or two, copy the disk again.
In 5-10 years police agencies will admit to having such technology and people who committed serious crimes since the "Five Eyes" started sucking down as much of the Internet as they can and who have successfully evaded detection due to strong encryption may find themselves getting that "knock on the door."
Criminals who are very high-profile targets (think: Terrorism, top drug lords, etc.), they national police agencies either already have the ability to go back and decrypt all past recorded traffic and previously-seized computers or they will have it within a year or two, assuming the encryption is the kind that is in common use today (e.g. https: or PGP-like encryption with reasonable, not super-long key lengths). As to whether the police will admit to having this capability before the decade is out is an open question. If they don't, they'll either have to delay arresting people or cook up some form of parallel construction to make their case.
By the way, watch your national governments - if they haven't done so already they will try to eliminate or greatly extend statutes of limitation for the kinds of crimes associated with encryption, starting with those that are most scary to the public such as anything related to terrorism, high-level drug trafficking, and human trafficking. Or, instead of trying to generally extend/eliminate the statute of limitations, they may change the law to suspend the clock when encryption is used, so the time it takes from the day the evidence is seized or sniffed to the day it is decrypted doesn't "count."
Or: This is somewhat true now and it was somewhat true generations ago.
I don't know about Brits, but two generations ago most American kids didn't learn how to diagnose and repair mechanical equipment beyond an obvious simple thing like a broken bolt or using Elmer's Wood Glue and clamps to repair wood furniture. Yes, they still taught "shop class" and "home economics" but they weren't required like it was in the 50s or 60s.
Repairing a lawnmower engine or the non-integrated-circuit inside parts of a 1970s television or radio? Fuggetaboutit, that's what repair shops are for.
Today, most high school graduates either have or - by using Google - could figure out how to safely and effectively replace a light switch, repair a broken kitchen sink knob, replace (but not repair) a broken garbage disposal without calling a plumber, or assemble a "some assembly required" bookshelf.
But, like those who grew up in the 70s, only a few could handle more complex repairs.
Then of course there are things that fall in the "No Reassemble" category - once they are broken, you can't fix them without specialized tools and/or advance training. Integrated circuits and most things made out of thin glass like light bulbs fall into this category. I would also put surface-mount-technology computer boards in this category even though in theory you can repair these without specialized training or tools, in practical terms it's rarely cost-effective.
The cynic in me is betting that if they vote "yes" on anything, it will be some watered-down or even totally-hijacked notion of "net neutrality" that isn't what anyone outside of "anti-net-neutrality" special-interest-groups want.
Since there are so many eyeballs watching this right now though, the "anti-net-neutrality" groups may realize they can't push through a "compromise" so they will use other methods to see that this gets voted down. A politically easy way would be to get the language changed to favor them knowing that this will lead to the whole issue being voted down, which would suit their needs just fine.
Businesses likely to be targets of attacks can contract with their ISP to sort traffic into "likely BAD, PRESUMED BAD, likely GOOD, and BLOCKED BY CUSTOMER".
Traffic from an IP that has been BLOCKED BY CUSTOMER or PRESUMED BAD doesn't get through until the block expires. Depending on the customer's needs this may result in a silent block, a "busy, try again later" protocol-level error message, or a human-readable error message such as an ISP-displayed web page saying "the site you are reaching is not accepting connections from you now, try again after 15 minutes."
Likely BAD traffic gets blocked AND the sending IP gets added to a "PRESUMED BAD" list for the next few minutes (pick an arbitrary time).
Good traffic gets through, but if the customer recognizes it as bad, it can tell the ISP that this IP address (or range) is BLOCKED BY CUSTOMER for a period of time.
This isn't cheap for the customer or his ISP, but it won't require changes by anyone else. Because it isn't cheap, it won't help the "little guy" who can't afford such protection.
As an add-on, ISPs can report "bad" sites to a central "reputation clearinghouse" and once the "bad-ness" of a particular IP gets high enough (which will happen if a botnet member is attacking multiple victims), the clearinghouse can fire off a letter to the IP's ISP. If an IP is "chronically very bad" the IP address can be added to a blacklist made available to all ISPs.
Of course, this won't work as well if the IP is spoofed, so it may only work in conjunction with anti-IP-spoofing measures already talked about in this thread.
I put this in the same category as Kim Jong Un - assuming it was North Korea behind the Sony attack, both did something bad that caused a lot of pain but in the end something good came out of both.
Precious metals typically have value for industrial, medical, and aesthetic reasons. This value may have nothing to do with their market price (aluminum is MORE valuable in industry now than it was 200 years ago in large part because the cost of making it into a useful form and therefore its market price plummeted).
Base metals and paper also have some intrinsic value, albeit very small. Base metals make good paperweights, and paper/cloth money can be burned as fuel. I've head that Post-WWI German Marks made good decorative wallpaper, and the recently (a few years back) de-monetized Zimbabwe $Million+ notes are sold as souvenirs for well under $10(USD).
E-currencies and for that matter ledger-entry fiat currencies, not so much.
Your main point about BC and the like being a medium of exchange rather than a store of value is spot-on but your details are dangerously wrong:
1) There are, or at least in principle can be, transaction fees in BitCoin. Once all coins are mined, there WILL be transfer fees. However they will be miniscule compared to the 1%+ that most banks charge.
2) The responsibility to report transactions to the government generally doesn't change if you use BitCoin or some other vehicle as an intermediary. It may make it APPEAR to be a non-reportable transaction and it may make it PRACTICALLY easier to violate the law without getting caught, but once it is brought to a prosecutor's or court's attention they will see tax-evasion for what it is.
Anyone using BC as a way to avoid paperwork and bank fees needs to know the law and make sure that there is absolutely no reason for any gung-ho prosecutor who becomes aware of the transaction to think that the person is violating any tax, money-laundering, financial-reporting, or other laws.
Once information has appeared in a public place anywhere, it's almost impossible to prevent it from being available ANYWHERE.
Sure, there are cases where the information seems so un-interesting that nobody will bother to copy it before the state manages to seize all copies of it. There are also cases where loyalty to the state (or employer, or church, or fraternity) is so strong that thousands of trusted people may have copies but they won't distribute them and you (the state/employer/church/fraternity officials) know it.
There are also cases where fear of even possessing the information (plus the fact that most people simply wouldn't want to possess it) means the state has a much easier time keeping track of those who are both un-afraid and who might actually want to possess it (classic example from country that generally values free speech but makes a few exceptions: child porn).
Other that these and a few other edge cases, once something is published it's pointless for a country that claims to value free speech to try to declare it a "secret after the fact." Unless of course the point is disabuse your citizens and the world of the idea that you (the state) value free speech, in which case go right ahead, you'll soon achieve your goal.
Step 1: Sign your own cert(s). Step 1b (optional): Use certs signed in step 1 to sign additional certs. Step 2: Publish the hash of the certs in step 1 in one or more widely-printed, widely-available newspapers or magazines. Step 3: On your web site host installable copies of all certs made in steps 1 and 1b, text and photographic copies of the printed hashes from step 2, and instructions on where to find copies of these publications (e.g. "go to your local library and look up XYZ newspaper dated DATE MONTH YEAR and go to section X page P and look in the 2nd column about 2 inches down").
While most people won't go to the trouble of going to the library, the fact that it is fairly easily check-able by people with access to a big-city library will make it that much more difficult for someone to launch a MITM attack without being caught. Not impossible, just much more difficult.
It makes sense: encryption without authentication is useless, as the browser gets a secure channel to talk with an unidentified peer. It can be your server, it can also be a man in the middle, there is no way to tell.
You mean other than manually comparing the certificate against a known-good copy you previously obtained through a trusted channel then telling your web browser to memorize it as a known-good certificate?
I don't remember the last time I saw so many members of the 3-digit club in one not-too-long (yet) sub-thread, but it was probably in Bush the 43rd's first term.
Research Highlights How a Deep Neural Network Trained With Deep Learning Sees and How It Knows What It's Looking At
There, fixed that for you.
Why is using the term "AI" wrong in this headline? #001: Because industry experts don't agree on what AI is #010: Because most of the definitions of AI are much broader than what the article is talking about #011: Because at least one definition of AI says something like "if it exists today, it's not AI" - including "beyond the capability of current computers" or something similar as a defining condition of the term "AI"
I had my "obvious/subtle/totally-deadpan" posting filter set too far to the "deadpan" end of things. To anyone who mis-took me for a conspiracy theorist, I apologize for being too deadpan.
Apple can disable software remotely for security reasons but iOS itself cannot install software without asking the user.
Unless Apple disables the software that prevents iOS from installing software without the user. This function would only be used for security reasons of course.
Slashdot Mirror
How about a device that listens for the dryer buzz and when it hears it, buzzes with a slightly different sound.
Put a few of these around your house and you'll be able to "hear" the dryer buzz without using any radio spectrum or signal-transmission wires.
Direct solar = almost immediate use of the sun's energy.
Direct wind = storing the sun's energy for minutes, hours, or days, occasionally longer
Solar or wind + electric-company's battery/supercapacitor/hot-water/other-short-term storage = storing the sun or wind for a day or so.
Corn/grass ethonol = storing the sun for a few weeks or months.
Tree ethonol = storing the sun for a few years/decades.
Peat fuel = storing the sun for a few decades to millenia.
Most fossil fuels = storing the sun for 10,000-1,000,000,000 years give or take
* Profile a specific target's electricity use (discussed above)
* Cut off power at a specific time (discussed above)
* Get the meter to report slightly higher usage than actual, to defraud the customer
* Get the meter to report slightly lower usage than actual, to defraud the electricity company (or for the lulz)
* Get the meter (or many meters) to report obviously false readings to lower consumer confidence in the devices, cost the electricity companies lots of money, to raise awareness that such devices can be hacked, or just for the lulz
* Other reasons???
Note to anyone even thinking about hacking a meter without permission of all affected parties: Don't. Not only is it almost certainly a crime, it's just bad form. It's also probably not so hard that anyone over the age of 14 will think "d00d, that guy has skillz" when your "hack" becomes public. More likely, people will think "dude, that was lame." If you really want to hack an electric meter, buy one, hook it up to your testbed environment (you DO have a testbed environment, right? right???) and hack away.
So you're willing to wait 20 years to find how much money is in your pension fund, bank account,
Actually, I was thinking of the family photo collection. Those baby pictures of your kids will still be valuable by the time you have grandchildren.
Best advice is GET THE HELL OFF WINDOWS
Nobody has remotely hacked by abacus. That I know of. Yet.
Just wait 10-20 years and commercial quantum-computers will be common enough that the key can be re-created and the data recovered. So if you have been hit by "ransomware," clone the disk and put both copies in a closet somewhere. Every year or two, copy the disk again.
In 5-10 years police agencies will admit to having such technology and people who committed serious crimes since the "Five Eyes" started sucking down as much of the Internet as they can and who have successfully evaded detection due to strong encryption may find themselves getting that "knock on the door."
Criminals who are very high-profile targets (think: Terrorism, top drug lords, etc.), they national police agencies either already have the ability to go back and decrypt all past recorded traffic and previously-seized computers or they will have it within a year or two, assuming the encryption is the kind that is in common use today (e.g. https: or PGP-like encryption with reasonable, not super-long key lengths). As to whether the police will admit to having this capability before the decade is out is an open question. If they don't, they'll either have to delay arresting people or cook up some form of parallel construction to make their case.
By the way, watch your national governments - if they haven't done so already they will try to eliminate or greatly extend statutes of limitation for the kinds of crimes associated with encryption, starting with those that are most scary to the public such as anything related to terrorism, high-level drug trafficking, and human trafficking. Or, instead of trying to generally extend/eliminate the statute of limitations, they may change the law to suspend the clock when encryption is used, so the time it takes from the day the evidence is seized or sniffed to the day it is decrypted doesn't "count."
Or: This is somewhat true now and it was somewhat true generations ago.
I don't know about Brits, but two generations ago most American kids didn't learn how to diagnose and repair mechanical equipment beyond an obvious simple thing like a broken bolt or using Elmer's Wood Glue and clamps to repair wood furniture. Yes, they still taught "shop class" and "home economics" but they weren't required like it was in the 50s or 60s.
Repairing a lawnmower engine or the non-integrated-circuit inside parts of a 1970s television or radio? Fuggetaboutit, that's what repair shops are for.
Today, most high school graduates either have or - by using Google - could figure out how to safely and effectively replace a light switch, repair a broken kitchen sink knob, replace (but not repair) a broken garbage disposal without calling a plumber, or assemble a "some assembly required" bookshelf.
But, like those who grew up in the 70s, only a few could handle more complex repairs.
Then of course there are things that fall in the "No Reassemble" category - once they are broken, you can't fix them without specialized tools and/or advance training. Integrated circuits and most things made out of thin glass like light bulbs fall into this category. I would also put surface-mount-technology computer boards in this category even though in theory you can repair these without specialized training or tools, in practical terms it's rarely cost-effective.
The cynic in me is betting that if they vote "yes" on anything, it will be some watered-down or even totally-hijacked notion of "net neutrality" that isn't what anyone outside of "anti-net-neutrality" special-interest-groups want.
Since there are so many eyeballs watching this right now though, the "anti-net-neutrality" groups may realize they can't push through a "compromise" so they will use other methods to see that this gets voted down. A politically easy way would be to get the language changed to favor them knowing that this will lead to the whole issue being voted down, which would suit their needs just fine.
It's lacking a notion of virtual hosts
That's a major reason right there. There was a time when some web servers couldn't do virtual hosts with https: well or at all.
That, and the usual reasons why HTTPS etc. aren't used more (server-side overhead, etc.).
Businesses likely to be targets of attacks can contract with their ISP to sort traffic into "likely BAD, PRESUMED BAD, likely GOOD, and BLOCKED BY CUSTOMER".
Traffic from an IP that has been BLOCKED BY CUSTOMER or PRESUMED BAD doesn't get through until the block expires. Depending on the customer's needs this may result in a silent block, a "busy, try again later" protocol-level error message, or a human-readable error message such as an ISP-displayed web page saying "the site you are reaching is not accepting connections from you now, try again after 15 minutes."
Likely BAD traffic gets blocked AND the sending IP gets added to a "PRESUMED BAD" list for the next few minutes (pick an arbitrary time).
Good traffic gets through, but if the customer recognizes it as bad, it can tell the ISP that this IP address (or range) is BLOCKED BY CUSTOMER for a period of time.
This isn't cheap for the customer or his ISP, but it won't require changes by anyone else. Because it isn't cheap, it won't help the "little guy" who can't afford such protection.
As an add-on, ISPs can report "bad" sites to a central "reputation clearinghouse" and once the "bad-ness" of a particular IP gets high enough (which will happen if a botnet member is attacking multiple victims), the clearinghouse can fire off a letter to the IP's ISP. If an IP is "chronically very bad" the IP address can be added to a blacklist made available to all ISPs.
Of course, this won't work as well if the IP is spoofed, so it may only work in conjunction with anti-IP-spoofing measures already talked about in this thread.
I put this in the same category as Kim Jong Un - assuming it was North Korea behind the Sony attack, both did something bad that caused a lot of pain but in the end something good came out of both.
... for the can blend in with the mundanes.
Assuming A. != Adolf, I still call shenanigans.
First, in practical terms the US dollar was not a fiat currency in 1941, as its value was tied to that of both gold and silver.
Second, the word "cryptocurrency" wasn't around then either.
Unless of course you are using a different calendaring system, in which case I invite you to convert the date into conventional (BCE/AD) terms.
Precious metals typically have value for industrial, medical, and aesthetic reasons. This value may have nothing to do with their market price (aluminum is MORE valuable in industry now than it was 200 years ago in large part because the cost of making it into a useful form and therefore its market price plummeted).
Base metals and paper also have some intrinsic value, albeit very small. Base metals make good paperweights, and paper/cloth money can be burned as fuel. I've head that Post-WWI German Marks made good decorative wallpaper, and the recently (a few years back) de-monetized Zimbabwe $Million+ notes are sold as souvenirs for well under $10(USD).
E-currencies and for that matter ledger-entry fiat currencies, not so much.
Your main point about BC and the like being a medium of exchange rather than a store of value is spot-on but your details are dangerously wrong:
1) There are, or at least in principle can be, transaction fees in BitCoin. Once all coins are mined, there WILL be transfer fees. However they will be miniscule compared to the 1%+ that most banks charge.
2) The responsibility to report transactions to the government generally doesn't change if you use BitCoin or some other vehicle as an intermediary. It may make it APPEAR to be a non-reportable transaction and it may make it PRACTICALLY easier to violate the law without getting caught, but once it is brought to a prosecutor's or court's attention they will see tax-evasion for what it is.
Anyone using BC as a way to avoid paperwork and bank fees needs to know the law and make sure that there is absolutely no reason for any gung-ho prosecutor who becomes aware of the transaction to think that the person is violating any tax, money-laundering, financial-reporting, or other laws.
Once information has appeared in a public place anywhere, it's almost impossible to prevent it from being available ANYWHERE.
Sure, there are cases where the information seems so un-interesting that nobody will bother to copy it before the state manages to seize all copies of it. There are also cases where loyalty to the state (or employer, or church, or fraternity) is so strong that thousands of trusted people may have copies but they won't distribute them and you (the state/employer/church/fraternity officials) know it.
There are also cases where fear of even possessing the information (plus the fact that most people simply wouldn't want to possess it) means the state has a much easier time keeping track of those who are both un-afraid and who might actually want to possess it (classic example from country that generally values free speech but makes a few exceptions: child porn).
Other that these and a few other edge cases, once something is published it's pointless for a country that claims to value free speech to try to declare it a "secret after the fact." Unless of course the point is disabuse your citizens and the world of the idea that you (the state) value free speech, in which case go right ahead, you'll soon achieve your goal.
Step 1: Sign your own cert(s).
Step 1b (optional): Use certs signed in step 1 to sign additional certs.
Step 2: Publish the hash of the certs in step 1 in one or more widely-printed, widely-available newspapers or magazines.
Step 3: On your web site host installable copies of all certs made in steps 1 and 1b, text and photographic copies of the printed hashes from step 2, and instructions on where to find copies of these publications (e.g. "go to your local library and look up XYZ newspaper dated DATE MONTH YEAR and go to section X page P and look in the 2nd column about 2 inches down").
While most people won't go to the trouble of going to the library, the fact that it is fairly easily check-able by people with access to a big-city library will make it that much more difficult for someone to launch a MITM attack without being caught. Not impossible, just much more difficult.
It makes sense: encryption without authentication is useless, as the browser gets a secure channel to talk with an unidentified peer. It can be your server, it can also be a man in the middle, there is no way to tell.
You mean other than manually comparing the certificate against a known-good copy you previously obtained through a trusted channel then telling your web browser to memorize it as a known-good certificate?
I don't remember the last time I saw so many members of the 3-digit club in one not-too-long (yet) sub-thread, but it was probably in Bush the 43rd's first term.
I'm going to hit you with my modem.
300 baud or DSL?
I have both and it's easy to mix the two up especially if you have one of those last-century DSL modems with the DB9 or DB25 serial connector.
They have about the same usefulness when used to hit people with.
On some days, they both seem to transfer data at about the same speed. :P
Research Highlights How a Deep Neural Network Trained With Deep Learning Sees and How It Knows What It's Looking At
There, fixed that for you.
Why is using the term "AI" wrong in this headline?
#001: Because industry experts don't agree on what AI is
#010: Because most of the definitions of AI are much broader than what the article is talking about
#011: Because at least one definition of AI says something like "if it exists today, it's not AI" - including "beyond the capability of current computers" or something similar as a defining condition of the term "AI"
I had my "obvious/subtle/totally-deadpan" posting filter set too far to the "deadpan" end of things. To anyone who mis-took me for a conspiracy theorist, I apologize for being too deadpan.
Jon Postel was murder/assassinated.
That's a very strong claim given the lack of any easy-to-find even-remotely-credible reports to suggest that his death was a homicide.
As they say on Wikipedia (and elsewhere), "citation needed."
Tester (591)
Wow, don't see those very often. Good to see old-timers still around.
So, which do you prefer, Intellivision or ColecoVision? :)
Apple can disable software remotely for security reasons but iOS itself cannot install software without asking the user.
Unless Apple disables the software that prevents iOS from installing software without the user. This function would only be used for security reasons of course.