If Google can see this, maybe they can see the XXX photos my legal-aged wife/girlfriend* and I are sending each other, which frankly is none of their business.
This is yet another reason to encourage widespread adoption of end-to-end encryption.
*okay, okay, HYPOTHETICAL wife/girlfriend - this is news for nerds, after all.
Okay, I'll grant you that equipment that uses engines which require more power than today's electric engines of the same size can produce can't feasibly be done with wind or solar. Ditto for portable equipment where the size or weight of today's electric engines + batteries is more than the size or weight of the comparable non-electric engine.
But any mining equipment which could be run off of an electric engine and where the size or weight of an electric engine + batteries is acceptable could be run or recharged off of electric mains. The power on these mains can come from "green" sources, assuming of course that a "green" power plant exists or could be built close enough to attach to that region's power grid. That assumption may not hold in some non-developed countries.
Why would anyone SELL bitcoin mining rigs instead of simply building them and getting rich themselves?
There is less uncertainty and other risks in making and selling mining rigs than in mining.
Also, to "do it right," mining on a large scale requires some some BC-mining expertise that making equipment doesn't have. Granted, this "expertise" isn't very much (yet) - it amounts to things like legal compliance (where applicable - not very many places if any as of today but probably many places soon), whether you want to provide "washing/anonymizing" services and if so at what cost, what is the lowest transaction fee you are willing to accept under a given circumstance (e.g. if electricity costs less at night, you may be willing to take a lower fee), etc.
There is a parallel question in the real world with a parallel answer: Why do people/companies that make oil-drilling rigs sell them instead of just using them to drill for oil themselves? Answer: Different risks and different areas of expertise. Oil exploration companies have or hire expertise in how to scout for possible deposits, how to negotiate mineral leases, how to operate oil rigs, how to handle legal compliance, etc. etc. - things that the rig-manufacturing companies would prefer not to do.
In the USA you can get a low-end tablet for under $60 easy. In many urban areas you can get 768Kbps internet for under $20/month. If your carrier allows previous-generation modems (some don't) you can get a used modem dirt cheap.
If Mom or Dad has a smart phone that acts like a hotspot you don't even need a separate internet - just make sure the kids don't use up all of your gigabytes (most low-end cell data plans in America are metered or they throttle to "2G" speed after a certan amount of usage each month).
If you have a project that's too big to fit into 1 person's head and you want it to work right and be maintainable, you either have to have a team of people who practically read each other's minds or you have to have a solid design and maintenance process.
Either that, or you have to accept that unless you get lucky or your code is hardly ever used, you will have problems down the line.
Having a lightweight or non-existent process is fine for projects that can stay in one person's head and which won't need to be maintained by anyone other than the original author.
I can see the advantages of cheap, relatively-high-speed paper RAM but remember, we've had high-density paper ROM since the age of micro-fine printing, and low-density paper ROM since the invention of, well, paper.
We've also had very-slow-to-erase "eraseable ROM" on paper since the invention of the eraser.
In prehistoric times, we had it was low-density ROM on cave walls.
unless at least one party knows who it's supposed to be talking to & can independently verify the other party's identity and the integrity of key-exchange traffic supposedly taking place with it,
For short-range communications between devices operated by human beings, this isn't as hard as one might think.
Let's say I want my cell phone to communicate with a kiosk at McDonald's, without having to rely on the phone network to do the authentication.
Behind the counter, McDonalds has a poster-sized, easy-to-photograph representation of the kiosk's public key.
Now to exchange keys, I walk up to the kiosk and press a button. It puts a random picture on the screen. My phone takes a picture of it, combines it with a random picture I create, my public key, and a suggested random private key, then it encrypts it with the kiosk's public key. My phone tells me to turn it towards the kiosks's camera. It displays the random picture the kiosk created for a few seconds, then the random picture I created for a few seconds, then a pictorial representation of my public key for a few seconds, then a pictorial representation of the entire encrypted message for a few seconds. After all of this is done my phone tells me to flip it around again. The kiosk sends me new shared key that is based on the suggested shared key that I sent to it, but this time it is encrypted with my public key.
Now we can talk and I can place my order and provide my credit card information securely.
This all works because I got the Kiosk's public key from a trusted, independent source - the sign behind the counter that some human being put up and which the McDonald's employees would've noticed if it had changed recently (e.g. if a hacker had replaced the real sign with his own fake one and concurrently replaced the kiosk's public key with one he controlled).
By the way, this is a hypothetical example - there are easier ways to buy burgers than to spend half a minute or more playing "can we trust each other" with a kiosk.
Can this method be defeated? Yes - but you defeat it by removing the assumption that the McDonald's employees are paying attention to their surroundings for any suspicious changes and the assumption that the McDonald's employees are loyal enough to their employer to not "look the other way" if they notice a change or worse, collude with each other to BE the "man in the middle." But at this point, it's no different than walking into a bank and dealing with a crooked bank teller.
As to whether his deity can copulate or not... well, what happens on Mount Olympus stays on Mount Olympus... except in the case of pregnancies - those are the things of which legends are born.
If the hacker leaves the range of the device, there's no way to regain control of the Chromecast.
Where's the factory-reset button when you need it?
Consumer-electronics that aren't so cheap they are "disposable" should have a "reset to last known good state" hardware button and for some types of devices, a "save current state as known good state" hardware button. If the second button is missing, the "factory fresh state" will forever be the only "last known good state."
The second button is needed for installing "bios-level" anti-theft software and the like that can't be undone by the first button, if the customer wants to make that software non-uninstallable by a security-savvy thief should it be stolen.
For some products, one or both of these buttons may require opening the case and breaking tamper-evident seals, but they should exist, and they should be true hardware buttons, not defeat-able by software.
They need to be hardware buttons so a virus or malware doesn't "press" them, defeating the purpose of being able to "roll back" the machine to a previous state.
am seriously considering assing client side resistance to the medical software I write designed for use across the public internet because of people like you who collect data you have no business collecting.
Please do.
The only one of the examples I listed in the grandparent post that I plan on implementing are those in a role of a parent.
When I have a 6 year old kid who is using the Internet, no amount of "client-side resistance" that you add is going to stop me from seeing what's on the screen as I watch my kid use the computer.
If counteracting the detecting and blocking bridge notes becomes a problem - and it probably will as soon the the Chinese get good at it - someone will find a solution.
A resource-intensive solution would be to layer the TOR/bridge traffic on top of and steganographically embedded into some seemingly-normal traffic, such as an encrypted streaming video, so that a traffic analysis would say "it's probably just someone watching online TV."
Which is more evil: Telling employees "we block all encrypted traffic and snoop on everything else"
or telling them
"We MITM all encrypted traffic we can so we can snoop on it, we snoop on everything we can and block the rest"
or telling them
"we block all traffic except traffic to the few Internet resources we know you need, and oh by the way we snoop on that"
or telling the
"we don't think you need a computer to do your job, if you do need a computer to do your job then talk to your boss and he MAY give you the keys to the one room where there is a computer. Oh, by the way, there are TV cameras all over that room so don't even think about using it for non-business purposes."
Substitute "school," "institution," or "parent" for "employer" and substitute "student," "client/end-user," or "minor child who the parents deem too young/immature to use the Internet unsupervised" for "employee."
Speaking of parents, many parenting experts highly recommend that if a kid under a certain age/maturity level wants to use the Internet, he only be allowed to do so under close supervision, as in mom or dad in the room within eyesight of the screen. What age? Experts disagree, but almost all would put the cutoff age where mom can leave the room for a few minutes at somewhere in the elementary school (age 5-12) age range.
Time will come when firewalls inspect all outgoing packets and use heuristics to guess how dangerous encrypted traffic might be.
For example:
Whitelisted sites Encrypted traffic to an IP address previously whitelisted by the firewall vendor or end user? It's whitelisted, let it pass.
Heuristically safe sites Encrypted traffic to an IP address known to be associated with a well-known domain whose DNS is known to be valid and who is known to typically use encryption over this port and whose recent activity hasn't been suspicious? Probably safe.
Suspicious traffic to an okay site Encrypted traffic to whitelisted or probably-safe web sites that is uncharacteristic in size or other known details? Possibly not safe.
Unknown site Encrypted traffic to anyone else who isn't blacklisted? Possibly not safe.
Blacklisted site Encrypted traffic to a blacklisted site? Block it.
In the middle three groups, give the user a chance to approve/block/whitelist the traffic or, if the user just wants such traffic logged or just wants to see an on-screen alert but doesn't want to be bothered with the "should I block it" question, log it and/or put up a visible notification to the end-user.
Decades ago - we are talking the 50s and 60s, possibly up through the '70s and '80s, large companies treated employees as a long-term asset not as a short- or medium-term one.
They wanted to cultivate the reputation of "we take care of our employees" more than "we take care of our stockholders."
Back then, it would take a radically different skill-set between those being laid off and those being hired for you to see simultaneous layoffs and hiring from abroad. As a hypothetical example, if a conglomerate were shutting down its meat-packing division and hiring new researchers as it expands its pharmaceutical research division, the odds are that most of those meat-packers wouldn't have the intellectual capacity to qualify for the Ph.D.- or at least graduated-in-the-top-quarter-of-my-class-from-a-good-school B.S.-in-chemistry-or-a-related-field- degree required for the new jobs even if the company was willing to invest 4-6 years to re-train them.
Today, by contrast, if the employee being laid off can't be quickly retrained, the short-term-economic decision is a no-brainer: lay that person off and hire someone for the newly-created job who can hit the ground running.
the rest of the world had basically been converted to rubble and it takes a couple of decades to rebuild after such destruction.
I assume you mean the rest of the industrialized world.
Do Canada and Australia not count?
I don't think Canada suffered much infrastructure damage in WWII. Other than the northern coastal areas (particularly Darwin) and some ship-launched attacks on harbors I don't think Australia did either.
I'm going to get a lot of flak for this but I generally favor open immigration when it comes to people who can contribute to our economy, even if this means my paycheck will go down and my field's labor market will be more competitive for me as a result.
Why? * America shouldn't pretend to be the land of opportunity if it's not. * If I can't compete in in my chosen job market without depending on the government to protect me from immigrant workers, either I need to get better at what I do or I need to find another line of work where I can compete. * If my standard of living is higher than the income I would make in a free (from an immigration perspective) labor market, I need to lower my standard of living or find a more financially lucrative line of work. * If a company has a choice between 1. hiring US workers who may be in short supply and demanding higher wages 2. importing workers to increase the supply and as a result possibly depress wages slightly 3. outsourcing the work overseas where the supply is more plentiful and the wages are significantly lower everything else being equal it will go with #3.
Now, everything isn't equal, and there are usually clear benefits from having employees who are if not on-site at least in-country. But if the benefits aren't high enough to do #1 over #3 and #2 isn't an option, guess what choice they will pick? If you make #2 an attractive option compared to #3, American will at least benefit from the imported workers paying rent or buying homes, eating food, and otherwise helping the local economies of where they live.
In other words, if America let in anyone willing and able to work who had a job offer in hand, enough skills and financial resources to make sure they don't become a burden if they get laid off, and no particular reason to not let in that person, we should let them in to work.
Short version: * Yes for " debts, public charges, taxes, and dues." * Not necessarily for goods or services.
In short, if you go into a store to buy something, they can say "no cash accepted, check or credit card only." But if they extend you store credit, you can pay off that debt later with cash, at least in theory.
I'm going to be pedantic and call BS on this one. If they hadn't been so bold and instead said "while in almost all cases failing to provide enough benefits to justify the cost" I wouldn't be making this reply.
Why am I upset about their hyperbole? Because it cuts into their credibility.
What's the specific counter-example I can provide? Read on..,.
In some societies, criminalization leads to social stigmatization even if the laws are not enforced or only lightly enforced, a stigmatization that would be absent or less strong otherwise. You see this in some parts of the United States, where the existence of little-enforced laws such as laws against littering, talking on the cell phone while driving, etc. reinforce and amplify the existing social stigma against such activities to the point that it's the stigma of being seen doing "the wrong thing," not the fear of getting a ticket or getting arrested, that drives people to follow the social norm.
Even if the enforcement of drug laws doesn't lead to reduced usage in and of itself, the stigmatization can.
Reducing the use of harmful drugs can benefit society in many ways, including fewer early deaths and fewer health problems.
The key though is that whether stigmatization by itself will lead to less drug use or not will vary from society to society and even sub-culture to sub-culture. A sub-culture which is known for being defiant of the larger society may in fact see doing things that are stigmatized by the larger society as a way to rebel. The 1960s young-adult/youth counterculture sub-culture in the United States is one example where a "main culture" stigmatizing an activity may lead to more, not less, overall use.
Now, does the existence of drug laws result in an enhanced stigma that leads to overall reduced drug use worldwide? I don't know. Is there someplace on this planet where drug laws are creating or reinforcing a stigma where the social stigma (not necessarily the fear of being caught by the police) is driving lower drug use? Almost certainly.
What's the bottom line?
* Don't summarily throw out drug laws worldwide. * Do encourage every country and locality to ask itself to examine the totality of effects of its drug laws both within its own borders and on the rest of the world, and make an educated, informed decision about whether to change the drug laws to achieve the desired goals (which I assume are nominally a safer and healthier society, but which I sadly acknowledge may include things like keeping trading partners happy, keeping a dictator's friends flush with cash, and other factors that are irrelevant to the nominal purpose of drug laws), and if so, how.
Slashdot Mirror
"but it's 100% automated and completely anonymous - no human ever looks at your mail".
This does not condradict Google's claim that no human ever looks at your email.
At some point, a human other than the intended sender or intended recipient looked at the email.
If Google can see this, maybe they can see the XXX photos my legal-aged wife/girlfriend* and I are sending each other, which frankly is none of their business.
This is yet another reason to encourage widespread adoption of end-to-end encryption.
*okay, okay, HYPOTHETICAL wife/girlfriend - this is news for nerds, after all.
Why put off until tomorrow what you can do today?
Okay, I'll grant you that equipment that uses engines which require more power than today's electric engines of the same size can produce can't feasibly be done with wind or solar. Ditto for portable equipment where the size or weight of today's electric engines + batteries is more than the size or weight of the comparable non-electric engine.
But any mining equipment which could be run off of an electric engine and where the size or weight of an electric engine + batteries is acceptable could be run or recharged off of electric mains. The power on these mains can come from "green" sources, assuming of course that a "green" power plant exists or could be built close enough to attach to that region's power grid. That assumption may not hold in some non-developed countries.
Why would anyone SELL bitcoin mining rigs instead of simply building them and getting rich themselves?
There is less uncertainty and other risks in making and selling mining rigs than in mining.
Also, to "do it right," mining on a large scale requires some some BC-mining expertise that making equipment doesn't have. Granted, this "expertise" isn't very much (yet) - it amounts to things like legal compliance (where applicable - not very many places if any as of today but probably many places soon), whether you want to provide "washing/anonymizing" services and if so at what cost, what is the lowest transaction fee you are willing to accept under a given circumstance (e.g. if electricity costs less at night, you may be willing to take a lower fee), etc.
There is a parallel question in the real world with a parallel answer:
Why do people/companies that make oil-drilling rigs sell them instead of just using them to drill for oil themselves? Answer: Different risks and different areas of expertise. Oil exploration companies have or hire expertise in how to scout for possible deposits, how to negotiate mineral leases, how to operate oil rigs, how to handle legal compliance, etc. etc. - things that the rig-manufacturing companies would prefer not to do.
In the USA you can get a low-end tablet for under $60 easy. In many urban areas you can get 768Kbps internet for under $20/month. If your carrier allows previous-generation modems (some don't) you can get a used modem dirt cheap.
If Mom or Dad has a smart phone that acts like a hotspot you don't even need a separate internet - just make sure the kids don't use up all of your gigabytes (most low-end cell data plans in America are metered or they throttle to "2G" speed after a certan amount of usage each month).
If you have a project that's too big to fit into 1 person's head and you want it to work right and be maintainable, you either have to have a team of people who practically read each other's minds or you have to have a solid design and maintenance process.
Either that, or you have to accept that unless you get lucky or your code is hardly ever used, you will have problems down the line.
Having a lightweight or non-existent process is fine for projects that can stay in one person's head and which won't need to be maintained by anyone other than the original author.
I can see the advantages of cheap, relatively-high-speed paper RAM but remember, we've had high-density paper ROM since the age of micro-fine printing, and low-density paper ROM since the invention of, well, paper.
We've also had very-slow-to-erase "eraseable ROM" on paper since the invention of the eraser.
In prehistoric times, we had it was low-density ROM on cave walls.
It's not really much of a fix if the attacker can just do the same attack again immediately.
From TFS:
If the hacker leaves the range of the device...
unless at least one party knows who it's supposed to be talking to & can independently verify the other party's identity and the integrity of key-exchange traffic supposedly taking place with it,
For short-range communications between devices operated by human beings, this isn't as hard as one might think.
Let's say I want my cell phone to communicate with a kiosk at McDonald's, without having to rely on the phone network to do the authentication.
Behind the counter, McDonalds has a poster-sized, easy-to-photograph representation of the kiosk's public key.
Now to exchange keys, I walk up to the kiosk and press a button. It puts a random picture on the screen. My phone takes a picture of it, combines it with a random picture I create, my public key, and a suggested random private key, then it encrypts it with the kiosk's public key. My phone tells me to turn it towards the kiosks's camera. It displays the random picture the kiosk created for a few seconds, then the random picture I created for a few seconds, then a pictorial representation of my public key for a few seconds, then a pictorial representation of the entire encrypted message for a few seconds. After all of this is done my phone tells me to flip it around again. The kiosk sends me new shared key that is based on the suggested shared key that I sent to it, but this time it is encrypted with my public key.
Now we can talk and I can place my order and provide my credit card information securely.
This all works because I got the Kiosk's public key from a trusted, independent source - the sign behind the counter that some human being put up and which the McDonald's employees would've noticed if it had changed recently (e.g. if a hacker had replaced the real sign with his own fake one and concurrently replaced the kiosk's public key with one he controlled).
By the way, this is a hypothetical example - there are easier ways to buy burgers than to spend half a minute or more playing "can we trust each other" with a kiosk.
Can this method be defeated? Yes - but you defeat it by removing the assumption that the McDonald's employees are paying attention to their surroundings for any suspicious changes and the assumption that the McDonald's employees are loyal enough to their employer to not "look the other way" if they notice a change or worse, collude with each other to BE the "man in the middle." But at this point, it's no different than walking into a bank and dealing with a crooked bank teller.
It's his deity. He's dyslexic.
As to whether his deity can copulate or not... well, what happens on Mount Olympus stays on Mount Olympus... except in the case of pregnancies - those are the things of which legends are born.
Please forgive me for taking the article summary at face value when it said
If the hacker leaves the range of the device, there's no way to regain control of the Chromecast.
The only way that could be true is if there was no properly functioning hardware reset button.
I've been around /. awhile, I really should know better than to assume article summaries are accurate.
If the hacker leaves the range of the device, there's no way to regain control of the Chromecast.
Where's the factory-reset button when you need it?
Consumer-electronics that aren't so cheap they are "disposable" should have a "reset to last known good state" hardware button and for some types of devices, a "save current state as known good state" hardware button. If the second button is missing, the "factory fresh state" will forever be the only "last known good state."
The second button is needed for installing "bios-level" anti-theft software and the like that can't be undone by the first button, if the customer wants to make that software non-uninstallable by a security-savvy thief should it be stolen.
For some products, one or both of these buttons may require opening the case and breaking tamper-evident seals, but they should exist, and they should be true hardware buttons, not defeat-able by software.
They need to be hardware buttons so a virus or malware doesn't "press" them, defeating the purpose of being able to "roll back" the machine to a previous state.
am seriously considering assing client side resistance to the medical software I write designed for use across the public internet because of people like you who collect data you have no business collecting.
Please do.
The only one of the examples I listed in the grandparent post that I plan on implementing are those in a role of a parent.
When I have a 6 year old kid who is using the Internet, no amount of "client-side resistance" that you add is going to stop me from seeing what's on the screen as I watch my kid use the computer.
but under-informed end users are much more consistently available
Question: What's more common and arguably more dangerous than a Windows XP computer that hasn't received any OS updates in the last 2 months?
Answer: An "unpatched" (naive/uninformed) human operating the keyboard.
If counteracting the detecting and blocking bridge notes becomes a problem - and it probably will as soon the the Chinese get good at it - someone will find a solution.
A resource-intensive solution would be to layer the TOR/bridge traffic on top of and steganographically embedded into some seemingly-normal traffic, such as an encrypted streaming video, so that a traffic analysis would say "it's probably just someone watching online TV."
Which is more evil:
Telling employees "we block all encrypted traffic and snoop on everything else"
or telling them
"We MITM all encrypted traffic we can so we can snoop on it, we snoop on everything we can and block the rest"
or telling them
"we block all traffic except traffic to the few Internet resources we know you need, and oh by the way we snoop on that"
or telling the
"we don't think you need a computer to do your job, if you do need a computer to do your job then talk to your boss and he MAY give you the keys to the one room where there is a computer. Oh, by the way, there are TV cameras all over that room so don't even think about using it for non-business purposes."
Substitute "school," "institution," or "parent" for "employer" and substitute "student," "client/end-user," or "minor child who the parents deem too young/immature to use the Internet unsupervised" for "employee."
Speaking of parents, many parenting experts highly recommend that if a kid under a certain age/maturity level wants to use the Internet, he only be allowed to do so under close supervision, as in mom or dad in the room within eyesight of the screen. What age? Experts disagree, but almost all would put the cutoff age where mom can leave the room for a few minutes at somewhere in the elementary school (age 5-12) age range.
Time will come when firewalls inspect all outgoing packets and use heuristics to guess how dangerous encrypted traffic might be.
For example:
In the middle three groups, give the user a chance to approve/block/whitelist the traffic or, if the user just wants such traffic logged or just wants to see an on-screen alert but doesn't want to be bothered with the "should I block it" question, log it and/or put up a visible notification to the end-user.
Decades ago - we are talking the 50s and 60s, possibly up through the '70s and '80s, large companies treated employees as a long-term asset not as a short- or medium-term one.
They wanted to cultivate the reputation of "we take care of our employees" more than "we take care of our stockholders."
Back then, it would take a radically different skill-set between those being laid off and those being hired for you to see simultaneous layoffs and hiring from abroad. As a hypothetical example, if a conglomerate were shutting down its meat-packing division and hiring new researchers as it expands its pharmaceutical research division, the odds are that most of those meat-packers wouldn't have the intellectual capacity to qualify for the Ph.D.- or at least graduated-in-the-top-quarter-of-my-class-from-a-good-school B.S.-in-chemistry-or-a-related-field- degree required for the new jobs even if the company was willing to invest 4-6 years to re-train them.
Today, by contrast, if the employee being laid off can't be quickly retrained, the short-term-economic decision is a no-brainer: lay that person off and hire someone for the newly-created job who can hit the ground running.
But don't tell him that.
*joke*
the rest of the world had basically been converted to rubble and it takes a couple of decades to rebuild after such destruction.
I assume you mean the rest of the industrialized world.
Do Canada and Australia not count?
I don't think Canada suffered much infrastructure damage in WWII. Other than the northern coastal areas (particularly Darwin) and some ship-launched attacks on harbors I don't think Australia did either.
I'm going to get a lot of flak for this but I generally favor open immigration when it comes to people who can contribute to our economy, even if this means my paycheck will go down and my field's labor market will be more competitive for me as a result.
Why?
* America shouldn't pretend to be the land of opportunity if it's not.
* If I can't compete in in my chosen job market without depending on the government to protect me from immigrant workers, either I need to get better at what I do or I need to find another line of work where I can compete.
* If my standard of living is higher than the income I would make in a free (from an immigration perspective) labor market, I need to lower my standard of living or find a more financially lucrative line of work.
* If a company has a choice between
1. hiring US workers who may be in short supply and demanding higher wages
2. importing workers to increase the supply and as a result possibly depress wages slightly
3. outsourcing the work overseas where the supply is more plentiful and the wages are significantly lower
everything else being equal it will go with #3.
Now, everything isn't equal, and there are usually clear benefits from having employees who are if not on-site at least in-country. But if the benefits aren't high enough to do #1 over #3 and #2 isn't an option, guess what choice they will pick? If you make #2 an attractive option compared to #3, American will at least benefit from the imported workers paying rent or buying homes, eating food, and otherwise helping the local economies of where they live.
In other words, if America let in anyone willing and able to work who had a job offer in hand, enough skills and financial resources to make sure they don't become a burden if they get laid off, and no particular reason to not let in that person, we should let them in to work.
See http://www.treasury.gov/resour... .
Short version:
* Yes for " debts, public charges, taxes, and dues."
* Not necessarily for goods or services.
In short, if you go into a store to buy something, they can say "no cash accepted, check or credit card only." But if they extend you store credit, you can pay off that debt later with cash, at least in theory.
You might make a few few people who still hate the damned Yankees or any number of other groups upset for comparing them to criminals.
"...while providing no substantial benefit."
I'm going to be pedantic and call BS on this one. If they hadn't been so bold and instead said "while in almost all cases failing to provide enough benefits to justify the cost" I wouldn't be making this reply.
Why am I upset about their hyperbole? Because it cuts into their credibility.
What's the specific counter-example I can provide? Read on..,.
In some societies, criminalization leads to social stigmatization even if the laws are not enforced or only lightly enforced, a stigmatization that would be absent or less strong otherwise. You see this in some parts of the United States, where the existence of little-enforced laws such as laws against littering, talking on the cell phone while driving, etc. reinforce and amplify the existing social stigma against such activities to the point that it's the stigma of being seen doing "the wrong thing," not the fear of getting a ticket or getting arrested, that drives people to follow the social norm.
Even if the enforcement of drug laws doesn't lead to reduced usage in and of itself, the stigmatization can.
Reducing the use of harmful drugs can benefit society in many ways, including fewer early deaths and fewer health problems.
The key though is that whether stigmatization by itself will lead to less drug use or not will vary from society to society and even sub-culture to sub-culture. A sub-culture which is known for being defiant of the larger society may in fact see doing things that are stigmatized by the larger society as a way to rebel. The 1960s young-adult/youth counterculture sub-culture in the United States is one example where a "main culture" stigmatizing an activity may lead to more, not less, overall use.
Now, does the existence of drug laws result in an enhanced stigma that leads to overall reduced drug use worldwide? I don't know. Is there someplace on this planet where drug laws are creating or reinforcing a stigma where the social stigma (not necessarily the fear of being caught by the police) is driving lower drug use? Almost certainly.
What's the bottom line?
* Don't summarily throw out drug laws worldwide.
* Do encourage every country and locality to ask itself to examine the totality of effects of its drug laws both within its own borders and on the rest of the world, and make an educated, informed decision about whether to change the drug laws to achieve the desired goals (which I assume are nominally a safer and healthier society, but which I sadly acknowledge may include things like keeping trading partners happy, keeping a dictator's friends flush with cash, and other factors that are irrelevant to the nominal purpose of drug laws), and if so, how.