Perhaps its time for a centralized theft registry.
Yes, this will reduce the pseudo-anonymity but it can be done.
Here's one possible way for bitcoin-wallet services to handle things, but it's off-the-cuff so it's probably buggy:
Executive summary:
Through the use of multiple wallets and a central registry of "stolen bitcoins," a wallet service's customers can put money they don't need immediately in "vaults." Unauthorized "withdrawals" from the vault will be refused by the software and will never make it into the block-chain, thereby providing some protection to the funds and deterring wholesale theft from bitcoin-wallet services.
Details:
Give account-holders two "wallets" - a "pocket money wallet" and a "vault wallet" - and create a third wallet - a "holding wallet" - that is controlled only by the wallet service.
Wallet #1 is the "pocket money" wallet. It has no additional protections. It's used for "petty cash" and for money that will be needed in the next day or two.
Wallet #2 is the customer's "vault wallet." For certain customers with few incoming transactions, this "vault wallet" will be stored "offline" and only moved online temporarily when the customer tells the wallet service there will be an incoming transaction soon.
Wallet #3 is the "holding wallet" for Wallet #2. There may be more than one such "holding wallet."
The "vault wallets" are registered in bulk by the bitcoin-wallet services with a central authority. Only certain transactions are allowed "out" of these vault wallets. All other transactions will be refused by the software - they will never make it into the block-chain.
If an exchange is compromised, all of its "vault wallets" are considered compromised until the exchange indicates they are not. Transactions indicating withdrawals from these "vault wallets" during the time of the compromised are refused by the software - they will never make it into the block-chain.
The registration is nothing more than * some identifier belonging to the wallet service, to ensure that the registration information isn't tampered with later * the identifier of the "vault wallet" * the identifier of one or more "holding wallets." * for each "holding wallet," a minimum time between each transaction. This will usually be at least a day. * each "holding wallet" will typically be automatically dumped into the customer's "pocket money wallet" when the time expires. * at the wallet-service's option, additional obfuscation may happen after the money leaves the holding wallet and enters the customer's "pocket money wallet." For example, the money leaving the customer's "holding wallet" may be dumped into "bank's temporary wallet #1" and an equal amount transferred from "bank's temporary wallet #2" into the customer's "pocket money wallet" shortly thereafter. * at the wallet-service's option, the "holding wallets" may be part of an obfuscation scheme. For example, they may be randomly re-used across customers, or they may be designed as one-time-use wallets. * a time-delay for any registration information changes other than marking wallets as compromised.
The idea is that the "pocket money" wallet is just as vulnerable as ever, but it will rarely have most of a customer's coins in it.
The "holding wallet" has some vulnerabilities but it will be empty most of the time and thanks to the "time lock" it's unlikely that all or even most "holding wallets" at a given will be able to be stolen at the same time.
The "vault wallets" are protected enough to make the immediate reward of "raiding" an exchange much lower than it is today. There will still be theft, but the number of people interested in stealing from exchanges will go down and the risk of loss from a given theft will go down.
Trade-offs:
* This is not a complete solution. * There are probably anonymity issues I haven't considered. * There are new denial-of-service issues introduced by this system. I can see the possibility of a
If you control for # of hours worked, that's fine and dandy as long as this factor is something NOT based on gender discrimination.
If men get offered longer-hours, and therefore more-annual-pay, jobs or assignments, because they are men or because of some underlying factor where men have an advantage because they are men, then you SHOULD NOT be factoring this out.
If everyone gets offered such assignments without any gender discrimination and men choose to work longer hours, or if the reasons for any differences between what men are offered and what women are offered are all based on things that happened earlier in life that were based on free choices rather than gender discrimination, then you SHOULD factor these out.
Example:
If promotions are offered to those who have current skills for the new job, and those current skills are usually developed by taking extra training classes on the employee's own time, this may seem like a gender-neutral reason for selecting who gets promoted, even if its effect is to have many more of one gender promoted than another. In some environments, it may actually BE a gender-neutral way of selecting who gets promoted.
However, if the company's employee pool has a large number of women who simply do not have the time to take such classes (say, due to being single parents - single moms significantly outnumber single dads in the USA) and the employer either knows this or would have to be willfully blind to not know it, then using "who has current skills for the new job" for internal promotions without finding some way of ensuring everyone has a REAL opportunity to get skills training is, at best, indirect gender discrimination. If it's a deliberate "bwuhahahaha let's see if we can fool everyone into thinking we can play fair while ensuring most promotions go to men bwuhahahaha" deliberate technique, then the company better hope there is no smoking gun or they will lose any related employment lawsuit and probably alienate their customers as well.
Media providers may start charging "ISP shipping and handling surcharges" to cover their actual costs (plus a "small" markup of course!) to customers of ISPs who insist on charging peering fees.
The alternative is to spread this cost across all customers (like most manufacturers do now), effectively having the customers who have ISPs with free peering subsidize the costs of those who don't.
Personally, I think "last-mile connectivity" and "wireless connectivity" should be billed on a per-unit-cost basis with some minimum monthly charge to cover "paperwork." ($X/GB for data, Y cents (or tenths of a cent) per minute per "classic" cell-phone call, Z cents (or tenths or hundredths of a a cent) per "classic" text, etc.) then allow multiple service providers (e.g. back-haul TCP/IP-data-providers, "classic" phone/text providers, specialized data providers like VoIP, latency-sensitive streaming service providers, etc.) to provide services up to the "neighborhood box" or the "provider-interface box closest to the cell tower" etc.
This way, if I wanted to get VoIP from Comcast, regular internet from Time Warner, and television services from AT&T, all over my local cell tower, I could. I'd pay basic connectivity-fees to the company that ran the tower and pay service-bills to the other companies. They wouldn't pay the tower owner anything, or if they did, it would be at a regulated fee designed to cover costs, not provide a profit to the tower owner. I'm the tower-owner's customer, not the data providers.
"The simple equations here make it easier to understand that improbable things really are not so improbable," [emphasis added]
Almost everyone who had birthday parties in school growing up knows SOME pair of kids with the same birthday. Anyone in America knows that "big lotteries" usually have at least a few winners a year. Helping people understand that such events happen isn't a big issue.
Helping them understand why they are expected to happen on the other hand....
As a Rube-Goldberg device, I'd like to see a Lego printer that assembled "Braille movable type" using "Letters" made of 2x3 legos with selected dots shaved off.
For arrest warrants and fugitive investigations for people whose underlying crimes that have a statute of limitations, the police should have to either drop the charges when the statute of limitations would have run out, some point before that date, start making continuous, real (not merely "pro-forma") efforts to find and arrest the person, or at a minimum go to court every few months explaining why they don't have enough information pursue the person.
In other words, if the police want you, they can't be allowed to just put your file into a computer and forget about it forever. At some point, they either have to keep spending some effort on your case or drop it.
For cases where the underlying crime has no statute of limitations, like murder, this would not apply.
In most U.S. states, theft of a DVD is going to be a misdemeanor and in some states its a fine-only offense if the value of the DVD is very low. The statutes of limitations for such crimes are typically 7 years or less, depending on the state. In some states they are 3 years or less.
... minus the "TV." Just look up. It's been in continuous production since well before you were born and barring divine intervention it's not expected to be cancelled any time soon.
We need to use optics that closely approximates the technology of the time. If we still have the ability to create the glass that Galileo created then we won't even need to approximate it, we'll have the real thing.
If that happens to be "modern" optics, that's fine, but insisting on using modern glass-production techniques is unnecessary.
Perhaps its time to put certain applications, such as web browsers in their own "VM appliance" to isolate them from being spied on or misused by other apps.
In the meantime, get into the habit of using your browser's "privacy mode."
If games and other apps that don't "need" to work with your other applications can run in a VM without an unacceptable performance hit, consider putting them in such a box as well.
If your OS supports running apps in sandboxes/jails and your favorite games work well in such an environment, that may be easier than putting them in a full-blown VM.
If you are an independent contractor then you are obligated to live up to your contract.
If you are an hourly employee (in the USA at least) the answer is a definite "no" or your boss is going to get into trouble with the IRS.
If you are salaried (in the USA) then you are paid by the month/year and the definition of "your time" vs. "company time" is fuzzy enough to be meaningless. Is staying late at the office to fix a mistake you should have easily avoided as a point of professional pride/integrity a moral issue? Is going home to be with your family a moral issue? Is this one of those run of the mill bugs that is just "part of the cost of doing business"?
Are debunked/junk sciences like phrenology considered "science"? If so, maybe astrology can be called a science, but ONLY with a proper qualifier like "junk" or "debunked."
Science deals with what is at least theoretically testable.
Science can be wrong.
It might be the case that the universe began "In medias res" 5 minutes ago or 5000 years ago or 10 (not 13+) billion years ago. These are all theories of how the universe works, and any one of them might actually be correct. But they aren't testable, and therefore have no place in "science."
Such a theory is also not useful, in that it doesn't tell us anything of practical value. At least the Bible's creation story (and other religious creation stories) provide practical utility: If they are correct, they show us that 1) we are not alone in the universe, 2) we are created beings, 3) animals, plants, and the Earth (and sky and sea) are created by the same Creator. The "In medias res" theory doesn't even provide that much. If it happens that the universe is 5 minutes old, "so what."
Most of the various flavors of biological evolution of life on Earth and the smaller-scale theories that follow from it are at least in principle testable without time-travel, but only if we "get lucky" and the evidence is not lost forever. Some, such as a theory that such-and-such long-extinct animal evolved from another long-extinct animal, may prove to be un-testable if we don't find proof by the time the sun engulfs the planet Earth. When that happens, that theory will no longer have a place in Science either.
What you say only makes sense if I'm depositing the proceeds of the loan with the same bank.
If I'm buying a car and the dealership banks elsewhere, there's no real economic difference between me taking out a $20,000 cash withdrawal, handing it to the car dealer, and having him deposit it in his bank vs. me having the $20K wired directly to the car dealer's bank account. Because there is no real economic difference, it would be irrational to have different reserve requirements for these two transactions.
I'm not saying you are wrong, I'm just saying that if you are right, then there is something very irrational going on here.
I doubt the Physics community will trust the US Government to be a critical partner any project that big until the institutional memory of the SSC budget axe goes away. We are just over 20 years into what I expect to be a 40-60 year wait for that to happen.
Malware couldn't possibly brick massive quantities of consumer electronics this way could it? Nah, that's as far fetched as Slashdot forcing us all onto a buggy "Beta" no one likes.
Oh, I get it, 25% of all/. viewers are infected with malware that DNS-poisons *.slashdot.org so they land on this fake "Beta" site. Wait until Dice's technical team locates the malicious crackers and sics the legal team on them. There will be hell to pay, I tell you, hell to pay.
A "kill switch" will just brick devices the first time they connect to the network in California or a network that transmits "kill switch" orders outside of California. I wouldn't expect it to work if the thief dropped the phone in a metal-lined bag until it was safely outside of the country.
Blacklisting the ESN is just as effective and doesn't require special phones.
Besides, if the phones are being bagged and stripped for parts in a shielded room, neither blacklisting nor a kill switch will do much good.
That's a stretch. Most banks can only loan out x% of their deposits, limiting the amount of money the can create "at will."
I don't know about Russia, but in America, private people can still loan each other money at interest and they can demand collateral, subject to certain regulations and limitations. As a simple example, if I want to loan my neighbor $1000 at interest of 0.1%/week (i.e. far below "illegal usury" rates) so she can pay for unexpected car repairs, my government isn't going to stop either of us from making that transaction.
Slashdot Mirror
Perhaps its time for a centralized theft registry.
Yes, this will reduce the pseudo-anonymity but it can be done.
Here's one possible way for bitcoin-wallet services to handle things, but it's off-the-cuff so it's probably buggy:
Executive summary:
Through the use of multiple wallets and a central registry of "stolen bitcoins," a wallet service's customers can put money they don't need immediately in "vaults." Unauthorized "withdrawals" from the vault will be refused by the software and will never make it into the block-chain, thereby providing some protection to the funds and deterring wholesale theft from bitcoin-wallet services.
Details:
Give account-holders two "wallets" - a "pocket money wallet" and a "vault wallet" - and create a third wallet - a "holding wallet" - that is controlled only by the wallet service.
Wallet #1 is the "pocket money" wallet. It has no additional protections. It's used for "petty cash" and for money that will be needed in the next day or two.
Wallet #2 is the customer's "vault wallet." For certain customers with few incoming transactions, this "vault wallet" will be stored "offline" and only moved online temporarily when the customer tells the wallet service there will be an incoming transaction soon.
Wallet #3 is the "holding wallet" for Wallet #2. There may be more than one such "holding wallet."
The "vault wallets" are registered in bulk by the bitcoin-wallet services with a central authority. Only certain transactions are allowed "out" of these vault wallets. All other transactions will be refused by the software - they will never make it into the block-chain.
If an exchange is compromised, all of its "vault wallets" are considered compromised until the exchange indicates they are not. Transactions indicating withdrawals from these "vault wallets" during the time of the compromised are refused by the software - they will never make it into the block-chain.
The registration is nothing more than
* some identifier belonging to the wallet service, to ensure that the registration information isn't tampered with later
* the identifier of the "vault wallet"
* the identifier of one or more "holding wallets."
* for each "holding wallet," a minimum time between each transaction. This will usually be at least a day.
* each "holding wallet" will typically be automatically dumped into the customer's "pocket money wallet" when the time expires.
* at the wallet-service's option, additional obfuscation may happen after the money leaves the holding wallet and enters the customer's "pocket money wallet." For example, the money leaving the customer's "holding wallet" may be dumped into "bank's temporary wallet #1" and an equal amount transferred from "bank's temporary wallet #2" into the customer's "pocket money wallet" shortly thereafter.
* at the wallet-service's option, the "holding wallets" may be part of an obfuscation scheme. For example, they may be randomly re-used across customers, or they may be designed as one-time-use wallets.
* a time-delay for any registration information changes other than marking wallets as compromised.
The idea is that the "pocket money" wallet is just as vulnerable as ever, but it will rarely have most of a customer's coins in it.
The "holding wallet" has some vulnerabilities but it will be empty most of the time and thanks to the "time lock" it's unlikely that all or even most "holding wallets" at a given will be able to be stolen at the same time.
The "vault wallets" are protected enough to make the immediate reward of "raiding" an exchange much lower than it is today. There will still be theft, but the number of people interested in stealing from exchanges will go down and the risk of loss from a given theft will go down.
Trade-offs:
* This is not a complete solution.
* There are probably anonymity issues I haven't considered.
* There are new denial-of-service issues introduced by this system. I can see the possibility of a
If you control for # of hours worked, that's fine and dandy as long as this factor is something NOT based on gender discrimination.
If men get offered longer-hours, and therefore more-annual-pay, jobs or assignments, because they are men or because of some underlying factor where men have an advantage because they are men, then you SHOULD NOT be factoring this out.
If everyone gets offered such assignments without any gender discrimination and men choose to work longer hours, or if the reasons for any differences between what men are offered and what women are offered are all based on things that happened earlier in life that were based on free choices rather than gender discrimination, then you SHOULD factor these out.
Example:
If promotions are offered to those who have current skills for the new job, and those current skills are usually developed by taking extra training classes on the employee's own time, this may seem like a gender-neutral reason for selecting who gets promoted, even if its effect is to have many more of one gender promoted than another. In some environments, it may actually BE a gender-neutral way of selecting who gets promoted.
However, if the company's employee pool has a large number of women who simply do not have the time to take such classes (say, due to being single parents - single moms significantly outnumber single dads in the USA) and the employer either knows this or would have to be willfully blind to not know it, then using "who has current skills for the new job" for internal promotions without finding some way of ensuring everyone has a REAL opportunity to get skills training is, at best, indirect gender discrimination. If it's a deliberate "bwuhahahaha let's see if we can fool everyone into thinking we can play fair while ensuring most promotions go to men bwuhahahaha" deliberate technique, then the company better hope there is no smoking gun or they will lose any related employment lawsuit and probably alienate their customers as well.
In the computers that manage the wallets, not so much.
I think there is a classification for drugs that can only be administered in tightly-controlled, supervised settings.
Perhaps this drug should be classified this way, at least for the first year or two.
Media providers may start charging "ISP shipping and handling surcharges" to cover their actual costs (plus a "small" markup of course!) to customers of ISPs who insist on charging peering fees.
The alternative is to spread this cost across all customers (like most manufacturers do now), effectively having the customers who have ISPs with free peering subsidize the costs of those who don't.
Personally, I think "last-mile connectivity" and "wireless connectivity" should be billed on a per-unit-cost basis with some minimum monthly charge to cover "paperwork." ($X/GB for data, Y cents (or tenths of a cent) per minute per "classic" cell-phone call, Z cents (or tenths or hundredths of a a cent) per "classic" text, etc.) then allow multiple service providers (e.g. back-haul TCP/IP-data-providers, "classic" phone/text providers, specialized data providers like VoIP, latency-sensitive streaming service providers, etc.) to provide services up to the "neighborhood box" or the "provider-interface box closest to the cell tower" etc.
This way, if I wanted to get VoIP from Comcast, regular internet from Time Warner, and television services from AT&T, all over my local cell tower, I could. I'd pay basic connectivity-fees to the company that ran the tower and pay service-bills to the other companies. They wouldn't pay the tower owner anything, or if they did, it would be at a regulated fee designed to cover costs, not provide a profit to the tower owner. I'm the tower-owner's customer, not the data providers.
For nerds? Check. News? Not so much.
"The simple equations here make it easier to understand that improbable things really are not so improbable," [emphasis added]
Almost everyone who had birthday parties in school growing up knows SOME pair of kids with the same birthday. Anyone in America knows that "big lotteries" usually have at least a few winners a year. Helping people understand that such events happen isn't a big issue.
Helping them understand why they are expected to happen on the other hand....
As a Rube-Goldberg device, I'd like to see a Lego printer that assembled "Braille movable type" using "Letters" made of 2x3 legos with selected dots shaved off.
Call it the Legotenburg Press.
For arrest warrants and fugitive investigations for people whose underlying crimes that have a statute of limitations, the police should have to either drop the charges when the statute of limitations would have run out, some point before that date, start making continuous, real (not merely "pro-forma") efforts to find and arrest the person, or at a minimum go to court every few months explaining why they don't have enough information pursue the person.
In other words, if the police want you, they can't be allowed to just put your file into a computer and forget about it forever. At some point, they either have to keep spending some effort on your case or drop it.
For cases where the underlying crime has no statute of limitations, like murder, this would not apply.
In most U.S. states, theft of a DVD is going to be a misdemeanor and in some states its a fine-only offense if the value of the DVD is very low. The statutes of limitations for such crimes are typically 7 years or less, depending on the state. In some states they are 3 years or less.
... minus the "TV." Just look up. It's been in continuous production since well before you were born and barring divine intervention it's not expected to be cancelled any time soon.
We need to use optics that closely approximates the technology of the time. If we still have the ability to create the glass that Galileo created then we won't even need to approximate it, we'll have the real thing.
If that happens to be "modern" optics, that's fine, but insisting on using modern glass-production techniques is unnecessary.
Cows ... methane ... end of the world?
OMG, Eat mor chikin is a secret plot to poison the environment!
Perhaps its time to put certain applications, such as web browsers in their own "VM appliance" to isolate them from being spied on or misused by other apps.
In the meantime, get into the habit of using your browser's "privacy mode."
If games and other apps that don't "need" to work with your other applications can run in a VM without an unacceptable performance hit, consider putting them in such a box as well.
If your OS supports running apps in sandboxes/jails and your favorite games work well in such an environment, that may be easier than putting them in a full-blown VM.
If you are an independent contractor then you are obligated to live up to your contract.
If you are an hourly employee (in the USA at least) the answer is a definite "no" or your boss is going to get into trouble with the IRS.
If you are salaried (in the USA) then you are paid by the month/year and the definition of "your time" vs. "company time" is fuzzy enough to be meaningless. Is staying late at the office to fix a mistake you should have easily avoided as a point of professional pride/integrity a moral issue? Is going home to be with your family a moral issue? Is this one of those run of the mill bugs that is just "part of the cost of doing business"?
Are debunked/junk sciences like phrenology considered "science"? If so, maybe astrology can be called a science, but ONLY with a proper qualifier like "junk" or "debunked."
Science deals with what is at least theoretically testable.
Science can be wrong.
It might be the case that the universe began "In medias res" 5 minutes ago or 5000 years ago or 10 (not 13+) billion years ago. These are all theories of how the universe works, and any one of them might actually be correct. But they aren't testable, and therefore have no place in "science."
Such a theory is also not useful, in that it doesn't tell us anything of practical value. At least the Bible's creation story (and other religious creation stories) provide practical utility: If they are correct, they show us that 1) we are not alone in the universe, 2) we are created beings, 3) animals, plants, and the Earth (and sky and sea) are created by the same Creator. The "In medias res" theory doesn't even provide that much. If it happens that the universe is 5 minutes old, "so what."
Most of the various flavors of biological evolution of life on Earth and the smaller-scale theories that follow from it are at least in principle testable without time-travel, but only if we "get lucky" and the evidence is not lost forever. Some, such as a theory that such-and-such long-extinct animal evolved from another long-extinct animal, may prove to be un-testable if we don't find proof by the time the sun engulfs the planet Earth. When that happens, that theory will no longer have a place in Science either.
The pass/fail line should be based on whether they sufficiently mastered the material, not on how well other students did.
If by some fluke everyone sufficiently masters the material, everyone should get a passing grade. If nobody does, nobody should.
Your first post-college professional job typically cares about your GPA. Too low a GPA and you might not even get the interview.
What you say only makes sense if I'm depositing the proceeds of the loan with the same bank.
If I'm buying a car and the dealership banks elsewhere, there's no real economic difference between me taking out a $20,000 cash withdrawal, handing it to the car dealer, and having him deposit it in his bank vs. me having the $20K wired directly to the car dealer's bank account. Because there is no real economic difference, it would be irrational to have different reserve requirements for these two transactions.
I'm not saying you are wrong, I'm just saying that if you are right, then there is something very irrational going on here.
I doubt the Physics community will trust the US Government to be a critical partner any project that big until the institutional memory of the SSC budget axe goes away. We are just over 20 years into what I expect to be a 40-60 year wait for that to happen.
Malware couldn't possibly brick massive quantities of consumer electronics this way could it? Nah, that's as far fetched as Slashdot forcing us all onto a buggy "Beta" no one likes.
Oh, I get it, 25% of all /. viewers are infected with malware that DNS-poisons *.slashdot.org so they land on this fake "Beta" site. Wait until Dice's technical team locates the malicious crackers and sics the legal team on them. There will be hell to pay, I tell you, hell to pay.
... when they can just locate it and make it connect to a fake tower instead?
A "kill switch" will just brick devices the first time they connect to the network in California or a network that transmits "kill switch" orders outside of California. I wouldn't expect it to work if the thief dropped the phone in a metal-lined bag until it was safely outside of the country.
Blacklisting the ESN is just as effective and doesn't require special phones.
Besides, if the phones are being bagged and stripped for parts in a shielded room, neither blacklisting nor a kill switch will do much good.
Bitcoin wasn't "designed" to do anything useful
Obviously you've never had the natural gas lines go out in a cold snap. Standing next to your rack of bitcoin-mining machines prevents frostbite.
What? You mean we just got lucky and creating heat wasn't part of the design of bitcoin?? Wow, who was so blind that they missed that key feature???
That's a stretch. Most banks can only loan out x% of their deposits, limiting the amount of money the can create "at will."
I don't know about Russia, but in America, private people can still loan each other money at interest and they can demand collateral, subject to certain regulations and limitations. As a simple example, if I want to loan my neighbor $1000 at interest of 0.1%/week (i.e. far below "illegal usury" rates) so she can pay for unexpected car repairs, my government isn't going to stop either of us from making that transaction.