Posts by Charles 9

Re: Problem-solution dichotomy

"Oh! The humanity! I have to put this stuff down! I really don't have 15 seconds spare in my day to do this!"

NO, because there are many reasons why you don't want to put that stuff even for five seconds, one of the most common being bad weather. Do you really want to put your bags on the wet ground (because it's raining pretty hard and your car's outdoors--and I don't trust even plastic bags to be watertight)? Or how about on a slope because you're parked on a hill (Ask someone say in San Francisco), where the mere act of putting them down runs the risk of things escaping downhill? Or maybe it's the wife busy with an infant and other kids?

Re: re. Reporting a breach shows awareness

I still think companies will just find a way to conceal their turnover numbers so that they can just chalk it up as The Cost of Doing Business.

Re: Somehow...

But that's all private spending. I'm talking about the budgets set aside to actually conduct the elections, which are all public money. IOW, don't you think this is all by design at every level of the government?

Re: In short, the British system

The problem here is that a PR system would swing the influence to the most populous parts of the country: the dense cities.

Frankly, I don't think a single system will be sufficiently satisfactory. Like the Connecticut Compromise, you need multiple systems. In this case, three. Count the votes three times: by person, by district, and by state: best of three wins. This can help to keep the influence of sparse rural states while still allowing for two more granular measurements.

Re: PENCIL and paper

How do you stop a Kansas City Shuffle, then, especially with the help if insiders ready to duplicate any form of authentication needed?

And if they're secretly in cahoots like the R-D conspiracy?

Re: In short, the British system

I still say it's possible with an organization as big as the Republican or Democratic parties, even to the extent of subverting law enforcement to turn aside or reverse any allegations.

Re: Somehow...

Not the ELECTION budget, which is usually FIXED...

And will always be weak due to the Perennial fear of Big Brother?

Re: share of moonballs

Two words: Papers, Please.

For many who lived through the Cold War, Socialism is a dirty word and they'd prefer anarchy instead.

Re: They don't get it.

Sure there is: not enough in the budget.

Re: Somehow...

"No. With a larger population, the number of districts, voting officials and observers just has to be increased so that each district still covers about the same number of voters. And with a larger population you will have a larger pool from which to select those officials."

All of which costs money. Try doing all that from the same shoestring budget...

Re: PENCIL and paper

But what happened when the malcontents started bringing good erasers?

Re: Somehow...

Even in national elections with total numbers of votes going into the hundreds of millions? Doesn't a concern of scale present itself then?

Re: @Martin Gregorie

"No, human counting of ballots only please. Sure you could have the odd bad actor, but arranging for an army of them is a lot more difficult."

Even with the kind of size and clout the major political parties can bear? Does the term "political machine" ring a bell back to the old Gilded Age? Wasn't the pursuit of nonhuman ballotting the result of the corruption of the human ballot process, regardless of its supposed safeguards?

So what stops PEOPLE from being subverted, including any watchers?

Re: FIRE ! FIRE ! FIRE !

But people are dumb enough to set the timer for too long, resulting in said problem. Is this simply a case of You Can't Fix Stupid?

Re: RE: 0laf

"If i suddenly need to know the time in the kitchen there's a clock on the kitchen wall, a watch on my arm, a clock in the microwave...I don't need that many clocks in one room."

Except how many clocks are actually displaying time (instead of having a dead battery or blinking 12:00) and how many people actually wear watches these days because it sweats their wrists?

Re: Compromised CA

Don't think compromised. Think subverted either with or without the authority's knowledge. And as long as one is there for them to subvert, they can just block all the rest so that there's a chain of one who can give all the correct signals...don't trust him, you don't trust anyone and it becomes a DoS attack, so it's lose-lose.

Re: Compromised CA

I don't think so. They would only have to compromise ONE and then block the rest. Still quite possible. And I don't know of a way around this kind of system. DNS basically relies on Trent to work, and Trent can be replaced or subverted.

Re: People trust that?

"so while, yes, one single person can't be certain that the CPU doesn't switch completely predictable bytes in place where the USB provided random bytes should be, as a community we can be reasonably sure it doesn't do that; can't say the same of the built-in RNG"

HOW? Particularly against something of state-level resources like a TLA? If they can hide corrupt RNGs in a CPU beyond the ability to detect even via things like x-rays, can't the same technique be used to corrupt any other I/O stream? After all, things like heartbleed and shellshock got past "the community" for a long time, too. For all we know, something like this has been a black project since before it was even a concern to us.

Re: What we would actually need...

No, what we would actually ACTUALLY need is a solid way to be sure what we asked for is what we're actually getting, even in hardware (since we know state-level adversaries are now working at the bare metal level). Some form of authenticity checking that can't readily be faked because it relies on physical phenomena like quantum. Trouble is, I don't think that's really possible for something as complicated as a processor; there are too many "parts" that allow ways for a fake to get through.

Re: All you need is a simple script...

Are you willing to do this even to an account of someone over your head, knowing there's a risk said person pins the problems onto you instead?

Re: How about limiting the number of login attempts?

Unless it's an insider or someone else who's managed to get a hold of the (encrypted) password database. Then all bets are off in terms of attempts.

"...but your's isn't the only password that people have to remember in their lives..."

But ours is the one on which our money (and necks) are on the line. So, perspective. Who cares about the next guy? The liability is on US, so OURS is the only one we CAN care about.

Re: Why protect personal data

Recipes are probably a clue as to cultural background or maybe even ethnicity, since these kinds of things tend to begin with local ingredients and get passed through the generations if they don't stick to regions. Consider: Not too many people not of German background would probably carry a spaetzle recipe. Fewer still that AND a rouladen recipe, etc.

Re: Over Your Head

"For executives, make receipt of *any* bonuses contingent on same."

Chicken-and-egg question: How do you enforce rules on executives when it's the executives who make the rules...and often are the ones who demand exceptions or replace the IT people with those who will? And note, this is not as rare as you think.

Re: meaning it's online or a long gas-guzzling trip?

"Been there, had local bank closed, online version became a complicated mess that didn't work with script blocking and barely worked without. So I looked around for a bank with a local presence..."

And for many, there isn't any, or the only bank(s) around have that same sucky online interface, and since most employers insist on checks or online deposits to more easily fulfill their bookkeeping and tax obligations, it's kind of hard to go without.

Re: Rearranging the deckchairs

But how will you do that when everything they need comes from the basic client handshake, meaning all the tracking can be done stateside and simply stored in countries not subject to regulations like the GDPR?

Yeah, but what happens when it's your bank that won't work anymore? Oh, and they closed the last local branch some time back meaning it's online or a long gas-guzzling trip?

Re: There Might Be An Alternative

Since I'm going at this more from a layman's perspective, perhaps I can explain.

1. Imagine your walk into a bar with a pint glass and find everyone drinks their beer by the liter. Sort of a "When in Rome" kind of situation. Which would be easier: getting them down to your level or adapting and fitting in to theirs?

2. RFC791 was necessarily constrained due to the limits of computing technology at the time (think 1MHz processors and where kilobytes were at a premium). It's like the whole "640K" thing. At some point, reality eclipses the imagination, at which point it's time to start fresh.

3. The IPv6 packet format isn't so much more complicated as it is different. It's like an Englishman suddenly getting thrown deep into China. You're just going to have to sit down with the specs and work this bit by bit, much like a language course. One thing about IPv6 is that its most basic header just gets down to the nitty-gritty. The rest of the stuff is optional. Wikipedia provides some relatively simple descriptions and diagrams. Compare IPv6's format to IPv4's. As for the 128-bit address format, that's future-proofing. It's not the first standard to even use it, either (look up ZFS and its thought process for using number formats that large). Current theory is that there aren't even that many molecules in the entire universe. So there's room to solve that other problem I've been mentioning but your system never addresses (complicated routing tables--that MUST be addressed from the root to be effective or you just have TWO complicated routing tables to mess with)..