Profile cover photo
Profile photo
Adam Alexander
7,121 followers -
Software Developer, Science Fan, Father
Software Developer, Science Fan, Father

7,121 followers
About
Adam's interests
View all
Adam's posts

Been looking for a replacement for "man up" for a while now.

Think I've found it.

"Fortify."

Idea stolen from one of those images of tumblr reblog comment thingies that get shared around The Book of Face, that I'm too lazy to download and share here.

Post has shared content
Repeat after me:

Biometrics are only authentication when supplemented by a guard.

Governments in developed nations are very good at tracking births and deaths.

Their taxes depend on accurate resident counts.

I'm going to talk about cryptography, voting, and universal basic income. These are important topics so follow along, even if you don't understand all nuances.

If governments can be tricked into issuing asymmetric cryptographic keys to its residents and publishing a list of public keys as well as basic facts (are they still alive? Are they a resident of such and such voting district?) but not personal facts (name, home address), then a universal basic income is inevitable.

Such a list would be pseudonymous. That is, the average Joe wouldn't care about someone's public key any more than they pay attention to phone numbers or SSNs. Organizations with enough resources would be able to de-anonymize such a list pretty easily, though. It's the same as using a credit card or Bitcoin address.

The perfect system for this, in my opinion, would be voter rolls. Such a system would enable cryptographically verifiable voting, where if there is any question of fraud, it can be found with a very simple investigation.

However, because the published public keys are pseudonymous rather than anonymous (and no cryptographically verifiable voting system could ever have its public keys be anonymous, any more than water could be tin)(high energy particle physicists shut up; fusion is not an option, and if you did convert the hydrogen and oxygen into tin, it would still stop being water, so my analogy is sound), they can not be used in a naive voting system directly.

To restate the last paragraph and clear confusion over the tangents, a naive voting system with cryptographic verifiability is impossible. This is because one part, the public key and voter rolls, need to be pseudonymous and open, and the other part, the actual vote, needs to be anonymous and private. The anonymity of votes is absolutely essential to any voting system, because of vote selling and retribution.

I have a potential solution, akin to tumbling bitcoin payments. The total in matches the total out, and only the private key holder can put a vote inside the system, but the votes are grouped and mixed, and without the election's master private key (which should be split between different parties (courts, legislature's majority and minority party leaders, executive branch), and should raise all sorts of warning signs if the private key were ever accessed), no one person's vote could be tracked back to their public key. Election fraud could be identified in minutes rather than months/years.

Also, anyone with the private key can vote from anywhere, will get the correct ballot for their registered voting district, will verify that their vote is received and counted, and need not be in a polling station in person. I'm absolutely certain that librarians would uphold the sanctity of the voting process, in case polling stations are closed in low income communities.

Once such a voter roll was in place, it creates the perfect system to initiate a universal basic income using the same technology that is already in place for bitcoins.

And, such a system could have automatic taxes, benefiting governments who are forward thinking enough to adopt it. Such a system could include the same elasticity that the Federal Reserve and other systems in other nations use to eradicate deflation and minimize inflation. (Inflation may occasionally be bad for a currency, but deflation is always bad for currencies. Bitcoins are a commodity, not a currency, because bitcoins deflate.)

Bitcoin's own security means that it will never be a universal income. Besides making for the absolute worst currency imaginable due to its built-in deflation, it uses a proof-of-work system to distribute "new" coins. The more money you have, the more resources you can point at completing proof-of-work calculations. The rich get richer.

If, instead, the block verification algorithm was down to a verification that you haven't died yet, by logging in to a computer once a week and sending a message, not only will the electric companies lose a specific type of customer, it will allow "new" coins to be distributed equally among all users.

One thing: Transaction fees. It's currently possible, though unlikely, that entities like the Federal Reserve will need to take in and destroy more money than it issues. They can do that with interest rates and by technically loaning out the currency they print to banks rather than just issuing it unencumbered to the public at large. With Bitcoins, the transaction fee is supposed to be incentive for the miners after the "new" coin reserve is exhausted.

With this UBI system, the fee would just be a flat sink. Each transaction should have some fee associated with it, in case the UBI portion of the algorithm needs to distribute less cryptocoin than it takes in, to prevent exaggerated inflation.

I mulled over time based transaction fee changes, and decided against it. The idea is, to discourage paycheck-to-paycheck spending, have a fee that decreased as the money sits unspent. On the flip side, to discourage hoarding, after a point start increasing the fee on money that has sat unspent for a very long time. However, I'm convinced that this will only work to raise expenses for the poor, and will leave the rich to hoard using other means, simply by keeping their wealth in other forms (real estate, Bitcoins, as well as other commodities and investments).

I welcome input from financial experts... It's certain that once there is a verifiable public cryptographic key published for a region's residents, that a blockchain currency/commodity will spring up around it and attempt to provide universal basic income. I'd rather it be done right, rather than be done by someone like me (computer nerd) without input from economists.

How I knew the psychic was a fraud:

They accepted the check.

Post has attachment
A smattering of interviews of Carl Sagan (with a few duplicate clips).

https://www.youtube.com/watch?v=_D4DyJHKqfg

Dr. Sagan is always worth the watch... Articulate, soothing, and informative.

Post has shared content
Needs a third note:

Everyone, just put it down.

-- yourself at 2am after a night of drinking.

Patreon used to allow Google Authenticators as a 2nd factor.

Now they only allow SMS.

I sent them a message.

The final paragraph told them to stop being dicks with our accounts.

I should have used some more colorful language throughout, but I usually reserve that for when I have evidence of storing passwords in a way other than hashing them.

Anyone who uses Patreon, please point out to them that SMS is the worst form of 2 factor and is deprecated by standards bodies like the NIST.

Random microcontroller (maybe even an ARM processor) project idea of the moment:

Portable radio that includes an SDR as well as WiFi with the ability to negotiate a radio station's streaming music. (For instance, if you're in Phoenix, you can listen to FM 89.5, but on roadtrips, set up a wifi hotspot with your phone and stream from kbaq.org). SDR logic should get the digital signal and read the station's call sign, switching to the stream when available and broadcast quality is degraded or some other station's signal is stronger.

Two outputs: standard headphone jack, and a digital output that would allow the music to be amplified without distortion (since it's portable, the analog signal coming out of the headphone jack will be low amperage, so any amplification of the analog signal will be distorted).

Secondary device: high amperage docking station that can drive larger speakers. Docking station allows recharging of the radio.

Alright, techbros, a quick dressing down in response to the WannaCry worm and ransomware.

You don't get to blame the victim. Organizations like hospitals that don't update their OS typically have very good reasons.

Like, they literally have life-and-death reasons.

You know as well as I know that every time an OS is patched, there's a chance the computer will never reboot without a wipe and re-install. You know that it's as likely to happen to experts as it is to happen to users. At least, you should know that, being a techbro and all.

What if that computer was running a Machine That Goes Ping? No, not the one in Meaning of Life, but an actual lifesaving piece of equipment that operates like a black box, but does so in an effective and somewhat expensive manner? If the Ping is resetting someone's heartbeat while they're waiting for a permanent pacemaker, do you really want to run an automatic update on it? If it's running perfectly and costs the annual salary of 10 nurses to repair it, do you want to run any update on it?

If you said yes, step away from the risk assessment forms. A hospital's insurance might pay for repair after a virus attack, as that's usually outside the hands of the staff. They'll fight paying for a repair after some technician was mucking around with it, even if that mucking around is what we computer professionals consider to be routine maintenance.

What about the workstations around a hospital?

Well, have you ever worked with HIPAA compliant software? Have you ever written HIPAA compliant software?

Bottom line, writing a new version of software that can be used to handle patient records is expensive. Some of that software was written way back in the golden days of Internet Explorer 6, and actively ties into the IE6 DLLs (in-application HTML parsing was all the rage. It really was a great idea, just had unintended consequences of keeping any workstation with that application from ever being upgraded). You web developers out there railing against the blight that is IE6? Well, that's why it's still out there, because it would cost a team of 25 developers and 10 lawyers about 3 years to replace the current HIPAA compliant software out there. I think most hospitals would rather have 25 nurses and 10 doctors on their payroll than spend all of that upfront on a copy of software that's going to be rolled out once to one hospital only (so the software devs had better collect their costs on the first rollout) and will be, like its predecessors, obsolete and buggy in 3 more years.

If you want to change that, write some open source HIPAA compliant software. Don't blame the hospitals who are locked in by poor choices -- by choices that we know were poor only through the perspective of hindsight.

Think they should stop using Windows? You're delusional.

But, to actually address this...

Macintosh computers are a decent operating system built to run on top of the line hardware. The parts of a modern Mac can typically be bought for $2,800 if you know where to source it, and the same Mac typically sells for $4,000. That prices the OS at about $1,200 per seat, depending on the model of Mac that you get (and the OS isn't generally available without buying the hardware anyways). People like me rage that an open source OS (FreeBSD) shouldn't have a fresh coat of paint slapped on it and sold for $1,200, before the company neglects a decade of security patches. People like hospital administrators look at the price of $1,000,000 of more-than-good-enough compared to $125,000 of works-perfectly-well to put computers in every nursing station on the patient towers and don't even think about the OS.

Linux, on the other hand... Look, I have Linux installed on one of my home computers. I love it. I use it frequently. Unlike users, I can write a cron job. People who don't know how to write cron jobs don't like Linux. They might be able to use some of the GUIs that come with some distros, but they don't know how to use most of the programs, they don't recognize most of the programs, and GIMP is a crappy replacement for Photoshop. Also, nobody has written HIPAA compliant software for Linux.

You want to help hospitals evade attacks like WannaCry?

Maybe you can write a hospital-oriented Linux distro. Maybe you can write open source HIPAA compliant software. Maybe you can find a way to manage the one of the hundreds of Machines That Goes Ping without needing to expose any network interfaces.

But don't blame the victim.

Personally, I'm looking into creating open source workstation backup systems... something that backup services can base their work off of, that sets a minimum standard of usability and security. (And if anyone wants to help me in that financially, ask me about my Patreon page.)
Wait while more posts are being loaded