The obvious solution to this and other problems is to get these other people into the first world. Free immigration isn't just an ethical issue, it's also a practical solution to a lot of the problems that we as a society face.
Simplistic. There's not enough land/resources on the planet to sustain everyone living a first world lifestyle at our current rates of energy consumption and waste production.
Please, Pakistan is warlike and aggressive because they have been manipulated by the US into believing they can take on India (with US support).
> genocidal violence against Muslim Indians.
What's this about? Partition killed as many Hindus and Sikhs as Muslims and pre-Independence India had little communal violence that wasn't explicitly fomented by the British in order to serve their own ends.
If you're so well read in south asian history, you should also know that there are more muslims in India than in Pakistan and that pretty much none of them would like to switch places with their Pakistani siblings.
"After a stalemate in negotiations between the Nizam and India, mass killing and rape of the Hindu population by Razakars, and wary of a hostile independent state in the centre of India, Deputy Prime Minister Sardar Patel decided to annex the state of Hyderabad."
Wow, good thing that genocidal Nizam was forcibly put down...
Er, how about the section of the article titled "Aftermath"
"After having received information that widespread communal violence against Muslims in reprisal for previous atrocities against Hindus,[17] Prime Minister Nehru sent congressman Pandit Sunderlal and a mixed-faith team to investigate. Reporting back the team estimated that between 27,000 and 40,000 civilians have died and that some members of the Indian army and police force participated in violent acts.[18]" I wouldn't call that a minor overreaction. My grandfather didn't leave Gulbarga in 1948 because he was sick of the climate.
From the cited BBC article: "The investigation team also reported, however, that in many other instances the Indian Army had behaved well and protected Muslims.
The backlash was said to have been in response to many years of intimidation and violence against Hindus by the Razakars."
It's clear we each have our biases, and this discussion could go on.
I only brought up the wikipedia article in the first place to show that violence against Muslims resulting from the annex of Hyderabad wasn't unprovoked. Both sides were wrong in some of their actions though.
Umm yes you are. The genocidal violence was not a one sided affair. Numerous sources say that it was instigated by the Muslim League to further their case for a separate nation.
In any case, the 15 odd percent Muslims in India are proof enough that the word genocidal is not appropriate here.
You know what, if we want to attribute the state of Pakistan and its conflict with India to the British occupation, I'm fine with that too. I'm not spoiling for an argument over this.
There's a satirical Hindi movie called Tere Bin Laden [1] about a bunch of bumbling journalists who find a Bin Laden lookalike and then attempt to trick the US into thinking he's the real Bin Laden.
I watched the movie after Bin Laden was killed and while it's reasonably funny, the part that I found hilarious is this sentence one of the protagonists utters when they run into the lookalike for the first time. In Hindi/Urdu it goes, "Gore saale isko Tora Bora mein dhoond rahe hain aur yeh saala yahan Lahore mein murgi paal raha hai." Translation: "So these fucking americans are looking for him in Tora Bora but who'd have guessed this fucker is raising chicken in Lahore?!" Note the movie came out before he was captured and I found it hilarious that a random Bollywood storyline turned out be the best guess about where Bin Laden was actually hiding.
EDIT: More seriously though, there's nothing surprising here. US agencies funded Islamic extremists in Afghanistan and Pakistan for decades because it suited their geopolitical interests. They were happy to turn a blind eye to the violence caused by Islamic militancy in Kashmir in the 90s. It's only when the Frankensteinian monster got out of hand and turned on the US itself that they started paying attention. But by then damage was already done.
The least you should expect when you upload something onto a cloud service is that your data will be subject to all kinds of algorithmic analysis.
And it's just not tenable for Google to not do this kind of matching. Imagine the flak they would get if they refused to match against a database of child porn citing "privacy concerns." Such a refusal would be neither pragmatic nor ethical.
The link to Ulbricht's identity as DPR seems to go back to the beginning of the site. It seems more plausible he did that interview and made up the multiple DPR story to:
A: Advertise his willingness to sell out.
B: Perhaps toss a bit of confusion onto anyone following him.
How do you propose to spend money from your underworld wallet to buy real things - say to buy a car - without revealing your identity to the merchant? And once your identity is out in the open, how do you propose to evade the undisclosed income investigation that will be inevitably follow.
It depends on how much your underground wallet holds. There was that guy who was successful for many years, laundering dollar bills in person.
If you buy a BMW, your identity will be noted and the transaction recorded. If you buy a bagel sandwich, the clerk will forget about you by noon the next day. So if it's small potatoes, you could be fine.
If you have a ton of cash to move, you are right- in person becomes a bad option. That's when you go back to the basics- you launder the money, like every big-time criminal in history.
Given tptacek and colleagues' paper on the RSA-doomsday scenario that might not be too far out in the future, I think it might be possible to reclaim (steal?) that money in the future.
Obviously when RSA's end nears, assuming bitcoin is still around then, we'll see some sort of managed transition to a newer cryptosystem. I imagine the network will probably support announcing transactions saying something like, "Wallet X will now be known as wallet Y" where Y uses the new cryptosystem. And presumably only the first valid signed announcement will count and make its way into the block chain. It's at this point that I think people with enough compute power might be able to "steal" lost wallets.
Thanks, I did not know that. But there's little reason to believe that whatever encryption that bitcoin uses (presumably EC?) won't be vulnerable at some point in the future.
DES was broken about 23 years after it was designed.
I'd be surprised if 30 years into the future (probably earlier given the incentives we have to break crypto today are so much than those we had in '98) if these algorithms weren't broken.
There is actually no precedent of a cryptographic system relying on computational hardness surviving for more than a generation. And given that our fundamental theoretical understanding hasn't really evolved beyond, "we think a bunch of these problems are hard", things are likely to stay that way for a while.
That's an oversimplification. The field of cryptography has advanced by orders of magnitude since DES and RC4. Each time one of those breaks, we abstract the weakness into a class of vulnerability that the next algorithm will be immune to.
>There is actually no precedent of a cryptographic system relying on computational hardness surviving for more than a generation.
That's because cryptosystems relying on computational hardness aren't that old.
>And given that our fundamental theoretical understanding hasn't really evolved beyond, "we think a bunch of these problems are hard", things are likely to stay that way for a while.
These assumptions haven't really broken though. You give an example of DES, but that doesn't rely on computational hardness assumptions. Asymmetric crypto with a trapdoor function does. There hasn't even been a big breakthrough in the original prime number factorization assumptions of RSA/DH.
I'm confused, how can you break EC but not be able steal people's money?
Similarly, if you found had preimage attack for ripemd160(sha256(x)) (you can find a public key with the same hash as any other hash), how could you not steal people's money?
The public key behind an address is only revealed if you do a transaction to spend the bitcoins in that address. So the public key is effectively secret until just before it is scrapped with normal use.
Say public key x receives 1 BTC in block A. I'm guessing it's encoded as ripemd160(sha256(o)) -> 1 BTC -> ripemd160(sha256((x)) where o is some other public key with sufficient funds. I create a new key pair with public key y, such that ripemd160(sha256((x)) = ripemd160(sha256((y)). From now on let's call this address hash h.
In block B, I make a transaction h -> 1 BTC -> s. Where s is a securely generated public key that I own. I then sign this transaction with my forged public key, which hashes to h.
Can we link IP addresses and hence approximate locations to these wallets using announced transactions on the network? That might be an interesting visual. Maybe not because I doubt anybody was logging bitcoin network traffic in the early days. But doing that even starting today might turn out to be useful. And there's little doubt NSA and friends are likely already doing this.
No IP address is saved in the block-chain. You would need to trust the source of this IP listing service, and still you wouldn't be able to actually prove people's real IP address if they were using systems like TOR to send money.
What is the actual security concern here? Do you think they are storing passwords in cleartext? It's not clear that is the case because they generated the password. Suppose they chose a password for you and stored a secure salted hash in the their database, they would still be able to tell you what the password is because they generated it.
Are you concerned they sent you the password over e-mail? E-mail is insecure anyway and sending you a reset or create account link wouldn't be any better. If you're concerned about e-mail snoopers, what's is to stop the MITM from clicking on the link in your e-mail?
Are you concerned that they cc'd your contact person? If you don't trust your payment provider to not execute insider attacks, you shouldn't use them. Period.
The only advantage I can see to sending a password reset/create type of link is protection against shoulder surfing attacks. But if you have malicious insiders in your company trying to steal access to things they shouldn't have access to, you have way bigger problems than this.
ed: tbh, it's just as likely they fired you as a customer because they felt you aren't worth the trouble of dealing with.
If they send a https password reset/create link, then the password is never transmitted in the clear and nobody knows it. In the case of an email snooper getting access to the password-reset link and clicking it before me, I would immediately know that there's an attack because, well, the password was reset to something different from what I entered, and I'd receive a notification about that, too.
If they generate and send a plaintext password, then anyone who gets access to that email, even months in future, can silently access the account. So there is a difference.
Also, the whole concept of having a cleartext password sent unencrypted anywhere at all clearly violates PCI DSS requirements - and it is Ayden's duty to comply and be knowledgeable about that.
There's not a question of good/bad service quality, it raises a question if they're meeting the bare minimum criteria to be allowed in payment business at all.
If they generate and send a plaintext password, then anyone who gets access to that email, even months in future, can silently access the account. So there is a difference.
True. But in any case, the simple PCI rules state that passwords for any account accessing the payment systems can't be stored or sent unencrypted period, no matter what.
There are many things where what's completely okay for 99% companies is unacceptable (as in, a valid reason to break contracts and incur penalties of size that can bankrupt the company) for payment processing companies.
So what does it say about the company and how they treat security? What are they doing in the parts that are more tricky to get right and less visible to customers? Have all their systems, including that one, had a proper external audit recently - and if yes, why wasn't it noticed?
They don't know the security rules that are mandatory for them?
They intentionally break them for some reason?
They are simply sloppy with security and don't check if 100% of their systems are done properly?
That some systems that they give their customers for testing are low-security and don't matter, but "don't worry everything else is done with a completely different attitude" ?
They were going to fix it but didn't notice it before the feature was already live?
Can you give me one single sane reason that would excuse them?
Regarding "If you don't trust your payment provider to not execute insider attacks, you shouldn't use them" - the trust is partly supported by a long list of things that a payment provider must do to reduce insider attack risks. This includes an obvious requirement that their contact person can't access or know the user's passwords.
So yes, if they're demonstrating that they can't be trusted to do even the basic precautions for preventing insider attacks, you shouldn't use them. Period.
