That’s counter intuitive (at least for you) because in modern society it’s customary to think that people are born tabula rasa and then “it’s all a social construct”. Perhaps we are indeed born with innate preferences, biases, and default sexual orientations …
I don't run FreeBSD, so perhaps a FreeBSD user with a Yubikey will chime in, but as I understand it FreeBSD has Firefox and OpenSSH, and both these programs can use the FIDO feature (which is the focus of the article) on a USB Yubikey to authenticate you successfully to a remote system so it ought to work out of the box on up-to-date software.
The other features like using it to store PGP keys are a bit more fiddly to set going and you may need to read instructions specific to FreeBSD for those.
Only the weird Yubico-specific OTP thing is a keyboard. The FIDO features are HID (Human Interface Device, the USB protocol for keyboards, mice, etc.) but they are not keyboards, when asked what sort of thing they are in HID they say they are 0xF1D0 ie FIDO devices, which means software looking for them can find them in order to speak the FIDO sub-protocol. I presume the PGP key stuff similarly uses its own standard protocol.
What is an ensemble probability of something that has never occurred and is essentially impossible to model? Have you seen all infinite alternate universes? Probability does not make sense.
Compare the following:
What is the probability that you will die today?
What is the probability that you will die today given that you belong to the category of people with A_i characteristics and whose ensemble probability of dying on a given day has been measured?
The insurance industry does a pretty good job of “what is the probability that you will die in the next billable period” - but they would never reduce the bet to “what is the probability that you will die today?”
You say it’s “essentially impossible to model” something that hasn’t occurred before.
Nations have engaged in a lot of wars.
Nations have engaged in a lot of wars they could not possibly win.
People have committed suicide to harm other people. Many many times.
Nations have developed weapons and then used those weapons on other people.
Countries that have engaged in arms races and stock piled weapons have then gone to war. Many times.
In some decades we do more of these things and in others we do less.
To say it’s hard to model, or the models are imperfect (as all models are) - fine. To say it is impossible to model - that’s very naive.
If you are lost in a city would you rather have the wrong map or no map at all?
The person that has the wrong map and thinks that it’s the right map is the one that’s naive.
Regarding insurance companies, you are conflating ensemble probabilities with time probabilities. Insurance companies can estimate the ensemble probability of an event in a group of agents which belong to a certain category and not the time probability of said event on a single agent.
“If you are lost in a city would you rather have the wrong map or no map at all?”
I’d talk to a local, because they have knowledge on the topic. They’re a bit like the experts who have spent years in the field here, whose opinions are being dismissed with straw man arguments.
Generally when a non-expert on a topic says “here is a glaringly obvious flaw with an entire field that has been overlooked by everyone working in that field, that I spotted after two minutes of deliberation” - it’s quite a big call. When they then support their argument with primarily straw man arguments and other bad faith tactics, it’s very weak and okay to just ignore it.
I’m pretty sure we’re in agreement in the insurance policy part.
If I buy a policy to cover my risk of death for the next X years, the insurance company uses the ensemble probability of the group to price that policy (and believes that the risk of me knowing more than them is covered by the fact they’ve factored that in, plus that they’ve insured multiple people in the group and the aggregate will be good even if 1 policy isn’t.)
If I said to an insurance company — okay I want to buy a policy that only covers me for one day - they would not do it. Firstly of course the transaction costs would swamp the cost of the policy, but let’s ignore that by pretending they use some magical technological solution (digital contracts… hardy har har) The second reason they wouldn’t do it is because that’s not how their model works. It has to smooth over time. Over a year, over a lifetime - not over a day. The third reason they wouldn’t do it is because the information asymmetry now dominates. My knowledge of whether I’ll die tomorrow in particular is better than their model. I’m able to price the policy much more accurately than them. The fact I want the policy is a big red flag. (They do offer some very short term contracts such as holiday insurance — but those disclaim every imaginable pre-existing… which is out of scope for this discussion as it’s not something we can do with nuclear risk)
I think we more or less agree on that stuff. Don’t we?
What I’m saying about it is that just as we all know that insurance policies don’t make sense when you reduce it down to thinking about an individual person on an individual day — the nuclear war modelling doesn’t work when (the author of the article) reduces it down to saying it’s like suggesting that Putin flips a coin each morning.
The most likely reason an author would pretend that the models claim such a plainly ridiculous thing is in order to ridicule the models, about a claim they did not make. In this way it is a straw man argument. They are recasting the original assertion into something that is easy to attack. It’s not a well intentioned thing to do.
Essentially trust. If your bank does not have relations with a foreign bank in a faraway country, both can use an intermediary bank that both trust and do have relations with.
Are you following a law or just arbitrarily and unilaterally deciding to do this? I am not Russian myself but I expect a domain name provider to be extremely neutral, unopinionated, and stable. Namecheap is showing to be neither so it can’t be trusted for important domains.
Are they following a law or just arbitrarily and unilaterally deciding to do this? I am not Russian myself but I expect a domain name provider to be extremely neutral, unopinionated, and stable. Namecheap is showing to be neither so it can’t be trusted for important domains.
Cash is completely fungible because there is no clear trace of money from one person to the next.
If someone steals 100k of cash, there is a very low probability that the serial number of those bills were recorded somewhere. And even if they were, you couldn't easily trace the money though complex systems.
Bitcoin on the other hand is a complete and open ledger. When these large heists that constantly happen, it is trivial to identify the transactions that happen afterwards.
Cash is actually anonymous and Bitcoin is only pseudo-anonymous.
Which iirc was the basis for "cleanly mined" btc with little to no transaction history on-chain and tumbler/mixer services that attempted to obfuscate it.
The fact that it’s difficult or expensive to track does not mean it cannot be. Technically it’s possible to force every cash handling business to scan (just like you scan an UPC) each bill.
"This note is legal tender for all debts, public and private."
If I buy you lunch today, you can pay me back next week. We're not "cash handling business[es]", so we wouldn't have to scan.
Second, I don't think it's technically possible. For companies that do business across state lines, sure, but within a state's border, interstate commerce laws don't apply. Each state would have to enact a similar law. And best of luck with that.
Walmart (like all large retailers) spends a ton of effort trying to address e.g. laundering efforts with gift cards, actually. Google around for all the press releases about how they partner with the FBI, etc... They absolutely recognize that they're part of the laundering chain (and that this makes them liable to punishments under AML statutes, of course).
Walmart (like all large retailers) spends a ton of effort trying to address e.g. laundering efforts with gift cards, actually
For example, you can't buy a gift card in an Apple Store without signing a statement promising that you're not buying the gift card because a stranger online told you to.
Sounds ineffective on the surface, especially to jaded tech-types, but it's enough to give real people in the process of being scammed an opportunity to think about what they're doing.
- strict separation of concerns.
- only outbound hiring.
- no hiring of people who can be blackmailed.
- understand your threat model.
- if you were an enemy and had to break into your org, what would you do? Improve that.