Forgot your password?
typodupeerror

Comment: Re:let me correct that for you. (Score 1) 501

Without energy scarcity, most can be automated. The most scarce resource is not energy--that's the second most scarce, and it's distanced greatly from the third. The most scarce resource is people who want to work for the common good, our philosophers and our philanthropists.

When we have enough energy that we only need their labor to direct largely-automated processes, we will have zero scarcity.

Comment: Re:let me correct that for you. (Score 1) 501

Above is a bunch of words.

To summarize: by dividing up all direct welfare costs (not including medicare/medicaid), it's possible to dole out enough money that even the unemployed have--just barely--enough money each month to obtain livable housing, food, and other basic needs above the cost of supplying these things. That makes them a target for businesses to pump them for every dollar they have, which is easiest by supplying them with the things they need.

I've worked out that it's feasible. I've largely worked out where the money comes from. I've avoided risks in calculations by deliberately tilting the error out of my favor, so any uncertainty is opportunity rather than threat. I'm now working on implementation and transition details, and playing with the numbers to generate charts and graphs and interesting points.

Eventually, this will become presentations, speeches, and campaigns. I have time: the basic welfare concept is an unconditional basic income, which is gaining mind share; I've begun the refinement of a welfare plan that exchanges our system with a UBI-based system, designing both the transition and the final state to maximize stability and success.

If it works--and it's almost certain to work, if only I can get it implemented without tinkering (lowering/raising the benefit, feeding it from a graduated tax, etc.)--it will provide a stable welfare system with no welfare traps, immunity to income inequality (it simply doesn't affect the amount of tax collected and the benefit paid out), robust against economic damage (such as the mid-2000s financial market collapse), and resistant to consequential effects of free money (if UBI is too high, you start encouraging inflation--far too high and you get hyperinflation; the system collapses before the benefit is high enough to reduce work incentive).

The obvious result is nobody needs a job. Life is not pleasant unemployed, but you're not going to starve to death sleeping in a puddle of your own piss in an alley. Scarcity won't threaten *living* day-to-day, because you can always eat and always go home out of the rain.

By the by, I've learned that *knowing* the solution and *implementing* the solution are two different things. This ranges from knowing that it's possible, knowing how it's possible, but not knowing the details; to knowing everything but not knowing how to make people do it; to knowing it all, having the opportunity, but being unmotivated to make the time or take the effort. This is most hard when trying to change the world: everyone wants to just tax the shit out of the rich, but, when you're working for the greater good, the first person you should ask something of is yourself.

Comment: Re:let me correct that for you. (Score 1) 501

It's been done that way, but that's far different. The mincome experiment was small scale, finite, and not set up the same way. It's like calling out unemployment or social security: there are a thousand ways to do this, and most of them are wrong; in this case, you've found a way that was temporary, and possibly non-optimal for a long term solution.

To make a car analogy: It's like someone said they could build a horseless carriage, and you're like, "You mean with an engine, right?" Yes. Coal, steam, liquid fuel? Gasoline, diesel? What topology of engine? What kind of drive train? Have you ever tried driving without power steering and power brakes? What about emissions control?

Comment: Re:let me correct that for you. (Score 1) 501

It's just barely possible to solve poverty. Nobody goes homeless, nobody goes hungry.

The numbers are irritating me for the moment. Transitions are possible, and inexpensive; I actually have the change-over working now. What gets me is the new tax structure doesn't increase or reduce government spending or deficit, but it makes anyone earning under about $100k slightly richer; up around $400k, they're just below 3% poorer (about $8000/year); then it rebounds, until you hit $19,467,000 income, at which point taxes break even. Above that, taxes are actually lower.

The wonky dip right at the upper-upper-middle-class is a result of converting all welfare taxes to a separate flat tax, but keeping the remaining graduated income tax system and subtracting out welfare tax proportionally. I think I have data enough for an 87% pitch rate--higher, because those people can demand a salary boost (they're in power positions) from businesses that are getting taxed a hell of a lot less than the salary dip (i.e. the market can make it up and still come out richer than they started).

Numbers without context. Check the 2013 tab. Note that there is error: Anywhere with risk (i.e. risk of incorrect math, risk of states eliminating welfare but not turning down taxes, etc.) I tend to work on more conservative numbers (i.e. I'm working on federal numbers, but not considering that states will eliminate some expenses, because they may not decrease taxes as a result--and thus not).

I'm also working entirely by federal numbers, not calculating in the state/local taxes at all. I've also ignored the standard deduction entirely, so you can imagine that people are getting that straight +$7125 right up to some $5800 of income(!), and then everyone has $5800 more than listed (because I didn't factor it into their income at all, so the amount of taxes I'm calculating are based on income that's actually $5800 higher than listed).

Yes, that's pretty much taking all the direct welfare money, chopping it up, and paying it out to everyone over age 18 equally. What's not listed is transition strategies or full final state--which includes a full and immediate repeal of minimum wage. I also don't dive into any of the impact of the system (market force impacts, ability to resist economic downturns better, improvements in economic activity, etc.). I've thought of damn near everything.

Comment: Re:let me correct that for you. (Score 1) 501

The scarcity that prevents us from manufacturing gold by dumping excessive amounts of energy into a fusor, the way we manufacture molybdenum and cadmium.

Do you honestly think I couldn't make use of, say, 50 times the entire energy output of the earth's generation facilities if you gave it to me?

Comment: Re:Derp (Score 1) 164

by bluefoxlucid (#47499923) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

your characterizing Windows as "retarded" for not distinguishing between 750 char/s and the much faster network, was illogical.

There are two parts to that.

The first part is that the network log-in source can be grouped as an infinite number of terminals--lots of connections--so a per-connection rate limit is useless; thus all network service log-in (caveat: Active Directory handles console log-ins... over network) must be grouped as one thing to be effective. Console log-ins are separate so that a network attack can't function as a DOS; as well, the risk is mitigated because you can't enter passwords fast enough for any use.

The second part is that a console brute-force is slow. Your concern about what amounts to typing really, really fast (i.e. programmed HID plugged into USB) isn't a real concern because of password complexity. It's not that passwords are necessarily that complex; it's that a password which isn't complex enough can be readily brute forced under strong password policies like "3 passwords per minute", it just takes a week or two.

You dismiss the possibility that weak passwords are used, so that hardware password attacks are dismissable, but at the same time address the problem that these same non-weak passwords aren't strong enough to withstand network password attacks without lock-outs?

No, I dismiss the possibility that short lock-out intervals help with weak passwords.

You can attack 129,600 passwords per 30 days if you have a 3 failure per minute policy. Basic English 1250 extends out to about 5000 words with conjugations and domain language (medical, legal, whatever) for most people. Weak passwords in the traditional complexity scheme are like "rainman" becomes "Rainman1", so 100,000 attempts has a fair chance of getting it eventually. That's within the realm of a hardware keyboard typist. Common policy is 60 or 90 day retention, which increases the risk into strong viability; while public kiosks are too visible for a multi-hour console log-in attack, which makes these attacks less viable even at high rates.

Complex passwords reach 10^14 theoretically, and four-word passwords reach 10^16. Reasonable rate limits of 20 attempts per minute carry this out to hundreds of thousands of years. A human can type barely that fast. Remember the original argument:

Windows does stupid shit like lock the local console if you set up rate-limit log-in...when logging in through the Microsoft log-in manager.

If the attacker tries to log in over RDP or telnet or such, and locks the account, the actual console log-in box no longer works. That's dumb, because no attacker can possibly brute force the password through that, unless the password is laughably weak--in which case, as stated above, the rate limiting doesn't actually help.

tl;dr: I can lock you out of your server by constantly trying to log into your server, so you can't apply patches anymore. Then I hack it on Tuesday.

Comment: Re:Derp (Score 1) 164

by bluefoxlucid (#47485661) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

BTW, the person who coined "movie plot security threat" doesn't exactly agree with you [schneier.com].

That's for keyloggers, not key entry. Typing is different than reading.

Where did this "750 characters per second" come from? Is this a limit built into Windows? USB 2.0 runs at 35 MB/s, according to Wikipedia.

There's this link that references USB-HID specifically at 750 characters per second. I can't find other references to USB HID rates, and the HID protocol is semi-flexible (i.e. it's really fucking hard to implement NKRO on HID, since HID keyboard protocol specifies 6KRO in boot mode; but you're free to implement an alternate HID protocol once your keyboard's out of boot mode).

OTOH, comparing the "1-2 second turn-around" in your reply to the "750 characters per second" undercuts your original argument as a whole

1-2 second delay is an expected human-facing turn-around: this actually happens on most modern systems. I pointed it out and then theorized eliminating that rate limit entirely, instead relying on the limits of the HID keyboard protocol at 750 characters per second, which is the faster measurement and thus can be taken as a worst case.

Your naivety about the average entropy in a typical 8 character password is striking.

We're talking about theoretical password complexity here, not dictionary attacks. If you only have 5000 or so passwords to try, a rate limit of 5 seconds to enter each will give you a maximum time of less than half a day. That's a rate of 12 per minute. Even at 3 per minute, it takes barely over a day; weak passwords are quite weak.

I also consider the full entropy of an 8 character password as a weak measurement. My typical recommendation is all lower case, with the space or underscore, and minimum 16 characters. This is to enforce a 4 dictionary word standard (passwords like "red_ant_room_lake" illustrate why so short), although you could say 20 characters and all full dictionary words, minimum 4 (which means 5 words sometimes!). The entropy is much higher even with small vocabularies.

In other words: I used conservative numbers. Real world numbers FOR A HARDWARE PASSWORD BRUTE FORCE DEVICE will involve longer time frames (log-in subsystem delays), higher-entropy passwords, and so on. I also made a final comment about console scripts and the complexity they add--because they're vastly faster than hardware HID brute force devices.

Because hardware brute force devices are not useful--not faster than a human in any reasonable case and, even then, not fast enough to actually crack anything--your proposed attack is a movie plot.

Comment: Re:it is the wrong way... (Score 1) 288

by bluefoxlucid (#47484937) Attached to: Australia Repeals Carbon Tax

Capitalism works, but not as just "let the market handle everything." I'm working on transitional plans for a new economic strategy that makes capitalism actually work (permanently); I already have the end state, and also have proven that it works both in the end state and in transition. There is risk due to variation--an improper transition can actually not work--so I need to work out that kind of stuff and set up a full end-to-end plan that follows a path that works.

Fortunately, changing an economic system is a simple project. It works like any other project, and you can rely on all the stuff normal projects are bound by. For example: All the risks in transition fall away as you pass them. For example: I have to spin social security, food stamps, and HUD down. I also want to eliminate unemployment *and* minimum wage; these carry less risk.

Unemployment carries approximately zero risk: nobody on unemployment will come out receiving *less* income, so you can just cut it off. Likewise, repealing minimum wage carries little risk: I'm transitioning from a strategy of avoidance to a strategy of transfer and mitigation, and the risks of low wage are largely shifted onto the employers rather than the employees. These are easy.

Social security can't be cut off immediately: people rely on planned finances, and will face an economic situation they can't compensate for if faced with a significant reduction in income. To handle this, I have to avoid the risk: Social security is grandfathered for 15 years; anyone who isn't of retirement age in 15 years isn't getting social security. That actually carries a risk of high tax, but it's 6.8% (social security is currently 12.4%; I'm reducing OASDI to 6.8% immediately, but still providing the full benefit until everyone who starts collecting before a time 15 years in the future dies). That risk stays around for probably 30-40 years, but scales down after 15. Risk strategy: avoid.

HUD not so easy: the housing subsidy is less predictable, and will invoke market forces. Food stamps, EBT, WIC, same deal. These require complex transitions, and *any* transitions put people at-risk. The design requirements here explicitly require not putting people at-risk, but also require not raising taxes. Grandfathering is an immediate avoidance strategy: the additional tax burden for HUD is under $50 billion, about 1/10 of social security. Food security around twice that.

As people leave the grandfathered systems, risk decreases. HUD is small, and quick: the turn-over in WIC, EBT, and the food stamp program is bigger than Social Security, so it'll fall off in 5-10 years. Likewise, the tax burden from Social Security rapidly decreases after 15 years. HUD falls somewhere in the middle, and carries a long tail: working-age people are supported by HUD and come in and out, but some of the young ones will *never* exit until they die; thus there will be a short period of rapid cost decrease, followed by a very slow decline.

See? It's all temporary risks; and, as you pass the risks, you gain more flexibility to handle further risks. Just have to minimize the risks, move the easy ones up-front so they can be culled quickly, then manage and control the remaining risks as they shrink slowly.

I'm pretty sure I could get this started, technically (not politically), in under a year. At that point, immediately, taxes are *slightly* lower; give it another 1-3 years and nobody goes homeless or hungry in America ever again.

Comment: Re:Derp (Score 1) 164

by bluefoxlucid (#47484661) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

That's called a movie plot security threat, and it's not a concern.

Aside from all the obvious shit like "how do you get in there unnoticed?" and "How does it know to start entering passwords?", you have the speed of the bus. Even without a 1-2 second turn-around for testing a password, keyboards can only enter 750 characters per second. That's less than 100 password attempts per second for 8 character passwords, or 10^12 seconds to try them all. 800,000 years!

In other words: console attack via keyboard is no threat. I proscribed accounting per-tty direct console attempts separately because of shell scripts (on the console), which might lock you out of sudo in x11, so you open a new xterm and get pts/17 and sudo there. Of course that creates other oddness (users can create terminals, i.e. screen, xterm), which needs addressing.

Take your work seriously but never take yourself seriously; and do not take what happens either to yourself or your work seriously. -- Booth Tarkington

Working...