Is it not immediately obvious that this is a Very Bad Idea if we want to truly maintain a "healthy democracy"? Do we really want to have it public knowledge how every single person voted, along with their address and phone number? What is to stop "poll verifiers" from "reeducating" people on the "appropriate choices" to be made? To be clear, I mean that there is a small fanatical subset of people who will commit violent acts on people who do not vote for their preferred candidate. Did we already forget the calls to execute a sitting vice president because he followed the existing laws?

If you want to restore faith in the election, perform manual spot-checks of machines along with two independent records of the vote. When the vote is close, conduct recounts manually in the presence of neutral observers. Even allow non-neutral observers provided that equal access is granted to all interested parties. In fact, this is exactly the process done, and in the thousands of polling precincts using independent voting methods, hardware and software, NOT ONE was shown to have any error that would have altered an election. If you want to restore faith in the electoral process, stop spouting baseless lies and accept the fact that your preferred candidate lost.

Dear god, no. What happens when the building catches fire and burns to the ground? Who do you pay the ransom to in that case?

Disaster recovery is all about recovering from ANY (conceivable) disaster. This means write-only, offsite backups and a regularly-tested process for restoring from backups. Also nice would be a contingency plan to run in a degraded state during the recovery (paper forms, telephone banks, etc.). Any data infected by ransomware should be treated as permanently lost (accidentally deleted) and restored from backup after the security hole is plugged.

Of course, there's limits for each organization about what constitutes a "conceivable" disaster. In the case of a large city like Baltimore, perhaps that's 2 data centers in separate buildings on different grids with redundant power. You're still vulnerable to a massive catastrophe that wipes out the entire city, but you've got bigger problems than your data at that time. A state or a country probably needs more robust backup and contingency plans.

We have very similar "levels" in the US, unsurprisingly.

The police may conduct a "voluntary interview" with a person. At this point, they do not need reasonable suspicion that anything has happened; think of it as a "friendly chat." The person being interviewed is under no obligation to talk with the police and may leave the interview at any time. If you are a suspect being questioned at this level, the proper response to all questions is simply "Am I being detained, or am I free to leave?"

If the police have reasonable suspicion (a very low bar) of a crime, they may conduct a "custodial interview." At this point, the suspect being questioned is being detained, and is not free to leave. At this point, the suspect should be informed of their constitutional rights (Miranda warning). If you are a suspect being questioned at this level, the proper response is, "I would like to speak with a lawyer before answering any questions"

If the police have probable cause (bar gets higher, but still pretty low), they may then place a person under arrest. Arrest here means formally charging a person with a crime, mugshots, fingerprints, etc. If you're considered a flight risk, you might go to jail until the court date.

Of course, to get a conviction, the police / prosecutors need to prove beyond reasonable doubt all elements of the crime. A primer on the "levels" of proof:

- Reasonable suspicion: Something bad may have happened, and you might be related to it (there's a broken car window, and you were nearby).
- Probable cause: Something bad happened, and you probably are related to it (there's a recently-broken car window, and you were running)
- Preponderance of the evidence: Something happened, and it's more likely than not that you did it (recently-broken car window of your ex, and you were running away from the car)
- Clear and convincing evidence: Something happened, and it's pretty darn clear you did it (recently-broken car window of your ex, you sent a menacing text saying "watch out", and you were running from the scene)
- Proof beyond reasonable doubt: Something happened, and there's no other reasonable explanation (same scenario, but there's a rock on the driver's side window with your fingerprints and an eyewitness that saw you do it)
- Incontrovertible evidence / Proof beyond all doubt: Something happened, and there's no other explanation (same scenario, but you're the only other person on an island, there's well-lit HD video evidence from multiple angles showing the crime, and you confessed)

Let's assume for a moment that the furloughed employees don't get their back pay (dick move, but they are not necessarily entitled to back pay for work not performed). IIRC, only 350,000 are furloughed while the other 450,000 are working without pay. According to the FLSA, these are due liquidated damages (double pay) for a missed paycheck. So, let's run the numbers:

800,000 paid $2500/mo (say, $85/day). Shutdown now 21 days old, so we've saved ~$1.4B.
But, the 450,000 still working need to be paid, so these people are collectively owed ~$1.6B.

By your math, every day the shutdown lasts costs the govt. ~$10M in salary and penalties alone. If you give the furloughed workers back pay, you're talking about losing ~$70M every day, just from salary expenses alone. Once you tack on the cleanup (both figuratively and literally), we've probably already spent the $5B on this shutdown. To double down and throw $5B more at a pet project is beyond the pale at this point.

You also have a legal right to choose to NOT engage in lawful activities. In this case, employees of the lottery commission choose NOT to play the lottery, and in exchange, they get a paycheck from their employer. The immediate family also presumably benefits from this compensation and also waives their "legal right" to play the lottery.

It's simple: if you want to play the lottery, don't work for the lottery commission. There are very similar rules in most areas of legalized gambling; I know that Vegas also has rules about regulators gambling. As a regulator, you want to avoid even the appearance of impropriety.

Huh, that's a novel idea! I'm so glad that someone came up with a great way of making things work in the 21st century!

Since these "health club shares" are so exclusive, let's call the annual payment a "premium" because it's so awesome. Of course, we can't have someone who pays this "premium" going to the doctor too much, so we'll charge them a small amount every time they see the doctor. Let's call this a "cooperative payment" .. no, that's too long... "co-payment" is much better! Now, of course, this group of doctors is going to need a name. Because we're trying to keep everyone in good health, instead of calling this a "health club" because that sounds too much like a gym, let's call this a "good-health-keeping club"... no too long again... "health maintenance club" is much better. But wait, this group of doctors is so large, it's not really a "club", more like an "organization".

You know what I just described? Freaking INSURANCE (specifically, an HMO)!! It's not new or novel! Now, here's what was happening pre-ACA:

OK, now that we have our "club", we don't want anybody to actually USE our doctors and make us pay more than we're collecting annually, so we won't let anyone in who has ever had a heart attack, stroke, cancer, or currently has diabetes (type I or II, don't care), is overweight, has high cholesterol, is over 55 or smokes. Now, to make sure that we don't pay too much, we're only going to provide $50,000/year of coverage, after that, you're on your own, and we won't pay for more than $250,000 over your lifetime. Oh, and although we're a comprehensive network for all of your health care needs, we won't cover you for having a baby, get depressed, or need most specialty care. Also, since only half of our subscribers are women, we aren't going to make everyone pay for those icky women's exams, so we won't pay for those either. Basically, you can see your family doctor (make sure to pay your co-payment up front, please!) and then it's on the streets for you!

Does that sound like an awesome way of going about things? Note that all of the above exclusions/limitations are REAL riders that I have PERSONALLY experiences with insurance pre-ACA.

I love how someone can take an old idea, repackage it and then "this will save all of our problems!!"

That sounds really complex, and potentially expensive as the number of devices scales. Also, fragile and difficult to maintain.

The easiest way is just use LUKS and a secure passphrase.

If you want to restrict knowledge of the passphrase to admins but allow users to reboot, that's a harder problem. However, If you have a TPM chip, you can use it to secure a random LUKS passphrase that unlocks only in a verified clean boot. You'll need trustedGRUB and tpm-luks, but it does secure against fairly sophisticated attacks. It even allows someone to have physical access to the machine WITHOUT having total access.

If you're concerned about the CIA/NSA/FBI/TLA coming into your space and performing a cold boot attack, this won't help, but then again, there are very few technological defenses against a determined nation state adversary.

If only there were a way to define a generic way to tell if two "things".... let's call them "objects".. relate to each other when doing sorting. Then, for each "object", you could compare it to another "object" and see if it is less than, greater than, or equal to the other.

I know, we can make a generic "function" of an "object", and call it.... "less". If you're in a sane language (sorry, Java), you could even use the "<" symbol to compare two "objects". Then, any sort algorithm can use this function to compare two "objects" and figure out where it should go in the list.

Then, we can put this algorithm in some sort of "library"... maybe a "standard library" in which sort algorithm developers can implement different sorting methods. Then the programmer uses this "standard library" to sort his/her list of "objects".

Apologies to anyone who's using C and actually DOES need to implement their own sort, but if you're using literally any language developed in the past 30 years, you have no business implementing your own sort function outside of a homework assignment. The only potential exception to this is if you are in fact a developer of sorting algorithms, and all 3 of them know who they are.

I speak from experience... Even with the breaker off, a capacitor can still deliver a nasty electric shock.

For fun, disassemble a disposable camera with the battery out. Only getting its power from a removed AA battery, the process can be.... electrifying.

Not necessarily. Think about Edward Snowden, who had to pass through all kinds of security to get access to the data that he leaked. Would it have been easier for him to go to Initech and be their lead sysadmin, leaking all of their proprietary data? Certainly, but the perceived reward to him wasn't worth the risk of doing that. However, his perceived reward in leaking the NSA documents was so great that he undertook a concerted effort to undermine the many levels of security they had in place.

Note: I'm not advocating for/against Snowden. Just using him as an example that not every person goes for the lowest hanging fruit.

And of course GPS is nothing more than very accurate clocks in orbit. So you're still using a clock to get your longitude (4 of them, in fact!).

It's my understanding of current case law (IANAL) that a combination to a safe is considered "testimony," and thus protected under the 5th amendment. A safe key, on the other hand is not (this is why I specifically chose a combination). Of course, nothing prevents the police from going to the manufacturer for help in opening the safe, though nothing obligates the safe manufacturer to help.

On a related note, if your passphrase is "I totally killed those 3 guys on October 26, 2006", that's probably testimony that would (SHOULD) be protected under the 5th amendment.

Besides, nobody can FORCE anything from your mind ( https://xkcd.com/538/ notwithstanding). The worst they can do is throw you in jail until you comply (or they get bored). Worst case, they convict you for "obstruction of justice" or some similar nonsense. If you're facing a surefire Murder 1 conviction if you do reveal your key, there's simply not much incentive to help out; you'd have to weigh the value of the unencrypted data with the consequences of not revealing your key.

For historical examples, see the origins of "pressing for an answer": https://en.wikipedia.org/wiki/.... If you entered a plea, the trial could continue, and if convicted, they killed you AND took all your property (leaving your family destitute). If you never entered a plea, you simply died under the weights, but your family got to keep your estate. So, standing mute was a rational decision if you knew there was enough evidence to convict because the punishment for not entering a plea (death) was better than being convicted (death AND bankruptcy).

Absolutely. However, I don't believe that anyone is compelled to divulge the combination to a safe; rather law enforcement hires someone to forcibly open the safe. If they can't open the safe without destroying the contents inside, that's just too bad.

You can absolutely search my encrypted smartphone with a warrant. How much information you'll get out of it without my key is debatable, but nobody gets to know my passwords (aka combination). If the police are able to crack the encryption, good for them. However, I'll continue to trust math to keep my secrets safe.

The problem with that thinking is it leaves you open to spying from everyone, not just the government. Let's assume we allow some cryptosystem that has a back door / master key. To implement the system, you have to publish the specs which will be viewable to all (don't get me started on export control; it'll get out). Someone much smarter than you or I will realize the back door and exploit it to snoop on highly sensitive encrypted traffic... say online banking. Then joe six-pack gets a little pissed when he finds out that his bank account was raided and now he has no money. Oh, and since it was his password that was used to withdraw all that money, the bank won't be returning that money.

So, how does joe six-pack feel about broken encryption now?

No; a true OTP is NOT the same as pseudo-random OTP. For an illustration of this concept, let's assume that your adversary knows your algorithm for generating the pads but has no information about the shared secret between you and your partner. To make things easier on your opponent, let's assume that he knows that you plan to encrypt a 1GB plain-text ASCII file.

In the case of a true OTP, you and your partner must share 1GB of data securely. Because the pad is truly random, any 1GB ciphertext is equally likely, so your opponent must consider every combination of 1GB, meaning 2^(8e10) equally likely ciphertexts. This is basically secure for all eternity. Also complicating the matter is that for a given ciphertext, all plaintexts are equally likely. So, the opponent doesn't know if you said "Attack the beach at noon" or "Attack the beach at dawn" or "jcfpeb k,spq djte96bslg1Hw"

Now, in the case of a pseudo-random OTP, let's assume that the seed of your PRNG is 32 bits, so you only have to share a very small secret securely. However, there are now only 2^(32) possible ciphertexts that the opponent needs to check. This is a much more practical problem, and he can use some simple checks to see if the decrypted message "makes sense", and choose the most likely plaintext.

In reality, nobody uses a OTP because if you can securely communicate the length of the pad, you can just as easily communicate the entire message. What is used instead is public-key encryption where your partner can encrypt a message, but only you can decrypt it. Of course, this is a few orders of magnitude harder than symmetric encryption, which is why you'll typically use the public-key encryption to share a disposable secret key, which is then used to seed a symmetric encryption method (your pseudo-random OTP would be one of those). In reality, this is still pretty secure, as the key is typically in the range of 128+ bits, meaning a key space of 2^128 for a brute-force attack, which is still pretty infeasible. However, it is not completely 100% secure against any decryption as a One-Time pad is.

NO! A million times no!

Proper multi-factor authentication is ALWAYS "something you have" and "something you know". The idea is that if someone steals the thing you know (i.e. password), then they have to also steal something you have (i.e. hardware token / smartcard / phone, you name it). The hope is that even if you don't notice that your password is compromised, you'll notice when you lose your phone. Similarly, if someone copies the smartcard you have, they still don't know the PIN to access your account.

The hack of fingerprint databases illustrates this. For example, someone with access to the hacked OPM databse can steal/copy your smartcard and can now impersonate you at will if you've relied on Smartcard + Fingerprints. Now, "something you have" could certainly be your fingerprint, but 2-factor auth is NOT "something you have" and "something else you have." Just like the bank's "security questions" are not two-factor auth, because they're "something you know" and "something else you know."