I was shopping at a mall with a visa vanilla card once. I got it as a gift and didn't know the limit. No matter what I bought the card kept going -- and I never got a balance of what was on the card. Eventually, later that day it stopped. I called customer support and asked how much was left on the balance. They told me they had no idea my balance - but everything I bought was mine.
Medicare has a total enrollment of approximately 69 million people, while Medicaid has around 83 million people. That is 152 million people. We already have socialized medicine we just run it poorly and don't apply it to people that can pay.
Moving our system to 340 million people + letting our corporations out of paying would put the US into an economic death spiral. US corporations would love this plan. But at 340 million... I don't see doctor visits but once every 2 years -- many would just die waiting for appointments.
Medicaid is apparently 77MM including CHIP. The underlying compromise in the system that you're describing is sane: people's health care costs rise dramatically and unpredictably at retirement age, just as their ability to pay plummets, so socializing health care at that point makes a lot of sense.
I don’t see why bitcoin wouldn’t update its software in such a case. The majority of minors just need to agree. But why wouldn’t they if the alternative is going to zero?
How could updating the software possibly make a difference here? If the encryption is cracked, then who is to say who owns which Bitcoin? As soon as I try to transfer any coin that I own, I expose my public key, your "Quantum Computer" cracks it, and you offer a competing transaction with a higher fee to send the Bitcoin to your slush fund.
No amount of software fixes can update this. In theory once an attack becomes feasible on the horizon they could update to post-quantum encryption and offer the ability to transfer from old-style addresses to new-style addresses, but this would be a herculean effort for everyone involved and would require all holders (not miners) to actively update their wallets. Basically infeasible.
Fortunately this will never actually happen. It's way more likely that ECDSA is broken by mundane means (better stochastic approaches most likely) than quantum computing being a factor.
> this would be a herculean effort for everyone involved and would require all holders (not miners) to actively update their wallets. Basically infeasible.
Any rational economic actor would participate in a post-quantum hard fork because the alternative is losing all their money.
If this was a company with a $2 trillion market cap there'd be no question they'd move heaven-and-earth to prevent the stock from going to zero.
Y2K only cost $500 billion[1] adjusted for inflation and that required updating essentially every computer on Earth.
> would require all holders (not miners) to actively update their wallets. Basically infeasible.
It doesn't require all holders to update their wallets. Some people would fail to do so and lose their money. That doesn't mean the rest of the network can't do anything to save themselves. Most people use hosted wallets like Coinbase these days anyway, and Coinbase would certainly be on top of things.
Also, you don't need to break ECDSA to break BTC. You could also do it by breaking mining. The block header has a 32-bit nonce at the very end. My brain is too smooth to know how realistic this actually is, but perhaps someone could do use a QC to perform the final step of SHA-256 on all 2^32 possible values of the nonce at once, giving them an insurmountable advantage in mining. If only a single party has that advantage, it breaks the Nash equilibrium.
But if multiple parties have that advantage, I suppose BTC could survive until someone breaks ECDSA. All those mining ASICs would become worthless, though.
Sometimes there is no valid hash found for any nonces in the 2^32 space and the timestamp and/or the extra nonce in the coinbase transaction in the block header have to be updated and tried again, so at least it's not quite that simple (simple, as distinct from easy).
Firstly I'd want to see them hash the whole blockchain (not just the last block) with the post-quantum algo to make sure history is intact.
But as far as moving balances - it's up to the owners. It would start with anybody holding a balance high enough to make it worth the amount of money it would take to crack a single key. That cracking price will go down, and the value of BTC may go up. People can move over time as they see fit.
Wouldn't they have to crack the private key by the time the block is mined? Otherwise that transaction would already be sent to another address? I don't have a good idea how long it would take supercomputers to crack a single private key, so I don't know if 13,000x faster would be fast enough, but I don't think it would.
The private key is a 256-bit number. I don't think even 13,000x faster than supercomputers is going to get your cracking time under the time for a 10-minute block. 2^256 is a really, really, really big number.
> How could updating the software possibly make a difference here? If the encryption is cracked, then who is to say who owns which Bitcoin? As soon as I try to transfer any coin that I own, I expose my public key, your "Quantum Computer" cracks it, and you offer a competing transaction with a higher fee to send the Bitcoin to your slush fund.
So if this understood knowledge, it means you cannot really transfer to quantum safe algo for Bitcoin. Are we only ones aware of this? Because if this true, it's actual alpha and Bitcoin should be sold asap and exchanged for land and physical gold.
As you alluded to, network can have two parallel chains where wallets can be upgraded by users asynchronously before PQC is “needed” (a long way away still) which will leave some wallets vulnerable and others safe. It’s not that herculean as most wallets (not most BTC) are in exchanges. The whales will be sufficiently motivated to switch and everyone else it will happen in the background.
A nice benefit is it solves the problem with Satoshi’s (of course not a real person or owner) wallet. Satoshi’s wallet becomes the defacto quantum advantage prize. That’s a lot of scratch for a research lab.
>Satoshi’s wallet becomes the defacto quantum advantage prize. That’s a lot of scratch for a research lab.
Considering that would be criminal theft I doubt it. Moving the funds could also lead to panic crash, selling them off would not only take ages but involve doxing yourself and put a billion dollar bounty on your head because transaction are public and off ramps all use KYC.
It would be much safer to slowly crack old small value wallets over time.
Reminder that actual good cryptocurrency like monero have the advantage of wallets and transactions being private so you would need to crack without even knowing if they are worth it or exist.
The problem is that the owner needs to claim their wallet and migrate it to the new encryption. Just freezing the state at a specific moment doesn't help; to claim the wallet in the new system I just need the private key for the old wallet (as that's the sole way to prove ownership). In our hypothetical post-quantum scenario, anyone with a quantum computer can get the private key and migrate the wallet, becoming the de-facto new owner.
I think this is all overhyped though. It seems likely we will have plenty of warning to migrate prior to achieving big enough quantum computers to steal wallets. Per wikipedia:
> The latest quantum resource estimates for breaking a curve with a 256-bit modulus (128-bit security level) are 2330 qubits and 126 billion Toffoli gates.
IIRC this is speculated to be the reason ECDSA was selected for Bitcoin in the first place.
Note, the 126 billion Toffoli gates are operations, so that's more about how many operations you need to be able to reliably apply without error.
It should be noted that according to IonQ's roadmap, they're targeting 2030 for computers capable of that. That's only about 5 years sooner than when the government has said everyone has to move to post quantum.
Yes obviously that has to happen before authentication doesnt work anymore. And then it also needs to end before, because yeah obviously everybody who can crack it has access to all wallets.
The problem is all the lost BTC wallets, which is speculated to be a lot and also one of the biggest reason for the current BTC price, who obviously cannot upgrade to PQ. There is currently a radical proposal of essentially making all those lost wallets worthless, unless they migrate [1]
No, I don't think so. By the time quantum supremacy is really achieved for a "Q-Day" that could affect them or things like them, the existing blockchains which have already been getting hardened will have gotten even harder. Quantum computing could be used to further harden them, as well, rather than compromise them.
Supposing that Q-Day brought any temporary hurdles to Bitcoin or Ethereum or related blockchains, well...due to their underlying nature resulting in justified Permanence, we would be able to simply reconstitute and redeploy them for their functionalities because they've already been sufficiently imbued with value and institutional interest as well. These are quantum-resistant hardenings.
So I do not think these tools or economic substrate layers are going anywhere. They are very valuable for the particular kinds of applications that can be built with them and also as additional productive layers to the credit and liquidity markets nationally, internationally, and also globally/universally.
So there is a lot of institutional interest, including governance interest, in using them to build better systems. Bitcoin on its own would be reduced in such justification but because of Ethereum's function as an engine which can drive utility, the two together are a formidable and quantum-resistant platform that can scale into the hundreds of trillions of dollars and in Ethereum's case...certainly beyond $1Q in time.
I'm very bullish on the underlying technology, even beyond tokenomics for any particular project. The underlying technologies are powerful protocols that facilitate the development and deployment of Non Zero Sum systems at scale. With Q-Day not expected until end of 2020s or beginning of 2030s, that is a considerable amount of time (in the tech world) to lay the ground work for further hardening and discussions around this.
no, not really, PQC is already being discussed in pretty much every relevant crypto thing for couple years alearady and there are multiple PQC algos ready to protect important data in banking etc as well
I don’t really understand the threat to banking. Let’s say you crack the encryption key used in my bank between a java payment processing system and a database server. You can’t just inject transactions or something. Is the threat that internal network traffic could be read? Transactions all go to clearing houses anyway. Is it to protect browser->webapp style banking? those all use ec by now anyway, and even if they don’t how do you mitm this traffic?
As far as i am aware, eliptic curve is also vulnerable to quantum attacks.
The threat is generally both passive eavesdropping to decrypt later and also active MITM attacks. Both of course require the attacker to be in a position to eavesdrop.
> Let’s say you crack the encryption key used in my bank between a java payment processing system and a database server.
Well if you are sitting in the right place on the network then you can.
> how do you mitm this traffic?
Depends on the scenario. If you are government or ISP then its easy. Otherwise it might be difficult. Typical real life scenarios are when the victim is using wifi and the attacker is in the physical vicinity.
Like all things crypto, it always depends on context. What information are you trying to protect and who are you trying to protect.
All that said, people are already experimenting with PQC so it might mostly be moot by the time a quantum computer comes around. On the other hand people are still using md5 so legacy will bite.
> Well if you are sitting in the right place on the network then you can.
Not really. This would be if not instantly then when a batch goes for clearing or reconciliation, be caught -- and an investigation would be immediately started.
There are safeguards against this kind of thing that can't be really defeated by breaking some crypto. We have to protect against malicious employees etc also.
One can not simply insert bank transactions like this. They are really extremely complicated flows here.
I meant on a technical level you could insert the data into the network. Obviously if the system as a whole does not depend on TLS for security, then no amount of breaking TLS will impact it
Sure, if a bank gets compromised you could in theory DOS a clearing house, but I'd be completely amazed if it succeeded. Those kind of anomalous spikes would be detected quickly. Not even imagining that each bank probably has dedicated instances inside each clearing house.
These are fairly robust systems. You'd likely have a much better impact dossing the banks.
Okay, but breaking that TLS (device->bank) would allow you to intercept the session keys and then decrypt the conversation. Alright, so now you can read I logged in and booked a transaction to my landlord or whatever. What else can you do? OTP/2FA code prevents you from re-using my credentials. Has it been demonstrated at all that someone who intercepts a session key is able to somehow inject into a conversation? It seems highly unlikely to me with TCP over the internet.
So we are all in a collective flap that someone can see my bank transactions? These are pretty much public knowledge to governments/central banks/clearing houses anyway -- doesn't seem like all that big a deal to me.
(I work on payment processing systems for a large bank)
> Has it been demonstrated at all that someone who intercepts a session key is able to somehow inject into a conversation? It seems highly unlikely to me with TCP over the internet.
if you can read the TLS session in general, you can capture the TLS session ticket and then use that to make a subsequent connection. This is easier as you dont have to be injecting packets live or make inconvinent packets disappear.
It seems like detecting a re-use like this should be reasonably easy, it would not look like normal traffic and we could flag this to our surveillance systems for additional checks on these transactions. In a post quantum world, this seems like something that would be everywhere anyway (and presumably, we would be using some other algo by then too).
Somehow, I'm not all that scared. Perhaps I'm naive.. :}
> It seems like detecting a re-use like this should be reasonably easy, it would not look like normal traffic
I don't see why it wouldn't look like normal traffic.
> Somehow, I'm not all that scared. Perhaps I'm naive.. :}
We're talking about an attack that probably won't be practical for another 20 years , which already has counter measures that are in testing right now. Almost nobody should be worried about it.
If quantum computers crack digital crytography, traditional bank account goes to zero too because regular 'ol databases also use crytography techniques for communication.
If all else fails, banks can generate terabytes of random one-time pad bytes, and then physically transport those on tape to other banks to set up provably secure communication channels that still go over the internet.
It would be a pain to manage but it would be safe from quantum computing.
This is WRONG and a very common stupid belief. Traditional banks will just transfer easily to safer encryption, since they are centralised. Bitcoin won't. Bitcoin will die and world will undergo infinite suffering.
Sarkozy is not a political prisoner though. He's a politician that committed fraud by taking foreign money to finance his electoral campaign. Once elected he then proceeded to declare war to the dictator who gave him that money and eventually got him killed. That last point is sadly not in the scope of the judgement.
Are we crying tears over Muammar Gaddafi here? The man was a butcher and NATO was completely justified in imposing a no fly zone and supporting the National Transition Council in Libya. There was a UN Security Council resolution authorizing it.
Lots of things to criticize Sarkozy for but his support for the intervention is not one of them.
Yes, because removing Gaddafi from power after he yielded to international pressure to give up his nuclear-weapons ambitions makes it less likely that leaders will agree to give up nuclear ambitions in the future.
All leaders of countries know that no one would do to the leader of North Korea what France, Britain and the US did to Gaddafi -- because North Korea has nukes.
As a result the country entered dark ages with suffering unseen before. Of course Gaddafi was betrayed by the French. Just like France is betraying all of their former colonies.
People will continue to purchase Mutli-AZ and multi-region even though you have proved what a scam it is. If east region goes down, ALL amazon goes down, feel free to change my mind. STOP paying double rates for multi region.
Solar is extremely cheap and battery costs are dropping quickly, IMO you may see US neighborhoods, especially rural disconnecting from the grid and rolling their own solutions.
This china rare earth thing may slow down the battery price drop somewhat but not for long because plenty of chemistries don't rely on rare earths, and there will soon be plenty of old EV packs that have some life left in them as part of grid storage.
Yeah, that's totally believable. I remember how everyone raved about cheap EV charging a decade ago, how it would save costs etc. And today a commercial fast DC changing is more expensive (per km of range) than an ICE car of the same class and size. And that's with gas prices doubling since 2009 crash. I've just did a quick calculation with today's prices and modern cars in the comparison.
> I remember how everyone raved about cheap EV charging a decade ago, how it would save costs etc. And today a commercial fast DC changing is more expensive (per km of range) than an ICE car of the same class and size.
The raving was over the cost of home charging vs gasoline, and that advantage still holds today, even in very expensive electricity markets like MA or CA.
The way most people will feel the hit is air conditioning costs, since their usage can't cheaply be moved off peak rate hours, and an array of home batteries isn't cheap enough for households that have high energy burden.
Oh, I completely agree, home charging even today is significantly cheaper than gas price (adjusted). The problem is that charging at home can be done only by people owning a detached or semi-detached house. So it's basically only possible for luxury owners (at least in EU) because a vast majority of population is living in the apartment blocks. So the situation is doubly funny, first - the main advantage in costs is only possible by already rich people who don't really appreciate it, while poorer people pay through the nose for the same thing. And second - the whole international car market is now shaped by the application of this rich people motivation to whole population. The whole "let's move all car sales to EV by the year 2035" or whatever. And poorer people will again may for the luxury toys of the rich.
PS: this comment sounds a bit weird I admit, but I'm not against EVs and I'm not a climate change denier. I'm just severely disappointed in how EV integration in the society actually happened.
Epic Kids | Data Engineer | Full-Time | REMOTE | San Jose | $120k-225k
As a Data Engineer at Epic Kids, you will work closely with our development team, infrastructure team, and data team to design, build, and optimize data pipelines, ensuring data quality and security, while also collaborating with other teams to deliver effective data solutions.
Key Responsibilities:
Develop robust ETL/ELT pipelines to extract, transform, and load data from diverse sources into our data warehouse.
Enhance and maintain our cloud-based data storage and processing systems for performance, reliability, and cost-efficiency.
Implement rigorous data quality checks, monitoring, and security measures across all data assets.
Proactive in identifying and addressing data inconsistencies and bottlenecks, continuously refining data infrastructure for robust and high-performing data solutions.
Partners with data analysts and non-technical teams to understand data requirements and shape the development of effective data products.
Job Qualifications:
5+ years of experience in data engineering, with a strong grasp of data warehousing, ETL/ELT principles, and data modeling.
Experience with data storage solutions (e.g. relational, data lakes), cloud data platforms (e.g. GCP, AWS) and cloud-native data technologies (e.g. BigQuery, Snowflake).
Experience with workflow orchestration tools (e.g. Airflow)
Experience with infrastructure tools (e.g. Terraform, Kubernetes, Docker) is a plus.
Salary Range: $150 to $200K
If you are a good SWE with bigquery + gcp experience that works too!
> [Supreme Court Justice Amy Coney] Barrett ruled that for the CFAA, a person violates the "exceeds authorized access" language when they access files or other information that is off-limits to them on a computer system that they otherwise have authorized access to. The majority opinion distinguished this from Van Buren's case, in that the information that he obtained was within the limits of what he could access with his authorization, but was done for improper reasons, and thus he could not be charged under CFAA for this crime.
This still does criminalize logging into your mom’s Netflix account, probably (?), but at least browsing HN on your work computer not covered anymore.
If you steal your mom’s password without consent and she argues that you accessed information on the account that you were not authorized to see, maybe.
However the quote on its own is not necessarily true without further qualifications as mentioned above.
> However the quote on its own is not necessarily true without further qualifications as mentioned above.
It's absolutely true, you're accessing an unauthorized account. All law enforcement need to do is ask you, did you access an electronic account that was not yours ?
Some of the CFAA has been dialed back by the courts, but CFAA is a federal level offense. The scarier ones exist at the state level, e.g. Illinois specifically criminalizes violating the terms and conditions of a web site.
