The title itself is not the problem, although even that is sensationalized. I was referring to the contents of the article, which have statements like this:
"Is there a way for you to spin the top again so it ends up in the exact position it started, as if you had never spun it at all? Surprisingly, yes..."
Which, as an introduction, just misses the mark completely by highlighting the least surprising possible interpretation of the research.
No. It’s 100% a design choice by the manufacturer to make them look weird.
Even with the benefits of EV packaging, manufacturers chose to make them “different” on purpose, which really put off the vast majority of buyers. Tesla had so much success because they were practically the first manufacturer to make something look somewhat normal and have good stats.
Now, BMW finally learned and has their 4 and 5 series EV cars share a common platform with the ICE. There is no physical difference in style other than the front grill.
More than just IPv4 priorities, almost all other IPv6 addresses are given higher priority which makes routing between ULAs on an internal network problematic.
That draft doc seems to fix multiple problems at once.
I really hate the “someone will certainly solve this problem!” mentality.
You can’t just magically update the protocol to work around the ability of someone to break elliptic curve cryptography. That not how this works. It’s not how any of this works.
Once people catch wind of bitcoin being moved from secure places, nodes will cease processing transactions, quantum capable thieves will be frozen
Network will upgrade if it hasnt already, nodes will only process transactions on the network with the most other nodes
They might even resume from a few block back. No different than branching from an old commit
If this doesnt match your philosophy of legitimacy, you can try continuing in the orphanage chain and get other nodes to join you. May the longest chain win!
This has all been theorized before and has subsequently happened before and the resolution has given confidence to attract more capital.
And what happens to all those cold wallets where people can recover the secret key or forge signatures for it? They money is just gone, either by thieves or the network disallowing them to be spent.
It helps build a new system, but all existing wallets would be hackable until they migrate. And we expect everyone to have the time and resources to do that? For a “store of value” system?
All of my hardware wallets are now worthless? All of the hardware security modules used for wallets managed by corporations no longer work?
It's an absolute mess for so many reasons that a "protocol fix" just doesn't cover.
> all existing wallets would be hackable until they migrate
Not necessarily. See "Discussion of Guy Fawkes signatures to protect some current bitcoins against quantum theft" and "Commit/reveal function for post-quantum recovery of insecure bitcoins" sections of the Optech page.
How would you protect all the old stuck or stale BTC wallets that used the original crypto? An awful lot of cold-stored or presumed-lost BTC would be hard or impossible to migrate to post-quantum protection, no? A quarter of mined BTC? Half?
More of an economic than technical puzzle these days. But wouldn't you need users to protect their wallets post-fork?
You tell people that value their bitcoin to migrate to new wallets. Bitcoin is self sovereignty and self-ownership. You are responsible for securing your own wallet.
The bitcoin that has been lost doesn't matter, because it's lost. That becomes fair game to whoever can find the computational resources to crack the cryptography of the wallets to get to it. At that point BTC will probably be $500k-$1M in price, and it might just be the driving force behind mainstream adoption of quantum computing.
The author relates to exactly that: "ineffective policy mechanisms are worse than missing policy mechanisms, because they provide all of the feeling of security through compliance while actually incentivizing malicious forms of compliance."
And I totally agree. It is so abundant. "Yes, we are in compliance with all the strong password requirements, strictly speaking there is one strong password for every single admin user for all services we use, but that's not in the checklist, right?"
It's less of an "use this to do nasty shit to a bunch of unsuspecting victims" one, and more of a "people can get around your policies when you actually need policies that limit your users".
1. BigEnterpriseOrg central IT dept click the tick boxes to disable outside actions because <INSERT SECURITY FRAMEWORK> compliance requires not using external actions [0]
2. BigBrainedDeveloper wants to use ExternalAction, so uses the method documented in the post because they have a big brain
3. BigEnterpriseOrg is no longer compliant with <INSERT SECURITY FRAMEWORK> and, more importantly, the central IT dept have zero idea this is happening without continuously inspecting all the CI workflows for every team they support and signing off on all code changes [1]
That's why someone else's point of "you're supposed to fork the action into your organisation" is a solution if disabling local `uses:` is added as an option in the tick boxes -- the central IT dept have visibility over what's being used and by whom if BigBrainedDeveloper can ask for ExternalAction to be forked into BigEnterpriseOrg GH organisation. Central IT dept's involvement is now just review the codebase, fork it, maintain updates.
NOTE: This is not a panacea against all things that go against <INSERT SECURITY FRAMEWORK> compliance (downloading external binaries etc). But it would be an easy gap getting closed.
----
[0]: or something, i dunno, plenty of reasons enterprise IT depts do stuff that frustrates internal developers
[1]: A sure-fire way to piss off every single one of your internal developers.
> Most PCBs aren’t distributed to consumers as bare PCBs, so this issue rarely appears to end users.
In terms of hobby/maker electronics, embedded systems, etc., which the Raspberry Pi falls under, yes they absolutely are. The entire Arduino ecosystem is like this.
Raspberry Pi does indeed have users for whom it's in the same category as things like Arduino.
But it also has lots of users for whom it is simply a cheap computer to plug into a screen / mouse / keyboard, people for whom the only interesting things about the hardware are its price and size.
(I've no idea what the ratio is, but I would guess the majority of customers are the latter type; though possibly not the majority of Pi's sold, since the former group contains people much more likely to buy multiple devices, whether someone like me who's bought a few for tinkering with, or someone actually doing something interesting and needing either 100s for their own project, or 1000s to go into something they're selling.)
So what you said is true for some, but far from all, Pi consumers.
During the pandemic, there was a noticeable shortage of Pis on store shelves. Comments by hobbyists indicated that the existing supply was being snapped up by small-time manufacturers who had designed commercial products around the Pi as a base, and end-users weren’t receiving priority or first dibs at them.
That’s all well and good, but Raspberry Pi had been positioned in the market as educational, entry-level, easy to understand and ideal for children learning Linux, Python, or electronics.
Perhaps some kids can circulate a list of those commercial products incorporating a Pi, and campaign to liberate and repurpose them. Win-win?
