I think to the parent's point it is as you say: there is already untapped capacity that isn't being used due to (geo)political forces maintaining the scarcity side of the argument. Using your agriculture example, a simple Google search will yield plenty of examples going back more than a decade of food sitting/rotting in warehouses/ports due to red tape and bureaucracy. So, we already can/do produce enough food to feed _everyone_ (abundance) but cannot get out of our own way to do so due to a number of human factors like greed or politics (scarcity).
And that sort of analysis is exactly what is suspect to me about this. Have people considered why an onion might be in a warehouse or why it might go unsold after a time? The answer is no and reveals a lack of understanding of nuance of how the global economy actually works. Everything has some loss factor and removing it all to nill might not be realistic at all at the scale we do things to feed ourselves. Its like making pancakes: some mix stays in the bag you can’t get out, some batter stays on your bow, some stays on your spoon, you make pancakes with some, some scrap is left in the pan, some crumbs on your plate. All this waste making pancakes and yet to chase down every scrap would be impossible. And at massive scale that scrap probably ads up.
Besides we are crushing global hunger over the decades so something is working on that front. The crisis in most of the western world today at least is that merely wages are depressed compared to costs for housing (really land) versus not being able to afford food.
https://web.archive.org/web/20080930065642/http://www.whywor...
"I [Bob Black] don't suggest that most work is salvageable in this way. But then most work isn't worth trying to save. Only a small and diminishing fraction of work serves any useful purpose independent of the defense and reproduction of the work-system and its political and legal appendages. Twenty years ago, Paul and Percival Goodman estimated that just five percent of the work then being done -- presumably the figure, if accurate, is lower now -- would satisfy our minimal needs for food, clothing and shelter. Theirs was only an educated guess but the main point is quite clear: directly or indirectly, most work serves the unproductive purposes of commerce or social control. Right off the bat we can liberate tens of millions of salesmen, soldiers, managers, cops, stockbrokers, clergymen, bankers, lawyers, teachers, landlords, security guards, ad-men and everyone who works for them. There is a snowball effect since every time you idle some bigshot you liberate his flunkies and underlings also. Thus the economy implodes."
I love it! I was not expecting the math based aspect and that took me back to my younger days playing Math Blaster Plus and Number Muncher. Thank you for the trip down memory lane.
1) Kitchen dish towels. The white with blue herringbone kind you see in restaurants or cooking content creators. I bought two dozen of them (~$1.65/each) and keep them all around the kitchen and use them with reckless abandon (some for drying, some for wiping spills, etc.). Having plenty of them means I can use one per day for general use and not run out by the time laundry day comes.
2) Deli containers. Picked up 48 in 8 oz, 16 oz, 32 oz sizes with airtight lids. Completely changed how I prep food and save leftovers. Almost entirely I've switched to using these over what hodgepodge of tupperware I have accumulated over the years.
I've been involved with carding for 10+ years and issues with MIFARE Classic cards have been around and known for at least that long. Anyone in the carding industry will (should at the very least) tell you not to use them and move on to DESFire or some other newer safer chips. The introduction even says as much "By 2024, we all know MIFARE Classic is badly broken." If you're still deploying MIFARE Classic cards you reap what you sow.
Yup… the vending machines at my university used to use mifare classic tokens with credit on such tokens… in like 2014 i was a student and ran out of money in the middle of july and barely had the money to buy a train ticket to go home for vacation… but thanks to mommy mifare i managed to survive on sandwiches from said vending machines for like two weeks.
My university had something similar, but with ID numbers correlated to each person in a database that recorded how many credits they had left.
Tapping the vending machine with your card sends the ID in plaintext over the wire to the upstream server, which responds in plaintext for the machine to either accept or reject the transaction.
Tomfoolery may or may not have been performed by a bunch of bored, hungry college students at 1AM one night...
The main point from that is that you should never do a system with stored value on a smart card. The vendors will show you various methods for that, but well it is 2024, just do that online (and the card is just an ID, which optionally can produce ECC signature of some challenge).
No, stored value is a good solution if you want the system to function without online connection. You should still collect all transactions centrally where inconsistencies can be exposed. If that were been implemented GP would have been looking at a fraud charge.
having a pos in places without a reliable internet connection is enough of a reason for stored value cards to be a thing. Some things shouldn't require the mothership to be alive and reachable to work.
You don't need the system to be invulnerable to fraud, you just need to be able to detect it. Offline stored value cards plus separately shipping transactions to a central system with eventual consistency can give you that. The vending machine in question probably isn't invulnerable to physical break in either.
Nice idea in theory, except that now you have a system that immediately and catastrophically breaks if there is ever a backend outage (due to, say, a cyberattack or incompetent software trying to prevent one) or your reader loses network connectivity.
> you should never do a system with stored value on a smart card
...if you can afford to ignore the disadvantages of not doing it. Quite often, you think you can, until you can't.
MIFARE Classic are cheap and reliable, only their encryption is broken. One can use them as simple storage and encrypt/authenticate data by different means. Nothing wrong with that. I did that, ECC signatures are small enough to fit in 2K/4K cards.
A signature fits but what good does it do you? The cards can't sign a challenge, and so someone with access to a valid card can just clone it. (or access to a card and reader, in the case encryption is used)
RFIDs are rarely certified as possession factors, you need an EMV card for that. TPM chips may protect readers. Depends on reader/card ratio, if it's feasible.
Clones/double use/double spend must be caught on reader/server anyway. One can pass a card to another person, and you do not want two people to enter building with the same card.
I implemented double spend protection by introducing a simple operation counter. If the sequence of operation IDs is not continuous, card is blocked. Clones were added to block list within minutes. It was good enough for the use case. Again, MiFARE is very cheap, so tradeoffs are expected.
MIFARE Cards are not RFID cards, and similar systems can absolutely be used as possession factors.
There are also many other authentication-capable cards other than EMV (which is optimized for payments, not really general-purpose authentication) such as various building access cards, national ID cards, ICAO biometric passports etc.
> I implemented double spend protection by introducing a simple operation counter. If the sequence of operation IDs is not continuous, card is blocked. Clones were added to block list within minutes. It was good enough for the use case.
Using that scheme, you could just as well use regular old barcodes, no? Makes for much cheaper readers and even wider compatibility.
> Again, MiFARE is very cheap, so tradeoffs are expected.
There are equally-cheap but secure options that actually prevent cloning or even implement the "electronic purse" use case in a fully offline way.
Usually, MIFARE Classic is only used because there's a huge installed base of readers and/or cards (and/or attached backend software).
Yes, and more generally I've been baffled by the fact that manufacturers - including ARM-based SoCs with SecureBoot (or similar); you know, those PDF spec docuements that disable copy-paste and a nice "confidential" watermark - put their cyber-security stuff under NDA. As if it security-by-obscurity was still a thing.
Oyster has been using MIFARE DESfire, and stopped using MIFARE Classic, for over a decade now.
They're stopping it for completely unrelated reasons (primarily convenience – people don't like having to buy and top up a card – and not having to maintain a vending machine and top-up infrastructure).
That's simply not true. I've stayed at PH, TI, and the Venetian over the last 3 years for conferences and personal travel, I pass on housekeeping the whole week, and there have been no security checks like you describe.
I heard of many things. There is an infinite repertoire of possible techniques how they could have verified that nobody entered their room. Ranging from the low tech (dust, crisps, hair stuck to the door frame, filling the room with angry bobcats), through the social engineering (befriended the head of security who told them), to ultra high tech (lidar triggered camera array reporting to a satellite ).
On a balance of probabilities without hearing more on how they specifically verified it I will still assume the alternate hypothesis. Which is that someone on the internet is very sure about something and they are wrong.
It is not due to a lack of imagination. Or because I haven't heard some cool spy trick you have heard about. It's because I find it (in the absence of other information) the most likely explanation given a lifetime of observations about human nature.
Personally, I don’t believe they check every room every day for the simple reason that no hotel is going to pay (or properly supervise) the manpower required to actually do that, unless they really have to. Which even the most paranoid of them would realize was unnecessary after a month or two.
C’mon.
These are the same people that started to not change linens or provide new clean towels unless you ask (or infrequently) for ‘environmental reasons’. (Aka profit margins)
And yes, back in the day it was normal for housekeeping to clean every occupied room every day, unless you told them not to. Unless you were in a roach motel or something.
I'm white, blue eyed and speak without an accent but I do have friends of shall we say Mediterranean complexion who have run into problems with hotel security.
It's all in the small print too which nobody reads (these hotels have legal advisors).
Not saying you're wrong, I only want to add to your context by saying (in my experience) within higher education SAML is the way federated identity is done. InCommon has been around for a long time and makes it pretty easy, and Shibboleth is very popular. Have a great day!
Being around longer or being widely implemented within some market segment is not a great reason to advocate for expanding its use. I could play devil's advocate for Kerberos or NIS just as easily as you can for SAML. It's fine if you must integrate with an existing system, but it's instant tech debt if you build a new system around it today.
Nothing else is suitable for multilateral, full-mesh federation yet. The OIDC multilateral federation standard hasn't been finalized or fully implemented yet, and it takes years to coordinate this kind of change in a federation.
So use SAML for that part; education is still a big market and they have a case for delegating the responsibility of establishing and managing trust relationships to a federation provider that most b2b and b2c applications will not have. Fortunately most of these identity systems are happy to proxy for downstream OIDC/OAuth IdCs anyway, so the argument that you may not want to implement SAML IdC in your own application is still valid even in this context.
I don't think it's power generation that is the issue, but more distribution and protection of the infrastructure. As a commenter above mentioned TX produces lots of wind power (in the early 2000s the only thing governor good hair did was build the hell out of wind farms), but there's not strong regulation on the power companies to ensure the grid is working well. Case in point the cold snap a few years ago with TX govt officials and others crying "you can't make wind turbines work in the cold" despite evidence in New England and the Midwest to the contrary.
Much of TX energy infrastructure is above ground poles running along the highways. I don't know what the lifespan is of those but I wouldn't be surprised if many of them could be classified as antiques. If they aren't being regular inspected/replaced, they are likely to go down
Also, the energy companies can sell electricity to other states, and I won't be easily convinced that during this event they stopped doing that (because profits). Lastly, see previous winter event and direct recorded quotes from energy companies about how much money they were making by increased prices and I think there are several reasons why this keeps happening in TX.
> the early 2000s the only thing governor good hair did was build the hell out of wind farms
It really was not long ago that “free non-polluting energy” was a thing that Republicans could get behind. Even Bush got very into biofuels, albeit going about it in the worst way possible. That party’s taken a strange turn in the last decade.
Tell me you've never worked a real job without telling me. This is a technologists solution in search of a problem. Do you also argue that "email is dead"?
