From: Thomas Walker Lynch Date: Tue, 19 May 2026 06:19:35 +0000 (+0000) Subject: A2 revision and pdf X-Git-Url: https://git.reasoningtechnology.com/money_circle.jpeg?a=commitdiff_plain;h=45549a9e743fbac1259b3c22e93bd820f54628ff;p=RT-ID A2 revision and pdf --- diff --git a/document/A2.html b/document/A2.html index a404678..012068f 100644 --- a/document/A2.html +++ b/document/A2.html @@ -23,7 +23,7 @@ -

Introduction

+

Introduction

Not long ago, there was no Internet, and a computer was typically installed in a room. During that computer security epoch, the facilities security was also the computer's security. It is still the case today that ultimately computer security is built upon conventional security. This is something that Kevin Mitnick understood well and took advantage of. Kevin went so far as to dumpster-dive for passwords. He once walked into a building, into a manager's office, and copied information from an unattended terminal. We see conventional security issues today with lost phones, harvested ATM pins, and credit card theft, etc. @@ -210,7 +210,7 @@ Groups can follow neutral rules of order; however when even a mild amount of int

- A fundamental asymmetry in problem-solving is that finding a novel solution requires significantly more cognitive effort than verifying a proposed solution works. Take for example, it is a pattern-matching problem requiring concentration when holding to figure out which hole to place a peg into, and sometimes the person holding the peg evaluates incorrectly and tries again. In contrast, the peg either drops into the hole or it does not; verifying the fit requires almost zero effort. In contrast the peg either goes into the hole or it doesn't, some wiggling and rotation might be involved, but the test for success is not a mental puzzle to be solved. In general, a well known property of mathematical proofs is that they are more difficult to find, than they are to walk through and check. The former is a creative process, while the latter is a mechanical exercise. This is why it is often possible to define a success metric in advance. + A fundamental asymmetry in problem-solving is that finding a novel solution requires significantly more cognitive effort than verifying a proposed solution works. Take for example, it is a pattern-matching problem requiring concentration when trying to figure out which hole to place a peg into, and sometimes the person holding the peg evaluates incorrectly and tries again. In contrast, the peg either drops into the hole or it does not; verifying the fit requires almost zero effort. In contrast the peg either goes into the hole or it doesn't, some wiggling and rotation might be involved, but the test for success is not a mental puzzle to be solved. In general, a well known property of mathematical proofs is that they are more difficult to find, than they are to walk through and check. The former is a creative process, while the latter is a mechanical exercise. This is why it is often possible to define a success metric in advance.

A voting procedure is not a success metric. With voting a count is made of group members’ individual opinions of whether a proposal should be selected. Each member applies their own criteria, which can be subjective. Sometimes a success metric cannot be found or agreed on, and voting might be the best option for the group, but not having a predefined success metric reduces the probability that the group will form a garden of golden flowers. @@ -349,7 +349,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

- As systems become more complex they keep out everybody, hence the architects of byzantine security systems can, and do, brag having kept out the bad guys. Further, bureaucrats who work for years within a byzantine system become to sole purveys of knowledge, and they are empowered by this. + As systems become more complex they keep out many people that should have access. Then the administrators of byzantine security systems can, and do, brag having kept out the bad guys. Further, bureaucrats who work for years within a byzantine system become empowered as they become the sole purveys of how to navigate the system.

@@ -419,18 +419,22 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had There is a 13% probability that the system will be compromised. That is far higher than would normally be tolerated for a catastrophic risk. Here the biggest contributor was the human variable.

- This is known as the failure equation, and what we did here is called failure analysis. Notice that the equation scales exponentially with the number of product terms, making it disproportionately more difficult to drive the probability of system failure into very law numbers as the system grows more complex. For a small, simple computer system it is possible to reach C = 0, but this is exceedingly difficult and expensive to do, and in most cases few experts would believe it had actually been achieved. When it comes to security, small and simple is not only beautiful, it is the only hope. + This is known as the failure equation, and what we did here is called failure analysis. Notice that the equation scales exponentially with the number of product terms, making it disproportionately more difficult to drive the probability of system failure into very low numbers as the system grows more complex. For a small, simple computer system it is possible to reach C = 0, but this is exceedingly difficult and expensive to do, and in most cases few experts would believe it had actually been achieved. When it comes to security, small and simple is not only beautiful, it is the only hope.

A stack of 11 interacting complex security protocols is neither small nor simple. Most systems engineers pull existing software off the shelf and stack it up. Those protocols use algorithms that we assume to be formally proven to be correct, although that is often not the case, and it is certainly not the case for common algorithms used with the Internet. Even for correct security protocols that are correctly implemented, hackers have consistently found creative ways to get around them, in cases by varying timing, monitoring power consumption, or grinding the tops off chips.

-

The role of perspective

+

Perspective and insurance

- It is typical that fraud cases act as linear risk failures from a credit card company's point of view, as they statically plan for some fraud to occur every year. However, those exact same risks are viewed as a catastrophic failure from the individual card holder's point of view. The entire purpose of insurance is to put card holders into the same boat as their card companies. + Typically, fraud cases act as linear risk failures from a credit card company's point of view, as they statically plan for some fraud to occur every year, while those same risks are catastrophic failures from the individual card holder's point of view. The statistical model of a lottery has similar properties. From the point of view of those running the lottery, they expect to have many winners, while an individual who buys a ticket is unlikely to win, and if he or she does so, will view it as a highly unusual event.

- Computer security is almost always treated as an uninsured catastrophic risk situation. There is typically no contract with users to make up for losses after a security lapse. + The purpose of insurance is to bring those who would otherwise experience catastrophic risk into the same group experiencing the linear risk. For a credit card company, this would mean promising customers that they will make them whole if there is fraud on their account. +

+ +

+ In most computer security situations, users are not insured; there is typically no contract with users to make up for losses after a security lapse. Thus, they will experience security lapses as catastrophic events.

Dynamic risk profiles

@@ -448,7 +452,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had Then to access said computer later, mount a deep sea salvage operation, raise said safe, unlock it, connect the computer to a generator, plug in Starlink, type in the user name, and oops, the password was forgotten.

- Of course the password was forgotten, because when it was made the system forced the inclusion of capitals, numbers, and special characters, so unless a person named their dog Xr$nzD4s7, they will not remember it. So then travel back home, get out a notebook and look at the password. + Of course the password was forgotten, because when it was made the system forced the inclusion of capitals, numbers, and special characters, so unless a person named his or her dog Xr$nzD4s7, the person is not likely to remember it. So then travel back home, get out a notebook and look at the password.

We have all experienced this in some form or another, thanks to IT protocol. Thus, we all know intuitively that security comes at the expense of utility. The Marianas Trench paradigm is the asymptotic eventuality for all computer systems that have security as their top priority. @@ -477,7 +481,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

The security paradox

- Most security systems are breakable or bypassable in the face of extreme innovation and effort applied over a long period of time. Also, with time, built in bugs tend to be discovered, and new ones tend to accidentally inserted with updates. + Most security systems are breakable or bypassable in the face of extreme innovation and effort applied over a long period of time. Also, with time, built in bugs tend to be discovered, and new ones tend to be accidentally inserted with updates.

Good-intentioned users do not expend effort to break systems. In contrast, bad actors do. @@ -486,11 +490,15 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

Consequently the trend over time is for security to severely hurt the productivity of good people, while bad actors make use of hard-won know-how to easily bypass it.

-

The primrose path

+

The primrose path

-

When an security fails for an organization, the tendency is to add weight or complexity to that same protocol. The new additions then must be secured. This process eventually leads to the Mariana Trench, which is at the end of the primrose path.

+

When a security measure fails for an organization, the tendency is to add weight or complexity to that same protocol. The new additions then must be secured. This process eventually leads to the Mariana Trench, which is at the end of the primrose path.

-

Consider the example from the introduction. Users reasonably chose simple memorable passwords so they wouldn't chance the high cost of forgetting a password and being blocked from working. Then instead of questioning the protocol, security engineers responded by adding password check filters that forced users to use even longer harder to remember passwords. When, that that didn't work out well, password managers were added. But that created the issue of securing the password manager. This usually involves public key cryptography, and special operating system features. These features then must be tested and maintained. But how is the maintenance to be done? If anyone can post an update to a password manager, then the password manager will not be secure. Hence, there must be a secure update system with special features for sensitive software. But the updates system is part of a larger problem of administering a network of computers. Grab a thread at any part of that chain, and pull on it, and the whole of it becomes unraveled. +

Consider the example from the Introduction. Users reasonably chose simple memorable passwords so they wouldn't chance the high cost of forgetting a password and being blocked from working. Then instead of questioning the protocol, security engineers responded by adding password check filters that forced users to use even longer harder to remember passwords. When, that that didn't work out well, password managers were added. But that created the issue of securing the password manager. This usually involves public key cryptography, and special operating system features. These features then must be tested and maintained. But how is the maintenance to be done? If anyone can post an update to a password manager, then the password manager will not be secure. Hence, there must be a secure update system with special features for sensitive software. But the updates system is part of a larger problem of administering a network of computers. Grab a thread at any part of that chain, and pull on it, and the whole of it becomes unraveled. +

+ +

+ Building on the credit card assurances discussed in Perspective and Insurance, the promise to make clients whole creates an inherent conflict of interest. This manifests when an issuer accuses a customer of actually making the charges the customer claims to be fraudulent, leaving the customer in the awkward position of trying to prove a negative. This defensive posture is rational, as cardholders have been known to report legitimate charges as fraud. Preventing or resolving such disputes inevitably leads to additional security measures, measures that would not have been conceived of had the credit card company not indemnified the client from credit card fraud in the first place.

@@ -504,10 +512,10 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

If a fingerprint is a password, then a person leaves their "password" on every water glass, door handle, and table they touch. How was that supposed to work?

-

This failure provides an expensive lesson: commonsense belongs in security discussions. Legislators and investors must ask foundational questions and demand intelligible answers. +

This failure provides an expensive lesson: commonsense belongs in security discussions. Legislators and investors must not fear to ask what they see as obvious questions, and expect to receive answers that make sense.

-

Ok, so fingerprints are not a great idea, so we should move to faces? +

Ok, fingerprints were not a great idea, so we should move on to faces?

Building to spec versus envisioning the future

@@ -540,7 +548,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

- Unlike a password, which is mathematically deterministic—meaning it is entirely correct or entirely incorrect—biometric authentication is probabilistic. The hardware takes a noisy biological sample and makes a statistical guess as to whether it matches a stored template within an acceptable confidence interval. Because it is a guess, the system will inevitably generate false negatives. When a deterministic password fails, a person can type it again. When a probabilistic biometric system decides a person does not match their own face—as happens frequently to people with facial differences or aging features—it creates an unresolvable administrative deadlock. The person is digitally exiled by an algorithm making a bad guess. + Unlike a password, which is mathematically deterministic, meaning it is entirely correct or entirely incorrect, biometric authentication is probabilistic. The hardware takes a noisy biological sample and makes a statistical guess as to whether it matches a stored template within an acceptable confidence interval. Because it is a guess, the system will inevitably generate false negatives. When a deterministic password fails, a person can type it again. When a probabilistic biometric system decides a person does not match their own face, as happens frequently to people with facial differences, aging features, or happen to very tired, it creates an unresolvable administrative deadlock. The person is digitally exiled by an algorithm making a bad guess.

@@ -562,7 +570,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

- We will call this first type of ID the unique number ID, or unique name ID. Within a bureaucratic context, a unique number ID serves as the label on a folder. In a computer science context, this will key into a database. Generally, it locates something related to the person the ID is referring to. Because it locates information about a person, each person must have a different unique number ID, so we say that each such ID is unique. + We will call this first type of ID the unique number ID, or unique name ID. Within a bureaucratic context, a unique number ID serves as the label on a folder. In a computer science context, this will key into a database. Generally, it locates something related to the person the ID is referring to.

@@ -578,7 +586,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

- A good example of a unique number ID that is often misused as a proof ID is the Social Security Number. They are issued in series, the space is dense, and the number is the ID. Furthermore, they appear in clear text in many honeypot databases. Over time, government and private entities began requesting the SSN as a proof ID to verify identity. Congress has passed some legislation to protect Social Security numbers from being made public, which could be construed to protect their use as a proof ID; however, this is security theater, for the reasons outlined above, and because that water already left the dam. Most notably, Section 7 of the Privacy Act of 1974 explicitly makes it unlawful for federal, state, and local government agencies to deny a person any right, benefit, or privilege because of a refusal to disclose their Social Security Number. Apparently, it is to be kept secret to preserve its value as a proof ID? + A good example of a unique number ID that is often misused as a proof ID is the Social Security Number. They are issued in series, the space is dense, and the number is the ID. Furthermore, they appear in clear text in many honeypot databases. Over time, government and private entities began requesting the SSN as a proof ID to verify identity. Congress has passed some legislation to protect Social Security numbers from being made public, which could be construed to protect their use as a proof ID. Most notably, Section 7 of the Privacy Act of 1974 explicitly makes it unlawful for federal, state, and local government agencies to deny a person any right, benefit, or privilege because of a refusal to disclose their Social Security Number. Apparently, it is to be kept secret to preserve its value as a proof ID. However, this is security theater, for the reasons outlined above, and because that water already left the dam. Social security numbers can be found on many documents.

@@ -716,7 +724,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

Citizenship-based taxation (CBT)

- The United States is one of only two nations that utilizes Citizenship-Based Taxation (CBT) instead of Residency-Based Taxation (RBT). Because the IRS must track every dollar a citizen touches globally, the U.S. is the lead architect of the global financial "Phone Home" system. This requires every bank on the planet to report on American dealings (FATCA). + The United States is one of only two nations that utilizes Citizenship-Based Taxation (CBT) instead of Residency-Based Taxation (RBT), the other being Eritrea. Because the IRS must track every dollar a citizen touches globally, the U.S. is the lead architect of the global financial "Phone Home" system. This requires every bank on the planet to report on American dealings (FATCA).

This global tracking mandate is the hidden driver for an interoperable, global digital ID. Every dollar holder is now suspected of being a money launderer, a drug dealer, or a tax-evading "sneak." In a CBT world, the source and identity of the money are more important to the state than the payment itself. We secure the portal to pay taxes, not because the account holder wants to prevent others from paying his or her taxes, but rather because the government needs to know where the money came from. @@ -754,7 +762,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

- Profiling for targeted advertising is one of the refinements. In this case, different people are shown different ads based on their profiles. A shopping site might lead off with different entry points into their catalog. The catalog will be the same for everyone, but they want to help you find things in it more easily. This is accomplished by profiling users and selling that data to data brokers, who then collate the data, and selling it back to marketing firms who generate targeted ads. + Profiling for targeted advertising is one of the refinements. In this case, different people are shown different ads based on their profiles. A shopping site might lead off with different entry points into their catalog. The catalog will be the same for everyone, but they want to help you find things in it more easily. This is accomplished by profiling users and selling that data to data brokers, who then collate the data, and sell it back to marketing firms who generate targeted ads.

@@ -762,7 +770,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

- The next step down the primrose path was to use the features for automatically selecting a clients region to enforce regional taxation laws on clients. This is important now that so much commerce has moved to the Internet. Another factor is that heavily indebted nations are highly concerned not to miss out on taxes as they need the revenue. Hence, many commercial servers will enforce the use of only credit cards and contact information that matches the region setting. Thus, a exchange student in France will be blocked from paying for a gift for his mother in the United States if he tries to pay for it with a U.S. credit card. PayPal will not allow a person with a U.S. telephone number to use a French credit card to buy boots from specialist boot maker in Columbia. Etc. + The next step down the primrose path was to use the features for automatically selecting a clients region to enforce regional taxation laws on clients. This is important now that so much commerce has moved to the Internet. Another factor is that heavily indebted nations are highly concerned not to miss out on taxes as they need the revenue. Hence, many commercial servers will enforce the use of credit cards and contact information that matches the user's region setting. Thus, an exchange student in France will be blocked from paying for a gift for his mother in the United States if he tries to pay for it with a French credit card. PayPal will not allow a person with a U.S. telephone number to use a French credit card to buy boots from specialist boot maker in Columbia. Etc.

We are now being asked to take this one step further. We want websites to differentiate service depending on the age of the person who requests an account, separately from the credit card system.

@@ -1166,7 +1174,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

- The reduced complexity manifests dramatically on the enforcement side. Whoever thought it was a good idea to pull grandmothers and the lesser able among us into complex accounting problems, audits, and penalties? On the other hand, the very reason corporations were formed was to formalize their financials and liability. They already engage professional accountants. They already have fiduciary duties. + The reduced complexity manifests dramatically on the enforcement side. Whoever thought it was a good idea in the first place to pull grandmothers and the lesser able among us into complex accounting problems, audits, and penalties? On the other hand, the very reason corporations were formed was to formalize their financials and liability. They already engage professional accountants. They already have fiduciary duties.

Citizenship-based taxation

@@ -1176,7 +1184,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

- Said tax treaties create a de facto residence-based tax. From the point of view of reducing complexity so that computer security is tractable, the commonsense solution here would be to move to a residence-based tax and eliminate the paperwork burden entirely. + Said tax treaties create a de facto residence-based tax. From the point of view of reducing complexity so that computer security is tractable, the commonsense solution here would be to move to a residence-based tax and eliminate the tracking database.

Policing money

diff --git a/document/White_Paper_Cybersecurity_Legislation.pdf b/document/White_Paper_Cybersecurity_Legislation.pdf new file mode 100644 index 0000000..dce1112 Binary files /dev/null and b/document/White_Paper_Cybersecurity_Legislation.pdf differ diff --git a/document/gemini-code-1779123821558.py b/document/gemini-code-1779123821558.py new file mode 100644 index 0000000..10233db --- /dev/null +++ b/document/gemini-code-1779123821558.py @@ -0,0 +1,118 @@ +import re +import sys +from weasyprint import HTML + +def generate_pdf(input_html_path, output_pdf_path): + with open(input_html_path, 'r', encoding='utf-8') as f: + html_content = f.read() + + style = """ + + """ + + html_content = html_content.replace('', style + '\n') + + headings = re.findall(r']*>(.*?)', html_content, re.IGNORECASE) + toc_html = '

Table of Contents

    ' + for level, text in headings: + clean_text = re.sub('<[^<]+?>', '', text) + toc_html += f'
  • {clean_text}
    • ' + toc_html += '
' + + html_content = re.sub(r']*>.*?', toc_html, html_content, flags=re.IGNORECASE|re.DOTALL) + + HTML(string=html_content).write_pdf(output_pdf_path) + +if __name__ == "__main__": + if len(sys.argv) != 3: + print("Usage: python3 generate_pdf.py input.html output.pdf") + sys.exit(1) + generate_pdf(sys.argv[1], sys.argv[2]) \ No newline at end of file diff --git a/document/to_pdf.py b/document/to_pdf.py new file mode 100644 index 0000000..a8221dd --- /dev/null +++ b/document/to_pdf.py @@ -0,0 +1,111 @@ +import re +import sys +from weasyprint import HTML + +def generate_pdf(input_html_path, output_pdf_path): + with open(input_html_path, 'r', encoding='utf-8') as f: + html_content = f.read() + + style = """ + + """ + + html_content = html_content.replace('', style + '\n') + + headings = re.findall(r']*>(.*?)', html_content, re.IGNORECASE) + toc_html = '

Table of Contents

    ' + for level, text in headings: + toc_html += f'
  • {text}
    • ' + toc_html += '
' + + html_content = re.sub(r']*>.*?', toc_html, html_content, flags=re.IGNORECASE|re.DOTALL) + + HTML(string=html_content).write_pdf(output_pdf_path) + +if __name__ == "__main__": + if len(sys.argv) != 3: + print("Usage: python3 generate_pdf.py input.html output.pdf") + sys.exit(1) + generate_pdf(sys.argv[1], sys.argv[2]) +