The truthful and accurate definition of a monopoly is one in which the consumer choice for a product or service resides with a single company.
Obviously Google is not just an email services provider and I am not finding it unreasonable that Google would advertise and sell advertising space to those that receive free email service.
I deal with a large amount of customers in various databases and I can say that I don't see GMail having such a huge percentage of the market share (based on domains in the email with a group by query).
Hardly a monopoly, and whoever said life is fair, much less business? If you believe that a free market is fair, I have a bridge to sell you.
This is a non-story. In fact, I would be very surprised if Google did not push any service it offers above all other competing services through any service that it provides. That isn't evil either.
Those people made a "pact with the Devil" so to speak when they got their GMail account to begin with. This may sound snobbish, but if you don't have your own domain pointed towards an email server through your company, or a private upsell through something like GoDaddy, don't try representing yourself as a professional.
The sheeple wan't free, but actually want it with no strings attached? Just how was Google supposed to make money by giving away free email accounts again?
LOL. Groupon is bitching? They just had a ridiculous IPO and could just make a deal with Google to get their email through with priority service and be done with it. Whining about it is actually quite funny to tell the truth.
Now the next time you hear/view copyrighted media you'll immediately forget what you saw if you stop paying subscription fees for those memories.
You seem to imply that but just stopping a subscription I could get some of those things out of my head. That might not be a bad thing. Sounds cheaper and less dangerous than a power drill from Home Depot.
The speed on the report can also depend on the testing software, testing environment, etc.
It's not like companies far and wide have not set up tests, or altered units, etc. to obtain the results that look the best. It's about presenting a plate of crap as an expensive Surf & Turf meal.
10 years ago, I remember that AT&T would give you the speeds (if you asked the technical people) but those were speeds that were measured at tower use rates of less than 20%. I was told that Verizon gave you the speed measurements, but at what they would be if the tower was at capacity.
Big difference, and I fully admit that it was hearsay and anecdotal.
In any case, if forced, you can bet the carriers will weasel around like sons of bitches when it comes to how they perform their testing.
I would be more impressed if the bill named an independent 3rd party that defined all the parameters of the tests to make sure they were true apples to apples comparisons.
Oh really? You think medical practices have got better do you?
I was wheeled in to a room this morning that resembled the lab Darth Vader was constructed in for my first colonoscopy. A bunch of people moving around real fast, but on one wall there were fucking black tubes 7 fucking feet long that looked like Borg power conduits. It got worse from there.
I was told that conscious sedation was cheaper and I cut him off right there. I asked if those black cables that looked like it was from the personal collection of PinHead were going to be used on me and I told his ass right there I didn't care what it cost. Knock my ass out now because I don't want to remember a damn thing.
Good choice too. If you have means I highly recommend it. The first few hours after anesthesia is like Disney Land, but much cooler.
My point being, some medical procedures today are not by any definition of the word, "pretty". We just have ways of making you not remember it. Thank the Heavens for that.
Never said I could not appreciate quality cinema. There are plenty of movies that I love. The most moving one I can think of is What Dreams May Come, Contact, etc, but that would still pale in comparison to the book.
Books are inherently better because you create the movie in your head as you are reading it. You just can't do that with cinema. It has budgets, time lines, etc. LOTR would have taken 100 hours to do to become close to my own imagination.
Books are inherently better for a simple reason. A cinema adaption is "lossy". There are sacrifices that have to be made and it just cannot replace the experience of the written word. It is a distilled concentrated version of several people attempting to relate their experience of reading the book into a format that can fit in 2-4 hours.
That is why it is impossible for cinema to be inherently better or even of the same quality. It will always be a shadow of what we can create in our minds. It's okay for a distraction and clearly enjoyable.
However, the most enjoyment I get is from books precisely because of what cinema's limitations are.
John Fucking Wayne. Our family would build our own memorial to that man.
Every family reunion for as long as I can remember... there would be a fight over John Wayne. The rest of us had bettintg pools over him.
One relative was a real Macho tough SOB. The Duke? You don't insult the Duke and walk away.. you crawl away.
One relative was a flaming gay man. With conspiracy theories.
I won the pot one year by guessing how many glasses of wine and at what time the Duke would be accused of being gay and part of the grand homosexual conspiracy in Hollywood and how many minutes it would take for us to have to hold the first relative back from killing the latter relative.
there's really nothing inherently better about books vs. other forms of entertainment.
I don't think it is possible to disagree with you more.
I was 9 years old when I started reading the Xanth series books by Piers Anthony. I started with the middle of series at the time. For somebody my age, the protagonist was very accessible to me. I related to him. There could never be an adaption of that book in an other form of media that could even be a shadow of that universe in my mind. Not possible.
I was 11 when I read the full edition of the Lord of the Rings after The Hobbit. It was a family copy, which meant it was not the edited crap that was mostly available in libraries throughout the 70's and 80's. My copy (now passed down to me) was published in the 50's.
It was indescribable to me what I went through reading that. The scope of that world, the "resolution" and "texture" that it took in my mind could never be replaced or compared too. The LOTR movies are "passable". By that, I really mean crap. They could not tell the fully story. Literally. They left out Tom Bombadil and Goldberry. I can understand that back story behind that, but as a child, I understood him to be literally beyond the powers of the rings themselves. That grabbed my mind and imagination. Even Gandalf, which accordingly, is one of the strongest and most powerful beings in all of Middle Earth. Also known as Olorin, of the Maiar and disciple of Nienna. Yet, he is still under the influence of the rings.
The LOTR universe cannot be translated from a book. It can only be read.
Then of course there is the ridiculous expansion throughout the Rama series with Arthur C Clarke, of which The Garden of Rama was my favorite. How could *that* be transferred to another medium?
Maybe you are right about the average person today. However, I hated English class, with a passion of a thousand Suns. I never hated the books. Maya Angelou's I Know Why The Caged Bird Sings, Kafka's the Metamorphosis, Jack London's the Sea Wolf. I was exposed to all of those books through English class. I had no interest in sharing with others (at the time) what I felt about it. Fuck a book report. Seriously? How am I supposed to put into words at 10 years old what the Sea Wolf was like to me?
I cannot put into words the worlds that were created in my head from the act of reading those books. They caused me to think, to feel, to cry, to look within myself. They showed me nobility, evil, heroism, sacrifice. Books helped me become the person I am today by shaping my experiences. Not Movies. Books.
My love of what books did for me and where they took me can be described no better than what my punishment was a child. I was expelled from the house, but strip searched for a book first.
There is just no way, that even the most god-like director can ever create on a screen what so many of us here on Slashdot have created in our own minds.
Inherently no differrent?
Sir you must be jesting. A comparison of the two is a farce at best. The difference between a flashlight and the Glory of the Sun. Whether it changes from verbal stories, to scrolls, to parchments, to paper, to digital 1's and 0's held within crystal structures makes no difference.
The day we lose the written word, is the day we start slipping into a Dark Age, or more likely Idiocracy realized complete.
There is only one way to go further and that is for the authors themselves to create the worlds in their minds, fully formed, and then telepathically transmit all of to us.
The disease is unlimited, the cure is the truth. Marketers and so-called business people had this great idea at one point to compete that they would just oversell the crap out of the bandwidth, make sure their analysis was accurate, and that the average person "received" unlimited, but was in fact statistically within the range that allowed them to profit.
Henceforth, the disease spread. Unsophisticated users expect unlimited to conform to the definition of unlimited, not the marketing/business definition. The capitalistic definition of unlimited is actually quite limited.
So once again, why the penalty?
Everything else we deal with, we get a better rate for volume. If I purchase 100k credits to send out txt messages through a gateway service (which you need when you don't know the carrier) I get a substantial discount over a purchase of 1k credits.
As I have said before:
1) Choose a plan. Set your floor and your ceiling. The floor means that you are SOLD 2mb/s of bandwidth. It's yours. They cannot allow others to use, or in marketing speak, oversell the fuck out of it to pay for hookers, blow, and fast cars. Choose your ceiling. Which is basically saying, there are times in which I would like to be able to move data around at 50 mb/s. That plan will cost more than a 2/10, more than a 1/5, but less than a 20/100.
2) You are billed an additional fee based on your actual usage. However, no penalty needs to be assessed. It just simply looks at how much data you transferred in the billing period between your floor and your ceiling, averages it out to per second, and then charges you based on your level. Like water filling up a tank. You used an average of 7mb/s for the entire billing period, so you need to pay X amount per gigabyte or terabyte.
Additionally we are told that because we get a floor and we can move up to the ceiling, that if we consistently go over 50% they are going to ask us to raise our floor. Which I think is fair. After all, that 8mb/s is bandwidth that they cannot actually sell as a floor. If we keep using too much of it, they just ask us to raise our plan. That is not a penalty either, because we get a better rate per gigabyte anyways.
It is a very transparent, easy to understand, and fair billing method. Which is usually what you find in business to business settings with established companies. Those that want to fuck you, usually are too big to fail, and yet wonder why smaller newer companies are eating into their market share so fast.
The txt messaging service we use, RedOxygen, is so cool about it that they will automatically adjust your rate based on your volume and give you a BETTER price if your usage starts going over a certain amount. We don't have to ask for it even.
I agree with you on pretty much everything you said. The original poster said it could be good or bad and I agreed with that statement.
The example I gave had plenty of considerations on why Amazon would not work for that particular project and it's requirements. We did not go with Amazon. However, I can see situations in which it is still not a good idea to go with Amazon once fully considered as you suggest, yet the executives will still be too shortsighted to not go with Amazon.
Everything you pointed out are things to carefully consider when choosing between the two.
As for the variable demand, you don't need to purchase all of the servers at once. Amazon is clearly set up for variable demand, but you can do the same thing in a data center as you are scaling. As long as your platform and software supports it you can increase your resources as the demand increases.
There are cases where the cloud is a good choice or the right choice, but this just smacks of incompetent management.
You said it all in a nice little sentence.
We looked at the Cloud (I hate saying that word, it's misunderstood) with EC2 and we found that it was actually cheaper in the long run to make a financial investment in equipment to do it at our own data center. We have the expertise to have a fully virtualized group of servers that we can manage and with live migration have any technical issues mitigated with the bare machines themselves. After that it was just a matter of writing the service software to load balance itself out among all the servers in the group and a kind of command and control that keeps track of all servers entering and exiting the "Cloud".
All of that was actually cheaper than EC2 with the same specs.
However, it required a much higher upfront cost. So maybe it is not that the managers hate IT or anything (which is entirely possible) but that when the CTO comes in and tells the other executives in a meeting that it will take a week or two and a $100k investment in equipment and somebody brings up that they could just start paying a couple thousand a month to Amazon instead...... the CTO is basically told that the investment is not going to happen and make it work with Amazon EC2.... even after he explains that the long run costs are actually much higher.
It's the same disease that is destroying America. Short term thinking and short term profits for the executives, because that is what gets them the bonuses and all the fun fun happy happy time they get to have with all that extra money.
Amazon EC2 is fine and all, but you can use that as a backup, or a way to scale really quickly if needed. Anybody fooling themselves into thinking the Cloud is more financially efficient over the long run is just not doing the math. Amazon has to make a profit... so... yeah it will cost you more. Try getting a quote for what it actually costs with EC2 to create a group of virtual servers that are in different "availability zones" so that if part of Amazon goes down on the East Coast (Lulzsec having a party) that you are not actually impacted. The costs are more than one thinks to have all the really cool and valuable services that Amazon can give you. For plain vanilla that price is always cheaper. Reminds me a of Mexican fast food type joint around here. The "basic" quesadilla is $1.99. After adding some stuff to it they are $7 a piece.
I seem to remember Amazon recently having a major issue where all that amazing and expensive load balancing and redundancy across availability zones didn't actually work as expected..... and I can imagine how pissed off and disappointing the event was to the CTOs of the impacted companies. Sure they can explain that Amazon screwed up... but how many people here on Slashdot want to bet dollars to donuts that one of the executives didn't say, "Well why did you not have a plan for that?".
It's basically a lease on equipment. Too many Americans completely lack the ability to determine over time how much more the lease would have cost you versus a straight purchase.
To those executives, why the hell do they care? Most of them are already have the resumes on a nice heavy stock paper, golden parachutes, and exit plans from every building they step into.
Most IT people don't think anywhere near the same way. They don't hate us exactly, we just don't fit in with their culture.
Cop cars would have the infrared signals to prevent cameras and other such recording devices from recording their activities. It's amazing that a cop actually thinks it is/should be a crime to record their activity when we fundamentally have the rights to audit and review their performance.
Shopping malls and grocery stores would install it. How many apps are being developed (or already exist) to do price comparisons in brick and mortar retail stores?
I could go on, but public performances of music would be the very tippiest tipppest tip tip tip of the iceberg on this particular technology.
However, as Martha Stewart would say, "It's a good thing". Just to be really really geeky I will quote Princess Leia as well, "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers".
I believe this will just encourage the use of jailbreaking and firmware modification to an all time high. Normal people, the Sheeple, don't react strongly enough to most situations to want to modify their phone. It's time consuming, they lack the sophistication, and probably lack the connections to people that do know how to do it.
That being said....... a Sheeple being informed by their pretty shiny Apple device that they are not allowed to do something that they really wants to do is an amazing eye opener to just what level of ownership they have over their device and can be an amazing catalyst to turn a nice little obedient Apple citizen into an underground renegade:D
P.S - Just so I can destroy and stop the thread I find that the behavior will be quite similar to the reactions and understanding the Jews had when they got their stars on their clothing and even more when they were wondering, "Why the fuck I am on this train?". That's Apple to me:) Apple fanboys calm down please and put down the pitchforks.... the shiny technology is impressive but even you have to admit that you are just citizens of a nice walled garden. Let's hope it stays the nice shiny Utopia you all love.......
Sorry, but my first thought was a puerile one. Quite fitting, since I think Facebook is fucking over a lot of people everyday, it was just their turn to get "tapped".
Do you mean as stupid as Darwin himself, Stupid as the theory of evolution (both of which I am flattered by), or Darwin awards stupid (which I am not flattered by)?
Well.... you would not be flattered. I am a scientist and believe in the scientific method. According to our observations of the world Evolution is a fact, not a theory. All species on Earth are in a constant state of evolution. Sometimes people have misunderstood that major evolutionary changes don't happen like X-Men in a single generation. We are talking thousands, but we can still see this in bacteria much more quickly (which is why we are having problems with super strains) and some species of animals. So trying to disprove evolution by claiming that there are no changes in a single generation or two generations is specious.
Not all science is impartial. I believe in Evolution as a process. However, as a scientist I must admit that we simply don't have enough data to prove that evolution created Man, or any other specie specifically. That is why it is a theory and not a Law.
However, again, I think the theory has more weight with me because it is at least based on observations and data (no matter how little) when there is ZERO data to support Intelligent Design or the existence of divine beings such as the Christian God.
Being a man of Faith, I recognize Faith for what it is. I believe certain things to be true in spite of the fact that I have no evidence to prove it, let alone a method to determine it as a fact. I'm okay with that. What I don't like is when people create such an emotional investment in their Faith that they need to state it is a fact, when Faith and facts are mutually exclusive. An intelligent and rational person realizes this.
Evolution is the best answer we have right now. Nobody else has given me a better one, and my own faith is not one of the monotheistic faiths that have doctrine and define how the world was created.
For all we know, an ancient alien civilization was deciding on colonizing and genetically modified monkeys to adapt their bodies over time to allow their consciousnesses to be transferred, or essentially be a new species of their own "race". By the way, that idea is from NASA. Not our origins per se, but how to colonize other Earth type worlds by adapting existing species to be more "human like". Same idea to create species adapted to space travel.
My point being that we can try to explain the origins of Man, but neither side can fool itself into thinking we have proven it. However, since you vaguely indicated that you not a supporter of evolution, I will have to be disappointing you by saying that I still think evolution is the best idea and theory with sound logic and reasoning behind it, not faith. Theory is not a form of faith either, which is the usual response I get.
My real honest opinion, since you seem to base your emotional response on my answer, is that you are part of the overall problem. Why we argue and make such emotional investments in arguments about faith to the point where harm others is monumentally stupid. We can't prove God, yet others will delude themselves and warp faith into fact, and yet more others will delude themselves into impartiality about their hatred of religion and support of science.
The whole thing is tragic and why we don't deserve what we have, or to be out in space spreading our species.
I might be making a mountain out of mole hill here and misinterpreting your seemingly emotional investment and judgement against me based on my answer. If so, I apologize in advance.
In any case, can't we just agree that we both don't know the truth, that we can still be friends, and we can still cooperate on making the world a place of peace?
Smoking is a provably deadly habit that puts a tremendous strain on our resources when the smokers do, and always will, get sick. To be fair, the same strain on our resources occurs due to our food consumption choices and habits as well. I am overweight and not a hypocrite. I realize the true costs of my healthcare in the future and have lost 30 lbs in 4 months.
However, a single donut is not deadly or a cause of cancer. A single cigarette does contain multiple chemical compounds that have serious deleterious affects on the human body and increased risks of many types of cancer.
I don't find it unreasonable to say as a society that we will not approve of parents willfully subjecting their children to known deadly substances. That is not evidence of a Nanny State in progress. I feel the same way about parents getting drunk around their kids too. Want to have fun? Get a babysitter, or put the kids to bed before putting down a few. You can't take care of a child properly under the influence.
To compare the concern we have for children and their exposure to smoke as the rights (inherently) we are losing due to this legislation is specious at best.
All creative works are born in the Public Domain and belong to all of humanity equally. As a society we determined it was in our best interests, at birth, to grant specific legal entitlements to the creators to support and encourage the creation of creative works that benefit not just us, but our posterity as well.
These were specific and not designed at the time, to be forever, or in Disney's case ~75 years for some of their material. This type of legislation is granting additional legal entitlements and taking the forum for disputes away from the civil courts and placing them in the jurisdiction of the criminal courts.
This is nothing but harmful to society. I support criminal levels of IP infringement, but only when it is organized, large scale, and clearly an attempt to deprive the creator of the profits.
Making copies of your audio CDs, DVD movies, and Karaoke, are not acts which should be covered under IP law. Actually, they should be covered... to the benefit of the consumer. IP law should be updated to specifically allow, or exempt, actions upon citizens by the creators under those specific conditions.
That way the court cases would move much much faster. Like time-barred debt that has exceeded the statute of limitations, all I need to say in court is that their legal argument is wrong according to the law. Period.
I know smokers love to play the pity party and make it an issue of civil rights but you are messing around with a deadly substance. The only possible equivalent on the IP side is Britney Spears, or possibly Justin Bieber.
This was still not hacking.. until you bring in your definition of dishonest intent.
Citigroup (not Citibank) announced to anyone smart enough to understand that if you pass it an account number it will pass you back the profile. I am not sure that dishonest intent trumps implicit authorization and condonement of the activity.
Sometimes it is hard to give real world examples of just how the interactions play out. Basically, what this was is that you could walk up a house and tell a man a number between 1 and 1 million. If you guessed a correct number, he would give you a cookie. Now someplace else, somebody may have been selling those numbers and other people owed them.
However, that does not change the fact that the man announced his policy that he would give the cookie regardless.
That is the way I see their $_GET situation. Asking a "question" of a system should always be deemed harmless when it is not inherently designed to bypass security and gained unauthorized access.
Which, by the way, is my real problem with it. I have a hard time consider it unauthorized based on how they designed the system.
Regardless of how few skills were required to perform this action, it is still criminal and it makes the web worse for the rest of us. Instead of laughing this off as lame and ranting about how citibank acted like n00bs and got pwnd. Think about how we got to this point and where we are going. This our Internet, we are going to give this to our kids one day. My point is this. It is bad that it happened. The internet shouldn't be a bad place. You shouldn't condone bank robbery because the bank left the door unlocked (Regardless of how silly it was). Citibank was the victim of a crime. Victims should get sympathy
This is lame. Super lame. Stupidity at Darwinian levels of proportion.
I call into question the full level of criminality here.
Yes. We should learn from this and serious organizations should take security seriously. Security in the last 15 years has been way too much of an afterthought, and not enough of a fundamental base upon which your digital structure is founded.
I am not condoning bank robbery. Technically, that has not happened yet. What I said was is that it stretches the definition of criminality and hacking because of Citigroup's involvement visa vi their gross negligence. There is more than one guilty party here.
I never indicated a lack of sympathy. However, NOT for Citigroup. They deserve no sympathy and nothing but our laughter, ridicule, and condemnation. Their issues are so severe in their impact and indicative of a complete disregard or complete incompetence in having a secure web presence. They are not just noobs here, they are a major freakin corporation and have ZERO excuse as to why they did not hire multiple security firms to overlook their infrastructure, software, and procedures.
The victims are the customers of Citigroup and they should sue them out of existence for any damage caused by Citigroup's actions.
It is a little less secure. You are right that with tools you can see anything POSTed in an AJAX call. I think IE9 has a debug feature that you turn on that will show you both the POST and response doc.
However, GET statements are in plain view and recorded as part of the browsing history in just about everything. Security appliances, content managers, proxies, web browsers, etc. Last time I checked there were not that many browsers or security products recording POST transactions.
then sending it in an AJAX call doesn't really make it more secure either since the client will need to know the encryption method and thus will be able to submit encrypted dummy values as well.
Of course the client will need to know. That is what JQuery is for. The encryption method is literally downloaded by the client.
As for the dummy values......... andddddd?
For some of the stuff I do I hide a UID on the page and then pass that back with the AJAX call. However, none of the credentials for the API is stored client side. That part is PHP and server side. So when it receives the AJAX call, it knows the UID being passed, but *also* retrieves a lot more information from the session data. Additionally, the real API calls that do work and are secure are always called from the PHP. The AJAX call is just initiating an API call with passed data. Everything about the API call is hidden from the user, most importantly, the API credentials.
So submit all the dummy values you want till the cows come home. Whatever you do with your POSTs that you learned through observation will still only allow to perform actions that our security engine deems to be appropriate for who you have been authenticated to be. Which can be quite extensive. We have granular control over all API actions to all API credentials and then further to all users against all actions that can be performed with the API.
So knock yourself out. Everything you do is still within our security, not outside of it. Only difference is that you are manually making the calls with incorrect/correct data instead of using our front end that makes life easy for you.
For aesthetic purposes you might not want the user to see the variables being passed via the URI but don't kid yourself into thinking that, because the user can't see the variables in their browser, they cannot be arbitrarily modified.
See the reasons stated above why we could care less about arbitrarily modified values passed in AJAX POSTs. We considered that in our original design for security.
We are more concerned with the SSL portion of the website and attackers learning the user names and passwords of the users connecting to our applications and services than we are about users, or even attackers, learning about all of the possible AJAX POST calls you can make on our website.
It won't get them anywhere. If somebody has attacked one of our users, than yes, the attacker will have compromised *that* users account. Nothing an attacker could do with a user account would allow them to do anything outside of that users security context.
So to reiterate, we are far more concerned about the security of SSL, especially in light of the RSA attacks, than we are about the security of our POSTs. SSL takes care of people compromising our users, to an extent. There are edge cases and coffee shop bullshit where our users would not be as safe, but our systems will still be.
Furthermore, since we actually validate data, and the security context for each call, you cannot SQL inject attack us either. That part is so simple, the fact SQL injections still exist at all is beyond me. Pass all the dummy data you want attempting SQL injection attacks. Kind of hard to do when you can make all statements SQL safe by simply removing the ' symbol. In our case, the data will not validate on the client side before the POST, but let's sa
Second, why is this a surprise to this security "expert"? Anyone who has done development for a website with dynamic content would be familiar with passing information through the url. This is like web design 101. If I logged into my credit card account and saw my CC number in the URL bar the FIRST thing I would think of would be: "what would happen if I typed in another number in there." Security expert my ass, no wonder why some companies have this happen to them, look at the people they hire to test and investigate their systems!
I made another comment about how awesomely stupid this is, but yeah. If you see your account number in the URL bar stop the service and find another company.
There should be NOTHING in the URL bar. NOTHING. Just the page. At most you should see www.demo.com/accounts
If you are actually going to be secure than a credit card number should passed in a secure AJAX call, where it gets encrypted first in JQuery, than passed to a php page server side, where it uses it's own API credentials to process the call fully, including security verification from the session AND passed data in the call, BEFORE returning a JSON document to the client side where it can do its job and update the page.
$_GET should be totally deprecated in its use. I take that back. We used it sometimes to reference the API function call we are making internally in the past. So it being used as a functional way to access different functions is okay. However, even that behavior should transition over to the XML docs containing the function being requested. Our systems currently support both for legacy applications.
$_GET is not secure. Period. Why? It is not just the rest of the world you are securing yourself against, but the USER AS WELL.
Slashdot Mirror
The truthful and accurate definition of a monopoly is one in which the consumer choice for a product or service resides with a single company.
Obviously Google is not just an email services provider and I am not finding it unreasonable that Google would advertise and sell advertising space to those that receive free email service.
I deal with a large amount of customers in various databases and I can say that I don't see GMail having such a huge percentage of the market share (based on domains in the email with a group by query).
Hardly a monopoly, and whoever said life is fair, much less business? If you believe that a free market is fair, I have a bridge to sell you.
This is a non-story. In fact, I would be very surprised if Google did not push any service it offers above all other competing services through any service that it provides. That isn't evil either.
Those people made a "pact with the Devil" so to speak when they got their GMail account to begin with. This may sound snobbish, but if you don't have your own domain pointed towards an email server through your company, or a private upsell through something like GoDaddy, don't try representing yourself as a professional.
The sheeple wan't free, but actually want it with no strings attached? Just how was Google supposed to make money by giving away free email accounts again?
LOL. Groupon is bitching? They just had a ridiculous IPO and could just make a deal with Google to get their email through with priority service and be done with it. Whining about it is actually quite funny to tell the truth.
It will feel like someone else automatically.
There's a name for that. It's called The Stranger :)
Now the next time you hear/view copyrighted media you'll immediately forget what you saw if you stop paying subscription fees for those memories.
You seem to imply that but just stopping a subscription I could get some of those things out of my head. That might not be a bad thing. Sounds cheaper and less dangerous than a power drill from Home Depot.
Isn't the fact that you bothered to create and close tags about being pendantic indicative of an extra level of pedantic behavior? :)
The speed on the report can also depend on the testing software, testing environment, etc.
It's not like companies far and wide have not set up tests, or altered units, etc. to obtain the results that look the best. It's about presenting a plate of crap as an expensive Surf & Turf meal.
10 years ago, I remember that AT&T would give you the speeds (if you asked the technical people) but those were speeds that were measured at tower use rates of less than 20%. I was told that Verizon gave you the speed measurements, but at what they would be if the tower was at capacity.
Big difference, and I fully admit that it was hearsay and anecdotal.
In any case, if forced, you can bet the carriers will weasel around like sons of bitches when it comes to how they perform their testing.
I would be more impressed if the bill named an independent 3rd party that defined all the parameters of the tests to make sure they were true apples to apples comparisons.
knowing what they mean can let you in on the hidden life of the gizmos you buy
They tell you when you buy them.
Don't feed them after midnight.
Keep them away from water.
Avoid sunlight.
Thought that was common knowledge.
Ice age dentistry wasn't pretty.
Oh really? You think medical practices have got better do you?
I was wheeled in to a room this morning that resembled the lab Darth Vader was constructed in for my first colonoscopy. A bunch of people moving around real fast, but on one wall there were fucking black tubes 7 fucking feet long that looked like Borg power conduits. It got worse from there.
I was told that conscious sedation was cheaper and I cut him off right there. I asked if those black cables that looked like it was from the personal collection of PinHead were going to be used on me and I told his ass right there I didn't care what it cost. Knock my ass out now because I don't want to remember a damn thing.
Good choice too. If you have means I highly recommend it. The first few hours after anesthesia is like Disney Land, but much cooler.
My point being, some medical procedures today are not by any definition of the word, "pretty". We just have ways of making you not remember it. Thank the Heavens for that.
I am not an anthropologist, but were there not many cultures where food was chewed for elder people that lacked the teeth to do it themselves?
Probably remember it from a documentary or some movies, but I would love an anthropologist to chime in on this.
I imagine blowjobs would be damn scary though!
Well since this is Slashdot isn't the cliche that all most of us can do is imagine a blowjob :)
Never said I could not appreciate quality cinema. There are plenty of movies that I love. The most moving one I can think of is What Dreams May Come, Contact, etc, but that would still pale in comparison to the book.
Books are inherently better because you create the movie in your head as you are reading it. You just can't do that with cinema. It has budgets, time lines, etc. LOTR would have taken 100 hours to do to become close to my own imagination.
Books are inherently better for a simple reason. A cinema adaption is "lossy". There are sacrifices that have to be made and it just cannot replace the experience of the written word. It is a distilled concentrated version of several people attempting to relate their experience of reading the book into a format that can fit in 2-4 hours.
That is why it is impossible for cinema to be inherently better or even of the same quality. It will always be a shadow of what we can create in our minds. It's okay for a distraction and clearly enjoyable.
However, the most enjoyment I get is from books precisely because of what cinema's limitations are.
John Fucking Wayne. Our family would build our own memorial to that man.
Every family reunion for as long as I can remember... there would be a fight over John Wayne. The rest of us had bettintg pools over him.
One relative was a real Macho tough SOB. The Duke? You don't insult the Duke and walk away.. you crawl away.
One relative was a flaming gay man. With conspiracy theories.
I won the pot one year by guessing how many glasses of wine and at what time the Duke would be accused of being gay and part of the grand homosexual conspiracy in Hollywood and how many minutes it would take for us to have to hold the first relative back from killing the latter relative.
We had first aid kits handy :)
Ahhh.... the memories. Thank you Duke.
there's really nothing inherently better about books vs. other forms of entertainment.
I don't think it is possible to disagree with you more.
I was 9 years old when I started reading the Xanth series books by Piers Anthony. I started with the middle of series at the time. For somebody my age, the protagonist was very accessible to me. I related to him. There could never be an adaption of that book in an other form of media that could even be a shadow of that universe in my mind. Not possible.
I was 11 when I read the full edition of the Lord of the Rings after The Hobbit. It was a family copy, which meant it was not the edited crap that was mostly available in libraries throughout the 70's and 80's. My copy (now passed down to me) was published in the 50's.
It was indescribable to me what I went through reading that. The scope of that world, the "resolution" and "texture" that it took in my mind could never be replaced or compared too. The LOTR movies are "passable". By that, I really mean crap. They could not tell the fully story. Literally. They left out Tom Bombadil and Goldberry. I can understand that back story behind that, but as a child, I understood him to be literally beyond the powers of the rings themselves. That grabbed my mind and imagination. Even Gandalf, which accordingly, is one of the strongest and most powerful beings in all of Middle Earth. Also known as Olorin, of the Maiar and disciple of Nienna. Yet, he is still under the influence of the rings.
The LOTR universe cannot be translated from a book. It can only be read.
Then of course there is the ridiculous expansion throughout the Rama series with Arthur C Clarke, of which The Garden of Rama was my favorite. How could *that* be transferred to another medium?
Maybe you are right about the average person today. However, I hated English class, with a passion of a thousand Suns. I never hated the books. Maya Angelou's I Know Why The Caged Bird Sings, Kafka's the Metamorphosis, Jack London's the Sea Wolf. I was exposed to all of those books through English class. I had no interest in sharing with others (at the time) what I felt about it. Fuck a book report. Seriously? How am I supposed to put into words at 10 years old what the Sea Wolf was like to me?
I cannot put into words the worlds that were created in my head from the act of reading those books. They caused me to think, to feel, to cry, to look within myself. They showed me nobility, evil, heroism, sacrifice. Books helped me become the person I am today by shaping my experiences. Not Movies. Books.
My love of what books did for me and where they took me can be described no better than what my punishment was a child. I was expelled from the house, but strip searched for a book first.
There is just no way, that even the most god-like director can ever create on a screen what so many of us here on Slashdot have created in our own minds.
Inherently no differrent?
Sir you must be jesting. A comparison of the two is a farce at best. The difference between a flashlight and the Glory of the Sun. Whether it changes from verbal stories, to scrolls, to parchments, to paper, to digital 1's and 0's held within crystal structures makes no difference.
The day we lose the written word, is the day we start slipping into a Dark Age, or more likely Idiocracy realized complete.
There is only one way to go further and that is for the authors themselves to create the worlds in their minds, fully formed, and then telepathically transmit all of to us.
Movies? I don't think so.
Why the penalty?
At out data center we don't pay a penalty.
The disease is unlimited, the cure is the truth. Marketers and so-called business people had this great idea at one point to compete that they would just oversell the crap out of the bandwidth, make sure their analysis was accurate, and that the average person "received" unlimited, but was in fact statistically within the range that allowed them to profit.
Henceforth, the disease spread. Unsophisticated users expect unlimited to conform to the definition of unlimited, not the marketing/business definition. The capitalistic definition of unlimited is actually quite limited.
So once again, why the penalty?
Everything else we deal with, we get a better rate for volume. If I purchase 100k credits to send out txt messages through a gateway service (which you need when you don't know the carrier) I get a substantial discount over a purchase of 1k credits.
As I have said before:
1) Choose a plan. Set your floor and your ceiling. The floor means that you are SOLD 2mb/s of bandwidth. It's yours. They cannot allow others to use, or in marketing speak, oversell the fuck out of it to pay for hookers, blow, and fast cars. Choose your ceiling. Which is basically saying, there are times in which I would like to be able to move data around at 50 mb/s. That plan will cost more than a 2/10, more than a 1/5, but less than a 20/100.
2) You are billed an additional fee based on your actual usage. However, no penalty needs to be assessed. It just simply looks at how much data you transferred in the billing period between your floor and your ceiling, averages it out to per second, and then charges you based on your level. Like water filling up a tank. You used an average of 7mb/s for the entire billing period, so you need to pay X amount per gigabyte or terabyte.
Additionally we are told that because we get a floor and we can move up to the ceiling, that if we consistently go over 50% they are going to ask us to raise our floor. Which I think is fair. After all, that 8mb/s is bandwidth that they cannot actually sell as a floor. If we keep using too much of it, they just ask us to raise our plan. That is not a penalty either, because we get a better rate per gigabyte anyways.
It is a very transparent, easy to understand, and fair billing method. Which is usually what you find in business to business settings with established companies. Those that want to fuck you, usually are too big to fail, and yet wonder why smaller newer companies are eating into their market share so fast.
The txt messaging service we use, RedOxygen, is so cool about it that they will automatically adjust your rate based on your volume and give you a BETTER price if your usage starts going over a certain amount. We don't have to ask for it even.
So why the penalty again?
I agree with you on pretty much everything you said. The original poster said it could be good or bad and I agreed with that statement.
The example I gave had plenty of considerations on why Amazon would not work for that particular project and it's requirements. We did not go with Amazon. However, I can see situations in which it is still not a good idea to go with Amazon once fully considered as you suggest, yet the executives will still be too shortsighted to not go with Amazon.
Everything you pointed out are things to carefully consider when choosing between the two.
As for the variable demand, you don't need to purchase all of the servers at once. Amazon is clearly set up for variable demand, but you can do the same thing in a data center as you are scaling. As long as your platform and software supports it you can increase your resources as the demand increases.
There are cases where the cloud is a good choice or the right choice, but this just smacks of incompetent management.
You said it all in a nice little sentence.
We looked at the Cloud (I hate saying that word, it's misunderstood) with EC2 and we found that it was actually cheaper in the long run to make a financial investment in equipment to do it at our own data center. We have the expertise to have a fully virtualized group of servers that we can manage and with live migration have any technical issues mitigated with the bare machines themselves. After that it was just a matter of writing the service software to load balance itself out among all the servers in the group and a kind of command and control that keeps track of all servers entering and exiting the "Cloud".
All of that was actually cheaper than EC2 with the same specs.
However, it required a much higher upfront cost. So maybe it is not that the managers hate IT or anything (which is entirely possible) but that when the CTO comes in and tells the other executives in a meeting that it will take a week or two and a $100k investment in equipment and somebody brings up that they could just start paying a couple thousand a month to Amazon instead...... the CTO is basically told that the investment is not going to happen and make it work with Amazon EC2.... even after he explains that the long run costs are actually much higher.
It's the same disease that is destroying America. Short term thinking and short term profits for the executives, because that is what gets them the bonuses and all the fun fun happy happy time they get to have with all that extra money.
Amazon EC2 is fine and all, but you can use that as a backup, or a way to scale really quickly if needed. Anybody fooling themselves into thinking the Cloud is more financially efficient over the long run is just not doing the math. Amazon has to make a profit... so... yeah it will cost you more. Try getting a quote for what it actually costs with EC2 to create a group of virtual servers that are in different "availability zones" so that if part of Amazon goes down on the East Coast (Lulzsec having a party) that you are not actually impacted. The costs are more than one thinks to have all the really cool and valuable services that Amazon can give you. For plain vanilla that price is always cheaper. Reminds me a of Mexican fast food type joint around here. The "basic" quesadilla is $1.99. After adding some stuff to it they are $7 a piece.
I seem to remember Amazon recently having a major issue where all that amazing and expensive load balancing and redundancy across availability zones didn't actually work as expected..... and I can imagine how pissed off and disappointing the event was to the CTOs of the impacted companies. Sure they can explain that Amazon screwed up... but how many people here on Slashdot want to bet dollars to donuts that one of the executives didn't say, "Well why did you not have a plan for that?".
It's basically a lease on equipment. Too many Americans completely lack the ability to determine over time how much more the lease would have cost you versus a straight purchase.
To those executives, why the hell do they care? Most of them are already have the resumes on a nice heavy stock paper, golden parachutes, and exit plans from every building they step into.
Most IT people don't think anywhere near the same way. They don't hate us exactly, we just don't fit in with their culture.
You're being sarcastic, but let's be specific.
Cop cars would have the infrared signals to prevent cameras and other such recording devices from recording their activities. It's amazing that a cop actually thinks it is/should be a crime to record their activity when we fundamentally have the rights to audit and review their performance.
Shopping malls and grocery stores would install it. How many apps are being developed (or already exist) to do price comparisons in brick and mortar retail stores?
I could go on, but public performances of music would be the very tippiest tipppest tip tip tip of the iceberg on this particular technology.
However, as Martha Stewart would say, "It's a good thing". Just to be really really geeky I will quote Princess Leia as well, "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers".
I believe this will just encourage the use of jailbreaking and firmware modification to an all time high. Normal people, the Sheeple, don't react strongly enough to most situations to want to modify their phone. It's time consuming, they lack the sophistication, and probably lack the connections to people that do know how to do it.
That being said....... a Sheeple being informed by their pretty shiny Apple device that they are not allowed to do something that they really wants to do is an amazing eye opener to just what level of ownership they have over their device and can be an amazing catalyst to turn a nice little obedient Apple citizen into an underground renegade :D
P.S - Just so I can destroy and stop the thread I find that the behavior will be quite similar to the reactions and understanding the Jews had when they got their stars on their clothing and even more when they were wondering, "Why the fuck I am on this train?". That's Apple to me :) Apple fanboys calm down please and put down the pitchforks.... the shiny technology is impressive but even you have to admit that you are just citizens of a nice walled garden. Let's hope it stays the nice shiny Utopia you all love.......
Iceland taps Facebook
Sorry, but my first thought was a puerile one. Quite fitting, since I think Facebook is fucking over a lot of people everyday, it was just their turn to get "tapped".
Do you mean as stupid as Darwin himself, Stupid as the theory of evolution (both of which I am flattered by), or Darwin awards stupid (which I am not flattered by)?
Well.... you would not be flattered. I am a scientist and believe in the scientific method. According to our observations of the world Evolution is a fact, not a theory. All species on Earth are in a constant state of evolution. Sometimes people have misunderstood that major evolutionary changes don't happen like X-Men in a single generation. We are talking thousands, but we can still see this in bacteria much more quickly (which is why we are having problems with super strains) and some species of animals. So trying to disprove evolution by claiming that there are no changes in a single generation or two generations is specious.
Not all science is impartial. I believe in Evolution as a process. However, as a scientist I must admit that we simply don't have enough data to prove that evolution created Man, or any other specie specifically. That is why it is a theory and not a Law.
However, again, I think the theory has more weight with me because it is at least based on observations and data (no matter how little) when there is ZERO data to support Intelligent Design or the existence of divine beings such as the Christian God.
Being a man of Faith, I recognize Faith for what it is. I believe certain things to be true in spite of the fact that I have no evidence to prove it, let alone a method to determine it as a fact. I'm okay with that. What I don't like is when people create such an emotional investment in their Faith that they need to state it is a fact, when Faith and facts are mutually exclusive. An intelligent and rational person realizes this.
Evolution is the best answer we have right now. Nobody else has given me a better one, and my own faith is not one of the monotheistic faiths that have doctrine and define how the world was created.
For all we know, an ancient alien civilization was deciding on colonizing and genetically modified monkeys to adapt their bodies over time to allow their consciousnesses to be transferred, or essentially be a new species of their own "race". By the way, that idea is from NASA. Not our origins per se, but how to colonize other Earth type worlds by adapting existing species to be more "human like". Same idea to create species adapted to space travel.
My point being that we can try to explain the origins of Man, but neither side can fool itself into thinking we have proven it. However, since you vaguely indicated that you not a supporter of evolution, I will have to be disappointing you by saying that I still think evolution is the best idea and theory with sound logic and reasoning behind it, not faith. Theory is not a form of faith either, which is the usual response I get.
My real honest opinion, since you seem to base your emotional response on my answer, is that you are part of the overall problem. Why we argue and make such emotional investments in arguments about faith to the point where harm others is monumentally stupid. We can't prove God, yet others will delude themselves and warp faith into fact, and yet more others will delude themselves into impartiality about their hatred of religion and support of science.
The whole thing is tragic and why we don't deserve what we have, or to be out in space spreading our species.
I might be making a mountain out of mole hill here and misinterpreting your seemingly emotional investment and judgement against me based on my answer. If so, I apologize in advance.
In any case, can't we just agree that we both don't know the truth, that we can still be friends, and we can still cooperate on making the world a place of peace?
Let's not confuse or conflate those two issues.
Smoking is a provably deadly habit that puts a tremendous strain on our resources when the smokers do, and always will, get sick. To be fair, the same strain on our resources occurs due to our food consumption choices and habits as well. I am overweight and not a hypocrite. I realize the true costs of my healthcare in the future and have lost 30 lbs in 4 months.
However, a single donut is not deadly or a cause of cancer. A single cigarette does contain multiple chemical compounds that have serious deleterious affects on the human body and increased risks of many types of cancer.
I don't find it unreasonable to say as a society that we will not approve of parents willfully subjecting their children to known deadly substances. That is not evidence of a Nanny State in progress. I feel the same way about parents getting drunk around their kids too. Want to have fun? Get a babysitter, or put the kids to bed before putting down a few. You can't take care of a child properly under the influence.
To compare the concern we have for children and their exposure to smoke as the rights (inherently) we are losing due to this legislation is specious at best.
All creative works are born in the Public Domain and belong to all of humanity equally. As a society we determined it was in our best interests, at birth, to grant specific legal entitlements to the creators to support and encourage the creation of creative works that benefit not just us, but our posterity as well.
These were specific and not designed at the time, to be forever, or in Disney's case ~75 years for some of their material. This type of legislation is granting additional legal entitlements and taking the forum for disputes away from the civil courts and placing them in the jurisdiction of the criminal courts.
This is nothing but harmful to society. I support criminal levels of IP infringement, but only when it is organized, large scale, and clearly an attempt to deprive the creator of the profits.
Making copies of your audio CDs, DVD movies, and Karaoke, are not acts which should be covered under IP law. Actually, they should be covered... to the benefit of the consumer. IP law should be updated to specifically allow, or exempt, actions upon citizens by the creators under those specific conditions.
That way the court cases would move much much faster. Like time-barred debt that has exceeded the statute of limitations, all I need to say in court is that their legal argument is wrong according to the law. Period.
I know smokers love to play the pity party and make it an issue of civil rights but you are messing around with a deadly substance. The only possible equivalent on the IP side is Britney Spears, or possibly Justin Bieber.
I think it is much more simple than that.
One of the social scientists stumbled upon 4chan and this was the result of trying to explain it.
Reminds me of one of my favorite quotes, which I will probably get wrong, and don't remember the source:
No poet has as freely interpreted the truth with their written words, as a lawyer has done with their mouth.
Where is the mod for an informative and polite Spelling Nazi?
Thank you. I thought I had it wrong when I was writing it, but it was late.
This was still not hacking.. until you bring in your definition of dishonest intent.
Citigroup (not Citibank) announced to anyone smart enough to understand that if you pass it an account number it will pass you back the profile. I am not sure that dishonest intent trumps implicit authorization and condonement of the activity.
Sometimes it is hard to give real world examples of just how the interactions play out. Basically, what this was is that you could walk up a house and tell a man a number between 1 and 1 million. If you guessed a correct number, he would give you a cookie. Now someplace else, somebody may have been selling those numbers and other people owed them.
However, that does not change the fact that the man announced his policy that he would give the cookie regardless.
That is the way I see their $_GET situation. Asking a "question" of a system should always be deemed harmless when it is not inherently designed to bypass security and gained unauthorized access.
Which, by the way, is my real problem with it. I have a hard time consider it unauthorized based on how they designed the system.
Regardless of how few skills were required to perform this action, it is still criminal and it makes the web worse for the rest of us. Instead of laughing this off as lame and ranting about how citibank acted like n00bs and got pwnd. Think about how we got to this point and where we are going. This our Internet, we are going to give this to our kids one day.
My point is this.
It is bad that it happened. The internet shouldn't be a bad place. You shouldn't condone bank robbery because the bank left the door unlocked (Regardless of how silly it was). Citibank was the victim of a crime. Victims should get sympathy
This is lame. Super lame. Stupidity at Darwinian levels of proportion.
I call into question the full level of criminality here.
Yes. We should learn from this and serious organizations should take security seriously. Security in the last 15 years has been way too much of an afterthought, and not enough of a fundamental base upon which your digital structure is founded.
I am not condoning bank robbery. Technically, that has not happened yet. What I said was is that it stretches the definition of criminality and hacking because of Citigroup's involvement visa vi their gross negligence. There is more than one guilty party here.
I never indicated a lack of sympathy. However, NOT for Citigroup. They deserve no sympathy and nothing but our laughter, ridicule, and condemnation. Their issues are so severe in their impact and indicative of a complete disregard or complete incompetence in having a secure web presence. They are not just noobs here, they are a major freakin corporation and have ZERO excuse as to why they did not hire multiple security firms to overlook their infrastructure, software, and procedures.
The victims are the customers of Citigroup and they should sue them out of existence for any damage caused by Citigroup's actions.
GET is not less secure than POST
It is a little less secure. You are right that with tools you can see anything POSTed in an AJAX call. I think IE9 has a debug feature that you turn on that will show you both the POST and response doc.
However, GET statements are in plain view and recorded as part of the browsing history in just about everything. Security appliances, content managers, proxies, web browsers, etc. Last time I checked there were not that many browsers or security products recording POST transactions.
then sending it in an AJAX call doesn't really make it more secure either since the client will need to know the encryption method and thus will be able to submit encrypted dummy values as well.
Of course the client will need to know. That is what JQuery is for. The encryption method is literally downloaded by the client.
As for the dummy values......... andddddd?
For some of the stuff I do I hide a UID on the page and then pass that back with the AJAX call. However, none of the credentials for the API is stored client side. That part is PHP and server side. So when it receives the AJAX call, it knows the UID being passed, but *also* retrieves a lot more information from the session data. Additionally, the real API calls that do work and are secure are always called from the PHP. The AJAX call is just initiating an API call with passed data. Everything about the API call is hidden from the user, most importantly, the API credentials.
So submit all the dummy values you want till the cows come home. Whatever you do with your POSTs that you learned through observation will still only allow to perform actions that our security engine deems to be appropriate for who you have been authenticated to be. Which can be quite extensive. We have granular control over all API actions to all API credentials and then further to all users against all actions that can be performed with the API.
So knock yourself out. Everything you do is still within our security, not outside of it. Only difference is that you are manually making the calls with incorrect/correct data instead of using our front end that makes life easy for you.
For aesthetic purposes you might not want the user to see the variables being passed via the URI but don't kid yourself into thinking that, because the user can't see the variables in their browser, they cannot be arbitrarily modified.
See the reasons stated above why we could care less about arbitrarily modified values passed in AJAX POSTs. We considered that in our original design for security.
We are more concerned with the SSL portion of the website and attackers learning the user names and passwords of the users connecting to our applications and services than we are about users, or even attackers, learning about all of the possible AJAX POST calls you can make on our website.
It won't get them anywhere. If somebody has attacked one of our users, than yes, the attacker will have compromised *that* users account. Nothing an attacker could do with a user account would allow them to do anything outside of that users security context.
So to reiterate, we are far more concerned about the security of SSL, especially in light of the RSA attacks, than we are about the security of our POSTs. SSL takes care of people compromising our users, to an extent. There are edge cases and coffee shop bullshit where our users would not be as safe, but our systems will still be.
Furthermore, since we actually validate data, and the security context for each call, you cannot SQL inject attack us either. That part is so simple, the fact SQL injections still exist at all is beyond me. Pass all the dummy data you want attempting SQL injection attacks. Kind of hard to do when you can make all statements SQL safe by simply removing the ' symbol. In our case, the data will not validate on the client side before the POST, but let's sa
Second, why is this a surprise to this security "expert"? Anyone who has done development for a website with dynamic content would be familiar with passing information through the url. This is like web design 101. If I logged into my credit card account and saw my CC number in the URL bar the FIRST thing I would think of would be: "what would happen if I typed in another number in there." Security expert my ass, no wonder why some companies have this happen to them, look at the people they hire to test and investigate their systems!
I made another comment about how awesomely stupid this is, but yeah. If you see your account number in the URL bar stop the service and find another company.
There should be NOTHING in the URL bar. NOTHING. Just the page. At most you should see www.demo.com/accounts
If you are actually going to be secure than a credit card number should passed in a secure AJAX call, where it gets encrypted first in JQuery, than passed to a php page server side, where it uses it's own API credentials to process the call fully, including security verification from the session AND passed data in the call, BEFORE returning a JSON document to the client side where it can do its job and update the page.
$_GET should be totally deprecated in its use. I take that back. We used it sometimes to reference the API function call we are making internally in the past. So it being used as a functional way to access different functions is okay. However, even that behavior should transition over to the XML docs containing the function being requested. Our systems currently support both for legacy applications.
$_GET is not secure. Period. Why? It is not just the rest of the world you are securing yourself against, but the USER AS WELL.