I like the bit about spending a billion dollars. What they aren't telling you is most of the money came for the US Gov't. So we payed for GM to take a half assed approach to energy efficiant cars.
What's ironic is it's so short sighted. Every year the Toyota and Honda get that much further ahead. When I go car shopping I look for cars made in Japan. They are made better, and more fuel effient, and usually cheaper.
The guy in the article isn't forcing people, sure. But that's not to say others won't. I know people who were presured hard core to do "promise keepers". It could be by family, soon to be family (my personal fav), SO's, Clergy, Work/Trade Groups, etc.
I can see the same thing happening here. And since Mosses dropped the second tablet (See History of the World Part I) we're missing the 11th commandment. Thou shalt not gossip. I would never participate in a program like this.
It says to me the US has learned nothing from the British. Get too content with being the global big dog and the next thing you know you're not number 1 anymore. Considering how many people india has, and how education is playing a bigger role each year, they could replace the US.
What get's me is US greed is handing them the spot too.
ZIP code doesn't do squat in large metro area's. You need to have a table for exact street addresses because ZIP code borders rarely follow city borders.
So you need a table to know the 3000 block of apple street odd houses only get taxed at Rate 1, even houses rate 2. Then you have to have the table updated quarterly.
IF YOU'RE LUCKY the state they are in collects the entire tax and handles all the other back end accounting. If you're not you have to break down state, county and city taxes and write each a check.
OH, and then since it's so easy what about what items are tax exampt? You have repressive tax systems like FL that tax everything. Of you have progressive states like MN and WI that don't tax clothing or food. But then you toss in goofy "snack food rules" that tax junk foods, and each state has a different view of that.
Sometimes shipping is taxed, sometimes it's not. Sometimes the shipping is only taxed at a state level and not a city.
These software packages are hardly plug and play.
The biggest problem for small vendors is the software that does this is NOT CHEAP, and not easy to impliment. A small retailer would be considered lucky if they got by with less than 15K to impliment a real tax solution.
If the feds want to make online retailers jump through more hoops than mail order retailers then:
Feds must come up with a standard for a tax table State Gov't is responcible to collate all the local tax junk and present a single state tax table that can be downloaded. Since there is a standard that allows both comercial and opensource shopping solutions write to this standard. States should have a single point of collection. A retailer should have to write more than 50 checks each quarter for taxes.
Okay, here's the deal. You're up the creek with out a paddle for the most part. Most states allow the employer to screw with the employee all they want. That's bad. MANY states make it so you can ONLY screw with people you've offered a job in writing too. So in MN, my home state, no pee spree, no credit check with out a written offer.
1) Find out if you state allows the screening of applicants. 2) If declined the Fair Credit Reporting Act requires (Federal Law) requires that:
a) You are provided with a written letter indicating why you are being declined. They MUST be specific. They can't just say your FICO score was too low.
b) They are required to tell you where they got the information from
c) They are required to allow you to dispute anything on the report.
Complaints can be filed with the Federal Trade Commision. Macy settled out of court with the FTC over Credit reports a few years ago. They weren't telling people why they didn't get the job.
In one case a CRA had added several extra zero's to a disputed debt. Making the person seem unfit for a management position.
Reducing head count can have positive effects. The less people poking their nose into a project, the less time meetings, and code reviews take.
One of the many problems in IT is you tend to get a couple dominate players in a project. These players will want to have input in everything that goes on. Things take longer, and code ends up getting re-written because it's not being done "their" way. Or you get all these business analysts wanting to give their input...over and over again.
So you have some lay offs, which, are usually popularity contests. The Bobs in office space are funny. But few companies actually have "experts" come in and talk to each employee. Usually a manager gets told how many people to can, and at that point it becomes based on a whim or how popular someone is.
In some cases a group becomes a well oiled machine. Other times the uber geek gets who wants to have input into everything now gets to do everything. Problem solved!:)
In the end though stree becomes higher and it becomes more and more likely that people will quit. The problem, I think, comes from the fact that the number of people to get fired is pre-determined. From that point, you work towards a goal. Which changes the goal from making the company more efficient, to making Wall Street happy in the short term.
This summer I got to see Director Robert Meyer Burnett at Convergence 2002 in Minneapolis. Robert directed one of the best Shatner movies of all time. "Free Enterprise". But as of late he spends a lot of his time directing the documentaries you see in DVD extras.
Everything in the special edition is new. No extras are repeated. And Robert says this is the best work to date.
His other work includes discs like Tron. Which had some of the best interviews with cast put on a disc. It feels almost like a reunion.
Out of note, if you had DirecTV for the last month they have been playing the Special Edition of LoTR on PPV. Sans extras of course. Both DishNetwork and DirecTV also had the High Definition version of LoTR theatical version on PPV as well.
However, if they did file a complaint with the FBI, you could request the complaint under FOIA. Whatever the FBI sends you I would assume to be public record unless specifically stated otherwise.
You're in the wrong country man. All the new thaters in the US have big chains, statium seating (platforms so no ones head is in the way), plenty of leg room, cup holders, huge screens, and kick ass sound.
My only complaint is most of the larger chains have the worst popcorn. You need to hit a small family run chain for real butter. Mmm butter. And of course most theaters in the US are Dry (No alcohol). I'd like to be able to go to a theater with a beer.
The 721 uses stock PVR functionality built into a broadcom chipset (interestingly enough the chipset supports both HD and SD). The broadcom chipset provides hardware DES3 encryption for PVR archive functions. It's likely dish enabled the encryption because at a hardware level they don't lose much as far as clock cycles go.
Many moons ago I worked for a large multi-billion dollar company. They had a simple rule about interviews. No one interviews until taking a class in how to interview. At the time I thought it was kind'a silly. But after going into contracting it simply ammazed me how few hiring managers actually know what the hell they are doing. Technical people are even worse. You can divide the questions into several categories of stupidity:
1) Have you ever/Do you know?
It's the start of a good line of questioning. However, rarely does the interviewer ever follow up. For instance, Do you know Perl? Yes. I've used Perl in a variety of projects from X to Y.
It's a start, but you want to ask something again to double check. What version of Perl did you use? DId you use CPAN modules with it? When should you "use strict" in a perl script? etc. etc.
2) Riddles.
It could show someone is really good with logic, or, it could show that they just have heard the riddle before. You'd be better off giving the person a problem based on something they might see in the position they are going for. You could ask a web application developer what is the likely cause when a program seems to run fine, but the web server says "Premature end of headers". The real world problem not only looks at logic, but experience.
3) Programming questions that have little to do with the job.
Why ask a VB programmer an XOR question. There are all sorts of questions that seem great for figuring out how well someone can think on their feet. But they may or maynot actually get the person you want. Just like riddles you could have someone who had a prof in college who liked these logic problems. Maybe the person understands whats going on with the problem, but the person could just as easily be doing it from memory. Again, real world problems, and keep digging for supporting facts that the person knows what you want.
If you are having a problem getting the right canidate you need to bite the bullet and reconize that it's YOUR FAULT you end up with crappy employees. Take a class on how to interview. Learn how to ask the right questions, and how to follow up with addition questions to find out what the canidate really knows.
I caught this flick last year when it hit the Fan Sub circuit. My impression was the film was mostly about big screen special effects, and less about telling a compelling story. It does attempt to tell more back story on the characters, and do some development in that area, but it never seems to catch you attention. I mean you're sitting there watching this, you want to feel involved with the non-action elements happening onscreen, but it just never happens. I ended up feeling bored at times. I really wanted to dig the movie because I liked the TV show so much, but I couldn't get that blah feeling out of my system afterwards.
You have no idea what you're talking about. The phone company doesn't care about bandwidth sharing because they are selling you a regulated service with a set uplink and downlink speed. The service provides a ATM connection between you and your ISP. The phone company is a common carrier, and other than wiretap issues they have no right to examine what you are doing on your DSL line. While the burst speeds of DSL are typically slower than cable, they are consistant and the ammount of bandwidth you're neighbor is using has no barring on your service. The connection goes from your home, to the DSLAM, to the ATM ring (Usually OC-48 or greater) to your ISP, to the internet.
Of course ISP can set up Terms Of service anyway they like. But you are free to change ISPs. In my area I can choose over 60 ISPs to provide the internet connect to my DSL line. Most cable companies offer one choice, although there are some areas offer a few choices.
The cable company is cracking down because that's the way the technology forces them to be. People know deep down the cable company has to be an ass about things because that's the corner the techology has painted them into. Complain all you want, but if you want to send a message, do it with your dollars. If your area supports it get DSL and make sure to choose a local company for your ISP.
This is why I use DSL. The phone company doesn't care. You pay for some speed down, and some speed up. They are just passing it onto whatever ISP you choose. I use a Linux Friendly ISP myself. They could care less if I setup a website, or serve games. I can put as many computers as I want. If I want static IPs they'll route a many as I want to pay for (I use a/28 myself.) As long as I don't send spam or have an open relay they are cool with it all.
There are several times in the US past when bills had other colors on them. Dating back to the 1800's. No one died then. Why does this have to be a big deal.
The D-VHS is a 80 Gig tape. It does beat most DLT drives in speed. People have been using tape drives with HD Capture cards for sometime now, and really they need a DDS4 or AIT drive. I've seen reports on AVS forum that most DLT drives don't cut it.
I kind'a wonder if these tapes are actually 210/MB/Min. There's no real way of telling because you can't read the Stream in XP like you can with the non-D-Theater material. (Which seem to be 140/MB/Min).
Still, with a street price of $1100, and street tape price of $29 it's tempting. Damn this Tech Slow down!
The problem with STARS is they have to introduce a whole new way of doing everything. I saw a neat discovery channel thing on it and they showed the simulated testing. (It failed certain parts of the testing by the way.)
Here's my gripe. The air traffic control system has been sucking the big one since the 80s (or even before that.) Old technology layered with even older technology. Every other year dateline or 60 minutes does a story on how much it all sucks. Alright, so what's the solution?
Well, according to the contracting some new whiz bang solution that is the end all of be all. So where are we, a couple billion down the hole for the a POS.
What needed to happen is not a total whiz bang solution. It needed to start with a system that emulated everything that the current system did using current technology. Something modular (so you could add new features later on) and something that could scale to meet larger needs. Oh, and something that could have been rolled a good ten years ago.
But noooo, that's too simple, and doesn't put a couple billion into the contractors pocket. Of course the ass clowns in congress are just as much to blame as they approved this.
AVS is a method to verify billing information. When initially submit an order in a batch you also include the numeric portion of the address string, as well as the phone number. The credit processor will then return an AVS value. This value determines how much of the information matched what is on file. A merchant can then decide if they will process the transaction when they batch out. This costs the merchant real money, as the less secure the transaction, the more the more the merchant bank takes in fees. So when someone who does recurring billing gets on your ass when you move, it's because you're costing them real money until your address is updated.
This is where S/N really comes out. It's obvious that many people on here haven't actually done e-com, or if so, not seriously. To clarify for others talking out the ass. The person needs to do recurring billing. You can't just get on VisaNet and say "bill that guy again". The card number needs to be stored. They also need all the billing address and phone number. This needs to be done for AVS. If you don't know what AVS is and you posted in the thread you're part of the noise. Not having all the info costs merchants real money. There's more to writing a good CC Number system than being able to patch a web form into Signio/Verisign.
Good ideas, seperate Database on a seperate machine. One way encryption systems. Big keys to limit brute force. You can do it in house all with Perl, or you can use several off the shelf packages that allow recurring billing via a reference number. However, few shrink wrap packages are Unix friendly. Most tend to be Windows (ugh) based.
If you were to do it yourself combine several forms of security. Place the DB on a seperate physical network. Dual nics in machines that need to talk to the DB. Give the machine an non-routed IP range. An extra firewall isn't a bad idea either.
Don't forget DB User Level security. Seperate logins for everyone. Limit what they can SELECT, UPDATE, INSERT, and DELETE. Most DB's have column level security. For instance you can give an employee rights to INSERT or UPDATE the cc number field, but not select it. If you can use SSL on the DB transport use it. Billing persons shouldn't need to see anything more than the last four digits of the CC num. That can be stored in a seperate field.
You might also want to consider seperating the CC Number DB from billing DB. Using a ref idea. Again, you can never be too secure.
You should also be looking at application security. A couple posts have talked about putting a serial link between the billing app and the credit clearing DB. It's not a bad idea, but it only takes a couple lines inserted into your perl code to start trouble. You should be looking at tripwire systems as well.
Just because you're paranoid doesn't mean they aren't out to get you.
Okay, a little better than the Big Screen with a CRT and Frenzel, but if you want good TV this is not it. If you want a good cheap LCD just go on ebay and buy a used 800x600.
Neat DIY, but really, it pushes forward all the things that are wrong with consumer AV. Low contrast rations, no idea about proper screen materials, poor color, bad scaling...you could go on and on about it.
I've worked for companies that have paid HP and IBM hundreds of thousands of dollars to have features placed in products. Never, ever, was there even a question who owned the source. HP and IBM.
But I've been in this guys position. Small companies are control freaks. They aren't willing to pay the money that a larger client is, they don't understand the debug cycle, they are usually more of a hassle to deal with, and to make it that much more irriting they want to own the IP.
Stick it to them straight. You'll provide them the solution, and the source, you own the IP and will do whatever you want. Don't be rude, but be prepared to walk.
While I certianly don't doubt that Finland has very progressive laws on the subject I can tell you there is no expectation of Privacy in the US. Not only is your employer allowed to sniff your traffic and read your email, but your ISP is allow to pretty much do the same if they state it in the privacy policy.
Having worked at a national ISP before I can assure you that US traffic is monitored/collected for all sorts of marketing data. And it's all nice and leagal because they burried the fact they were doing that in the AUP/Privacy policy.
Well, if you can't pen policy, you can create paranoia in order to create harmony. In you case, big brother is watching. You might not be able tell people to stop, but you can pen a friendly letter explaining the legalities, liabilities, oh, and that you have the technology to log and track all internet traffic going on the network.
A little paranoia goes a long way. And as an added benfit those you don't have to stick up for anything because you're not changing policy at all. You are "executing the due diligence required by law".
Here's my biggest gripe for these cases. For about 1/4 of the cost of lawyers they could simply configure their webserver to redirect to the mainpage when it encounters a forign refer URL. Good lord, it's not that hard of a thing to do.
Slashdot Mirror
I like the bit about spending a billion dollars. What they aren't telling you is most of the money came for the US Gov't. So we payed for GM to take a half assed approach to energy efficiant cars.
What's ironic is it's so short sighted. Every year the Toyota and Honda get that much further ahead. When I go car shopping I look for cars made in Japan. They are made better, and more fuel effient, and usually cheaper.
The guy in the article isn't forcing people, sure. But that's not to say others won't. I know people who were presured hard core to do "promise keepers". It could be by family, soon to be family (my personal fav), SO's, Clergy, Work/Trade Groups, etc.
I can see the same thing happening here. And since Mosses dropped the second tablet (See History of the World Part I) we're missing the 11th commandment. Thou shalt not gossip. I would never participate in a program like this.
It says to me the US has learned nothing from the British. Get too content with being the global big dog and the next thing you know you're not number 1 anymore. Considering how many people india has, and how education is playing a bigger role each year, they could replace the US.
What get's me is US greed is handing them the spot too.
ZIP code doesn't do squat in large metro area's. You need to have a table for exact street addresses because ZIP code borders rarely follow city borders.
So you need a table to know the 3000 block of apple street odd houses only get taxed at Rate 1, even houses rate 2. Then you have to have the table updated quarterly.
IF YOU'RE LUCKY the state they are in collects the entire tax and handles all the other back end accounting. If you're not you have to break down state, county and city taxes and write each a check.
OH, and then since it's so easy what about what items are tax exampt? You have repressive tax systems like FL that tax everything. Of you have progressive states like MN and WI that don't tax clothing or food. But then you toss in goofy "snack food rules" that tax junk foods, and each state has a different view of that.
Sometimes shipping is taxed, sometimes it's not. Sometimes the shipping is only taxed at a state level and not a city.
These software packages are hardly plug and play.
The biggest problem for small vendors is the software that does this is NOT CHEAP, and not easy to impliment. A small retailer would be considered lucky if they got by with less than 15K to impliment a real tax solution.
If the feds want to make online retailers jump through more hoops than mail order retailers then:
Feds must come up with a standard for a tax table
State Gov't is responcible to collate all the local tax junk and present a single state tax table that can be downloaded.
Since there is a standard that allows both comercial and opensource shopping solutions write to this standard.
States should have a single point of collection. A retailer should have to write more than 50 checks each quarter for taxes.
Okay, here's the deal. You're up the creek with out a paddle for the most part. Most states allow the employer to screw with the employee all they want. That's bad. MANY states make it so you can ONLY screw with people you've offered a job in writing too. So in MN, my home state, no pee spree, no credit check with out a written offer.
1) Find out if you state allows the screening of applicants.
2) If declined the Fair Credit Reporting Act requires (Federal Law) requires that:
a) You are provided with a written letter indicating why you are being declined. They MUST be specific. They can't just say your FICO score was too low.
b) They are required to tell you where they got the information from
c) They are required to allow you to dispute anything on the report.
Complaints can be filed with the Federal Trade Commision. Macy settled out of court with the FTC over Credit reports a few years ago. They weren't telling people why they didn't get the job.
In one case a CRA had added several extra zero's to a disputed debt. Making the person seem unfit for a management position.
IANAL.
Reducing head count can have positive effects. The less people poking their nose into a project, the less time meetings, and code reviews take.
:)
One of the many problems in IT is you tend to get a couple dominate players in a project. These players will want to have input in everything that goes on. Things take longer, and code ends up getting re-written because it's not being done "their" way. Or you get all these business analysts wanting to give their input...over and over again.
So you have some lay offs, which, are usually popularity contests. The Bobs in office space are funny. But few companies actually have "experts" come in and talk to each employee. Usually a manager gets told how many people to can, and at that point it becomes based on a whim or how popular someone is.
In some cases a group becomes a well oiled machine. Other times the uber geek gets who wants to have input into everything now gets to do everything. Problem solved!
In the end though stree becomes higher and it becomes more and more likely that people will quit. The problem, I think, comes from the fact that the number of people to get fired is pre-determined. From that point, you work towards a goal. Which changes the goal from making the company more efficient, to making Wall Street happy in the short term.
Ever think of going back to longer hair?
This summer I got to see Director Robert Meyer Burnett at Convergence 2002 in Minneapolis. Robert directed one of the best Shatner movies of all time. "Free Enterprise". But as of late he spends a lot of his time directing the documentaries you see in DVD extras.
Everything in the special edition is new. No extras are repeated. And Robert says this is the best work to date.
His other work includes discs like Tron. Which had some of the best interviews with cast put on a disc. It feels almost like a reunion.
Out of note, if you had DirecTV for the last month they have been playing the Special Edition of LoTR on PPV. Sans extras of course. Both DishNetwork and DirecTV also had the High Definition version of LoTR theatical version on PPV as well.
However, if they did file a complaint with the FBI, you could request the complaint under FOIA. Whatever the FBI sends you I would assume to be public record unless specifically stated otherwise.
You're in the wrong country man. All the new thaters in the US have big chains, statium seating (platforms so no ones head is in the way), plenty of leg room, cup holders, huge screens, and kick ass sound.
My only complaint is most of the larger chains have the worst popcorn. You need to hit a small family run chain for real butter. Mmm butter. And of course most theaters in the US are Dry (No alcohol). I'd like to be able to go to a theater with a beer.
The 721 uses stock PVR functionality built into a broadcom chipset (interestingly enough the chipset supports both HD and SD). The broadcom chipset provides hardware DES3 encryption for PVR archive functions. It's likely dish enabled the encryption because at a hardware level they don't lose much as far as clock cycles go.
Many moons ago I worked for a large multi-billion dollar company. They had a simple rule about interviews. No one interviews until taking a class in how to interview. At the time I thought it was kind'a silly. But after going into contracting it simply ammazed me how few hiring managers actually know what the hell they are doing. Technical people are even worse. You can divide the questions into several categories of stupidity:
1) Have you ever/Do you know?
It's the start of a good line of questioning. However, rarely does the interviewer ever follow up. For instance, Do you know Perl? Yes. I've used Perl in a variety of projects from X to Y.
It's a start, but you want to ask something again to double check. What version of Perl did you use? DId you use CPAN modules with it? When should you "use strict" in a perl script? etc. etc.
2) Riddles.
It could show someone is really good with logic, or, it could show that they just have heard the riddle before. You'd be better off giving the person a problem based on something they might see in the position they are going for. You could ask a web application developer what is the likely cause when a program seems to run fine, but the web server says "Premature end of headers". The real world problem not only looks at logic, but experience.
3) Programming questions that have little to do with the job.
Why ask a VB programmer an XOR question. There are all sorts of questions that seem great for figuring out how well someone can think on their feet. But they may or maynot actually get the person you want. Just like riddles you could have someone who had a prof in college who liked these logic problems. Maybe the person understands whats going on with the problem, but the person could just as easily be doing it from memory. Again, real world problems, and keep digging for supporting facts that the person knows what you want.
If you are having a problem getting the right canidate you need to bite the bullet and reconize that it's YOUR FAULT you end up with crappy employees. Take a class on how to interview. Learn how to ask the right questions, and how to follow up with addition questions to find out what the canidate really knows.
I caught this flick last year when it hit the Fan Sub circuit. My impression was the film was mostly about big screen special effects, and less about telling a compelling story. It does attempt to tell more back story on the characters, and do some development in that area, but it never seems to catch you attention. I mean you're sitting there watching this, you want to feel involved with the non-action elements happening onscreen, but it just never happens. I ended up feeling bored at times. I really wanted to dig the movie because I liked the TV show so much, but I couldn't get that blah feeling out of my system afterwards.
You have no idea what you're talking about. The phone company doesn't care about bandwidth sharing because they are selling you a regulated service with a set uplink and downlink speed. The service provides a ATM connection between you and your ISP. The phone company is a common carrier, and other than wiretap issues they have no right to examine what you are doing on your DSL line. While the burst speeds of DSL are typically slower than cable, they are consistant and the ammount of bandwidth you're neighbor is using has no barring on your service. The connection goes from your home, to the DSLAM, to the ATM ring (Usually OC-48 or greater) to your ISP, to the internet.
Of course ISP can set up Terms Of service anyway they like. But you are free to change ISPs. In my area I can choose over 60 ISPs to provide the internet connect to my DSL line. Most cable companies offer one choice, although there are some areas offer a few choices.
The cable company is cracking down because that's the way the technology forces them to be. People know deep down the cable company has to be an ass about things because that's the corner the techology has painted them into. Complain all you want, but if you want to send a message, do it with your dollars. If your area supports it get DSL and make sure to choose a local company for your ISP.
This is why I use DSL. The phone company doesn't care. You pay for some speed down, and some speed up. They are just passing it onto whatever ISP you choose. I use a Linux Friendly ISP myself. They could care less if I setup a website, or serve games. I can put as many computers as I want. If I want static IPs they'll route a many as I want to pay for (I use a /28 myself.) As long as I don't send spam or have an open relay they are cool with it all.
There are several times in the US past when bills had other colors on them. Dating back to the 1800's. No one died then. Why does this have to be a big deal.
The D-VHS is a 80 Gig tape. It does beat most DLT drives in speed. People have been using tape drives with HD Capture cards for sometime now, and really they need a DDS4 or AIT drive. I've seen reports on AVS forum that most DLT drives don't cut it.
I kind'a wonder if these tapes are actually 210/MB/Min. There's no real way of telling because you can't read the Stream in XP like you can with the non-D-Theater material. (Which seem to be 140/MB/Min).
Still, with a street price of $1100, and street tape price of $29 it's tempting. Damn this Tech Slow down!
The problem with STARS is they have to introduce a whole new way of doing everything. I saw a neat discovery channel thing on it and they showed the simulated testing. (It failed certain parts of the testing by the way.)
Here's my gripe. The air traffic control system has been sucking the big one since the 80s (or even before that.) Old technology layered with even older technology. Every other year dateline or 60 minutes does a story on how much it all sucks. Alright, so what's the solution?
Well, according to the contracting some new whiz bang solution that is the end all of be all. So where are we, a couple billion down the hole for the a POS.
What needed to happen is not a total whiz bang solution. It needed to start with a system that emulated everything that the current system did using current technology. Something modular (so you could add new features later on) and something that could scale to meet larger needs. Oh, and something that could have been rolled a good ten years ago.
But noooo, that's too simple, and doesn't put a couple billion into the contractors pocket. Of course the ass clowns in congress are just as much to blame as they approved this.
AVS is a method to verify billing information. When initially submit an order in a batch you also include the numeric portion of the address string, as well as the phone number. The credit processor will then return an AVS value. This value determines how much of the information matched what is on file. A merchant can then decide if they will process the transaction when they batch out. This costs the merchant real money, as the less secure the transaction, the more the more the merchant bank takes in fees. So when someone who does recurring billing gets on your ass when you move, it's because you're costing them real money until your address is updated.
This is where S/N really comes out. It's obvious that many people on here haven't actually done e-com, or if so, not seriously. To clarify for others talking out the ass. The person needs to do recurring billing. You can't just get on VisaNet and say "bill that guy again". The card number needs to be stored. They also need all the billing address and phone number. This needs to be done for AVS. If you don't know what AVS is and you posted in the thread you're part of the noise. Not having all the info costs merchants real money. There's more to writing a good CC Number system than being able to patch a web form into Signio/Verisign.
Good ideas, seperate Database on a seperate machine. One way encryption systems. Big keys to limit brute force. You can do it in house all with Perl, or you can use several off the shelf packages that allow recurring billing via a reference number. However, few shrink wrap packages are Unix friendly. Most tend to be Windows (ugh) based.
If you were to do it yourself combine several forms of security. Place the DB on a seperate physical network. Dual nics in machines that need to talk to the DB. Give the machine an non-routed IP range. An extra firewall isn't a bad idea either.
Don't forget DB User Level security. Seperate logins for everyone. Limit what they can SELECT, UPDATE, INSERT, and DELETE. Most DB's have column level security. For instance you can give an employee rights to INSERT or UPDATE the cc number field, but not select it. If you can use SSL on the DB transport use it. Billing persons shouldn't need to see anything more than the last four digits of the CC num. That can be stored in a seperate field.
You might also want to consider seperating the CC Number DB from billing DB. Using a ref idea. Again, you can never be too secure.
You should also be looking at application security. A couple posts have talked about putting a serial link between the billing app and the credit clearing DB. It's not a bad idea, but it only takes a couple lines inserted into your perl code to start trouble. You should be looking at tripwire systems as well.
Just because you're paranoid doesn't mean they aren't out to get you.
Okay, a little better than the Big Screen with a CRT and Frenzel, but if you want good TV this is not it. If you want a good cheap LCD just go on ebay and buy a used 800x600.
Neat DIY, but really, it pushes forward all the things that are wrong with consumer AV. Low contrast rations, no idea about proper screen materials, poor color, bad scaling...you could go on and on about it.
I've worked for companies that have paid HP and IBM hundreds of thousands of dollars to have features placed in products. Never, ever, was there even a question who owned the source. HP and IBM.
But I've been in this guys position. Small companies are control freaks. They aren't willing to pay the money that a larger client is, they don't understand the debug cycle, they are usually more of a hassle to deal with, and to make it that much more irriting they want to own the IP.
Stick it to them straight. You'll provide them the solution, and the source, you own the IP and will do whatever you want. Don't be rude, but be prepared to walk.
While I certianly don't doubt that Finland has very progressive laws on the subject I can tell you there is no expectation of Privacy in the US. Not only is your employer allowed to sniff your traffic and read your email, but your ISP is allow to pretty much do the same if they state it in the privacy policy.
Having worked at a national ISP before I can assure you that US traffic is monitored/collected for all sorts of marketing data. And it's all nice and leagal because they burried the fact they were doing that in the AUP/Privacy policy.
Well, if you can't pen policy, you can create paranoia in order to create harmony. In you case, big brother is watching. You might not be able tell people to stop, but you can pen a friendly letter explaining the legalities, liabilities, oh, and that you have the technology to log and track all internet traffic going on the network.
A little paranoia goes a long way. And as an added benfit those you don't have to stick up for anything because you're not changing policy at all. You are "executing the due diligence required by law".
Here's my biggest gripe for these cases. For about 1/4 of the cost of lawyers they could simply configure their webserver to redirect to the mainpage when it encounters a forign refer URL. Good lord, it's not that hard of a thing to do.