Why not, I remember when a world of warcraft patch caused more problems than usual. Many people went to the better business bureau and complained. Then Blizzard cleaned up their act. If it worked there, it might work here. Paypal has definitely caused my family some annoyance over the christmas holidays.
They cleaned up their act? Since when?
2.0.1 - brought the servers down so that in the lead up to christmas some of them were going down several times a day, making play of long instances impossible. Insane lag spikes that kept up right until 2.0.3. 2.0.3 - released before it was ready as it's needed for TBC (gotta keep marketing happy). Causes game to be unplayable for users of intel graphics cards and ramdom bluescreens. Many graphic glitches. Items went missing during the upgrade. Oh, and the servers are still dropping out randomly.
I've played other MMORPGs and never had nearly the issues Blizzard have for *every single patch* - simply because they don't test properly.
Apple deliberately and very publically violated a trademark that they knew about. It won't bleed cisco for a few million - it could easily bleed Apple for a few million, possible a few tens of millions.
Crap they've added a few since I was last there... current text reads:
"To ensure a high quality of service for all our customers a fair use policy applies. T-Mobile defines fair use as total UK data (both sent and received) of up to 1GB per month. T-Mobile may contact customers who exceed 1GB of data and ask them to reduce their usage. If data usage is not reduced, notice may be given, after which network protection controls may be applied. Not to be used for other activities (including but not limited to): modem access for computers, internet based video/audio streaming services, peer to peer file sharing, internet based video downloads, internet phone calls and instant messaging. If such use is detected, notice may be given after which network protection controls may be applied. The application of network protection controls will result in a reduced speed of transmission."
They've added IM to the list I see.
btw. There is another plan - web'n'walk Plus, giving 3G a month for £37.50 a month, but even *that* doesn't allow VOIP, although you can use it for other stuff:
"..If data usage is not reduced following a request from T-Mobile and/or where use of internet phone calling is detected, notice may be given, after which network protection controls may be applied which will result in a reduced speed of transmission."
No you're definately *not* allowed to do VOIP on that. In fact contractually you're not allowed to do anything but web (and only a subset of that). hence the name of the plan.
1gb/month sounds great until you realize the limitations - in no sense is it unlimited.
From the signup page:
"To ensure a high quality of service for all our customers, they are not to be used for other activities such as (but not limited to): modem access for computers, internet based video/audio streaming services, peer to peer file sharing, internet based video download and internet based telephony. If such use is detected, notice may be given, after which network protection controls may be applied which will result in a reduced speed of transmission."
So you can't even view youtube without risking being cut off. VOIP is right out.
I'm not sure how the EDGE data network works outside the US - so I don't know if data will work.
In Europe we use GPRS for low speed (out of city) traffic and WCDMA (3G) for city browsing. Never heard of EDGE but if it doesn't implement those two as well it'll just be an expensive brick+phone in the UK, given that it's supposed to be a computer too.
We also rely on bluetooth internet for a lot of connectivity stuff so I hope it's got that one..
If the disc has the ICT flag set then the OS *must* obey it by shutting down all analogue connections (inc. vga and composite) and allowing only HDCP protected digital connections.
Luckily it hasn't been enabled on any discs yet (HDDVD discs aren't even region coded).
Dab isn't popular in the UK... Low bitrates gave it a bad reputation and Freeview stole its thunder by being much cheaper. The one place where it could be exceedingly useful is in cars and car DAB stereos are as rare as hen's teeth, wildly expensive and require special DAB aerials to be fitted.
Anyway, back on topic... even a digital signal has structure. Once we can detect the broadcast we can tell it has structure by seeing things like regular repeating patterns (header blocks, etc.).
Even if the hypothetical alien was only broadcasting their version of morse we'd be able to tell it was nonrandom.
It's the race to the get to the impulse buy price. HDDVD is ahead at the moment by a long way (xbox 360 addon is already there but requires an xbox 360 which doesn't totally count).
IIRC it's around £300 ($500?) that people look at something and are prepared to buy it on impulse. The Wii is selling like hotcakes partly because it launched below that. PS3 isn't available over here. Xbox 360 just got there a few months ago and was the big seller at christmas (just short of the Wii).
On the HD standalone machine stakes the closest is the HD-E1 currently going at £397 ($766) so another £100 off that to go. Cheapest (well, only) bluray player available is the BD-P1000 going for £797 ($1,536) and has a ways to go before it gets into affordable.
Another wrinkle is bluray is region locked which supresses its market somewhat over here... most people (even non techie people) know what a region free player is and will get one in preference.
I'm surprised that such a device got a license though... both camps have a vested interest in not giving it permission to be produced.
When the cost of such drives drops then I'll buy a standalone - until then my investment is strictly limited.. $100 for the xbox addon. To pay more at this stage in the game is risking throwing money away.
We have one PIN for use in stores and withdrawl of cash - and not all ATMs use the chip so cloning the magstripe would be enough to empty an account given the pin.
The card number is separate, but then you end up telling it to loads of retailers both when shopping in meatspace and online. Some retailers *still* print the full card number and expiry date on receipts.
This effectively means unless you've destroyed all receipts, not merely thrown them away, you should treat the card number as public information.
The only 'private' information is the CVE, which is a 3 digit number on the back of the card printed in ink rather than in raised type.. so it's theoretically harder to skim (although not *that* hard.. cheap camera attached to skimming device...).
The problem with *that* is not all online retailers request it.
So you end up with a system which could be secure, but the combination of (a) retailers printing the card number and expiry date on receipts, and (b) other retailers not requesting the CVE - means it's not secure at all.
The retailers assert that it's somehow illegal - which is bunkum - the legislation specifically allows optout to keep using the old way if you want (if you request a non-pin card from the bank they must give it to you).
However as you found attempting to use such a card is not going to get you anywhere.
There's pretty much no security when that's happening, because all communication must be going from the till to the chip/pin device, and we only have the banks word for it that there's any security there, that it's not vulnerable to replay attacks, etc.
The system was designed and promoted to have single unit that both read the card and the pin. That wasn't what was deployed.
The self checkout devices for a long time didn't check the pin at all.. you just swiped the cards with the magnetic stripe (which could easily be cloned.. nobody checked) and walked out. This was long after the rollout of chip/pin as well.. it was still doing it in early december then they added an extra stage - now you swipe your card and have to put your card in a device (and enter pin).. so they've gone for the overkill.
Keypad in front of the customer, little LCD display etc. and a simple control circuit instead of being connected directly to the till goes to another device that mirrors the keypresses on a real device.
It used to be secure when you had to put your card in the chip/pin device - but most retailers decided they wanted their control and you don't do that.. now that keypad could be *anything*. There's not even a standard 'look' - they all look different.. the only thing they have in common is the keypad itself.
He couldn't use it in an ATM as they are chip enabled more often than not (in Chip'n'PIN) countries. I know this as I was involved in the design and implementation of an ATM auth system too a couple of years ago.
Not true, at least around here... I have a debit card with a broken chip (long story) & can use it to withdraw cash at ATMs - just not pay for groceries (although I can use it at NPC car parks as they're not chip/pin enabled yet).
Was it your idea to allow swiping of the card without a requirement to enter the pin? I'd guess it was upper management, since you sound relatively clued up..
With most of these systems (>90% nowadays) you don't actually put your card in the device... the shop does it on their till - which could be anything because you never get to examine it.
You're then asked to put in your pin into the keypad whilst the cashier watches intently.
There is *zero* real security in that system. You're still giving the card away where it could be cloned etc. on top of that instead of a difficult to copy signature you have an easily memorisable 4 digit pin.. and you have to enter it in full view of the person with most opportunity to use it for fraud.
With restaraunts it's even worse - you give them the card and they come back with a keypad and ask you to enter your pin, then they run off again to authorise it. They could change the amount, double-charge, anything.. they know your pin now.
All it needs to do is to clone the magnetic strip (easy). You've kindly given it the pin.
Go to your local ATM and draw out $$$. Most ATMs still use the mag. strip and haven't been upgraded to chip/pin yet.
btw. up until *very* recently (last month or so) you could walk into tescos and buy groceries with a clone magnetic strip without even access to the pin - their software wasn't geared up to read it so it just assumed the card was legit... and since this was the 'self checkout' nobody even looked at it. You can still do that with NPC car parks (albeit for only about £3-£5 a throw, and you don't gain anything but free parking).
That's just college level programming though.. nobody would make that kind of mistake who had any experience.
99% of the time that code would just crash, or the compiler/runtime would throw up an error saying what you'd done. If anyone actually committed something like that on my watch they'd be in trouble.
Nope. Valgrind will find crashing bugs, not security issues.
It can only find actual overflows as they happen not potential overflows. You need code analysis to do that - there are a number of tools on the market that can do that kind of analysis (not sure if there are any free/oss ones though.. never seen any).
They send you CDs through the post then bill you unless you send them back. Fair enough.. try cancelling.
Wrote. No response. Phoned. Said they'd cancelled... CDs kept coming. Wrote again. No response. Got a solicitor to send them a vaguely threatening letter (also mentioning that any further CDs would be treated as unsolicited mail). They stopped! Woohoo.
*18 months later* CDs started coming through the post every couple of days. Phoned.. no record of my account. Wrote. No response. Kept phoning and writing.. nothing. The simultaneously denied ever sending them and also sent threatening letters demanding payment.... At one point I had a stack of 50 of them unopened.
The thing that finally worked? Sent the whole lot back with 'deceased' written on them. Wierd but true...
Slashdot Mirror
Why not, I remember when a world of warcraft patch caused more problems than usual. Many people went to the better business bureau and complained. Then Blizzard cleaned up their act. If it worked there, it might work here. Paypal has definitely caused my family some annoyance over the christmas holidays.
They cleaned up their act? Since when?
2.0.1 - brought the servers down so that in the lead up to christmas some of them were going down several times a day, making play of long instances impossible. Insane lag spikes that kept up right until 2.0.3.
2.0.3 - released before it was ready as it's needed for TBC (gotta keep marketing happy). Causes game to be unplayable for users of intel graphics cards and ramdom bluescreens. Many graphic glitches. Items went missing during the upgrade. Oh, and the servers are still dropping out randomly.
I've played other MMORPGs and never had nearly the issues Blizzard have for *every single patch* - simply because they don't test properly.
See http://news.bbc.co.uk/1/hi/entertainment/6244461.s tm
A major record seller immediately decided to drop the top 40 and use its own version (not including downloads).
They can see the threat - and they're prepared to meet it head on.
Apple deliberately and very publically violated a trademark that they knew about. It won't bleed cisco for a few million - it could easily bleed Apple for a few million, possible a few tens of millions.
Crap they've added a few since I was last there... current text reads:
"To ensure a high quality of service for all our customers a fair use policy applies. T-Mobile defines fair use as total UK data (both sent and received) of up to 1GB per month. T-Mobile may contact customers who exceed 1GB of data and ask them to reduce their usage. If data usage is not reduced, notice may be given, after which network protection controls may be applied. Not to be used for other activities (including but not limited to): modem access for computers, internet based video/audio streaming services, peer to peer file sharing, internet based video downloads, internet phone calls and instant messaging. If such use is detected, notice may be given after which network protection controls may be applied. The application of network protection controls will result in a reduced speed of transmission."
They've added IM to the list I see.
btw. There is another plan - web'n'walk Plus, giving 3G a month for £37.50 a month, but even *that* doesn't allow VOIP, although you can use it for other stuff:
"..If data usage is not reduced following a request from T-Mobile and/or where use of internet phone calling is detected, notice may be given, after which network protection controls may be applied which will result in a reduced speed of transmission."
No you're definately *not* allowed to do VOIP on that. In fact contractually you're not allowed to do anything but web (and only a subset of that). hence the name of the plan.
1gb/month sounds great until you realize the limitations - in no sense is it unlimited.
From the signup page:
"To ensure a high quality of service for all our customers, they are not to be used for other activities such as (but not limited to): modem access for computers, internet based video/audio streaming services, peer to peer file sharing, internet based video download and internet based telephony. If such use is detected, notice may be given, after which network protection controls may be applied which will result in a reduced speed of transmission."
So you can't even view youtube without risking being cut off. VOIP is right out.
I'm not sure how the EDGE data network works outside the US - so I don't know if data will work.
In Europe we use GPRS for low speed (out of city) traffic and WCDMA (3G) for city browsing. Never heard of EDGE but if it doesn't implement those two as well it'll just be an expensive brick+phone in the UK, given that it's supposed to be a computer too.
We also rely on bluetooth internet for a lot of connectivity stuff so I hope it's got that one..
Now if the damned thing wasn't black with white buttons. Looks like a Sinclair Calculator.
No it isn't enabled for HDDVD, otherwise you wouldn't be able to play it on the xbox 360. There are no plans to enable it either in the near future.
HDDVD doesn't even have region protection...
Exactly like you can't buy an HDMI capture card and dump the data to HD anyway...
If the disc has the ICT flag set then the OS *must* obey it by shutting down all analogue connections (inc. vga and composite) and allowing only HDCP protected digital connections.
Luckily it hasn't been enabled on any discs yet (HDDVD discs aren't even region coded).
Dab isn't popular in the UK... Low bitrates gave it a bad reputation and Freeview stole its thunder by being much cheaper. The one place where it could be exceedingly useful is in cars and car DAB stereos are as rare as hen's teeth, wildly expensive and require special DAB aerials to be fitted.
Anyway, back on topic... even a digital signal has structure. Once we can detect the broadcast we can tell it has structure by seeing things like regular repeating patterns (header blocks, etc.).
Even if the hypothetical alien was only broadcasting their version of morse we'd be able to tell it was nonrandom.
It's the race to the get to the impulse buy price. HDDVD is ahead at the moment by a long way (xbox 360 addon is already there but requires an xbox 360 which doesn't totally count).
IIRC it's around £300 ($500?) that people look at something and are prepared to buy it on impulse. The Wii is selling like hotcakes partly because it launched below that. PS3 isn't available over here. Xbox 360 just got there a few months ago and was the big seller at christmas (just short of the Wii).
On the HD standalone machine stakes the closest is the HD-E1 currently going at £397 ($766) so another £100 off that to go. Cheapest (well, only) bluray player available is the BD-P1000 going for £797 ($1,536) and has a ways to go before it gets into affordable.
Another wrinkle is bluray is region locked which supresses its market somewhat over here... most people (even non techie people) know what a region free player is and will get one in preference.
I'm surprised that such a device got a license though... both camps have a vested interest in not giving it permission to be produced.
When the cost of such drives drops then I'll buy a standalone - until then my investment is strictly limited.. $100 for the xbox addon. To pay more at this stage in the game is risking throwing money away.
I expect the winner to be downloadable and locally stored movies. iTV, Xbox media centre, etc.
It's a bit of a fringe technology at the moment but I suspect it'll take off in the next few years.
We have one PIN for use in stores and withdrawl of cash - and not all ATMs use the chip so cloning the magstripe would be enough to empty an account given the pin.
The card number is separate, but then you end up telling it to loads of retailers both when shopping in meatspace and online. Some retailers *still* print the full card number and expiry date on receipts.
This effectively means unless you've destroyed all receipts, not merely thrown them away, you should treat the card number as public information.
The only 'private' information is the CVE, which is a 3 digit number on the back of the card printed in ink rather than in raised type.. so it's theoretically harder to skim (although not *that* hard.. cheap camera attached to skimming device...).
The problem with *that* is not all online retailers request it.
So you end up with a system which could be secure, but the combination of (a) retailers printing the card number and expiry date on receipts, and (b) other retailers not requesting the CVE - means it's not secure at all.
You can't use non chip/pin cards in the UK.
The retailers assert that it's somehow illegal - which is bunkum - the legislation specifically allows optout to keep using the old way if you want (if you request a non-pin card from the bank they must give it to you).
However as you found attempting to use such a card is not going to get you anywhere.
Nearly every retailer does this.
There's pretty much no security when that's happening, because all communication must be going from the till to the chip/pin device, and we only have the banks word for it that there's any security there, that it's not vulnerable to replay attacks, etc.
The system was designed and promoted to have single unit that both read the card and the pin. That wasn't what was deployed.
This was in the UK, Tescos in fact :p
The self checkout devices for a long time didn't check the pin at all.. you just swiped the cards with the magnetic stripe (which could easily be cloned.. nobody checked) and walked out. This was long after the rollout of chip/pin as well.. it was still doing it in early december then they added an extra stage - now you swipe your card and have to put your card in a device (and enter pin).. so they've gone for the overkill.
Oh come on that would be trivial to arrange.
Keypad in front of the customer, little LCD display etc. and a simple control circuit instead of being connected directly to the till goes to another device that mirrors the keypresses on a real device.
It used to be secure when you had to put your card in the chip/pin device - but most retailers decided they wanted their control and you don't do that.. now that keypad could be *anything*. There's not even a standard 'look' - they all look different.. the only thing they have in common is the keypad itself.
He couldn't use it in an ATM as they are chip enabled more often than not (in Chip'n'PIN) countries. I know this as I was involved in the design and implementation of an ATM auth system too a couple of years ago.
Not true, at least around here... I have a debit card with a broken chip (long story) & can use it to withdraw cash at ATMs - just not pay for groceries (although I can use it at NPC car parks as they're not chip/pin enabled yet).
Was it your idea to allow swiping of the card without a requirement to enter the pin? I'd guess it was upper management, since you sound relatively clued up..
With most of these systems (>90% nowadays) you don't actually put your card in the device... the shop does it on their till - which could be anything because you never get to examine it.
You're then asked to put in your pin into the keypad whilst the cashier watches intently.
There is *zero* real security in that system. You're still giving the card away where it could be cloned etc. on top of that instead of a difficult to copy signature you have an easily memorisable 4 digit pin.. and you have to enter it in full view of the person with most opportunity to use it for fraud.
With restaraunts it's even worse - you give them the card and they come back with a keypad and ask you to enter your pin, then they run off again to authorise it. They could change the amount, double-charge, anything.. they know your pin now.
All it needs to do is to clone the magnetic strip (easy). You've kindly given it the pin.
Go to your local ATM and draw out $$$. Most ATMs still use the mag. strip and haven't been upgraded to chip/pin yet.
btw. up until *very* recently (last month or so) you could walk into tescos and buy groceries with a clone magnetic strip without even access to the pin - their software wasn't geared up to read it so it just assumed the card was legit... and since this was the 'self checkout' nobody even looked at it. You can still do that with NPC car parks (albeit for only about £3-£5 a throw, and you don't gain anything but free parking).
That's just college level programming though.. nobody would make that kind of mistake who had any experience.
99% of the time that code would just crash, or the compiler/runtime would throw up an error saying what you'd done. If anyone actually committed something like that on my watch they'd be in trouble.
Nope. Valgrind will find crashing bugs, not security issues.
It can only find actual overflows as they happen not potential overflows. You need code analysis to do that - there are a number of tools on the market that can do that kind of analysis (not sure if there are any free/oss ones though.. never seen any).
Oh and my all time worst? Time Life.
They send you CDs through the post then bill you unless you send them back. Fair enough.. try cancelling.
Wrote. No response. Phoned. Said they'd cancelled... CDs kept coming. Wrote again. No response. Got a solicitor to send them a vaguely threatening letter (also mentioning that any further CDs would be treated as unsolicited mail). They stopped! Woohoo.
*18 months later* CDs started coming through the post every couple of days. Phoned.. no record of my account. Wrote. No response. Kept phoning and writing.. nothing. The simultaneously denied ever sending them and also sent threatening letters demanding payment.... At one point I had a stack of 50 of them unopened.
The thing that finally worked? Sent the whole lot back with 'deceased' written on them. Wierd but true...