One of the more amusing aspects of this thread is that there are two contradictory explanations earnestly being presented. One side thinks the windmill is a turbine that drives the wheels, while the other thinks the windmill is a propeller being driven by the wheels.
For the latter group, I would like to propose a modification: replace the propeller with a generator, and use the power generated to run a linear induction motor which propels the device downwind along a track, which is level, straight and aligned with the wind. You can give the device a push to start it moving, if you like. What happens?
*most* software projects don't have constraints that mean a reasonably-sized team cannot have a working system that is doing something useful within 4 weeks (which is about the longest an agile process will usually let you go without delivering useful software).
This debate has, very reasonably, become a matter of the degree of applicability of agile methods.
Insofar as most projects are incremental changes to existing systems, I could agree with the quote. This is not, however, where you find the hard problems in software development.
Could the mega-project in question have been restructured as a series of useful, incremental changes to existing systems? Maybe, but doing so on a basis of anything more than wishful thinking would have taken some non-trivial planning and analysis, which is anathema to agile zealots (though not, I imagine, to agile's founders, who seem to be fairly pragmatic.)
You seem to think no one with autism is high-functioning.
I think you have completely misunderstood the post you are replying to. The author's whole point is that the syndrome formerly known as Asperger's is far less debilitating than those found at the other end of the autism spectrum.
There seems to be a contradiction in your positions here. You started by saying that Asperger's is/was "not really distinct from autism in any meaningful way", but now you are insisting that we make a distinction between high-functioning and the more severe incarnations of the disease. As the syndrome formerly known as Asperger's has been subsumed into the high-functioning end of the autism spectrum, you can't have it both ways.
Aspergers has no diagnostic or treatment criteria that distinguish from autism. The end.
For the limited purposes of the DSM, that may be true, but it is an invalid extrapolation to claim there is no meaningful distinction between the syndrome formerly known as Asperger's and what was meant by autism when Asperger's was in use. The fact that the former Asperger's is now regarded as a high-functioning autism spectrum variant does not justify this generalization, because the change is only in the language, not in what it denotes. The fact is that in many aspects of life, there is a huge difference in autism's impact across the spectrum.
I am also puzzled by how you can munge the definition of 'treatment criteria' in order to say that there is no difference between the treatment criteria for a nonverbal autistic person and someone with the former Asperger's syndrome.
My best guess is that what you meant to say is that there is no meaningful distinction between Asperger's and other high-function variants of autism.
So? You file it under the spectrum and specify the severity.
In a rational world, that would be fine, and it generally works within the medical and other caring professions. Elsewhere, however, it is not hard to find people for whom this is too subtle, and who insist on over-generalizing from their own limited experiences, a habit that is facilitated by putting the whole spectrum under one word. You can find examples in this forum.
I would argue that the additional distances quoted in TFA is a security breach. this increases the danger of skimming if the cards can be read from so far away.
I think you are almost certainly right, but because I don't know of an exploit that demonstrates a specific vulnerability of this sort, I did not want to make a claim that could be narrowly refuted. For more details on what I was thinking, see this response: http://news.slashdot.org/comments.pl?sid=3763223&cid=43767955
While these incidents do not involve a security breach...
A vendor's machine can take money from me without my consent or knowledge.
Apropos of nothing, what would constitute a security breach in your model?
That's a fair question, and I probably should have written something like "arguably, there was no security breach in these specific incidents." I don't think it would be a very good argument, but I wanted to 'immunize' my post against a sort of argument that has been used against me elsewhere (e.g. http://slashdot.org/comments.pl?sid=3682437&cid=43544497 ) This 'so far, so good' fallacy takes several forms, such as 'the incidents [so far] have caused no losses / have only occurred in the lab / have all been caught [so far as we know]', 'the losses [so far] have been minimal / reversed'... In this particular case, an apologist for the system might say 'none of the incidents reported here involve covert subversion of [what passes for] the security of these systems'.
With regard to the specific incidents reported in this article, that seems to me to be true, but irrelevant. All 'so far, so good' fallacies share two problems. The first is that they ignore the fact that such incidents are good evidence that the system is not trustworthy, and the second is that the person making the fallacy is either unaware of its bogosity, or is deliberately trying to hide it. That means the commentator (and the organization she represents) is either incompetent (in the first case) or untrustworthy (in the second) on the subject of security.
The article includes another bogus argument: "the system has been extensively tested"... but the incidents are irrefutable evidence that the testing did not work. Another bogus argument that has been used in other cases is "there is nothing wrong with the standard, the problem was in the vendor's implementation"... but a standard without effective verification of compliance is useless.
By attempting to immunize my comment, I brought on your response instead, but that's OK, because we agree over what matters here.
While these incidents do not involve a security breach, they do indicate a sloppiness in the implementation, and so raise the concern that the system has been developed without the attention to detail that is a necessary (but not sufficient) prerequisite for security.
why do patent inspectors spend more than 2 seconds on dreck like this before denying it.
Part of the problem is that 'obvious' has gained a special meaning in this context, partly as a result of case law, and that meaning is not the obvious one. Lawyers aren't paid to be reasonable.
There is supposed to be a level of restraint on the submitter to not post something obvious in their field and to do diligence in ascertaining whether or not a patent should be granted for their idea or if there are existing patents that cover the idea.
Good point. If I recall correctly from my brief encounters with the patent system, if you don't bring the examiner's attention to what could arguably be considered prior art, it explicitly counts against you should your patent be challenged. It may be that large corporations have realized that 'possession is nine-tenths of the law' definitely applies here, and they can cause a lot of trouble for a competitor even with a shaky patent, for example by dragging things out to the point where it becomes moot, or by using the threat of doing so to get cross-licensing agreements.
I also didn't actually disagree with the idea of planning.
You imposed such a sweeping constraint on any planning beyond the personal (no-one in charge) as to render it pointless:
Sure. It's just an argument against having anyone, such as a government, in charge of the planning.
To be consistent, it would have to be your position that the energy sector, which you acknowledge in your subsequent reversal as being capable of planning, generally practices planning under this constraint.
On considering your later attempts to reinterpret the record, it seems possible that you had intended 'anyone' to refer specifically to either governments or government-like entities, but your placement of 'government' in a nonrestrictive clause rules it out. That would have been a different discussion.
Excuse me, it was the second reason I gave.
But reason for what? You are attempting to make the case that country-level planning is an activity in which it is impossible, not just difficult, to do better than doing nothing at all. Unless you can demonstrate complete coverage, a list of ways things can go wrong doesn't get the job done.
You tacitly acknowledge this whenever you attempt to transfer your burden of proof to me. That's a common dogmatist move (most often employed to convince one another that their views are beyond question), but neither I nor any other rational reader need to go down that path.
I'm sure you will dispute all of this with more of the same, and it is clearly inevitable that you will have the last word, regardless of how many repetitions it takes. Go ahead - I am happy to leave any rational reader who might wander by to make up their own minds.
My very first argument against central planning was the moral hazard it created. Namely, the disincentive to plan at the private level. I wish you'd spend more time understanding my arguments and less time mischaracterizing them.
In other contexts, your observations about the difficulties of central planning would be useful contributions to the discussion, but they do not work as justifications for a self-contradictory piece of dogma.
Of course there are security holes with the chip and NFC.
The inevitability of flaws is not an excuse to foreclose on the question of whether the implementers of this system are trying hard enough to minimize them, and I belive the evidence shows they are not.
The cryptographic flaw – the result of mistakes by both banks and card manufacturers in implementing the EMV* protocol
The vulnerable cards have not been properly designed for a start. What's more, this doesn't affect all cards (even if the unpredictable number is guessable) due to different authorisation methods.
Leaving the implementation open for banks and card manufacturers to screw up was one of the bad decisions that indicate that the people who developed this system were not quite up to the job. in security, half a fence is no fence: you have to control everything.
All these responses that say 'that problem has been fixed' ignore the point that when you see one bad decision, it is almost certainly a sign that there are others that have just not surfaced. To give an example where lives were at risk, when it was found during the construction of the Los Angeles class submarines that a faulty weld on a torpedo rack had passed multiple inspections, it immediately threw doubt on every weld on every ship constructed under the program, because the inspection process for hull and reactor welds was not substantively different from the one that failed.
In addition, your use of non-sequiturs in your arguments, such as "this doesn't affect all cards", indicates that you are unwilling or unable properly evaluate the significance of the evidence.
Maybe this time it is better, but I am deeply concerned by how you, as someone involved in testing these systems, doesn't get these points and writes as an advocate for the thing you are supposed to be testing.
That particular paper is well known and if you read it, the vulnerability lies with the terminal and the entering of the PIN. You still need the physical card there, which you cannot clone. If your card is stolen, online fraud is much more likely and dangerous than someone using a dodgy terminal (or a shim of some kind inserted into the terminal to perform a MITM attack).
And if you were to objectively read it and other papers on the topic you would see that there is good evidence that these or similar attacks have been used to commit fraud without the collusion of the cardholder. Furthermore, when one case of a poor design decision is found, we can reasonably assume it is not the only one, and that poor decision-making was pervasive.
As you are a self-proclaimed expert deeply involved in the testing of this system, I find your attitude deeply disturbing. You write, and presumably act, as an advocate for the system rather than as an impartial analyst and investigator, and I would not be surprised if that attitude is widespread in the organization you work for. Bruce Schneier, among others, has written about the necessity for people working on security to think like an attacker.
Yes, but the point that perhaps I'm not making clear enough is that any vulnerability is due to the OLD systems, the magstripe stuff that should have been replaced years ago. The issue lies with the legacy system, not the new system.
The point I have been making is that experience elsewhere is that the new systems have, in practice, been found to be vulnerable, and it is naive to adopt policies that are predicated on an unjustified and unrealistic assumption of invulnerability.
But here's the good news! You're not liable for card fraud, the bank is. At least, the bank is for a short period of time, then that liability will switch over to the merchant because he hasn't upgraded to chip technology yet.
So, after the 'short period of time', who is liable for fraud when the merchant has upgraded to to chip technology? There seems to be an assumption that with the technology in place, fraud will be impossible, at least without the collusion of the cardholder. That was the assumption in Britain, and on that basis, liability was legally transferred to the cardholder. It turned out, however, that fraud (without the cardholder's participation) was both definitely still possible and almost certainly happening, but as far as I know, the cardholder is still legally on the hook.
The particular error covered here may not be repeated in the US (though I would not automatically assume that), but perfection is unlikely. It looks to me that the banks have themselves a deal whereby, for continuing to bear the cost of fraud for a short time, they get the new system rolled out beyond the point of no return, after which they transfer the liability for whatever happens from then on to the merchants and cardholders. I'm not celebrating yet.
Here's the deal - chip IS secure. What's more, contactless is also secure. Or rather, it's a hell of a lot more secure than the shitty magstripe you're talking about.
'Secure' and 'better than magstripe' are two different things, and as you acknowledge, it is the second of them that is most accurate. Nevertheless, it is a valid point that chip technology is much more secure than magnetic stripe.
Three things bother me, however. The first is that while the security is better, it has not, so far, been state-of-the-art. There is a team at Cambridge University that has found a number of exploits of the British chip 'n pin system, and good evidence that these exploits are being exploited by criminals. Some of the poor design decisions that opened the way for these exploits fall in the 'what were they thinking' class. A change of this magnitude only happens once in a couple of decades, and it is in something that matters a great deal. Is it unreasonable to expect that a great deal of care should be taken to make sure it is done as well as possible, such as by employing and paying attention to people who are at least as competent as the researchers (and the criminals, for that matter) who have been able to break these schemes? We cannot expect or demand perfection, but a significant reduction in gratuitous and easily avoided mistakes appears to be achievable and reasonable to expect.
The second thing (which may also be particular to the British experience) is that the banks have lobbied successfully to change the law so that the cost of fraud is transferred to the merchants and the cardholders. It has been revealed that this transfer was a major motivation for the banks to make the change in the first place (they would prefer to be secure than not, but what they really care about is not paying for fraud.) The lobbying for these changes included what turned out to be unjustified claims about the level of security the system provided. One particular aspect of this liability transfer is that they have been able to do it without producing the log files that might have exonerated those on whom the cost was being transferred.
The third thing is that these security blunders keep on happening - we have seen the same sort of complacent mediocrity (or outright incompetence) in electronic locks and voting machines, to pick just a couple of examples. What is it going to take for security to be taken seriously? For all I know, the chip card system being developed for the US may be better than that in the UK, but past experience makes me skeptical.
Keep in mind that "no planning" here means more planning at the private level.
This sudden reversal on planning might get you out of the hole you dug for yourself over how you expect thinking ahead to have any effect without planning, but at the cost of rendering your initial post in this thread, and most of what you have said since to justify it, pointless.
Your rational self sees the benefit of thinking ahead, but your ideological self is so wedded to the idea that planning is anathema that you would veto any attempt to act on the results of thinking ahead. This combination amounts to intentional helplessness.
Nonsense. I mentioned two reasons: conflict of interest and moral hazard. I forgot also the third great problem of country-wide planning - incompetence and ignorance. The planners at that level don't know enough about their societies to make such plans and historically, they aren't terribly good at such things either.
That is not a valid rebuttal - adding to the list of ways in which planning can fail does nothing to show how, in your planning-free utopia, thinking ahead can have any effect.
In the 1930s, Britain chose not to plan for the rise of Nazi militarism, and that did not work out so well.
No. The Treaty of Versailles was the plan. Instead, they chose not to react to the rise of Nazi militarism.
You are simply cherry-picking what you call a plan in order to fit your dogma. It's a variant of the no-true-Scotsman fallacy. Ad-hoc, tautological definitions are meaningless.
I am not in favor of attempting to plan for its own sake or because I expect it to be successful, but because I think the alternative is certain to end badly. I also think it is the more likely outcome.
And I think you're just in error here. You haven't even demonstrated that having a plan at the country level is better than not having one.
I phrased it poorly, but the outcome that I think is more likely is that it will end badly.
I could say that the Western plan for the containment of the Soviet Union was ultimately successful, but more generally, you have equally failed to demonstrate that planning is automatically worse than not planning (once again, a list of reasons why plans may fail is no guarantee of certainty.) Your criterion here is simply not useful: you want a black-and-white world, but uncertainty is what we get, and you can either pretend that things are otherwise, or deal with it the best you can.
That's true, but it is not an argument against planning.
Sure. It's just an argument against having anyone, such as a government, in charge of the planning.
The assumption that planning is better than no planning at the country-level is unjustified. Sure, thinking ahead can have benefits. It works for you at a personal level, because you are both the planner and the primary recipient of the benefits of the planning. When that's no longer the case, the resulting conflict of interest and its exploitation can destroy any benefits from planning.
Your rational self sees the benefit of thinking ahead, but your ideological self is so wedded to the idea that planning is anathema that you would veto any attempt to act on the results of thinking ahead. This combination amounts to intentional helplessness.
There are indeed a great many ways planning can go wrong, but not planning also has its risks. In the 1930s, Britain chose not to plan for the rise of Nazi militarism, and that did not work out so well.
I am not in favor of attempting to plan for its own sake or because I expect it to be successful, but because I think the alternative is certain to end badly. I also think it is the more likely outcome.
Plenty of companies are working on long term goals.
In the context of the damage that environmental degradation and resource depletion will do, planning to maximize profits over the next few decades is not long-term. I do agree that politicians are increasingly focused on the current election cycle, but we have to recognize that this would not be the case if either a majority of the electorate, or the politicians' corporate sponsors, really wanted it to be different. The change you observe over the last two or three decades can arguably be attributed to the increasing skill of those with economic power to manipulate the fears and greed of those with electoral power.
Slashdot Mirror
One of the more amusing aspects of this thread is that there are two contradictory explanations earnestly being presented. One side thinks the windmill is a turbine that drives the wheels, while the other thinks the windmill is a propeller being driven by the wheels.
For the latter group, I would like to propose a modification: replace the propeller with a generator, and use the power generated to run a linear induction motor which propels the device downwind along a track, which is level, straight and aligned with the wind. You can give the device a push to start it moving, if you like. What happens?
*most* software projects don't have constraints that mean a reasonably-sized team cannot have a working system that is doing something useful within 4 weeks (which is about the longest an agile process will usually let you go without delivering useful software).
This debate has, very reasonably, become a matter of the degree of applicability of agile methods.
Insofar as most projects are incremental changes to existing systems, I could agree with the quote. This is not, however, where you find the hard problems in software development.
Could the mega-project in question have been restructured as a series of useful, incremental changes to existing systems? Maybe, but doing so on a basis of anything more than wishful thinking would have taken some non-trivial planning and analysis, which is anathema to agile zealots (though not, I imagine, to agile's founders, who seem to be fairly pragmatic.)
You seem to think no one with autism is high-functioning.
I think you have completely misunderstood the post you are replying to. The author's whole point is that the syndrome formerly known as Asperger's is far less debilitating than those found at the other end of the autism spectrum.
There seems to be a contradiction in your positions here. You started by saying that Asperger's is/was "not really distinct from autism in any meaningful way", but now you are insisting that we make a distinction between high-functioning and the more severe incarnations of the disease. As the syndrome formerly known as Asperger's has been subsumed into the high-functioning end of the autism spectrum, you can't have it both ways.
Aspergers has no diagnostic or treatment criteria that distinguish from autism. The end.
For the limited purposes of the DSM, that may be true, but it is an invalid extrapolation to claim there is no meaningful distinction between the syndrome formerly known as Asperger's and what was meant by autism when Asperger's was in use. The fact that the former Asperger's is now regarded as a high-functioning autism spectrum variant does not justify this generalization, because the change is only in the language, not in what it denotes. The fact is that in many aspects of life, there is a huge difference in autism's impact across the spectrum.
I am also puzzled by how you can munge the definition of 'treatment criteria' in order to say that there is no difference between the treatment criteria for a nonverbal autistic person and someone with the former Asperger's syndrome.
My best guess is that what you meant to say is that there is no meaningful distinction between Asperger's and other high-function variants of autism.
So? You file it under the spectrum and specify the severity.
In a rational world, that would be fine, and it generally works within the medical and other caring professions. Elsewhere, however, it is not hard to find people for whom this is too subtle, and who insist on over-generalizing from their own limited experiences, a habit that is facilitated by putting the whole spectrum under one word. You can find examples in this forum.
Not in the DSM anymore, because it's not really distinct from autism in any meaningful way.
An unfortunate decision - for the victims and their families, there is a huge difference from one end of the spectrum to the other.
Lots of people will say they have Aspberger's to write off their eccentricities as well.
As diagnosed by Zach Weiner in his Saturday Morning Breakfast Cereal:
http://www.smbc-comics.com/?id=2832
All you need is a cassette tape playing "Have you tried turning it off and on again" on a loop.
Who holds the copyright on that phrase?
I would argue that the additional distances quoted in TFA is a security breach. this increases the danger of skimming if the cards can be read from so far away.
I think you are almost certainly right, but because I don't know of an exploit that demonstrates a specific vulnerability of this sort, I did not want to make a claim that could be narrowly refuted. For more details on what I was thinking, see this response: http://news.slashdot.org/comments.pl?sid=3763223&cid=43767955
While these incidents do not involve a security breach...
A vendor's machine can take money from me without my consent or knowledge.
Apropos of nothing, what would constitute a security breach in your model?
That's a fair question, and I probably should have written something like "arguably, there was no security breach in these specific incidents." I don't think it would be a very good argument, but I wanted to 'immunize' my post against a sort of argument that has been used against me elsewhere (e.g. http://slashdot.org/comments.pl?sid=3682437&cid=43544497 ) This 'so far, so good' fallacy takes several forms, such as 'the incidents [so far] have caused no losses / have only occurred in the lab / have all been caught [so far as we know]', 'the losses [so far] have been minimal / reversed'... In this particular case, an apologist for the system might say 'none of the incidents reported here involve covert subversion of [what passes for] the security of these systems'.
With regard to the specific incidents reported in this article, that seems to me to be true, but irrelevant. All 'so far, so good' fallacies share two problems. The first is that they ignore the fact that such incidents are good evidence that the system is not trustworthy, and the second is that the person making the fallacy is either unaware of its bogosity, or is deliberately trying to hide it. That means the commentator (and the organization she represents) is either incompetent (in the first case) or untrustworthy (in the second) on the subject of security.
The article includes another bogus argument: "the system has been extensively tested"... but the incidents are irrefutable evidence that the testing did not work. Another bogus argument that has been used in other cases is "there is nothing wrong with the standard, the problem was in the vendor's implementation"... but a standard without effective verification of compliance is useless.
By attempting to immunize my comment, I brought on your response instead, but that's OK, because we agree over what matters here.
While these incidents do not involve a security breach, they do indicate a sloppiness in the implementation, and so raise the concern that the system has been developed without the attention to detail that is a necessary (but not sufficient) prerequisite for security.
why do patent inspectors spend more than 2 seconds on dreck like this before denying it.
Part of the problem is that 'obvious' has gained a special meaning in this context, partly as a result of case law, and that meaning is not the obvious one. Lawyers aren't paid to be reasonable.
There is supposed to be a level of restraint on the submitter to not post something obvious in their field and to do diligence in ascertaining whether or not a patent should be granted for their idea or if there are existing patents that cover the idea.
Good point. If I recall correctly from my brief encounters with the patent system, if you don't bring the examiner's attention to what could arguably be considered prior art, it explicitly counts against you should your patent be challenged. It may be that large corporations have realized that 'possession is nine-tenths of the law' definitely applies here, and they can cause a lot of trouble for a competitor even with a shaky patent, for example by dragging things out to the point where it becomes moot, or by using the threat of doing so to get cross-licensing agreements.
I also didn't actually disagree with the idea of planning.
You imposed such a sweeping constraint on any planning beyond the personal (no-one in charge) as to render it pointless:
Sure. It's just an argument against having anyone, such as a government, in charge of the planning.
To be consistent, it would have to be your position that the energy sector, which you acknowledge in your subsequent reversal as being capable of planning, generally practices planning under this constraint.
On considering your later attempts to reinterpret the record, it seems possible that you had intended 'anyone' to refer specifically to either governments or government-like entities, but your placement of 'government' in a nonrestrictive clause rules it out. That would have been a different discussion.
Excuse me, it was the second reason I gave.
But reason for what? You are attempting to make the case that country-level planning is an activity in which it is impossible, not just difficult, to do better than doing nothing at all. Unless you can demonstrate complete coverage, a list of ways things can go wrong doesn't get the job done.
You tacitly acknowledge this whenever you attempt to transfer your burden of proof to me. That's a common dogmatist move (most often employed to convince one another that their views are beyond question), but neither I nor any other rational reader need to go down that path.
I'm sure you will dispute all of this with more of the same, and it is clearly inevitable that you will have the last word, regardless of how many repetitions it takes. Go ahead - I am happy to leave any rational reader who might wander by to make up their own minds.
My very first argument against central planning was the moral hazard it created. Namely, the disincentive to plan at the private level. I wish you'd spend more time understanding my arguments and less time mischaracterizing them.
In other contexts, your observations about the difficulties of central planning would be useful contributions to the discussion, but they do not work as justifications for a self-contradictory piece of dogma.
This sudden reversal on planning
No such reversal occurred.
The record stands for itself.
While going to jail has become an issue for Murdoch's editors in the UK, I don't think they are much at risk in the US.
Of course there are security holes with the chip and NFC.
The inevitability of flaws is not an excuse to foreclose on the question of whether the implementers of this system are trying hard enough to minimize them, and I belive the evidence shows they are not.
Yes, read the article carefully...
The vulnerable cards have not been properly designed for a start. What's more, this doesn't affect all cards (even if the unpredictable number is guessable) due to different authorisation methods.
Leaving the implementation open for banks and card manufacturers to screw up was one of the bad decisions that indicate that the people who developed this system were not quite up to the job. in security, half a fence is no fence: you have to control everything.
All these responses that say 'that problem has been fixed' ignore the point that when you see one bad decision, it is almost certainly a sign that there are others that have just not surfaced. To give an example where lives were at risk, when it was found during the construction of the Los Angeles class submarines that a faulty weld on a torpedo rack had passed multiple inspections, it immediately threw doubt on every weld on every ship constructed under the program, because the inspection process for hull and reactor welds was not substantively different from the one that failed.
In addition, your use of non-sequiturs in your arguments, such as "this doesn't affect all cards", indicates that you are unwilling or unable properly evaluate the significance of the evidence.
Maybe this time it is better, but I am deeply concerned by how you, as someone involved in testing these systems, doesn't get these points and writes as an advocate for the thing you are supposed to be testing.
That particular paper is well known and if you read it, the vulnerability lies with the terminal and the entering of the PIN. You still need the physical card there, which you cannot clone. If your card is stolen, online fraud is much more likely and dangerous than someone using a dodgy terminal (or a shim of some kind inserted into the terminal to perform a MITM attack).
And if you were to objectively read it and other papers on the topic you would see that there is good evidence that these or similar attacks have been used to commit fraud without the collusion of the cardholder. Furthermore, when one case of a poor design decision is found, we can reasonably assume it is not the only one, and that poor decision-making was pervasive.
As you are a self-proclaimed expert deeply involved in the testing of this system, I find your attitude deeply disturbing. You write, and presumably act, as an advocate for the system rather than as an impartial analyst and investigator, and I would not be surprised if that attitude is widespread in the organization you work for. Bruce Schneier, among others, has written about the necessity for people working on security to think like an attacker.
Yes, but the point that perhaps I'm not making clear enough is that any vulnerability is due to the OLD systems, the magstripe stuff that should have been replaced years ago. The issue lies with the legacy system, not the new system.
The point I have been making is that experience elsewhere is that the new systems have, in practice, been found to be vulnerable, and it is naive to adopt policies that are predicated on an unjustified and unrealistic assumption of invulnerability.
But here's the good news! You're not liable for card fraud, the bank is. At least, the bank is for a short period of time, then that liability will switch over to the merchant because he hasn't upgraded to chip technology yet.
So, after the 'short period of time', who is liable for fraud when the merchant has upgraded to to chip technology? There seems to be an assumption that with the technology in place, fraud will be impossible, at least without the collusion of the cardholder. That was the assumption in Britain, and on that basis, liability was legally transferred to the cardholder. It turned out, however, that fraud (without the cardholder's participation) was both definitely still possible and almost certainly happening, but as far as I know, the cardholder is still legally on the hook.
http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf
The particular error covered here may not be repeated in the US (though I would not automatically assume that), but perfection is unlikely. It looks to me that the banks have themselves a deal whereby, for continuing to bear the cost of fraud for a short time, they get the new system rolled out beyond the point of no return, after which they transfer the liability for whatever happens from then on to the merchants and cardholders. I'm not celebrating yet.
Here's the deal - chip IS secure. What's more, contactless is also secure. Or rather, it's a hell of a lot more secure than the shitty magstripe you're talking about.
'Secure' and 'better than magstripe' are two different things, and as you acknowledge, it is the second of them that is most accurate. Nevertheless, it is a valid point that chip technology is much more secure than magnetic stripe.
Three things bother me, however. The first is that while the security is better, it has not, so far, been state-of-the-art. There is a team at Cambridge University that has found a number of exploits of the British chip 'n pin system, and good evidence that these exploits are being exploited by criminals. Some of the poor design decisions that opened the way for these exploits fall in the 'what were they thinking' class. A change of this magnitude only happens once in a couple of decades, and it is in something that matters a great deal. Is it unreasonable to expect that a great deal of care should be taken to make sure it is done as well as possible, such as by employing and paying attention to people who are at least as competent as the researchers (and the criminals, for that matter) who have been able to break these schemes? We cannot expect or demand perfection, but a significant reduction in gratuitous and easily avoided mistakes appears to be achievable and reasonable to expect.
The second thing (which may also be particular to the British experience) is that the banks have lobbied successfully to change the law so that the cost of fraud is transferred to the merchants and the cardholders. It has been revealed that this transfer was a major motivation for the banks to make the change in the first place (they would prefer to be secure than not, but what they really care about is not paying for fraud.) The lobbying for these changes included what turned out to be unjustified claims about the level of security the system provided. One particular aspect of this liability transfer is that they have been able to do it without producing the log files that might have exonerated those on whom the cost was being transferred.
The third thing is that these security blunders keep on happening - we have seen the same sort of complacent mediocrity (or outright incompetence) in electronic locks and voting machines, to pick just a couple of examples. What is it going to take for security to be taken seriously? For all I know, the chip card system being developed for the US may be better than that in the UK, but past experience makes me skeptical.
http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf
Keep in mind that "no planning" here means more planning at the private level.
This sudden reversal on planning might get you out of the hole you dug for yourself over how you expect thinking ahead to have any effect without planning, but at the cost of rendering your initial post in this thread, and most of what you have said since to justify it, pointless.
Your rational self sees the benefit of thinking ahead, but your ideological self is so wedded to the idea that planning is anathema that you would veto any attempt to act on the results of thinking ahead. This combination amounts to intentional helplessness.
Nonsense. I mentioned two reasons: conflict of interest and moral hazard. I forgot also the third great problem of country-wide planning - incompetence and ignorance. The planners at that level don't know enough about their societies to make such plans and historically, they aren't terribly good at such things either.
That is not a valid rebuttal - adding to the list of ways in which planning can fail does nothing to show how, in your planning-free utopia, thinking ahead can have any effect.
In the 1930s, Britain chose not to plan for the rise of Nazi militarism, and that did not work out so well.
No. The Treaty of Versailles was the plan. Instead, they chose not to react to the rise of Nazi militarism.
You are simply cherry-picking what you call a plan in order to fit your dogma. It's a variant of the no-true-Scotsman fallacy. Ad-hoc, tautological definitions are meaningless.
I am not in favor of attempting to plan for its own sake or because I expect it to be successful, but because I think the alternative is certain to end badly. I also think it is the more likely outcome.
And I think you're just in error here. You haven't even demonstrated that having a plan at the country level is better than not having one.
I phrased it poorly, but the outcome that I think is more likely is that it will end badly.
I could say that the Western plan for the containment of the Soviet Union was ultimately successful, but more generally, you have equally failed to demonstrate that planning is automatically worse than not planning (once again, a list of reasons why plans may fail is no guarantee of certainty.) Your criterion here is simply not useful: you want a black-and-white world, but uncertainty is what we get, and you can either pretend that things are otherwise, or deal with it the best you can.
That's true, but it is not an argument against planning.
Sure. It's just an argument against having anyone, such as a government, in charge of the planning.
The assumption that planning is better than no planning at the country-level is unjustified. Sure, thinking ahead can have benefits. It works for you at a personal level, because you are both the planner and the primary recipient of the benefits of the planning. When that's no longer the case, the resulting conflict of interest and its exploitation can destroy any benefits from planning.
Your rational self sees the benefit of thinking ahead, but your ideological self is so wedded to the idea that planning is anathema that you would veto any attempt to act on the results of thinking ahead. This combination amounts to intentional helplessness.
There are indeed a great many ways planning can go wrong, but not planning also has its risks. In the 1930s, Britain chose not to plan for the rise of Nazi militarism, and that did not work out so well.
I am not in favor of attempting to plan for its own sake or because I expect it to be successful, but because I think the alternative is certain to end badly. I also think it is the more likely outcome.
Plenty of companies are working on long term goals.
In the context of the damage that environmental degradation and resource depletion will do, planning to maximize profits over the next few decades is not long-term. I do agree that politicians are increasingly focused on the current election cycle, but we have to recognize that this would not be the case if either a majority of the electorate, or the politicians' corporate sponsors, really wanted it to be different. The change you observe over the last two or three decades can arguably be attributed to the increasing skill of those with economic power to manipulate the fears and greed of those with electoral power.