Pray, tell, how do you turn all of it off?
Short of buying a Windows Server to run as a domain controller, and only use Windows Enterprise Edition for the desktops and laptops, and constantly research, write and push your own group policy objects to whack the latest mole, I don't think you can.
Turning most of the spyware off is like removing most of the human droppings from your soup.
I upgraded my bootcamp partition on my personal Macbook Pro to Windows 10 from Windows 7 Pro. It was pretty trivial to disable everything. I was a little hesitant to perform the upgrade but I wanted to play around with some C# for a little side project I am doing for fun and I rarely boot that machine into windows anyway.
2) In most danger situations the robot cars will brake and try to come to a stop ASAP all while turning on its hazard lights. Which shouldn't be too difficult at those said speeds.
Turning on your hazard lights while driving is illegal in most states, and for good reason. Did you know that many makes and models use the exact same lights for your hazard lights as the turn and/or brake lights? And guess which behavior wins out? The hazard lights, of course. Do you know when the hazard lights are supposed to be used? When you're stuck on the side of the road or stalled in traffic. Not for "Oh no it's raining hard I want to make sure the people behind me notice the bad weather" or "hey it's really foggy and no one can see me" or even "Hey I know I should be trying to stop right now but I am going to fumble for the hazard lights while I hit the brakes." So please don't teach driverless cars to do the unsafe things that you do.
The problem -- and the reason I have Binge On disabled on my account as a matter of principle, even though I would be perfectly happy with compressed video -- is that it's implemented on a site-by-site basis. If I could ask T-Mobile to compress and zero-rate all video streaming, both from big providers like Youtube and Netflix and from any random small server (or when streaming video from the phone to elsewhere, for that matter), then I would have no objection to it whatsoever. On the contrary, it would be great! It would also then be categorized as "perfectly-acceptable QoS" rather than "a violation of net neutrality."
You have to use T-Mobile's API so that they can ensure the stream parameters are appropriate. If you use HTTPS or an encrypted video/audio feed then T-Mobile could not do anything to reduce the demand on the network. That's the problem. If you're going to disable it on moral grounds then I would say that it should be disabled due to the fact that T-Mobile can basically see exactly what you're streaming using the Binge On. Realistically, though, they may have already known what you were streaming anyway just based on the request.
They're paid for by increasing the price on everything else, and they reduce your freedom by increasing the cost of making alternative choices.
In the case of T-Mobile developers are opting in to having their data stream recompressed by T-mobile. It's not increasing the cost of anything else. T-Mobile saves money on this because they're not blasting out a 10Mbps stream to a 4 inch cellphone that can't possibly display that resolution. Sure if you're plugging your cell phone into your TV to stream video at home, it may affect you. However, they are not charging anyone for this, the service is open to everyone, and is completely voluntary. The data stream does not get routed any differently from a QoS standpoint but it makes a huge difference to the Network's ability to relieve congestion. If anything, the app developers should allow T-mobile users to opt in/out of using that endpoint on T-mobile but I see no reason for T-mobile to be forbidden to provide the service as it is.
When I was a kid, there was an episode of the A Team where they took a Polaroid picture from the perspective of a security camera and then put that picture in front of the camera lens so it couldn't see them. Just do the same thing but with a print out of goatse or something.
The graphics card market is significantly larger than $50 million.
30% if PCs ships with dedicated graphics cards. The market is > $1 billion.
And 99% of the population wouldn't know how to replace a video card or bought a laptop and cannot replace the video card. Unless laptop manufacturers let you pick the video card brand and model, you'd have no choice anyway. Some manufacturers do let you pick from a limited choice - gaming card versus business card (you know the kind that excel at CAD and such things) but you rarely get to pick from more than 2 or 3 choices.
The transactions are successful, it's only later when people check their statements that the charges are flagged as fraudulent and charged back. The customer has 30 days after receiving their statement to dispute a transaction. It could take in the worst case 60-90 days before a merchant gets a chargeback.
The problem here is that CC companies simply do not give any protection against fraud. They have no incentive either, the CC company gets their transaction fees AND a chargeback fee AND issue a $50k/month fine to whoever lost the information (because they aren't PCI compliant) AND get to send in their expensive auditors and higher transaction fees to whoever lost the information (highest level of PCI compliance).
The fine is levied by the card brands and goes to the card brands, not the issuing or acquiring banks. Furthermore, the amount of the fine is based on the size of the organization in question and the level of compliance they are required to have based on the transaction volume of the organization.
I can appreciate them not wanting you to be able to change existing text as it could potentially corrupt the response tree but it would be nice if they allowed you to do a short addendum to a post that was clearly marked as an update.
When you implement rent controls, there's very little incentive to build more housing. It's the type of policy that most economists agree is a bad idea and it's little surprise that it distorts the market and causes all manner of ill adverse side effects.
You honestly can't expect anyone sane to build new housing when laws mandate that it be a poor investment. At that point you end up with the only solution being government funded public housing projects, but those have a lot of stigma attached to them.
SF's Rent control only applies to buildings built after 1979 - 37 years ago.
I'm pretty sure that if i build a building in SF now that it will have been built AFTER 1979 and will, therefore, be subject to rent control.
Ah I see that you later stated you had the dates backward. Ignore my snark, then, please.
When you implement rent controls, there's very little incentive to build more housing. It's the type of policy that most economists agree is a bad idea and it's little surprise that it distorts the market and causes all manner of ill adverse side effects.
You honestly can't expect anyone sane to build new housing when laws mandate that it be a poor investment. At that point you end up with the only solution being government funded public housing projects, but those have a lot of stigma attached to them.
SF's Rent control only applies to buildings built after 1979 - 37 years ago.
I'm pretty sure that if i build a building in SF now that it will have been built AFTER 1979 and will, therefore, be subject to rent control.
I don't know what you know about concealed carry, so I'll note this: it is illegal in Florida to carry in an establishment whose liquor sales qualify it as a bar.
You can't even legally walk through a bar in Florida. If you're at a restaurant and the restrooms are in the bar area then you cannot legally walk through to the bathroom. I think that is an excellent idea but I think you could legally order a drink from the bar as long as you did not enter it.
So you call yourself a "United Statesian"? Piss off.
No, when one someone asks me, I tell them I am from the United States. It is certainly more specific than saying American and I don't look like an arrogant asshole. Since your only argument for or against this seems to be 'piss off,' one can certainly make assumptions on the impression you would give people in a foreign country.
There are a number of British Isles, as well as mainland Brittany, but we know that the country of "Britain" is shorthand for the otherwise long-winded "United Kingdom of Great Britain and Northern Ireland". Irish Republicans are not offended, even though they are geographically British.
So what is your argument, that it goes by the largest landmass or the largest population of that heritage? Because the Americas are named after an Italian who was sailing on behalf of the Portuguese crown. It's not named after a specific region or heritage. And since the American continents are much larger in land mass than the United States of America, that argument makes no sense either.
If you aren't using it yet, you should. Indeed, I'd like all sites to enable 2-factor by default. It's not like most folks don't have phones or email accounts.
I can count the number of websites that I care about TFA on two hands. And how many websites out there make you create a username and password to do anything? I have a special email address for those useless sites. And a very weak password. They're not worth the effort.
That was a bit flippant, so let me explain. "American" is a nationality
There are 35 American countries. So which country, pray tell, is an American from? And yes, I was born in the US and, unless you're Native American, my family has probably been here longer than yours.
At the rate things are going, the human race may not exist in any significant way 1500 years from now. We'll either pull ourselves out of the various tailspin-inducing shenanigans, or it'll get us.
Not to mention the Vogons who are lobbying to build an hyperspace bypass.
I'm sure many people will whine about being underwhelmed by this year's WWDC and the lack of any new hardware announcements, etc. But IMO, there were some really solid improvements shown. The "universal clipboard" is a HUGE improvement, IMO.
How often are you switching between devices like this? In a meaningful and useful way? I don't want to accidentally copy/paste some code snipped on my iPhone. I can tell you the number of times I want to actually do this: Once per iPhone connected to my WiFi network at home. That's it. I don't like having to copy/paste my WiFi key. But guess what, I can just sync that already with notes. So I guess really my count goes down to 0. Now you want to talk about a meaningful way to transfer documents between my phone and my computer? That is a different story. Right now I have to fire up webdav or use email to copy a picture or a PDF from my computer to phone or vice versa. I'm far more likely to want to print something to PDF on my computer and haul it with me on my phone than I am going to want to copy and paste from my computer to my phone.
Oh and that's something you can easily do with Android but can't so conveniently do on an iPhone.
You apparently have never heard of GoodReader. Best $5 you will ever spend.
I have heard of GoodReader. But like I said it is not a native file manager. I obviously know that there are other ways to manage files with iOS or I wouldn't have mentioned webdav. And guess what? You could use that to copy/paste text between your phone and your computer via text files. So why does Apple need to add native copy/paste 'continuity' between machines? I mean that's basically what you've said in your last two replies to me.
I'm not sure I'm following you. What do you mean by taking something out of a PDF or photo? I'm just talking about having writing something on my desktop and wanting to get some text that I have saved on my phone. I could put the text into a google doc or into a file and save it to dropbox, but usually it is just easier to email it to myself.
I'm saying it's far more convenient to be able to transfer PDFs, photos, and other files rather than copy and paste. There are very few times that copy/paste between a phone/iPad and a computer is useful. Most of the time I want to send concert tickets, a boarding pass, train ticket or whatever to my phone. Right now the only way to do that on the iPhone is email, webdav, dropbox, or airdrop.
So, IOW, there are already at least FOUR methods you mentioned to do that. So you want a FIFTH?
This is a unique feature, and one of those you'll end up using almost without thinking about how much convenience it adds.
Typical Apple.
With the exception of AirDrop, none of those are native and ALL of them require me sending the data through a server or owning a Mac computer. Webdav requires me to purchase or create my own webdav client. And what if the file is too big for email and I am on a network that blocks dropbox? Then all of the sudden I have exactly 0 ways to transfer the data. I travel to client sites all of the time where they all have Windows based machines and I am not allowed on their network (they're all financial institutions). If I need to give them a file that has any sort of financial data I can't send it via dropbox or email*. So that means I have to carry around an extra piece of hardware even though everyone in the room has a device in their pocket that is perfectly capable of storing the file I need to transfer.
*Note that none of that data I send is actual financial data, it's all test or sample data but the security people at these financial institutions apply all the PCI rules to anything that appears to be financial data flowing into or out of their networks.
I'm still not following you. It's easy to send files to a computer from an iPhone via AirDrop. I do it all the time. It's only when I want to send some text that I cannot do so easily.
Only if you have a Mac. And only if you have a recent enough Mac, at that.
I can do transactions with chip. I tried swiping a chip card and it told me to put it in the chip reader. I use a Verifone VX520 and the service is provided by POSNET (owned by Mastercard). It also worked that way when I had LAPOS (owned by Visa).
Ahh I knew that FirstData had an EMV Capable processor for Latin America and the Caribbean and I see that POSNET is owned by FirstData (at least the website says that it is a FirstData company). Interesting. Thanks for the info.
An NFC chip would be extremely difficult to clone. The might be able to scrape some information off the NFC that is made public but it is highly doubtful that includes the PIN, the CVV2, the address or possibly even the name of the person. The NFC itself would implement challenge response so that wouldn't be much use either. It's not even obvious to me why point of sale terminals would even need to see what's on the magstripe but perhaps there is a reason. The obvious fix is if a payment card exposes this info then it should obfuscate it, or better yet not expose it at all. Whatever edge case requires it might not be a sufficient reason given any potential for theft.
With modern EMV capable NFC cards, the track 2 data is dynamic and generated every transaction based on an unpredictable number supplied by the terminal. You would not be able to replay a transaction unless your transaction was approved offline.
Remember that these chips are extremely low power low speed.
They have to perform usually a cryptograhic hash of some input they are passed with their secret key. The algorithm used is not a fully secure algorithm like what would be used in https, it's not NIST approved etc. They are custom algorithms designed to be done by a very simple processor very quickly and are orders of magnitude easier than AES or SHA.
All of the previous chips have so far been cracked after researchers studied the chip, and reverse engineered the encryption algorithm, which are then studied by cryptographers.
A huge part of the security is that no one except one company, actually knows the encryption algorithm and it's extremely difficult for anyone to figure it out, as they would have to somehow view and reverse engineer the silicon circuit by physical inspection.
Hmmmm why are none of these encryption attacks listed by the research team at Cambridge then? There are certainly attacks but none based on the cryptography that I know of. Do you have links? And you know that these smart cards have circuits designed for cryptography and that the latest chips actually do 2048 bit RSA encryption used by the terminal to validate that the card has not been cloned? But you're right, they can't even do basic 3DES or AES or even SHA on those cards...
I wouldn't be so sure.
Disclaimer: this happens in France, I have no idea how the contactless ship is sailing anywhere else. But we have had chips for as long as I can remember, and contactless just got added recently. A bunch of people jumped on it: payment terminal slowly gets it, automated vending machines too.
Of course, it is as secure as anywhere else (read: not) but that didn't stop the adoption. Thankfully by law banks are obligated to either provide a card without contactless payment or provide a way to disable it, but still it's growing.
Now, they could probably change the contactless protocol to use the same protocol as actual contact payment, including PIN and EMV validation, but that would get in the way of usability, and between security and ease of use, it seems that even money isn't safe.
We had a relatively secure thing: physically put the card in the reader, enter PIN. Takes a few seconds, opposed to... the few seconds it takes for contactless to kick in. But it's not shiny anymore I guess.
They do use EMV for contactless these days. The card data is dynamic and generated on each transaction based on the unpredictable number supplied by the terminal at the time of the transaction. The problem is that there is no one standard for contactless EMV. Each brand has a slightly different implementation and the certification process is a nightmare compared to contact. You can use online PIN validation of contactless transactions, too. That is up to the merchant or acquiring bank to enable through the terminal. You cannot use offline PIN with contactless, however. Contactless should be secure against replay attacks and cloning so long as the merchant processes the transaction online
On-line stores have to ask for the CVV. It's been a while since I ran my own business, but back then we were explicitly forbidden from capturing the CVV for in-person transactions. The idea is that nobody has it but the physical card holder.
Depends on the implementation of the online or physical check out. I've checked out recently online where the CVV was not required. I've also checked out at local businesses, usually very small shops, restaurants, or doctors offices, where they looked at and entered the CVV must likely because they were using a virtual terminal.
Amazon never asks for the CVV on a transaction. They assume extra risk by neglecting to ask for the CVV. There is no requirement per se, but there is a fraud liability shift if you do not ask for enough information to authenticate the user.
Slashdot Mirror
(it's simple to turn most of that crap off)
Pray, tell, how do you turn all of it off? Short of buying a Windows Server to run as a domain controller, and only use Windows Enterprise Edition for the desktops and laptops, and constantly research, write and push your own group policy objects to whack the latest mole, I don't think you can.
Turning most of the spyware off is like removing most of the human droppings from your soup.
I upgraded my bootcamp partition on my personal Macbook Pro to Windows 10 from Windows 7 Pro. It was pretty trivial to disable everything. I was a little hesitant to perform the upgrade but I wanted to play around with some C# for a little side project I am doing for fun and I rarely boot that machine into windows anyway.
2) In most danger situations the robot cars will brake and try to come to a stop ASAP all while turning on its hazard lights. Which shouldn't be too difficult at those said speeds.
Turning on your hazard lights while driving is illegal in most states, and for good reason. Did you know that many makes and models use the exact same lights for your hazard lights as the turn and/or brake lights? And guess which behavior wins out? The hazard lights, of course. Do you know when the hazard lights are supposed to be used? When you're stuck on the side of the road or stalled in traffic. Not for "Oh no it's raining hard I want to make sure the people behind me notice the bad weather" or "hey it's really foggy and no one can see me" or even "Hey I know I should be trying to stop right now but I am going to fumble for the hazard lights while I hit the brakes." So please don't teach driverless cars to do the unsafe things that you do.
The problem -- and the reason I have Binge On disabled on my account as a matter of principle, even though I would be perfectly happy with compressed video -- is that it's implemented on a site-by-site basis. If I could ask T-Mobile to compress and zero-rate all video streaming, both from big providers like Youtube and Netflix and from any random small server (or when streaming video from the phone to elsewhere, for that matter), then I would have no objection to it whatsoever. On the contrary, it would be great! It would also then be categorized as "perfectly-acceptable QoS" rather than "a violation of net neutrality."
You have to use T-Mobile's API so that they can ensure the stream parameters are appropriate. If you use HTTPS or an encrypted video/audio feed then T-Mobile could not do anything to reduce the demand on the network. That's the problem. If you're going to disable it on moral grounds then I would say that it should be disabled due to the fact that T-Mobile can basically see exactly what you're streaming using the Binge On. Realistically, though, they may have already known what you were streaming anyway just based on the request.
They're paid for by increasing the price on everything else, and they reduce your freedom by increasing the cost of making alternative choices.
In the case of T-Mobile developers are opting in to having their data stream recompressed by T-mobile. It's not increasing the cost of anything else. T-Mobile saves money on this because they're not blasting out a 10Mbps stream to a 4 inch cellphone that can't possibly display that resolution. Sure if you're plugging your cell phone into your TV to stream video at home, it may affect you. However, they are not charging anyone for this, the service is open to everyone, and is completely voluntary. The data stream does not get routed any differently from a QoS standpoint but it makes a huge difference to the Network's ability to relieve congestion. If anything, the app developers should allow T-mobile users to opt in/out of using that endpoint on T-mobile but I see no reason for T-mobile to be forbidden to provide the service as it is.
When I was a kid, there was an episode of the A Team where they took a Polaroid picture from the perspective of a security camera and then put that picture in front of the camera lens so it couldn't see them. Just do the same thing but with a print out of goatse or something.
The graphics card market is significantly larger than $50 million. 30% if PCs ships with dedicated graphics cards. The market is > $1 billion.
And 99% of the population wouldn't know how to replace a video card or bought a laptop and cannot replace the video card. Unless laptop manufacturers let you pick the video card brand and model, you'd have no choice anyway. Some manufacturers do let you pick from a limited choice - gaming card versus business card (you know the kind that excel at CAD and such things) but you rarely get to pick from more than 2 or 3 choices.
The transactions are successful, it's only later when people check their statements that the charges are flagged as fraudulent and charged back. The customer has 30 days after receiving their statement to dispute a transaction. It could take in the worst case 60-90 days before a merchant gets a chargeback.
The problem here is that CC companies simply do not give any protection against fraud. They have no incentive either, the CC company gets their transaction fees AND a chargeback fee AND issue a $50k/month fine to whoever lost the information (because they aren't PCI compliant) AND get to send in their expensive auditors and higher transaction fees to whoever lost the information (highest level of PCI compliance).
The fine is levied by the card brands and goes to the card brands, not the issuing or acquiring banks. Furthermore, the amount of the fine is based on the size of the organization in question and the level of compliance they are required to have based on the transaction volume of the organization.
I can appreciate them not wanting you to be able to change existing text as it could potentially corrupt the response tree but it would be nice if they allowed you to do a short addendum to a post that was clearly marked as an update.
When you implement rent controls, there's very little incentive to build more housing. It's the type of policy that most economists agree is a bad idea and it's little surprise that it distorts the market and causes all manner of ill adverse side effects.
You honestly can't expect anyone sane to build new housing when laws mandate that it be a poor investment. At that point you end up with the only solution being government funded public housing projects, but those have a lot of stigma attached to them.
SF's Rent control only applies to buildings built after 1979 - 37 years ago.
I'm pretty sure that if i build a building in SF now that it will have been built AFTER 1979 and will, therefore, be subject to rent control.
Ah I see that you later stated you had the dates backward. Ignore my snark, then, please.
When you implement rent controls, there's very little incentive to build more housing. It's the type of policy that most economists agree is a bad idea and it's little surprise that it distorts the market and causes all manner of ill adverse side effects.
You honestly can't expect anyone sane to build new housing when laws mandate that it be a poor investment. At that point you end up with the only solution being government funded public housing projects, but those have a lot of stigma attached to them.
SF's Rent control only applies to buildings built after 1979 - 37 years ago.
I'm pretty sure that if i build a building in SF now that it will have been built AFTER 1979 and will, therefore, be subject to rent control.
I don't know what you know about concealed carry, so I'll note this: it is illegal in Florida to carry in an establishment whose liquor sales qualify it as a bar.
You can't even legally walk through a bar in Florida. If you're at a restaurant and the restrooms are in the bar area then you cannot legally walk through to the bathroom. I think that is an excellent idea but I think you could legally order a drink from the bar as long as you did not enter it.
So you call yourself a "United Statesian"? Piss off.
No, when one someone asks me, I tell them I am from the United States. It is certainly more specific than saying American and I don't look like an arrogant asshole. Since your only argument for or against this seems to be 'piss off,' one can certainly make assumptions on the impression you would give people in a foreign country.
There are a number of British Isles, as well as mainland Brittany, but we know that the country of "Britain" is shorthand for the otherwise long-winded "United Kingdom of Great Britain and Northern Ireland". Irish Republicans are not offended, even though they are geographically British.
So what is your argument, that it goes by the largest landmass or the largest population of that heritage? Because the Americas are named after an Italian who was sailing on behalf of the Portuguese crown. It's not named after a specific region or heritage. And since the American continents are much larger in land mass than the United States of America, that argument makes no sense either.
If you aren't using it yet, you should. Indeed, I'd like all sites to enable 2-factor by default. It's not like most folks don't have phones or email accounts.
I can count the number of websites that I care about TFA on two hands. And how many websites out there make you create a username and password to do anything? I have a special email address for those useless sites. And a very weak password. They're not worth the effort.
That was a bit flippant, so let me explain. "American" is a nationality
There are 35 American countries. So which country, pray tell, is an American from? And yes, I was born in the US and, unless you're Native American, my family has probably been here longer than yours.
At the rate things are going, the human race may not exist in any significant way 1500 years from now. We'll either pull ourselves out of the various tailspin-inducing shenanigans, or it'll get us.
Not to mention the Vogons who are lobbying to build an hyperspace bypass.
I'm sure many people will whine about being underwhelmed by this year's WWDC and the lack of any new hardware announcements, etc. But IMO, there were some really solid improvements shown. The "universal clipboard" is a HUGE improvement, IMO.
How often are you switching between devices like this? In a meaningful and useful way? I don't want to accidentally copy/paste some code snipped on my iPhone. I can tell you the number of times I want to actually do this: Once per iPhone connected to my WiFi network at home. That's it. I don't like having to copy/paste my WiFi key. But guess what, I can just sync that already with notes. So I guess really my count goes down to 0. Now you want to talk about a meaningful way to transfer documents between my phone and my computer? That is a different story. Right now I have to fire up webdav or use email to copy a picture or a PDF from my computer to phone or vice versa. I'm far more likely to want to print something to PDF on my computer and haul it with me on my phone than I am going to want to copy and paste from my computer to my phone.
Oh and that's something you can easily do with Android but can't so conveniently do on an iPhone.
You apparently have never heard of GoodReader. Best $5 you will ever spend.
I have heard of GoodReader. But like I said it is not a native file manager. I obviously know that there are other ways to manage files with iOS or I wouldn't have mentioned webdav. And guess what? You could use that to copy/paste text between your phone and your computer via text files. So why does Apple need to add native copy/paste 'continuity' between machines? I mean that's basically what you've said in your last two replies to me.
I'm not sure I'm following you. What do you mean by taking something out of a PDF or photo? I'm just talking about having writing something on my desktop and wanting to get some text that I have saved on my phone. I could put the text into a google doc or into a file and save it to dropbox, but usually it is just easier to email it to myself.
I'm saying it's far more convenient to be able to transfer PDFs, photos, and other files rather than copy and paste. There are very few times that copy/paste between a phone/iPad and a computer is useful. Most of the time I want to send concert tickets, a boarding pass, train ticket or whatever to my phone. Right now the only way to do that on the iPhone is email, webdav, dropbox, or airdrop.
So, IOW, there are already at least FOUR methods you mentioned to do that. So you want a FIFTH? This is a unique feature, and one of those you'll end up using almost without thinking about how much convenience it adds. Typical Apple.
With the exception of AirDrop, none of those are native and ALL of them require me sending the data through a server or owning a Mac computer. Webdav requires me to purchase or create my own webdav client. And what if the file is too big for email and I am on a network that blocks dropbox? Then all of the sudden I have exactly 0 ways to transfer the data. I travel to client sites all of the time where they all have Windows based machines and I am not allowed on their network (they're all financial institutions). If I need to give them a file that has any sort of financial data I can't send it via dropbox or email*. So that means I have to carry around an extra piece of hardware even though everyone in the room has a device in their pocket that is perfectly capable of storing the file I need to transfer.
*Note that none of that data I send is actual financial data, it's all test or sample data but the security people at these financial institutions apply all the PCI rules to anything that appears to be financial data flowing into or out of their networks.
I'm still not following you. It's easy to send files to a computer from an iPhone via AirDrop. I do it all the time. It's only when I want to send some text that I cannot do so easily.
Only if you have a Mac. And only if you have a recent enough Mac, at that.
I can do transactions with chip. I tried swiping a chip card and it told me to put it in the chip reader. I use a Verifone VX520 and the service is provided by POSNET (owned by Mastercard). It also worked that way when I had LAPOS (owned by Visa).
Ahh I knew that FirstData had an EMV Capable processor for Latin America and the Caribbean and I see that POSNET is owned by FirstData (at least the website says that it is a FirstData company). Interesting. Thanks for the info.
I was hoping Apple would license ZFS or even Veritas Volume Manager/Veritas FS from Symantec.
I thought Veritas was also called Online Journaled File System (OnlineJFS or OJFS). What else is OJFS?
OJFS? Why do you computer types insist on naming your filesystems after murders?
An NFC chip would be extremely difficult to clone. The might be able to scrape some information off the NFC that is made public but it is highly doubtful that includes the PIN, the CVV2, the address or possibly even the name of the person. The NFC itself would implement challenge response so that wouldn't be much use either. It's not even obvious to me why point of sale terminals would even need to see what's on the magstripe but perhaps there is a reason. The obvious fix is if a payment card exposes this info then it should obfuscate it, or better yet not expose it at all. Whatever edge case requires it might not be a sufficient reason given any potential for theft.
With modern EMV capable NFC cards, the track 2 data is dynamic and generated every transaction based on an unpredictable number supplied by the terminal. You would not be able to replay a transaction unless your transaction was approved offline.
Maybe. Maybe not.
Remember that these chips are extremely low power low speed.
They have to perform usually a cryptograhic hash of some input they are passed with their secret key. The algorithm used is not a fully secure algorithm like what would be used in https, it's not NIST approved etc. They are custom algorithms designed to be done by a very simple processor very quickly and are orders of magnitude easier than AES or SHA.
All of the previous chips have so far been cracked after researchers studied the chip, and reverse engineered the encryption algorithm, which are then studied by cryptographers.
A huge part of the security is that no one except one company, actually knows the encryption algorithm and it's extremely difficult for anyone to figure it out, as they would have to somehow view and reverse engineer the silicon circuit by physical inspection.
Hmmmm why are none of these encryption attacks listed by the research team at Cambridge then? There are certainly attacks but none based on the cryptography that I know of. Do you have links? And you know that these smart cards have circuits designed for cryptography and that the latest chips actually do 2048 bit RSA encryption used by the terminal to validate that the card has not been cloned? But you're right, they can't even do basic 3DES or AES or even SHA on those cards...
I wouldn't be so sure. Disclaimer: this happens in France, I have no idea how the contactless ship is sailing anywhere else. But we have had chips for as long as I can remember, and contactless just got added recently. A bunch of people jumped on it: payment terminal slowly gets it, automated vending machines too. Of course, it is as secure as anywhere else (read: not) but that didn't stop the adoption. Thankfully by law banks are obligated to either provide a card without contactless payment or provide a way to disable it, but still it's growing. Now, they could probably change the contactless protocol to use the same protocol as actual contact payment, including PIN and EMV validation, but that would get in the way of usability, and between security and ease of use, it seems that even money isn't safe. We had a relatively secure thing: physically put the card in the reader, enter PIN. Takes a few seconds, opposed to... the few seconds it takes for contactless to kick in. But it's not shiny anymore I guess.
They do use EMV for contactless these days. The card data is dynamic and generated on each transaction based on the unpredictable number supplied by the terminal at the time of the transaction. The problem is that there is no one standard for contactless EMV. Each brand has a slightly different implementation and the certification process is a nightmare compared to contact. You can use online PIN validation of contactless transactions, too. That is up to the merchant or acquiring bank to enable through the terminal. You cannot use offline PIN with contactless, however. Contactless should be secure against replay attacks and cloning so long as the merchant processes the transaction online
Depends on the implementation of the online or physical check out. I've checked out recently online where the CVV was not required. I've also checked out at local businesses, usually very small shops, restaurants, or doctors offices, where they looked at and entered the CVV must likely because they were using a virtual terminal.
Amazon never asks for the CVV on a transaction. They assume extra risk by neglecting to ask for the CVV. There is no requirement per se, but there is a fraud liability shift if you do not ask for enough information to authenticate the user.