So call your credit card company and dispute the charge. By law the credit card company has to cancel it. But here's the really good part: the company that made the charge is issued a "chargeback" and has to pay a fee for it the same as if they had bounced a check.
A decade or so ago, I got an AT&T wireless phone from via my Dad on a special deal that he was qualified for. Then in 2004 I got a Blackberry directly. I signed up for the automatic credit card payment for the blackberry and everything was transferred fine to Cingular when they bought AT&T wireless. So far so good.
I asked Cingular to move my Dad's account to mine. They did. But they didn't debit my credit card. So the bill racked up and they eventually referred that phone to collections... even though the other phone on the same account kept getting automatically paid on time.
The other 70% of the time, the customer becomes infuriated, doesn't understand, and usually screams a few cuss words or an insult, and hangs up.
Seems pretty straightforward to me: Its simple fraud. Instead of transferring the existing annual plan as directed, you start the clock over on a new annual plan.
That should be easy enough. Rip the GUI off openoffice and build a web-based front-end.
The eBay of Product Placement
The only trick to this one is building a tech-driven company when everything except the hollywood exec insider contacts are a commodity. Put a hollywood exec in charge and he'll foul it up the same way the airline execs fouled up their spare parts auction company. I don't want to say they're stupid, so let me instead say that they're "not the right kind of smart." If you can somehow keep the tech guy in charge without bruising the critical hollywood exec's ego, this company should be a snap.
The Social Marketplace
The micropayment systems required here have withered on the vine. Micropayments will actually happen when some major credit card vendor (like Chase) revamps their accounting system so it can inexpensively handle sub-cent transactions and then throws the door open to all cardmembers to send and receive small payments via their existing visa/mastercard account.
If I agree to sell you my house for $20, I can't come back later and claim fraud.
Actually, you can. And you can even win the point in court. You basically say, "Your honor, there's no reasonable way I could have agreed to sell my house for $20. This was not intended to be a gift and comperable homes are worth $500,000. The contract is unconscionable and should be voided."
The court then agrees that the contract is unconscionable and voids the sale.
There is a famous case involving a cow that was supposed to be sterile but had a calf a few months after the purchase. I forget the name of it. The seller thought he was selling a sterile cow and priced it accordingly. When he found out it wasn't, he asked for more money. When the buyer refused saying, "Hey, I thought the cow was sterile too. Tough luck." So the seller sued and won.
One thing to understand: its not 9 cents per kwh. You pay the entire $9k up front in 2006 dollars but you get the power back over a 20-year lifespan... In 2007 dollars, 2015 dollars and 2026 dollars... Which even at 5% annual inflation are worth less than half of what 2006 dollars are.
Another: almost nothing with moving parts runs 20 years without maintenance. What will the maintenance on your windmill cost in terms of both dollars and time (which is dollars times your expected hourly wage).
Buy a book of prior tests. That may be harder than it sounds -- If the book doesn't claim to contain questions from prior tests then it doesn't. Lots of folks produce practice test books filled with questions from distinguished professors that never were and never will be asked on a real SAT. Take it from a guy who scored well: they're not the same. They're not even close. You need a book of tests composed from questions actually asked on prior SATs.
Also you'll need a recent book because the SAT changed radically just a few years ago.
Anyway, buy the book, take one test untimed and two more timed. That'll give you both a feel for the questions, some idea how much time to allocate to a question before skipping it and moving on and an approximate idea how you'll score on the real thing.
That's it. You're done. The SAT is an APTITUDE test, not an achievement test. You can "study" until you can't take it anymore but its unlikely to improve your score by more than a few points.
You are correct. Almost no modern hard drive should be warmer than luke-warm while running (or immediately after being turned off). If it is, your case has inadequate cooling and your drive will die soon. Not might; will.
Have you read the MTBF rating on that 200 gb Seagate drive? They claim 600,000 hours. That's like 70 years of continuous operation. "Mean" time between failure; that means that half of those drives should still work after 70 years.
Is there anyone out there who owns a hard drive they seriously expect to be in operational condition 70 years from now? Anyone?
Its like Tobacco's claims that their product was safe in the face of blatently obvious proof that it wasn't. Someone should file a class-action.
I look at it and say, "It's a 50MB installer. If I have a conversion rate of 1%, I've got 5 gigs of data traffic, which costs me a buck, per sale. At ten bucks, that's a big chunk of my margin."
A buck a sale for the download sounds suspicious. Lets take a closer look.
First, I assume they're hosted in a data center some where and have purchased the cheapest commercial bandwidth available (Cogent: $10/mbps). They could be hosted with MCI ($350/mbps) but I doubt it.
Now, that $10/mbps is based on the "95th percentile measurement." That works just like taking a median except you take it at 95% instead of 50%. We can't assume that their cost would be the cost of transmitting files at a fixed rate continuously 24 hours a day but we can get a rough estimate by assuming they transmit at a flat rate 12 hours a day. That'll be accurate plus or minus 50% and in a few moments you'll see why plus or minus 50% is damn near nothing.
So, they have to send 5 gigabytes to make a sale. That's suspicious too but I'll come back to that. 5 gigabytes = 40 gigabits plus about 10% overhead is 44 gbits. Divide by 30 days in a month, 12 hours a day, 60 minutes an hour, 60 seconds per minute. 0.033 mbps. Times $10 per mbps is 33 cents. Add 50% for our error estimate and you're talking half a buck.
5 gigabytes is suspicious too. With this supposed 50 mb installer, you're saying they have to let 100 folks download the game to make 1 sale.
First, why would download the installer to someone who hadn't paid you? Okay, maybe you want to give them some demo levels to get them hooked. Fair enough.
Second, do you seriously think that 99 people are going to wait through a 50 meg download for an obsolete game and then walk away for every 1 person that actually buys it? Bull! The folks who don't intend to buy it will get the cracked version off bittorrent. The conversion rate on the web site will be 10% or better and the price of bandwidth keeps dropping. Now you're talking around 5 cents per sale and falling.
I didn't say the Census Bureau failed to keep proper records. I said that the Department of Commerce failed to keep proper records. All the Census Bureau equipment (all the way down to pagers) has DOC asset tags and the DOC tracks it with an inane annual inventory. Yes, that's right, more than 10,000 employees and every year a team of people goes around and collects the asset tag numbers from every single computer. Your tax dollars at work.
I used to work at the Census Bureau. I didn't see anything like this in the IT groups -- they were pretty sharp. More likely this is a recordkeeping problem at Commerce where obsolete laptops were returned, properly disposed of and recorded correctly at the Census bureau but the knowledge didn't make it in to DOC records. It wouldn't be the first time.
Of course, this is a mildly uninformed opinion. I haven't worked at Census for a while and I had nothing to do with laptops when I did. I'm just saying there's something fishy with the notion that Census lost a thousand laptops. I don't buy it.
Besides, excluding the decennial survey-takers (temporary employees during the decennial census) there aren't than many people at the census bureau with government-issued laptops. Everyone would have had to disappear one laptop and some folks would have had to disappear two.
Satellite Internet talks to a (you guessed it) Satellite in geostationary orbit. Geostationary orbit is roughly 3.6 x 10^7 meters from the surface of the earth. Before your packets can join the rest of the internet, they have to go up to the satellite and back down. When they come back from the server, they have to go up to the satellite and back down again. Now you're talking 1.44 x 10^8 meters that a packet has to travel (round trip).
Light speed is roughly 3.0 x 10^8 meters per second. So, in your best case scenario it takes 1/2 of a second for a packet to go from your computer to the Internet and for the server to send a response packet back. That's your best case scenario. The typical case is more because of other slowness issues on the 'net and because your dish probably has to wait for an authorized send window rather than sending immediately.
Have you considered an ISDN BRI? Yes, its fallen out of favor but its widely available, it offers 128kbps instead of a 56k modem's 40kbps and it offers about a 30ms latency instead of a modem's 150 ms. Virtually all dialup providers support ISDN calls since they have to buy ISDN PRIs to operate as the head-end of a 56k modem call.
This is a little like saying: "If you had to give up either food or water which would you give up?" Gee, I can live a couple weeks longer without food than without water so I'll give up food!
Okay, maybe that's a little melodramatic. This is a little like saying: "If you had to choose, would you give up buying food and only grow/raise your own or would you give up any form of transportation faster than a horse?"
There's no point in even considering the question. As a practical matter, any civilization shift which requires one of the choices also requires the other.
And perhaps that is the point: in less than two decades email and the web have become as central to our society as the phone, the car and the grocery store.
Bank payments associated with Phishing is by definition a transaction against the account by an unauthorized third party. A theft. I put my money in the bank to keep it safe from theft. I shouldn't have to put it in my mattress.
If someone tricks me into authorizing a transaction that's my problem. If someone tricks my bank into making an unauthorized transaction its theirs whether the theif has stolen passcodes or not.
There isn't a lot of credit card fraud any more. That didn't happen by accident: Congress passed a law making the banks responsible for unauthorized charges so they spent a lot of money building very sophisiticated systems to prevent that fraud. Why should the banks be held to a lower standard for my deposit accounts?
Been doing that since '92. Sudo is also applicable.
Irrelevant to this problem. Understand the scenarios:
A) fsck has failed during a boot. The machine wants the password for "root" in order to continue. B) Appliance like an APC masterswitch or an Ironport A60 supports only one password.
How does any of that help me put the root password for a boot-time fsck in the hands of the sysadmin at the console without everyone having to learn a new password every time someone leaves?
I'm not interested in a theoretical information security construct that shows how security could be implemented well. I'm interested in solving the problem I actually have with the systems and equipment that I actually have.
I have minimal control over how much of the individual pieces of equipment are implemented. They do what they do and I have to integrate that into a working system. A solution which fails to honor that constraint is no solution at all.
Seems to me absence of a line-oriented programming language is meaningless. The real issues are several:
1. The OS that came with your PC (Windows) doesn't include ANY programming language at all, line oriented or otherwise.
2. Today's entry-level computing experience is graphical/windowing oriented, not text oriented. Typing text in an editor (line oriented or otherwise) is not the next natural step for a kid who wants to make the computer do a little more than what his commercial programs already do.
3. When you're a kid, the very first program you want to write is a game. If you can't impress your friends with your very own game, why bother? A Pacmanish game using the text character set was pretty easy to write in basic. Even a rudimentary first person shooter is quite a bit more difficult.
As far as I'm concerned (and It's an informed opinion), shared passwords are BAD.
As far as I'm concerned, you're right. Now, try setting up multiple accounts on an old APC masterswitch, multiple enable secrets on a cisco switch and setting up your unix box to allow multiple accounts to perform an fsck during a unix boot failure.
We live in a practical world man.
Set up RADIUS/TACACS+ for authentication for all your network devices. [...] password lookups by LDAP
Sure, because putting administrative access control for critical network infrastructure behind two layers of complex servers is a winning strategy.
Like me, he probably needs some way to make rarely-used passwords accessible to the staff who need them along with a record of which of those rarely used passwords have to be changed when an employee leaves.
For example, I have switches, routers, PDUs, servers, etc. On the servers I have root passwords, database passwords and so on. The sysadmins need the root password to do a fsck on bootup but that's about it. The rest of the time they use sudo with their own password. The application guys need the database root password once in a while, but only to their servers.
It would be awfully darn convenient if I could say, "Here's a URL and your password to the password keeper. Every password you should have access to is there." Then when an employee leaves I could go to the same password keeper and say, "Show me every password this individual accessed so I know which ones to change."
It would also be very convenient if when my sysadmins finished a new server they had somewhere to log the password in so that the next guy who needed to do an fsck knew where to find it.
Of course, we could just use the same password on everything... But then we're S outa luck when the app guy needs the password to two servers and nothing else.
He's talking about a server drive so I assume he means SCSI. Most of the failed scsi drives I've worked with where the board itself was still good report themselves on the scsi chain with a size of 0. If that is his situation, then you're right: he won't be able to zero-write it.
Slashdot Mirror
So call your credit card company and dispute the charge. By law the credit card company has to cancel it. But here's the really good part: the company that made the charge is issued a "chargeback" and has to pay a fee for it the same as if they had bounced a check.
They're bad too.
A decade or so ago, I got an AT&T wireless phone from via my Dad on a special deal that he was qualified for. Then in 2004 I got a Blackberry directly. I signed up for the automatic credit card payment for the blackberry and everything was transferred fine to Cingular when they bought AT&T wireless. So far so good.
I asked Cingular to move my Dad's account to mine. They did. But they didn't debit my credit card. So the bill racked up and they eventually referred that phone to collections... even though the other phone on the same account kept getting automatically paid on time.
The other 70% of the time, the customer becomes infuriated, doesn't understand, and usually screams a few cuss words or an insult, and hangs up.
Seems pretty straightforward to me: Its simple fraud. Instead of transferring the existing annual plan as directed, you start the clock over on a new annual plan.
Spreadsheets That Truly Excel
That should be easy enough. Rip the GUI off openoffice and build a web-based front-end.
The eBay of Product Placement
The only trick to this one is building a tech-driven company when everything except the hollywood exec insider contacts are a commodity. Put a hollywood exec in charge and he'll foul it up the same way the airline execs fouled up their spare parts auction company. I don't want to say they're stupid, so let me instead say that they're "not the right kind of smart." If you can somehow keep the tech guy in charge without bruising the critical hollywood exec's ego, this company should be a snap.
The Social Marketplace
The micropayment systems required here have withered on the vine. Micropayments will actually happen when some major credit card vendor (like Chase) revamps their accounting system so it can inexpensively handle sub-cent transactions and then throws the door open to all cardmembers to send and receive small payments via their existing visa/mastercard account.
It was Sherwood v. Walker
o dvwalker.htme nt/sherwood_v_walker.htm
http://lawschool.mikeshecket.com/contracts/sherwo
http://www.law.pitt.edu/madison/contracts/supplem
There is some more discussion of the topic in general at:
http://islandia.law.yale.edu/ayres/mutual.htm
If I agree to sell you my house for $20, I can't come back later and claim fraud.
Actually, you can. And you can even win the point in court. You basically say, "Your honor, there's no reasonable way I could have agreed to sell my house for $20. This was not intended to be a gift and comperable homes are worth $500,000. The contract is unconscionable and should be voided."
The court then agrees that the contract is unconscionable and voids the sale.
There is a famous case involving a cow that was supposed to be sterile but had a calf a few months after the purchase. I forget the name of it. The seller thought he was selling a sterile cow and priced it accordingly. When he found out it wasn't, he asked for more money. When the buyer refused saying, "Hey, I thought the cow was sterile too. Tough luck." So the seller sued and won.
One thing to understand: its not 9 cents per kwh. You pay the entire $9k up front in 2006 dollars but you get the power back over a 20-year lifespan... In 2007 dollars, 2015 dollars and 2026 dollars... Which even at 5% annual inflation are worth less than half of what 2006 dollars are.
Another: almost nothing with moving parts runs 20 years without maintenance. What will the maintenance on your windmill cost in terms of both dollars and time (which is dollars times your expected hourly wage).
Buy a book of prior tests. That may be harder than it sounds -- If the book doesn't claim to contain questions from prior tests then it doesn't. Lots of folks produce practice test books filled with questions from distinguished professors that never were and never will be asked on a real SAT. Take it from a guy who scored well: they're not the same. They're not even close. You need a book of tests composed from questions actually asked on prior SATs.
Also you'll need a recent book because the SAT changed radically just a few years ago.
Anyway, buy the book, take one test untimed and two more timed. That'll give you both a feel for the questions, some idea how much time to allocate to a question before skipping it and moving on and an approximate idea how you'll score on the real thing.
That's it. You're done. The SAT is an APTITUDE test, not an achievement test. You can "study" until you can't take it anymore but its unlikely to improve your score by more than a few points.
And they can be yours for the low, low price of SIX THOUSAND DOLLARS.
I'm thinkin' Home Depot + Pine + Minwax.
Before you buy check out the MTBF on the various models of drive. Some differ significantly.
The Seagate drive the poster refers to has a published MTBF of 600,000 hours, almost 70 years. MTBF numbers are baloney.
You are correct. Almost no modern hard drive should be warmer than luke-warm while running (or immediately after being turned off). If it is, your case has inadequate cooling and your drive will die soon. Not might; will.
Have you read the MTBF rating on that 200 gb Seagate drive? They claim 600,000 hours. That's like 70 years of continuous operation. "Mean" time between failure; that means that half of those drives should still work after 70 years.
Is there anyone out there who owns a hard drive they seriously expect to be in operational condition 70 years from now? Anyone?
Its like Tobacco's claims that their product was safe in the face of blatently obvious proof that it wasn't. Someone should file a class-action.
I look at it and say, "It's a 50MB installer. If I have a conversion rate of 1%, I've got 5 gigs of data traffic, which costs me a buck, per sale. At ten bucks, that's a big chunk of my margin."
A buck a sale for the download sounds suspicious. Lets take a closer look.
First, I assume they're hosted in a data center some where and have purchased the cheapest commercial bandwidth available (Cogent: $10/mbps). They could be hosted with MCI ($350/mbps) but I doubt it.
Now, that $10/mbps is based on the "95th percentile measurement." That works just like taking a median except you take it at 95% instead of 50%. We can't assume that their cost would be the cost of transmitting files at a fixed rate continuously 24 hours a day but we can get a rough estimate by assuming they transmit at a flat rate 12 hours a day. That'll be accurate plus or minus 50% and in a few moments you'll see why plus or minus 50% is damn near nothing.
So, they have to send 5 gigabytes to make a sale. That's suspicious too but I'll come back to that. 5 gigabytes = 40 gigabits plus about 10% overhead is 44 gbits. Divide by 30 days in a month, 12 hours a day, 60 minutes an hour, 60 seconds per minute. 0.033 mbps. Times $10 per mbps is 33 cents. Add 50% for our error estimate and you're talking half a buck.
5 gigabytes is suspicious too. With this supposed 50 mb installer, you're saying they have to let 100 folks download the game to make 1 sale.
First, why would download the installer to someone who hadn't paid you? Okay, maybe you want to give them some demo levels to get them hooked. Fair enough.
Second, do you seriously think that 99 people are going to wait through a 50 meg download for an obsolete game and then walk away for every 1 person that actually buys it? Bull! The folks who don't intend to buy it will get the cracked version off bittorrent. The conversion rate on the web site will be 10% or better and the price of bandwidth keeps dropping. Now you're talking around 5 cents per sale and falling.
If you have a small enough number of patches (fewer than 200) use color electrical tape instead. Its much easier to see and it looks nice too.
I didn't say the Census Bureau failed to keep proper records. I said that the Department of Commerce failed to keep proper records. All the Census Bureau equipment (all the way down to pagers) has DOC asset tags and the DOC tracks it with an inane annual inventory. Yes, that's right, more than 10,000 employees and every year a team of people goes around and collects the asset tag numbers from every single computer. Your tax dollars at work.
I used to work at the Census Bureau. I didn't see anything like this in the IT groups -- they were pretty sharp. More likely this is a recordkeeping problem at Commerce where obsolete laptops were returned, properly disposed of and recorded correctly at the Census bureau but the knowledge didn't make it in to DOC records. It wouldn't be the first time.
Of course, this is a mildly uninformed opinion. I haven't worked at Census for a while and I had nothing to do with laptops when I did. I'm just saying there's something fishy with the notion that Census lost a thousand laptops. I don't buy it.
Besides, excluding the decennial survey-takers (temporary employees during the decennial census) there aren't than many people at the census bureau with government-issued laptops. Everyone would have had to disappear one laptop and some folks would have had to disappear two.
Satellite Internet talks to a (you guessed it) Satellite in geostationary orbit. Geostationary orbit is roughly 3.6 x 10^7 meters from the surface of the earth. Before your packets can join the rest of the internet, they have to go up to the satellite and back down. When they come back from the server, they have to go up to the satellite and back down again. Now you're talking 1.44 x 10^8 meters that a packet has to travel (round trip).
Light speed is roughly 3.0 x 10^8 meters per second. So, in your best case scenario it takes 1/2 of a second for a packet to go from your computer to the Internet and for the server to send a response packet back. That's your best case scenario. The typical case is more because of other slowness issues on the 'net and because your dish probably has to wait for an authorized send window rather than sending immediately.
Have you considered an ISDN BRI? Yes, its fallen out of favor but its widely available, it offers 128kbps instead of a 56k modem's 40kbps and it offers about a 30ms latency instead of a modem's 150 ms. Virtually all dialup providers support ISDN calls since they have to buy ISDN PRIs to operate as the head-end of a 56k modem call.
This is a little like saying: "If you had to give up either food or water which would you give up?" Gee, I can live a couple weeks longer without food than without water so I'll give up food!
Okay, maybe that's a little melodramatic. This is a little like saying: "If you had to choose, would you give up buying food and only grow/raise your own or would you give up any form of transportation faster than a horse?"
There's no point in even considering the question. As a practical matter, any civilization shift which requires one of the choices also requires the other.
And perhaps that is the point: in less than two decades email and the web have become as central to our society as the phone, the car and the grocery store.
Bank payments associated with Phishing is by definition a transaction against the account by an unauthorized third party. A theft. I put my money in the bank to keep it safe from theft. I shouldn't have to put it in my mattress.
If someone tricks me into authorizing a transaction that's my problem. If someone tricks my bank into making an unauthorized transaction its theirs whether the theif has stolen passcodes or not.
There isn't a lot of credit card fraud any more. That didn't happen by accident: Congress passed a law making the banks responsible for unauthorized charges so they spent a lot of money building very sophisiticated systems to prevent that fraud. Why should the banks be held to a lower standard for my deposit accounts?
Been doing that since '92. Sudo is also applicable.
Irrelevant to this problem. Understand the scenarios:
A) fsck has failed during a boot. The machine wants the password for "root" in order to continue.
B) Appliance like an APC masterswitch or an Ironport A60 supports only one password.
How does any of that help me put the root password for a boot-time fsck in the hands of the sysadmin at the console without everyone having to learn a new password every time someone leaves?
I'm not interested in a theoretical information security construct that shows how security could be implemented well. I'm interested in solving the problem I actually have with the systems and equipment that I actually have.
I have minimal control over how much of the individual pieces of equipment are implemented. They do what they do and I have to integrate that into a working system. A solution which fails to honor that constraint is no solution at all.
Seems to me absence of a line-oriented programming language is meaningless. The real issues are several:
1. The OS that came with your PC (Windows) doesn't include ANY programming language at all, line oriented or otherwise.
2. Today's entry-level computing experience is graphical/windowing oriented, not text oriented. Typing text in an editor (line oriented or otherwise) is not the next natural step for a kid who wants to make the computer do a little more than what his commercial programs already do.
3. When you're a kid, the very first program you want to write is a game. If you can't impress your friends with your very own game, why bother? A Pacmanish game using the text character set was pretty easy to write in basic. Even a rudimentary first person shooter is quite a bit more difficult.
As far as I'm concerned (and It's an informed opinion), shared passwords are BAD.
As far as I'm concerned, you're right. Now, try setting up multiple accounts on an old APC masterswitch, multiple enable secrets on a cisco switch and setting up your unix box to allow multiple accounts to perform an fsck during a unix boot failure.
We live in a practical world man.
Set up RADIUS/TACACS+ for authentication for all your network devices. [...] password lookups by LDAP
Sure, because putting administrative access control for critical network infrastructure behind two layers of complex servers is a winning strategy.
Like me, he probably needs some way to make rarely-used passwords accessible to the staff who need them along with a record of which of those rarely used passwords have to be changed when an employee leaves.
For example, I have switches, routers, PDUs, servers, etc. On the servers I have root passwords, database passwords and so on. The sysadmins need the root password to do a fsck on bootup but that's about it. The rest of the time they use sudo with their own password. The application guys need the database root password once in a while, but only to their servers.
It would be awfully darn convenient if I could say, "Here's a URL and your password to the password keeper. Every password you should have access to is there." Then when an employee leaves I could go to the same password keeper and say, "Show me every password this individual accessed so I know which ones to change."
It would also be very convenient if when my sysadmins finished a new server they had somewhere to log the password in so that the next guy who needed to do an fsck knew where to find it.
Of course, we could just use the same password on everything... But then we're S outa luck when the app guy needs the password to two servers and nothing else.
it won't pass its little power-on-self-test.
He's talking about a server drive so I assume he means SCSI. Most of the failed scsi drives I've worked with where the board itself was still good report themselves on the scsi chain with a size of 0. If that is his situation, then you're right: he won't be able to zero-write it.