Geez, guys, where's your sense of adventure? I thought this was a place for hackers to gather. Instead I see a bunch of old fuddy-duddys going "why ever would you want to do that?" or "don't touch that, it might be important!" Hang your heads in shame.
Dude, I know nothing of hacking dishwasher micro controllers, but I think you went to the wrong place. Maybe the AARP forums might have more adventurous souls.
Your comments remind me of an old QA maxim: "We can only prove the existance of bugs - not the absense of them."
You invoke the magic buzzwords of "modular design" as if it were a new thing. It isn't. That concept is older - in practice, even - than the median user on/.. Edsger W. Dijkstra was one of the earliest proponents of such coding practices - you can find archives of his papers HERE and see for yourself.
Magic buzzwords can't prevent defects from occurring. QA can't find them all, no matter the budget or amount of time they spend on it. You can only minimize the effects of bugs and put procedures in place to deal with them, programatically and non-programatically.
Most likely you've heard from friends how great this "addictive" game is...
Then follows a three page essay of why I shouldn't trust my friends over this yahoo's bitter little screed.
For every one of these 'victims' that gets an article on/., there are thousands of people that actually DO have fun with the game.
Myself, I got bored with it and quit playing it. Now THERE is a novel idea! If you don't like it, don't play the damned thing!
Schadenfreude
on
Blogger Hacked
·
· Score: 2, Insightful
Well, gee, considering the average level of post here, I'm guessing (JUST a guess you understand) that Schadenfreude is about the only way some of these people can inflate thier tiny, shrivelled-up egos.
Any question of why people think geeks are losers can be answered for the most part by a quick scan of the postings in this story.
West Virginia. 20,000 people would have QUITE an impact there. Of course, you also have to deal with the terrain, lack of high tech infrastructure (my mom still had a rotary phone as recently as last year!), lack of high tech industry, etc.
OTOH, it's also some of the most beautiful country on the planet.
Waitaminit... the Starbucks Generation... in near-pristine forests... er.... fuck it, go to California, willya?
All OTHER things being equal, that has some merit. But just because some hack working out of his basement got a special on used military components doesn't mean he understands power systems at all. For all you know, he read this post and added a bunch of fishing weights in the bottom of the shell.
Power quality, capacity, and MTBF are the ONLY valid benchmarks IMO.
HOW MANY before it's worth the meaningless contents of your compact flash cards?
Even YOUR life is worth the contents of that flash card.
Not many people have 'make a fool out of myself before thousands of people and drag a few other people down with me' on thier to-do list, but by golly you managed!
-10 out of 10 for style to you,
-100 out of 10 to the/. staff for even posting the article. C'mon, guys, READ the damn thing first.
Some people view full body cavity searches as an opportunity, not a burden.
At any rate, your feeling of safety is irrlevant, what is important is results. And if it saved even one life, including the moron that submitted this whine disquised as a story, It would be worth it.
Hmm, I've always taken the ashes and combined them with lye and animal fat to make soap. I keep it in a small safe by the sink.
I bow to your greatness, O ObscureOne:-)
Re:I hate nationally syndicated stupidity
on
Gift Card Hacking
·
· Score: 2, Informative
Corrections to corrections::-)
[Card writers are] not that expensive. You can get one on e-Bay for around $300.
Well, that's handy to know if the one we use in the lab conks out:-)
There is a value encoded on the magnetic stripe of credit cards called the CVV (card verification value) that is generated cryptographically, plus additional cardholder information that is not printed on the face of the card. In order to encode a valid credit card magnetic stripe you either need to read the stripe off the card you're copying or you need access to the production systems used to create the cards.
Track 1 of the card contains the carholder name, and the CVV2 information is not on the card but part of the back-end processing at the network side of the things. There is obscured information within the card account number that provides anti-counterfieting information, but aside from that the reset of the track info is largely ignored at the POS device and is problematic on the credit network side of things. There is one value that specifies the processor, for example, but most that I've seen have the same value. Furthermore, Track I information is often ignored and USUALLY not required to process a credit card. Most networks favor Track II over Track I and some just can't process Track I at all. In other words, they're not too secure and there is CERTAINLY very little in the way of protection outside of CVV2 -- which isn't even globally supported by all networks. Before you mention AVS, it is only valid for manually keyed accounts, or internet purchases.
Yes but no. It's true their use is less restricted, but for that reason there are many other security measures applied, such as back-end systems that check for uncharacteristic buying patterns. Also, the consumer is pretty safe from credit card fraud, since your liability is limited to $50.
The back-end processing protection is usually after the fact, and a clever thief would probably not be establishing a pattern, anyway. Of course, 'smart thief' is often an oxymoron:-)
Some [allow cash out], most don't. The reason is that many stores that sell gift cards use exactly the same technology for provided card-based in-store credits. When you return some merchandise without a receipt, they don't want to give you your money back (otherwise you could do a tidy business buying from mail order and "returning" to the more expensive place) so instead they give you a card. Allowing you to cash out the card would defeat the purpose.
Careful review will indicate that I was talking about the card processing networks themselves, not the individual merchant policies. Providing a gift card for a refund is a merchant policy (and a foolish one, whatever happened to 'no receipt, no return' anyway?). The capability is there, and it's perfectly reasonable to expect to get your money's worth out of it. We'll see how that court case goes, hopefully on the side of the consumer.
At home, carefully cut up each digit individually using a pair of scissors, separate the piles into several seperate trash bins somewhere downtown, the more blocks apart the better.
Oh, that's just too easy. You skipped a couple of steps. Fist, after cutting up the individual digits, you should burn them, stomp on the ashes, and distribute the ashes over the Canadian Rockies from an airplane.
Sheesh... Why, oh why, do we need a law to protect people from doing stupid things?
Because most people aren't braniacs like you and I, I suppose.
I hate nationally syndicated stupidity
on
Gift Card Hacking
·
· Score: 4, Informative
By way of boda fides, I work for a POS (point of sale) vendor that just happens to support the processing of said gift / stored value cards. As a result I have had to become very familiar with the mechanics of the whole thing.
So, a few comments:
Despite what MSNBC would tell you, Debit cards are not protected from theft by a lack of visible account number. Rather they are protected by encrypted PIN.
Despite what MSNBC would tell you, you can buy card writing equipment without going to the black market. They are perfectly legal. They just cost BIG bucks, and that's why most people don't have one:-)
The theft method described to lift account numbers is no different than what is done with credit cards, except in the case of the latter you have to work harder to get a valid account number. Anyone with a card writer WOULD know how to do that, trust me.
Credit cards are a far greater risk because they are unrestricted in where they may be used, unlike gift cards.
Be aware that most gift card processors allow for the process of 'cashing out' the card. Provided the store allows, there's no reason that there would be unclaimed cash left on the card. Of course, those merchants that do NOT allow cash-out are the ones to be concerned with.
An easy way out would be to put two account numbers with every card
Do you realize how difficult this would be to implement? We're not talking about a cottage industry here, we're talking about dozens of companys for processing, dozens for the POS systems used, hundreds of actual merchants... sure, if we were redesigning our financial infrastructure from scratch I would be all in favor of cards with NO real account on the face, smart chips, and encrypted PINs for ALL transactions. but it ain't gonna happen this decade.
Re:Why not just assign PINs at purchase?
on
Gift Card Hacking
·
· Score: 1
Why not just assign a PIN number, stored in the store computer, not on the card, when the card is bought and charged?
Because a secure PIN requires encryption devices on one end and decruption devices on another.
But, good point on the PIN, if you HAVE a debit card, take the Gift Card and 'cash it out' immediately, then deposit the cash into your bank account. Viola, your money is as secure as your paycheck:-)
The account number was on the magstrip of the card, was printed on the card, but was _also_ printed on the gift receipt that came with the card.
Which is EXACTLY why several states, California foremost among them, have begun to implement consumer protection laws that require that the receipt NOT display the account number and/or the expiry date (depending on the state). I believe in the case of California, it goes into effect on Jan 1 2002.
My company's ready. I wonder how many other POS vendors aren't?:-)
At any rate, it is the store's responsibility to comply, by using compliant POS software. Since it is easier to implement across the board than on a state by state basis, I presume that if a vendor has fixed it for CA, they will be prepared for the other states, too.
Outside the US is not something I'm familiar with.
You claim Verant should have done more testing before release. You have no idea now many variations of motherboards, chipsets, video cards, sound cards, network connections, and whatnot there are.
Apparently Verant managed to pull off the fluke of the century and found the only beta testers in the world that had nothing like what was being used by the customer base. Effective beta testing next time will be easy: poll these people for hardwar configurations... and then only take beta testers that DON'T have that configuration.
Women's Rights, Human Rights, Children's Rights, these are all worthy and important issues. They all have on thing in common: they need freedom to make progress
On the flip side, we need Women, Humans, and Children for Freedom to be relevant.
Methinks the defense of EFF is a bit too strident. But what the hey, they were all worthy.
If it weren't for Carl, I'd've given up on REBOL three years ago. Not that I'm anywhere close to accepting it NOW, either. Carl's just bought it something close to tolerance from a few of us.
Surely you can't be that naive? Quake3 is one of the most widely used informal benchmarks out there. Tweaking the code so that it works better for an executable NAMED QUAKE3.EXE could alter quite a few reviews that are by the numbers, thus (IMO dishonestly) bringing in a few more suckers^H^H^H^H customers.
Slashdot Mirror
Geez, guys, where's your sense of adventure? I thought this was a place for hackers to gather. Instead I see a bunch of old fuddy-duddys going "why ever would you want to do that?" or "don't touch that, it might be important!" Hang your heads in shame.
Dude, I know nothing of hacking dishwasher micro controllers, but I think you went to the wrong place. Maybe the AARP forums might have more adventurous souls.
You probably don't realize it, but UL certification isn't a federal requirement. So ask Sony why they want the UL seal if it bothers you.
Your comments remind me of an old QA maxim: "We can only prove the existance of bugs - not the absense of them."
/.. Edsger W. Dijkstra was one of the earliest proponents of such coding practices - you can find archives of his papers HERE and see for yourself.
You invoke the magic buzzwords of "modular design" as if it were a new thing. It isn't. That concept is older - in practice, even - than the median user on
Magic buzzwords can't prevent defects from occurring. QA can't find them all, no matter the budget or amount of time they spend on it. You can only minimize the effects of bugs and put procedures in place to deal with them, programatically and non-programatically.
"Our software contains no known undetected bugs."
Then follows a three page essay of why I shouldn't trust my friends over this yahoo's bitter little screed.
For every one of these 'victims' that gets an article on
Myself, I got bored with it and quit playing it. Now THERE is a novel idea! If you don't like it, don't play the damned thing!
Well, gee, considering the average level of post here, I'm guessing (JUST a guess you understand) that Schadenfreude is about the only way some of these people can inflate thier tiny, shrivelled-up egos.
Any question of why people think geeks are losers can be answered for the most part by a quick scan of the postings in this story.
West Virginia. 20,000 people would have QUITE an impact there. Of course, you also have to deal with the terrain, lack of high tech infrastructure (my mom still had a rotary phone as recently as last year!), lack of high tech industry, etc.
... the Starbucks Generation ... in near-pristine forests ... er.... fuck it, go to California, willya?
OTOH, it's also some of the most beautiful country on the planet.
Waitaminit
Well, whoop-dee-doo.
Shatner, on SNL.
Solar eclipse tonight? Well, I suppose it's always night somewhere but I get a grin from it anyway... :-)
All OTHER things being equal, that has some merit. But just because some hack working out of his basement got a special on used military components doesn't mean he understands power systems at all. For all you know, he read this post and added a bunch of fishing weights in the bottom of the shell.
Power quality, capacity, and MTBF are the ONLY valid benchmarks IMO.
I'm dying to know who this is since it sounds SO familiar compared to someone I know (and might have info about)
Only five people?
/. staff for even posting the article. C'mon, guys, READ the damn thing first.
HOW MANY before it's worth the meaningless contents of your compact flash cards?
Even YOUR life is worth the contents of that flash card.
Not many people have 'make a fool out of myself before thousands of people and drag a few other people down with me' on thier to-do list, but by golly you managed!
-10 out of 10 for style to you,
-100 out of 10 to the
Some people view full body cavity searches as an opportunity, not a burden.
At any rate, your feeling of safety is irrlevant, what is important is results. And if it saved even one life, including the moron that submitted this whine disquised as a story, It would be worth it.
Hmm, I've always taken the ashes and combined them with lye and animal fat to make soap. I keep it in a small safe by the sink.
:-)
I bow to your greatness, O ObscureOne
Corrections to corrections: :-)
:-)
:-)
[Card writers are] not that expensive. You can get one on e-Bay for around $300.
Well, that's handy to know if the one we use in the lab conks out
There is a value encoded on the magnetic stripe of credit cards called the CVV (card verification value) that is generated cryptographically, plus additional cardholder information that is not printed on the face of the card. In order to encode a valid credit card magnetic stripe you either need to read the stripe off the card you're copying or you need access to the production systems used to create the cards.
Track 1 of the card contains the carholder name, and the CVV2 information is not on the card but part of the back-end processing at the network side of the things. There is obscured information within the card account number that provides anti-counterfieting information, but aside from that the reset of the track info is largely ignored at the POS device and is problematic on the credit network side of things. There is one value that specifies the processor, for example, but most that I've seen have the same value. Furthermore, Track I information is often ignored and USUALLY not required to process a credit card. Most networks favor Track II over Track I and some just can't process Track I at all. In other words, they're not too secure and there is CERTAINLY very little in the way of protection outside of CVV2 -- which isn't even globally supported by all networks. Before you mention AVS, it is only valid for manually keyed accounts, or internet purchases.
Yes but no. It's true their use is less restricted, but for that reason there are many other security measures applied, such as back-end systems that check for uncharacteristic buying patterns. Also, the consumer is pretty safe from credit card fraud, since your liability is limited to $50.
The back-end processing protection is usually after the fact, and a clever thief would probably not be establishing a pattern, anyway. Of course, 'smart thief' is often an oxymoron
Some [allow cash out], most don't. The reason is that many stores that sell gift cards use exactly the same technology for provided card-based in-store credits. When you return some merchandise without a receipt, they don't want to give you your money back (otherwise you could do a tidy business buying from mail order and "returning" to the more expensive place) so instead they give you a card. Allowing you to cash out the card would defeat the purpose.
Careful review will indicate that I was talking about the card processing networks themselves, not the individual merchant policies. Providing a gift card for a refund is a merchant policy (and a foolish one, whatever happened to 'no receipt, no return' anyway?). The capability is there, and it's perfectly reasonable to expect to get your money's worth out of it. We'll see how that court case goes, hopefully on the side of the consumer.
At home, carefully cut up each digit individually using a pair of scissors, separate the piles into several seperate trash bins somewhere downtown, the more blocks apart the better.
Oh, that's just too easy. You skipped a couple of steps. Fist, after cutting up the individual digits, you should burn them, stomp on the ashes, and distribute the ashes over the Canadian Rockies from an airplane.
:-)
Sheesh... Why, oh why, do we need a law to protect people from doing stupid things?
Because most people aren't braniacs like you and I, I suppose.
So, a few comments:
Slow news day, plain and simple.
An easy way out would be to put two account numbers with every card
... sure, if we were redesigning our financial infrastructure from scratch I would be all in favor of cards with NO real account on the face, smart chips, and encrypted PINs for ALL transactions. but it ain't gonna happen this decade.
Do you realize how difficult this would be to implement? We're not talking about a cottage industry here, we're talking about dozens of companys for processing, dozens for the POS systems used, hundreds of actual merchants
Why not just assign a PIN number, stored in the store computer, not on the card, when the card is bought and charged?
:-)
Because a secure PIN requires encryption devices on one end and decruption devices on another.
But, good point on the PIN, if you HAVE a debit card, take the Gift Card and 'cash it out' immediately, then deposit the cash into your bank account. Viola, your money is as secure as your paycheck
Which is EXACTLY why several states, California foremost among them, have begun to implement consumer protection laws that require that the receipt NOT display the account number and/or the expiry date (depending on the state). I believe in the case of California, it goes into effect on Jan 1 2002.
My company's ready. I wonder how many other POS vendors aren't?
At any rate, it is the store's responsibility to comply, by using compliant POS software. Since it is easier to implement across the board than on a state by state basis, I presume that if a vendor has fixed it for CA, they will be prepared for the other states, too.
Outside the US is not something I'm familiar with.
Apparently Verant managed to pull off the fluke of the century and found the only beta testers in the world that had nothing like what was being used by the customer base. Effective beta testing next time will be easy: poll these people for hardwar configurations
On the flip side, we need Women, Humans, and Children for Freedom to be relevant.
Methinks the defense of EFF is a bit too strident. But what the hey, they were all worthy.
If it weren't for Carl, I'd've given up on REBOL three years ago. Not that I'm anywhere close to accepting it NOW, either. Carl's just bought it something close to tolerance from a few of us.
We're kinda waiting to see it when it's done.
Surely you can't be that naive? Quake3 is one of the most widely used informal benchmarks out there. Tweaking the code so that it works better for an executable NAMED QUAKE3.EXE could alter quite a few reviews that are by the numbers, thus (IMO dishonestly) bringing in a few more suckers^H^H^H^H customers.
"Find a job that lets you do something you like, and you'll never work a day in your life."
So if working the tech industry isn't something you enjoy, you might consider the academic community or something.
OR, alternatively, you might consider working for Mattel or whoever, testing Nerf rockets. I mean, if that's what you enjoy.