Great to see it gets some hard proof!..or DO each of us drive 400hp cars? No? Why not? If we can't live without 2.8GHz, why should we "punish" ourselves with cars below 100hp?
Well I bought a 350hp car because I didn't see that it was worth waiting a year on the waiting list to be able to buy the supercharged version.
However I do notice that many of my neighbors have cars with equivalent capacity (4 litre or above) but give only half the power and less than half the mpg.
I just upgraded my son's computer with the cheapest components I could get from Frys that I could be confident would last a couple of years (having previously bought grotty PCs and regretted same). For $350 I got an Intel motherboard, 1.9 GHz processor, 1/4 gig Ram and a pretty nifty video card.
I agree that there is not much reason to upgrade from need these days. Even gaming is no longer a power users issue since the copy of tombraider angel of mercy you buy in the store next week will have been developed on hardware that is already close to obsolete.
The only mass market, power application I see about at the moment is digital video editing. That will pretty much soak up cycles on anything you throw at it. But the market is fairly specialist still.
As the hardware gets cheaper I am much happier to accept machines with everything integrated on the motherboard.
Isn't it funny how the call for "open standards" always translates into "our version doesn't have half the features, so let's compete on what we have in common"?
If the standard is a communications standard the lowest common denominator usually determines the features that are useful.
Document formats only became a communications issue when we started to use email attachments.
The original idea of HTML was that it could have become a common interchange format. However the lack of interest in developing page layout markup at Netscape kinda ended that.
The problem with 'open standards' is that the standards organizations favored by open source folk tend to be the ones which move at the most glacial speed. Take IETF for example, it is quite usual for groups to take five to ten years. Simple changes can take three years to get implemented even when they are absolutely essential if deployment is to be possible at all.
Where are IPv6? DNSSEC? - exact same place they were four years ago.
We can see this clearly in the new voting equipment that's being installed in parts of Florida. They've bought equipment that contains closed, proprietary software. Citizens can't validate the outcome of elections using this software.
No, that was not the problem.
The problem was that the poll workers did not know how to setup the equipment. Interestingly the parts of the state that had the most democratic voters were the places where all the 'accidents' took place. Kinda like the 'coincidence' that led to police roadblocks stopping voters in black districts from driving to the polls that were for some strange reason 2 miles away.
What do you expect from a govenor who is still trying to increase penalties for drug offenders while doing his best to keep his own daughter out of jail for the same offenses? It is kinda like the modern equivalent of campaigning for the war in Vietnam while making sure your own kids don't get sent there.
Unfortunately this thread does not appear to be talking about the AES issue at all, but garbled understanding of what quantum crypto can do.
According to the cryptographer's panel at RSA quantum computing is much less of a threat than many assume. In the first place quantum computing tends not to be effective against symetric algorithms. Secondly RSA turns out to be based on a problem that is very very hard with conventional computing and very very easy with quantum computing. It is not clear that all possible public key algorithms are susceptable to attack using quantum techniques.
In other words don't get the idea that quantum computing immediately means the end of cryptography.
On the actual topic of AES I would not call this a 'break', in fact nothing less than breaking the cipher for real should count as a break. There are plenty of 'breaks' of DES but none of them are easier than brute force when applied in practice. What we have is a theoretical compromise that is way outside the capabilities of any current technology.
Or consider it this way, given the known problems with 3DES (limited block size, severe limitation on safe amount of ciphertext generation) I don't feel like sticking with 3DES as a result of the article.
Gradually these objectives have been sacrificed in favour of power, supposedly achieved by a plethora of features and notational conventions, many of them unncessary and some of them, like exception handling, even dangerous.
I mean, how many languages use Dem Debil Exceptions these days? Or the notational dot form, as in
Well Tony was my Oxofr tutor so I have a somewhat closer idea of the context of the 1980 speech.
The point about the plethora of notations is actually the same as the motivation behind the dot notation in both Java and C#. The point is that the C++ looks_crappy::structure.somtehing->pointer.somethi ng->pointeragain notation uses three different notations where one will serve much better and moreover combines prefix and postfix notation in an incomprehensible fashion.
As for exceptions, the understanding of exception handling in 1980 was way, way to thin to build them into a language and certainly nobody had a rigorous semantic model for them. Combining exceptions with concurrency was a recipie for disaster in 1980 as neither was understood.
As for the 'success' of ADA, what little success it has had has almost without exception been coerced. It does not say anything for the suitability of ADA for safety critical systems that it is used when the original proponents of ADA require its use as a contract condition. I don't believe that Boeing, Lockeheed etc. would ever have written a line of ADA had the USGovt not stated it would be a future contract requirement.
I don't think that C# is going to be the end of language development. i suspect that in the near future we are going to see a further cleanup round in which some of the uglier holdovers from C are lost, in particular
The incomprehensible storage model keywords such as 'static'.
A true integrated concurrency model based on a message passing paradigm (i.e. not pthreads).
Remove extraneous syntactic clutter, for example the unnecessary braces and semicolons.
Strong typing based on dimensional analysis
Integrated persistence model so that you don't hagve to go messing arround with SQL and otherwise defunct entity relational data models just to get persistence.
Should any company require a university to teach a particular topic?
I don't like mandatory non-core classes. If someone is going to a university to learn eletronic engineering there is no reason to require them to do an arts module, learn a language or any other crap.
On the other hand I think that it is perfectly reasonable to require engineering and science students to understand programming and to require all students to take mathematics and philosophy.
If I was taking an intro to programming course I would choose C# for a number of reasons. First like Java and pascal it is reasonably well structured and encourages students to start writing good programs. There will be plenty of time for the students to learn how to program badly using FORTRAN, COBOL, C etc.
Second unlike pascal, C# is not crippled by braindamaged design. The pascal type system and one pass design is not something I would want to have to defend.
Third, I would want to use a language that supports metadata and has some nice examples of its use - the XML serialization class is a nice example of what programmer defined metadata can do - and yes before folk who know Java but not C# chime in, no the Java support for metadata is not a substitute.
Now metadata etc. is not the type of thing that is normally taught in an intro class, however my experience is that no compulsory intro class is all novices and I don't see why a course has to be a no-op for the most able students.
C++ has a weak type system? C++? You may say
whatever you want about C++ (complex, full of
C pitfalls, a hell to debug, whatever) but
"weak type system"?
Actually C++ and pretty much every language out there conflates representation with type. From the point of view of Russell's typed set theory there is no particular problem adding an integer to a real number, however there is a big problem adding yards to volts.
I can't say much about the C++ type system since I abandoned the language as garbage back in '92. Hoare's comment on Algo 60 vs 68 came to mind. However since C++ retains the void type and the whole C baggage it is difficult to see how it can have a strong type system.
It is a pity that the catastrophe of ADA brought down the idea of dimensional analysis with it. Of course Hoare's Turing award lecture (please don't use this for anything safety critical the compilers are certain to be full of bugs) gave a salutary warning on unbounded complexity. But I thing dimensional analysis could have been retrieved from the wreckage since it has no run-time impact.
The shut-down system doesn't need to be so drastic that it prevents any purchase to be made/money to be credited to the seller, it could just trigger a warning, keep recording transactions the CC-users have made, but warn the appropriate folks that an unusually high volume is happening, and to have a look if it's something evil or just hundreds of yuppy kids excited about Segway being finally released.
That is exactly what happened.
Velocity checks are the primary responsibility of the merchant acquirer. The gateway merely secures the connection to the merchant acquirer system.
If you have a sudden vast number of bogus transactions go through then warning lights are going to go on. However that does not mean that the system is going to shut off the service.
If the bad guys have hit you with 1000 charges of which 60% were blocked cards you are going to want the connection to continue as long as possible so you can mark the other 40% of the cards as probably compromised. If you have the capability you would probably like to do a network trace and call in the cops. However that type of thing is difficult to set up on the fly. Most card scammers do not do anything so conveniently obvious.
The main protection built in against this type of fraud is that the merchant does not get paid straight away. There is no real point in verifying so many card numbers in a way that is so obvious that it causes the cards that verify to be cancelled.
Yesterday my bank called back and said that the merchant had verified the transactions and that I would be responsible for them.
Send a letter in as follows:
Re fraudulent charges to account XYZ charges [list]
Under penalty of perjury I deny authorizing the charges specified above.
I hereby require you to produce the signed transaction receipts as required by Regulation E of the Federal Reserve regulations governing the use of credit cards.
As your legal department will confirm the laws of the United States govern all transactions concerning credit cards issues in the United States. These laws make the card issuer responsible for all fraudulent charges and not the consumer, the merchant or any other party.
These charges are in dispute. Any allegation made to a third party such as a credit agency alleging refusal to pay a legitimate debt shall be considered defamatory and action may be taken accordingly.
on many cards, the $50 limitation is only if your CARD is used fraudulently... as in, someone steals it and uses it without your permission.
No, it is only if there is a signature that the $50 deductable applies. If it is a MOTO transaction the deductable is ZERO, you are covered in full.
I don't see the point in the scam. While the scam artist now knows that the 60K cards were valid he has tipped off the card companies to the fact the numbers have been stolen.
waiting to release the book with the movie and make more $ is my guess
Great, after they make the film of the book they can write the book of the film of the book, then they can do the film of the book of the film of the book...
Thing that gets me is the adults who are too wussy to read the books in public. The woman I sat next to on the plane had the dust jacket of Milet's autobiography wrapped round a copy of Harry Potter and the Prisoner of Azkabahn.
Re:Why do that want Napster...
on
The Porn Of Napster
·
· Score: 3, Interesting
Because there's no such thing as bad publicity? Even your mother knows what Napster is (was).
They are making a stock offer for the assets of a company in chapter 7. I can't recall a case in which a bankrupcy court accepted a stock offer for assets of a chapter 7 company. On top of that the stock is not listed so the it is impossible to judge what value the creditors would receive.
Bascially this is a pure publicity play. There is virtually no chance that the offer would be accepted.
I don't quite see the pay off, if napster was public and on the verge then an offer of a buyout could cause the stock to rise, allowing someone to dump stock or options at a profit. But with napster in its current situation that can't be the motive. I don't see what publicity for an anonymous holding company does either.
This could simply be a brainless exec on an ego trip. Or they could be planning to go public themselves.
One thing that kind of pisses me off about the whole egyptology thing, is that the egyptian government is pretty strict on who they let come and do work like this over there. If they don't agree with some of your views on the history of the pyramids, good luck getting a permit to do anything there.
Take a look at the British Museum or Louvre sometime and you will see the reason why. Graverobbers took much of the best stuff in the 19th century and hauled it back home with them under the guise of 'archeology'.
If you go and tour the sites you will find walls covered with hieroglyphics with great big chunks missing where an 'archeologist' stole some particularly good looking piece.
The last thing anyone needs is a bunch of crystal waving new age hippies moving in to gather evidence to support their theory that the pyramids were marketing props for aliens selling a new type of chocky mint.
There are legit revisionist archeologists such as Romer who are challenging the chronology which everyone agrees is out of sync with the Greek and with the old testament.
Is how he avoids the accident in the first place driving about with that great long ethernet cable hanging off his bumper...
I don't get the protest angle, the problem isn't having to pay, it is the ridiculous markup. Its like the hotels who charge $15 a night for high speed internet access.
The snopes article rightly points out that the 'cooked to death' story is bunk. Like the rocket car there is simply no way anything close to that could happen without leaving an indelible media trail.
There is a considerably more likely story that predates the 'cooked' story by several years, I heard it in the 1980s. I strongly suspect that the cooked story is simply the result of successive embelishment.
The story I heard was that a bunch of radar technicians out in Alsaka decided to play some sort of game (football?) on the patch of grass where the snow had melted in front of the microwave horn. Afterwards some of the men started to complain about eye problems and it appeared that the radiation had damaged their eyesight by slightly cooking their eyeball.
This is actually quite believable since it does not take that much to dislodge gunk from the retina, iris etc causing it to float in the aqueous humour and disrupt vision. It can be caused by drinking too much strong coffee - as I discovered during my 2nd year exams.
It is possibly apocriphal but I heard it in the radiation saftey lecture of a pretty well known radiation research lab as an example of what can happen if you do not treat all radiation sources with respect. I suspect that the cooked to death story is simply the result of successive tellings.
Again, not true. A B2 system can have single level devices and multilevel devices as described in the Orange Book. A single level connection to a untrusted system is quite simple and practical, and consistent with taking the Orange Book seriouisly. Yes, a multilevel connection would require labels and a basis for believing labels (e.g,. connection to another evaluated system). If you need help with the engineering of it, refer to the TNI.
Yeah, yeah, if you take a legalistic view you can kinda sorta say you are compliant, perhaps but in the process you have pretty much demonstrated why B2 and Orange book mean very little.
There is a reason the guidelines are generally considered obsolete.
I remember reading through the guidelines with Ron Rivest and someone pointing out that the guidelines state that cryptographic enforcement mechanisms don't count. Ron summed up the response of the room by calling the requirement 'disappointing'.
The point is that evaluation criteria are only a guide to the security of an O/S, particularly when ther criteria fail to consider major developments since they were written - e.g. networking.
Windows NT was written to be B2 secure and does provide a pretty good foundation for secure applications, that has not prevented the terminally clueless from building what they have on top.
BULL$H!T Windows NT is NOT B2 compliant
NT 4.0 is the latest NT version security ceritfied and it only rates C2 ( Without a floppy drive installed and all screen savers disabled )
I said that they designed WNT to be B2 compliant, not that the B2 compliant configuration would be worth anything, VMS was not any use in B2 config either.
It would be kinda suprising if anyone continued to work on Orange Book certification now it has been replaced by the Common Criteria.
There is not a tremendous incentive for anyone to get CC certification since the USGovt does not enforce the requirement in most procurement
that sounds right to me. palladium is a ms technology due to be built into longhorn (win2004) so running win2k/xp/*nix on a palladium chipset should mean that you're not effected. right?
You can run on Palladium class hardware if you like and still not use Palladium. The only restriction being that then you cannot receive or display or do anything with Palladium controlled content.
A ripped CD is not Palladium controlled content. Nor for that matter is any mass produced physical media going to be Palladium controlled unless consumers are going to suddenly take to calling up a hotline to register their copy of the latest U2 album...
Also note that the original story in the Boston Globe has not been confirmed by an Intel press release. It would be somewhat 'off-message' for a company to announce support for Palladium on the same day they launch a completely new line of chips for laptops.
Paul Otellini, Intel's president, said the chip maker would include no copyright protections in LaGrande, but he acknowledged that digital publishers could use the technology with software programs such as Palladium to create their own.
You can't do DRM without trusted hardware but DRM is not the only use for trusted hardware, nor is any old trusted hardware sufficient for DRM.
What was the outcome of that and would that have prevented ebay from being able to screw people like this? IS Ebay even FDIC insured?
FDIC insurance is irrelevant unless eBay (owner of Paypal) goes under. FDIC insurance is not a requirement to perform bank functions, but federal regulation is.
I don't see why Paypal is not subject to the same rules as any other bank or money transfer agent. Nor do quite a few state attorney generals. If you take money from consumers and hold it in accounts the Federal Reserve regulations apply to you, period, end of story.
This case is rather more interesting, the judge essentially threw out the mandatory arbitration claim as being, well arbitrary.
Contracts should not trump the law. It is one thing for two companies negotiating a million dollar contract to agree to be bound by arbitration, it is quite another for a company to unilateraly impose terms on consumers.
Of course extreeme Randite Libertarians will blather on incessantly about 'rights' however this is one case in which the law is defined empirically. The law is what courts rule it to be. Courts have refused to uphold contract terms that usurp the common good since the days of Claudius.
"A B2 O/S cannot be connected to any sort of network and remain B2 secure, still interested?"
Not true. The network connections simply must be part of the defined security architecture
Which the Orange book gives no information on the analysis of.
If you take Orange book seriously then a B2 computer can only talk to other B2 computers...
Plan-9 was not designed from the ground up and certainly not for security. Plan-9 had some features beyond the UNIX core but it was certainly not a clean sheet of paper job. The first version even came out with the typesetter and games programs that were long since obsolete under UNIX.
The only O/S that I know of to be designed 'from the ground up' since VM-UNIX came out is Windows NT. UNIX was started before VMS but did not leave the research lab until after VMS launched. OS-X is simply a merger of NeXTStep and Mac-OS.
Windows NT the operating system is designed from the ground up to meet the Orange book B2 security requirements. That statement means less than it might when you find out what B2 means, i.e. almost nothing relevant to the real world. A B2 O/S cannot be connected to any sort of network and remain B2 secure, still interested?
The point is that design of the O/S is irrelevant unless the applications are also designed to be secure. There have been remarkably few security compromises of either UNIX or Windows NT, almost all the bug reports are in the layered applications. Take Outlook off Windows and Sendmail off Unix and the stats look oh so much better. Ten years ago I had a flame war with Eric Altman which later made it to the UNIX Hater's list, basically he said that he had finaly got a grip on the bugs and I pointed out that he still had no process and no clue when it came to security. Guess what, he still hasn't.
There are plenty of good replacements for sendmail that do not introduce arbitrary Turing complete languages for arbitrary purposes. Unfortunately the UNIX world simply won't use them.
There is a company working on a secure O/S, it requires secure hardware and is codenamed Palladium. You still want more security?
I can't agree with some of them. For example:"Don't use non-standard controls".
Actually as a Windows user who loathes the Mac look and feel it was one of the few pieces of advice I agreed with as a general matter.
When Mosaic first came out the most noticable thing about it was that it was the first browser for X-Windows that did not have an amateur DIY look and feel, it was plain Motif with the standard SGI fonts.
I don't much like using Adobe products because they insist on inventing their own UI techniques rather than providing the user with something consistent. At one point I used photoshop on a daily basis, then I stopped using it for a couple of months and found that I had forgotten how to use most of the commands. These days I just can't be bothered with it.
My pet peeve is MP3 players. For some reason these programs seem to be insist on morphing into the most unusable shape possible. Skins are cute as an option but just why does nobody - including Microsoft make an MP3 player with standard Windows look and feel?
The other point that is quite noticable in the document is that the Apple designers appear to be making most of their comparisons to the Windows 95 look and feel rather than XP.
It is also quite noticable that the example they give of an application with 'only one' menubar on Aqua actually has at least four visible command bars. The IE window has its own menu and shows a page with yet another menu.
If you go and take a look at almost any tournament-caliber deck, you're simply not going to find that it contains cards whose aggregate value is less than $100, and $200 and $300 decks are more common.
Sounds to me like this is an exercise in conspicuous consuption rather than anything that would interest me.
At least with other types of sport equipment the design of the technology is a major challenge in itself. With magic there is no technology, only artificial scarcity.
How about a charity tournament in which the cards are printed out on demand by laser printer at $20 a deck? Nah, much better give the money to some Enron like corporation run by one of George W's buddies.
Slashdot Mirror
Well I bought a 350hp car because I didn't see that it was worth waiting a year on the waiting list to be able to buy the supercharged version.
However I do notice that many of my neighbors have cars with equivalent capacity (4 litre or above) but give only half the power and less than half the mpg.
I just upgraded my son's computer with the cheapest components I could get from Frys that I could be confident would last a couple of years (having previously bought grotty PCs and regretted same). For $350 I got an Intel motherboard, 1.9 GHz processor, 1/4 gig Ram and a pretty nifty video card.
I agree that there is not much reason to upgrade from need these days. Even gaming is no longer a power users issue since the copy of tombraider angel of mercy you buy in the store next week will have been developed on hardware that is already close to obsolete.
The only mass market, power application I see about at the moment is digital video editing. That will pretty much soak up cycles on anything you throw at it. But the market is fairly specialist still.
As the hardware gets cheaper I am much happier to accept machines with everything integrated on the motherboard.
If the standard is a communications standard the lowest common denominator usually determines the features that are useful.
Document formats only became a communications issue when we started to use email attachments.
The original idea of HTML was that it could have become a common interchange format. However the lack of interest in developing page layout markup at Netscape kinda ended that.
The problem with 'open standards' is that the standards organizations favored by open source folk tend to be the ones which move at the most glacial speed. Take IETF for example, it is quite usual for groups to take five to ten years. Simple changes can take three years to get implemented even when they are absolutely essential if deployment is to be possible at all.
Where are IPv6? DNSSEC? - exact same place they were four years ago.
No, that was not the problem.
The problem was that the poll workers did not know how to setup the equipment. Interestingly the parts of the state that had the most democratic voters were the places where all the 'accidents' took place. Kinda like the 'coincidence' that led to police roadblocks stopping voters in black districts from driving to the polls that were for some strange reason 2 miles away.
What do you expect from a govenor who is still trying to increase penalties for drug offenders while doing his best to keep his own daughter out of jail for the same offenses? It is kinda like the modern equivalent of campaigning for the war in Vietnam while making sure your own kids don't get sent there.
According to the cryptographer's panel at RSA quantum computing is much less of a threat than many assume. In the first place quantum computing tends not to be effective against symetric algorithms. Secondly RSA turns out to be based on a problem that is very very hard with conventional computing and very very easy with quantum computing. It is not clear that all possible public key algorithms are susceptable to attack using quantum techniques.
In other words don't get the idea that quantum computing immediately means the end of cryptography.
On the actual topic of AES I would not call this a 'break', in fact nothing less than breaking the cipher for real should count as a break. There are plenty of 'breaks' of DES but none of them are easier than brute force when applied in practice. What we have is a theoretical compromise that is way outside the capabilities of any current technology.
Or consider it this way, given the known problems with 3DES (limited block size, severe limitation on safe amount of ciphertext generation) I don't feel like sticking with 3DES as a result of the article.
Gradually these objectives have been sacrificed in favour of power, supposedly achieved by a plethora of features and notational conventions, many of them unncessary and some of them, like exception handling, even dangerous.
I mean, how many languages use Dem Debil Exceptions these days? Or the notational dot form, as in
Well Tony was my Oxofr tutor so I have a somewhat closer idea of the context of the 1980 speech.
The point about the plethora of notations is actually the same as the motivation behind the dot notation in both Java and C#. The point is that the C++ looks_crappy::structure.somtehing->pointer.somethi ng->pointeragain notation uses three different notations where one will serve much better and moreover combines prefix and postfix notation in an incomprehensible fashion.
As for exceptions, the understanding of exception handling in 1980 was way, way to thin to build them into a language and certainly nobody had a rigorous semantic model for them. Combining exceptions with concurrency was a recipie for disaster in 1980 as neither was understood.
As for the 'success' of ADA, what little success it has had has almost without exception been coerced. It does not say anything for the suitability of ADA for safety critical systems that it is used when the original proponents of ADA require its use as a contract condition. I don't believe that Boeing, Lockeheed etc. would ever have written a line of ADA had the USGovt not stated it would be a future contract requirement.
I don't think that C# is going to be the end of language development. i suspect that in the near future we are going to see a further cleanup round in which some of the uglier holdovers from C are lost, in particular
I don't like mandatory non-core classes. If someone is going to a university to learn eletronic engineering there is no reason to require them to do an arts module, learn a language or any other crap.
On the other hand I think that it is perfectly reasonable to require engineering and science students to understand programming and to require all students to take mathematics and philosophy.
If I was taking an intro to programming course I would choose C# for a number of reasons. First like Java and pascal it is reasonably well structured and encourages students to start writing good programs. There will be plenty of time for the students to learn how to program badly using FORTRAN, COBOL, C etc.
Second unlike pascal, C# is not crippled by braindamaged design. The pascal type system and one pass design is not something I would want to have to defend.
Third, I would want to use a language that supports metadata and has some nice examples of its use - the XML serialization class is a nice example of what programmer defined metadata can do - and yes before folk who know Java but not C# chime in, no the Java support for metadata is not a substitute.
Now metadata etc. is not the type of thing that is normally taught in an intro class, however my experience is that no compulsory intro class is all novices and I don't see why a course has to be a no-op for the most able students.
Actually C++ and pretty much every language out there conflates representation with type. From the point of view of Russell's typed set theory there is no particular problem adding an integer to a real number, however there is a big problem adding yards to volts.
I can't say much about the C++ type system since I abandoned the language as garbage back in '92. Hoare's comment on Algo 60 vs 68 came to mind. However since C++ retains the void type and the whole C baggage it is difficult to see how it can have a strong type system.
It is a pity that the catastrophe of ADA brought down the idea of dimensional analysis with it. Of course Hoare's Turing award lecture (please don't use this for anything safety critical the compilers are certain to be full of bugs) gave a salutary warning on unbounded complexity. But I thing dimensional analysis could have been retrieved from the wreckage since it has no run-time impact.
That is exactly what happened.
Velocity checks are the primary responsibility of the merchant acquirer. The gateway merely secures the connection to the merchant acquirer system.
If you have a sudden vast number of bogus transactions go through then warning lights are going to go on. However that does not mean that the system is going to shut off the service.
If the bad guys have hit you with 1000 charges of which 60% were blocked cards you are going to want the connection to continue as long as possible so you can mark the other 40% of the cards as probably compromised. If you have the capability you would probably like to do a network trace and call in the cops. However that type of thing is difficult to set up on the fly. Most card scammers do not do anything so conveniently obvious.
The main protection built in against this type of fraud is that the merchant does not get paid straight away. There is no real point in verifying so many card numbers in a way that is so obvious that it causes the cards that verify to be cancelled.
Send a letter in as follows:
Re fraudulent charges to account XYZ charges [list]
Under penalty of perjury I deny authorizing the charges specified above.
I hereby require you to produce the signed transaction receipts as required by Regulation E of the Federal Reserve regulations governing the use of credit cards.
As your legal department will confirm the laws of the United States govern all transactions concerning credit cards issues in the United States. These laws make the card issuer responsible for all fraudulent charges and not the consumer, the merchant or any other party.
These charges are in dispute. Any allegation made to a third party such as a credit agency alleging refusal to pay a legitimate debt shall be considered defamatory and action may be taken accordingly.
No, it is only if there is a signature that the $50 deductable applies. If it is a MOTO transaction the deductable is ZERO, you are covered in full.
I don't see the point in the scam. While the scam artist now knows that the 60K cards were valid he has tipped off the card companies to the fact the numbers have been stolen.
Great, after they make the film of the book they can write the book of the film of the book, then they can do the film of the book of the film of the book...
Thing that gets me is the adults who are too wussy to read the books in public. The woman I sat next to on the plane had the dust jacket of Milet's autobiography wrapped round a copy of Harry Potter and the Prisoner of Azkabahn.
They are making a stock offer for the assets of a company in chapter 7. I can't recall a case in which a bankrupcy court accepted a stock offer for assets of a chapter 7 company. On top of that the stock is not listed so the it is impossible to judge what value the creditors would receive.
Bascially this is a pure publicity play. There is virtually no chance that the offer would be accepted.
I don't quite see the pay off, if napster was public and on the verge then an offer of a buyout could cause the stock to rise, allowing someone to dump stock or options at a profit. But with napster in its current situation that can't be the motive. I don't see what publicity for an anonymous holding company does either.
This could simply be a brainless exec on an ego trip. Or they could be planning to go public themselves.
Take a look at the British Museum or Louvre sometime and you will see the reason why. Graverobbers took much of the best stuff in the 19th century and hauled it back home with them under the guise of 'archeology'.
If you go and tour the sites you will find walls covered with hieroglyphics with great big chunks missing where an 'archeologist' stole some particularly good looking piece.
The last thing anyone needs is a bunch of crystal waving new age hippies moving in to gather evidence to support their theory that the pyramids were marketing props for aliens selling a new type of chocky mint.
There are legit revisionist archeologists such as Romer who are challenging the chronology which everyone agrees is out of sync with the Greek and with the old testament.
I don't get the protest angle, the problem isn't having to pay, it is the ridiculous markup. Its like the hotels who charge $15 a night for high speed internet access.
There is a considerably more likely story that predates the 'cooked' story by several years, I heard it in the 1980s. I strongly suspect that the cooked story is simply the result of successive embelishment.
The story I heard was that a bunch of radar technicians out in Alsaka decided to play some sort of game (football?) on the patch of grass where the snow had melted in front of the microwave horn. Afterwards some of the men started to complain about eye problems and it appeared that the radiation had damaged their eyesight by slightly cooking their eyeball.
This is actually quite believable since it does not take that much to dislodge gunk from the retina, iris etc causing it to float in the aqueous humour and disrupt vision. It can be caused by drinking too much strong coffee - as I discovered during my 2nd year exams.
It is possibly apocriphal but I heard it in the radiation saftey lecture of a pretty well known radiation research lab as an example of what can happen if you do not treat all radiation sources with respect. I suspect that the cooked to death story is simply the result of successive tellings.
Yeah, yeah, if you take a legalistic view you can kinda sorta say you are compliant, perhaps but in the process you have pretty much demonstrated why B2 and Orange book mean very little.
There is a reason the guidelines are generally considered obsolete.
I remember reading through the guidelines with Ron Rivest and someone pointing out that the guidelines state that cryptographic enforcement mechanisms don't count. Ron summed up the response of the room by calling the requirement 'disappointing'.
The point is that evaluation criteria are only a guide to the security of an O/S, particularly when ther criteria fail to consider major developments since they were written - e.g. networking.
Windows NT was written to be B2 secure and does provide a pretty good foundation for secure applications, that has not prevented the terminally clueless from building what they have on top.
I said that they designed WNT to be B2 compliant, not that the B2 compliant configuration would be worth anything, VMS was not any use in B2 config either.
It would be kinda suprising if anyone continued to work on Orange Book certification now it has been replaced by the Common Criteria.
There is not a tremendous incentive for anyone to get CC certification since the USGovt does not enforce the requirement in most procurement
You can run on Palladium class hardware if you like and still not use Palladium. The only restriction being that then you cannot receive or display or do anything with Palladium controlled content.
A ripped CD is not Palladium controlled content. Nor for that matter is any mass produced physical media going to be Palladium controlled unless consumers are going to suddenly take to calling up a hotline to register their copy of the latest U2 album...
Also note that the original story in the Boston Globe has not been confirmed by an Intel press release. It would be somewhat 'off-message' for a company to announce support for Palladium on the same day they launch a completely new line of chips for laptops.
What Intel did announce is that they are embedding private keys into their Banias line of chips which provide integrated support for 802.11a/b.
This is a journalist looking to invent a story.
Paul Otellini, Intel's president, said the chip maker would include no copyright protections in LaGrande, but he acknowledged that digital publishers could use the technology with software programs such as Palladium to create their own.
You can't do DRM without trusted hardware but DRM is not the only use for trusted hardware, nor is any old trusted hardware sufficient for DRM.
FDIC insurance is irrelevant unless eBay (owner of Paypal) goes under. FDIC insurance is not a requirement to perform bank functions, but federal regulation is.
I don't see why Paypal is not subject to the same rules as any other bank or money transfer agent. Nor do quite a few state attorney generals. If you take money from consumers and hold it in accounts the Federal Reserve regulations apply to you, period, end of story.
This case is rather more interesting, the judge essentially threw out the mandatory arbitration claim as being, well arbitrary.
Contracts should not trump the law. It is one thing for two companies negotiating a million dollar contract to agree to be bound by arbitration, it is quite another for a company to unilateraly impose terms on consumers.
Of course extreeme Randite Libertarians will blather on incessantly about 'rights' however this is one case in which the law is defined empirically. The law is what courts rule it to be. Courts have refused to uphold contract terms that usurp the common good since the days of Claudius.
??? What other species post here regularly ???
Which the Orange book gives no information on the analysis of.
If you take Orange book seriously then a B2 computer can only talk to other B2 computers...
The TCP/IP stack is not part of the NT kernel, nor is it a security subsystem. Microsoft used the reference code released in NET2 under BSD license.
The design of the kernel is designed to support B2 level security without multi-ring security support in the processor.
Plan-9 was not designed from the ground up and certainly not for security. Plan-9 had some features beyond the UNIX core but it was certainly not a clean sheet of paper job. The first version even came out with the typesetter and games programs that were long since obsolete under UNIX.
The only O/S that I know of to be designed 'from the ground up' since VM-UNIX came out is Windows NT. UNIX was started before VMS but did not leave the research lab until after VMS launched. OS-X is simply a merger of NeXTStep and Mac-OS.
Windows NT the operating system is designed from the ground up to meet the Orange book B2 security requirements. That statement means less than it might when you find out what B2 means, i.e. almost nothing relevant to the real world. A B2 O/S cannot be connected to any sort of network and remain B2 secure, still interested?
The point is that design of the O/S is irrelevant unless the applications are also designed to be secure. There have been remarkably few security compromises of either UNIX or Windows NT, almost all the bug reports are in the layered applications. Take Outlook off Windows and Sendmail off Unix and the stats look oh so much better. Ten years ago I had a flame war with Eric Altman which later made it to the UNIX Hater's list, basically he said that he had finaly got a grip on the bugs and I pointed out that he still had no process and no clue when it came to security. Guess what, he still hasn't.
There are plenty of good replacements for sendmail that do not introduce arbitrary Turing complete languages for arbitrary purposes. Unfortunately the UNIX world simply won't use them.
There is a company working on a secure O/S, it requires secure hardware and is codenamed Palladium. You still want more security?
Actually as a Windows user who loathes the Mac look and feel it was one of the few pieces of advice I agreed with as a general matter.
When Mosaic first came out the most noticable thing about it was that it was the first browser for X-Windows that did not have an amateur DIY look and feel, it was plain Motif with the standard SGI fonts.
I don't much like using Adobe products because they insist on inventing their own UI techniques rather than providing the user with something consistent. At one point I used photoshop on a daily basis, then I stopped using it for a couple of months and found that I had forgotten how to use most of the commands. These days I just can't be bothered with it.
My pet peeve is MP3 players. For some reason these programs seem to be insist on morphing into the most unusable shape possible. Skins are cute as an option but just why does nobody - including Microsoft make an MP3 player with standard Windows look and feel?
The other point that is quite noticable in the document is that the Apple designers appear to be making most of their comparisons to the Windows 95 look and feel rather than XP.
It is also quite noticable that the example they give of an application with 'only one' menubar on Aqua actually has at least four visible command bars. The IE window has its own menu and shows a page with yet another menu.
Sounds to me like this is an exercise in conspicuous consuption rather than anything that would interest me.
At least with other types of sport equipment the design of the technology is a major challenge in itself. With magic there is no technology, only artificial scarcity.
How about a charity tournament in which the cards are printed out on demand by laser printer at $20 a deck? Nah, much better give the money to some Enron like corporation run by one of George W's buddies.