The remote check is just one tiny part of it. You also need an internal check of the network every three months. You need a web application firewall. You need to log every single change on the server configs. You need an IDS. You need file integrity monitoring for the logs. You need to backup the log. You need multi factor authentification. And so on and so forth.
You could be mislead while perusing the doc, because the really hard parts are not contrasted with the trivial ones ("run an antivirus"), and if you don't know what they entail, you could confuse them with something much harder. Take network segregation; at last count we have about a dozen VLANs.
A connection to our intranet goes through 7 of them, one each for the SSL front end, Web app firewall, web server, app server, web database, which is fed sanitized data from a database that is, in turn, twice removed from the cardholder application itself. Application that doesn't even talk directly to either terminals or banks, they go through at least one proxy, on another vlan.
This is not spelled out in the PCI standard, but was the only to respect it.
This is in addition to the transaction costs of 3-4%, the transaction processing costs, the fees paid by the consumers, etc, etc.
That number is a bit high, you can get a much better deal if you have a million TX a year, I think.
Can we please find a secure way of using direct debit, so we can cut the credit-card companies out of the loop?
Card hardware companies are currently all working on end-to-end encryption, whereby no unencrypted data will be stored anywhere between the card itself and the bank.
But that would require smart cards, something we've had here since, oh, 1989 (I've never had a card without a chip). And that doesn't cover card-not-present use cases. As long as you have to store any clear text card numbers, you'll have to abide by PCI, I'm afraid.
All considered, PCI is a very good thing. I was skeptical at first but no one would be doing a tenth of what's needed without it.
Before 1.2 there was an explicit dispensation for Unix machines. Not anymore; although it reads to me that it's not needed, the auditor disagreed. So we had to install a token ClamAV on each machine, and have it scan the disks for... mostly Windows viruses, since the database contains thousands of them, along with a dozen Linux viruses, none of which was ever seen in the wild.
There are dozens of requirements that EC2 will never ever be able to fulfil. It's just not possible. Take requirements for network segregation. The machines with cardholder data must be on a separate vlan with no direct access to the outside, in or out. There are physical requirements not just for the datacenter (locked racks, surveillance cameras), but for the workstations. It's just impossible to do that on EC2 or anything like it. In any case, you don't want to manage cardholder data. Leave it to someone who is willing to go through the trouble.
Actuaries (the people who design insurance policies) have long had to estimate the cost of a human life. It might sound a little creepy, we certainly want to believe that life is priceless, but for practical purposes, you have to put a number on it. If I remember correctly, the value was around $200k a few years ago. In any case it was less than a million. Put that next to that judgement, and that's creepy alright. A few countries (most notably Finland) price fines as a % of income, and I believe that's another way to put this in perspective. Jammie Thomas makes, what, 30k a year at most? So that's 60 years of income, before taxes and shit. Take taxes and the absolute minimum (poverty limit) into account, and you're talking at least 200 years of income. That's just fucking insane. Those people are monsters. I wouldn't piss on a RIAA lawyer if they were on fire.
I'm quoting WP but it would be easy to find other sources -- I studied that in highschool, so it's not exactly rocket science:
Monetarism today is mainly associated with the work of Milton Friedman, who was among the generation of economists to accept Keynesian economics and then criticize it on his own terms. Friedman and Anna Schwartz wrote an influential book, Monetary History of the United States 1867-1960, and argued that "inflation is always and everywhere a monetary phenomenon." Friedman advocated a central bank policy aimed at keeping the supply and demand for money at equilibrium, as measured by growth in productivity and demand. The monetarist argument that the demand for money is a stable function gained considerable support during the late 1960s and 1970s from the work of David Laidler. The former head of the United States Federal Reserve, Alan Greenspan, is generally regarded as monetarist in his policy orientation. The European Central Bank officially bases its monetary policy on money supply targets.
Critics of monetarism include both neo-Keynesians who argue that demand for money is intrinsic to supply, and some conservative economists who argue that demand for money cannot be predicted. Joseph Stiglitz has argued that the relationship between inflation and money supply growth is weak when inflation is low.
You're saying Milton Friedman is a keynesianist. That's just fucking retarded. Or you're trolling, but since people have upvoted you, I have to assume some people are misguided enough to believe this ridiculous bullshit.
"Bubble" in the mouth of Krugman and other "leftist" (where "leftist" means anyone not drinking the austrian economics kool aid) economists is a very, very dirty word. He can't possibly advocate it as a policy; he's just saying that it's "the only way it can justify that tax cut", by creating the illusion of recovery through another bubble.
It's either copyrighted or it isn't. Nothing to do with the citizenship of the reader, ever. At least I have never seen anything like this. The only thing that comes close is reciprocity clauses where another country's copyrights are only recognized if it recognizes the other country's, but nothing based on the country of the *user*, just the work.
One is program that slows down your computer, takes up RAM and disk space, erases files, and generally ends up costing you quite a bit of money and time.
The other is a program that reproduces automatically.
RHEL5 is getting a little stale and we often need more recent versions for various reasons; I found that downloading SRPMs from koji.fedoraproject.org and recompiling them on RHEL usually worked. The only annoying thing is that from F11 on the RPM compression has changed and RHEL can't unpack them; so I have to unpack them on my Fedora system first. Then I just build them, sign them with our GPG key, and copy them over to our loca repo, and just run "createrepo." It's not that big a deal.
Slashdot Mirror
The remote check is just one tiny part of it. You also need an internal check of the network every three months.
You need a web application firewall.
You need to log every single change on the server configs.
You need an IDS.
You need file integrity monitoring for the logs.
You need to backup the log.
You need multi factor authentification.
And so on and so forth.
You could be mislead while perusing the doc, because the really hard parts are not contrasted with the trivial ones ("run an antivirus"), and if you don't know what they entail, you could confuse them with something much harder. Take network segregation; at last count we have about a dozen VLANs.
A connection to our intranet goes through 7 of them, one each for the SSL front end, Web app firewall, web server, app server, web database, which is fed sanitized data from a database that is, in turn, twice removed from the cardholder application itself. Application that doesn't even talk directly to either terminals or banks, they go through at least one proxy, on another vlan.
This is not spelled out in the PCI standard, but was the only to respect it.
This is in addition to the transaction costs of 3-4%, the transaction processing costs, the fees paid by the consumers, etc, etc.
That number is a bit high, you can get a much better deal if you have a million TX a year, I think.
Can we please find a secure way of using direct debit, so we can cut the credit-card companies out of the loop?
Card hardware companies are currently all working on end-to-end encryption, whereby no unencrypted data will be stored anywhere between the card itself and the bank.
But that would require smart cards, something we've had here since, oh, 1989 (I've never had a card without a chip). And that doesn't cover card-not-present use cases. As long as you have to store any clear text card numbers, you'll have to abide by PCI, I'm afraid.
All considered, PCI is a very good thing. I was skeptical at first but no one would be doing a tenth of what's needed without it.
Before 1.2 there was an explicit dispensation for Unix machines. Not anymore; although it reads to me that it's not needed, the auditor disagreed. So we had to install a token ClamAV on each machine, and have it scan the disks for ... mostly Windows viruses, since the database contains thousands of them, along with a dozen Linux viruses, none of which was ever seen in the wild.
The audit itself costs €20k;. The cost of passing it is probably more on the order of $150k.
There are dozens of requirements that EC2 will never ever be able to fulfil. It's just not possible. Take requirements for network segregation. The machines with cardholder data must be on a separate vlan with no direct access to the outside, in or out. There are physical requirements not just for the datacenter (locked racks, surveillance cameras), but for the workstations.
It's just impossible to do that on EC2 or anything like it.
In any case, you don't want to manage cardholder data. Leave it to someone who is willing to go through the trouble.
Actuaries (the people who design insurance policies) have long had to estimate the cost of a human life. It might sound a little creepy, we certainly want to believe that life is priceless, but for practical purposes, you have to put a number on it. If I remember correctly, the value was around $200k a few years ago. In any case it was less than a million. Put that next to that judgement, and that's creepy alright.
A few countries (most notably Finland) price fines as a % of income, and I believe that's another way to put this in perspective. Jammie Thomas makes, what, 30k a year at most? So that's 60 years of income, before taxes and shit. Take taxes and the absolute minimum (poverty limit) into account, and you're talking at least 200 years of income. That's just fucking insane.
Those people are monsters. I wouldn't piss on a RIAA lawyer if they were on fire.
I'm quoting WP but it would be easy to find other sources -- I studied that in highschool, so it's not exactly rocket science:
You're saying Milton Friedman is a keynesianist. That's just fucking retarded. Or you're trolling, but since people have upvoted you, I have to assume some people are misguided enough to believe this ridiculous bullshit.
Hm I thought they proved the mapping from Haskell to C was correct, as well. At lest, so far, for the ARM version.
Slavery is freedom.
You've got a pretty good handle on that newspeak thing.
then he's a keynesian.
Makes sense. Or not.
Von Hayek was a commie, too.
people will have enough incentive to start moving out.
The right wing economists have been trumpetting their bullshit for decade, justifying the retarded policies of the ultra right, from Pinochet to Bush.
The keynesians haven't created anything, genius, they weren't in power in that time frame, it was Greenspan and his merry band of Chicago boys.
"Bubble" in the mouth of Krugman and other "leftist" (where "leftist" means anyone not drinking the austrian economics kool aid) economists is a very, very dirty word. He can't possibly advocate it as a policy; he's just saying that it's "the only way it can justify that tax cut", by creating the illusion of recovery through another bubble.
Nowhere in the fucking article are there the words "death" or "spiral." Nor anything about MS getting killed or something.
Nice editing job.
Synecdoche: a term denoting a specific class of thing is used to refer to a larger, more general class
plug it into your Linux box, and program it to dial in your labels onto a dymo handheld labelling machine.
Makes about as much sense as your "advice."
(Learn .Net to print labels? You've gotta be fucking kidding)
There are cheap ($200) devices to do that and save the trouble. Smart people tend to prefer not wasting time on useless crap.
And what do subpoena have to do with anything here? Everything that's needed is public.
It's either copyrighted or it isn't. Nothing to do with the citizenship of the reader, ever. At least I have never seen anything like this. The only thing that comes close is reciprocity clauses where another country's copyrights are only recognized if it recognizes the other country's, but nothing based on the country of the *user*, just the work.
The main perf advantage of Fortran however was that it could automagically make use of vector machines.
One is program that slows down your computer, takes up RAM and disk space, erases files, and generally ends up costing you quite a bit of money and time.
The other is a program that reproduces automatically.
RHEL5 is getting a little stale and we often need more recent versions for various reasons; I found that downloading SRPMs from koji.fedoraproject.org and recompiling them on RHEL usually worked. The only annoying thing is that from F11 on the RPM compression has changed and RHEL can't unpack them; so I have to unpack them on my Fedora system first.
Then I just build them, sign them with our GPG key, and copy them over to our loca repo, and just run "createrepo." It's not that big a deal.
Smart missiles and remote controlled drones cost much less, are more reliable and don't kill their pilot when they fail.
doesn't the band have a copyright on their act?