I got this same explanation from a waitress, that they didn't use pin because of tipping... But that's utterly ridiculous, in the rest of the world they bring a wireless payment device to your table and it asks if you'd like to leave a tip, you enter the amount to tip and it calculates the total and then authorises the total using your pin. The payment device then prints out a receipt which shows how much you paid in total.
Checking signatures is worthless anyway, real peoples signatures never look exactly the same whereas a criminal can easily copy what he sees on the back of the card, or in the case of cloning the cards he can just sign the cloned card himself and thats what the merchant will compare against.
At least with a pin, the pin is either correct or not, and not displayed on the card itself.
This vulnerability requires root level privileges inside a guest os, and for that guest os to be running with very specific configuration (must have e1000 nic and be configured in nat mode)...
Incidentally nat mode doesnt support ipv6, rendering it useless for me.
Exactly, fragmentation and inconvenience will simply drive users to piracy... Subscribing to one service for all your shows and movies is ok for most people, having to subscribe to a bunch of different services is a hassle people don't want, and that's assuming all of the services are available in your location and on the devices you have. Thepiratebay on the other hand provides all content and is usable on all devices,
If regulations are not thorough enough, then companies will find loopholes that allow them to violate the spirit of the regulation while technically still complying with the terms.
Laws and regulations are like any complex system, except lawyers are paid a lot of money to find and exploit flaws in the law, whereas people who find such flaws in software (ie basically doing the same thing) are branded criminals.
It's actually perfectly reasonable to use hardware acceleration by default when the hardware claims to support it, the problem there is shoddy hardware making false claims.
This is also caused by black box security products, they claim to do something (encrypt your data) but don't disclose enough about how and just expect you to trust them.. How many more vendors are hiding crap like this that just hasn't been discovered yet?
They don't realise that alternatives exist, or are only aware of Apple but don't have the budget for it... Indeed the common perception is that computers are inherently unreliable and insecure and that's just the way it is. This perception is entirely down to microsoft being both ubiquitous and such poor quality for all these years.
Look at all the tv shows with characters which can trivially hack into any system, or computers which are constantly failing to work correctly - this is the perception that microsoft has generated.
Biomass is renewable in that you can generate more biomass... If your criteria is wether a source produces co2 or not, then replace biomass with nuclear.
Any formalised education is going to be outdated when it comes to a fast moving field like technology.
By the time the curriculum has been devised, the course material/books printed and distributed etc, the information is going to be out of date. Even if something is up to date when taught, by the time the students finish their classes and enter the field the information will be dated.
So a well written curriculum is going to teach more general concepts and how they could apply more generally.
It's actually fairly typical stupidity of security through obscurity... Someone along the chain, either the developers or the vendor has assumed that because they don't publish details of how it works noone will ever find out.
There have been privilege escalation attacks against lots of protocols and the programs which implement them in the past... FTP at least is a relatively simple protocol, how it works is well known as is how to harden it... I'm actually far more comfortable with a simple protocol like FTP that provides a clear demarcation between authenticated and unauthenticated, than something extremely complex like SMB running as a high privilege process on the host box.
Yes, perhaps more than 30 years ago but depending on the field...
When i worked for a small ISP years ago all of the technical staff were geeks who were keenly interested in technology both professionally and as a hobby. They would learn new technologies on their own and introduce them into the workplace, they would come up with creative ways to solve problems and look for (or create) the best tool for the job.
These days, there are a lot of people for whom technology is simply a job, once they finish work for the day they have zero interest in technology. They do not seek out new technologies, and don't want to learn them unless forced to do so. They won't come up with their own creative solutions, but would rather just buy products and pass off responsibility to someone else.
In the past 30 years, IT has gone from a niche field for a handful of geeks and very large businesses, to common and ubiquitous. However, the pool of available competent people did not increase so fast and thus you have cheaper incompetent people filling the gaps.
To make matters worse, a lot of vendors (especially microsoft) have been marketing their software as easy to use and not requiring an expensive competent sysadmin to manage, but the reality is that while someone with low skills can get a system limping along it will perform poorly, as well as being unreliable and insecure.
Google (search) is voluntary, I use it often because it usually provides better results but i also sometimes use DDG or Bing, so i'm aware of alternatives. Many google users are not aware that alternatives exist, so it's very hard for a startup to get the word out to people.
Gmail is also voluntary, there are many other email providers out there and it's also possible to operate your own. You have a huge choice of providers, and a huge choice of clients which you can use to access your mail.
On the other hand, facebook, whatsapp, skype, viber etc are very much involuntary services, i would prefer not to use any of them but i'm forced to because people i need to communicate with are using these services. I'm forced to use their service and whatever crufty client they provide. I'm forced to have multiple clients installed that perform the exact same function, and i'm forced to upgrade my physical devices once one of these services stops supporting an old device.
The problem with monopolies is when people are locked in.
Google (Search) don't really have a lot of lock-in, there's nothing to stop you using bing or duckduckgo etc. Similarly with android, there are alternative android builds from the likes of amazon each with their own store etc.
Whats much more of a problem is platforms like facebook, skype and whatsapp etc, which force you to be on their platforms if you need to communicate with your friends who also use the same platforms. Splitting these companies up wouldn't do much good, unless you also create and enforce some kind of open interoperable standards allowing users on different platforms to still communicate with other and allowing third parties to create their own compatible alternatives.
If you take email as an example, the underlying protocols are standard and there are many compatible clients and providers while people are also free to create their own clients or operate their own servers. While there might be a few large players, they can't lock you in and there are many smaller alternatives.
Currently it's a farcical situation where the average user has accounts and clients for an array of different services, and are forced to use the clients provided by those services on devices supported by those clients. How many people remember the days of ICQ when the first third party clients came out, you could run a much better client on platforms not supported by the official one.
Not practical... It would make europeans unable to conduct electronic transactions with most of the rest of the world, especially making vacations outside the eu extremely troublesome, and would only hurt those europeans. The EU cannot impose fines on an entity that exists solely outside of their jurisdiction, they would just refuse to pay and the EU couldn't do anything about it.
A non EU payment processor has no reason to decline EU payments, it is for EU banks to decide they will decline charges being made from entities with no EU representation. In which case, people would complain that their banks are impeding legal spending of their own money.
If you use an EU issued payment card to purchase something from asia or the usa, you have no expectation that the merchant you are making the purchase from would be GDPR compliant.
If card payments, you would be dealing with a local canadian card processor, who would likely be dealing with american payment card companies (visa, mastercard etc).
Same with the ad agency, its up to them wether they want to target EU, wether they have a presence there or not etc.
The idea that you have to comply with laws in a country you have no presence in just because someone from that country *could* access your site is ridiculous. Kim Jong Un could access your website and declare it to be a violation of DPRK law, would you then comply with their law?
The EU has no jurisdiction outside of EU borders, and the GDPR does not apply to individuals or entities with no connection to the EU. If you as an EU resident choose to provide information to an entity outside of the EU then that's your choice and your responsibility.
You can't process payments in the EU, but there's nothing to stop people who are in the EU sending international payments to you wherever you might be.
If you don't have a presence in the EU then you don't have to comply with any EU laws at all. The fact that your website *can* be reached from the EU, or that someone in the EU could have your products sent to them is irrelevant.
There are hundreds of countries all around the world, some of them have very strict laws on various things, and yet the internet is full of websites which while perfectly legal in some countries are entirely illegal in others. Porn is one such example, porn is illegal in many middle eastern countries and yet still prevalent on the internet. It would be ridiculous for the operator of a website to have to hire representatives in each country, or else try to block access from those countries.
Exercise and fitness is very important if you want to be a professional wrestler, and selling merchandise tshirts is a big part of the pro wrestling business too.
Indeed, i sometimes use ethernet or hdmi and require dongles but not often... I actually prefer having more ports (4x usb-c) than one each of several types of port as i would often find myself running out of one type of port while having others empty.
In the vast majority of cases i don't actually have anything connected at all.
There are many advantages to a car capable of much higher speeds than the legal speed limits...
Operating an engine close to its maximum power output is inefficient and increases wear and tear, if a car is capable of 190mph but it spends most of its life at 70mph then there is very little stress on the engine and it's likely to last a long time.
A car with a higher top speed typically has better acceleration too, you may not drive any faster than 70mph but your time to go from standing to 70mph will be lower than a slower vehicle. Sometimes the extra performance can also be useful in an emergency too.
Plus there are places where you can legally drive at higher speeds (racetracks, german autobahns etc).
Slashdot Mirror
I got this same explanation from a waitress, that they didn't use pin because of tipping... But that's utterly ridiculous, in the rest of the world they bring a wireless payment device to your table and it asks if you'd like to leave a tip, you enter the amount to tip and it calculates the total and then authorises the total using your pin. The payment device then prints out a receipt which shows how much you paid in total.
Checking signatures is worthless anyway, real peoples signatures never look exactly the same whereas a criminal can easily copy what he sees on the back of the card, or in the case of cloning the cards he can just sign the cloned card himself and thats what the merchant will compare against.
At least with a pin, the pin is either correct or not, and not displayed on the card itself.
This vulnerability requires root level privileges inside a guest os, and for that guest os to be running with very specific configuration (must have e1000 nic and be configured in nat mode)...
Incidentally nat mode doesnt support ipv6, rendering it useless for me.
Exactly, fragmentation and inconvenience will simply drive users to piracy...
Subscribing to one service for all your shows and movies is ok for most people, having to subscribe to a bunch of different services is a hassle people don't want, and that's assuming all of the services are available in your location and on the devices you have.
Thepiratebay on the other hand provides all content and is usable on all devices,
If regulations are not thorough enough, then companies will find loopholes that allow them to violate the spirit of the regulation while technically still complying with the terms.
Laws and regulations are like any complex system, except lawyers are paid a lot of money to find and exploit flaws in the law, whereas people who find such flaws in software (ie basically doing the same thing) are branded criminals.
It's actually perfectly reasonable to use hardware acceleration by default when the hardware claims to support it, the problem there is shoddy hardware making false claims.
This is also caused by black box security products, they claim to do something (encrypt your data) but don't disclose enough about how and just expect you to trust them.. How many more vendors are hiding crap like this that just hasn't been discovered yet?
They don't realise that alternatives exist, or are only aware of Apple but don't have the budget for it...
Indeed the common perception is that computers are inherently unreliable and insecure and that's just the way it is. This perception is entirely down to microsoft being both ubiquitous and such poor quality for all these years.
Look at all the tv shows with characters which can trivially hack into any system, or computers which are constantly failing to work correctly - this is the perception that microsoft has generated.
Biomass is renewable in that you can generate more biomass...
If your criteria is wether a source produces co2 or not, then replace biomass with nuclear.
Any formalised education is going to be outdated when it comes to a fast moving field like technology.
By the time the curriculum has been devised, the course material/books printed and distributed etc, the information is going to be out of date. Even if something is up to date when taught, by the time the students finish their classes and enter the field the information will be dated.
So a well written curriculum is going to teach more general concepts and how they could apply more generally.
It's actually fairly typical stupidity of security through obscurity... Someone along the chain, either the developers or the vendor has assumed that because they don't publish details of how it works noone will ever find out.
There have been privilege escalation attacks against lots of protocols and the programs which implement them in the past...
FTP at least is a relatively simple protocol, how it works is well known as is how to harden it... I'm actually far more comfortable with a simple protocol like FTP that provides a clear demarcation between authenticated and unauthenticated, than something extremely complex like SMB running as a high privilege process on the host box.
Yes, perhaps more than 30 years ago but depending on the field...
When i worked for a small ISP years ago all of the technical staff were geeks who were keenly interested in technology both professionally and as a hobby. They would learn new technologies on their own and introduce them into the workplace, they would come up with creative ways to solve problems and look for (or create) the best tool for the job.
These days, there are a lot of people for whom technology is simply a job, once they finish work for the day they have zero interest in technology. They do not seek out new technologies, and don't want to learn them unless forced to do so. They won't come up with their own creative solutions, but would rather just buy products and pass off responsibility to someone else.
In the past 30 years, IT has gone from a niche field for a handful of geeks and very large businesses, to common and ubiquitous. However, the pool of available competent people did not increase so fast and thus you have cheaper incompetent people filling the gaps.
To make matters worse, a lot of vendors (especially microsoft) have been marketing their software as easy to use and not requiring an expensive competent sysadmin to manage, but the reality is that while someone with low skills can get a system limping along it will perform poorly, as well as being unreliable and insecure.
Only when your code is inefficient and causing pipeline stalls, if your code is well optimized then SMT is more likely to cause a performance loss.
If they're declared bankrupt they should report to whoever their creditors are, who should then decide what gets done with any assets they have.
Google (search) is voluntary, I use it often because it usually provides better results but i also sometimes use DDG or Bing, so i'm aware of alternatives. Many google users are not aware that alternatives exist, so it's very hard for a startup to get the word out to people.
Gmail is also voluntary, there are many other email providers out there and it's also possible to operate your own. You have a huge choice of providers, and a huge choice of clients which you can use to access your mail.
On the other hand, facebook, whatsapp, skype, viber etc are very much involuntary services, i would prefer not to use any of them but i'm forced to because people i need to communicate with are using these services. I'm forced to use their service and whatever crufty client they provide. I'm forced to have multiple clients installed that perform the exact same function, and i'm forced to upgrade my physical devices once one of these services stops supporting an old device.
The problem with monopolies is when people are locked in.
Google (Search) don't really have a lot of lock-in, there's nothing to stop you using bing or duckduckgo etc.
Similarly with android, there are alternative android builds from the likes of amazon each with their own store etc.
Whats much more of a problem is platforms like facebook, skype and whatsapp etc, which force you to be on their platforms if you need to communicate with your friends who also use the same platforms. Splitting these companies up wouldn't do much good, unless you also create and enforce some kind of open interoperable standards allowing users on different platforms to still communicate with other and allowing third parties to create their own compatible alternatives.
If you take email as an example, the underlying protocols are standard and there are many compatible clients and providers while people are also free to create their own clients or operate their own servers. While there might be a few large players, they can't lock you in and there are many smaller alternatives.
Currently it's a farcical situation where the average user has accounts and clients for an array of different services, and are forced to use the clients provided by those services on devices supported by those clients. How many people remember the days of ICQ when the first third party clients came out, you could run a much better client on platforms not supported by the official one.
Not practical...
It would make europeans unable to conduct electronic transactions with most of the rest of the world, especially making vacations outside the eu extremely troublesome, and would only hurt those europeans.
The EU cannot impose fines on an entity that exists solely outside of their jurisdiction, they would just refuse to pay and the EU couldn't do anything about it.
A non EU payment processor has no reason to decline EU payments, it is for EU banks to decide they will decline charges being made from entities with no EU representation. In which case, people would complain that their banks are impeding legal spending of their own money.
If you use an EU issued payment card to purchase something from asia or the usa, you have no expectation that the merchant you are making the purchase from would be GDPR compliant.
If card payments, you would be dealing with a local canadian card processor, who would likely be dealing with american payment card companies (visa, mastercard etc).
Same with the ad agency, its up to them wether they want to target EU, wether they have a presence there or not etc.
The idea that you have to comply with laws in a country you have no presence in just because someone from that country *could* access your site is ridiculous. Kim Jong Un could access your website and declare it to be a violation of DPRK law, would you then comply with their law?
The EU has no jurisdiction outside of EU borders, and the GDPR does not apply to individuals or entities with no connection to the EU. If you as an EU resident choose to provide information to an entity outside of the EU then that's your choice and your responsibility.
You can't process payments in the EU, but there's nothing to stop people who are in the EU sending international payments to you wherever you might be.
If you don't have a presence in the EU then you don't have to comply with any EU laws at all. The fact that your website *can* be reached from the EU, or that someone in the EU could have your products sent to them is irrelevant.
There are hundreds of countries all around the world, some of them have very strict laws on various things, and yet the internet is full of websites which while perfectly legal in some countries are entirely illegal in others. Porn is one such example, porn is illegal in many middle eastern countries and yet still prevalent on the internet.
It would be ridiculous for the operator of a website to have to hire representatives in each country, or else try to block access from those countries.
Exercise and fitness is very important if you want to be a professional wrestler, and selling merchandise tshirts is a big part of the pro wrestling business too.
Indeed, i sometimes use ethernet or hdmi and require dongles but not often... I actually prefer having more ports (4x usb-c) than one each of several types of port as i would often find myself running out of one type of port while having others empty.
In the vast majority of cases i don't actually have anything connected at all.
There are many advantages to a car capable of much higher speeds than the legal speed limits...
Operating an engine close to its maximum power output is inefficient and increases wear and tear, if a car is capable of 190mph but it spends most of its life at 70mph then there is very little stress on the engine and it's likely to last a long time.
A car with a higher top speed typically has better acceleration too, you may not drive any faster than 70mph but your time to go from standing to 70mph will be lower than a slower vehicle. Sometimes the extra performance can also be useful in an emergency too.
Plus there are places where you can legally drive at higher speeds (racetracks, german autobahns etc).