I was a designer of the CAP implementation for a pretty big UK bank. One of the main issues was that we were training users to enter their PIN into any old device. 10 years ago, the PIN would only work on a bank machine on the front wall of a bank so there was a reasonable trust model between the bank consumer and the bank.
Now we ask them to enter PINs into all sorts of devices, that aren't commonly recognisable and cannot be reasonably assessed by the user as safe: petrol pumps, restaurant handhelds, super market Chip & Pin devices, handheld EMV/CAP units without even thinking about whether the unit is secure.
The EMV standard (as the parent poster will know) actually has 2 data locations for PIN. That was so that the card could store a local PIN and a remote PIN (i.e. the bank would recognise). That way the user could use a different number whether they were using the bank's machines or not. However, usability won the day and the two items are set with the same data.
Also, whilst the UK uses a 4 digit PIN - the data on the card can actually store 6 digits.
Royal Bank of Scotland (and many uk banks) use "Judder" technology so that the card is randomly juddered as it the ATM sucks the card into the chip reader. This makes the job of an external card reader much harder. Whilst (here in scotland) we don't really use magnetic stripes anymore - it is useful technology because there was a material fraud loss from other countries that do use mag stripes with scottish cards.
If only we could have the moving sidewalks (pavements) as described in the The City And The Stars by Charles C Clarke where the edges of the moving pavement are slower than the centre and to take junctions you just step across the moving sidewalk where it splits in two. Folks transiting through keep to the high speed middle
Part of the spy game is not letting on that you know what is going on. By letting them conduct operations in against non-critical assets, you get to see how they operate, who they work with, and who they answer to. You can unravel their network to watch and catch other agents. You can set them up to pass false information.... etc etc
it has a name and is called "counter-intelligence".
usually a deal is done with a small nation to expatriot the prisoners to. Palau (link to guardian article) was trying to deal with the US to take 17 of the prisoners in return for quite large infrastructure grants ($200m).
with open source, the 'consideration' could be an expectation that some of the user base contribute code fixes, report errors, respond to queries on a forum and so on.
is there not implied contract between a user and open source software distributor if exaggerated claims are made about the software? I'm thinking carlille v smokeball co although that's a bit of a leap if the distribution of OSS, as you say, isn't a sale of goods/services. At least in carlille, something was purchased based on claims made by the manufacturer allbeit, pre-SoGA.
money consideration - I was always under the impression that payment in money doesn't have to change hands for SoGA s14 still to apply. Although, applying other value "payment" argument to open Source would be pretty difficult indeed, e.g. contribution to fix other bugs and so on.
Interestingly, the sale of goods act would cover open source software - even if the price was zero. However, it is very likely that a developer could only be sued for GBP 0. The England & Wales and Scots Legal systems tend to support the little (or wee) man and wouldn't allow a huge writ to sue a hobbyist unless they were making buckets of money out of selling poor quality software.
Section 14 in the Sale of Goods act determines quality and it falls into: 1. were the goods or services fit for purpose? 2. were the goods or services of satisfactory quality?
fit for purpose statement really concentrates on the act of sale. In open source that would be the claims made by a website, or statements by the developer about the product, perhaps in a blog.
satisfactory quality (sometimes known as merchantable quality) would focus on the expectation of quality. which in front of a jury would probably get nowhere with an open source bit of software even if a service contract was in place.
where this case is very interesting is that the standard terms and conditions (i.e. the EULA) was once again not enforced or recognised and fell foul of the Unfair Contract terms Act. Are you watching Microsoft? because this applies to you and the EULAs for Windows 7.
Labour and Conservative got around 33,000 votes per seat - based on a UK average, The SNP received 106,000 votes per seat won Lib Dem was something like 215,000 votes to win a seat.
So you get madness like the Lib Dems winning 25% of the national vote but only getting 55 odd seats. And the SNP winning 20% of the Scottish vote only to achieve 1% of the seats in parliament.
There's a lot of theory about why this happens but the main one is that electoral boundaries do not follow geo-political boundaries (like they do in the USA for example) and have been gerrymandered over the years to achieve political results.
I use Ethernet over Power units for IP cams so I just have to run one cable to each unit in outbuildings etc. EoP also has the side benefit of pissing off radio hams in the locality.
Whilst a lot of the content in this video is indefensible - there is one moment, where the Reuters photographer bends down on one knee at the street corner and presumably looks at the back of his digital SLR - which has a long lens on it. I replayed this bit a few times and I can tell you that (unfortunately) it looked exactly like the activity to load and arm a cheapo shoulder mounted RPG (http://en.wikipedia.org/wiki/RPG-22) where the front tip is aimed to the ground, charge is loaded and ranger finders snapped up. Clearly, the camera angle on sees about 1/4 of the activity and the diameter and profile of the SLR with its long lens match that of an RPG.
It was about 1 sec later that the mood changed from curious to blood thirsty attack mode and they got permission to engage before the helicopter even rounded the corner to get full sight of the group in the courtyard. Plenty of total bullshit like: "we received small arms fire"
I'd be keen to learn how the material was found and decrypted.
the idea of transferring money electronically is totally accepted here in the UK.
I bought a car off an old couple - I turned up, drove it, liked it made them an offer and then went back to to their home, had a cup of tea and logged into my ebanking system and transferred the money to their bank account. I have a pocket sized two factor authentication device that I slide my debit card into and type the pin for verification. I log off, the old boy logs in and hey presto - the money is in his account. I don't need to carry cash, he doesn't need to worry about a cheque bouncing or a trip to the bank.
The US banking system is basically where we (UK) were in the 1980's. I even saw someone writing a check in a supermarket when I was in the US recently! I haven't written a cheque for many years and, in fact, APACS will be outlawing cheques here in 2012. The US banking system is much more fragmented in the USA and doesn't have the regulatory structure and capital guarantee that UK banks have to have. Some banks only span a few towns (although these are disappearing) and don't have a national presence. They still have "bank managers" too and you can go in an "speak to them" - Most UK branches haven't had this for years.
It's only since "faster payments" was introduced a 4 years ago that person to person payments using online banking etc have really taken off. I don't think any of the big UK banks charge for faster payments. Of course, you can have fun sending 0.01 to your friends with a transfer label "goats.cx" etc.
They also don't have the concept of "direct debit". something that astounds me. You either have to go to an online bill consolidator service of have to pay each bill (sending a cheque!!!!) individually!
nice application, however I noticed that you were doing 32mph through Pensford at 1307Hrs (it's a 30mph limit). that's a 3-point penalty and GBP 60 fine.
fuck. now you're going 41mph out of Belluton and just hit 51mph on bristol road (40mph limit)
Actually, I was working at Reuters in London at the time and the first we knew of the disaster was an automated alert from our trading system saying that Merrylls and APM had gone fully offline (these types of systems very very rarely go offline). At the same moment, one of the data feeds went DR (DataScope I think) - it had its DR facility in the other tower and so only lasted a short time before going off for good.
The DLR (Docklands Light railway is a driverless train system that leaves from Bank (in The City - which is the bit of london where all the financial firms are) and Tower Gateway (next to the tower of london) - take a train headed towards Lewisham and get off at "Cutty Sark" station - the station before Greenwich. It's a nice walk through Greenwich up past the old naval collegde and up the hill to GMT and the museums. Your oyster card will work on it.
If you have a 3G phone then just pop into any of the multitude of mobile phone shops (TMobile, Orange, O2) or bigger super markets and ask for a 3G "Pay as you go" SIM card. They cost about GBP15 and come with credit so you can make calls to book restaurants and check the web whilst on the move. If your phone is locked against a provider at home, then just get a "pay as you go" USB 3G dongle for your laptop. They start at about GBP20 and can be used anywhere (I've used mine in the mountains of scotland).
If you are bringing a laptop - remember that the UK is 240V. Most power bricks will auto switch to 220V-240V but worth checking. You will find UK power plug leads on any electrical store or one of the "aladins cave" electrical shops on Tottenham Court Road.
Interestingly, some of the UK mobile operators have bankers licences and are therefore governed by the FSA (financial services authority). The FSA defines a PEP marker (Politically Exposed Person) on records and these typically have greater sensitivity than the rest and each access is audited. Anyone who thinks they are 'famous' can become a PEP on request - politicians, david beckham's, recognised government officials, company execs are using this device more and more.
Whilst it might seem like a good idea to register yourself as a PEP (e.g. I'm famous on slashdot), it can be a pain in the arse because some banks etc will not send out new credit cards directly to a PEP.
Using alias's is illegal if done incorrectly. Using an alias as a "stage name" is OK for celebs, but not so great for politicians. Also, it's not a great idea to buy a phone contract with an (!deedpoll) alias.
the other problem with PS Store is that it is difficult to figure out what you are actually buying. Are you buying a game to play? a non-transferable licence to play the game? a licence restricted to a number of PS units? or perhaps a licence for 1 game per unit?
I had the misfortune of having a bluray drive fail and being out of warranty, I simply bought a new ps3 slim. Everything from the backup restored except 60 or so Singstar songs (GBP 50/USD 80 ish) because, as I found out too late, the DRM in the singstar songs locks the songs for one PS3 unit and, even worse, you can't buy the songs again and re-download them because it thinks you already have them!
I try to avoid DRM for this very reason - but after a few pints one night, I never thought to check that Singstar would have such stupid DRM on it.
yes, I use the Brother QL-550 for my mountain bike business for all the shipping labels. Yes, you can get CUPS drivers. Industrial strength - I go through 30metre (100ft) rolls of label every few weeks!!! This little printer has been like having another employee and has saved me thousands.
I use the Brother PTouch QL-550 for all the labels for my mountain bike business. You can download CUPS drivers and also a set of OpenOffice ODT templates for all the reel-sticker sizes. I use continuous feed label and the printer has a wee razor sharp cutter to slice off the label. These are used as shipping labels that I create automagically in openoffice writer templates. I've even done one for the CN22 customs label for sending goods out of the EU. The sticky label is cheap and can come in various flavours - I use 30 meter rolls (100ft) at a time. We also make promo stickers for bike frames using it.
GPP doesn't mention what level of risk there is with having a weee pc from being stolen; however my own Asus Eeepc 904hd (fedora 10) has only the/home partition encrypted using in-built truecrypt. It's all configurable from the installation process (anaconda) - actually, it's just a checkbox when you configure the disk layout. This doesn't slow the performance noticeably but gives me a little reassurance that if it's stolen then it'll just be over-written with windows and sold on.
All first year law students learn about contract law and learn the intrinsics of offer and acceptance. The key point is that a contract can be accepted, even if the contract(or) doesn't know that the contractee has accepted. See Mrs Carlill vs the Carbolic Smokeball company.
I seriously doubt microsoft was involved in the development of tradelect. marketing in collaboration with accenture yes.
From an old Computer Weekly article "Accenture built the Tradelect platform in India between late 2004 and March this year."
And from an old information age article, a classic Quote from the now departed IT Director: "That was where Microsoft came in. We looked at their whole suite of technology from their development environment through to their databases and operating systems, and we decided that their technology was best aligned to achieving this range of design principles. We also found that they were willing to operate as true partners with us and to engage throughout the whole four-year programme rather than on particular components within it where there was potential revenue for them through licence sales. So we felt that not only did their technology stack up against the design principles, but they were genuinely able to act as a partner. They recognised at the most senior levels what we were trying to achieve here and that was important to us."
That's £40m over a short 2 years of service - work out the TCO on the depreciation cost alone! So, yes, I do think Microsoft has a lot to answer for because they were engaged at the highest levels. Also, Accenture have a lot to answer for. As soon as I saw "India", well, I'm sorry, but it's rare for an offshore project to meet requirements - in the same way that a project for Bank of India outsourced to the UK would probably fail.
It's worth a look at the Chi-X platform sales brochure (it's PPT, how ironic) which is a direct competitor to LSE and uses Linux successfully. Chi-X has about 15% or so of UK FTSE 100 trades. The amazing feature of CHi-X is its low latency - especially in trading where 20 ms is a very long time and can cost principals serious money.
Slashdot Mirror
I was a designer of the CAP implementation for a pretty big UK bank. One of the main issues was that we were training users to enter their PIN into any old device. 10 years ago, the PIN would only work on a bank machine on the front wall of a bank so there was a reasonable trust model between the bank consumer and the bank.
Now we ask them to enter PINs into all sorts of devices, that aren't commonly recognisable and cannot be reasonably assessed by the user as safe: petrol pumps, restaurant handhelds, super market Chip & Pin devices, handheld EMV/CAP units without even thinking about whether the unit is secure.
The EMV standard (as the parent poster will know) actually has 2 data locations for PIN. That was so that the card could store a local PIN and a remote PIN (i.e. the bank would recognise). That way the user could use a different number whether they were using the bank's machines or not. However, usability won the day and the two items are set with the same data.
Also, whilst the UK uses a 4 digit PIN - the data on the card can actually store 6 digits.
Royal Bank of Scotland (and many uk banks) use "Judder" technology so that the card is randomly juddered as it the ATM sucks the card into the chip reader. This makes the job of an external card reader much harder. Whilst (here in scotland) we don't really use magnetic stripes anymore - it is useful technology because there was a material fraud loss from other countries that do use mag stripes with scottish cards.
If only we could have the moving sidewalks (pavements) as described in the The City And The Stars by Charles C Clarke where the edges of the moving pavement are slower than the centre and to take junctions you just step across the moving sidewalk where it splits in two. Folks transiting through keep to the high speed middle
Part of the spy game is not letting on that you know what is going on. By letting them conduct operations in against non-critical assets, you get to see how they operate, who they work with, and who they answer to. You can unravel their network to watch and catch other agents. You can set them up to pass false information. ... etc etc
it has a name and is called "counter-intelligence".
usually a deal is done with a small nation to expatriot the prisoners to. Palau (link to guardian article) was trying to deal with the US to take 17 of the prisoners in return for quite large infrastructure grants ($200m).
+1 - we were given a baby monitor that transmits live video and source temperature. It destroys our WiFi capability - but only within 20 metres or so.
with open source, the 'consideration' could be an expectation that some of the user base contribute code fixes, report errors, respond to queries on a forum and so on.
mod parent up
is there not implied contract between a user and open source software distributor if exaggerated claims are made about the software? I'm thinking carlille v smokeball co although that's a bit of a leap if the distribution of OSS, as you say, isn't a sale of goods/services. At least in carlille, something was purchased based on claims made by the manufacturer allbeit, pre-SoGA.
money consideration - I was always under the impression that payment in money doesn't have to change hands for SoGA s14 still to apply. Although, applying other value "payment" argument to open Source would be pretty difficult indeed, e.g. contribution to fix other bugs and so on.
Interestingly, the sale of goods act would cover open source software - even if the price was zero. However, it is very likely that a developer could only be sued for GBP 0. The England & Wales and Scots Legal systems tend to support the little (or wee) man and wouldn't allow a huge writ to sue a hobbyist unless they were making buckets of money out of selling poor quality software.
Section 14 in the Sale of Goods act determines quality and it falls into:
1. were the goods or services fit for purpose?
2. were the goods or services of satisfactory quality?
fit for purpose statement really concentrates on the act of sale. In open source that would be the claims made by a website, or statements by the developer about the product, perhaps in a blog.
satisfactory quality (sometimes known as merchantable quality) would focus on the expectation of quality. which in front of a jury would probably get nowhere with an open source bit of software even if a service contract was in place.
where this case is very interesting is that the standard terms and conditions (i.e. the EULA) was once again not enforced or recognised and fell foul of the Unfair Contract terms Act. Are you watching Microsoft? because this applies to you and the EULAs for Windows 7.
Labour and Conservative got around 33,000 votes per seat - based on a UK average,
The SNP received 106,000 votes per seat won
Lib Dem was something like 215,000 votes to win a seat.
So you get madness like the Lib Dems winning 25% of the national vote but only getting 55 odd seats.
And the SNP winning 20% of the Scottish vote only to achieve 1% of the seats in parliament.
There's a lot of theory about why this happens but the main one is that electoral boundaries do not follow geo-political boundaries (like they do in the USA for example) and have been gerrymandered over the years to achieve political results.
I use Ethernet over Power units for IP cams so I just have to run one cable to each unit in outbuildings etc. EoP also has the side benefit of pissing off radio hams in the locality.
Whilst a lot of the content in this video is indefensible - there is one moment, where the Reuters photographer bends down on one knee at the street corner and presumably looks at the back of his digital SLR - which has a long lens on it. I replayed this bit a few times and I can tell you that (unfortunately) it looked exactly like the activity to load and arm a cheapo shoulder mounted RPG (http://en.wikipedia.org/wiki/RPG-22) where the front tip is aimed to the ground, charge is loaded and ranger finders snapped up. Clearly, the camera angle on sees about 1/4 of the activity and the diameter and profile of the SLR with its long lens match that of an RPG.
It was about 1 sec later that the mood changed from curious to blood thirsty attack mode and they got permission to engage before the helicopter even rounded the corner to get full sight of the group in the courtyard. Plenty of total bullshit like: "we received small arms fire"
I'd be keen to learn how the material was found and decrypted.
the idea of transferring money electronically is totally accepted here in the UK.
I bought a car off an old couple - I turned up, drove it, liked it made them an offer and then went back to to their home, had a cup of tea and logged into my ebanking system and transferred the money to their bank account. I have a pocket sized two factor authentication device that I slide my debit card into and type the pin for verification. I log off, the old boy logs in and hey presto - the money is in his account. I don't need to carry cash, he doesn't need to worry about a cheque bouncing or a trip to the bank.
The US banking system is basically where we (UK) were in the 1980's. I even saw someone writing a check in a supermarket when I was in the US recently! I haven't written a cheque for many years and, in fact, APACS will be outlawing cheques here in 2012. The US banking system is much more fragmented in the USA and doesn't have the regulatory structure and capital guarantee that UK banks have to have. Some banks only span a few towns (although these are disappearing) and don't have a national presence. They still have "bank managers" too and you can go in an "speak to them" - Most UK branches haven't had this for years.
It's only since "faster payments" was introduced a 4 years ago that person to person payments using online banking etc have really taken off. I don't think any of the big UK banks charge for faster payments. Of course, you can have fun sending 0.01 to your friends with a transfer label "goats.cx" etc.
They also don't have the concept of "direct debit". something that astounds me. You either have to go to an online bill consolidator service of have to pay each bill (sending a cheque!!!!) individually!
nice application, however I noticed that you were doing 32mph through Pensford at 1307Hrs (it's a 30mph limit). that's a 3-point penalty and GBP 60 fine.
fuck. now you're going 41mph out of Belluton and just hit 51mph on bristol road (40mph limit)
Actually, I was working at Reuters in London at the time and the first we knew of the disaster was an automated alert from our trading system saying that Merrylls and APM had gone fully offline (these types of systems very very rarely go offline). At the same moment, one of the data feeds went DR (DataScope I think) - it had its DR facility in the other tower and so only lasted a short time before going off for good.
> tube to greenwich
The DLR (Docklands Light railway is a driverless train system that leaves from Bank (in The City - which is the bit of london where all the financial firms are) and Tower Gateway (next to the tower of london) - take a train headed towards Lewisham and get off at "Cutty Sark" station - the station before Greenwich. It's a nice walk through Greenwich up past the old naval collegde and up the hill to GMT and the museums. Your oyster card will work on it.
Get a GIF tube map and stick it in your phone.
> beware of roaming fees
If you have a 3G phone then just pop into any of the multitude of mobile phone shops (TMobile, Orange, O2) or bigger super markets and ask for a 3G "Pay as you go" SIM card. They cost about GBP15 and come with credit so you can make calls to book restaurants and check the web whilst on the move. If your phone is locked against a provider at home, then just get a "pay as you go" USB 3G dongle for your laptop. They start at about GBP20 and can be used anywhere (I've used mine in the mountains of scotland).
If you are bringing a laptop - remember that the UK is 240V. Most power bricks will auto switch to 220V-240V but worth checking. You will find UK power plug leads on any electrical store or one of the "aladins cave" electrical shops on Tottenham Court Road.
Interestingly, some of the UK mobile operators have bankers licences and are therefore governed by the FSA (financial services authority). The FSA defines a PEP marker (Politically Exposed Person) on records and these typically have greater sensitivity than the rest and each access is audited. Anyone who thinks they are 'famous' can become a PEP on request - politicians, david beckham's, recognised government officials, company execs are using this device more and more.
Whilst it might seem like a good idea to register yourself as a PEP (e.g. I'm famous on slashdot), it can be a pain in the arse because some banks etc will not send out new credit cards directly to a PEP.
Using alias's is illegal if done incorrectly. Using an alias as a "stage name" is OK for celebs, but not so great for politicians. Also, it's not a great idea to buy a phone contract with an (!deedpoll) alias.
the other problem with PS Store is that it is difficult to figure out what you are actually buying. Are you buying a game to play? a non-transferable licence to play the game? a licence restricted to a number of PS units? or perhaps a licence for 1 game per unit?
I had the misfortune of having a bluray drive fail and being out of warranty, I simply bought a new ps3 slim. Everything from the backup restored except 60 or so Singstar songs (GBP 50 /USD 80 ish) because, as I found out too late, the DRM in the singstar songs locks the songs for one PS3 unit and, even worse, you can't buy the songs again and re-download them because it thinks you already have them!
I try to avoid DRM for this very reason - but after a few pints one night, I never thought to check that Singstar would have such stupid DRM on it.
yes, I use the Brother QL-550 for my mountain bike business for all the shipping labels. Yes, you can get CUPS drivers. Industrial strength - I go through 30metre (100ft) rolls of label every few weeks!!! This little printer has been like having another employee and has saved me thousands.
There is a useful summary page here on how to get it working.
We use linux for all our mountain bike parts operations by the way.
GPP doesn't mention what level of risk there is with having a weee pc from being stolen; however my own Asus Eeepc 904hd (fedora 10) has only the /home partition encrypted using in-built truecrypt. It's all configurable from the installation process (anaconda) - actually, it's just a checkbox when you configure the disk layout. This doesn't slow the performance noticeably but gives me a little reassurance that if it's stolen then it'll just be over-written with windows and sold on.
All first year law students learn about contract law and learn the intrinsics of offer and acceptance. The key point is that a contract can be accepted, even if the contract(or) doesn't know that the contractee has accepted. See Mrs Carlill vs the Carbolic Smokeball company.
I seriously doubt microsoft was involved in the development of tradelect. marketing in collaboration with accenture yes.
From an old Computer Weekly article
"Accenture built the Tradelect platform in India between late 2004 and March this year."
And from an old information age article, a classic Quote from the now departed IT Director:
"That was where Microsoft came in. We looked at their whole suite of technology from their development environment through to their databases and operating systems, and we decided that their technology was best aligned to achieving this range of design principles. We also found that they were willing to operate as true partners with us and to engage throughout the whole four-year programme rather than on particular components within it where there was potential revenue for them through licence sales. So we felt that not only did their technology stack up against the design principles, but they were genuinely able to act as a partner. They recognised at the most senior levels what we were trying to achieve here and that was important to us."
That's £40m over a short 2 years of service - work out the TCO on the depreciation cost alone! So, yes, I do think Microsoft has a lot to answer for because they were engaged at the highest levels. Also, Accenture have a lot to answer for. As soon as I saw "India", well, I'm sorry, but it's rare for an offshore project to meet requirements - in the same way that a project for Bank of India outsourced to the UK would probably fail.
It's worth a look at the Chi-X platform sales brochure (it's PPT, how ironic) which is a direct competitor to LSE and uses Linux successfully. Chi-X has about 15% or so of UK FTSE 100 trades. The amazing feature of CHi-X is its low latency - especially in trading where 20 ms is a very long time and can cost principals serious money.