This! If you're able to see credit card information, then they are not storing it in a PCI DSS compliant manner, and Visa/MasterCard should be extremely interested.
I used to accept AmEx, and had some very bad experiences with them. They would regularly send me incorrect letters, including sensitive data intended for other merchants, and outright refused on at least three occasions to warn cardholders whose data had been compromised and used for fraudulent orders.
They do not necessarily always withhold funds from the merchant until the cardholder has paid. Disputed charges were taken back out of my bank account, just like Visa/MasterCard's process.
This was all back in 1999, so YMMV, but I still refuse to use or accept AmEx.
I used to be the lead sysadmin and security manager for a company with a fairly active Internet connection, using around 600Mbps constantly. I was working closely with the network engineer, having had very little Cisco experience prior to the job, and we were implementing some filtering (I believe for Code Red) on the core router.
I wrote up the access list (Cisco filtering rule), the network admin checked it over, and we pasted it into the router's configuration over SSH. Milliseconds after the change was made, we both realized that we had forgotten the "permit ip any any" at the end of the ACL. Cisco's default behavior is to deny any packets that aren't specifically allowed. Sure enough, I hit Return a few times, and our session to the router was dead. About twenty seconds later, all of the phones started ringing.
I have never seen anyone find a spare laptop and serial cable as quickly as we did. Surprisingly, neither of us were reprimanded for the five-minute outage during peak hours. I guess that this was fairly minor, since the company had so many problems in general, but that's another story...
If you haven't already, I'd definitely give the Registrar of Voters a call (858-565-5800) and complain about that poll worker. Human error is one thing, but her being disgusted with your party is way over the line. There are supposed to be absolutely no political opinions discussed at the poll, especially among poll workers.
In that precinct (Marview)? I think there were only three or four voters who acted remotely like Slashdotters. Good to see ya.:) Unfortunately, there's next to nothing that we individual poll workers could have done. I understand that the Registrar of Voters was offering paper ballots down at their main office, but it wasn't well publicized.
We were supposed to read your registered party off the roster, rather than asking you or saying it out loud. That wasn't the case for much of the day, though, much to my consternation.
The write-in system is apparently restricted to qualified write-in candidates: those who have gathered a certain number of signatures. We had a sheet, printed at the last minute, of who those qualified candidates were. I believe that other write-ins would have been discarded later.
Here's hoping things improve.
Re:sacrificing quality of animiation for extras
on
Anime Moves To DVD
·
· Score: 1
The Tenchi Muyo Ultimate Edition box set - all of the OAV episodes, plus extra stuff, on three DVDs - has excellent quality. Anime on DVD (a very useful site) has several reviews of the set.
Fortunately, it looks like almost all companies that release anime have gotten the message - I've only heard of a single anime DVD, Princess Mononoke, that's dub-only. I think that's because the producers are worried about people "reverse-importing" the DVD (since Mononoke isn't out on DVD in Japan yet).
In fact, I seem to recall that one company decided to stop releasing subtitled anime on VHS, and will subtitle only the DVD versions in order to save costs.
This practice, or something like it, has been going on for a long time, in the form of "private peering." Very large Web hosting providers - even a few individual super-high-traffic sites, I think - have been arranging private, direct connectivity between themselves and some large dial-up access networks for a long time. Private peering helps connections between two networks move faster, and also takes what can be a large amount of traffic off the more general backbones.
I don't think that this is a bad (or even particularly new) thing. It will be time to worry when a site starts deliberately slowing down or denying connections to networks without "special arrangements," but it looks like that won't happen for a long time, if ever.
I have some very strong opinions about this. I used to sell Web hosting and UNIX shell accounts on my site, Sandwich.Net. We were doing very well for a while (we even ran some banner ads on Slashdot), but we shut down commercial operations after a very large loss brought on by credit card fraud.
Apparently, we were very popular with the "script kiddie" community. About 90% of credit card orders that we received turned out to be fraudulent (immediately or eventually) - not from credit cards that had been physically stolen, but from compromised credit card numbers and account information. For some reason, almost 75% of those fraudulent orders were either using Malaysian cards or came from Malaysian dial-up accounts.
For Internet ordering, most merchants use AVS, the Address Verification System, for fraud screening. I understand that there are some other systems available now. With AVS - and even with most new systems that I've seen hyped - if your personal information is compromised along with the card number (which is very common), the system is completely useless. AVS doesn't work with credit cards from outside the U.S. or Canada anyway.
If I had required that users fax me a copy of their credit card and picture ID, I suspect that I could have prevented very nearly all of the credit card fraud that happened. As it was, our merchant service provider terminated our merchant account for excessive chargebacks, and charged us a certain amount per chargeback, which added up to a large loss. It would have helped had the provider actually provided us with anything other than AVS for fraud screening, or with decent customer service or advice. A system like that suggested in the article, where assurance is traded among merchants, sounds good, but I agree that it raises some major privacy concerns.
Banks and merchant service providers don't seem to care very much about this. After I realized what was going on (far too late to stop most of the chargebacks), I ended up denying most international orders, and calling banks in North America to verify the charges. Most of them were very unhelpful - I now know which banks I never want to get a credit card from...
I could keep going on about this for several pages.:) Feel free to e-mail me if you're interested in more details. (I'd be happy to discuss the merchant service provider and credit card companies involved.) I hope this message made at least some amount of sense.
Also, regarding two other comments:
More financial penalties for high-chargeback merchants? That seems unhelpful, considering that in most cases (not all, admittedly), it isn't the merchant at fault. Additional fraud screening and actual help for confused merchants would probably more effectively prevent fraud. Penalties certainly encourage merchants to take action against fraud, but it's very difficult to find out how to do so.
The extra digits on the back of Visa/MC cards seem fairly useless to me, as if a Web site that asked for them is compromised, you're no better off than with a "normal" card.
From what I've seen so far, the reliability of a DSL line depends a great deal on the provider. I understand that Flashcom has one of the worst reputations out there - there's more on that in other comments.
With one exception, everyone I've talked to that has DSL service directly from their telephone company is disappointed with it. My cable modem service through Frontier GlobalCenter was quite terrible, too, and I understand that @Home's service level is declining rapidly (although it's definitely still better than dialup).
Both of my DSL lines have been with a fairly small, local Internet provider. My first DSL line, with Rhythms as the circuit provider, had a nightmarish installation process. For example, Rhythms lied about when their technician would arrive to do inside wiring - for about three weeks. The line was very stable for a number of months, but Rhythms started having city-wide eight-hour outages, and not admitting that they knew about them until five hours in.
Right now, I'm almost done switching everything over to a new DSL line through NorthPoint. The installation went fairly smoothly, with the only installation delay being over the weekend, as they hadn't fully routed the line. It's been much more stable than the Rhythms line, so far, and my ISP says that NorthPoint tends to be much more reliable and alert than Rhythms or Covad. That seems to be true, although I haven't dealt with a Covad line.
Good luck! (I'm not affiliated with any of these companies, etc.)
It's very unlikely. While DSL runs over the telephone network, and telcos are at least somewhat flexible about the service they provide, cable modem service is provided over the same wiring that your cable TV service is on. The cable company isn't exactly likely to let you transmit whatever you like over their cabling.
What's more, in places that don't already have cable modem service, the cable network is often unidirectional - you can't send data back to the cable company, let alone to any other customers. This is even the case in a few places with cable modems, where you end up uploading over a standard modem and downloading over cable.
Of course, you could always run your own cable, but if you do that, you're much better off using standard copper or fiber-optics with equipment that's not meant for data over cable TV.
Disclaimer: I am not a telephone/cable technician.:)
I've noticed a lot of multiple-step spam coming out of AOL recently, and wondered why it was worse than usual - now I know.:) This won't help me a great deal, since I don't use ORBS, but it's good to see them taking action. I think that the MAPS RSS would list the open servers, though, if they were reported.
For spam filtering at my site, I use two services: the MAPS RBL, which lists the IP address blocks of repeat and unrepentant spammers, and the MAPS RSS, which lists any still-open relays that have been spammed through.
MAPS RSS is different from ORBS in that spam must have been sent through a server at least once for it to be listed - you won't get listed in the RSS if you just block relay tests from them. ORBS is somewhat less "polite," and I don't use them because of the larger number of false-positive spam-blocks.
I'd use the MAPS DUL, which is a list of IPs used for modem pools (which should always be using their ISP's SMTP servers), but I can't get Sendmail to allow relaying from DUL-blocked IPs that should be otherwise allowed to relay through me (customers of mine using DRAC POP-before-SMTP). Anyone?
All casein is from a dairy source but is quite far removed from any dairy allergans as far as we know. By the way, we are actively working on replacing the cheese with a vegan non-casein product.
Well, for Microsith, the machine and bandwidth are handling things very well, but Apache is a little bit unhappy. I've tuned its configuration parameters, and it should behave better now.
Actually, you usually can have a T1 run to your house - just be prepared to pay extra for mileage. (Dedicated ISDN also depends on the provider - in many Pacific Bell service areas, you can't get flat-rate pricing, so always-on service would end up costing around $600 per month.)
Well, I run a small ISP (Sandwich.Net), and our Web hosting accounts start at $5.95/month ($1.95/month extra for shell), including e-mail access. I'm told we have good customer service - I do my best.:)
For those of you who are, like me, too lazy to read through the entire set of comments on ZDNet, here are links to a few truly clueless ones - complete with the obligatory sarcastic comments.:)
Amusingly enough, Apple Records once tried to sue Apple Computer. If I recall correctly, Apple Computer agreed that their computers would never be used as recording devices...that's where the system sound "Sosumi" comes from.
One thing you might try to use for CPU cooling: a Peltier cooling unit. I bought one from ComputerNerd a while back. I haven't had a chance to install it yet, but it certainly looks impressive.:)
It looks as if they might not be carrying this model any more, though - the only Peltier units I see on their Web site are for older Socket 7 Pentiums, not Pentium IIs. (The model I have is a PAP2X3B.)
I've heard that Peltier units can get cold enough to actually freeze water, which is a problem. If the system is running in too hot an environment, it may cause condensation, which is definitely not a good thing.
Slashdot Mirror
This! If you're able to see credit card information, then they are not storing it in a PCI DSS compliant manner, and Visa/MasterCard should be extremely interested.
I used to accept AmEx, and had some very bad experiences with them. They would regularly send me incorrect letters, including sensitive data intended for other merchants, and outright refused on at least three occasions to warn cardholders whose data had been compromised and used for fraudulent orders.
They do not necessarily always withhold funds from the merchant until the cardholder has paid. Disputed charges were taken back out of my bank account, just like Visa/MasterCard's process.
This was all back in 1999, so YMMV, but I still refuse to use or accept AmEx.
I used to be the lead sysadmin and security manager for a company with a fairly active Internet connection, using around 600Mbps constantly. I was working closely with the network engineer, having had very little Cisco experience prior to the job, and we were implementing some filtering (I believe for Code Red) on the core router.
I wrote up the access list (Cisco filtering rule), the network admin checked it over, and we pasted it into the router's configuration over SSH. Milliseconds after the change was made, we both realized that we had forgotten the "permit ip any any" at the end of the ACL. Cisco's default behavior is to deny any packets that aren't specifically allowed. Sure enough, I hit Return a few times, and our session to the router was dead. About twenty seconds later, all of the phones started ringing.
I have never seen anyone find a spare laptop and serial cable as quickly as we did. Surprisingly, neither of us were reprimanded for the five-minute outage during peak hours. I guess that this was fairly minor, since the company had so many problems in general, but that's another story...
If you haven't already, I'd definitely give the Registrar of Voters a call (858-565-5800) and complain about that poll worker. Human error is one thing, but her being disgusted with your party is way over the line. There are supposed to be absolutely no political opinions discussed at the poll, especially among poll workers.
In that precinct (Marview)? I think there were only three or four voters who acted remotely like Slashdotters. Good to see ya. :) Unfortunately, there's next to nothing that we individual poll workers could have done. I understand that the Registrar of Voters was offering paper ballots down at their main office, but it wasn't well publicized.
We were supposed to read your registered party off the roster, rather than asking you or saying it out loud. That wasn't the case for much of the day, though, much to my consternation.
The write-in system is apparently restricted to qualified write-in candidates: those who have gathered a certain number of signatures. We had a sheet, printed at the last minute, of who those qualified candidates were. I believe that other write-ins would have been discarded later.
Here's hoping things improve.
The Tenchi Muyo Ultimate Edition box set - all of the OAV episodes, plus extra stuff, on three DVDs - has excellent quality. Anime on DVD (a very useful site) has several reviews of the set.
Fortunately, it looks like almost all companies that release anime have gotten the message - I've only heard of a single anime DVD, Princess Mononoke, that's dub-only. I think that's because the producers are worried about people "reverse-importing" the DVD (since Mononoke isn't out on DVD in Japan yet).
In fact, I seem to recall that one company decided to stop releasing subtitled anime on VHS, and will subtitle only the DVD versions in order to save costs.
This practice, or something like it, has been going on for a long time, in the form of "private peering." Very large Web hosting providers - even a few individual super-high-traffic sites, I think - have been arranging private, direct connectivity between themselves and some large dial-up access networks for a long time. Private peering helps connections between two networks move faster, and also takes what can be a large amount of traffic off the more general backbones.
I don't think that this is a bad (or even particularly new) thing. It will be time to worry when a site starts deliberately slowing down or denying connections to networks without "special arrangements," but it looks like that won't happen for a long time, if ever.
I have some very strong opinions about this. I used to sell Web hosting and UNIX shell accounts on my site, Sandwich.Net. We were doing very well for a while (we even ran some banner ads on Slashdot), but we shut down commercial operations after a very large loss brought on by credit card fraud.
:) Feel free to e-mail me if you're interested in more details. (I'd be happy to discuss the merchant service provider and credit card companies involved.) I hope this message made at least some amount of sense.
Apparently, we were very popular with the "script kiddie" community. About 90% of credit card orders that we received turned out to be fraudulent (immediately or eventually) - not from credit cards that had been physically stolen, but from compromised credit card numbers and account information. For some reason, almost 75% of those fraudulent orders were either using Malaysian cards or came from Malaysian dial-up accounts.
For Internet ordering, most merchants use AVS, the Address Verification System, for fraud screening. I understand that there are some other systems available now. With AVS - and even with most new systems that I've seen hyped - if your personal information is compromised along with the card number (which is very common), the system is completely useless. AVS doesn't work with credit cards from outside the U.S. or Canada anyway.
If I had required that users fax me a copy of their credit card and picture ID, I suspect that I could have prevented very nearly all of the credit card fraud that happened. As it was, our merchant service provider terminated our merchant account for excessive chargebacks, and charged us a certain amount per chargeback, which added up to a large loss. It would have helped had the provider actually provided us with anything other than AVS for fraud screening, or with decent customer service or advice. A system like that suggested in the article, where assurance is traded among merchants, sounds good, but I agree that it raises some major privacy concerns.
Banks and merchant service providers don't seem to care very much about this. After I realized what was going on (far too late to stop most of the chargebacks), I ended up denying most international orders, and calling banks in North America to verify the charges. Most of them were very unhelpful - I now know which banks I never want to get a credit card from...
I could keep going on about this for several pages.
Also, regarding two other comments:
More financial penalties for high-chargeback merchants? That seems unhelpful, considering that in most cases (not all, admittedly), it isn't the merchant at fault. Additional fraud screening and actual help for confused merchants would probably more effectively prevent fraud. Penalties certainly encourage merchants to take action against fraud, but it's very difficult to find out how to do so.
The extra digits on the back of Visa/MC cards seem fairly useless to me, as if a Web site that asked for them is compromised, you're no better off than with a "normal" card.
From what I've seen so far, the reliability of a DSL line depends a great deal on the provider. I understand that Flashcom has one of the worst reputations out there - there's more on that in other comments.
With one exception, everyone I've talked to that has DSL service directly from their telephone company is disappointed with it. My cable modem service through Frontier GlobalCenter was quite terrible, too, and I understand that @Home's service level is declining rapidly (although it's definitely still better than dialup).
Both of my DSL lines have been with a fairly small, local Internet provider. My first DSL line, with Rhythms as the circuit provider, had a nightmarish installation process. For example, Rhythms lied about when their technician would arrive to do inside wiring - for about three weeks. The line was very stable for a number of months, but Rhythms started having city-wide eight-hour outages, and not admitting that they knew about them until five hours in.
Right now, I'm almost done switching everything over to a new DSL line through NorthPoint. The installation went fairly smoothly, with the only installation delay being over the weekend, as they hadn't fully routed the line. It's been much more stable than the Rhythms line, so far, and my ISP says that NorthPoint tends to be much more reliable and alert than Rhythms or Covad. That seems to be true, although I haven't dealt with a Covad line.
Good luck! (I'm not affiliated with any of these companies, etc.)
It's very unlikely. While DSL runs over the telephone network, and telcos are at least somewhat flexible about the service they provide, cable modem service is provided over the same wiring that your cable TV service is on. The cable company isn't exactly likely to let you transmit whatever you like over their cabling.
:)
What's more, in places that don't already have cable modem service, the cable network is often unidirectional - you can't send data back to the cable company, let alone to any other customers. This is even the case in a few places with cable modems, where you end up uploading over a standard modem and downloading over cable.
Of course, you could always run your own cable, but if you do that, you're much better off using standard copper or fiber-optics with equipment that's not meant for data over cable TV.
Disclaimer: I am not a telephone/cable technician.
I've noticed a lot of multiple-step spam coming out of AOL recently, and wondered why it was worse than usual - now I know. :) This won't help me a great deal, since I don't use ORBS, but it's good to see them taking action. I think that the MAPS RSS would list the open servers, though, if they were reported.
For spam filtering at my site, I use two services: the MAPS RBL, which lists the IP address blocks of repeat and unrepentant spammers, and the MAPS RSS, which lists any still-open relays that have been spammed through.
MAPS RSS is different from ORBS in that spam must have been sent through a server at least once for it to be listed - you won't get listed in the RSS if you just block relay tests from them. ORBS is somewhat less "polite," and I don't use them because of the larger number of false-positive spam-blocks.
I'd use the MAPS DUL, which is a list of IPs used for modem pools (which should always be using their ISP's SMTP servers), but I can't get Sendmail to allow relaying from DUL-blocked IPs that should be otherwise allowed to relay through me (customers of mine using DRAC POP-before-SMTP). Anyone?
More information on MAPS services is available at http://www.mail-abuse.org/ (not affiliated, etc.).
An e-mail response from Scott Adams Foods:
All casein is from a dairy source but is quite far removed from any dairy
allergans as far as we know. By the way, we are actively working on
replacing the cheese with a vegan non-casein product.
(Sarcasm mode on.)
Considering that AOL and Time Warner frequently screw their customers, I find the term "cross-fertilization" very appropriate.
Well, for Microsith, the machine and bandwidth are handling things very well, but Apache is a little bit unhappy. I've tuned its configuration parameters, and it should behave better now.
:)
(I run the ISP that hosts Microsith.
Actually, you usually can have a T1 run to your house - just be prepared to pay extra for mileage. (Dedicated ISDN also depends on the provider - in many Pacific Bell service areas, you can't get flat-rate pricing, so always-on service would end up costing around $600 per month.)
You might want to look at the Open Source Web Presence Project.
Well, I run a small ISP (Sandwich.Net), and our Web hosting accounts start at $5.95/month ($1.95/month extra for shell), including e-mail access. I'm told we have good customer service - I do my best. :)
Can you say "syndrop?"
Mmmm, FUD.
Shutting up now, sir.
"Complete package" like Web server, six different editors...
Apache::ASP, perhaps.
New technology...macro viruses, you mean?
Gold Bar, WA...hmm, 36 miles from Redmond...
"Lazy programmer's version" meaning that you don't have to pay $600 for the compiler?
Yes, 400-1400 users are just so easy to simulate in a lab environment.
Amusingly enough, Apple Records once tried to sue Apple Computer. If I recall correctly, Apple Computer agreed that their computers would never be used as recording devices...that's where the system sound "Sosumi" comes from.
It looks as if they might not be carrying this model any more, though - the only Peltier units I see on their Web site are for older Socket 7 Pentiums, not Pentium IIs. (The model I have is a PAP2X3B.)
I've heard that Peltier units can get cold enough to actually freeze water, which is a problem. If the system is running in too hot an environment, it may cause condensation, which is definitely not a good thing.