My local credit unions either refuse to issue credit cards, or have co-branded cards that are actually issued by the major bank down the street from them. Credit cards is a risky game that small banks can't afford, because if the major employer in town shuts down they just might get defaults from enough people that the banks stability could be at stake. They aren't in the Too Big To Fail club.
Credit card denials are actually profitable for the card issuers, they get to charge a fee when all they do is have to tell the merchant "no" plus collect the full regular fee when the transaction is retried after the problem is fixed or they pull out another card.
Here's the thing. You need a database server, an interactive phone system, and humans to talk to people who hit wrong buttons or don't have a clear enough phone line for touch tones... all of which cost money!
So, if the cost of faking the authentication and paying the fraud off weeks later (if it's caught by the consumer in time) is less than running the real system, that's profit for the bank's shareholders and our financial system requires the bank do what's best for the shareholders, not the customers.
Visa, MasterCard, AmEx, Discover, etc. should enforce a standard for these things, but they don't because if they did they'd have to punish HSBC, and in order to do that they'd lose transaction fees from a competitor that HSBC would most likely start....
I use non-conforming SSL all of the time... to get back to my own servers where I don't need to verify organizational integrity, I just want an encryption layer protecting me from snoopers.
Yeah, I'll honor the stop sign if a site asking me for money or access to another account can't verify itself, but why do I need to check my own ID?
Just add some packet inspection... if you're sending out packets to the victims of the hack-of-the-day, and they haven't contacted you... you're hacked.:)
Nope, the worst case is the one used on the CNN special I mentioned earlier. If the entire Internet and phone system is down... then all interests have no way of calling their on-call employees and telling them where they're needed. Add a simple attack somewhere unknown on the power grid, and now everything's down. Yep, vital things like hospitals and radio stations can run on gas-powered backups... but wait, how are they going to call their gas supplier to tell them where they need more gas when the phone, Internet, and power networks are all down?
Like I said before, the correct solution is to down the affected systems, and not all systems. We need our communication systems in order to tell the people with hacked systems to fix them!
You might not be in control of the server that you're using... but somebody is. Again, you over load tech support with "Why am I down?" calls, they check that they need the patch... and then they patch to get running again.
We just need a simple legal standard. If you're causing harm to the network by hacking other machines, you must upgrade. If you're simply using more bandwidth, you get charged for your overage. If you're doing something that manufacturer didn't intend like running Linux on your router, you're fine.
We don't need a military-like "big red button" in the boss's office that shuts down all Internet systems... that would open us up to even worse problems. (Did anybody watch the recent CNN special "We Were Warned: Cyber Shockwave" about this situation exactly? If you shut down all civilian communications, how are you going to tell workers where they're needed? A simple attack somewhere along the power grid, and nobody will know where the fault is to repair it.)
But, there is something we should give over in this area. The ability to kill programs that are causing damage to other systems or the Internet structure. Basically, if food has a problem, we recall what had the problem, not all food. If MS-SQL has a problem, we have an Internet outage... what if Microsoft was able to say "You must patch to version 7.3.43... we've got a security problem with 7.3.42." Basically, if you're running a "wrong" version of an application, you shouldn't be allowed to expose that to the Internet... you're just going to spread the worm of the day once you get caught by the bad guys. Can we have some good guys shut you down first?
The difference is clear... you don't shut down the whole Internet when things go bad, you shut down the bad application. SysAdmins will notice their service is down, and hopefully will get a nice clear message that they've put off the patches for too long, and if their server wasn't already spreading the worm, it was about to before the kill switch got in the way.
This is much like the college solution where if their honeypot detects that you've sent out a worm packet, they tell the nearest network switch to cut you off. You notice your IM client can't connect and neither can your web browser, and call IT. The Internet isn't down... you're down for the safety of the computers around you. Bring your machine to IT, pay for the cleanup service and a free copy of the college's favorite anti-virus, and while you carry your machine back to the dorm they turn your port back on.
This is just basic cyber-defense. You're totally secure if you unplug everything... but then you also lose the services which are the point of having the server. We need to use the good servers to keep some level of communication going... and spread the word that the bad servers need the patch that was released a few months ago! When things go wrong, you don't throw the whole thing out without trying to fix it first!
ICQ's current network is worthless... it's an AIM client with it's own interface and numbering-for-usernames scheme. However, as a brand name it's still worth something to those who remember when it was cool.
Look what's happened to Napster. From being the #1 illegal file sharing system, to now a division of Best Buy selling legal streaming and MP3 downloads... people realized that once separated from the sued-to-death original company, the name and logo still had value.
Direct Connection has been removed more recent versions of AIM because its risks outweighed its benefits. Disclosing your IP address to somebody you barely or don't know is risky. Disclosing your IP address and the fact you're using an certain versions AIM is an invitation to hackers.
Bad guys use hard-to-intercept communication... and those who do use intercepted communication tend to land out of play in an area called "Jail" or "Dead".
Therefore, by that selection process, only those use the non-intercept-able network keep going.
I think the fear is that link bay be broken up by this sale.
Anybody who was watching MSNBC's Countdown around 2008-2009 know that there's a highly controlled rooms at AT&T where nearly all long distance telephone traffic flow through and while curious AT&Ters are not allowed, government agents are.
This is the spy community saying "If ICQ moves to Russia, we might not be able to tap it anymore!"
There's a way... have the home office that owns both divisions control the Google AdWords account and let them declare redundancy when there's two divisions doing the same. (What "declared redundant" is British for what us Americans call "laid-off"? I guess that's the point...)
Unresolved cliffhangers are the fault of the showrunners... you shouldn't write such things when you don't have next season's renewal order in hand. Just as David X. Cohen says in the interview, it's up to him to write the 26th episode of this order as a potential series finale while still allowing the possibility that it also might not be the end.
The group that decides whether you get a.com,.net. or.org is... whomever's paying and taking the registration fee. Many for-profit groups register all three for protection of their brand. Other domains, like most geography-specific domains require you have a tie to that area, although some lucky countries got American-valuable domains like.TO,.TV, and.AM and opted to just collect the fee. Government domains like.gov and.mil are closely regulated for official US Government use and publications.
there were many Futurama eps that simply NEVER aired on the east coast
Before The OT (a Fox Sports postgame show) was installed as the permanent resident of the 7:30pm ET Sunday slot, Fox actually used the same array of satellite back-hauls as the regional NFL coverage for the late games for primetime programming, so the network remained split. This gave them the ability to start primetime as soon as the game was over, but also meant the time-compression to get the network done in time for 10pm newscasts varied from city to city. It was a completely DVR-unfriendly mess.
Sarah Connor Chronicles tried to do a hour of Terminator-movie-quality special effects every week. In order to pull that off, Fox had to commit to a full year's order and hope that they could draw the audience to pay for it. It needed to be as popular as 24 to work, and it didn't.
The owners of Slashdot.org would most likely serve a C&D on whomever registers slashdot.xxx for the clear trademark violation. TLD owners like.TV and.CC used to brag about the major companies registering all their trademarks with them... when really all those companies were doing was making sure nobody else used their brands the wrong way.
With the new rules letting any company/group create a TLD if they've got the money and infrastructure, it's only a matter of time before we'll be going to Sprite.coca-cola and BigMac.McD.... so why not give the sex operators a red light district that's easily blockable. Sure, it won't block 100% of porn, but it's one rule that can block 100% porn with no false positives.
Slashdot Mirror
My local credit unions either refuse to issue credit cards, or have co-branded cards that are actually issued by the major bank down the street from them. Credit cards is a risky game that small banks can't afford, because if the major employer in town shuts down they just might get defaults from enough people that the banks stability could be at stake. They aren't in the Too Big To Fail club.
Credit card denials are actually profitable for the card issuers, they get to charge a fee when all they do is have to tell the merchant "no" plus collect the full regular fee when the transaction is retried after the problem is fixed or they pull out another card.
This is why we have a government that forces companies to go through safety recalls...
Here's the thing. You need a database server, an interactive phone system, and humans to talk to people who hit wrong buttons or don't have a clear enough phone line for touch tones... all of which cost money!
So, if the cost of faking the authentication and paying the fraud off weeks later (if it's caught by the consumer in time) is less than running the real system, that's profit for the bank's shareholders and our financial system requires the bank do what's best for the shareholders, not the customers.
Visa, MasterCard, AmEx, Discover, etc. should enforce a standard for these things, but they don't because if they did they'd have to punish HSBC, and in order to do that they'd lose transaction fees from a competitor that HSBC would most likely start....
Yep... and that's the most-often mistakenly given command I ever issue.
I use non-conforming SSL all of the time... to get back to my own servers where I don't need to verify organizational integrity, I just want an encryption layer protecting me from snoopers.
Yeah, I'll honor the stop sign if a site asking me for money or access to another account can't verify itself, but why do I need to check my own ID?
Just add some packet inspection... if you're sending out packets to the victims of the hack-of-the-day, and they haven't contacted you... you're hacked. :)
Nope, the worst case is the one used on the CNN special I mentioned earlier. If the entire Internet and phone system is down... then all interests have no way of calling their on-call employees and telling them where they're needed. Add a simple attack somewhere unknown on the power grid, and now everything's down. Yep, vital things like hospitals and radio stations can run on gas-powered backups... but wait, how are they going to call their gas supplier to tell them where they need more gas when the phone, Internet, and power networks are all down?
Like I said before, the correct solution is to down the affected systems, and not all systems. We need our communication systems in order to tell the people with hacked systems to fix them!
You might not be in control of the server that you're using... but somebody is. Again, you over load tech support with "Why am I down?" calls, they check that they need the patch... and then they patch to get running again.
We just need a simple legal standard. If you're causing harm to the network by hacking other machines, you must upgrade. If you're simply using more bandwidth, you get charged for your overage. If you're doing something that manufacturer didn't intend like running Linux on your router, you're fine.
How about we lay off the legislators for 20 years... oops, that's not a good idea.
BitTorrent isn't destroying networks unless you're counting the TV kind.
We don't need a military-like "big red button" in the boss's office that shuts down all Internet systems... that would open us up to even worse problems. (Did anybody watch the recent CNN special "We Were Warned: Cyber Shockwave" about this situation exactly? If you shut down all civilian communications, how are you going to tell workers where they're needed? A simple attack somewhere along the power grid, and nobody will know where the fault is to repair it.)
But, there is something we should give over in this area. The ability to kill programs that are causing damage to other systems or the Internet structure. Basically, if food has a problem, we recall what had the problem, not all food. If MS-SQL has a problem, we have an Internet outage... what if Microsoft was able to say "You must patch to version 7.3.43... we've got a security problem with 7.3.42." Basically, if you're running a "wrong" version of an application, you shouldn't be allowed to expose that to the Internet... you're just going to spread the worm of the day once you get caught by the bad guys. Can we have some good guys shut you down first?
The difference is clear... you don't shut down the whole Internet when things go bad, you shut down the bad application. SysAdmins will notice their service is down, and hopefully will get a nice clear message that they've put off the patches for too long, and if their server wasn't already spreading the worm, it was about to before the kill switch got in the way.
This is much like the college solution where if their honeypot detects that you've sent out a worm packet, they tell the nearest network switch to cut you off. You notice your IM client can't connect and neither can your web browser, and call IT. The Internet isn't down... you're down for the safety of the computers around you. Bring your machine to IT, pay for the cleanup service and a free copy of the college's favorite anti-virus, and while you carry your machine back to the dorm they turn your port back on.
This is just basic cyber-defense. You're totally secure if you unplug everything... but then you also lose the services which are the point of having the server. We need to use the good servers to keep some level of communication going... and spread the word that the bad servers need the patch that was released a few months ago! When things go wrong, you don't throw the whole thing out without trying to fix it first!
ICQ's current network is worthless... it's an AIM client with it's own interface and numbering-for-usernames scheme. However, as a brand name it's still worth something to those who remember when it was cool.
Look what's happened to Napster. From being the #1 illegal file sharing system, to now a division of Best Buy selling legal streaming and MP3 downloads... people realized that once separated from the sued-to-death original company, the name and logo still had value.
Direct Connection has been removed more recent versions of AIM because its risks outweighed its benefits. Disclosing your IP address to somebody you barely or don't know is risky. Disclosing your IP address and the fact you're using an certain versions AIM is an invitation to hackers.
Bad guys use hard-to-intercept communication... and those who do use intercepted communication tend to land out of play in an area called "Jail" or "Dead".
Therefore, by that selection process, only those use the non-intercept-able network keep going.
I think the fear is that link bay be broken up by this sale.
Anybody who was watching MSNBC's Countdown around 2008-2009 know that there's a highly controlled rooms at AT&T where nearly all long distance telephone traffic flow through and while curious AT&Ters are not allowed, government agents are.
This is the spy community saying "If ICQ moves to Russia, we might not be able to tap it anymore!"
There's a way... have the home office that owns both divisions control the Google AdWords account and let them declare redundancy when there's two divisions doing the same. (What "declared redundant" is British for what us Americans call "laid-off"? I guess that's the point...)
Unresolved cliffhangers are the fault of the showrunners... you shouldn't write such things when you don't have next season's renewal order in hand. Just as David X. Cohen says in the interview, it's up to him to write the 26th episode of this order as a potential series finale while still allowing the possibility that it also might not be the end.
The group that decides whether you get a .com, .net. or .org is... whomever's paying and taking the registration fee. Many for-profit groups register all three for protection of their brand. Other domains, like most geography-specific domains require you have a tie to that area, although some lucky countries got American-valuable domains like .TO, .TV, and .AM and opted to just collect the fee. Government domains like .gov and .mil are closely regulated for official US Government use and publications.
there were many Futurama eps that simply NEVER aired on the east coast
Before The OT (a Fox Sports postgame show) was installed as the permanent resident of the 7:30pm ET Sunday slot, Fox actually used the same array of satellite back-hauls as the regional NFL coverage for the late games for primetime programming, so the network remained split. This gave them the ability to start primetime as soon as the game was over, but also meant the time-compression to get the network done in time for 10pm newscasts varied from city to city. It was a completely DVR-unfriendly mess.
Sarah Connor Chronicles tried to do a hour of Terminator-movie-quality special effects every week. In order to pull that off, Fox had to commit to a full year's order and hope that they could draw the audience to pay for it. It needed to be as popular as 24 to work, and it didn't.
Well, okay... 100% of those who chose to self-identify as porn.
The owners of Slashdot.org would most likely serve a C&D on whomever registers slashdot.xxx for the clear trademark violation. TLD owners like .TV and .CC used to brag about the major companies registering all their trademarks with them... when really all those companies were doing was making sure nobody else used their brands the wrong way.
With the new rules letting any company/group create a TLD if they've got the money and infrastructure, it's only a matter of time before we'll be going to Sprite.coca-cola and BigMac.McD.... so why not give the sex operators a red light district that's easily blockable. Sure, it won't block 100% of porn, but it's one rule that can block 100% porn with no false positives.