I read that Mozilla received $300M from Google, and that that money stops, so they're looking for other sources of income. But that makes me think: $300M? What on earth did they spend it on? Certainly not on a 2000 programmer years.
What do you mean, "certainly not"? Their codebase is currently sitting north of 10 million LOC. Depending on their goals, 2000 man-years (design, development, testing, documentation, outreach, etc which could all be done by "developer" types) might not take all that long to go through.
Yup - I had my company buy Netscape licenses for everyone at ~$22 a pop IIRC too. Most people didn't, of course, which is how we ended up with the conundrum that everyone wants browsers to be free even though they're phenomenally complicated pieces of software that form the center of the modern PC's user interface. Since fewer companies are willing to donate employees to work on a browser than they are for, say, the Linux kernel, and the developers like to eat and enjoy housing, they have to figure out some other ways to make money.
And if you see a pothole then the entire system of roads is finished, because they could all crumble and fail and never be patched! OMG!
Noting that there's a mild concern to watch for is one thing. Declaring that the sky is falling because of a way that something might be added to a product (which could have been added to the product just as easily a month ago, I might add, since these tiles have nothing to do with ads elsewhere) is just silly.
Well, it is actually totally off-topic. The discussion is about a survey in which people expressed their beliefs about a particular type of practice. That doesn't mean that any conversation on any belief is automatically on-topic. I believe that whiskey is delicious although I didn't when I was younger, TempleOS believes that God is real, similarly... neither of those beliefs, however sincere, have any bearing on the actual topic other than acknowledging that beliefs can change over time, and both of us (indeed, this entire thread) should be modded "Off-Topic" as a result.
Or looked into his desk and told the world what his written down passwords were. After all, that's not stealing either. What people do with that classified, yet unlocked, information isn't your concern, right?
Except that, by his own testimony during trial, he checked the name on the front door and saw that it was indeed a secure government portal and was locked. In that case, having the janitor let you in the side door is indeed fishy.
He sent a "GET/some_document.html HTTP/1.1" request to a web server run by the French National Agency for Food Safety. The web server, acting per procurationem for the agency, sent him the "secret" document. If I ask you, "Can you give me $10?" and you give me $10 dollars, you can't run around and claim that I stole $10 from you.
If I'm standing behind a big sign that says,"$10 for government employees to pay for parking," at a conference, and you get in line with hundreds of other people making requests for $10, and I forget to check your ID because there's someone at the front door doing it but you came in a side door that I didn't know existed,then yes, you've just stolen $10 from me. That's a more realistic silly analogy here.
Should also add - sealing something as a PE is a really, really big deal. There are substantial penalties for companies trying to "force" a PE to seal a design when they don't want to. Even though most engineering firms provide insurance, when a PE seals something they're taking personal responsibility, legally, for the documents that they seal - if any issues come up that are determined to be faults in the design, its the PE who's legally on the hook, not their employer.
That's not the same as requiring a PE to seal it though, mainly because software PE licenses are a new concept (I'm not actually sure that any have been granted yet to be honest, although they certainly will be granted this year). Even that's going to be interesting, because PE's typically seal a design, never an implementation - and its still a little grey as to which category software fits into. Are the specs sealable? Is the code? Its hard to see how the deployment of code could be, but I guess we'll find out over time (and a few lawsuits).
FWIW, I'm in software, my wife is a civil PE focusing on construction. Makes this an interesting thread:)
I've yet to see a building project as complicated as a garden shed that's perfect either. That's why everything is measured to "within tolerance," where the tolerance is either implicitly (through industry norms) or explicitly (through contract) agreed upon by both parties.
I don't know how it is in the US, but where I live, builders have to have an insurance that guarantees free repair for faulty work for 10 years, even if the company goes bust.
And its often the case with software that a large sale will include items such as insurance requirements, performance guarantees, and even source code escrow, to help provide a similar level of assurance.
However, the vast majority of software will not need a PE license, just as the vast majority of construction does not need to be sealed. Its likely to be mandated in the future for things like avionics, control software, or large projects such as state level payroll systems, which will be interesting to watch.
The word "builder" in the summary is more than a little confusing, since it may refer to anything from a large company responsible for developing raw land into finished houses to a single person responsible for putting bricks on a foundation. Colloquially the latter may be more common, and indeed I believe that the summary is written in that way, however in the industry I believe the former would be the assumed definition (its short for "homebuilder").
If a bricklayer, working for a wall-building company did this, then he'd be paid his normal wage to fix the wall (or fired if it was an egregious enough problem).
The wall-building company itself may indeed fix the wall gratis, but a certain amount of re-work is already baked into their bids. That's one of many, many reasons why companies bill out workers at 2X-3X the amount that they pay them (see also taxes, offices, holidays, paid downtime, &c). Its a cost of doing business for the company, not the employee.
If you're a 1099 contractor then I'd say that if you were working hourly it'd be the same situation as if you were an employee; if you'd bid the project as a project then I'd expect you to deliver it properly functioning, but again I'd also expect that your bid would have accounted for some possible rework.
Its simple enough through most networks to get back a useless-for-charging but unique hash of the card number as part of the transaction, even if you don't make one yourself. That's what you store and use internally, since it no longer counts as "cardholder data" for PCI purposes and you can slop it around safely.
The approximate way that chip and pin works in cards is that unique transaction information is sent to the chip. The chip then signs the response with the entered pin and that's sent for authorization. Even if a particular transaction is sent to the chip from 20 feet away, and the PIN is also sent, the most you'll be able to do is to fraudulently authorize a single transaction. IIRC (may be remembering an obsolete spec, its been a few years) part of the auth is even time-based, so even that's not much use for thieves.
Bottom line though, this isn't new technology. Its used everywhere else on the planet. American's looking at it as if someone's moved our cheese and saying, "This'll never work," just end up looking like Flatlanders in a 3D world - because it totally does work, and has elsewhere for decades. For real.
And did you use it by inserting it only 1/3 of the way in, or did you insert it all the way in?
Anything with a magstripe can have the magstripe portion skimmed. The fact that it also contains a far more secure method of payment doesn't automatically mean that it doesn't contain a magstripe any more.
Very few thieves steal cards. Its far more likely that they steal numbers - and the chip can't be stolen in that way (by design - that's why its a chip not a magstripe, because its response changes based on the unique-to-the-transaction inputs that it receives from the reader).
What you say would be true if the RFID chip simply regurgitated your TRACKDATA. However, its smart enough that your card can have a conversation that's effectively unique for the transaction, drastically reducing fraud attempts (most people aren't attempting to simply use your card to complete an in-process transaction, they want to be able to resell your information for someone else to use in an unknown way later on).
They do. Its basically called 3D-Secure (branded as MasterCard SecureCode or Verified by Visa. It works with a popup on the card brand's domain from their servers rather than a physical device, but its otherwise exactly the same:
Trouble is that if you implement it your sales go way, way, down. Online shopping is already plagued with very low conversion rates, and almost anything you do during the process lowers your sales (possibly increasing fraud, of course, but almost never enough to make it worth it).
You see, this is already in use damn near everywhere else on the planet that uses credit cards.
They used to use the same cards as the US. They switched. Fraud went down. Vendors and banks did, indeed, opt-in. Nobody's brain melted from having to remember their PIN.
That's because of uncertainty though. With the ASICs, whoever buys them is guaranteed to make less potential money than whoever sells them - the seller could simply have plugged it in earlier and run it up until the time of the sale. The only way the pricing makes sense is if the seller either expects bitcoins to decrease in value shortly, or if the payback is long enough that selling 10 machines nets them enough money to build 15 - but that only works if the next 15 will produce fast enough to pass the original 10 in a reasonable amount of time - which is unlikely, since a rapid payoff would have made it far harder to use a decent discount rate on the future value of the initial 10 in the first place.
They're not selling shovels. They're selling gold minds with a known mining speed which contain a guaranteed quantity of gold.
Wasteful irrigation practices temporarily pull water out of the ground and, in general, either let it evaporate to rain down again somewhere else or store it briefly in foodstocks that will be eaten and returned to the system. Fracking takes water out of the ecosystem completely, since its used one time and the waste is typically then stored in containment wells "forever."
After the water is used one time in fracking, its buried into containment wells to be sealed up for the foreseeable future. Its taking a resource that depends on massive reusability and turning it, slowly, into a single-use resource. That's kind of a problem.
Slashdot Mirror
I read that Mozilla received $300M from Google, and that that money stops, so they're looking for other sources of income. But that makes me think: $300M? What on earth did they spend it on? Certainly not on a 2000 programmer years.
What do you mean, "certainly not"? Their codebase is currently sitting north of 10 million LOC. Depending on their goals, 2000 man-years (design, development, testing, documentation, outreach, etc which could all be done by "developer" types) might not take all that long to go through.
Yup - I had my company buy Netscape licenses for everyone at ~$22 a pop IIRC too. Most people didn't, of course, which is how we ended up with the conundrum that everyone wants browsers to be free even though they're phenomenally complicated pieces of software that form the center of the modern PC's user interface. Since fewer companies are willing to donate employees to work on a browser than they are for, say, the Linux kernel, and the developers like to eat and enjoy housing, they have to figure out some other ways to make money.
And if you see a pothole then the entire system of roads is finished, because they could all crumble and fail and never be patched! OMG!
Noting that there's a mild concern to watch for is one thing. Declaring that the sky is falling because of a way that something might be added to a product (which could have been added to the product just as easily a month ago, I might add, since these tiles have nothing to do with ads elsewhere) is just silly.
Well, it is actually totally off-topic. The discussion is about a survey in which people expressed their beliefs about a particular type of practice. That doesn't mean that any conversation on any belief is automatically on-topic. I believe that whiskey is delicious although I didn't when I was younger, TempleOS believes that God is real, similarly... neither of those beliefs, however sincere, have any bearing on the actual topic other than acknowledging that beliefs can change over time, and both of us (indeed, this entire thread) should be modded "Off-Topic" as a result.
Totally true. I don't believe a thing about astrology, but then again I'm a pisces. We're naturally skeptical.
Or looked into his desk and told the world what his written down passwords were. After all, that's not stealing either. What people do with that classified, yet unlocked, information isn't your concern, right?
Except that, by his own testimony during trial, he checked the name on the front door and saw that it was indeed a secure government portal and was locked. In that case, having the janitor let you in the side door is indeed fishy.
He sent a "GET /some_document.html HTTP/1.1" request to a web server run by the French National Agency for Food Safety. The web server, acting per procurationem for the agency, sent him the "secret" document. If I ask you, "Can you give me $10?" and you give me $10 dollars, you can't run around and claim that I stole $10 from you.
If I'm standing behind a big sign that says,"$10 for government employees to pay for parking," at a conference, and you get in line with hundreds of other people making requests for $10, and I forget to check your ID because there's someone at the front door doing it but you came in a side door that I didn't know existed ,then yes, you've just stolen $10 from me. That's a more realistic silly analogy here.
Should also add - sealing something as a PE is a really, really big deal. There are substantial penalties for companies trying to "force" a PE to seal a design when they don't want to. Even though most engineering firms provide insurance, when a PE seals something they're taking personal responsibility, legally, for the documents that they seal - if any issues come up that are determined to be faults in the design, its the PE who's legally on the hook, not their employer.
That's not the same as requiring a PE to seal it though, mainly because software PE licenses are a new concept (I'm not actually sure that any have been granted yet to be honest, although they certainly will be granted this year). Even that's going to be interesting, because PE's typically seal a design, never an implementation - and its still a little grey as to which category software fits into. Are the specs sealable? Is the code? Its hard to see how the deployment of code could be, but I guess we'll find out over time (and a few lawsuits).
FWIW, I'm in software, my wife is a civil PE focusing on construction. Makes this an interesting thread :)
I've yet to see a building project as complicated as a garden shed that's perfect either. That's why everything is measured to "within tolerance," where the tolerance is either implicitly (through industry norms) or explicitly (through contract) agreed upon by both parties.
I don't know how it is in the US, but where I live, builders have to have an insurance that guarantees free repair for faulty work for 10 years, even if the company goes bust.
And its often the case with software that a large sale will include items such as insurance requirements, performance guarantees, and even source code escrow, to help provide a similar level of assurance.
There is, at least in Texas: http://www.tbpe.state.tx.us/do...
However, the vast majority of software will not need a PE license, just as the vast majority of construction does not need to be sealed. Its likely to be mandated in the future for things like avionics, control software, or large projects such as state level payroll systems, which will be interesting to watch.
The word "builder" in the summary is more than a little confusing, since it may refer to anything from a large company responsible for developing raw land into finished houses to a single person responsible for putting bricks on a foundation. Colloquially the latter may be more common, and indeed I believe that the summary is written in that way, however in the industry I believe the former would be the assumed definition (its short for "homebuilder").
If a bricklayer, working for a wall-building company did this, then he'd be paid his normal wage to fix the wall (or fired if it was an egregious enough problem).
The wall-building company itself may indeed fix the wall gratis, but a certain amount of re-work is already baked into their bids. That's one of many, many reasons why companies bill out workers at 2X-3X the amount that they pay them (see also taxes, offices, holidays, paid downtime, &c). Its a cost of doing business for the company, not the employee.
If you're a 1099 contractor then I'd say that if you were working hourly it'd be the same situation as if you were an employee; if you'd bid the project as a project then I'd expect you to deliver it properly functioning, but again I'd also expect that your bid would have accounted for some possible rework.
Its simple enough through most networks to get back a useless-for-charging but unique hash of the card number as part of the transaction, even if you don't make one yourself. That's what you store and use internally, since it no longer counts as "cardholder data" for PCI purposes and you can slop it around safely.
The approximate way that chip and pin works in cards is that unique transaction information is sent to the chip. The chip then signs the response with the entered pin and that's sent for authorization. Even if a particular transaction is sent to the chip from 20 feet away, and the PIN is also sent, the most you'll be able to do is to fraudulently authorize a single transaction. IIRC (may be remembering an obsolete spec, its been a few years) part of the auth is even time-based, so even that's not much use for thieves.
Bottom line though, this isn't new technology. Its used everywhere else on the planet. American's looking at it as if someone's moved our cheese and saying, "This'll never work," just end up looking like Flatlanders in a 3D world - because it totally does work, and has elsewhere for decades. For real.
And did you use it by inserting it only 1/3 of the way in, or did you insert it all the way in?
Anything with a magstripe can have the magstripe portion skimmed. The fact that it also contains a far more secure method of payment doesn't automatically mean that it doesn't contain a magstripe any more.
Very few thieves steal cards. Its far more likely that they steal numbers - and the chip can't be stolen in that way (by design - that's why its a chip not a magstripe, because its response changes based on the unique-to-the-transaction inputs that it receives from the reader).
Complete FUD I'm afraid.
What you say would be true if the RFID chip simply regurgitated your TRACKDATA. However, its smart enough that your card can have a conversation that's effectively unique for the transaction, drastically reducing fraud attempts (most people aren't attempting to simply use your card to complete an in-process transaction, they want to be able to resell your information for someone else to use in an unknown way later on).
They do. Its basically called 3D-Secure (branded as MasterCard SecureCode or Verified by Visa. It works with a popup on the card brand's domain from their servers rather than a physical device, but its otherwise exactly the same:
http://en.wikipedia.org/wiki/3...
Trouble is that if you implement it your sales go way, way, down. Online shopping is already plagued with very low conversion rates, and almost anything you do during the process lowers your sales (possibly increasing fraud, of course, but almost never enough to make it worth it).
The nice thing is that we don't have to guess.
You see, this is already in use damn near everywhere else on the planet that uses credit cards.
They used to use the same cards as the US. They switched. Fraud went down. Vendors and banks did, indeed, opt-in. Nobody's brain melted from having to remember their PIN.
Just relax. It'll be fine.
That's because of uncertainty though. With the ASICs, whoever buys them is guaranteed to make less potential money than whoever sells them - the seller could simply have plugged it in earlier and run it up until the time of the sale. The only way the pricing makes sense is if the seller either expects bitcoins to decrease in value shortly, or if the payback is long enough that selling 10 machines nets them enough money to build 15 - but that only works if the next 15 will produce fast enough to pass the original 10 in a reasonable amount of time - which is unlikely, since a rapid payoff would have made it far harder to use a decent discount rate on the future value of the initial 10 in the first place.
They're not selling shovels. They're selling gold minds with a known mining speed which contain a guaranteed quantity of gold.
Wasteful irrigation practices temporarily pull water out of the ground and, in general, either let it evaporate to rain down again somewhere else or store it briefly in foodstocks that will be eaten and returned to the system.
Fracking takes water out of the ecosystem completely, since its used one time and the waste is typically then stored in containment wells "forever."
After the water is used one time in fracking, its buried into containment wells to be sealed up for the foreseeable future. Its taking a resource that depends on massive reusability and turning it, slowly, into a single-use resource.
That's kind of a problem.