JetBlow said they would not release PNR info to the feds. Later, it turned out that they were doing precisely that while lying about it.
You are free, of course, to choose to do business with known liars who hand over your personal information to government spies operating without judicial oversight, and with neither your knowledge or consent. That's one benefit of living, for the time being, in a free country.
Interesting.
IANAL, but it looks like your B+B better get with the program, or it will be breaking a federal law:
SEC. 113. TRUNCATION OF CREDIT CARD AND DEBIT CARD ACCOUNT NUMBERS.
Section 605 of the Fair Credit Reporting Act (15 U.S.C. 1681c) is amended by adding at the end the following: ``(g) Truncation of Credit Card and Debit Card Numbers.-- ``(1) In general.--Except as otherwise provided in this subsection, no person that accepts credit cards or debit cards for the transaction of business shall print more than the last 5 digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of the sale or transaction. ``(2) Limitation.--This <<NOTE: Applicability.>> subsection shall apply only to receipts that are electronically printed, and shall not apply to transactions in which the sole means of recording a credit card or debit card account number is by handwriting or by an imprint or copy of the card.
The issue is that the cost of that "insurance" is too high.
SOX auditors have picked waaaaaay too many nits. Partially this is because of ambiguous (or non-existent) guidance from the PCAOB. Partially it is execs being IT ignoramuses who believe Big 4 FUD. Partially it is seasoned IT folks and internal audit departments lacking a common language, not trusting each other, etc.
Do you not think that Jennifer Granick knows what the Constitution says? She is a lawyer, and a damn well-known and respected one in tech circles.
Free clue -- If I send you a letter about my company, and *am prosecuted for it by the government*, then it is THE GOVERNMENT which arguably is infringing on my right to free speech, NOT the company.
If the company fired me for sending such letters, and that is all that happened, then you'd have a point. Of course, that *isn't* at all what happened -- but if you want to think it is, you have a right to your delusions. Just don't fault us for not sharing them.
People saying they will switch away from AT+T for their DSL or whatever are missing an important point. Because of peering arrangements, your traffic almost certainly goes over AT+T's lines, regardless of who your ISP is.
I seem to recall RMS getting a 'genius grant' a while back. IIRC, those grants come with no strings, not traceability, and aren't conditional upon the recipient being tax-exempt. Basically, the idea seems (I know this sounds nutty) that people who are passionate about something and have made it their life's work will take such gifts in the spirit intended by the giver.
Now, I may be wrong, but I do not recall a flamefest back then about how that anticapitalist hippie Stallman would just spend the money on pizza and T-shirts. Why is it, then, that when the Mozilla group seeks to fund OpenSSH, the standard seems to be different?
Re:MUCH MUCH Much better solution
on
Sudo vs. Root
·
· Score: 1
Typically, with sudo access is granted based on the requester's password, not the root password.
This is extremely useful in an environment where:
1. Direct root login is limited to the console.
2. The root user has an extremely complex password which is changed only when
a "firecall" situation prompts its use.
3. Multiple system administrators need to elevate their privs, and need to have
a half-decent audit trail.
The fact that this kind of environment is something many people haven't experienced doesn't detract one iota from sudo's utility. It was written for such an environment, and it does a damn good job.
1. Fire many of your translators for being gay 2. Wind up with a backlog 3. Ask people you don't know or trust to do the work for free 4. ???? 5. Profit!!
He probably needed to do an ILL because, as stated in TFA, he was looking for a version published in Peking (back in the good old days, no doubt). I'm not sure, but I suspect that the versions at Amazon, etc. are not from The People's Red Star Publishing Company (or whatever).
Putting something in escrow doesn't disclose anything. The WHOLE POINT of escrow is that it uses a disinterested third party to hold on to something you do not want to reveal/give away, but that the other guy won't let you maintain exclusive control over because it gives you too much power.
SW escrow is used all the time for hugely important packages (gee, does voting qualify?), where the purchaser needs to ensure that he can gets his mitts on the code if the vendor decides to go belly up. It is by no means limited to government, and is not at all unusual.
Hint to an enterprising reporter: find out if Diebold is party to any escrow agreements for its ATM code. I bet they do.
The C stands for cretin, apparently
on
The CISO Handbook
·
· Score: 1
Let's not forget that the audience for this book are C-level execs in charge of information security. If folks at that level need to be told that results need to be measured, that access needs to be controlled, that risks need to be managed, then they aren't fit for the positions they hold.
Consider what an equivalent book would be for CFOs --"It ain't just calculators"
No shit.
"security applications and systems" only??
on
Security and Usability
·
· Score: 4, Informative
The reviewer seems to think that security and usability are meant to be attributes only of security applications. That presumption is in error.
Whether Santa Clara needs the money, or whether they "fucked up" handling money in the past, are both irrelevant.
The issue is whether a governmental entity can lease out its property for a profit-making purpose and have that property remain untaxed. If you think the answer to this is an unqualified "yes", then you would not be opposed to any of California's state parks being leased out to car dealers or trailer park owners.
The issue is whether the activities of Google are consistent with the mission of the entity providing the land.
After looking at millions of EBay images and USENET images for possible steg content, Niels Provos and Peter Honeyman found a grand total of ONE image with steg content "in the wild". That image was used by ABC News in a piece about.....steganography.
Using Flickr represents no new threat vector. There really is nothing to see here.
Oh, BTW, all the hip terrorists are Podcasting their stego. It's ueber-7eet!
Slashdot Mirror
Actually, Ross Anderson was the first infosec/crypto dude to channel Akerlof, in section 5 of this paper.
Actually, Mr. Lay died while *awaiting* sentencing, not following sentencing!
If this had been Wikipedia, that embarrassing error would have been fixed by now.
Come on, guys.
That is all.
Excellent job of missing the point entirely.
JetBlow said they would not release PNR info to the feds. Later, it turned out that they were doing precisely that while lying about it.
You are free, of course, to choose to do business with known liars who hand over your personal information to government spies operating without judicial oversight, and with neither your knowledge or consent. That's one benefit of living, for the time being, in a free country.
The issue is that the cost of that "insurance" is too high.
SOX auditors have picked waaaaaay too many nits. Partially this is because of ambiguous (or non-existent) guidance from the PCAOB. Partially it is execs being IT ignoramuses who believe Big 4 FUD. Partially it is seasoned IT folks and internal audit departments lacking a common language, not trusting each other, etc.
Do you not think that Jennifer Granick knows what the Constitution says? She is a lawyer, and a damn well-known and respected one in tech circles.
Free clue -- If I send you a letter about my company, and *am prosecuted for it by the government*, then it is THE GOVERNMENT which arguably is infringing on my right to free speech, NOT the company.
If the company fired me for sending such letters, and that is all that happened, then you'd have a point. Of course, that *isn't* at all what happened -- but if you want to think it is, you have a right to your delusions. Just don't fault us for not sharing them.
That is all.
In Soviet Russia...modern-day Germans are offended by YOU!
People saying they will switch away from AT+T for their DSL or whatever are missing an important point. Because of peering arrangements, your traffic almost certainly goes over AT+T's lines, regardless of who your ISP is.
I seem to recall RMS getting a 'genius grant' a while back. IIRC, those grants come with no strings, not traceability, and aren't conditional upon the recipient being tax-exempt. Basically, the idea seems (I know this sounds nutty) that people who are passionate about something and have made it their life's work will take such gifts in the spirit intended by the giver.
Now, I may be wrong, but I do not recall a flamefest back then about how that anticapitalist hippie Stallman would just spend the money on pizza and T-shirts. Why is it, then, that when the Mozilla group seeks to fund OpenSSH, the standard seems to be different?
Typically, with sudo access is granted based on the requester's password, not the root password.
This is extremely useful in an environment where:
1. Direct root login is limited to the console.
2. The root user has an extremely complex password which is changed only when
a "firecall" situation prompts its use.
3. Multiple system administrators need to elevate their privs, and need to have
a half-decent audit trail.
The fact that this kind of environment is something many people haven't experienced doesn't detract one iota from sudo's utility. It was written for such an environment, and it does a damn good job.
You need to translate from Arabic, so you...
1. Fire many of your translators for being gay
2. Wind up with a backlog
3. Ask people you don't know or trust to do the work for free
4. ????
5. Profit!!
You whiners are never happy. First you complain about monoculture, and then when Bill G gives you an octoculture it isn't good enough either! :^)
He probably needed to do an ILL because, as stated in TFA, he was looking for a version published in Peking (back in the good old days, no doubt). I'm not sure, but I suspect that the versions at Amazon, etc. are not from The People's Red Star Publishing Company (or whatever).
Excel 0day for sale on Ebay: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item =7203336538
Putting something in escrow doesn't disclose anything. The WHOLE POINT of escrow is that it uses a disinterested third party to hold on to something you do not want to reveal/give away, but that the other guy won't let you maintain exclusive control over because it gives you too much power.
SW escrow is used all the time for hugely important packages (gee, does voting qualify?), where the purchaser needs to ensure that he can gets his mitts on the code if the vendor decides to go belly up. It is by no means limited to government, and is not at all unusual.
Hint to an enterprising reporter: find out if Diebold is party to any escrow agreements for its ATM code. I bet they do.
Let's not forget that the audience for this book are C-level execs in charge of information security. If folks at that level need to be told that results need to be measured, that access needs to be controlled, that risks need to be managed, then they aren't fit for the positions they hold.
Consider what an equivalent book would be for CFOs --"It ain't just calculators"
No shit.
The reviewer seems to think that security and usability are meant to be attributes only of security applications. That presumption is in error.
Especially mammalian diploid cleavage. Rooooowwwr.
Whether Santa Clara needs the money, or whether they "fucked up" handling money in the past, are both irrelevant.
The issue is whether a governmental entity can lease out its property for a profit-making purpose and have that property remain untaxed. If you think the answer to this is an unqualified "yes", then you would not be opposed to any of California's state parks being leased out to car dealers or trailer park owners.
The issue is whether the activities of Google are consistent with the mission of the entity providing the land.
It was Western Electric's Hawthorne works, in Cicero, Illinois, and it was in the 30's.
The "german scientist" involved was Elton Mayo.
Unfortunately, he seems to have been too humble to have called it "The Mayo Effect".
Is this a harbinger of an upcoming M$ attempt to take market share away from real computers doing number-crunching in engineering settings?
Hmmm....
After looking at millions of EBay images and USENET images for possible steg content, Niels Provos and Peter Honeyman found a grand total of ONE image with steg content "in the wild". That image was used by ABC News in a piece about.....steganography. Using Flickr represents no new threat vector. There really is nothing to see here. Oh, BTW, all the hip terrorists are Podcasting their stego. It's ueber-7eet!