I'll back this one up. Nintendo has a disc (commonly known to the homebrew community as the "Gayfish" disc due to the fish printed on it) that allows them to transfer a Wii console ID from one console to another. This means that when the new console signs in to the Wii Shop Channel, Nintendo's servers see it as the old Wii, and allow free redownload, just as it would if the old Wii signed in.
Though I should mention that companies will say anything to prevent you from returning a product to the store. Store returns are incredibly expensive to the manufacturer since they most likely have to pay for shipping back to their facility and reimburse the store for the return.
I am aware how peer-reviewed journals "work", and a little insulted by your "dear science layman" arrogance. Nonetheless, I am advocating publishing one's research in open-access peer-reviewed journals, of which there are quite a few nowadays. Apparently you missed the "peer-reviewed" part of my initial post, but I guess that's pretty easy from that ivory tower you're standing on.
I know you need funding, but could you please not sell your research to publishing companies that have paywalls like this? There are open-access peer-reviewed journals for many fields nowadays.
Network Solutions is still living off of the goodwill they had when they were the only domain registrar available. Companies believe that translates into stability.
I've thought this for a while and I'm constantly surprised that we don't see this in presidential elections. That may be because this country is effectively self-limiting itself to Democratic or Republican rule... both of whom would very much like the status quo to continue.
Regulation would fix it if the playing field were leveled, which is what I was getting at. Companies have such greater amounts of influence currently (through good ole' greenbacks) than constituents that they always end up with the advantage.
Stop allowing companies to donate to campaign funds, and stop allowing this sort of tit for tat promising and lobbying. Then the government will actually start to work for us.
All of the shutdowns, buyouts, prohibitive laws, monopoly over the lines, and other occurrences that killed competitors had nothing at all to do with the incumbent providers...
Regulation would fix this. The cost of entry into the broadband market is so prohibitively high that only the largest companies (e.g. Google) can even consider laying down a new broadband access grid. Line sharing is supposed to allow for open competition. But as usual, the ability of companies to donate millions of dollars, through various means, to campaign committees means our representatives listen to them, not us, and not common sense when their lobbyists put forward an anticompetitive bill.
Fix Washington, fix this. Like just about everything else.
Sure, which is why I said that the liability has to be on the banks in case your PIN is stolen. There's absolutely no way to be fully secure with that, and if everything is standardized on one system (i.e. chip-and-PIN), one successful attack spreads the vulnerability to everyone with that card. Not so with externally verified PINs.
I think it's part of the culture that has been taught to developers for a while to hide errors from the user, and instead log them for the administrator. Is it wise? Probably not in an OS, and definitely not for common errors like a connection issue (which is really more of an exception).
There's no need for a chip on the card; simply have banks do PIN verification remotely, and lock (and mark) the card after a few attempts. Use public key cryptography to both identify valid PIN pads and encrypt data (i.e. the PIN and transaction details) so only the bank can read it.
This avoids any possible crack on the chip itself, which has already been cracked at least once, and cracking the bank's remote systems is probably harder than simply breaking into a branch.
The real reason banks are pushing chip-and-PIN is because they all have a little clause in their contracts that states that if a PIN is entered, the transaction is valid if the card hasn't already been reported as stolen. It's a liability shift that they hope will fly under the radar, since, for them, it means losing less money refunding stolen funds, and making more money from the overdraft fees that result. This could be changed with regulation, but who's counting on that?
What the hell? I've never heard of a system that required you to authorize a transaction prior to running AVS, and I've worked with countless online stores. You need a new merchant account / system.
To be fair, programs like Verified by Visa do attempt to stem this... but then, conspiracy theorists could make the argument that Visa only did that to make it harder to make a chargeback in case that password is stolen (kinda like PIN-authenticated transactions in Chip-and-PIN countries).
It is a little weird to me that some merchant accounts allow online transactions without fully using AVS (address verification system). The real problem here are those last two examples you gave:
"POCODE" "123 Fake Street"
Where the full set of data isn't being transmitted. I know gas stations do this for convenience, but those are card-present transactions... online ones should be fully authenticated.
You have a license plate on your car that's publicly viewable, and you don't have the right to obstruct/hide it. What's the problem with that?
A license plate is an indexed key. To actually obtain the data associated with the key, you have to be in a position of authority (e.g. a police officer).
You have an address on the door to your place that's publicly viewable. What's the problem with that?
You're already there.
You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?
You don't? Tell that to Anonymous.
You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?
You can contest things that happen to your bank account. Nonetheless, I don't let just anyone have the information on my checks.
You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?
No, I don't.:^P Further, even if I did, people have to get close enough to view it. It's not in a publicly accessible database, like WHOIS data for domains.
I like the ability to anonymously post information to the internets. Part of that is the ability to be free from WHOIS spam as part of a domain registration.
Slashdot Mirror
I'll back this one up. Nintendo has a disc (commonly known to the homebrew community as the "Gayfish" disc due to the fish printed on it) that allows them to transfer a Wii console ID from one console to another. This means that when the new console signs in to the Wii Shop Channel, Nintendo's servers see it as the old Wii, and allow free redownload, just as it would if the old Wii signed in.
Though I should mention that companies will say anything to prevent you from returning a product to the store. Store returns are incredibly expensive to the manufacturer since they most likely have to pay for shipping back to their facility and reimburse the store for the return.
Congratulations, you've reinvented The Digital Art Auction.
I would like to see it used more though, since the quicker people start using that, the quicker we can phase out copyright in general.
I run Linux.
*rides off into the sunset*
I am aware how peer-reviewed journals "work", and a little insulted by your "dear science layman" arrogance. Nonetheless, I am advocating publishing one's research in open-access peer-reviewed journals, of which there are quite a few nowadays. Apparently you missed the "peer-reviewed" part of my initial post, but I guess that's pretty easy from that ivory tower you're standing on.
I pretty much have constant mod points and I've had the box clicked a while.
I know you need funding, but could you please not sell your research to publishing companies that have paywalls like this? There are open-access peer-reviewed journals for many fields nowadays.
Without China, other governments will get the same idea, and the tool becomes completely useless. C'mon Google, grow some balls.
Network Solutions is still living off of the goodwill they had when they were the only domain registrar available. Companies believe that translates into stability.
Where are the books now?
I'm pretty sure Verizon will have no problems with that one.
I've thought this for a while and I'm constantly surprised that we don't see this in presidential elections. That may be because this country is effectively self-limiting itself to Democratic or Republican rule... both of whom would very much like the status quo to continue.
Regulation would fix it if the playing field were leveled, which is what I was getting at. Companies have such greater amounts of influence currently (through good ole' greenbacks) than constituents that they always end up with the advantage.
Stop allowing companies to donate to campaign funds, and stop allowing this sort of tit for tat promising and lobbying. Then the government will actually start to work for us.
All of the shutdowns, buyouts, prohibitive laws, monopoly over the lines, and other occurrences that killed competitors had nothing at all to do with the incumbent providers...
Regulation would fix this. The cost of entry into the broadband market is so prohibitively high that only the largest companies (e.g. Google) can even consider laying down a new broadband access grid. Line sharing is supposed to allow for open competition. But as usual, the ability of companies to donate millions of dollars, through various means, to campaign committees means our representatives listen to them, not us, and not common sense when their lobbyists put forward an anticompetitive bill.
Fix Washington, fix this. Like just about everything else.
Sure, which is why I said that the liability has to be on the banks in case your PIN is stolen. There's absolutely no way to be fully secure with that, and if everything is standardized on one system (i.e. chip-and-PIN), one successful attack spreads the vulnerability to everyone with that card. Not so with externally verified PINs.
You're right, I shouldn't have tried to combat your bullshit craziness with logic. My mistake.
I read that post (probably by the same author as the GGP) long enough to say:
What the shit?
God damn, people, different people have different libidos. We don't have to kill each other over it.
I think it's part of the culture that has been taught to developers for a while to hide errors from the user, and instead log them for the administrator. Is it wise? Probably not in an OS, and definitely not for common errors like a connection issue (which is really more of an exception).
There's no need for a chip on the card; simply have banks do PIN verification remotely, and lock (and mark) the card after a few attempts. Use public key cryptography to both identify valid PIN pads and encrypt data (i.e. the PIN and transaction details) so only the bank can read it.
This avoids any possible crack on the chip itself, which has already been cracked at least once, and cracking the bank's remote systems is probably harder than simply breaking into a branch.
The real reason banks are pushing chip-and-PIN is because they all have a little clause in their contracts that states that if a PIN is entered, the transaction is valid if the card hasn't already been reported as stolen. It's a liability shift that they hope will fly under the radar, since, for them, it means losing less money refunding stolen funds, and making more money from the overdraft fees that result. This could be changed with regulation, but who's counting on that?
Microsoft isn't really in the business of providing a virus scanner as one of their free updates. Oh wait...
*continues running Ubuntu*
Corporate accounts payable, Nina speaking, just a moment...
Corporate accounts payable, Nina speaking, just a moment...
Corporate accounts payable, Nina speaking, just a moment...
The security game has already been lost.
What the hell? I've never heard of a system that required you to authorize a transaction prior to running AVS, and I've worked with countless online stores. You need a new merchant account / system.
Well, you'll certainly get bad programmers if you choose the ones with 'C+' on their resume.
To be fair, programs like Verified by Visa do attempt to stem this... but then, conspiracy theorists could make the argument that Visa only did that to make it harder to make a chargeback in case that password is stolen (kinda like PIN-authenticated transactions in Chip-and-PIN countries).
It is a little weird to me that some merchant accounts allow online transactions without fully using AVS (address verification system). The real problem here are those last two examples you gave:
"POCODE"
"123 Fake Street"
Where the full set of data isn't being transmitted. I know gas stations do this for convenience, but those are card-present transactions... online ones should be fully authenticated.
You have a license plate on your car that's publicly viewable, and you don't have the right to obstruct/hide it. What's the problem with that?
A license plate is an indexed key. To actually obtain the data associated with the key, you have to be in a position of authority (e.g. a police officer).
You have an address on the door to your place that's publicly viewable. What's the problem with that?
You're already there.
You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?
You don't? Tell that to Anonymous.
You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?
You can contest things that happen to your bank account. Nonetheless, I don't let just anyone have the information on my checks.
You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?
No, I don't. :^P Further, even if I did, people have to get close enough to view it. It's not in a publicly accessible database, like WHOIS data for domains.
I like the ability to anonymously post information to the internets. Part of that is the ability to be free from WHOIS spam as part of a domain registration.