If you pass a PCI audit, and then get credit card data stolen because of an uncompliant practice that the auditors missed, then you're fracked (i.e., fully liable) anyway. THAT is the point of PCI - to ensure that the industry pays for nothing, and both compliance costs and fraud costs are on your (merchant) shoulders.
You wouldn't even get a refund from the auditors for not checking most basic things, they tend to have their legal homework done perfectly even if they are sloppy in the actual audit.
I have around a hundred places online where I have been requested to "make an account" so I have one there. For almost all of them, "123456" and "password" would be too complex passwords - I'd prefer to use a blank one. I don't care about those accounts - and I don't want to care. I don't even want to have those accounts - they're usually a stupid marketing decision by the site owners to offer personalization (that I don't care about) and fight spam (which is somewhat understandable).
Would it really be appropriate to force me to fake caring by choosing "Pas$w0001234567rd", and writing it on a post-it on my monitor and also in a text file on my desktop folder?
I have good passwords for my bank account, my e-mail account and my dropbox account. For other accounts, anything more complex than 'password' is overkill that decreases my security because I won't easily remember the important passwords.
Pretty much all democratic countries have prohibited political advertising or campaigns during the voting event for some 24-72 hours.
It's only appropriate 'digital attitude' to note that this restriction doesn't apply only to radio and TV campaigns, but applies to everywhere, including Twitter and Facebook as well.
" There's little attempt to really explore the possibilities of multi-player.'
On the contrary, companies like Zynga have explored and researched the possibilities of social interaction a hundred times more that most game designers, tweaking all the tiny elements to an optimum range that works on the hairless apes on Facebook - that is then copied to all the games.
All these shallow elements that you mention - they work. They keep the most amount of players coming back. The recovery rate of "energy levels" and waiting time of various in-game activities are tweaked to have the most people log in back to the game. The allowed interactions between you and your "neighbors" are tuned to drive you to interact with as many of them as possible and have players motivate each other to stay in game.
Deep player-to-player interaction and tough challenges ? Meaningful interaction between Johnny-avatar and Jimmy-avatar with actual choices requires non-zero effort and has a chance of conflict, and has less cases where Johnny pokes Jimmy out-of-game saying 'log in now and assist me on Genericville!'. So they are deliberately filtered out of the design because clearly they bring poorer results.
If you want the truth, don't listen to what people say about their preferences, but look at what they do. No matter what features and gameplay people say that they want, they have shown with their mouse clicks what game features they are actually playing, and these Facebook games have proven that (most) people actually want a stupid button that gives out shiny reward-like emotions at an optimal interval.
After all these manipulations, more people come back to Zynga games than they come back to "proper, good, serious, deep" games. I'm not saying that this is good, but that's how it is in real life - no matter what gamers or critics or designers might say, in practice for every person that would even consider playing FPS or RTS there are ten that prefer Farmville. Ergo, if a game design theory says that Farmville is inferior to a good FPS or a good RTS or a good RPG, then the theory is simply flawed and false, as it doesn't match what we are seeing in real life. And it's useless to argue about how it should be - just as gravity makes balls roll downwards, our brain reward chemistry makes some "social" gameplay elements more effective than others.
In addition, very often the 'music rights' money should not go to the performing group even if they are performing their own songs. Typically one or two members are the songwriters, so they get these funds, not the whole band; also, it's quite likely that on their setlist they can have some songs that were part-written by some band member which is no longer 'in the band', but deserves a share of that money.
I've been coding full-time for ~10 years, but there's nothing that I would be able to show to another employer, as the apps are held within previous employers.
By headcount, a majority of developers work in internal projects in large non-IT corporations, the public web projects, startups and software sold to consumers are much more visible, but ultimately the smaller half of programming industry.
All poor (ex)Soviet states have old age pensions and have had them for generations - quite a few rich laissez-faire nations that have a much weaker social network than Armenia or Georgia; it's much more a matter of policy and attitude than wealth.
The user percieved benefits of https are small - so small in fact, that even when IE6 drops to 1% it would make more business sense to offer the unsecure version as default rather than alienate that 1%.
And right now IE6 market share is still large enough to be a must-have support in many markets.
Reply-all should reply to all - but in many cases, the initial e-mail should contain addresses in bcc; so that any reply-all would reply only to the sender.
In normal usage, when a message is sent to 2-3-5-7 persons for discussion, any replies *should* go out to all of them by default, I've often seen people accidentally reply to sender only and then having to re-send the message to others.
I'd say that to arrange a working network interlink between two 200km points, you quite a lot of coordination and communication between these points, just to do the task.
The same communication channel that's needed for building this link can be used for, well, uploading news of the battle directly instead of building another network link.
If there is no such channel - well, then you can't build the new link as well, too bad.
Is there any reasonable difference there between hand scanners and doorknobs that would warrant different treatment ? You get the same risks just by using the same door as others w/o wearing surgical gloves and discarding them afterwards.
Also, as in most other crime, the easiest way to get a lead to the criminal is by following the money / tracking who benefits from the crime.
Having a fraudulent app spam your premium number isn't proof of your wrongdoing, but it certainly is grounds for investigation, and proper policing should have a decent chance of identifying who/if was getting paid from this money and turn a virtual crime into real jail time.
Actually, with the copyright law provided exceptions for libraries, it just might be legal for the libraries to do exactly that for their lending, backup and storage needs.
Why would any sane company owner agree sell anything at all to TSA if your dream came true? They wouldn't be able to buy even toilet paper.
The same for any other industry - either the companies would find a way to cheat it, or they would fire all employees, sell all assets and give the money back to creators/investors/owners of the company, as in that case it would be a better choice for the owners to just keep that money in the bank rather than make some goods or services with that.
As the parent was saying, the token is also used to confirm the transactions after they've been entered - the bank, naturally, doesn't trust the session until it times out or is logged off.
This same process is also used by my bank on the other side of the world - this closes many potential vulnerabilities - this one with the expiring session; phishing (since even if you get the user to login to a fake site, you can't transfer the funds), cross-site scripting usages to submit data to bank sites, etc. Heck, it was probably designed to combat no-tech attacks such as using the computer and browser session of someone who left for lunch and forgot to log out of the system.
911 is prioritised so that all the other calls are unable to connect or are deliberately dropped to 'make space' - both fixed-line systems and wireless cell towers have this built in especially for such occasions - so this experience is not relevant to the case.
You should be able to connect 911 with a cell phone that has been disconnected for not paying the bills, in the middle of a peak-usage situation (say, large public event) while many phones are unable to connect to the network because the cell has reached max capacity - the systems are designed to do that; and if they didn't work in this case, then that is either gross negligence or a major technical problem worth investigating.
A small library (say, a thousand books) in developing world is quickly detoriating - it needs a sizable building, it needs to be protected from humidity in the rain season, it needs to be protected from rodents - it's expensive and problematic. A few kindles are a more efficient way to store these books, and it's also more feasible from a charity logistics viewpoint - shipping a small box vs. arranging a small building and maintenance for it.
Yeah, it's quite hard to imagine for even 100% clueless people to fall for e-mails from Joe saying 'here... look at the funny movie attached' if they don't know a single Joe personally, and none of their friends would even think of commenting on a funny picture in english.
Today high-end computers have comparable horsepower to human brain - *if* we knew how to run human brain 'software' on silicon von Neumann machines, the raw computing power would be enough already.
Brute-forcing the problem will add many orders of magnitude, though - but if Moore's law holds for a couple more decades, then it will give us the computing power even for that.
Simple statistics will differentiate. If the average ten-feet stretch of road gets a dozen detections of bumps that may be somewhat like potholes and one stretch in the middle gets a hundred - then you have a nice X on the map to go and check out.
The answer sounds cruel and inhumane because there is NO happy-fluffy answer that doesn't rely on help from rainbow-farting invisible pink unicorns.
At almost any point of life-end there is something more that can be done to prolong it. And there's not enough resources in the world to do everything for everyone even if 100% of population worked in medicine. So, unavoidably, at some point the care will stop and people will die. That's life.
The only discussion is about when, who and how should better make the choice to not apply some treatment because of resource=cost issues, knowing that it will mean someone dying sooner. Avoiding the discussion of such choice because it's morally hard doesn't solve anything, it just selfishly pushes the responsibility of this choice to others and allows to arrogantly blame them for life being the way it is.
We need to discuss and agree on the best socioeconomic systems to choosing which and how much life saving treatments somebody/everybody will get or be denied, in a way that maximizes the common well-being and life expectancy. Any choice will usually be better for one group and worse (deadly worse) for others, so they will literally fight for their lives about making a choice that fits them best. That's how it is.
Slashdot Mirror
If you pass a PCI audit, and then get credit card data stolen because of an uncompliant practice that the auditors missed, then you're fracked (i.e., fully liable) anyway. THAT is the point of PCI - to ensure that the industry pays for nothing, and both compliance costs and fraud costs are on your (merchant) shoulders.
You wouldn't even get a refund from the auditors for not checking most basic things, they tend to have their legal homework done perfectly even if they are sloppy in the actual audit.
Thank you, you've just saved me 8:30 minutes.
Videos have an extremely sucky information-to-time ratio.
I have around a hundred places online where I have been requested to "make an account" so I have one there. For almost all of them, "123456" and "password" would be too complex passwords - I'd prefer to use a blank one. I don't care about those accounts - and I don't want to care. I don't even want to have those accounts - they're usually a stupid marketing decision by the site owners to offer personalization (that I don't care about) and fight spam (which is somewhat understandable).
Would it really be appropriate to force me to fake caring by choosing "Pas$w0001234567rd", and writing it on a post-it on my monitor and also in a text file on my desktop folder?
I have good passwords for my bank account, my e-mail account and my dropbox account. For other accounts, anything more complex than 'password' is overkill that decreases my security because I won't easily remember the important passwords.
Pretty much all democratic countries have prohibited political advertising or campaigns during the voting event for some 24-72 hours.
It's only appropriate 'digital attitude' to note that this restriction doesn't apply only to radio and TV campaigns, but applies to everywhere, including Twitter and Facebook as well.
" There's little attempt to really explore the possibilities of multi-player.'
On the contrary, companies like Zynga have explored and researched the possibilities of social interaction a hundred times more that most game designers, tweaking all the tiny elements to an optimum range that works on the hairless apes on Facebook - that is then copied to all the games.
All these shallow elements that you mention - they work. They keep the most amount of players coming back. The recovery rate of "energy levels" and waiting time of various in-game activities are tweaked to have the most people log in back to the game. The allowed interactions between you and your "neighbors" are tuned to drive you to interact with as many of them as possible and have players motivate each other to stay in game.
Deep player-to-player interaction and tough challenges ? Meaningful interaction between Johnny-avatar and Jimmy-avatar with actual choices requires non-zero effort and has a chance of conflict, and has less cases where Johnny pokes Jimmy out-of-game saying 'log in now and assist me on Genericville!'. So they are deliberately filtered out of the design because clearly they bring poorer results.
If you want the truth, don't listen to what people say about their preferences, but look at what they do. No matter what features and gameplay people say that they want, they have shown with their mouse clicks what game features they are actually playing, and these Facebook games have proven that (most) people actually want a stupid button that gives out shiny reward-like emotions at an optimal interval.
After all these manipulations, more people come back to Zynga games than they come back to "proper, good, serious, deep" games. I'm not saying that this is good, but that's how it is in real life - no matter what gamers or critics or designers might say, in practice for every person that would even consider playing FPS or RTS there are ten that prefer Farmville.
Ergo, if a game design theory says that Farmville is inferior to a good FPS or a good RTS or a good RPG, then the theory is simply flawed and false, as it doesn't match what we are seeing in real life. And it's useless to argue about how it should be - just as gravity makes balls roll downwards, our brain reward chemistry makes some "social" gameplay elements more effective than others.
In addition, very often the 'music rights' money should not go to the performing group even if they are performing their own songs. Typically one or two members are the songwriters, so they get these funds, not the whole band; also, it's quite likely that on their setlist they can have some songs that were part-written by some band member which is no longer 'in the band', but deserves a share of that money.
I've been coding full-time for ~10 years, but there's nothing that I would be able to show to another employer, as the apps are held within previous employers.
By headcount, a majority of developers work in internal projects in large non-IT corporations, the public web projects, startups and software sold to consumers are much more visible, but ultimately the smaller half of programming industry.
All poor (ex)Soviet states have old age pensions and have had them for generations - quite a few rich laissez-faire nations that have a much weaker social network than Armenia or Georgia; it's much more a matter of policy and attitude than wealth.
The user percieved benefits of https are small - so small in fact, that even when IE6 drops to 1% it would make more business sense to offer the unsecure version as default rather than alienate that 1%.
And right now IE6 market share is still large enough to be a must-have support in many markets.
If you're stuck in high-sec, run missions then - getting 150m for a ship is one evening, two at the most.
Reply-all should reply to all - but in many cases, the initial e-mail should contain addresses in bcc; so that any reply-all would reply only to the sender.
In normal usage, when a message is sent to 2-3-5-7 persons for discussion, any replies *should* go out to all of them by default, I've often seen people accidentally reply to sender only and then having to re-send the message to others.
I'd say that to arrange a working network interlink between two 200km points, you quite a lot of coordination and communication between these points, just to do the task.
The same communication channel that's needed for building this link can be used for, well, uploading news of the battle directly instead of building another network link.
If there is no such channel - well, then you can't build the new link as well, too bad.
Is there any reasonable difference there between hand scanners and doorknobs that would warrant different treatment ?
You get the same risks just by using the same door as others w/o wearing surgical gloves and discarding them afterwards.
Also, as in most other crime, the easiest way to get a lead to the criminal is by following the money / tracking who benefits from the crime.
Having a fraudulent app spam your premium number isn't proof of your wrongdoing, but it certainly is grounds for investigation, and proper policing should have a decent chance of identifying who/if was getting paid from this money and turn a virtual crime into real jail time.
Actually, with the copyright law provided exceptions for libraries, it just might be legal for the libraries to do exactly that for their lending, backup and storage needs.
Why would any sane company owner agree sell anything at all to TSA if your dream came true? They wouldn't be able to buy even toilet paper.
The same for any other industry - either the companies would find a way to cheat it, or they would fire all employees, sell all assets and give the money back to creators/investors/owners of the company, as in that case it would be a better choice for the owners to just keep that money in the bank rather than make some goods or services with that.
It's not what's happened here - the call centre was available, but for ~2 hours the calls from the affected phone switches were not routed to them.
As the parent was saying, the token is also used to confirm the transactions after they've been entered - the bank, naturally, doesn't trust the session until it times out or is logged off.
This same process is also used by my bank on the other side of the world - this closes many potential vulnerabilities - this one with the expiring session; phishing (since even if you get the user to login to a fake site, you can't transfer the funds), cross-site scripting usages to submit data to bank sites, etc. Heck, it was probably designed to combat no-tech attacks such as using the computer and browser session of someone who left for lunch and forgot to log out of the system.
911 is prioritised so that all the other calls are unable to connect or are deliberately dropped to 'make space' - both fixed-line systems and wireless cell towers have this built in especially for such occasions - so this experience is not relevant to the case.
You should be able to connect 911 with a cell phone that has been disconnected for not paying the bills, in the middle of a peak-usage situation (say, large public event) while many phones are unable to connect to the network because the cell has reached max capacity - the systems are designed to do that; and if they didn't work in this case, then that is either gross negligence or a major technical problem worth investigating.
A small library (say, a thousand books) in developing world is quickly detoriating - it needs a sizable building, it needs to be protected from humidity in the rain season, it needs to be protected from rodents - it's expensive and problematic. A few kindles are a more efficient way to store these books, and it's also more feasible from a charity logistics viewpoint - shipping a small box vs. arranging a small building and maintenance for it.
Yeah, it's quite hard to imagine for even 100% clueless people to fall for e-mails from Joe saying 'here... look at the funny movie attached' if they don't know a single Joe personally, and none of their friends would even think of commenting on a funny picture in english.
Today high-end computers have comparable horsepower to human brain - *if* we knew how to run human brain 'software' on silicon von Neumann machines, the raw computing power would be enough already.
Brute-forcing the problem will add many orders of magnitude, though - but if Moore's law holds for a couple more decades, then it will give us the computing power even for that.
At the very least, it's easy to undo or even reverse any SEO effect, even if the culprits can't be prosecuted.
Simple statistics will differentiate. If the average ten-feet stretch of road gets a dozen detections of bumps that may be somewhat like potholes and one stretch in the middle gets a hundred - then you have a nice X on the map to go and check out.
The answer sounds cruel and inhumane because there is NO happy-fluffy answer that doesn't rely on help from rainbow-farting invisible pink unicorns.
At almost any point of life-end there is something more that can be done to prolong it. And there's not enough resources in the world to do everything for everyone even if 100% of population worked in medicine. So, unavoidably, at some point the care will stop and people will die. That's life.
The only discussion is about when, who and how should better make the choice to not apply some treatment because of resource=cost issues, knowing that it will mean someone dying sooner. Avoiding the discussion of such choice because it's morally hard doesn't solve anything, it just selfishly pushes the responsibility of this choice to others and allows to arrogantly blame them for life being the way it is.
We need to discuss and agree on the best socioeconomic systems to choosing which and how much life saving treatments somebody/everybody will get or be denied, in a way that maximizes the common well-being and life expectancy. Any choice will usually be better for one group and worse (deadly worse) for others, so they will literally fight for their lives about making a choice that fits them best. That's how it is.