Well, I just got two emails from Sony, telling me to change my password (when possible) and that some fucker might have my credit card details. It's a week late, but meh.
The MSA also shunts the liability back onto the bank if the merchant attempts 3DS verification (even if 3DS isn't supported by the card issuer), so long as they do not accept a transaction where 3DS explicitly declined (i.e. the user failed to correctly respond). Morale of the story: if you're processing credit cards online, make sure you're attempting 3DS.
Unless you turn over more than $10,000,000 in credit card transactions a year in which case PCI L1 (or is it L4, I forget which way it goes) applies. In this circumstance, you're required to have an annual rigorous audit to prove you comply with the standards. Your piddly small business (or for that matter, mine) has nothing on what the gigantic players have to put up with.
Dude, that IS twitter. He's back! Oh, how I missed that entertainment.
For the record though - the reboot is actually because of the only thing in the world with such unparalleled shittyness that nothing could possibly beat it: Adobe.
Personally, I kind of like Win7, though I still kind of dislike Microsoft.
According to TESS, "SQL Server" is only counted if the manual comes with it. A database product with no manual called "SQL Server" does not infringe. How's THAT for confusing?
I'm in New Zealand, and I assure you - it is illegal for any establishment except foodservice, accommodation, or gas stations to open (there are some other edge cases as well, but supermarkets are not among them) on Good Friday, Easter Sunday, or Christmas Day.
- as stated elsewhere it doesn't appear to log *your* exact position but that of cell towers you use. The data points on the map are laid out in a sort of rectangular grid across my home town. - the sqlite file contains tables such as WifiLocation and CellLocation which reinforce my idea that it's some sort of cache/database file used by the OS to make better connections and to do it faster by remembering past connections for an area. - no logging of a trip I took last summer, so either data is being destroyed after a set time or this is a new "feature" - there are some outlier data points at places I haven't visited, which is odd.
Seems like this file should be encrypted or protected in some way. That's clearly an oversight on Apple's part.
Um, half of that is explained by the description of the app.
To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately.
and
As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers. This isn’t as accurate as GPS, but presumably takes less power. In some cases it can get very confused and temporarily think you’re several miles from your actual location, but these tend to be intermittent glitches.
3 - Does the solution fit into an existing update checking/patching/maintenance setup, or do we have to spend 20 man-hours or more per week out of an already shortstaffed IT desk to try to confirm that it is properly patched and maintained?
No and no. It's not your server. Don't touch it.
Then it doesn't get plugged in.
4 - What does it expose the rest of the existing network to?
The same shit anyone can install on an IT-provided workstation on the same network.
Group Policy. Noone installs anything on a properly configured workstation.
6 - What legal liabilities does it, or does it not, potentially open the company to?
The same liabilities that exist on an IT-provided workstation on the same network.
Properly policy controlled workstations expose the company to no liability.
8 - How do we ensure that you clean off fired employees from said user lists in a timely manner if they had access?
You don't. It's his server.
It's exposed to the outside world, and no-one is maintaining ACLs? Then it doesn't get plugged in.
9 - Who covers all of the above if you are on vacation, let alone hit by a bus and in the hospital or deceased?
Not you, unless that arrangement was made ahead of time.
What part of "not supported" don't you understand?
The part where allowing an uncontrolled server onto the network results in disciplinary action, lawsuits, and catastrophic network failure because "it's not supported". If it's not supported, it's not plugged in. Period.
They don't play for cash on pokerstars.net. That's free-play (and they can't repurpose it either, because it's used in advertising and sponsorship deals in a lot of countries where advertising for-pay online gambling is illegal).
pokerstars.net is actually a free-play poker site, no money involved. It's the variant commonly used in their advertising on television and tournament sponsorship in countries where advertising an online gambling site is illegal. Since it's likely illegal even to forward a.com.au to an online gambling site, they redirect it to their free play site in order to get past regulations - they assume most people will see the.net in the address and think to try.com as well, and lo! a for-pay gambling site.
US government doesn't control.com names, Verisign does. It's a US company, subject to US laws, but it's still an important distinction. Which is to say, either Verisign or the domain registrars acted upon a seizure order without an actual judgement from a court, so don't forget that this game has more than one cheater.
So, in your eyes, its perfectly OK to break several laws (fraud etc)
I'm not entirely convinced it's fraud - breach of contract by telling lies to the credit card processors, maybe.
so that you can break an entirely different law (outlawing online gambling)
Which is not illegal. They're foreign nationals committing acts that are completely legal on their home turf. However, the US government believes it's within its jurisdiction to prosecute them for the heinous crime of being in perfect compliance with their own laws.
How do you know they had no regulation? The fact that they weren't subject to US regulation doesn't mean there was none. I mean, the Isle of Man and Ireland are hardly "wild west" countries with "dog eat dog" rule of law.
Isn't it? One of the three that was taken down is the largest online poker site in the world, also operating the largest free play poker site in the world, and sponsoring tournaments the world over, and most importantly - headquartered in a country which actually enforces laws. Hardly a fly-by-night organisation out to scam anyone.
The other two are the second and third largest poker sites, also headquartered in countries where rule of law applies (e.g. not Russia or Ukraine or Vietnam or whatever).
Interestingly, none of the companies or their principals have been to court yet, so how can you say they're guilty? Doesn't your law explicitly enshrine the principle that a defendant is innocent until proven guilty? Or does that only apply to US citizens, not foreign nationals the corrupt US government has bribed other countries into arresting and extraditing for committing acts not illegal in their home territories? I'd bet they'll be extradited to the US, be cleared of wire fraud, then... ooh, they're on US soil now!... arrested for running "illegal" gambling sites.
What it IS is preventing you from gambling in the US when it is illegal to gamble that way in the US, even if who you are gambling with is outside the US.
Actually, no. Due to the way they seize domains, it prevents you from gambling in Uzbekistan because it is illegal to gamble that way in the US, even though who you are gambling with is outside the US. Hence, it's complete bullshit. Pretty typical from the US government (ever wondered why the rest of the world doesn't like you guys? There's why. And no, I don't blame the people of the US, except insofar as they voted for the pricks in power).
"It costed more than I was willing to pay so I'm entitled to pirate it".
See, this is why noone takes pirates seriously. It's all well and good to push for law reforms or business model changes, but unless you're willing to put your money where your mouth is and simply not play it unless it's available on acceptable terms, you're part of the problem.
Hmm. Sitetruth seems to be a little flawed. Not the least because it considers itself to be a little questionable, and secondly because it doesn't consider the possibility that a subdomain might have more authoritative information than the main domain (for example, "store.company.com" might have an EV certificate, giving you a high assurance of identity and location, while the main site at "www.company.com" has no high assurance sources). I also notice the complete lack of contact information. Ironic, for a company that claims to be a legitimate scraper performing a valuable service - specifically identifying sites with "questionable" identity.
Slashdot Mirror
Because you're wrong.
Well, I just got two emails from Sony, telling me to change my password (when possible) and that some fucker might have my credit card details. It's a week late, but meh.
The MSA also shunts the liability back onto the bank if the merchant attempts 3DS verification (even if 3DS isn't supported by the card issuer), so long as they do not accept a transaction where 3DS explicitly declined (i.e. the user failed to correctly respond). Morale of the story: if you're processing credit cards online, make sure you're attempting 3DS.
Unless you turn over more than $10,000,000 in credit card transactions a year in which case PCI L1 (or is it L4, I forget which way it goes) applies. In this circumstance, you're required to have an annual rigorous audit to prove you comply with the standards. Your piddly small business (or for that matter, mine) has nothing on what the gigantic players have to put up with.
Dude, that IS twitter. He's back! Oh, how I missed that entertainment.
For the record though - the reboot is actually because of the only thing in the world with such unparalleled shittyness that nothing could possibly beat it: Adobe.
Personally, I kind of like Win7, though I still kind of dislike Microsoft.
According to TESS, "SQL Server" is only counted if the manual comes with it. A database product with no manual called "SQL Server" does not infringe. How's THAT for confusing?
I'm in New Zealand, and I assure you - it is illegal for any establishment except foodservice, accommodation, or gas stations to open (there are some other edge cases as well, but supermarkets are not among them) on Good Friday, Easter Sunday, or Christmas Day.
Your forums crawl on your current infrastructure, so what's your point?
You can't get the MAC of the source device past the first router anyway.
I'm sure there were other shops around that could have sold them those items
Not on Good Friday there isn't.
Which would be illegal on Good Friday. Stores are forbidden from opening.
I did not read that article in fact.
Checking out the app now, here's a couple finds :
- as stated elsewhere it doesn't appear to log *your* exact position but that of cell towers you use. The data points on the map are laid out in a sort of rectangular grid across my home town.
- the sqlite file contains tables such as WifiLocation and CellLocation which reinforce my idea that it's some sort of cache/database file used by the OS to make better connections and to do it faster by remembering past connections for an area.
- no logging of a trip I took last summer, so either data is being destroyed after a set time or this is a new "feature"
- there are some outlier data points at places I haven't visited, which is odd.
Seems like this file should be encrypted or protected in some way. That's clearly an oversight on Apple's part.
Um, half of that is explained by the description of the app.
To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately.
and
As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers. This isn’t as accurate as GPS, but presumably takes less power. In some cases it can get very confused and temporarily think you’re several miles from your actual location, but these tend to be intermittent glitches.
Only in your ass-backwards country. Here, the manufacturer has to prove that that the third party component is what damaged the product.
Hang on though, it's the same there, in America!
No, they don't void the warranty.
3 - Does the solution fit into an existing update checking/patching/maintenance setup, or do we have to spend 20 man-hours or more per week out of an already shortstaffed IT desk to try to confirm that it is properly patched and maintained?
No and no. It's not your server. Don't touch it.
Then it doesn't get plugged in.
4 - What does it expose the rest of the existing network to?
The same shit anyone can install on an IT-provided workstation on the same network.
Group Policy. Noone installs anything on a properly configured workstation.
6 - What legal liabilities does it, or does it not, potentially open the company to?
The same liabilities that exist on an IT-provided workstation on the same network.
Properly policy controlled workstations expose the company to no liability.
8 - How do we ensure that you clean off fired employees from said user lists in a timely manner if they had access?
You don't. It's his server.
It's exposed to the outside world, and no-one is maintaining ACLs? Then it doesn't get plugged in.
9 - Who covers all of the above if you are on vacation, let alone hit by a bus and in the hospital or deceased?
Not you, unless that arrangement was made ahead of time.
What part of "not supported" don't you understand?
The part where allowing an uncontrolled server onto the network results in disciplinary action, lawsuits, and catastrophic network failure because "it's not supported". If it's not supported, it's not plugged in. Period.
They don't play for cash on pokerstars.net. That's free-play (and they can't repurpose it either, because it's used in advertising and sponsorship deals in a lot of countries where advertising for-pay online gambling is illegal).
pokerstars.net is actually a free-play poker site, no money involved. It's the variant commonly used in their advertising on television and tournament sponsorship in countries where advertising an online gambling site is illegal. Since it's likely illegal even to forward a .com.au to an online gambling site, they redirect it to their free play site in order to get past regulations - they assume most people will see the .net in the address and think to try .com as well, and lo! a for-pay gambling site.
US government doesn't control .com names, Verisign does. It's a US company, subject to US laws, but it's still an important distinction. Which is to say, either Verisign or the domain registrars acted upon a seizure order without an actual judgement from a court, so don't forget that this game has more than one cheater.
So, in your eyes, its perfectly OK to break several laws (fraud etc)
I'm not entirely convinced it's fraud - breach of contract by telling lies to the credit card processors, maybe.
so that you can break an entirely different law (outlawing online gambling)
Which is not illegal. They're foreign nationals committing acts that are completely legal on their home turf. However, the US government believes it's within its jurisdiction to prosecute them for the heinous crime of being in perfect compliance with their own laws.
How do you know they had no regulation? The fact that they weren't subject to US regulation doesn't mean there was none. I mean, the Isle of Man and Ireland are hardly "wild west" countries with "dog eat dog" rule of law.
Isn't it? One of the three that was taken down is the largest online poker site in the world, also operating the largest free play poker site in the world, and sponsoring tournaments the world over, and most importantly - headquartered in a country which actually enforces laws. Hardly a fly-by-night organisation out to scam anyone.
The other two are the second and third largest poker sites, also headquartered in countries where rule of law applies (e.g. not Russia or Ukraine or Vietnam or whatever).
Interestingly, none of the companies or their principals have been to court yet, so how can you say they're guilty? Doesn't your law explicitly enshrine the principle that a defendant is innocent until proven guilty? Or does that only apply to US citizens, not foreign nationals the corrupt US government has bribed other countries into arresting and extraditing for committing acts not illegal in their home territories? I'd bet they'll be extradited to the US, be cleared of wire fraud, then ... ooh, they're on US soil now! ... arrested for running "illegal" gambling sites.
You mean destroy the existing foreign successful ones first, so that other favoured local ones can take their place.
What it IS is preventing you from gambling in the US when it is illegal to gamble that way in the US, even if who you are gambling with is outside the US.
Actually, no. Due to the way they seize domains, it prevents you from gambling in Uzbekistan because it is illegal to gamble that way in the US, even though who you are gambling with is outside the US. Hence, it's complete bullshit. Pretty typical from the US government (ever wondered why the rest of the world doesn't like you guys? There's why. And no, I don't blame the people of the US, except insofar as they voted for the pricks in power).
"It costed more than I was willing to pay so I'm entitled to pirate it".
See, this is why noone takes pirates seriously. It's all well and good to push for law reforms or business model changes, but unless you're willing to put your money where your mouth is and simply not play it unless it's available on acceptable terms, you're part of the problem.
Ah, there it is - why didn't I see that email address before. I might email you guys some specific examples now that I can see how.
Hmm. Sitetruth seems to be a little flawed. Not the least because it considers itself to be a little questionable, and secondly because it doesn't consider the possibility that a subdomain might have more authoritative information than the main domain (for example, "store.company.com" might have an EV certificate, giving you a high assurance of identity and location, while the main site at "www.company.com" has no high assurance sources). I also notice the complete lack of contact information. Ironic, for a company that claims to be a legitimate scraper performing a valuable service - specifically identifying sites with "questionable" identity.