A minor point of clarification: compliance with PCI is not required by law or regulation. It is industry self-governance - if discovered violating it, you could lose your rights to accept visa/mc/et al, but would not have broken any laws. In addition, from the link above: "It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council. "
Which means that there isn't a central body overseeing enforcement: Visa, MasterCard, Discover etc are all responsible for compliance of their merchants.
Protip: all of these featuer the ability to enter your phone number instead of swiping a card. When prompted, enter: (area-code)-555-1212 : discounts without the tracking!
And if that doesn't work (some stores are starting to block it) - well, it's a simple matter to get a card with bogus info.
Don't be silly. It's the same for any dedicated fan of any product - one someone associates themselves with the brand, rational thought goes out the window. There's nothing special about iOS folks doing it.
You don't get it. Ask any [iDevice fan] and right now he is twittering/fbing frantically on just how UBER SUPER COOL his tablet is, that he can now watch TV AT HOME!!!!!!!!11!!!
I'm not saying this is or isn't a true statement, but...
Sad, if you're unhappy that technology advances; or about how it's increasingly possible to access more of what interests you in a way that's convenient and comfortable to you -- and doesn't disrupt your life.
Me? I think it's pretty friggin' cool that in addition to supporting voice (and face-to-face/video conversations) today's portal wallet-sized devices are also able to connect me to the entire world in other ways too. (Not to mention entertaining me from time to time.)
Certainly these things are possible. I don't agree with you, but I do acknowledge their possibility.
And indicating that an investigation should not be launched until the emails are authenticated is what makes you an idiot
So from one sample , you draw a broad and sweeping conclusion. Whatever makes you feel better about yourself, I guess.
But that's wrong too. Emails indicating fraud should be sufficient to open an investigation. If they were faked, then the investigation will turn to one of fraud against the person that crafted the emails.
Fair point, I hadn't considered it that way. On the other hand -- in the context of the OP and my reply-- the topic at hand was action to be taken against BoA specifically -- and in that I say "reserve judgement" until the veracity of the emails can be obtained.
That's a stickier situation; on the one hand, it is just an extension of technology; had the means existed 300 years ago, we would have faced the same problems then. Because of that, if the information is factual - I've less of a concern with it.
On the other hand, it's all too easy to damage somebody's reputation by posting false information; and unless that person is noteworthy enough for somebody else to uncover the truth, it's impossible to make that kind of misinformation go away. (Not to mention how it can be done more-or-less anonymously with no thought for consequences.)
I don't see an easy answer to this one. If we somehow found a way to purge information, you can bet it would be abused by those who *did* have something to hide.
Yeah, totally. It's like that time that a neighborhood pharmacy made a type on a flier they distributed, and then collected the few that got distributed. Man, my head still hurts from the pain of losing those memories.
Not really relevant. You post information via your server. Somebody copies it locally and redistributes it. Poof, it's out of your control. (This whole "information wants to be free thing" cuts both ways.)
If you don't want it in the public-knowledge domain, don't publish it. Period.
Feel better having called me an idiot? Good, glad to hear it. I know I always have better luck in getting my point across when I call people names.
Now that this is out of the way, let's review my post.
What I said was that if someone can validate that those emails are legitimate, then YES, investigate. But don't put someone (whether it's a billion dollar company or a single-owner corner store) to the expense of having to defend themselves without more evidence than a single chain of unauthenticated emails.
Note that nowhere in my post did I claim them to be invalid as evidence.
Obviously I haven't been able to see the leaks, but should something happen on the basis of a third party who provided emails that he claims were from BoA employees? How about we reserve action (and judgement) until the validity of the emails is actually verified?
Ah, I forget. Forging email headers? Unpossible! She's a witch - burn her!
Once the emails are verified (it's certainly well-possible that they are valid), I'd fully support legal action against BoA - but not before.
That touches on another frustrating point - bug reporting.
I installed the latest KDE beta last week. Looking pretty good (except for the notifications system - what kind of crack is being smoked there? It's really neat looking but *why* would someone expect to have to go to the system tray to track progress of a file download? Also, dolphin still dies when you try to do massive data transfers. But I digress...) but I did run into a few crashes.
Being the good OSS citizen, I took advantage of the nicely (almost) integrated bug reporting -- much like other popular OS and applications, it prompted me with a dialog [that had too many words on it, but that's OK] to send in an error report. I said sure, I'll do that - I even downloaded the debug binaries (it was easy to do and nicely integrated: +1 KDE) so that I could provide a good stack trace.
So after I do all that, I go to submit the bug. Great! the software tells me. Now just go ahead and log in here, and you can submit!
Wait, I says. Login? To submit a bug? I read the fine print and it tells me that I simply *must* log in, in case the developers need to contact me.
Okay, stop here. I've been developing software for more years than I care to think about. When someone reports an issue consisting entirely of their description of the problem then yes - it helps to have their information. On the other hand: if the description is good, contacting them often not necessary- at least not if you're a halfway competent developer. And if the description is so bad as to be useless, then chances are talking to them won't help much anyway.
But that's not the situation here. Here, the user is providing a stack trace - and presumably a a full or partial memory dump, as well as a description of what they were doing. What kind of developer does NOT want that? If for no other reason than statistical analysis (oh, look, a lot of reports coming in for module X -- let's do some analysis and see if we can figure out why that's happening). Further, what kind of developer can't at least find a point of failure with that basic info, even if not necessarily the root cause?
Apparently, the answer to at least the first half of that question is "the KDE developers". (For an example of those who do want it, AND make excellent use of it in spite of the incredible handicap of not being able to contact the users: Mozilla)
They could even have said "in case we need to contact you, please provide your email address here". That is FAR better than requiring the user to create an entirely new account (and doubtless get spammed with every comment or status change on the bug that he submitted in order to help out the team, NOT necessarily because he wanted to see it fixed immediately.)
Don't even get me started on how - in a fit of kindness and generosity - I tried to register for an account and was greeted with some obscure error message. At that point I gave up.
The message getting sent to users: Oh, sure, we'll take your bug reports. If you do it on OUR terms. Otherwise, piss off - because we don't really want your help anyway.
If you want people to use your software and you want to receive bug reports (and most especially crash reports) -- make it EASY for people. Don't through unnecessary hurdles in their path. And if you don't want to receive reports -- don't bother building in the reporting feature. Make it something that people have to enable specifically - or hell, on first install walk them through voluntarily creating a reporting account. If they don't, turn off the reporting because it's just another annoying nag screen that gets in the way.
I re-read this, and my original context. I think that I didn't succeed in getting my point across.
Yes, fault matters when it comes to fixing the issue. But the context I meant the comment in was from the perspective of someone sitting down to get a task done: to him blame is irrelevant, because he's just looking to get his work done -- and time spent trying to figure out why broke what and where is not relevant to getting this work done. He's not using the software to help improve the ecosystem, he's using it because he needs to check email (or whatever task is at hand).
That's kind of against the spirit of what OSS is all about, it seems to me; but that type of user is the user that Linux is increasingly pitched to as a viable alternative OS.
So, you make a comment that Linux constantly breaks and Windows doesn't. Someone responds with exactly the same story, but with Windows being the broken OS and Linux being stable. So, your response is to tell them that their experience isn't valid?
No, my response is to tell them that their experience doesn't alter the actual perceptions of people; and can be counterproductive as it means we're not discussing how to fix the issues -- but rather whether the issues even exist at all.
I've learned one thing in developing software that's widely deployed, it's that if one person is having a specific kind of experience -- he's not the only one. So yes, there are others who have had no real problems with Linux; but conversely there are others like me.
Joking aside, I am kind of curious what thuis "as microsoft would have you beiieve" comment is coming from. I haven't heard any of this fud. Is it some back and forth that the browser fanatics are following? If so they'll be happy to know that the rest of the world s really doesn't care very much, and will continue using whichever browser their preferences dictate.
The problem is that people will often start blaming at this point, when they hear these statements. They'll say, "It's nvidia's fault for not doing X" or "it's your fault because you didn't do Y" or "it's the upstream maintainer's fault because he didn't do Z". Which is, unfortunately, completely missing the point: when you are using a system to get a task done, fault does not matter.
Yes, it does. If it's NVidia's fault, then bitching to your distro's packagers about it is as useless as complaining to my waitress that my car broke down on my way to the restaurant: it may serve to take out my own frustrations, but it'll do nothing to solve the problem at hand on addition to causing an unrelated person unnecessary grief.
No, it's more like complaining to the waitress that your eggs are runny and your toast is burnt -- she's not the one who made them, but she did deliver them to you.
I've had Fedora break too; Mandriva - back when I used it was Mandrake - was good as far as it went (this was... 10 years ago, maybe longer by now?), but I didn't like the direction it went in after it was purchased.
Sigh. Please append "for me" to the final sentence; and "IMNSO opinion to the first full paragraph" as otherwise I'll apparently be deluged with anecdotes to prove me wrong.
Well, that sure contributed to this discussion of valid concerns. Here, I can do it to:
Funny, my linux installs have continually been plagued with problems.The worst one was the time I once installed the latest Ubuntu update and - due to a bad Xorg driver - Xorg stopped working completely. Even better, because by default on most distros, wireless network login is attached to your desktop shell and not your system boot... I couldn't get online to track down the reason for the failure without using another computer. I only got online after going to another system, finding the problem, manually downloading the replacement package, transferring it via pen drive, then installing it by hand.
On the other hand, in the last several years I've been able to run Windows without doing anything but allowing automatic updates; and periodically grabbing driver updates (also found through windows update).
We can continue to whip out examples of good/bad experiences on our respective platforms - but that's missing the point. Refuting my statement by claiming you've had a good experience doesn't erase my bad experience; nor does it erase my years of working with actual end users to understand how they work.
And implying (as you seem to be) that I've just made all this crap up is just silly, as it effectively closes off any possible useful discussion that we might have.
Slashdot Mirror
Make sure to cite a source as your own claim to be an authority on the topic is completely unverifiable.
Which means that there isn't a central body overseeing enforcement: Visa, MasterCard, Discover etc are all responsible for compliance of their merchants.
Protip: all of these featuer the ability to enter your phone number instead of swiping a card. When prompted, enter: (area-code)-555-1212 : discounts without the tracking! And if that doesn't work (some stores are starting to block it) - well, it's a simple matter to get a card with bogus info.
Don't be silly. It's the same for any dedicated fan of any product - one someone associates themselves with the brand, rational thought goes out the window. There's nothing special about iOS folks doing it.
You don't get it. Ask any [iDevice fan] and right now he is twittering/fbing frantically on just how UBER SUPER COOL his tablet is, that he can now watch TV AT HOME!!!!!!!!11!!!
I'm not saying this is or isn't a true statement, but...
Heck, have them all: http://twitter.com/search/ipad%20tv%20time%20warner%20sweet#search?q=ipad%20tv%20time%20warner%20cool (though "uber" turned up nothing ;)
Seriously, is that the only objection you can think of? There might be a traffic jam?
Me? I think it's pretty friggin' cool that in addition to supporting voice (and face-to-face/video conversations) today's portal wallet-sized devices are also able to connect me to the entire world in other ways too. (Not to mention entertaining me from time to time.)
Your advice is stupid. Your stance is wrong.
Certainly these things are possible. I don't agree with you, but I do acknowledge their possibility.
And indicating that an investigation should not be launched until the emails are authenticated is what makes you an idiot
So from one sample , you draw a broad and sweeping conclusion. Whatever makes you feel better about yourself, I guess.
But that's wrong too. Emails indicating fraud should be sufficient to open an investigation. If they were faked, then the investigation will turn to one of fraud against the person that crafted the emails.
Fair point, I hadn't considered it that way. On the other hand -- in the context of the OP and my reply-- the topic at hand was action to be taken against BoA specifically -- and in that I say "reserve judgement" until the veracity of the emails can be obtained.
Context is important, don't you agree?
On the other hand, it's all too easy to damage somebody's reputation by posting false information; and unless that person is noteworthy enough for somebody else to uncover the truth, it's impossible to make that kind of misinformation go away. (Not to mention how it can be done more-or-less anonymously with no thought for consequences.)
I don't see an easy answer to this one. If we somehow found a way to purge information, you can bet it would be abused by those who *did* have something to hide.
Yeah, totally. It's like that time that a neighborhood pharmacy made a type on a flier they distributed, and then collected the few that got distributed. Man, my head still hurts from the pain of losing those memories.
They probably said the same thing around the time scribes and librarians started writing and archiving things.
We wouldn't know, as the records of MyFace Papyrus Edition have long be lost to the ravages of time.
If you don't want it in the public-knowledge domain, don't publish it. Period.
Now that this is out of the way, let's review my post.
What I said was that if someone can validate that those emails are legitimate, then YES, investigate. But don't put someone (whether it's a billion dollar company or a single-owner corner store) to the expense of having to defend themselves without more evidence than a single chain of unauthenticated emails.
Note that nowhere in my post did I claim them to be invalid as evidence.
Let me know how that works for you. Especially when you go to pick up groceries. Or pay your electric bill.
Ah, I forget. Forging email headers? Unpossible! She's a witch - burn her!
Once the emails are verified (it's certainly well-possible that they are valid), I'd fully support legal action against BoA - but not before.
I installed the latest KDE beta last week. Looking pretty good (except for the notifications system - what kind of crack is being smoked there? It's really neat looking but *why* would someone expect to have to go to the system tray to track progress of a file download? Also, dolphin still dies when you try to do massive data transfers. But I digress...) but I did run into a few crashes.
Being the good OSS citizen, I took advantage of the nicely (almost) integrated bug reporting -- much like other popular OS and applications, it prompted me with a dialog [that had too many words on it, but that's OK] to send in an error report. I said sure, I'll do that - I even downloaded the debug binaries (it was easy to do and nicely integrated: +1 KDE) so that I could provide a good stack trace.
So after I do all that, I go to submit the bug. Great! the software tells me. Now just go ahead and log in here, and you can submit!
Wait, I says. Login? To submit a bug? I read the fine print and it tells me that I simply *must* log in, in case the developers need to contact me.
Okay, stop here. I've been developing software for more years than I care to think about. When someone reports an issue consisting entirely of their description of the problem then yes - it helps to have their information. On the other hand: if the description is good, contacting them often not necessary- at least not if you're a halfway competent developer. And if the description is so bad as to be useless, then chances are talking to them won't help much anyway.
But that's not the situation here. Here, the user is providing a stack trace - and presumably a a full or partial memory dump, as well as a description of what they were doing. What kind of developer does NOT want that? If for no other reason than statistical analysis (oh, look, a lot of reports coming in for module X -- let's do some analysis and see if we can figure out why that's happening). Further, what kind of developer can't at least find a point of failure with that basic info, even if not necessarily the root cause?
Apparently, the answer to at least the first half of that question is "the KDE developers". (For an example of those who do want it, AND make excellent use of it in spite of the incredible handicap of not being able to contact the users: Mozilla)
They could even have said "in case we need to contact you, please provide your email address here". That is FAR better than requiring the user to create an entirely new account (and doubtless get spammed with every comment or status change on the bug that he submitted in order to help out the team, NOT necessarily because he wanted to see it fixed immediately.)
Don't even get me started on how - in a fit of kindness and generosity - I tried to register for an account and was greeted with some obscure error message. At that point I gave up.
The message getting sent to users: Oh, sure, we'll take your bug reports. If you do it on OUR terms. Otherwise, piss off - because we don't really want your help anyway.
If you want people to use your software and you want to receive bug reports (and most especially crash reports) -- make it EASY for people. Don't through unnecessary hurdles in their path. And if you don't want to receive reports -- don't bother building in the reporting feature. Make it something that people have to enable specifically - or hell, on first install walk them through voluntarily creating a reporting account. If they don't, turn off the reporting because it's just another annoying nag screen that gets in the way.
Hmm. I may have to turn this into a blog post.
Yes, fault matters when it comes to fixing the issue. But the context I meant the comment in was from the perspective of someone sitting down to get a task done: to him blame is irrelevant, because he's just looking to get his work done -- and time spent trying to figure out why broke what and where is not relevant to getting this work done. He's not using the software to help improve the ecosystem, he's using it because he needs to check email (or whatever task is at hand).
That's kind of against the spirit of what OSS is all about, it seems to me; but that type of user is the user that Linux is increasingly pitched to as a viable alternative OS.
That's interesting reading. Especially because several points are flat-out incorrect re: the competition.
Which is why I try to avoid analogies. They're seldom perfect; but mine was closer to the mark than GPs.
So, you make a comment that Linux constantly breaks and Windows doesn't. Someone responds with exactly the same story, but with Windows being the broken OS and Linux being stable. So, your response is to tell them that their experience isn't valid?
No, my response is to tell them that their experience doesn't alter the actual perceptions of people; and can be counterproductive as it means we're not discussing how to fix the issues -- but rather whether the issues even exist at all.
I've learned one thing in developing software that's widely deployed, it's that if one person is having a specific kind of experience -- he's not the only one. So yes, there are others who have had no real problems with Linux; but conversely there are others like me.
Joking aside, I am kind of curious what thuis "as microsoft would have you beiieve" comment is coming from. I haven't heard any of this fud. Is it some back and forth that the browser fanatics are following? If so they'll be happy to know that the rest of the world s really doesn't care very much, and will continue using whichever browser their preferences dictate.
The problem is that people will often start blaming at this point, when they hear these statements. They'll say, "It's nvidia's fault for not doing X" or "it's your fault because you didn't do Y" or "it's the upstream maintainer's fault because he didn't do Z". Which is, unfortunately, completely missing the point: when you are using a system to get a task done, fault does not matter.
Yes, it does. If it's NVidia's fault, then bitching to your distro's packagers about it is as useless as complaining to my waitress that my car broke down on my way to the restaurant: it may serve to take out my own frustrations, but it'll do nothing to solve the problem at hand on addition to causing an unrelated person unnecessary grief.
No, it's more like complaining to the waitress that your eggs are runny and your toast is burnt -- she's not the one who made them, but she did deliver them to you.
I've had Fedora break too; Mandriva - back when I used it was Mandrake - was good as far as it went (this was ... 10 years ago, maybe longer by now?), but I didn't like the direction it went in after it was purchased.
Sigh. Please append "for me" to the final sentence; and "IMNSO opinion to the first full paragraph" as otherwise I'll apparently be deluged with anecdotes to prove me wrong.
Funny, my linux installs have continually been plagued with problems.The worst one was the time I once installed the latest Ubuntu update and - due to a bad Xorg driver - Xorg stopped working completely. Even better, because by default on most distros, wireless network login is attached to your desktop shell and not your system boot... I couldn't get online to track down the reason for the failure without using another computer. I only got online after going to another system, finding the problem, manually downloading the replacement package, transferring it via pen drive, then installing it by hand.
On the other hand, in the last several years I've been able to run Windows without doing anything but allowing automatic updates; and periodically grabbing driver updates (also found through windows update).
We can continue to whip out examples of good/bad experiences on our respective platforms - but that's missing the point. Refuting my statement by claiming you've had a good experience doesn't erase my bad experience; nor does it erase my years of working with actual end users to understand how they work.
And implying (as you seem to be) that I've just made all this crap up is just silly, as it effectively closes off any possible useful discussion that we might have.