Pretty much what hawguy said. Most major retailers have arrangements with the issuers to acceptvchargebacks for nonswiped transactions, and Amazon is in the nonswiped or 'card not present' model. So they tolerate the chargebacks.
Also, many processors allow a merchant (Amazon, perhaps) to process a card again if previously successful. Still subject to other fraud rules, but they can do it without the CVV etc.
The CVV is useful to merchants that are in the nonswipe model, and wish to have the extra authenticationm, as it proves that either they or the customer actually had the card, at some time, in their posession. If the 'customer' is a thief, well, then it's on to the other criteria, like did you get a signature, did the product get shipped elsewhere, etc.
Some terminals will prompt for CVV in response to a query from the processor. This usually indicates the card or transaction is suspicious.
Precisely. But it should be stored on systems so inaccessible to the outside, as to be impervious.
I know, that. sounds. naive. But it can be done.
A processor Or bank never needs to send CVV out at all, except as it is needed to load new accounts, and then of course encrypted for the exchange and over a secured link. I know, naive again.
Um, of COURSE CVV data wasn't compromised... What nimrod would store CVV in the same system as PAN? (That's Primary Account Number, for those of you who don't play with credit card data enough to stop using 'card number' as the term).
In fact, just stating that CVV wasn't compromised bugs me. That should NEVER be exposed to anything that returns data. Heres how it should work:
1. Merchant swipes your card into terminal (or keys it into whatever). 2. Merchant reads and enters your CVV (or CVC or CVV2 or CID) into whatever. 3. Authorization request is sent to the processor. 4. Processor compares PAN and CVV to their records. 5. Processor makes a decision. 6. Processor responds to request. 7. Merchant's system discards CVV if it didn't already.
The CVV may not be saved by the merchant per PCI specs, and also per every processor spec that I'm aware of. If someone is able to get and match CVV etc with PAN, they do it by either intercepting authorization data or reching in and compromising processor and/or issuer databases that should not be connected to any external network. These should only be accessible by the 'inside' or secure side of trusted platforms, never externally.
So you should hear of CVV-type data being disclosed only by terminals or POS software being compromised, or by someone carrying the data out of a building.
And that Citi actually said this worries me just a little. Like hearing your 3rd grader's teacher telling you they always wear a condom to work. Um, why? that should NEVER be an issue, sirs.
Of course, Citi might just be covering their bases, claming that no other data, even the stuff that should not even be connected, was taken. Again, doing it wrong, guys.
ps - as an aside, there is a good chance that up to 30% of all cards in use have been compromised somehow, and no one bothers to replace them. Too expensive, they will run out of numbers faster than IPv4, and they handle the ongoing threat of fraud with existing fraud systems. No problem. Well, not much of a problem. I bet Citi doesn't even bother to replace these cards.
Second aside, while waiting a month sounds bad, perhaps Citi was gathering history and understanding how these details would be used, to both crack the fraud rings and maybe connect them to the infiltrators. This will happen more and more as the banks especially decide to fight back and make an effort to find the perps of the intrusions. And about time.
"Stallman claims that eBook retailers can still support authors and retain buyers' freedoms by distributing tax funds to authors based on their popularity, or by "designing players so users can send authors anonymous voluntary payments".
Ok, so RMS recommends we use tax dollars to pay authors according topopularity?
He recommends we use tax dollars to pay authors?
He WHAT? Who is impersonating RMS? Is he insane?
Now I get the whole Stallman mystique. He looks for solutions to problems that do not exist or do not require resolution, along with looing for solutions to problems that DO exist and also deserve resolution. This time, he is doing the former.
Remember the TV show 'Paper Chase'? The opening sequence with the crusty professor finishing with the line 'you'll leave thinking like lawyers'?
For many fields, college is more about teaching you how to think than it is teaching you what things are. Actually, it used to be that, but now it's very at least as much 'what to think' as it is 'how to think'. And those goals are somewhat exclusive of one another.
College should, I think, focus on the how to think, how to learn, and in the process also deposit significant fundamental knowledge. Especially in a field like IT, where new things come up more often than every four years, to expect a lifelong grounding in all that is on a particular topic is unrealistic, and short-lived. If you learned Fortan in college, you are not that far from learning Java. More importantly, did you learn how to program? That serves you no matter the particular language you use.
I'm going through a series of college lectures on Java programming, and in the second lecture, the presenter drops this toss-off line:
"...turns left, like a good Democrat..."
If you've taken the course, or heard the lectures, you know now... But the remark was just plain out of place. Political science is a few buildings away.
It's this sort of thing that makes me wonder if college is enough about 'how to think', or too much about 'what to think'. Aside from that remark, and one other, this lecturer is focused on the 'how to think' goal, spiced with basic Java stuff. This has value for me. I'll add Java to my resume when I can demonstrate some proficiency. That will mean some projects for friends and willing guinea pigs, and some things on my own web page. That is the geek version of a diploma. This I want and need.
You could try a cheaper college. High-end colleges appeal to those who intend to go into research or the high-paying stratum, but for the rest, perhaps your local state college (assuming it's not OSU for instance, maybe) is an option. Good training in fudamentals is not the exclusive province of $50k+/yr schools. And you might get a job in youir intended field even before you graduate... It happens. I seen it....
Ditto for certs. Learn how to learn and avoid the boot camps.
Ditto here. I've worked in the IT field for 21+ years, was almost exclusively self-taught, and make good money. I'm a generalist, which disqualifies me for the sort of short-lived, high-pressure, technically focused jobs that appeal to H1Bs and graduates.
But I'm learning Java, 'cause it's here to stay, widely used, and I don;t have to be proficient in it to be employable. Just knowledgable. Sometimes, there is value in being able to deal with the coders and get them back on track. Sometimes, it's just about being able to spot the problem and describe it to the coders in language they can understand. Telling them that the input box keeps defaulting to the previous value get the response 'um, yeah, that's how to works'. The user, on the other hand, gets frustrated telling the support weasels that the behavior requires them to back out of the screen and come back in again, cause the value can't be edited once it's been entered, and that by itself sucks when they have to enter a few hundred data points on the same screen each week.
Is that intellectual? I don't think so. Wrong question.
When I did sales work that sprang from my technical consulting, I rarely got anything. Then I spoke up. The deal we reached was that I would split the commission 50-50 with the salesperson if I did these things:
1. Wrote the proposal, both the sales and technical. I was writing up the tech proposal anyways. 2. I made the presentation and got the approval. 3. The salesperson was only required to draft contracts, get pricing, and arrange delivery of the hardware (if any).
Only complaint I had was when I sold a project to a client, not knowing they had turned away the salesperson repeatedly - he failed to make the technical case for the project, largely because he was trying to avoid involving me. I wond that too, since the boss told this tool he could avoid the entire conflict by giving up the account. Oh, and I piled on asking for the entire commission, seeing as I had brought the job in after a year of failure. I was happy with half.
But this requires you to do more than what you're doing now. Probably.
"many other dictatorial regimes composed of blowhards, up to and including the modern US Republicans/TeePartiers."
"Whenever they start accusing someone else of something, assume either (a) they're doing it themselves or (b) they're doing something far worse and trying to draw attention away from it."
It took almost 2 years and major hardware evolution for Flash to run on Android. To put it another way, it took major evolution in display acceleration and a major compromise in battery life to get Flash on Android. I have a G1. I remember the promises that Flash would come in the Spring of 2009. Ha.
Apple still thumbs its nose at Adobe, ignoring Flash.
If Microsoft can port.NET to ARM, it will open more options for them, but why would ARM developers WANT.NET? I know why Windows devs want it, but WM7 is such a terrible OS that Microsoft seems to have to tie a pork chop around its neck to get anyone to use it. And no one really trusts Microsoft to not pull a CE and render it obsolete and un-upgradeable next year. My G1 is running Froyo now, courtesy of a rooted ROM, and all those CE phones were in the trash a while ago. Even Apple has preserved some of their older phones, though the performance hit is noticeable. My G1 creaks and groans too. Actually, that's not fair. Windows was out of the phone market from some time in 2007-2008 until 2010, and the Kin . Entirely uncompetitive. Almost a comic strip. THAT was a CE phone, and probably the last..NET on phones is a solution no one asked the question for. Microsoft woudl be better off writing a mobile-focused JVM and adding an Android compatibility layer. That would cause trouble. But I think RIM is already ahead of them.
Well, the biggest problem Windows has EVER had is the unmanageable driver base. Every device manufacturer has their own take on chipsets and BIOS details, they mix in different firmware versions of disk, network, and various comm I/O, and it results in a system that has multiple drivers of varying quality with the potential for interaction and bad behavior. Apple sidesteps this with a controlled hardware environment, but Microsoft is stuck with a multiplicity of vendors, and some really suck. Even Intel delivers bad drivers, so that their chipsets flake out in interesting ways, and you wait for fixes that end up never coming, and you blame Windows, Intel, and everyone. And it just sucks.
Yet Android, cause it's O P E N, gets a pass because it also must live in a terrible hardware landscape, but it's O P E N. We complain about the Android 'fragmentation', and how so many devices are being introduced with Froyo and not Gingerbread, but with the fragmented hardware they have to work with, phone makers end up sticking with a well-understood release until they get their arms around the next one and then they either offer an OTA upgrade, or as often as not, they don't bother 'cause the phone is too old. Look, you generally get hitched to a carrier for 24 months, and then you renew. Time to upgrade. If your phone is 18 months old, don't expect the maker to expend too much effort unless you think they deliberately want you to avoid buying a new one. And the makers are getting such a subsidy from the carriers that they have every reason to crank out new models constantly and heat up the market for the next insanely great phone.
So Android is in the same boat as Windows (and Linux), supporting a multiplicty of hardware options, though Android handles it well at the manufacturer level, while Windows still struggles with drivers and all the nastiness under the hood that shows up as blue screens and reboots. Windows is making progress isolating the core from some drivers, but ultimately they can't do it all unless Windows gets virtual. Which moves the driver wars to the kernel and a hypervisor/etc. Still a fight. And if you want graphic performance for gaming, well, you get to touch the display hardware even more intimately, and the fight is back on.
Well, dogs flew spaceships. Whatever preceded the CIA obviously had access to alien technology, so when they came here from Orion on Z-80 powered ships, well, we naturally embedded these in videogames to find gifted teenagers to pilot our planetary defense fighters.
And that's where Howard Stark came from. All clear now? Good. Enjoy the rest of the movie.
What's this noise about malware on OS X? How can that be?
First, it's not that big a target, so the serious malware vendors won't write for it. Not enough market.
Second, OS X is substantially more secure than other OSs, so it is not only a more formidable target, but is also natively resistant. So infections are either extremely rare, or nonexistent.
Third, Apple users are just plain smarter AND dumber than the rest of us. So they either avoid the infection by not engaging in risky behavior, or never stray into the path of malware at all.
And last, Apple has assured their users that OS X is simply better than that. It doesn't suffer the slings and arrows of outrageous misfortune that other OSs do, by design.
I cannot, and refuse to, belive that there is any significant threat in the wild that requires Apple to issue a response and patch against. And you cannot make me, no matter how hard you try. You cannot convince me even if you can refute each of my assertions, because Apple user I know and trust assure me, even this morning, that this is nothing but an overreaction by Apple to appease the mass media and keep Ballmer from more destruction and mayhem. Oh, and if it were important, Mr. Jobs would have addressed it personally.
There is the small detail of delivering these people from slavery, you know, the plagues, parting the Red Sea, blah blah blah.
And the whole point of "keep trying to get people to believe in myths and fairy tales.", such as government programs that will solve the problems of healthcare financing and of course security against terrorism that threatens our Constitutional protections.
You see, it's all a matter of which side you're on...
I'm convinced that the manufacturers have jumped on the widescreen bandwagon because it relieves them suffering higher component costs.
In LCDs, I suspect, one dimension ('length') is cheap. If you are making ribbons of glass, the length of that ribbon is virtually limitless. Keep feeding it raw material, keep the machine working correctly, and you get glass that you cut off at the other end. Paper machines work on this principle, except they generally roll the paper at the dry end.
Now, the other dimension, width, is where the real money is. Wider glass requires wider machines, with the attendant expenses of larger mechanisms, more maintenance, more difficult control, and all that. Paper machines suffer this also. You see this in printers and copiers as well.
So, widescreen panels are attractive to manufacturers because they can sell us 'bigger' which is NOT.
This leads, for instance, to the realization that 1 27" flat panel HDTV isn't nearly as big as your old 27" console XL100 CRT TV. Sure, it's wider, but it's not as tall. And losing either dimension leaves you with, well, less.
Darn. We been hoodwinked. And I want a screen that's taller, since I am portrait-centric in displaying documents. Not gonna happen.
Issuers don't much care, except that fraud impacts their customers (card holders). The dispute process lets them shift the risk to the merchants (spammers). Acquirers suffer if their merchants are substantially less honest, since the dispute process actually costs processors more in prestige, but at high levels starts to impact overhead. The Internet poker business is the most visible example - it existed primarily because the processors could slip charges through with obscure descriptions, stay offshore, and avoid direct attack by governments. This recently broke down. Spamming could suffer the same fate if the U.S. Justice Department decided to go after them, though the underlying legal argument is much less clear and so less likely to be the basis for an enforcement action.
Processors make money on the discount, the amount they keep based on the value of the transaction. They don't really lose money when those transactions are challenged and reversed, since they are paid for the transaction, not the sale. The acquirers are more vulnerable. Link spammers to banks, and then the banks become 'spam enablers'. Maybe this works.
ps - I'm unaware of ANY 'poorly self-regulated processors'. That business punishes poor performance very quickly and very harshly.
Don't bother. The processors have fraud detection systems that are sensistive to a few card numbers. Any processor tryng to spam the actual issuers will find out quickly it won't work.
Really.
But going after the few processors that serve the majority of spammers is not impossible. Perhaps better to answer the spam and buy stuff, then dispute the charges, and taint the spammers so much that the processors have to give up on them. And the spammers won't be able to just move to a new processor - they tend to share data on deadbeat 'merchants'.
Except this doesn't work well enough to deal with the offshore poker houses. Better to get the spammers labeled as illegal. Card issuers hate that.
"7: Look at what the app asks for security permissions. If a notepad app wants access to your contacts, phone, SMS, or perhaps even pops up the su dialog, get rid of it ASAP."
So, I gather you will avoid AKNotepad, even though it declared the requested permision for an actual feature?
Pretty much what hawguy said. Most major retailers have arrangements with the issuers to acceptvchargebacks for nonswiped transactions, and Amazon is in the nonswiped or 'card not present' model. So they tolerate the chargebacks.
Also, many processors allow a merchant (Amazon, perhaps) to process a card again if previously successful. Still subject to other fraud rules, but they can do it without the CVV etc.
The CVV is useful to merchants that are in the nonswipe model, and wish to have the extra authenticationm, as it proves that either they or the customer actually had the card, at some time, in their posession. If the 'customer' is a thief, well, then it's on to the other criteria, like did you get a signature, did the product get shipped elsewhere, etc.
Some terminals will prompt for CVV in response to a query from the processor. This usually indicates the card or transaction is suspicious.
CVV is not required. It is helpful.
Precisely. But it should be stored on systems so inaccessible to the outside, as to be impervious.
I know, that. sounds. naive. But it can be done.
A processor Or bank never needs to send CVV out at all, except as it is needed to load new accounts, and then of course encrypted for the exchange and over a secured link. I know, naive again.
Yup, we encrypt our log file. we haven;t figured out how to scrub RAM, but it's being worked on.
Um, of COURSE CVV data wasn't compromised... What nimrod would store CVV in the same system as PAN? (That's Primary Account Number, for those of you who don't play with credit card data enough to stop using 'card number' as the term).
In fact, just stating that CVV wasn't compromised bugs me. That should NEVER be exposed to anything that returns data. Heres how it should work:
1. Merchant swipes your card into terminal (or keys it into whatever).
2. Merchant reads and enters your CVV (or CVC or CVV2 or CID) into whatever.
3. Authorization request is sent to the processor.
4. Processor compares PAN and CVV to their records.
5. Processor makes a decision.
6. Processor responds to request.
7. Merchant's system discards CVV if it didn't already.
The CVV may not be saved by the merchant per PCI specs, and also per every processor spec that I'm aware of. If someone is able to get and match CVV etc with PAN, they do it by either intercepting authorization data or reching in and compromising processor and/or issuer databases that should not be connected to any external network. These should only be accessible by the 'inside' or secure side of trusted platforms, never externally.
So you should hear of CVV-type data being disclosed only by terminals or POS software being compromised, or by someone carrying the data out of a building.
And that Citi actually said this worries me just a little. Like hearing your 3rd grader's teacher telling you they always wear a condom to work. Um, why? that should NEVER be an issue, sirs.
Of course, Citi might just be covering their bases, claming that no other data, even the stuff that should not even be connected, was taken. Again, doing it wrong, guys.
ps - as an aside, there is a good chance that up to 30% of all cards in use have been compromised somehow, and no one bothers to replace them. Too expensive, they will run out of numbers faster than IPv4, and they handle the ongoing threat of fraud with existing fraud systems. No problem. Well, not much of a problem. I bet Citi doesn't even bother to replace these cards.
Second aside, while waiting a month sounds bad, perhaps Citi was gathering history and understanding how these details would be used, to both crack the fraud rings and maybe connect them to the infiltrators. This will happen more and more as the banks especially decide to fight back and make an effort to find the perps of the intrusions. And about time.
FTFA:
"Stallman claims that eBook retailers can still support authors and retain buyers' freedoms by distributing tax funds to authors based on their popularity, or by "designing players so users can send authors anonymous voluntary payments".
Ok, so RMS recommends we use tax dollars to pay authors according topopularity?
He recommends we use tax dollars to pay authors?
He WHAT? Who is impersonating RMS? Is he insane?
Now I get the whole Stallman mystique. He looks for solutions to problems that do not exist or do not require resolution, along with looing for solutions to problems that DO exist and also deserve resolution. This time, he is doing the former.
Sheesh.
IBM's Host On Demand may suck, but it's functional for most terminal users, and there is a big market for it. And it's respectable.
Do you need more examples? Or are you just spewing? Java does, in fact, work. What would you choose for an open-source mobile platform? Python?
Remember the TV show 'Paper Chase'? The opening sequence with the crusty professor finishing with the line 'you'll leave thinking like lawyers'?
For many fields, college is more about teaching you how to think than it is teaching you what things are. Actually, it used to be that, but now it's very at least as much 'what to think' as it is 'how to think'. And those goals are somewhat exclusive of one another.
College should, I think, focus on the how to think, how to learn, and in the process also deposit significant fundamental knowledge. Especially in a field like IT, where new things come up more often than every four years, to expect a lifelong grounding in all that is on a particular topic is unrealistic, and short-lived. If you learned Fortan in college, you are not that far from learning Java. More importantly, did you learn how to program? That serves you no matter the particular language you use.
I'm going through a series of college lectures on Java programming, and in the second lecture, the presenter drops this toss-off line:
"...turns left, like a good Democrat..."
If you've taken the course, or heard the lectures, you know now... But the remark was just plain out of place. Political science is a few buildings away.
It's this sort of thing that makes me wonder if college is enough about 'how to think', or too much about 'what to think'. Aside from that remark, and one other, this lecturer is focused on the 'how to think' goal, spiced with basic Java stuff. This has value for me. I'll add Java to my resume when I can demonstrate some proficiency. That will mean some projects for friends and willing guinea pigs, and some things on my own web page. That is the geek version of a diploma. This I want and need.
Intellectual?
You make geek sound political... Wow, that sucks.
You could try a cheaper college. High-end colleges appeal to those who intend to go into research or the high-paying stratum, but for the rest, perhaps your local state college (assuming it's not OSU for instance, maybe) is an option. Good training in fudamentals is not the exclusive province of $50k+/yr schools. And you might get a job in youir intended field even before you graduate... It happens. I seen it....
Ditto for certs. Learn how to learn and avoid the boot camps.
Ditto here. I've worked in the IT field for 21+ years, was almost exclusively self-taught, and make good money. I'm a generalist, which disqualifies me for the sort of short-lived, high-pressure, technically focused jobs that appeal to H1Bs and graduates.
But I'm learning Java, 'cause it's here to stay, widely used, and I don;t have to be proficient in it to be employable. Just knowledgable. Sometimes, there is value in being able to deal with the coders and get them back on track. Sometimes, it's just about being able to spot the problem and describe it to the coders in language they can understand. Telling them that the input box keeps defaulting to the previous value get the response 'um, yeah, that's how to works'. The user, on the other hand, gets frustrated telling the support weasels that the behavior requires them to back out of the screen and come back in again, cause the value can't be edited once it's been entered, and that by itself sucks when they have to enter a few hundred data points on the same screen each week.
Is that intellectual? I don't think so. Wrong question.
When I did sales work that sprang from my technical consulting, I rarely got anything. Then I spoke up. The deal we reached was that I would split the commission 50-50 with the salesperson if I did these things:
1. Wrote the proposal, both the sales and technical. I was writing up the tech proposal anyways.
2. I made the presentation and got the approval.
3. The salesperson was only required to draft contracts, get pricing, and arrange delivery of the hardware (if any).
Only complaint I had was when I sold a project to a client, not knowing they had turned away the salesperson repeatedly - he failed to make the technical case for the project, largely because he was trying to avoid involving me. I wond that too, since the boss told this tool he could avoid the entire conflict by giving up the account. Oh, and I piled on asking for the entire commission, seeing as I had brought the job in after a year of failure. I was happy with half.
But this requires you to do more than what you're doing now. Probably.
"many other dictatorial regimes composed of blowhards, up to and including the modern US Republicans/TeePartiers."
"Whenever they start accusing someone else of something, assume either (a) they're doing it themselves or (b) they're doing something far worse and trying to draw attention away from it."
Well played, sir. The irony is deafening...
It took almost 2 years and major hardware evolution for Flash to run on Android. To put it another way, it took major evolution in display acceleration and a major compromise in battery life to get Flash on Android. I have a G1. I remember the promises that Flash would come in the Spring of 2009. Ha.
Apple still thumbs its nose at Adobe, ignoring Flash.
If Microsoft can port .NET to ARM, it will open more options for them, but why would ARM developers WANT .NET? I know why Windows devs want it, but WM7 is such a terrible OS that Microsoft seems to have to tie a pork chop around its neck to get anyone to use it. And no one really trusts Microsoft to not pull a CE and render it obsolete and un-upgradeable next year. My G1 is running Froyo now, courtesy of a rooted ROM, and all those CE phones were in the trash a while ago. Even Apple has preserved some of their older phones, though the performance hit is noticeable. My G1 creaks and groans too. Actually, that's not fair. Windows was out of the phone market from some time in 2007-2008 until 2010, and the Kin . Entirely uncompetitive. Almost a comic strip. THAT was a CE phone, and probably the last. .NET on phones is a solution no one asked the question for. Microsoft woudl be better off writing a mobile-focused JVM and adding an Android compatibility layer. That would cause trouble. But I think RIM is already ahead of them.
Well, the biggest problem Windows has EVER had is the unmanageable driver base. Every device manufacturer has their own take on chipsets and BIOS details, they mix in different firmware versions of disk, network, and various comm I/O, and it results in a system that has multiple drivers of varying quality with the potential for interaction and bad behavior. Apple sidesteps this with a controlled hardware environment, but Microsoft is stuck with a multiplicity of vendors, and some really suck. Even Intel delivers bad drivers, so that their chipsets flake out in interesting ways, and you wait for fixes that end up never coming, and you blame Windows, Intel, and everyone. And it just sucks.
Yet Android, cause it's O P E N, gets a pass because it also must live in a terrible hardware landscape, but it's O P E N. We complain about the Android 'fragmentation', and how so many devices are being introduced with Froyo and not Gingerbread, but with the fragmented hardware they have to work with, phone makers end up sticking with a well-understood release until they get their arms around the next one and then they either offer an OTA upgrade, or as often as not, they don't bother 'cause the phone is too old. Look, you generally get hitched to a carrier for 24 months, and then you renew. Time to upgrade. If your phone is 18 months old, don't expect the maker to expend too much effort unless you think they deliberately want you to avoid buying a new one. And the makers are getting such a subsidy from the carriers that they have every reason to crank out new models constantly and heat up the market for the next insanely great phone.
So Android is in the same boat as Windows (and Linux), supporting a multiplicty of hardware options, though Android handles it well at the manufacturer level, while Windows still struggles with drivers and all the nastiness under the hood that shows up as blue screens and reboots. Windows is making progress isolating the core from some drivers, but ultimately they can't do it all unless Windows gets virtual. Which moves the driver wars to the kernel and a hypervisor/etc. Still a fight. And if you want graphic performance for gaming, well, you get to touch the display hardware even more intimately, and the fight is back on.
It's always been ugly. Goes with the territory.
Decaf.
Just sayin.
So the Apple store has never had any rogue apps find their way in?
And the Android store, likewise, has never, and will never, approve an app that is a risk?
Security by corporate moderation. I'm not at all comforted by that.
Well, dogs flew spaceships. Whatever preceded the CIA obviously had access to alien technology, so when they came here from Orion on Z-80 powered ships, well, we naturally embedded these in videogames to find gifted teenagers to pilot our planetary defense fighters.
And that's where Howard Stark came from. All clear now? Good. Enjoy the rest of the movie.
What's this noise about malware on OS X? How can that be?
First, it's not that big a target, so the serious malware vendors won't write for it. Not enough market.
Second, OS X is substantially more secure than other OSs, so it is not only a more formidable target, but is also natively resistant. So infections are either extremely rare, or nonexistent.
Third, Apple users are just plain smarter AND dumber than the rest of us. So they either avoid the infection by not engaging in risky behavior, or never stray into the path of malware at all.
And last, Apple has assured their users that OS X is simply better than that. It doesn't suffer the slings and arrows of outrageous misfortune that other OSs do, by design.
I cannot, and refuse to, belive that there is any significant threat in the wild that requires Apple to issue a response and patch against. And you cannot make me, no matter how hard you try. You cannot convince me even if you can refute each of my assertions, because Apple user I know and trust assure me, even this morning, that this is nothing but an overreaction by Apple to appease the mass media and keep Ballmer from more destruction and mayhem. Oh, and if it were important, Mr. Jobs would have addressed it personally.
So the answer is no.
"Yeah, around these parts felons can't buy guns."
Worth repeating...
There is the small detail of delivering these people from slavery, you know, the plagues, parting the Red Sea, blah blah blah.
And the whole point of "keep trying to get people to believe in myths and fairy tales.", such as government programs that will solve the problems of healthcare financing and of course security against terrorism that threatens our Constitutional protections.
You see, it's all a matter of which side you're on...
I'm convinced that the manufacturers have jumped on the widescreen bandwagon because it relieves them suffering higher component costs.
In LCDs, I suspect, one dimension ('length') is cheap. If you are making ribbons of glass, the length of that ribbon is virtually limitless. Keep feeding it raw material, keep the machine working correctly, and you get glass that you cut off at the other end. Paper machines work on this principle, except they generally roll the paper at the dry end.
Now, the other dimension, width, is where the real money is. Wider glass requires wider machines, with the attendant expenses of larger mechanisms, more maintenance, more difficult control, and all that. Paper machines suffer this also. You see this in printers and copiers as well.
So, widescreen panels are attractive to manufacturers because they can sell us 'bigger' which is NOT.
This leads, for instance, to the realization that 1 27" flat panel HDTV isn't nearly as big as your old 27" console XL100 CRT TV. Sure, it's wider, but it's not as tall. And losing either dimension leaves you with, well, less.
Darn. We been hoodwinked. And I want a screen that's taller, since I am portrait-centric in displaying documents. Not gonna happen.
Issuers don't much care, except that fraud impacts their customers (card holders). The dispute process lets them shift the risk to the merchants (spammers). Acquirers suffer if their merchants are substantially less honest, since the dispute process actually costs processors more in prestige, but at high levels starts to impact overhead. The Internet poker business is the most visible example - it existed primarily because the processors could slip charges through with obscure descriptions, stay offshore, and avoid direct attack by governments. This recently broke down. Spamming could suffer the same fate if the U.S. Justice Department decided to go after them, though the underlying legal argument is much less clear and so less likely to be the basis for an enforcement action.
Processors make money on the discount, the amount they keep based on the value of the transaction. They don't really lose money when those transactions are challenged and reversed, since they are paid for the transaction, not the sale. The acquirers are more vulnerable. Link spammers to banks, and then the banks become 'spam enablers'. Maybe this works.
ps - I'm unaware of ANY 'poorly self-regulated processors'. That business punishes poor performance very quickly and very harshly.
Let me get this straight; some ad software doesn't need to contact the ad servers?
Don't bother. The processors have fraud detection systems that are sensistive to a few card numbers. Any processor tryng to spam the actual issuers will find out quickly it won't work.
Really.
But going after the few processors that serve the majority of spammers is not impossible. Perhaps better to answer the spam and buy stuff, then dispute the charges, and taint the spammers so much that the processors have to give up on them. And the spammers won't be able to just move to a new processor - they tend to share data on deadbeat 'merchants'.
Except this doesn't work well enough to deal with the offshore poker houses. Better to get the spammers labeled as illegal. Card issuers hate that.
Good luck. I'm not hopeful.
"7: Look at what the app asks for security permissions. If a notepad app wants access to your contacts, phone, SMS, or perhaps even pops up the su dialog, get rid of it ASAP."
So, I gather you will avoid AKNotepad, even though it declared the requested permision for an actual feature?