In some parts of the U.S., 'lighter compelxion' would be different.
You need to get out more. The U.S. is not nearly so homogeonous as it was when I was young. And this is not a bad thing, just inevitable. We allow legal immigration on a scale much greater than most nations on Earth. Illegal immigration just tilts the statistics. And causes other problems that legal immigration does not.
I get certificate warnings for internal sites, inside the firewall, without having accessed anything external. Yes, our CA people and developers are morons. No, let me state that more clearly. They are offshored, overpaid by a factor of five, patent leather morons. And they all talk too fast, fail to deliver a statement of work, and fail to deliver even what they say they will, in writing, before witnesses. But I digress.
Certificate warnings are relatively pointless, because they point out a technical flaw without distiguishing between bookeeping flaws, expired or poorly minted certificates due to simple incompetence, private certificates that serve the purpose, and actual explotations.
Many of our certificates at work would raise warnings, and do when I indulge in testing, but the sites are application-specific. A browser never needs to access these, and doesn't unless I'm verifying connectivity. Otherwise, the firewalls and application rules kick in and discourage an attacker by either blocking their IP or delaying response and slowing the attack to a crawl.
I get these warnings pretty regularly on public sites, and generally ignore them. But anything I was linked to, or referred, or a URL I am not entirely sure of, I either close the session and start over, or try it on my phone.
So far, my phone has shrugged off some clever but Windows-specific attacks. Always fun to revel in the agony of others.
'Our' submission files use combinations of fixed-length and variable-length fields. Fixed-length is easy, but variable-length is usually designated by a check byte that tells you what sort of data follows. Our submission file can overall be submitted as either fixed-length or variable length. Yes, the terms are mixed in the specification.
Why?
Well, among other things, many submission files include data intended for disparate systems. Some of these systems are new and purpose-built, and the data format is fairly efficient, but some systems are ancient and were never intended to do what they do today. It happens.
Some systems talk EBCDIC, some can't tolerate decimal, others are sensitive to input data. One can't pass anything above dec 0x127. One has to accept a binary blob. Yep, we have to parse that stuff out and mske sure it goes to the right system. Input validation is a bear.
I'm amused at this problem, as allowing that much field width for transaction amounts is pretty bad design. It is supremely unlikely to see a $10,000,000 charge for your typical cardholder. Even for your commercial cardholder. Just an unfortunate example of bad execution. Here, fixed-width is your friend.
And yes, an XML file would be magnificent. How would we improve things when most of our systems cannot parse XML? No, doing that much parsing in a separate system system is not worth the cycles, and interpreting data is left to the actual receiving system. And while XML is extensible, you don't want that in a submission file. It is supposed to conform to the specification.
As an analogy, you don't answer your teen-age daughter's phone calls and then scream the conversation to her and scream her responses back to the caller. When you realize the call (data field) is for her (other system) you just hand the phone (data) to her. Let her deal with it. If she has a question for you, like how much money can she have to buy something, you deal with that.
XML is not the solution. Neither is putting everything on one system. Those of you in the card business know why fraud stays off to the side. Like integrating anti-virus into Windows for instance. Once some processes are integrated into others, it becomes *one* process. Checks and balances disappear. Chaos reigns.
Oh, and it wasn't as simple as padding with spaces. Space is hex 20. Zero is hex 30. They should have been been billed 30 quadrillion-something. More likely it was a bad conversion. Still reason to waterboard the testers.
You should try converting packed binary to some flavor of EBCDIC, not knowing in advance which particular version EBCDIC they meant.
I work in this industry. The only novelty here is that the error got into production, and was not caught and corrected before it went that far.
Submitters send files to processors which are supposed to be formatted according to specifications.
Note I wrote 'supposed to be'.
Some submitters do, from time to time, change their code, and sometimes they get it wrong. For instance padding a field with spaces instead of zeros. Woopsie...!
Seems that's what happened here. Sounds like a hex or dec field got padded with hex 20, and boom.
This is annoying, especially when the processor gets to help correct the overwhelming number of errors, and then tries to explain that it wasn't their fault. Plenty of blame to go around with this one.
And then explains why they don't both validate/sanitize input, and test for at least some reasonable maximum value in the transaction amount. A max amount of $10,000,000 would have fixed this. That and an obvious lapse in testing. This is what keeps my bosses awake sometimes, fearing they will end up on the front page of the fishwrap looking stupid 'cause their overworked minions screwed something up, or didn't check, or didn't test very well. I love one of the guys we have testing. He's insufferable, and he catches genuine show-stoppers on a regular basis. They can't pay him what he's been worth, literally $millions, just in avoiding downtime and re-working code that went too far down the wrong path.
Believe me, this is in some ways preferable to getting files with one byte wrong that doesn't show up for a month, or sending the wrong data format (hex instead of packed binary or EBCDIC, for instance) and crashing the process completely. Please, I know data should never IPL a system. Tell it to the architects, please. As if they don't know now, after the one crash...
If you knew what I know, you'd chuckle and share this story with some of your buddies in development and certification.
And pray a little.
At least it didn't overbill the cardholders by $.08/transaction. That would suck. This is easy by comparison. Just fix the report data. Piece of cake. Evening's worth of coding and slam it out in off-peak time. Hahahahaha!
If they are that important, perhaps they should have patented them?
Just a thought. After all, you can patent a ham sandwich nowadays, so it can't be too hard to patent something actually *useful*. And it would hopefully keep them out of the public's hands.
Then again, perhaps it's time for new inkblots. They did it once... Not like it's rocket science or anything...
"Seriously, this kid sounds like he must have no friends or social life."
This doesn't disqualify him from commenting on his peers' behavior, does it?
"I mean it is helping in places like Iran and Eastern Asia."
I'm pretty sure this is both an abberation (a good one, BTW, and I applaud it) and not related to the behavior of 15-year-olds using Twitter for less noble purposes. Which is fine too.
"Twitter is one thing, but a 15 year old who is trashing video game consoles saying they are replacing cell phones? How long has this kid had a cell phone to begin with that the game consoles are replacing them?"
You may have missed the point. Texting is replacing voice. Consoles are competing very well for teens' texting business. Voice is still not practical on consoles. But fear not. Consoles and phones are converging. You won't have this dilemma in a couple of years, tops. Oh yeah, your next point will be moot then, if not earlier.
"This kid needs to go out and play with some kids his age and enjoy his childhood instead of hanging with Morgan Stanley analyst."
Excellent idea. Right after he finished his work experience. How many of his peers are busy this summer watching ANOTHER TWILIGHT MOVIE! OMG! and woofing Aspartame by the pint? I pick this kid to be the winner.
"removal of laws designed to prevent fraud, at the beginning of George W. Bush's first term"
Are you referring to the repeal of Glass-Steagall?
That was signed into law by Bill Clinton. A distinction, and not quite the way you intended it.
At least let's not disguise history too much, ok?
If you were referring to some other legislation, please let me know. I'm trying to keep track of these things, and the second Bush administration took some time to get around to that, if I recall.
You will have to convince your boss to get an adjustable table, or your co-worker(s) to stand also, or use a stool when they are at your station.
But overall, it's cheap.
ps- You live too far away. Those 3 hours a day ruin your plan to work out. Just getting an hour closer gives you 2 hours a day to stop at a gym on the way home and fix this. I did this for almost 9 years, first working 8 hours at a site 2.5 hrs away, and then at another site just 2 hrs away but 9.5 hours a day (don't ask). It's not pleasant, and I moved an hour closer once. Then my assignment changed and I was 1 hr away from the new site, instead of 15 mins. Grrr.
On the face of it, this is a fraudulent on the part of the paper:
- They published the item as if it were submitted by her, which it was not.
- They published the item as if they had permission to do so. It appears they did not.
- They published the item as if it were intended to be published in their paper. It seems not.
But copyright is so broken, she should sue for fraud along with much else, as some of the lawyers seem to suggest. Certainly she has a case for the paper exposing her to harm she did not intend to expose herself to.
Her parents will probably have to sue individually.
But more to the point, this paper has, in my opinion, violated enough journalistic ethics to have lost any hope of excusing their conduct. If I wrote a blog accessible by subscription only, and some editor got a copy of it from a friend, I would NOT expect them to publish it without my permission. First, by subscription only should mean I don't intend it to be 'public'. Second, it's not theirs, it's MINE.
Oh, wait, did the paper get permission from MySpace? Bet not. Whammy.
You can tell I'm not a lawyer. I'm interesting in what's right, not what's legal.
Until they get the other rover over to hook up the winch and drag the poor thing out of the muck.
Seriously, I don't doubt this is possible, and they are only waiting for the other team to give in and 'waste' the time driving over and hauling it's little bitty buddy to freedom.
Though maybe another wind event would solve this problem?
"a)Obviously photoshopped pics that b)no one would have ever seen if not for the prosecution of the case."
a)is a crime less because of the lack of skill of the criminal?
b)I assumed that these pics were, in fact, intended to be made available. Though distribution to a law enforcment officer is usually enough to charge someone with intent.
An interesting conundrum...
We are talking porn here. Children can't give consent to that.
Don't expand this into some form of artistic expression. Though if you want to eliminate laws against pornography, I can live with that. Let's just be consistent.
Pictures of me as a child look just like me as a child. I recognized a picture of me at 5 the instant I saw it in a photographer's studio. He acquired it when he bought out the original photographer's business.
I thought the sequel was already done... Three times over, in fact...
Guess what *I'm* allergic to.
Ignat.
What?
In some parts of the U.S., 'lighter compelxion' would be different.
You need to get out more. The U.S. is not nearly so homogeonous as it was when I was young. And this is not a bad thing, just inevitable. We allow legal immigration on a scale much greater than most nations on Earth. Illegal immigration just tilts the statistics. And causes other problems that legal immigration does not.
I get certificate warnings for internal sites, inside the firewall, without having accessed anything external. Yes, our CA people and developers are morons. No, let me state that more clearly. They are offshored, overpaid by a factor of five, patent leather morons. And they all talk too fast, fail to deliver a statement of work, and fail to deliver even what they say they will, in writing, before witnesses. But I digress.
Certificate warnings are relatively pointless, because they point out a technical flaw without distiguishing between bookeeping flaws, expired or poorly minted certificates due to simple incompetence, private certificates that serve the purpose, and actual explotations.
Many of our certificates at work would raise warnings, and do when I indulge in testing, but the sites are application-specific. A browser never needs to access these, and doesn't unless I'm verifying connectivity. Otherwise, the firewalls and application rules kick in and discourage an attacker by either blocking their IP or delaying response and slowing the attack to a crawl.
I get these warnings pretty regularly on public sites, and generally ignore them. But anything I was linked to, or referred, or a URL I am not entirely sure of, I either close the session and start over, or try it on my phone.
So far, my phone has shrugged off some clever but Windows-specific attacks. Always fun to revel in the agony of others.
Padding is used in fixed-length fields.
There. Was that so hard?
Oh yeah, it is. Let me finish this.
'Our' submission files use combinations of fixed-length and variable-length fields. Fixed-length is easy, but variable-length is usually designated by a check byte that tells you what sort of data follows. Our submission file can overall be submitted as either fixed-length or variable length. Yes, the terms are mixed in the specification.
Why?
Well, among other things, many submission files include data intended for disparate systems. Some of these systems are new and purpose-built, and the data format is fairly efficient, but some systems are ancient and were never intended to do what they do today. It happens.
Some systems talk EBCDIC, some can't tolerate decimal, others are sensitive to input data. One can't pass anything above dec 0x127. One has to accept a binary blob. Yep, we have to parse that stuff out and mske sure it goes to the right system. Input validation is a bear.
I'm amused at this problem, as allowing that much field width for transaction amounts is pretty bad design. It is supremely unlikely to see a $10,000,000 charge for your typical cardholder. Even for your commercial cardholder. Just an unfortunate example of bad execution. Here, fixed-width is your friend.
And yes, an XML file would be magnificent. How would we improve things when most of our systems cannot parse XML? No, doing that much parsing in a separate system system is not worth the cycles, and interpreting data is left to the actual receiving system. And while XML is extensible, you don't want that in a submission file. It is supposed to conform to the specification.
As an analogy, you don't answer your teen-age daughter's phone calls and then scream the conversation to her and scream her responses back to the caller. When you realize the call (data field) is for her (other system) you just hand the phone (data) to her. Let her deal with it. If she has a question for you, like how much money can she have to buy something, you deal with that.
XML is not the solution. Neither is putting everything on one system. Those of you in the card business know why fraud stays off to the side. Like integrating anti-virus into Windows for instance. Once some processes are integrated into others, it becomes *one* process. Checks and balances disappear. Chaos reigns.
Oh, and it wasn't as simple as padding with spaces. Space is hex 20. Zero is hex 30. They should have been been billed 30 quadrillion-something. More likely it was a bad conversion. Still reason to waterboard the testers.
You should try converting packed binary to some flavor of EBCDIC, not knowing in advance which particular version EBCDIC they meant.
I work in this industry. The only novelty here is that the error got into production, and was not caught and corrected before it went that far.
Submitters send files to processors which are supposed to be formatted according to specifications.
Note I wrote 'supposed to be'.
Some submitters do, from time to time, change their code, and sometimes they get it wrong. For instance padding a field with spaces instead of zeros. Woopsie...!
Seems that's what happened here. Sounds like a hex or dec field got padded with hex 20, and boom.
This is annoying, especially when the processor gets to help correct the overwhelming number of errors, and then tries to explain that it wasn't their fault. Plenty of blame to go around with this one.
And then explains why they don't both validate/sanitize input, and test for at least some reasonable maximum value in the transaction amount. A max amount of $10,000,000 would have fixed this. That and an obvious lapse in testing. This is what keeps my bosses awake sometimes, fearing they will end up on the front page of the fishwrap looking stupid 'cause their overworked minions screwed something up, or didn't check, or didn't test very well. I love one of the guys we have testing. He's insufferable, and he catches genuine show-stoppers on a regular basis. They can't pay him what he's been worth, literally $millions, just in avoiding downtime and re-working code that went too far down the wrong path.
Believe me, this is in some ways preferable to getting files with one byte wrong that doesn't show up for a month, or sending the wrong data format (hex instead of packed binary or EBCDIC, for instance) and crashing the process completely. Please, I know data should never IPL a system. Tell it to the architects, please. As if they don't know now, after the one crash...
If you knew what I know, you'd chuckle and share this story with some of your buddies in development and certification.
And pray a little.
At least it didn't overbill the cardholders by $.08/transaction. That would suck. This is easy by comparison. Just fix the report data. Piece of cake. Evening's worth of coding and slam it out in off-peak time. Hahahahaha!
If they are that important, perhaps they should have patented them?
Just a thought. After all, you can patent a ham sandwich nowadays, so it can't be too hard to patent something actually *useful*. And it would hopefully keep them out of the public's hands.
Then again, perhaps it's time for new inkblots. They did it once... Not like it's rocket science or anything...
"Seriously, this kid sounds like he must have no friends or social life."
This doesn't disqualify him from commenting on his peers' behavior, does it?
"I mean it is helping in places like Iran and Eastern Asia."
I'm pretty sure this is both an abberation (a good one, BTW, and I applaud it) and not related to the behavior of 15-year-olds using Twitter for less noble purposes. Which is fine too.
"Twitter is one thing, but a 15 year old who is trashing video game consoles saying they are replacing cell phones? How long has this kid had a cell phone to begin with that the game consoles are replacing them?"
You may have missed the point. Texting is replacing voice. Consoles are competing very well for teens' texting business. Voice is still not practical on consoles. But fear not. Consoles and phones are converging. You won't have this dilemma in a couple of years, tops. Oh yeah, your next point will be moot then, if not earlier.
"This kid needs to go out and play with some kids his age and enjoy his childhood instead of hanging with Morgan Stanley analyst."
Excellent idea. Right after he finished his work experience. How many of his peers are busy this summer watching ANOTHER TWILIGHT MOVIE! OMG! and woofing Aspartame by the pint? I pick this kid to be the winner.
New Hampster touches Canadia, just in a not very interesting spot.
Vermont, on the other hand, touches Canadia upclose to Montreal. Much more fun than just trees.
Maine, of course, touches a lot more of Canadia, but it's all lower rent and not so much fun. Beautiful in its own way, but not Montreal.
And thankfully, Maine doesn't touch Vermont at all. Wierd shit in Vermont.
You are of limited experience. I, for one, know better.
I thought so. My research is for personal purposes. Trying to understand events. Sorry to waste your time.
If you had time to reference it then, you have time to reference it now. At least give me the legislation name. I'll go look at it if I feel the need.
ps- Not trying to be a jerk, just trying to learn something I don't know yet...
"removal of laws designed to prevent fraud, at the beginning of George W. Bush's first term"
Are you referring to the repeal of Glass-Steagall?
That was signed into law by Bill Clinton. A distinction, and not quite the way you intended it.
At least let's not disguise history too much, ok?
If you were referring to some other legislation, please let me know. I'm trying to keep track of these things, and the second Bush administration took some time to get around to that, if I recall.
- Burns calories
- Avoids slouching and back pain
You will have to convince your boss to get an adjustable table, or your co-worker(s) to stand also, or use a stool when they are at your station.
But overall, it's cheap.
ps- You live too far away. Those 3 hours a day ruin your plan to work out. Just getting an hour closer gives you 2 hours a day to stop at a gym on the way home and fix this. I did this for almost 9 years, first working 8 hours at a site 2.5 hrs away, and then at another site just 2 hrs away but 9.5 hours a day (don't ask). It's not pleasant, and I moved an hour closer once. Then my assignment changed and I was 1 hr away from the new site, instead of 15 mins. Grrr.
Stick out the trencher and get it caught on the other one. Yes, they might be stuck together forever. Darn.
You figured it out...
You missed my point. It's not about having a charger or not. It's the joy of wondering if I will be saving any money on my next phone purchase.
I already have plenty of left-over chargers. You're assuming I need one? That's the point of the EU rule - we have all kinds of lefover chargers.
ps- Many of the eBay chargers are crap. I need a $10 charger frying my $400 phone?
It's a great thing. I can lay hands on at least 6 mini-USB chargters I've got laying around.
But will phone prices go down even $10 for those phones that ship without a charger?
And will we be able to tell?
?
On the face of it, this is a fraudulent on the part of the paper:
- They published the item as if it were submitted by her, which it was not.
- They published the item as if they had permission to do so. It appears they did not.
- They published the item as if it were intended to be published in their paper. It seems not.
But copyright is so broken, she should sue for fraud along with much else, as some of the lawyers seem to suggest. Certainly she has a case for the paper exposing her to harm she did not intend to expose herself to.
Her parents will probably have to sue individually.
But more to the point, this paper has, in my opinion, violated enough journalistic ethics to have lost any hope of excusing their conduct. If I wrote a blog accessible by subscription only, and some editor got a copy of it from a friend, I would NOT expect them to publish it without my permission. First, by subscription only should mean I don't intend it to be 'public'. Second, it's not theirs, it's MINE.
Oh, wait, did the paper get permission from MySpace? Bet not. Whammy.
You can tell I'm not a lawyer. I'm interesting in what's right, not what's legal.
You mean the manufacturers will be able to make the charger an accessory.
At additional cost^H^H^H^Hprofit.
Saving the planet, one quarter's financial results at a time. I'm feeling all warm and fuzzy again, especially around my wallet.
Until they get the other rover over to hook up the winch and drag the poor thing out of the muck.
Seriously, I don't doubt this is possible, and they are only waiting for the other team to give in and 'waste' the time driving over and hauling it's little bitty buddy to freedom.
Though maybe another wind event would solve this problem?
"a)Obviously photoshopped pics that b)no one would have ever seen if not for the prosecution of the case." a)is a crime less because of the lack of skill of the criminal? b)I assumed that these pics were, in fact, intended to be made available. Though distribution to a law enforcment officer is usually enough to charge someone with intent. An interesting conundrum...
We are talking porn here. Children can't give consent to that.
Don't expand this into some form of artistic expression. Though if you want to eliminate laws against pornography, I can live with that. Let's just be consistent.
Pictures of me as a child look just like me as a child. I recognized a picture of me at 5 the instant I saw it in a photographer's studio. He acquired it when he bought out the original photographer's business.
I think you missed my point