I've always bought my phones unlocked and at retail prices, always top-of-the-line phones too, and the most expensive phone I ever bought was $550.

Yes and the point the parent poster was making was that if that phone had been built in the USA it would cost $2000 rather than the $550 you paid for it.

Nonetheless, the credit-card companies want them to pay for a quarterly "network penetration test" on their website, and to provide detailed technical information on the website set-up. Since their web-site is hosted by a big ISP, they have no access to the necessary technical info, and the ISP doesn't really want network penetration tests pounding on their infrastructure all the time. This is a mess.

It is called PCI-DSS Compliance and it has been standard practice for years. If you don't store any credit card details then the compliance process is relatively straight forward, it takes a couple of hours and only has to be done once. The security scans are to verify that the web server is secure. If you use a web host that is already PCI compliant then the scan is just a formality.

On the other hand if you choose to store credit card details on your server, which there is no valid reason to do then it does becomes much more complicated. You also open yourself up to huge liability and a PR nightmare if you ever have a security breach and those credit card details are stolen.

Either use a third party processor and pass the credit card details straight on to them, or if you want your customers to be able to re-order without having to put in their credit card details again then use a token system. There is no reason to store the card details yourself even for a short period of time. Why doesn't the retailer you work with just store a transaction id to show the transaction has completed successfully?

The main reason for this is that they pass all the liability onto the retailer.

This may be true where ever you are posting from but in the UK as long as a payment is made using the Chip and Pin system then the credit card company takes liability. If a payment is made online then again as long as the 3D Secure system is used then the credit card company take liability.

The only time a retailer is liable is if they essentially waive that protection by accepting a signature authorised payment in person, or allowing a customer to checkout without using 3D Secure online.

Are contactless cards shipped in Faraday cage envelopes? If not, can the card numbers be lifted before the card reaches the recipient?

I don't know about elsewhere but in the UK credit cards can't be used until they have been activated either online or over the phone. Not sure if you could skim the card and then wait until the card was activated to use the details but I am fairly sure that NFC connections are a one off deal, you can't store the information and use it over and over again.

Chip 'n PIN is easy to defeat anyway, steal the card, put a few volts through the chip to fry it, then it will automatically fall back on the signature, which is handily represented on the card so you can learn to copy it in an hour or so.

I don't know where you are posting from but certainly in the UK most retailers will refuse a card if the chip doesn't work. If they choose to accept a signature then according to the terms of their contract with Visa/Mastercard they take full liability for the transaction. Meaning that if it is deemed to be fraudulent the money comes out of the retailers pocket rather than from the credit card company. The vast majority of retailers don't want to assume that risk, so they don't accept signature authorised payments.

Chip and pin is ridiculously easy to defeat.

Now all they need is an RFID reader

Chip and pin has nothing to do with near field devices or RFID. The chip and pin system uses an exposed chip on the surface of the card. This chip is read by a chip and pin reader when the card is inserted. The user must then input their pin. You can't read them at a distance, the exposed chip needs to be in contact with the reader circuitry. This article isn't about chip and pin it is about near field devices used for contact-less payments.

they can pick up every fucking card in your wallet from 6-10 feet away

The near field communication devices used for contact-less payments have a range of about 4cm. I guess if you slapped someone on their ass you might be able to get a read on a card in their back pocket but reading them from 6 feet away is fantasy.

have your pin with a camera that could be set up with a good zoom up to 100ft away

I don't know how you type your pin in but ATMs are designed so that the body of the user blocks line of sight to the keypad. Most people also cover the pad with their other hand as they type in their pin to stop anyone in the queue from seeing. If you choose to expose your pin by standing right to the side of the ATM and not covering the pad then that is hardly a failure of the technology.

huge design and engineering costs needed for each major refresh.

Is there really that much design and engineering required? They are using standard components so shifting to a more powerful processor or different chipset is hardly a huge leap. From a design point of view the exterior hasn't changed in any meaningful way since the G5 PowerMac was originally released in 2003 and the interior is pretty set now. The reason the original G5 PowerMacs were so over engineered is that the chips ran incredibly hot so cooling them, without making it sound like a jet engine, required elaborate heatsinks and airpaths through the case. Now they don't have that issue and the case design can stay the same until a new motherboard format requires them to change it.

As far as I can tell there is no way to upgrade anything in the new Macbook Pro including the SSD and RAM.

You will NOT find a woman who would be alright with a "wedding Youtube upload". The fact of getting a tangible product is just as important as the content being provided.

I don't see that this is a big issue. An external DVD writer only costs about £20 and if all you are using it for is burning copies of the final product for clients then it makes sense to have it as an external drive rather than adding to the weight and battery drain of the laptop itself.

Actually you could do that, it wouldn't solve all the economic problems, but if you could guarantee funding for space research for say, the next 30 years (insofar as governments ever make guarantees), you would create jobs, spur demand which would create more jobs.

The problem with the plan is that the money has to come from somewhere. If you suddenly pump the space exploration budget by 100 billion dollars a year then either taxes go up, or the national debt goes up. That debt can only go so high before your credit rating is degraded, as we are seeing happen to countries all around the world at the moment. The effect of that is that borrowing your next 100 billion is difficult and more expensive.

Borrowing money to create jobs only works if the result of those jobs is a larger tax base, otherwise there is no way to pay the money back. Which is exactly the problem a lot of countries are currently in.

This is the company that gave us the ribbon.

I understand that if you are someone who knew exactly where every option was then the ribbon would be a step back. But from my point of view it makes it much easier to find features that were previously buried in the menus.

The point of the ribbon is to expose useful features to the user so they actually use them.

Spend some time on a tailoring forum, and you will hear **precisely** that complaint. Often. Especially if the client has availability issues such that months have passed between fittings.

I'd be surprised if their terms don't specifically cover that. I know if you are ordering a made to measure wedding dress it is clearly specified what the agreed measurements are. It normally also includes specific language to cover situations where someone is having the dress made to a different size, so if the bride is planning on losing weight before the wedding measurements are agreed and set in writing. If they don't manage to lose the weight then the dressmaker is protected and can charge for a new dress or alterations.

A better approach would be to generate a random seed and combine the seed with the password to generate the hash, and store the seed with the hash.

What you are describing is basically salted hashes. You have a salt that you add to the password before you hash it. Normally the same salt is used for every password. This sounds less secure than what you describe as an attacker could generate one hash dictionary to attack all of the hashes but only using one salt means that you don't need to store them in the database with the hashes. This gives an extra level of security as an attacker who only has access to the database doesn't get the salt along with all of the hashes.

That's one of the big issues I see with the "first world". We don't actually make the stuff any more that got us to that position in the first place. How long before the rest of the world doesn't need us any more?

This argument pretty much disproves itself. Other countries need countries like the USA because of the point you are making. Manufacturing products for US companies is a big part of the economy in a lot of countries. As countries like China continue to develop their manufacturing industry they will continue to need Western countries to provide a market for their home grown products.

This is how the world economy works. Different countries economies are based on different things and they trade.

All of which seems to mean I would need to provide a landing page to explain about cookies before taking the user to any pages on which analytics are applied

Most of the implementations I have seen so far just land the user on the page, but don't load the analytics javascript. The page has a "Accept cookies read more on our cookie description page" bar across the top and when the user clicks Accept it then loads the javascript. Others just have a bar that states "By continuing to use this website you are consenting to us using cookies to collect non-identifiable analytics" with a link to a cookie policy.