The second you approve of a policy that restricts action X based on moral grounds, you have defined a vulnerability that a less ethical enemy will exploit.

Furthermore, when you're in a war, it's chaos. Bad stuff happens. Collateral damage happens. You certainly don't plan to inflict 1000 civilian casualties, but you can predict that in a city of 1 million people undergoing an all out conflagration, there will statistically be civilians killed, displaced, wounded, orphaned, starving, etc. You don't stop a war just because you're better at math.

War also isn't the first choice of a rational society. Diplomacy, negotiations, sanctions, pressure, demonstrations, all these kinds of activities are intended to solve the problem before it degenerates into war. But there is always another side, and if it degenerates to war, it's because at least one side was acting in bad faith. ISIL isn't even acting as a rational society. They don't negotiate - they enter an area, kidnap and rape the girls and take them forcibly as wives, and kill, conscript, or indenture the males. They use civilians as human shields, betting that an opposing force won't bomb their headquarters if they have them located in a schoolhouse full of children.

An outside society can do two things: allow the continued expansion of slavery and genocide, or attempt to stop it. If non-military resolutions fail, what would you have them do? "Sorry, you can't fight those insurgents because they duct-tape kidnapped children to the front of their vehicles." "Right, we'll just let them continue on their homicidal path because we can't place those children at risk."

It's not like anyone in the West wants civilian casualties. The moral high ground may not be perfect, and it may not be absolutely 100% civilian casualty free, but you can't claim a millimeter of moral high ground if you let the atrocities continue unchecked.

Chillax. It's just a reference to the plot of a science fiction movie that's quite popular with nerds.

What if a drug to control aggression was developed and it was introduced into the atmosphere? It would impact everyone equally, with no opt-out.

I can't see a downside.

This problem was addressed in v4.3 of the protocol. Also note that this particular problem only enabled theft from the store by a dishonest customer, but it does not enable the large scale skimming or cloning attacks that have been the subject of headline news.

A fake card can't lie about the PIN because it doesn't have the key needed to sign the packets the card sends to the merchant's terminal. The merchant terminal has a bunch of certificates in it and authenticates the messages coming from the card. In this specific attack, Ross' team discovered the message that said "Transaction Approved!" coming from the card in an offline sale was unsigned, so they had their tampered card send the same unsigned "Transaction Approved!" message at the right time in the protocol. The change to V4.3 (or was it 4.2?) fixed this problem, so it should not be an issue for the US market.

Ross likes to get EMV flaws in the news. While this benefits us all in that the protocol's security is tightened each time a flaw is uncovered, poor news reporting and the claims repeated by ignorant people (and fomented by organizations who don't want to see EMV succeed) are causing counterproductive hysteria. On one hand, EMV is a complex mess that was made worse by all the compromises stuffed in there by competing interests (banks, card associations, terminal manufacturers, card manufacturers, merchants, and payment processors), but on the other hand it's converged onto a remarkably secure solution to a problem that has plagued the industry for over 20 years.

The real crime here is that all the competing interests have resulted in foot-dragging by all the players who see changing over to EMV as too expensive, too hard, too risky; worse are the disruptive elements delivered by those who see EMV as a threat to their current business model. For example, EMV yields a system so secure the merchant's terminals are no longer the weak link, so why should merchants pay for expensive secure terminals? This makes companies like VeriFone nervous, because they'll soon be trying to peddle devices that only serve to secure the merchant's interest, not the cardholders or the banks. The PCI assessors are also finding ways to whip up hysteria and make bank now, because EMV will ultimately render their services unnecessary, too. Meanwhile, the completely non-secured mag stripes continue to deliver fraud around the globe, and the fraud won't stop until the mag stripes are dead and buried.

Chip and PIN is now relatively secure. The cases that Ross Anderson has exploited generally don't scale beyond a single hacked card. The notable exception was a particularly crappy ATM, with a non-random random number generator. But hacks on the scale of Home Depot and Target will not be possible on EMV transactions. (Card-Not-Present transactions, such as any online transactions, will continue to be at risk).

Apple jumped on this as a ploy to get customers before EMV completely locked them out of the payment market. EMV is going to render a lot of crappy, insecure technologies obsolete (things like Coin, LoopPay, NFC, and many of the smartphone based "wallet" apps.) But Apple is making their bank on the iPhone 6, and their loyal customers always forgive them for just about anything.

American customers aren't going to like the weird way EMV works, because it will be different and slow, and they don't like change. They will have to learn to put their cards in the reader when the cashier hits total, and keep them in there until the payment is complete; and I bet many of them will forget their cards in the readers a time or two. But at least the transactions will be secure, and they won't have to worry if the waiter is skimming their card, or if there's a data breach at the store.

Online is a completely different unsolved problem, as are recurring payments, and other card-not-present transactions. There are niche technological solutions, but none that are widespread.

True. Lead poisoning is well understood, and has been for thousands of years. However, uranium toxicity has never been responsible for a single recorded death of a human. Ingested uranium was even used in the treatment of diabetes before the discovery of insulin.

Even old stoners... maybe especially in some cases... have a really hard time believing that there are a ton of capable professionals who go to work every day and are very productive and also like to relax with a bowl and an episode of (insert your favorite stoner show here).

Was that the one that Rihanna was stationed on?

Your insurance is insane and in a 40 MPG car that is 250K miles worth of travel at the current cost of gas.

Not that far. Admittedly the Tesla's are nice cars but the thing is the other manufacturers are not standing still. A lot of the traditional manufactures will have their own, lower cost, electrics with similar ranges. Sure the Tesla might be a nicer car but most people cannot afford high end or even midrange luxury sedans. They need something serviceable and ideally at least somewhat nice, but not necessarily the top of the line. This could bite them if their margins are not similar to a company like BMW. If they cannot corner the market then 10 years from now they are just another luxury car manufacturer and might even struggle under their costs. They could find them selves being bought up by someone like VW. Not the worst fate but not the success that i suspect they want.

Just because they are cool does not mean they will prevail.

If I had a dime for every time I have heard that.

I develop for iOS. We use ssl for communication and the binary is cryptographically signed. And I don't actually need to understand how that works in detail to do my job. I understand it a bit because 20 years ago I took a class but if you wanted me to implement a system that does that I would be hard pressed without doing a ton of research.

The problem can easily be the way the question is asked. If you are looking for an answer like "pop" then maybe ask what tool you would use to send a file securely instead of asking a question that sounds like it is from a crypto course final. Interviews are stressful and people seize up. It happens. The number of engineers who are competent and also so good at dealing with people that they don't get flustered in an interview is quite small. Don't set them up for failure and then complain when most do.

To do what you want you have to do both. If you encrypt with your private key anyone could use your public key to decrypt it. That is signing. If you do that and then encrypt with the recipients public key then only they can decrypt and they can use your public key to confirm that you sent the message

I could give you that, but in an interview asking this question makes a dev think that you want much more in depth information which often causes people to choke. I implemented a public/private key encryption system once. In college. I couldn't tell you the first thing about how the math worked now. That was 20 years ago. I could research a turnkey solution if necessary though but if someone hit me with this kind of question in an interview I might thing they wanted me to explain how to implement a solution. Asking the right questions is critical. A good dev can be sunk by a poorly worded question and interviewers don't think nearly enough about it.