Yeah - what I meant is that if there was no corresponding capital gains hike, then the uber-rich would hardly even notice, since that's what most of their income tends to be.

Self-assessment is the method used by the vast majority of small businesses, and they're often not even required to do even minimal work to get started. The acquiring bank will just set them up an account and start the ball rolling after Farmer Bob buys a cheap swipe terminal off eBay for the weekend Farmer's market and signs a couple papers. For those organizations that aren't self-assessing, they get to deal with the fact that QSAs often can't even agree on what some requirements mean in principle, let alone when applied to their specific circumstances. Show three different QSAs the same architecture and documentation, get three different reports. That ROC? That's good for toilet paper by the time the QSA pulls out of the parking lot. Don't believe me? Have a data breach and watch Visa roll in with auditors who won't leave until they find a reason to fail your compliance. That's just how the game is played.

All that said, people just declaring that they are PCI DSS compliant is actually exactly what happens. You tell the acquiring bank that you're PCI compliant (either via SAQ or QSA/ROC). If you've met certain levels of activity, the acquiring bank may pass along some paperwork regarding your audits to certain payment brands who require it. They then effectively state that your paperwork appears to be in order and begin processing your credit card transactions. At no point do they declare you PCI DSS compliant and they will most certainly toss your ass to the wolves the second there's a whiff of trouble. And even if they did say you were compliant at filing time, any QSA will tell you that any minor change, lapse, or mistake can completely alter the state of your compliance. From the PCI SSC website: "There are three steps for adhering to the PCI DSS – which is not a single event, but a continuous, ongoing process."

In other words, yesterday you might have been compliant, and tomorrow you might be compliant, but today (always of course the day of the breach), you're non-compliant.

This depends entirely on the organization and their acquiring bank's requirements (ultimately the acquiring bank is the only one who matters, but most reasonably organizations develop their own process to ensure they're covered as much as possible). For many small businesses, they're often times just buying a cheap terminal and swiping away. The acquiring bank isn't pressing them for details of their security measures and they're often completely clueless about any requirements they're supposed to be meeting. They aren't bringing in a QSA. Even if they were, bring in three QSAs to any decently sized organization and get three different opinions about your scope and your compliance measures. Half the fun of PCI assessments is determining what the requirements mean, how they apply in your specific instance, and where scope ends. But the point is, there's no issuing authority to say that you're PCI compliant. There's no governing body certifying anyone. The only thing that's actually there are the contractual relationships between the merchant and the acquiring bank and the contractual relationships between the acquiring bank and the payment brands.

It's not a pointless semantic game because it's the unspoken risk for anyone accepting credit cards. Since there is no official PCI certification and since there is no agreement between QSAs on what the requirements mean in principle (let alone in practice in a specific organization's situation), the PCI SSC gets to stick the claim up on their website that no breach has ever occurred in a PCI-compliant vendor. Best of all, each individual payment brand actually gets to decide what requirements have to be met in which situation by which type of vendor doing what type of business at what scale and via which medium. The ambiguity and the leverage the payment brands hold allows them to arbitrarily decide who is and who isn't compliant at any given moment.

So you keep on doing your documentation and your testing processes (and you should, it's good practice), but if you think for a second your customers are somehow protected from Visa, Mastercard, etc in the event of a breach, you'd best think again. It's a shell game designed to ensure that whenever things go south, the payment brands are never the ones left holding the bag.

According to the Obama administration, there's nothing wrong with the southern border. In fact, the borders are even more secure today then a decade ago. I wish I made that up, even though they were warned 2 years ago about it.

There is another option now: buy a Cyanogen phone. The best one is the OnePlus One and is very hard to come by, but it will get easier.

Cyanogen only lags behind mainline Android by weeks or a few months at most, and more than makes up for that with all the extra features you get. It's incredibly customizable and has lots of privacy enhancing tools. I hope we start seeing a lot more phones shipping with it.

The only secure Android phone is what is running Cyanogenmod.

The MS shills are pretty much whores, I'm betting they paid them $0.03 a mod.

In other words, over sensationalized slashdot summary carefully glazes over the facts that make it moot.

I'm pretty sure there are ways to constrain the range of possibilities. One obvious thing is that no life forms will most likely be based on xenon or gold because these elements don't really form the same kind of a wide range of interesting compounds that carbon does. The laws of physics (and chemistry) are the same pretty much everywhere, and just because our brains (and computers) are incapable of reaching more significant conclusions on this issue at this very moment doesn't mean that it's going to stay like that forever.

*Sigh* nothing like selective reading. You simply extrapolated on something I mentioned so that I was not writing a thesis, and pretended that I did not mention it. Remember that the cost of a PC is not just in capital, but a support structure

Most apartments in China are not the variety you are mentioning that are former Government apartments.

Yeah, the Trek angle is sort of covered by "Engage!" , but this one is so much better.

And the parodies are priceless
http://www.youtube.com/watch?v...

Extremophile

I'm thinking more along the lines of "Life that will use radio signals (or similar) to communicate in such a way that we have a chance of detecting them without either of us leaving our solar systems".

But that's a bit wordy.

I still like mine. It's got some cool stuff on it, available on no other platform and one of the biggest pluses is I don't go on the internet with it, so that distraction and annoyance isn't an issue. :)

Wouldn't you expect someone who runs privacy organizations to have already rooted his phone?

It sounds like the bloatware is his biggest problem, and I just got a Moto X for the same price as an LG Optimus. Vanilla Android and no bloatware.