Chip and PIN cards don't work at most U.S. retailers today, but as of October 2015 the Payment Card Industry has scheduled a change to the contracts to in what is being called the "liability shift". It means that whoever has the least security in the payment chain will be held liable for non-payment or fraud for the charges incurred. So if Home Depot doesn't accept a chip card, and your bank's card has a chip on it, then Home Depot will be liable because their system is the least secure. Or if Home Depot's systems are able to accept the chip cards, but your bank's card doesn't have a chip, then your bank will be liable. This penalty is a huge financial incentive for both retailers and banks to upgrade the security of their systems to fully support Chip and PIN by that date so they don't get left holding the bag.

Once Chip and PIN systems are deployed to most places, they will begin requiring the removal of mag stripes. That's when the final pieces of security will kick in, and account number theft will be essentially eliminated.

You don't think people are trying to find underlying causes? OWASP? CERT? Every university with an IT security program? Every OS maker? Every web server author? Every database author?

There are plenty of highly motivated, well funded, intelligent people working on these problems. The fact is that security is not a mathematical absolute, and no such underlying cause exists, despite your imaginings. There is no grand conspiracy creating security problems.

There are typically two phases to processing credit. In the first phase, called authorization, the terminal sends the request to the bank via their processor and requests authorization: hey, bank, will you approve $100? The bank sends back a 'yes' which is returned to the terminal, but no money changes hands at this time. The processor saves up the day's batch of authorization requests.

In the second phase, called settlement, the processor sends the batch to the bank, either later that night, or every few hours, or whenever. The bank then transfers the funds for every authorized transaction in the batch.

This is different from debit, where the funds are transferred in a single step.

The rating system would be gamed even more than Googl's PageRank system. Too much money at stake.

Of course DEFCON sold out. That's what they call "Blackhat". And I'm sorry that you can't understand the need of hackers to eat and pay rent. They obviously should just go work for the thieves, so that "the man" doesn't keep his money.

The security industry isn't self-perpetuating - the number of crappy, insecure sites and apps is astronomical and doesn't appear to be trending down anytime soon. Nobody is out there injecting deliberate flaws (except the NSA), there is an abundance of flaws, and a shortage of people fixing them.

Or makeup: http://cvdazzle.com/

OK, but apart from the sanitation, medicine, education, wine, public order, irrigation, roads, the fresh water system and public health, what has IPV4 ever done for us?

Damn. I'm just interested in plovers.

You'll also have a lot of us dinosaurs who think 80 wpm is good enough for any coder. We tend to have a very narrow world view in that we know where we want the curly braces, we want our tabs to be the right distances, we line things up, etc. We simply don't know how anyone could write readable code with a "word-oriented" keyboard like that. How does it do camelCase? How do you put in dot operators without it starting a new sentence? And how's it all going to look - is the software going to grind all your code through a prettyprint module before painting it on the screen? We have all these questions that we use to justify our crusted-over worldviews.

But we're engineers, too. If this video showed a coder banging in C at some Hollywoodesque speed of 200 wpm, it would pique our curiosity. Of course, they aren't showing us that yet, but the promise is on the horizon. The expectation, though, is that our fears describe the truly hard problems that nobody's yet tackled, so we'll hear the familiar chorus "it's open source, you can do it yourself!" And at the end of that song, it implies we'll end up with 100 incompatible standards for entering code on a stenographer's keyboard. Been there, done that, bought the souvenir Betamax video, and watched it on a SECAM TV.

For me, it's interesting from the viewpoint that open source designs are being used to make such simple things possible, and that it could be providing real competition to an "old-guard" oligopoly.

You are correct. The IR laser and IR camera are used to measure depth, while the visual light camera only picks up the image.

The cool thing about the Kinect's IR pair is that it senses depth in the same way a pair of eyes does, in that the delta between left and right eyes provides the depth info. But instead of using two eyes, it projects a grid from the location where one eye would be, and the camera in the other location measures the deltas of "where the dot is expected - where the dot is detected". The grid is slightly randomized so that straight edges can be detected. If you've ever stared into one of those Magic Eye random dot stereogram posters, you're doing pretty much the same thing the Kinect does.

This system is very different. The Kinect has a deep field of view, but all the demos show this working in a very short range. I haven't yet read the paper, but I'm wondering if that's the point of the IR.

Tell you what: you build and program such a system, and see if anyone on Slashdot crucifies you for your demo's UI. Oh, what's that? You've never built anything so cool in your life? Guess that won't happen then.

Windows 8 isn't going to get another chance. It's a crappy interface for anything but a tablet. It's OK on a tablet, but on my Surface Pro 2 I find I spend almost all my time in "desktop" anyway, which is where the non-Metro programs run with their old familiar UIs. (I'm tapping this in via Firefox.) Without a touch screen, Windows 8 is utterly unusable.

Windows 9, should such an OS ever come out, had better get its ship together for the desktop users, before they jump ship for any alternatives. That means a big marketing push that says "sorry about Metro, we've heard you and are restoring the old familiar desktop." If they don't, they can forget about selling any more desktop OS systems.

Actually, having the guru ask for help from the rookie is a good way to engage the rookie. It's pretty motivating to the FNG to be able to say "hey, I really helped the smart guy, I must be doing something right!" Pair programming is one way to put them both in that situation.

No, they don't send the power used to operate the drive over the bus. However, pin 26 in the spec is labeled "terminator power", which is delivered to one end of the terminating resistors, and the host controller board must have simply provided +5VDC straight off the rail. Every unassigned wire was tied to ground, so when it was flipped that wire was shunted directly to a bunch of other wires tied to ground.

Not the most impressive design I've ever seen, especially since the pins on the drive didn't have a keyed shroud (like you find on virtually every IDE and floppy drive.)