Getting the problem cleaned up wasn't the issue, once I got off my ass and started checking the outgoing logs. But the bullshit about "this malware doesn't send email" on a list (XBL, as it happens) specifically for computers with malware that does send email was just stupid and dishonest.

The real stupidity, of course, is people using a block list without understanding what's on it.

Spamhaus has its issues, too. I had an infected machine, and when I finally found the listing, at the top of the page it say "this list is for computers infected with malware that sends spam." Then, a paragraph down, it big red letters, it says "this malware does not send spam." From there, I concluded that Spamhaus is run by psychotic chimpanzees, and recommend not sending email to people whose email systems are run by idiots.

It is not the technical competence of the boss that is the determining factor, it is the competence at managing technical people. Technical competence of their own can help this, though it doesn't always, But it's not mandatory. I have one boss (out of three) who can reliably turn a computer on and off without printed notes (with pictures), and he has very little idea what I do. But they're good people managers. They recognize that they know basically nothing of what I do, and leave me alone to do it. They know what they want - network up and running, computers not overly slow, various new toys their friends have, and they know how to tell whether or not they're getting it. Everything else they leave to me, and when I tell them "that's not going to work" or "it's going to cost this much, and you don't want to spend that much," they trust my judgment because they know I know more about my job than they do. I've been on the same job for over 20 years, and still look forward to going to work every morning.

Managing people is a specific skillset, and not an easy one to master. And it's an important one, that computer geeks wrongly dismiss in much the same way that MBAs wrongly dismiss technical skillsets. It's a popular mistake that managers have to (pretend to) be able to do every job in their department, because MBAs are taught that. But it just isn't true.

I don't think it could get more difficult to take Zuckerberg, or Facebook, seriously.

If the same threat said face to face would result in your arrest, it should result in your arrest if you do it on the internet.

And a lot of the threats being reported would, indeed, result in prosecution if made face to face (assuming the person who made the threat lived that long).

Welcome to adulthood, kiddo. Actions have consequences, and you don't get to decide what they are.

Some of the most relentless spammers I've ever been victim of have been non-profits.

Last I heard, the FBI very much wanted you to believe that Bitcoin is anonymous, because it's far easier to track than many other options.

Stranger things have happened, but it's still a very small scale operation, and a big improvement over stealing a hundred million card numbers at a time from Target.

"Cruise through a neighborhood"? Really? Dude, NFC has an effective range measured in millimeters, so to "cruise through the neighborhood scanning cards, you'd have to be cruising through people's living rooms.

And the transaction still have to be uploaded and processed by the merchant service. There is no magic money machine in your phone. Really.

The bogus "transaction" is done offline. At that point, nothing has happened, no money has changed hands, and none will until it is uploaded.

When it is uploaded, it becomes an online transaction and goes through all the usual security checks, including card limits, and the money gets deposited in the bank account attached to the merchant account.

Contrary to what Hollywood might like you to believe, the cell phone used as an offline POS station cannot magically put money in to your bank account.

The way that most credit card thefts work is that someone working in the store gets the card number to be used somewhere else to buy stuff that's easily fenced.

The chip cards prevent that (easily, anyway).

The only thing that "someone in the store" can do with this is get an offline transaction that will be rejected when uploaded, and if it isn't, the store gets the money, not the minimum wage employee who did the dirty deed. And it doesn't take very many challenged transactions before the store loses their merchant account.

Sounds like if you can find a store that is currently offline (which is rare) you can rip off the store for goods purchased, and that's about it.

It's useless for the thief to directly charge a card unless the thief also has a merchant account, which are not exactly trivial to sign up for, what with credit checks and all.

And these people obviously have no clue how offline transactions actually work. They're held in the POS station until they get uploaded, where they get all the normal verifications before they are processed and the money deposited in the merchant's account.

Other than ripping off a merchant in some way (and that would require a coordinated effort on the part of someone with a portable card reader and someone else at the cash register), there is no risk here whatsoever. Nothing but FUD, deliberately fostering hysteria to sell advertising. In other words, in the world of "journalism", it's a day that ends in "y".

I'll trust Visa more not because they've been at it a while, but because the law gives me a good deal of protection against fraud. CurrentC does not use credit cards, it requires direct access to your checking account. That means none of the legal protections against fraud that apply to credit cards. It also means that if their servers get breached, and that bank account information is stolen, the thieves aren't stealing money from the bank, and the bank responsible for getting it back, but rather, they're stealing my money from my bank account, and it's up to me to get it back. And my bank isn't responsible, and the merchant probably isn't either, according to their terms of service, and the people behind CurrentC are likely a shell corporation with nothing to sue them for.

CurrentC looks, to me, like the biggest bucket of bad ideas in the history of electronic payment.

1. One of the terms of service is exclusivity - if you use CurrentC, you can't use any other kind of mobile wallet system.

2. It is more like a debit card than a credit card - the money comes directly out of your bank account.

3. As such, it has none of the legal protections that a credit card has. With a debit card, pretty much all banks offer the same protection on debit cards anyway, because it's good for their business. CurrentC won't be run by banks, it will be run by some of the largest retailers in the country - Walmart, etc. None of the political pressures that keep banks on the straight and narrow apply.

4. CurrentC requires - cannot possibly work without - that you give the retailer all the information needed to take as much money as they choose directly from your bank account. These are the same retailers who have had hundreds of millions of credit card numbers stolen from their servers in the last couple of years. They have proven, conclusively, that they cannot be trusted.

5. CurrentC is about more than just transaction fees. It is also about turning the customer into a product - they require a lot of personal information that is completely irrelevant to the transaction - like health information (which they are also incapable of protecting) - to set up the account.

6. CurrentC is based on QR Codes, which is just stupid.

I'll go back to carrying cash before I use a mess like that. Or barter. Or growing my own food on a mountain top somewhere.