Forgot your password?
typodupeerror

Comment: Hello there! (Score 2) 439

by rwa2 (#47551773) Attached to: Lots Of People Really Want Slideout-Keyboard Phones: Where Are They?

I had been using an HTC myTouch Slide 4G (doubleshot) , and the MTS3G (espresso) before that.

It was great, I would always win at the little online "pictionary" games since I could type out the answer faster than practically anyone else. Also, it was good for reading in a supine or other odd positions, because I could set it to only switch to landscape mode if the keyboard was slid out... it's a constant annoyance to me when other phones switch orientations because the accelerometer is giving readings it doesn't cope with well.

The MTS4G was not supposed to run Android 4, but thanks to CyanogenMOD... http://trumblings.blogspot.com...

Gradually, all of the apps on it got slower and less responsive, and I would gradually get rid of widgets and apps that would run into the background until I just had the bare essentials... Chrome, Maps, and Hangouts. But what finally did it in was that the SD card would get corrupted every time I let the batteries run all the way down.

Finally broke down and picked up a Nexus 5. The screen is big enough, esp. in landscape mode, to hunt and peck out the keys with reasonable accuracy. Unfortunately, Google hasn't made every app work in landscape mode, and some critical things (like the launcher and the frickin' Google search widget) force you to enter stuff on the tiny portrait mode keyboard. I think CyanogenMOD's Trebuchet launcher app was better with this, and I'm eagerly awaiting it to go stable on the Nexus 5 so I can switch over.

I've also been looking for a good Bluetooth keyboard case, but haven't found one yet. There are several good-looking ones for the Nexus 7, though. That would certainly scratch the itch for me. Of course, not many Android apps have good keyboard support, but they're out there... Jota+ , VXConnectBot, etc.

As an aside, after the last update to 4.4.4, my wife's Nexus 4 started getting noticeably less responsive too. Hoping it's just a matter of going through and clearing some of the Dalvik cache, and not because Google is (intentionally?) making older devices obsolete faster by adding in too many bloated features in their core apps :P

Comment: Re:PCI-DSS (Score 1) 216

Self-assessment is the method used by the vast majority of small businesses, and they're often not even required to do even minimal work to get started. The acquiring bank will just set them up an account and start the ball rolling after Farmer Bob buys a cheap swipe terminal off eBay for the weekend Farmer's market and signs a couple papers. For those organizations that aren't self-assessing, they get to deal with the fact that QSAs often can't even agree on what some requirements mean in principle, let alone when applied to their specific circumstances. Show three different QSAs the same architecture and documentation, get three different reports. That ROC? That's good for toilet paper by the time the QSA pulls out of the parking lot. Don't believe me? Have a data breach and watch Visa roll in with auditors who won't leave until they find a reason to fail your compliance. That's just how the game is played.

All that said, people just declaring that they are PCI DSS compliant is actually exactly what happens. You tell the acquiring bank that you're PCI compliant (either via SAQ or QSA/ROC). If you've met certain levels of activity, the acquiring bank may pass along some paperwork regarding your audits to certain payment brands who require it. They then effectively state that your paperwork appears to be in order and begin processing your credit card transactions. At no point do they declare you PCI DSS compliant and they will most certainly toss your ass to the wolves the second there's a whiff of trouble. And even if they did say you were compliant at filing time, any QSA will tell you that any minor change, lapse, or mistake can completely alter the state of your compliance. From the PCI SSC website: "There are three steps for adhering to the PCI DSS – which is not a single event, but a continuous, ongoing process."

In other words, yesterday you might have been compliant, and tomorrow you might be compliant, but today (always of course the day of the breach), you're non-compliant.

Comment: Re:PCI-DSS (Score 1) 216

No, there's no certificate, but there is a process of documentation and testing commonly referred to as "certification" before you are allowed to process credit card transactions.

This depends entirely on the organization and their acquiring bank's requirements (ultimately the acquiring bank is the only one who matters, but most reasonably organizations develop their own process to ensure they're covered as much as possible). For many small businesses, they're often times just buying a cheap terminal and swiping away. The acquiring bank isn't pressing them for details of their security measures and they're often completely clueless about any requirements they're supposed to be meeting. They aren't bringing in a QSA. Even if they were, bring in three QSAs to any decently sized organization and get three different opinions about your scope and your compliance measures. Half the fun of PCI assessments is determining what the requirements mean, how they apply in your specific instance, and where scope ends. But the point is, there's no issuing authority to say that you're PCI compliant. There's no governing body certifying anyone. The only thing that's actually there are the contractual relationships between the merchant and the acquiring bank and the contractual relationships between the acquiring bank and the payment brands.

I work in point of sale software development and have had to help retail chains overcome problems found in their certification tests. You either don't know what you're talking about, or you're playing a pointless semantic game.

It's not a pointless semantic game because it's the unspoken risk for anyone accepting credit cards. Since there is no official PCI certification and since there is no agreement between QSAs on what the requirements mean in principle (let alone in practice in a specific organization's situation), the PCI SSC gets to stick the claim up on their website that no breach has ever occurred in a PCI-compliant vendor. Best of all, each individual payment brand actually gets to decide what requirements have to be met in which situation by which type of vendor doing what type of business at what scale and via which medium. The ambiguity and the leverage the payment brands hold allows them to arbitrarily decide who is and who isn't compliant at any given moment.

So you keep on doing your documentation and your testing processes (and you should, it's good practice), but if you think for a second your customers are somehow protected from Visa, Mastercard, etc in the event of a breach, you'd best think again. It's a shell game designed to ensure that whenever things go south, the payment brands are never the ones left holding the bag.

Comment: Re:Am i on Slashdot? "Johnny appleseed exhibit"? (Score 1) 71

by alfredo (#47500683) Attached to: Exhibit On Real Johnny Appleseed To Hit the Road
Chapman's spread of Apples was a solution to the bad water problem. Making the apples into Apple Jack sterilized the water. The alcohol in the Jack didn't freeze as readily as pure water. Straining out the icy slush made the Jack stronger, and less likely to freeze. So when your stream is frozen, there's some Jack to drink.

Comment: Re:PCI-DSS (Score 4, Interesting) 216

As an organisation accredited to be following PCI-DSS

You aren't accredited to be following PCI because nobody is. There is no certificate. There is no special seal of approval. You provided security information to your acquiring bank(s) and you were allowed to process credit card transactions. There's no such thing as certification or accreditation for PCI.

we would be crucified if the PCI auditor found us holding the PAN (the long number on the front of your credit card, PAN = primary account number) in plain text. Surely the airlines/booking agents should not be passing the PAN to anyone else if they are following PCI-DSS (which is mandatory if you want to accept card payments)?

Who says they're holding the PAN in plaintext? They can decrypt it to send it to the Feds as needed without keeping it in plaintext in their systems. The Feds have no agreement with an acquiring bank, so they don't have to worry about how they store it. Nobody can do anything to them. Any agreement the airlines have with their acquiring banks undoubtedly includes plenty of cover for Federal data reporting requirements (likely a blanket "if the Feds come calling, we're just going to give them everything"). So long as the acquiring banks have signed off on it, they're in the clear. And since all these guys would like to continue doing business in the largest economy in the world, nobody's going to say no.

Comment: Re:Not since Doom II (Score 1) 154

Was that perhaps the day you got a bigger monitor? Motion sickness is primarily influenced by what goes on in your peripheral vision. I've only ever gotten motion sickness on sims with wraparound displays on the sides, and it's quite awesome. Still saving up for extra screens for my gaming rig at home so I can have those side panels.

Comment: Re:Hardly surprising.. (Score 1) 291

by timholman (#47479963) Attached to: Australia Repeals Carbon Tax

Barring a total miracle like Rossi's unicorn reactor it seems we've already passed the point of no return.

If there are any miracles to be had, I can assure you they won't be coming from a pseudoscientific scam artist like Rossi.

It's not like we don't have the technology to tackle AGW. We know how to build nuclear power plants right now, and we also know how to deal with the waste. All we lack is the political will to do it. We don't need "miracles" from snake-oil salesmen like Rossi.

Idle

+ - Denver Airpot Rental Car Agencies Inundated With Pot Left Behind By Travelers->

Submitted by schwit1
schwit1 (797399) writes "Rental car workers at Denver International Airport say pot tourists are regularly leaving them with marijuana that travelers don’t want to try to carry through DIA.

“It happens quite often,” a rental car employee at a national chain told a CBS4 employee. “Every couple of days. I just throw it in the trash.” At another major rental car company, an employee told CBS4 pot is handed over to employees “pretty frequently but depends on if there is an occasion.”"

Link to Original Source

+ - The Improbable Story of the 184 MPH Jet Train->

Submitted by MatthewVD
MatthewVD (2603547) writes "Almost half a century ago, New York Central Railroad engineer Don Wetzel and his team bolted two J47-19 jet engines, throttled up the engines and tore down a length of track from Butler, Indiana to Stryker, Ohio at almost 184 mph. Today, the M-497 still holds the record for America's fastest train. This is the story of how it happened."
Link to Original Source

Anyone can do any amount of work provided it isn't the work he is supposed to be doing at the moment. -- Robert Benchley

Working...