Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment yep, but that's not necessary in the US (Score 1) 315

Consumer fraud protection in the US means you're not liable if they copy down your details. And the companies seemingly would rather do it this way, it saves money in the end, even though any fraud that happens raises their clearing fees. Remember, there is nothing stopping US restaurants from bringing a portable transactor to your table. Those things read swipe cards and PIN cards just fine. So if they aren't doing it by choice, there could be a good reason.

It does reduce waiter back-and-forths, but is that really the limiting issue? The waiter bringing the reader and waiting while you use it increases waiter time spent which costs money.

If you want to go fast, ask your waiter to do the job fast. Otherwise, the restaurant can save money by having a pile of those little trays/folders and waiters picking up and running 3 at a time.

Comment we pay, but changing it isn't free (Score 1) 315

Stolen card fraud is something we all pay for. But requiring PINs would require making all CC readers face the customer. That costs money. The CC companies also surely worry people won't remember their PINs and will thus not use their CCs. And then there's that chip and PIN is even slower than chip and sign which is already slower than swipe and sign.

There are a lot of different factors in a lot of different directions. This is the decision they came up with, it hardly seems terrible.

Frankly, given that clearing fees are being jacked so companies can take a bigger cut just to give "cash back" I don't know we'll notice the fraud rate difference between chip and PIN and chip and sign.

Comment you never eat in restaurants? (Score 3, Informative) 315

In the US, table service restaurants virtually NEVER have customer-facing credit card readers.

Bars don't either.

In both you give them your card.

Really the places that do reliably have them facing customers are retail checkouts and anything with a self-serve kiosk.

Comment it's not the retailers, it's the cards (Score 1) 315

US chip cards are set to "prefer signature". Many of them don't have PINs at all.

It's less secure, but likely it doesn't matter. Part of chip and PIN was designed to blame the customer for all in-person fraudulent charges on the idea that if your PIN was entered, you must have been there (and not just your card). This does not pass muster with US consumer protection laws, so there isn't a lot of reason to go to chip and PIN in the US.

Not that chip and PIN wouldn't work, I think the retailers just saw it as too much hassle to make all merchants put in card readers which face the customer instead of the employees.

Chip and sign cards cannot be cloned. That's what adds the most protection anyway. Especially since much stolen credit card info from around the world has been used in the US since you could make a cloned stripe card from account info for chip and PIN cards and then use it in the US.

Comment Nano Zinc Oxide is not new (Score 4, Interesting) 112

It's been around for a while. It has the block power of zinc oxide without being white.


This article is not clear about which nanoparticles they are using, but we already have effective sunblocks using nanoparticles.

Comment he did this work under contract to FireEye (Score 5, Insightful) 108

If you do work for hire, you do not control whether you can publish information you discovering doing that work.

And what kind of security consultant airs his customers' dirty laundry? Not one that wants future customers.

If he had found this on his own, it'd be his call. But if he did it for FireEye, it's FireEye's call.


Proposed MAC Sniffing Dongle Intended To Help Recover Stolen Electronics 120

An anonymous reader writes to say that an Iowa City police officer is developing a new concept to help police find more stolen property. The Gazette has a short report that officer David Schwindt, inspired by a forensics class, is working on L8NT, a specialized wireless dongle to help police officers locate stolen electronics (any of them with wireless capabilities and a MAC address, at least) by scanning for MAC addresses associated with stolen goods. The idea is to have police scan as they drive for these MAC entries, and match them against a database. The article notes a few shortcomings in this concept, but does not point out an even bigger one: MAC addresses are usually mutable, anyhow, in a way that's not as obvious as an obscured serial number, and thieves could refine their business model by automating the change.

Comment No, you don't have to add a bios chip (Score 2) 242

You're wrong.

The parameters can be set by the bootloader and a digitally signed. There is no need to make 3 different chips for 3 different units. Just put the parameters in a payload with the target serial number then digitally sign it.

Then in secure code (either in ROM or loaded from flash by a ROM and checked before running) you load those parameters into the radio before proceeding.

This would add no cost (or trivial at best). All you need is an unchangeable unique ID. Everything else can be in the existing flash storage. It would add some complexity.

Why would a manufacturer do this? Because the FCC would mandate it.

You do not need a separate firmware for the radio, you design the radio so that these values become read-only after set. Then the entire driver can be modifiable (open source) it just can't modify that data.

This can be done relatively simply and for no additional cost. So no, the FCC wouldn't be banning open source, simply changing how the systems which use open source must work. And in a way that is really easy to roll out.

Comment they don't ban installation of open source (Score 3, Informative) 242

It simply requires the hardware to be designed such that if you install open source, you cannot modify the radio to use frequency bands and powers that it is not supposed to use.

And this is easy to do. Just put in settings to limit power and lock out bands and make those settings irreversible until a full system reset. Then make the bootloader set those settings before running the installed OS.

Then the OS can be open source.

It would be absolutely fantastic if people would be rational about tech news. Tech people/netizens are starting to sound like my grandfather now. Every change is something to be feared. OBAMA IS GOING TO TAKE YOUR GUNS! The people running the FCC are people, just like you. They aren't demons or out to get you. Try to work with other people you haven't met instead of exhibiting xenophobia.

Comment in the UK it would be fibre (Score 1) 135

In the UK openreach VDSL is called "fibre". Here it is called "superfast fibre". As if "up to" 80mbit DSL is superfast.


And it's common to do this in some other places in Europe.

It makes AT&T's fibs about their service look like small potatoes.

Comment it could affect all drives equally (Score 1) 184

But it doesn't have to. If a drive were to implement TRIM by doing absolutely nothing (which is completely within spec) then it wouldn't show the problem, but it doesn't mean the drive is better than another or the other drive has a fault.

It's quite possible that the way IBM implements TRIM is just a little different. Perhaps they defer it for a few ms or something. So the bug is occurring over and over but it doesn't show itself with corruption.

Yes, assuming that because you can reproduce it on Samsung drives it must be a Samsung bug is confirmation bias.

In any problem, if you find yourself doing an infinite amount of work, the answer may be obtained by inspection.