Forgot your password?

Comment: Don't feed the trolls? (Score 1) 291

by Zakabog (#47511783) Attached to: The Daily Harassment of Women In the Game Industry

I actually thought this was going to be some real world experiences, and not "Someone on the internet called me a cunt!", "Someone on the internet said they'd rape me!"

If you make your unpopular opinion known to the world online, expect people who disagree to come out and attack you. Expect more people to come out when they know you'll make a big stink about it. The main thing they're looking for is a reaction, that's just how the internet works, people can hind behind their computers and make all the threats they want and some people find joy in getting these responses from people. I was really looking forward to an article describing real world instances where people made these comments and threats. Not that I want to see that happen, but at least that's something that can be corrected when brought to light, the only way to stop trolls is to stop feeding them.

Comment: Re:Why do you want pieces of plastic (Score 1) 288

by evilviper (#47508975) Attached to: Netflix Reduces Physical-Disc Processing, Keeps Prices the Same

Why would anybody want to wait for a day or two for a piece of plastic when they can access the data instantly online?

Never underestimate the bandwidth of a USPS van full of Blu-ray discs...

Movies on The Pirate Bay don't appeal to me, because of the low quality of the rips. The idiots that put them together don't even know they should strictly stick to picture dimension that are multiples of 16, let alone selecting the best perceptual encoding options, making a good trade-off of efficiency and compatibility, using a proper rescaling alg., or better yet, not rescaling at all.

Streaming services don't really appeal to me, because of the DRM, Netflix's refusal to support Linux systems, despite how commonly such are used as TV-connected DVRs, and the inability to make an offline copy for later viewing, instead having to waste the bandwidth every-time you want to watch it, the ability for them to quietly discontinue carrying a movie, and needing to have your subscription in-force, forever, to be able to re-watch any movie you liked.

I guarantee I get infinitely more utility out of those little plastic discs than anybody gets out of your much more expensive streaming service, and probably more than copyright infringers, too, saving on disc space upgrades, not wasting time hunting for slightly less popular or older titles, and more.

Comment: Re:Here we go... (Score 1) 378

by evilviper (#47505465) Attached to: MIT's Ted Postol Presents More Evidence On Iron Dome Failures

Will Israel promise that if Hamas puts all its rocket launchers, military command and control, and military supplies neatly organised in easily identifiable military bases, Israel won't simply send a missile to figuratively cook all those eggs being put in one basket?

That's idiotic. The idea was to get them away from civilian homes, so when Israel does have to retaliate and destroy them, innocent bystanders aren't killed in the process. Promising not to shoot back would be crazy, and your statement massively misses the point...

Will Israel remove the embargo being imposed of Gaza so that Hamas can buy better weapons that they can use to precisely target Israel military installations rather than have to make do with using cheap mortar and rockets that is just as likely to hit civillian targets as Israeli military installations?

You'd have to first explain why Hamas has a military need to attack Israeli military bases in the first place, as opposed to, say, Israeli tanks and aircraft while they are in Palestine. Or why they need to attack at all, since they two are not at war with each other, and Israel could wipe them out in a matter of days if they ever did declare one.

Comment: Re:PCI-DSS (Score 1) 202

Self-assessment is the method used by the vast majority of small businesses, and they're often not even required to do even minimal work to get started. The acquiring bank will just set them up an account and start the ball rolling after Farmer Bob buys a cheap swipe terminal off eBay for the weekend Farmer's market and signs a couple papers. For those organizations that aren't self-assessing, they get to deal with the fact that QSAs often can't even agree on what some requirements mean in principle, let alone when applied to their specific circumstances. Show three different QSAs the same architecture and documentation, get three different reports. That ROC? That's good for toilet paper by the time the QSA pulls out of the parking lot. Don't believe me? Have a data breach and watch Visa roll in with auditors who won't leave until they find a reason to fail your compliance. That's just how the game is played.

All that said, people just declaring that they are PCI DSS compliant is actually exactly what happens. You tell the acquiring bank that you're PCI compliant (either via SAQ or QSA/ROC). If you've met certain levels of activity, the acquiring bank may pass along some paperwork regarding your audits to certain payment brands who require it. They then effectively state that your paperwork appears to be in order and begin processing your credit card transactions. At no point do they declare you PCI DSS compliant and they will most certainly toss your ass to the wolves the second there's a whiff of trouble. And even if they did say you were compliant at filing time, any QSA will tell you that any minor change, lapse, or mistake can completely alter the state of your compliance. From the PCI SSC website: "There are three steps for adhering to the PCI DSS – which is not a single event, but a continuous, ongoing process."

In other words, yesterday you might have been compliant, and tomorrow you might be compliant, but today (always of course the day of the breach), you're non-compliant.

Comment: Re:PCI-DSS (Score 1) 202

No, there's no certificate, but there is a process of documentation and testing commonly referred to as "certification" before you are allowed to process credit card transactions.

This depends entirely on the organization and their acquiring bank's requirements (ultimately the acquiring bank is the only one who matters, but most reasonably organizations develop their own process to ensure they're covered as much as possible). For many small businesses, they're often times just buying a cheap terminal and swiping away. The acquiring bank isn't pressing them for details of their security measures and they're often completely clueless about any requirements they're supposed to be meeting. They aren't bringing in a QSA. Even if they were, bring in three QSAs to any decently sized organization and get three different opinions about your scope and your compliance measures. Half the fun of PCI assessments is determining what the requirements mean, how they apply in your specific instance, and where scope ends. But the point is, there's no issuing authority to say that you're PCI compliant. There's no governing body certifying anyone. The only thing that's actually there are the contractual relationships between the merchant and the acquiring bank and the contractual relationships between the acquiring bank and the payment brands.

I work in point of sale software development and have had to help retail chains overcome problems found in their certification tests. You either don't know what you're talking about, or you're playing a pointless semantic game.

It's not a pointless semantic game because it's the unspoken risk for anyone accepting credit cards. Since there is no official PCI certification and since there is no agreement between QSAs on what the requirements mean in principle (let alone in practice in a specific organization's situation), the PCI SSC gets to stick the claim up on their website that no breach has ever occurred in a PCI-compliant vendor. Best of all, each individual payment brand actually gets to decide what requirements have to be met in which situation by which type of vendor doing what type of business at what scale and via which medium. The ambiguity and the leverage the payment brands hold allows them to arbitrarily decide who is and who isn't compliant at any given moment.

So you keep on doing your documentation and your testing processes (and you should, it's good practice), but if you think for a second your customers are somehow protected from Visa, Mastercard, etc in the event of a breach, you'd best think again. It's a shell game designed to ensure that whenever things go south, the payment brands are never the ones left holding the bag.

Comment: Re:What about extending FIOS to us DSL users? (Score 1) 228

by evilviper (#47503755) Attached to: Verizon Boosts FiOS Uploads To Match Downloads

FiOS is 1/8th mile away from my house but they won't bring it the last couple hundred feet.

Sounds like you need to strike up a deal with one of your neighbors, to sign-up for FIOS and host a WiFi AP aimed towards your house for you. Give them free internet access (throttled when you're maxing it out) or just a few dollars more than the bill, and you'll both come out ahead.

Comment: Re:People need to read comment threads (Score 1) 228

by evilviper (#47503741) Attached to: Verizon Boosts FiOS Uploads To Match Downloads

For me, a real sign of the death of Slashdot is the predictability of the trolls.

This statement just reeks of "noob".

The trolling (and gaming of mod and m2) was VASTLY higher in the early /. days. At certain points, it really was crushing any legitimate discussions. You have no idea how good you've got it, on that account.

Slashdot is dying because of Dice, nothing else.

Comment: Re:And if you're in the vast FIOS-free zones... (Score 1) 228

by evilviper (#47503681) Attached to: Verizon Boosts FiOS Uploads To Match Downloads

At this point, it's pretty clear that if you don't already have it, you won't be getting it.

Not true here. It was quite a while after their announced buildout freeze that FIOS became available here. A neighboring city had it for a while, and since then, it has expanded a few cities away, and filled-in all the coverage gaps, too.

Frankly, I hate FIOS, because they immediately take away nice cheap DSL as an option. Why the hell does my mother need to pay $65/month for the slowest FIOS package, when she's never watched an online video in her life, still has no interest in Netflix, and wouldn't care whether it came in 480i or 4k? But nice cheap DSL is no longer an option for her, because we have FIOS.

Time Warner is awesome, offering a $15/month basic internet access plan even though they've got no competition in that space anymore, but if they get bought out by Comcast, we're screwed.

Comment: Re:Minivans are practical but ignored (Score 1) 200

by bmajik (#47501367) Attached to: New Toyota Helps You Yell At the Kids

I think VW might contract the actual manufacturing to Chrysler.

Indeed. The VW Routan was a Chrysler Town and Country with some different skins on the inside and out. It was so much not a VW product that the VCDS system (the thing you can use to do vehicle diagnostics on any VW, Audi, Seat, or Skoda product since the early 90s) doesn't even talk to it.

In the German market, VW sells Vans of all different sizes. None of them are currently imported to the US; the Eurovan was the last rest-of-world van that was available in North America.

Comment: Re: Hmmm (Score 3, Informative) 200

by bmajik (#47501143) Attached to: New Toyota Helps You Yell At the Kids

We have 3 kids in car seats, and an Odyssey.

When we lived in town, it was great. Back then, my only serious gripe with the Odyssey is that if you are running a second set of wheels (e.g. for permanently mounted snow tires), and don't fit a 2nd set of expensive TPMS sensors to those wheels, the VSA (stability control) cannot be defeated via the console switch.

This is a problem because the VSA implementation sucks and is frankly unsafe when accelerating on surface transitions - for instance, when you are waiting on a gravel road and are about to pull onto a paved highway, the VSA system senses differing levels of wheel grip between the wheel on pavement and the wheel still on gravel, and cuts power, precisely when you need maximum power to quickly get to highway speed.

Last fall we moved to a rural area, and now poorly maintained roads (deep snow in the winters until I clear it, deep ruts whenever there are rains) has really shown me the shortcomings of the vehicle. My wife has gotten it stuck 4 times in our first winter.

The Odyssey needs 2 things to be superlative. Air suspension with adjustable ride height (it is a very low vehicle, for ease of entry/exit for small kids), and a proper AWD system.

My wife is now desperately wanting an AWD vehicle. But to get a proper AWD system (e.g. locking transfer case or at least a torsen differential), and the useful seating capacity of a minivan, you need to be looking at full-size truck based SUVs, like the Excursion or Sequoia.

I'm aware that the Sienna comes in an AWD version, but its particular AWD system and ride height doesn't inspire me that they will be foolproof enough to want to make the switch.

Sadly, my wife also refuses to drive a Mercedes G-wagen :)

As an aside, the Odyssey towing capacity isn't really sufficient. It's 3500lbs, and it requires upfitting the vehicle considerably with things that don't come factory - PS cooler, ATF cooler, hitch wiring, etc. (In addition to the actual hitch receiver).

When we were considering camping options, essentially nothing that had enough floor space for a family of 5 could be towed behind an Odyssey.

Comment: Re:PCI-DSS (Score 4, Interesting) 202

As an organisation accredited to be following PCI-DSS

You aren't accredited to be following PCI because nobody is. There is no certificate. There is no special seal of approval. You provided security information to your acquiring bank(s) and you were allowed to process credit card transactions. There's no such thing as certification or accreditation for PCI.

we would be crucified if the PCI auditor found us holding the PAN (the long number on the front of your credit card, PAN = primary account number) in plain text. Surely the airlines/booking agents should not be passing the PAN to anyone else if they are following PCI-DSS (which is mandatory if you want to accept card payments)?

Who says they're holding the PAN in plaintext? They can decrypt it to send it to the Feds as needed without keeping it in plaintext in their systems. The Feds have no agreement with an acquiring bank, so they don't have to worry about how they store it. Nobody can do anything to them. Any agreement the airlines have with their acquiring banks undoubtedly includes plenty of cover for Federal data reporting requirements (likely a blanket "if the Feds come calling, we're just going to give them everything"). So long as the acquiring banks have signed off on it, they're in the clear. And since all these guys would like to continue doing business in the largest economy in the world, nobody's going to say no.

Comment: Re:10.10 per hour (Score 1) 769

by evilviper (#47493877) Attached to: States That Raised Minimum Wage See No Slow-Down In Job Growth

Depending on where you live (state taxes?), that's at best a cool $350-$365 after payroll taxes (259-270 Euros) per week for a family of two to four.

Really? And would that $10.10/hr magically become more or less money with a family of 1, or a family of 10?

And actually, with a family of 4 on $20,000/year, you probably wouldn't be paying ANYTHING in state or federal income taxes in most states, so it would be $404/week take-home.

And more relevant than abstract cash figures:

"If you have a [full-time] job in this country, (thereâ(TM)s a) 97 percent chance that you're not going to be in poverty."

ASCII a stupid question, you get an EBCDIC answer.