Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Re:One number to breach them all (Score 4, Informative) 92

by plover (#48639961) Attached to: Staples: Breach May Have Affected 1.16 Million Customers' Cards

I can only think the reason it hasn't been fixed is because fraud makes the banks money and they love seeing stories like this.

Well, you would be very wrong. Fraud costs both the retailers and the banks money. The real problem is that issuing new chip cards would cost the banks more than the fraud. Not only are the cards about a dollar more expensive each, and they still have to be re-issued about every three years, but the systems that inject encrypted keys into them, and store the keys on their databases, are very expensive. Banks are notoriously cheap when it comes to spending money that won't make them money.

The other reason EMV hasn't rolled out across the U.S. is that millions of retailers have about 12 million old credit card terminals spread across the country, and most are owned by cheap store owners who don't like being told they have to spend money to replace them. Most retailers have been dragging their feet, not wanting to make an expensive change. But the new members of the breach-of-the-month club are mad about the insecure systems they've been forced to use, and are now championing the rapid switch to EMV instead of fighting it. The smaller retailers are also impacted now, and are no longer resisting.

The irony is that EMV readers for the small retailers are far, far cheaper than the old terminals, and the rates for using new companies like Square, Intuit, and PayPal are much lower than the typical old bank rates for the old credit card readers.

Comment: Re:I think it's about time... (Score 4, Informative) 92

by plover (#48639775) Attached to: Staples: Breach May Have Affected 1.16 Million Customers' Cards

I think it's about time we implemented some sort of single use credit card system.

That's how Chip and PIN works. Your account number is still fixed, but your authorization to spend from it (your PIN) is encrypted by the chip, and is valid only for a single transaction. There are still kinks with non-electronic transactions, but those can be solved.

Look for it to be all over the US by October of next year.

Comment: Re:Marijuana is still illegal everwhere in the US (Score 1) 464

by plover (#48633007) Attached to: Colorado Sued By Neighboring States Over Legal Pot

Supply, demand, taxes, and regulations all combine to control the prices. If people are willing to pay X, and you're selling all your product, why would you reduce prices? All it would do is lower their profits; if they're even making any.

My guess is there are a lot of hidden factors, like big insurance costs. Most insurance policies have an exemption so they don't pay out if you're doing something illegal. This means they may have to self-insure, or find a company willing to take on the risk of a federal bust - and that likely isn't cheap. Maybe the state has a tax rate designed to keep the costs high to minimize chronic abuse. Maybe the costs of physical security are high. Likely all of the above will continue to keep prices very high.

Comment: Re:Meaningless (Score 3, Interesting) 173

by plover (#48619637) Attached to: Backblaze's 6 TB Hard Drive Face-Off

I'd love to be able to publish these statistics for our organization, (I'd estimate we have close to a quarter million drives in the field) but there is a big hurdle in the way: legal liability. If I was to say something negative about Western-Sea-Tachi drives, their lawyers might call our lawyers, and we could easily spend a million in court fees.

The thing I think would be interesting is that we have a completely arbitrary mix of drives, based on drive availability over the last 6 years or so. We also have a mix of different service companies who replace the drives in our workstations. Our contract is such that we don't control the brands, or even the sizes, as long as they meet or exceed our specs. As a service organization, they're responsible for picking the cheapest option for themselves. If our spec says "40 GB minimum", and they can't get anything smaller than 500GB, they'll buy those. If 1TB drives are cheaper than 500GB drives, they'll buy those. And if we're paying them $X/machine/year for service, they can do the reliability decisions on their own, so if they think some premium drives will last two years longer than stock drives, they might be able to avoid an extra service call on each machine if they spend $Y extra per drive. I expect these service organizations all have their preferred drives, but that's not data they're likely to share with their competitors on the service-contract circuit.

Comment: Re:Man, am I old ... (Score 1) 173

by plover (#48619391) Attached to: Backblaze's 6 TB Hard Drive Face-Off

I don't take pictures for "posterity", or for people who outlive me. I take pictures for me, and my family, for now. While I only have thousands of total pictures, (not 10,000 per month) I can still find the pictures I want on my hard drives. So when I die, if some future grandchild wants to trawl through those terabytes in the vain hopes of finding a good picture of a great-great-grandparent they never met, why should I care? What difference would that make to me, today, in how I choose to save or discard photos?

Comment: Re:Implementation not the technology. (Score 1) 153

by plover (#48614321) Attached to: In IT, Beware of Fad Versus Functional

When will it be learned that choosing the right methodology for a given project is the best way to go.

It comes to understanding the methodologies. What makes each effective? What are their weaknesses? Do you have enough good people who can execute them?

Waterfall is often appropriate, especially when it comes to physical world engineering, or for software products that cannot and will not be changed. Agile is great when you are committed to fully automated testing, have a committed stakeholder who is an active participant, and can deploy on demand for low cost.

But many clients now expect instant updates like they experience with their iPhone apps, and it's very difficult to deliver like that with waterfall. Agile is the answer, but for legacy projects that lack adequate testing, it's a big challenge to migrate to agile, and requires the business be put on hold while the developers clean up their technical debt. Most businesses can't afford such a shift.

Comment: Re:Mod parent up. (Score 1) 153

by plover (#48614165) Attached to: In IT, Beware of Fad Versus Functional

Following Best Practice (ie. ITIL), you would start questioning at the organizational and process-level, before even beginning to consider technology.

That way is also not a guarantee of success. If management is implementing their imagined-perfect new organization structure, they are often blind to the problems they are creating, believing the problem lies with the underlings who "aren't trying hard enough", or "don't believe in the vision."

Comment: Re:In IT, remember to wash your hands (Score 1) 153

by plover (#48614111) Attached to: In IT, Beware of Fad Versus Functional

Beware of Fad Versus Functional

What's so IT-specific about this maxim, that it warrants being on Slashdot? A slow news day?

Not a damn thing. As a matter of fact, the original HBR story referenced in the TFA is not about IT at all. And TFA could have been written by Captain Obvious, except it's not nearly as clear.

Comment: Re:Traffic Furniture (Score 1) 594

by plover (#48603239) Attached to: Waze Causing Anger Among LA Residents

Traffic calming measures have been common for quite a few years now. But I think that Sherman Oaks could take this one step further.

Traffic furniture rearranging.

Every day, get the road crews out there to move some barriers around randomly: dead ends in the middle of some block, random one way signs, maybe just drop a wrecked car in the intersection where the off-ramp exits the freeway. Reprogram traffic lights to introduce 10 minute delays. Make Waze's advice to be worse-than-worthless to the average driver, and just maybe they'll give up on your city.

Comment: Re:Hmmmm ... legality? (Score 1) 138

by plover (#48603101) Attached to: Amazon UK Glitch Sells Thousands of Products For a Penny

That depends entirely on the jurisdiction. In some US states, the price marked is the price that must be honored, or the shopkeeper can go to jail. The merchant doesn't get to claim "computer glitch", because there were so many glitches people could no longer tell them from bait-and-switch tactics. So the laws were passed in favor of the consumer, and if the merchant's computer systems aren't up to the task, it's not the problem of the general public.

Doesn't matter if you think it's fair or unfair, it's the law in those places. I think Massachusetts, Michigan, and California all have some flavor of this, with Massachusetts being the most stringent.

Comment: Re:You are ignorant. (Score 1) 49

by plover (#48598455) Attached to: "Lax" Crossdomain Policy Puts Yahoo Mail At Risk

Because Flash still works on many old browsers. YouTube wants to serve as many people as they can, and want to avoid as many technical issues as they can. They know there are many people who got something working five or more years ago that haven't upgraded their browsers to anything that can display HTML5.

The tree of research must from time to time be refreshed with the blood of bean counters. -- Alan Kay