Forgot your password?
typodupeerror

Comment: Ya, pretty much (Score 1) 786

by Sycraft-fu (#47513607) Attached to: The Daily Harassment of Women In the Game Industry

That is why when you play online shooters, which attract many immature males, "faggot" is the default insult. They are insecure about their sexuality, as most young men are, and thus being called gay is one of the more hurtful things to them. they externalize that, of course, and thus that is what they use by default against others. However if they find something that works better, they'll go after that. Race, age, nationality, etc, etc.

They are assholes, sociopaths sometimes, they want to hurt others and they choose whatever they think is the most effective way to do it.

For that matter humans in general do it, women included. Bill Burr ha some hilarious bits, based in truth as the best comedy is, about women steering a losing argument towards personal attacks against their man. Saying he has a little dick, is a momma's boy, that kind of thing.

Well, that really happens. It isn't because women are some horrible creatures, but rather because they are using the insults they have learned will hurt the worst, when they get mad and decide to turn to insults. It's what people do when they lash out.

The difference between a normal person and a troll/asshole/ITG/sociopath and so on online is that most people do it only when they are angry, when they are lashing out at another person. These asshats do it for fun, just to get a rise out of people, and so on.

It is not something to be celebrated, or even tolerated (in any community I moderate trolling is a fast way to the banhammer) but trying to act like it is a problem limited to or directed at women is silly.

Comment: Re:Let's draw a distinction here... (Score 1) 786

by Sycraft-fu (#47513585) Attached to: The Daily Harassment of Women In the Game Industry

Of course it is assholes acting out. That's what happens when you remove consequences. Games have been an excellent example of that in terms of gameplay and mechanics. There have been games that have tried the whole "No rules but what the players make, they'll work out a stable system." No, actually it devolves in to a bunch of griefer assholes, and everyone else leaves. These people can't do that kind of thing in real life because they'd face consequences.

Sociopaths learn to moderate their behaviour in the real world because if they don't, they get punished. Online, they can run rampant and so they do.

Comment: No shit (Score 2) 87

by Sycraft-fu (#47510777) Attached to: Buying New Commercial IT Hardware Isn't Always Worthwhile (Video)

We consolidated about 20ish old servers (and added new systems) in to two Dell R720xds that are VM hypervisors. Not only does this save on power n' cooling but it is way faster, more reliable, and flexible. It is much easier and faster to rebuild and stand up a VM, you can snapshot them before making changes, if we need to reboot the hypervisor or update firmware we can migrate VMs over to the other host so there's no downtime. Plus less time is wasted on admining them since there are less systems, and they are newer.

On top of that they have good support contracts, and some excellent reliability features that you didn't get on systems even 5ish years ago (like actively scanning HDDs to look for failures).

Big time win in my book. Now does that mean we rush out and replace them with new units every year? No, of course not, but when the time comes that they are going out of support, or more likely that usage is growing past what they can be upgraded to handle, we'll replace them with newer, more powerful, systems. It is just a much better use of resources.

Comment: Is this all necessary? (Score 5, Insightful) 96

Seems like you are trying to work out a solution to a problem you don't have yet. Maybe first see if users are just willing to play nice. Get a powerful system and let them have at it. That's what we do. I work for an engineering college and we have a fairly large Linux server that is for instructional use. Students can log in and run the provided programs. Our resource management? None, unless the system is getting hit hard, in which case we will see what is happening and maybe manually nice something or talk to a user. We basically never have to. People use it to do their assignments and go about their business.

Hardware is fairly cheap, so you can throw a lot of power at the problem. Get a system with a decent amount of cores and RAM and you'll probably find out that it is fine.

Now, if things become a repeated problem then sure, look at a technical solution. However don't go getting all draconian without a reason. You may just be wasting your time and resources.

Comment: Re:PCI-DSS (Score 1) 203

Self-assessment is the method used by the vast majority of small businesses, and they're often not even required to do even minimal work to get started. The acquiring bank will just set them up an account and start the ball rolling after Farmer Bob buys a cheap swipe terminal off eBay for the weekend Farmer's market and signs a couple papers. For those organizations that aren't self-assessing, they get to deal with the fact that QSAs often can't even agree on what some requirements mean in principle, let alone when applied to their specific circumstances. Show three different QSAs the same architecture and documentation, get three different reports. That ROC? That's good for toilet paper by the time the QSA pulls out of the parking lot. Don't believe me? Have a data breach and watch Visa roll in with auditors who won't leave until they find a reason to fail your compliance. That's just how the game is played.

All that said, people just declaring that they are PCI DSS compliant is actually exactly what happens. You tell the acquiring bank that you're PCI compliant (either via SAQ or QSA/ROC). If you've met certain levels of activity, the acquiring bank may pass along some paperwork regarding your audits to certain payment brands who require it. They then effectively state that your paperwork appears to be in order and begin processing your credit card transactions. At no point do they declare you PCI DSS compliant and they will most certainly toss your ass to the wolves the second there's a whiff of trouble. And even if they did say you were compliant at filing time, any QSA will tell you that any minor change, lapse, or mistake can completely alter the state of your compliance. From the PCI SSC website: "There are three steps for adhering to the PCI DSS – which is not a single event, but a continuous, ongoing process."

In other words, yesterday you might have been compliant, and tomorrow you might be compliant, but today (always of course the day of the breach), you're non-compliant.

Comment: Re:PCI-DSS (Score 1) 203

No, there's no certificate, but there is a process of documentation and testing commonly referred to as "certification" before you are allowed to process credit card transactions.

This depends entirely on the organization and their acquiring bank's requirements (ultimately the acquiring bank is the only one who matters, but most reasonably organizations develop their own process to ensure they're covered as much as possible). For many small businesses, they're often times just buying a cheap terminal and swiping away. The acquiring bank isn't pressing them for details of their security measures and they're often completely clueless about any requirements they're supposed to be meeting. They aren't bringing in a QSA. Even if they were, bring in three QSAs to any decently sized organization and get three different opinions about your scope and your compliance measures. Half the fun of PCI assessments is determining what the requirements mean, how they apply in your specific instance, and where scope ends. But the point is, there's no issuing authority to say that you're PCI compliant. There's no governing body certifying anyone. The only thing that's actually there are the contractual relationships between the merchant and the acquiring bank and the contractual relationships between the acquiring bank and the payment brands.

I work in point of sale software development and have had to help retail chains overcome problems found in their certification tests. You either don't know what you're talking about, or you're playing a pointless semantic game.

It's not a pointless semantic game because it's the unspoken risk for anyone accepting credit cards. Since there is no official PCI certification and since there is no agreement between QSAs on what the requirements mean in principle (let alone in practice in a specific organization's situation), the PCI SSC gets to stick the claim up on their website that no breach has ever occurred in a PCI-compliant vendor. Best of all, each individual payment brand actually gets to decide what requirements have to be met in which situation by which type of vendor doing what type of business at what scale and via which medium. The ambiguity and the leverage the payment brands hold allows them to arbitrarily decide who is and who isn't compliant at any given moment.

So you keep on doing your documentation and your testing processes (and you should, it's good practice), but if you think for a second your customers are somehow protected from Visa, Mastercard, etc in the event of a breach, you'd best think again. It's a shell game designed to ensure that whenever things go south, the payment brands are never the ones left holding the bag.

Comment: Re:PCI-DSS (Score 4, Interesting) 203

As an organisation accredited to be following PCI-DSS

You aren't accredited to be following PCI because nobody is. There is no certificate. There is no special seal of approval. You provided security information to your acquiring bank(s) and you were allowed to process credit card transactions. There's no such thing as certification or accreditation for PCI.

we would be crucified if the PCI auditor found us holding the PAN (the long number on the front of your credit card, PAN = primary account number) in plain text. Surely the airlines/booking agents should not be passing the PAN to anyone else if they are following PCI-DSS (which is mandatory if you want to accept card payments)?

Who says they're holding the PAN in plaintext? They can decrypt it to send it to the Feds as needed without keeping it in plaintext in their systems. The Feds have no agreement with an acquiring bank, so they don't have to worry about how they store it. Nobody can do anything to them. Any agreement the airlines have with their acquiring banks undoubtedly includes plenty of cover for Federal data reporting requirements (likely a blanket "if the Feds come calling, we're just going to give them everything"). So long as the acquiring banks have signed off on it, they're in the clear. And since all these guys would like to continue doing business in the largest economy in the world, nobody's going to say no.

Comment: Re:Of course (Score 1) 82

The main problem seems to be the increased cost of education (caused by higher demand) rather than the side effect of creating a more educated population.

Nope. The population is not becoming more educated; colleges are dumbing themselves down to become poor imitations of trade schools in an effort to accommodate all these losers that are allowed to get granted/loans and allowed into the colleges.

Do you actually believe this?

Why shouldn't he?

Do you believe that the population is becoming more genuinely educated?

Doesn't this attitude presuppose that a college education provides exactly zero value to students that would have otherwise gone to trade schools or just been happy with a high school diploma.

No, that's looking through the wrong end of the telescope.

The issue is that not everyone has the aptitude for college-level academics. That's just a fact, and it doesn't change just because you lower admission standards or degree standards or throw more money at it.

% A bank is a place where they lend you an umbrella in fair weather and ask for it back the when it begins to rain. -- Robert Frost

Working...