Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:We need gas control! (Score 1) 1591

You walk around terrified of being attacked and justify gun ownership on the 0.00001% chance that it might actually protect you some day.

I justify gun ownership on the 100% chance that murders and gun crimes occur two miles from my house on a regular basis. The ghetto is creeping in, and I can't afford to move out just yet. I live in a castle defense state, and I am trained in the use of firearms.

Statistics are a great tool: talking about averages is wonderful when you're talking about the country as a whole. I am talking about the area near my house.

Comment Re:Code? (Score 1) 238

About fifteen years ago one of the PC (politically correct) clowns ragged my boss at a lunch for saying something about reverse polish notation because she thought it was a pollack joke!

My wife is Polish. So if I say "wow that's Polish" it's ok. If someone takes offense, I just tell them I'm Irish, therefore I'm drunk and don't care about their opinion. Problem solved.

Comment Re:Why would they stop developing weaponry? (Score 2) 384

Any dissent is punished by 3 generations of imprisonment in a remote work camp (that means you and your next two generations of children grow up with lifetime jail sentences if you are a dissenter, and yes, you get conjugal visits just to create additional generations to punish, but they also are brainwashed with loyalty just like other children).

This is absolutely disgusting and makes me sick -- and it's true. Here are the citations: http://www.cbsnews.com/8301-18560_162-57556662/north-korean-prisoner-escaped-after-23-brutal-years/, http://www.cbsnews.com/video/watch/?id=50136263n. This was actually on 60 Minutes very recently, weekend before last.

Comment Re:Why would they stop developing weaponry? (Score 1) 384

But what happens when they have to eventually come out of the bunkers? Doesn't seem like much of a plan to me.

Not even coming out of the bunkers -- they need food, and stockpiles only last so long. They need to breath uncontaminated air, and I'm sure their primitive technology can't scrub all the CO2 inside or radiation outside. They need clean water, they need to get rid of the poop... basic stuff. Even if the leadership survives the first few days, I doubt they are advanced enough to solve these problems long-term.

Comment Re:increasing divorce or honesty? (Score 1) 277

"Had to wait"?

IANAL, but the great and wonderful Wiki says the US has no-fault divorce in all states and DC.

What obligated him to stay? What prevented him from leaving? Why did he need cops to *leave*?

Getting a dissolution is easy, i.e. "not being married anymore" is a no-brainer in 99% of cases.

Getting divorced on favorable terms is completely different. In the GP's case, the wife was allegedly the one being abusive and assaulting the husband. Proving such a thing requires a paper trail. Said paper trail goes a long way toward favorable divorce terms, such as "the non-abusive ex-spouse receive custody of the children as well as titled property."

Comment Re:Well done B&N (Score 1) 83

However, merchants are allowed to store limited CC data on the terminal. This includes the card number and expiration date as long as they are encrypted. CID and raw track data are forbidden from being stored. This means it is possible to reverse transactions without the card present.

Is it not possible to do this using transaction ID?
Unless the stored data can only be decrypted via the operator entering a key which is unique per transaction (and not stored in the machine) any encryption is rather pointless. Storing key and cyphertext together is for all practical purposes storing the plaintext.

Now you see why despite being technically allowed, it truly is debatable whether or not it is a good idea. I agree with you on this: it is a bad idea. However, the people that make the rules (state/federal governments, and the payment card industry itself) disagree.

Interesting you should mention using an ID unique to the transaction: one of the major pushes right now is to use tokenization. Essentially, the PINpad provides the track data to the POS. The POS then sends this to the payment processor, who returns a token which is a unique character string. Any future actions taken for that card and transaction (i.e. the initial authorization, a return in the future) will use that token. The token is not a credit card number: it is useless to a thief, since it is only useful at that merchant to transfer funds between the combination of card and merchant.

In this scheme the card data is stored at the payment processor, which offloads liability. The processors already have tons of sensitive data, but are better equipped to protect it. Instead of card data being stored on hard drives all over the country, it is physically secure and hopefully secure from electronic intrusion. But it is no less an issue than the banks themselves storing data.

Comment Re:Well done B&N (Score 2) 83

Why are they storing CCs at all on the terminals? The terminals should be just that, data entry points that transmit data to and from a secure location.

Should be, yes. However, merchants are allowed to store limited CC data on the terminal. This includes the card number and expiration date as long as they are encrypted. CID and raw track data are forbidden from being stored. This means it is possible to reverse transactions without the card present. While most of the time you will need to swipe your card to process a return, this is not required by law or PCI. The only time it is required is for debit, since any debit transaction requires physical possession of the card and PIN entry (although this is changing). By swiping the card, the terminal reads the track data which proves physical possession since it is not allowed to be stored.

Anyway, there is a reason for systems working this way: whether it is a good idea or should be allowed according to any random person is a different issue entirely.

Comment Re:Why hasn't this been fixed? (Score 2) 83

So why:
- don't the PIN pads have unique IDs?
- hasn't the terminal software been updated to sound an alarm when the stored PIN pad ID doesn't match the ID read from the PIN pad?
- doesn't the terminal alarm WHENEVER the PIN pad is disconnected?

I work in the payment card industry. PINpads do have unique IDs, but the IDs don't serve much purpose. Furthermore, the POS software and payment processor rarely validate the ID or state of the PINpad. The reason is there is no real encouragement to do so. No laws, banking regulations, PCI standards, etc.

Contrast with other countries such as Canada. Up there, the payment processor does check the ID. Each device has its own key as well, which is checked (similar to PKI but not quite). Tampering is easier to detect.

Aside from that, different devices work differently. The vast majority of PINpads you will encounter at big box stores are from VeriFone or Ingenico: there are a few smaller brands out there as well (e.g. Hypercomm). VeriFone tends to take security very seriously and their devices are typically more difficult to hack. They can be touchy too: I dropped one at work and it refused to process any cards at all. The impact triggered a mechanism which destroys its internal volatile memory that stores the keys: this makes it difficult to perform an offline attack against the device (i.e. power down, disassemble, hook the memory chips up to another device).

Comment Re:Concern troll submitter is concerned (Score 2) 230

What is it with Americans' hatred of passenger rail? It works, it's safe, cost-effective, and requires less government subsidy than highways or airport travel. It's also a hell of a lot more pleasant than flying.

Here in the U.S., you get Amtrack. Subsidized, expensive, and slow. Doesn't own its own tracks, so regularly stops to let cargo trains through. It can cost twice as much as flying and take twice as long to get there. Sometimes it is faster (rarely), but never cheaper that I have heard of.

The U.S. is more spread out than Europe. We have cities which are essentially islands of millions of people with hundreds of miles of cornfields between them. Travel is different here than in Europe. Different strokes for different folks.

Comment Re:Coding is a skill, not a profession (Score 1) 233

For comparison-based sorts, sure. But the moment you have a finite spacing between elements (eg. Strings, Integers), a tuned Radix sort can do a much better job, particularly for eliminating your pipeline-destroying decisions.

Radix sort is one of those "special case" that tends to come up. It is a specific case of the bucket sort which has its place. Honestly though, I rarely need to use it. Data normally either lends itself to a traditional comparison-based sort, is small enough not to matter (10 or fewer elements? Who cares?), the implementation is completely hidden (SQL's ORDER BY clause), or is already sorted (e.g. SQL sorted the data and returned it to your application).

There is always an argument for a better way to do something, but there are two important points to consider here:

  1. Most C.S. problems encountered on a daily basis are already solved and have good solutions, even if not perfect. Use the good enough solutions and spend time profiling later if need be, but this is already beyond the realm of a "blue collar coder."
  2. The fact that we're even discussing the special case of a problem means this is already beyond your typical "blue collar coder" or developer who doesn't know development (think Access).

Comment Re:Coding is a skill, not a profession (Score 1) 233

Show me a lego-building programmer who blindly uses libraries and can create a high performance multi-threaded async system.

For the 99% of the application development that is neither multi-threaded nor special-case, the Lego approach of plugging in existing modules works fine. Your typical web app or DB app (think Oracle Forms or Access) doesn't have to deal with threading on a level that concerns the (wannabe) developer.

Developing thread-safe software is really fucking hard. And I don't mean inserting critical sections in code so your data structure is thread-safe: that's easy. I mean, and I think you meant as well, designing systems with multiple actors that pass data back and forth. Using well-known structures such as blocking queues, semaphores, etc. is a good start but that's seeing the trees, not the forest.

I have developed multi-threaded applications, applications that run on multiple systems let alone threads, and require synchronization. I would not want a "blue collar coder" designing such a system. This is a perfect case for having an experienced developers who is educated on these topics design the software, then working with code monkeys to make it work. This is the type of software that would require a more hands-on approach with more strict code reviews, testing, etc.

Comment Re:My Stadegy. (Score 3, Interesting) 396

It's a natural evolution really. Who uses bookmarks on their browsers anymore? I have thousands of them, and a nifty hierarchy to classify them. But it's not worth spending a long time finding what I had stored there several years back.

I don't know about other browsers, but I have tons of bookmarks in Firefox. When I start typing in the address bar, it searches through them by URL and by name. Sort of like the start menus in Windows 7 and KDE. So while I may not navigate the hierarchy of programs or bookmarks, it does serve a useful purpose as what is essentially a database.

Slashdot Top Deals

Don't steal; thou'lt never thus compete successfully in business. Cheat. -- Ambrose Bierce