Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:Never store sensitive data you don't need. (Score 1) 142

These were telemarketing operators who didn't have physical access to the credit card. Anyway, back in those days the data wasn't encrypted yet. So I fear I have led you to squander an insightful comment.

It's easy for an old timer to forget that people under the age of 40 have never ordered anything over the phone. At the time I'm talking about, the web was years in the future, and it was illegal to conduct commerce over the Internet (which we called "the ARPANet"). Most businesses ran entirely on paper, and most people had never seen a computer in person. Usually in the movies or TV they'd use a 7 track tape drive as the prop "computer", although those were obsolete even then.

So believe it or not, back then it was common to call a vendor on a phone, verbally tell him what you want, and then read off your credit card number and expiration date. This was simply the way you bought things if you weren't shopping at a bricks-and-mortar store (which we called "a store"). Nobody was worried about "identity theft" because thieves still dealt mainly in cash and transportable valuables and crooks were only just then cottoning on to the value of information.

You could also buy stuff by writing a letter to a vendor listing what you wanted and enclosing a check or money order (which was a check you got at the post office in exchange for cash and and extra nickel). Six to eight weeks later your stuff would arrive. For some reason it was always "six to eight weeks". That's how we used to buy stuff like propeller beanies and x-ray specs from poorly printed ads in the back of comics. The x-ray specs were a bust; all they'd do is make girls think you were creepy, which was actually kind of the point. You could also send away for itching powder and books of allegedly comical retorts you were supposed to use if somebody said something that made you feel bad and you couldn't think of anything original. "May the fleas of a thousand camels infest your armpits." That material killed -- usually the kid who tried to use it.

It was a simpler time. Kids couldn't get access to porn (which we called "dirty pictures") because they kept it on a shelf higher than we could reach. You had to know to sneak into the firehouse when the men were out on an alarm. We didn't have gaming consoles so we had to make our own fun. We'd go out in the healthy fresh air and throw rocks at each other. That was our version of a "first person shooter". Sometimes to fill up the time we'd have fist fights with kids who were a different race or religion from us. Or from the other end of the street. Or were just there. Believe me it kept you on your toes when you were walking home at night! But it wasn't hateful, it was just something to do when you don't have "Grand Theft Auto" to keep you distracted. The next day we'd be having a pickup baseball game (no adult supervision for *us*) down at the sandlot with the very same kids we'd just fought. We'd laugh, exchange insults, and swipe the other guys equipment when he wasn't looking, just as if nothing happened.

And I swear, every word I've written here is true.

Comment Never store sensitive data you don't need. (Score 5, Insightful) 142

Back in the 80s I worked for a company that did back office accounting systems. Then I moved to a large non-profit and was in charge of both back office and customer facing systems. This was when the Internet was for non-commercial traffic only, so "customer facing" meant a live operator at a dumb terminal hooked up to a minicomputer.

My new employer wanted me to develop a system that would among other things take credit cards from donors and volunteers. I was pretty confident on the technical end of things, but I wasn't sure about handing the financial data. So I called in a CPA friend I'd met at my prior job, and he looked over a the design documentation for the system to make sure everything was kosher.

"You can't store credit card information in the database," he said.

"Why not?"

"Because it's insecure," he said.

"But it's convenient," I said.

"That's the problem," he said. "Look, any of the operators will be able to look up credit card information on any donor. Some of these donors are rich. You'd be able to go on one hell of a shopping spree with just one of their credit cards."

"What if I make it harder to look up the data?"

"Then it's not convenient anymore," he said. "Look, you don't actually have a use for this data once you've processed the credit card transactions. And while you're keeping it around in case you might someday have a use for it, it leaves you wide open to theft. It'd be a disaster; customers won't do business with you because your reputation will be in the toilet. Get rid of it. Get it out of the database, any logs you have, and make sure it's not in any backup tapes."

And when I thought about it I realized he was right. There was no point in exposing my employer to risk for no real benefit. That's when I learned an important principle of security: don't hold onto sensitive data that you don't actually have a use for. I suppose you could generalize: don't keep sensitive data on any system where there is no compelling need to store it there.

Things have changed now; storing credit card data has come to be regarded as routine in the post-1 click, impulse buy Internet world. But even though it is the *norm*, that doesn't mean you should automatically do it. There's actually a use in a web store for storing credit card data which offsets the risk (which you should still minimize). There's no reason for a restaurant to store credit card information -- that's just blind habit. Waiter takes the customer credit card, runs the transaction, and hands the card back to the customer, and then restaurant no longer has the data. You can't lose what you don't have.

Of course in this case it's probably not P.F. Chang's fault. They bought a POS system which left them open. It probably is all slick and really very helpful at keeping things moving, like maybe taking the customers card at the table. It'd be interesting to know how the POS system vendor screwed this up, because clearly they did.

There is no encryption or security architecture that beats not having the data.

Comment Re:This will hugely backfire... (Score 1) 422

You're right about the vacuum, but I think you should consider this: the government raided the treasury (or rather, borrowed with the treasury's backing, which can be the same thing if you really insist on looking at it that way) in order to keep unemployment from skyrocketing. As bad as it was, there was serious risk of a domino effect, where the failure of one industry resulted in job losses that reduced overall national income, putting strains on other industries.

As bad as the recession was, the goal was to keep it from becoming far, far worse. "Creative destruction" would have resulted in years to decades of destruction before it ever got around to any creativity, with vast misery in the process.

The bankers may well have taken advantage of that for their personal benefit; I'll leave it to others to make the argument that they got screwed over. There was plenty of screwage to go around: the economy was crashing because the musical chairs of highly leveraged money came to a screeching halt, and everybody scrambled to insist that their paper gains were more real than other people's paper gains. Everybody felt screwed over and there was no way out of this that didn't leave the vast majority of people feeling like they got the shorter end of it.

Everybody will always be able to insist that the economy would have been just fine if we'd just done it their way. It wasn't great, and I'll never be able to prove the counterfactual of how much worse it could have been. But I think it merits consideration: jobs and industries don't bounce back instantaneously, even when there's need, because of inherent friction in the economy, and I think the government acted correctly (at least in the broad strokes) to prop up the existing economy. That gave us time to hopefully put it on a sounder footing. Whether we will or not...

Comment Re:Wow (Score 1) 224

It actually is a bit different for the Republicans, in that they are caught in an internal party schism of a scale we've not seen on either side since desegregation, if even then. It's difficult for the less right to look good to the more right, undirected pushing against the Democrats is one of the few ways they have to do it.

Comment Re:Wow (Score 1) 224

Do not forget that ObamaCare was rammed through without a single Republican vote in the House or Senate.

It's the unfortunate case that Republicans don't generally support Democratic bills. Witness the recent student loan bill. There is not much question that a better educated populance means a better economy and a stronger nation. It's a truism that we could just pay for college education in a number of fields and reap economic benefits of many times the spending. Indeed, we used to do more of that and the country was stronger when we did.

Comment Re:I really dig the Obamacare comments Bruce made (Score 1) 224

You meant "you wouldn't approve" rather than "you wouldn't understand".

Positioned correctly, it isn't all that socially reprehensible to state the sentiment that you don't believe you should pay for people who drive their motorcycle without helmets, people who self-administer addictive and destructive drugs, people who engage in unprotected sex with prostitutes or unprotected casual sex with strangers, and people who go climbing without using all of the safety equipment they could.

You don't really even need to get into whether you hold human life sacred, etc., to get that argument across. It's mostly just an economic argument, you believe yourself to be sensible and don't want to pay for people who aren't.

The ironic thing about this is that it translates to "I don't want to pay for the self-inflicted downfall of the people who exercise the libertarian rights I deeply believe they should have."

OK, not a bad position as far as it goes. Now, tell me how we should judge each case, once these people present themselves for medical care, and what we should do if they don't meet the standard.

Comment Re:citation needed (Score 1) 224

Citation needed.

I just looked for a minute and found This NIMH study. If you look at the percentages per year they are astonishingly high. 9% of people in any particular year just for mood disorders, and that's just the first on the list. Then they go down the list of other disorders. The implication is that everyone suffers some incident of mental illness in their lives. And given the number of psychiatrists, psychologists, and lay practitioners in practice, it seems like much of the population try to get help at times, if only from their priest or school guidance counselor.

You are not a rock. Can you honestly tell me that you haven't ever suffeed a moment of irrationality?

Comment Re:I really dig the Obamacare comments Bruce made (Score 2) 224

Yes, seeing a doctor really is a human right.

Does that mean we should bear the burden of your bad lifestyle choices? Well, we do today. Either those folks are in our emergency rooms, or they are lying on our streets. Either way, we all pay a cost.

It's not clear to me what you propose to do with them. Perhaps you should explain that a bit more clearly.

Comment AC, please stop trumpeting fake studies (Score 1) 224

Hi AC

One would hope that a real scientific study would shed light on the situation. Unfortunately, this isn't it. It's a paper published by a Harvard student club and written by a gun industry lobbyist and a gun enthusiast. No balanced perspective that could lead to a real scientific paper here. The first refutation I found of the paper is certainly not peer reviewed and published in a scientific journal either, but makes a pretty good case that the statistics are cooked. It's here.

Please find a real scientific paper from a researcher without bias and then we can discuss it. This one doesn't quite meet the standard.

Comment Re:Wow (Score 1) 224

Actually, we would have had a much less expensive plan, but we couldn't get it by the conservatives. It's called single-payer, and I've used it in Canada. It has also been available to me in a dozen other countries that I've worked in, but fortunately I never needed it there. It works pretty well. So well indeed that most civilized countries have it.

I'm sorry that you didn't understand my presentation. Or that you understood it and can't accept it. I've thought about it for a very long time and I'm pretty sure of it.

Comment Re:Wow (Score 2) 224

I think you have to look at where the funding comes from for Republican and conservative causes. Don't just look at candidate funding, even election advertising has a lot of funding that isn't straight to the candidate.

Although there might be no shortage of self-employed Republicans, they don't really call the shots for the party. It's the very deep pockets who do.

Slashdot Top Deals

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow

Working...