Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:1H battery life (Score 2) 159

I agree - what a weird choice. The Apple watch really needs access to its paired iPhone to be of almost any use and the iPhone has good location awareness already. As a fitness device, the current Apple Watch kinda sucks because is heart rate monitor does not work well. Hopefully that's getting a fix.

Comment The system is overly complex (Score 1) 675

TLDR - the new system is far too complex and the requirements include support for cards not even used in the US.

In order to implement EMV aka chip & pin you need a device that is certified by EMVCO, and industry consortium. They issue LOAs (letters of authorization) for devices having passed the certification process. This administrative process is slow and expensive. Many device manufacturers have trouble getting their devices certified. Many of the devices you see in the marketplace may have chip reading hardware, but their firmware may not be up to date or certified. Certification is extremely complex due to the many variations of card and contactless support theoretically possible. There are two levels of certification needed. In short, the device manufacturers were not ready and the industry underfunded the certification authority. This is why proliferation of devices has been slow.

One you have a device whose firmware is certified the processing gateway and point of sale software has to be certified. This is an incredibly time consuming, expensive and arduous process. There is a shortcut in this area known as a semi integrated solution. A pos implementer uses an already certified payment "black box" application to integrate with their POS system. This has many advantages but a big disadvantage. The semi integrated software is a middleman and in most cases exacts a price for the processing service making implementations of this approach less competitive.

Ideally systems will use a direct integration. This requires certification for all card brands and all card types. You need and expensive device called a Collis test tool to emulate every conceivable card and contactless technology type. There are hundreds of test cases for each card brand for all the possible scenarios, include failure fallback.

The problem is, the majority of these test cases are for cards never seen in the real world.

Chase issued chip and signature cards several years ago and the rest of the card brands realized that if they issued chip and pin cards, older folks and those who don't want to get pin numbers would use their Chase cards so all the card issuers went with chip and signature. Chip cards are hard to counterfeit (you have to be able to make the chips and I don't have a semiconductor foundry in my basement), but eliminates an important aspect of two factor authentication - something you know. Frankly chip and pin is better, but chip and signature is much better than what we have and probably good enough.

It will be another year before the backlog of certifications gets worked through. There is a waiting line to get slotted for certification and much of the time, the developers in line don't have what it takes to actually code the solution when its finally their turn. You don't google for solutions to these kind of problems. You really need to know exactly what you are doing. A developer of this kind of software cannot get it wrong and the software has to be defect free. And its very complex. If you are not experienced and you do not have a very high IQ and you are not willing to work extremely hard you don't have what it takes to write this king of code. This process is truly a bitch. Because the job is so big, the processing companies have offshored the certification liasons. Working through issues with offshore help protected by a bureaucracy is a special circle of hell reserved for those of us developers who must have done something heinous to deserve this fate...

As for the slowness of the new technology, there are a few factors that come into play. In the good old swipe world, the card is swiped and while the consumer is putting their card away, the device is getting an authorization in parallel. In the chip world, the consumer leaves the card in while the transaction is being processed. When the process is complete, they are asked to remove the card. This has the advantage of preventing consumers from forgetting their cards in the machine but has a big perceived performance hit. There is a technology called quick chip that allows the consumer to dip an remove their card and the processing occurs while they are putting the card away. This has a perceived performance advantage and we will all see most devices adopting this workflow over the next couple of years so the speed is improving. I for one am happy to wait a few extra seconds knowing that my card number cannot be stolen. The hassles of being on the phone with my card company explaining that I didn't make those charges far outweighs the few extra seconds.

Transitions like this are never easy but its worth it. The card brands (VISA, MasterCard, Amex, Discover, etc.) recognize that the certification process is too difficult and is simplifying the certification process.

To say the transition has been a disaster is an interesting statement. Its been a disaster for a relatively small few. Consumers have been impacted very little. Implementers have taken a huge hit and there will be the usual shakeout in the industry with small players that cannot get the job done. The card brands and issuers win big with lower fraud costs. The merchants are left holding the bag with increased equipment cost and greater exposure to fraud and disputes.

Comment no (Score 1) 765

And no means no... A deal is a deal. If you agree to give notice than be true to your word. Make your word valuable.

Obviously, if you are being asked to do something illegal or immoral than don't do it. If some idiot construes that as quitting without notice, than they have no concept of honor and don't deserve a moment's more of your time. If anyone questions your motives you have the truth as a perfect shield.

Comment Re:Suicide by politician (Score 1) 1010

None of this is really amusing. As Americans, we are faced with a choice between Hillary Clinton and Donald Trump. I was referring to the Monica Lewinsky thing. That one stuck. President Clinton was impeached. I think it's important that we look at undistorted facts from the original sources.

It appears that implying Hillary Clinton and her colleagues of "Deliberate mishandling of classified information" would be factually incorrect.

According to the FBI:
"Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of classified information, there is evidence that they were extremely careless in their handling of very sensitive, highly classified information."

Full text here:
https://www.fbi.gov/news/press...

Comment Re:Suicide by politician (Score 2) 1010

Nope, it's actually mind boggling of what the Clinton's have been accused of. Most of it is dirty politics, some of it is seems suspicious based on news reports and the rest that seems to have stuck is embarrassingly amusing...

It was with great reluctance that I spoke up on a topic like this, but if we are going to accuse somebody of something let's get the facts. I think the FBI is better qualified to get the facts than I am. For all I know, this could be an elaborate disinformation campaign with a honeypot gone horribly wrong.

Frankly, how is any of this "News for nerds"? This would be a good place to discuss email server security and what they got wrong. I for one would have been scared shitless to manage a Microsoft Exchange server for the US Secretary of State. It would be interesting to see experts weigh in on if/how you could do that job correctly assuming it was legal. Better yet, how about a discussion on forensic analysis concerning the veracity of claims that foreign governments actually got something.

IMHO Slashdot is not a proper forum for us to vent our political gripes.

Comment Re:Suicide by politician (Score 4, Informative) 1010

I thought Petraeus intentionally gave access of clearly marked classified information to his reporter girlfriend. How is that the same thing? I looked at Nishimura's case and that was another blatant intentional misuse of clearly marked classified information.

No question, Hillary Clinton should not have operated a private email server as Secretary of Sate, but "people who've been caught doing exactly the same thing as she did" is factually incorrect.

Comment Unrealistic expectations on price/performance? (Score 1) 231

What is the use case for 20 hours? Who want the compromise that would entail?

Q>"have laughable battery times,"...lasts for a day or two in power
A>Have you looked at an iPad or Surface Pro?

Q>won't stand a month of regular everyday use and carrying around..."
A>I've had iPads and a Surface pro for years and they are fine.

Q>He asks why none of the manufacturers seem willing to offer more than one gigabyte of RAM -- and why they're so stingy with storage.
A>Have you looked at a Surface Pro?

Q>"Where is the rugged 16GB RAM / 1TB Storage / 20-hour battery tablet?"
A>What are you using this device for? Are you really willing to have heavy weight and/or poor performance to get 20 hours of battery life? I'm not - give me a faster lighter tool with 8 hours.

Slashdot Top Deals

Whatever is not nailed down is mine. Whatever I can pry up is not nailed down. -- Collis P. Huntingdon, railroad tycoon

Working...