Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Banks Report Credit Card Breach At Home Depot

hawaiian717 Re:Chip and PIN (132 comments)

A PIN is not required to use a debit card today. The vast majority of them support running the transaction either through the debit networks, where you use a PIN, or through the credit networks (Visa or MasterCard) where, today anyway, you sign. So the thieves can still steal the card number off a debit card and use it just like a credit card. The only difference is that your checking account is the money that gets tied up in limbo until it's sorted out, instead of the the bank's money (in the form possibly of your credit limit).

about two weeks ago

Aussie Airlines To Allow Uninterrupted Mobile Use During Flights

hawaiian717 Re:article summary is wrong (51 comments)

This is why I simply cannot understand United's new policy of buying aircraft with NO entertainment system at all, not even one where you can just plug a headphone in so you can hear the announcements.

United and other airlines are seeing the trend of more and more people bringing their own devices and using those, thus they can save several hundred pounds of weight by removing the inflight entertainment systems. US Airways did this a few years ago. Southwest never had a built-in system.

But your point about the built-in systems' ability to be automatically paused when the pilots and flight attendants make an announcement is an interesting one; something I hadn't thought about before.

about three weeks ago

Telegram Not Dead STOP Alive, Evolving In Japan STOP

hawaiian717 Re:Digital stamping (144 comments)

I don't know much about how PGP works, but with S/MIME, you attach the certificate containing the public key to the e-mail, as well as the encrypted ("signed") hash of your email.

The next question is how do you know the certificate is genuine? Well, that's why you pay VeriSign, DigiCert, or whatever your favorite Certificate Authority (the same people who create certificates for web servers) is, to sign your public key and issue you a certificate.

Your statement that PKI is hard is absolutely correct.

about a month ago

Python Bumps Off Java As Top Learning Language

hawaiian717 Re:"Top Learning Language" ...OR... (415 comments)

Easy enough to fix...

                1: fn1,
                2: fn2,
                3: deploy_attack_kittens
}.get(input, do_default_thing)()

about 2 months ago

AT&T Charges $750 For One Minute of International Data Roaming

hawaiian717 Re:This is why I straight talk on AT&T (321 comments)

Note that Net10 and StraightTalk are both actually part of the same company (TracFone).

about 3 months ago

Target Moves To Chip and Pin Cards To Boost Security

hawaiian717 Re:This isn't why they had a security breach (210 comments)

I assume you're thinking of the eInk display as a way to protect web based transactions?

Rather than coming up with another scheme, I feel like a better solution would be a way to do EMV payments over the web using a regular smart card reader. Smart card readers don't seem uncommon in business oriented laptops already, and Dell and HP have smart card reader keyboards that they could just make the standard keyboard they ship with desktop PCs. It's possible to read EMV cards using regular USB card readers; the folks on FlyerTalk do it to read the CVM list off their card (that's how people figure out if a card is C&S or C&P priority and whether it supports offline PIN).

about 5 months ago

Target Moves To Chip and Pin Cards To Boost Security

hawaiian717 Re:Chip and Signature, not Chip and PIN (210 comments)

True about most US cards being C&S, not C&P. Or being both, but with C&S as higher priority and not supporting offline PIN (which is where the real trouble comes). From what I'm hearing, Visa is the one that's really pushing C&S in the US; MasterCard is pushing C&P. And since the new EMV Target cards will be MasterCards, there's reason to hope that they'll be C&P.

For the record, Walmart has also apparently been advocating C&P. They're also ahead of Target in rolling out EMV support, about 25% of Walmart US stores are actively accepting EMV payments.

about 5 months ago

Target Moves To Chip and Pin Cards To Boost Security

hawaiian717 Re:This isn't why they had a security breach (210 comments)

And this is where the October 2015 liability shift comes in:

If fraud occurs on an EMV card and the merchant hadn't upgraded to EMV and was relying on swiping the magnetic strip to process the transaction, the merchant has liability.

If fraud occurs on a non-EMV card and the merchant had upgraded to EMV, then the bank issuing the card has liability.

The result is banks are incentivized to upgrade to EMV cards so they can try to shift fraud liability to the merchant who hasn't upgraded to EMV terminals, and the merchant is incentivized to upgrade to EMV terminals to avoid the liability shifting to them.

Presumably fraud liability for EMV cards processed at EMV terminals remains where it is today (banks), and possibly everyone wonders "how did that happen?"

Meanwhile, fraud moves to card not present (read: over the Internet/phone) transactions.

about 5 months ago

Wal-Mart Sues Visa For $5 Billion For Rigging Card Swipe Fees

hawaiian717 Re:Chip and PIN (455 comments)

Banks are offering EMV cards today in the US, and I've yet to hear of anyone being charged for them. American Express will upgrade people now without having to wait for the card to expire; just call customer service and ask for one and the new card will arrive via UPS Next Day Air.

about 6 months ago

Wal-Mart Sues Visa For $5 Billion For Rigging Card Swipe Fees

hawaiian717 Re:Security (455 comments)

Visa Debit is 2FA if you press the "debit" button on the point of sale terminal, since you need to have the card (something you have) and enter the PIN (something you know).

On the credit card side of things, EMV can make 2FA common and has in many places, with Chip and PIN cards. But many banks are going with Chip and Signature, which to me is worthless as a form of authentication. There are other parts to how EMV works that still makes it superior to mag stripe even with Signature.

about 6 months ago

Wal-Mart Sues Visa For $5 Billion For Rigging Card Swipe Fees

hawaiian717 Re:I am torn! (455 comments)

EMV cards are available in the US today. American Express offers EMV versions of virtually all their cards today, you just have to call customer service and ask for one and they'll send one out. Many major banks including Bank of America, Citibank, Chase, US Bank, City National, USAA and Barclaycard as well as some credit unions have started issuing EMV cards as well. CaptialOne is a notable exception as a major credit card issuer that does not yet issue EMV cards in the US (though I've heard they do in Canada).

The caveat is that most of these cards are Chip and Signature, while much of Europe is using Chip and PIN. It's all about how the card issuers and merchants set their priority though; retail outlets should accept Chip and Signature though there have been reports of merchants not wanting to (and some people have problems with mag stripe cards too). The biggest problem for travelers tends to be unattended kiosks, which are set for PIN only. Sometimes the cash advance PIN will work with a Signature-only card, this depends on whether the kiosk has an online network connection to authentication the PIN with the bank rather than with the card itself. Visa is pushing these setups to accept no authentication ("No CVM" in EVM lingo) as a fallback for Signature-only cards.

What will drive the move to EMV in the US is a liability shift for fraudulent transaction that is set to occur on October 1, 2015. Fraud liability for a magnetic stripe transaction on an EMV capable terminal (meaning the merchant has upgraded but the card issuer has not) will rest with the bank that issued the card. But fraud liability at a non-EMV capable terminal (meaning the merchant has not upgraded) rests with the merchant. This combination will incentivize merchants to upgrade to EMV (since liability will be shifted to them if they don't), while banks will want to get EMV cards in peoples' wallets so that fraud liability will be shifted away from them at merchants who don't upgrade.

about 6 months ago

Apple Drops Snow Leopard Security Updates, Doesn't Tell Anyone

hawaiian717 Re:Ultra long term support Linux distro (241 comments)

Red Hat Enterprise Linux if you want to pay, CentOS if you don't. Versions 5 and later (6 is current and 7 is in beta) are supported with updates and fixes for 10 years.

about 7 months ago

What Are the Weirdest Places You've Spotted Linux?

hawaiian717 Re:Walt Disney World (322 comments)

Interesting, because the attraction was reported, at least when it originally opened, to be running Windows XP.

about 7 months ago

Developer Loses Single-Letter Twitter Handle Through Extortion

hawaiian717 Re:OR... (448 comments)

I do find it odd that someone would actually break the law (at the very minimum, identity theft and extortion) in such a contrived chain of events... Just to gain control of something they won't even realistically get to use (can you imagine trying to use @N for the next few months through the massive volume of hate-tweets it will get?)

I don't, because it's happened before. I haven't reread the article to see if this states it, but I recall hearing that the reason the hacker did all this to Mat Honan was because he decided he wanted his @mat twitter handle.

about 8 months ago

FCC To Consider Cellphone Use On Planes

hawaiian717 Re:Ban Removed Due to New Revenue From Micro-Cells (183 comments)

The Gogo network may be cellular, but their network is designed to hit a target flying 500 miles per hour at 39,000 feet. Plus, the base station on the aircraft concentrates the traffic, which means there's one air-to-ground link per plane, rather than per handset as would be the case of someone using an unauthorized cell phone inflight today.

It's also not true that all the existing inflight data links are cellular. Southwest uses Row 44, which provides a satellite based solution. JetBlue is planning to launch, if it hasn't already, a satellite-based system with ViaSat.

There are other, older, slower options for inflight data access that are satellite based, but we're talking about dialup speeds here.

about 10 months ago

Re: Daylight Saving Time, I would most like

hawaiian717 Re:AZ (462 comments)

Correct, Hawaii does not observe DST. The state is so far south that the length of the day does not very as much during the year as it does in other parts of the US.

about 10 months ago

Square Debuts New Email Payment System

hawaiian717 Re:Sounds ready for abuse (240 comments)

Virtually everyone has secure communication to their email provider these days.

And virtually nobody has secure communication between email providers. So there's a good chance that at some point along the line, your email is being transmitted across the Internet in the clear. Secure IMAP/POP/SMTP is good for protecting your authentication credentials (password), but if you want to protect the contents of your email, you need an end-to-end solution like PGP or S/MIME.

about a year ago

A Year of Linux Desktop At Westcliff High School

hawaiian717 Re:Why not more than a clone of Windows and Office (283 comments)

Microsoft didn't come up with the idea of a WYSIWYG text editor. I don't know who was first, but I know Apple's MacWrite in 1984 only had one view of the document, and it was like what Word calls "Print Layout".

about a year ago

Ethernet Turns 40

hawaiian717 Re:Token ring ... (159 comments)

...and the computer it was in cost $10,000.00.

about a year ago



Apple announces iPhone SDK

hawaiian717 hawaiian717 writes  |  more than 6 years ago

hawaiian717 (559933) writes "Apple's Hot News page is carrying an announcement that the company will release an SDK for the iPhone and iPod touch in February 2008. The company notes that "it will take until February to release an SDK because we're trying to do two diametrically opposed things at once — provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc.""


hawaiian717 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>