my point is how can you call this an "autopilot"
In the same sense that a plane autopilot is an autopilot? Ie it keeps you on the course and speed you set it at but doesn't do much else. It's perhaps odd that people interpret "autopilot" as meaning "self driving", it's probably called autopilot precisely because it isn't self driving.
Tesla's Autopilot isn't auto-pilot either. It's collision avoidance, radar cruise control and lane-keep-assist.
That seems broadly analogous to what Autopilot in a airplane does (though I'm not sure airplanes actively avoid collsions, autopilot typically just manages air speed and heading).
What do you expect "Autopilot" to do?
The payment card industry needs to fix its crappy, insecure payment cards first before accusing businesses,
It's not entirely clear what you mean by "payment card industry". The "payment card industry" is everybody, including "businesses" and there's an awful lot of existing infrastructure all that has to keep working. It sounds like you are complaining about card schemes (Visa, MasterCard, Amex) but the Tokenisation stuff they've come up with via EMVco is pretty good, it's just there's an awful lot of infrastructure (including at "businesses") that needs to be updated to work with it. (Indeed EMV one time payment tokens appear to be one of the modes supported by ApplePay, so it's probable that people are doing such payments today, but probably only in cases where the cardholder's bank supports it, the merchant supports it in their app, and the merchant's payment gateway supports it, etc etc etc).
But saying the payment industry should do X "before" trying to improve security at businesses is ludicrous, security is about dealing with the real world and trying to make what is already there better, not doing nothing until some ideal solution becomes available.
I did not cheat the test. The test was a fraudulent, claiming to identify flaws in my network that were not present.
Well, you did "cheat" the test. A scan is just a scan, it isn't 'fraudulently' doing anything, it's just reporting a possible problem. It's up to you to justify any listening port with a business reason and demonstrate appropriate controls for the service.
Of course it's not immediately clear what sort of compliancy tests you are doing. If it's just Tier 3 then you probably not paying much for your ASV and they are geared (and priced) for scenarios where scans show very little is in scope and not much manual appraisal is done. If it's a higher tier then you should be dealing with people who take the time (and are being paid to) to understand your system and make an informed assessment.
PCI isn't perfect but isn't awful as a set of minimum standards and guidelines.
for why they need SHA-1 certs? Old POS terminals using public CA roots, and still without SHA-256 support. Welcome to the embedded world. And yes, I'm sure they have lots of other vulnerabilities.
What I don't understand (and maybe because I haven't looked too hard) is what "Old POS terminals" have to do with Mozilla. I can understand why Worldpay might need to support SHA1 for their own stuff, I don't quite get why that means a general browser should.
Indeed, perhaps it's nothing to do with the browser at all, and it just means that Symantec can issue these certs without being considered by Mozilla (the group) in breach of some agreed to policy, but that these certs still won't we accepted (if they were seen) by Mozilla (the browser).
If that is the case, then really this isn't a big deal at all. Mozilla's response just gives Worldpay a little more time to get their shit together within the current framework (the alternative, cutting them off, could be less secure, as it would probably mean Worldpay would end up rolling their own SHA1 CA and distributing that root authority to their POS terminals, perpetuating the problem indefinitely rather than giving them a short grace period to catch up)
because they don't integrate. Even politicians have to admit that multiculturalism failed.
This seems to suggest a misunderstanding of what multiculturalism is. The clue is in the name, it doesn't presuppose integration, at least in the sense you seem to be using it, (that would be a monoculture), rather the side by side existence of multiple cultures.
When the bosses talk about improving productivity, they are never talking about themselves.