88 posts • joined 5 Jan 2010
Article sounds like a rant
A rant from someone very close to the software industry.
I have no fear of seeing a reduction in HFT trades. In fact I think my pension fund may benefit.
Re: HP Server?
Or HP Almost NonStop
GCHQ isn't the problem
It doesn't matter if GCHQ can or cannot brute force the password. (maybe they have already and dont want to alert anyone to whatever is contained within it).
It matters only that the person charged has refused to disclose the password.
That is how the law is framed.
CVC2 is written on the card. That value is held on the magstripe and the chip but it wont be the same value as the CVC2 so it wouldn't be visible to the terminal.
Re: Er - too much information?
Chip and PIN allows for the PIN to be held at the issuer and not on the card, it can be one of the options in the CVM list. Not all terminals support offline PIN validation so in those cases the PIN would be sent online to the acquirer (encrypted).
UK EMV cards support validation of the card between the terminal.
My statement is missing some detail...
i noticed that my POS payment on monday at ASDA appears on my Natwest statement with absolutely no detail whatsoever (unless you call the last 4 digits of the card number..detail).
Every other payment from this retailer is clearly definied and includes who the retailer was and the type. But not this one.
Let the speculation begin !!
... because you can run a bank on a shoestring budget with all your development out of India.
The cloud business paradigm
1. Put stuff in the cloud
2. Burn through cash
4. Profit !!
[quote] This is about changing the way we do business – and changing people's behaviour by ensuring there is always an incentive to be in work[/quote]
I take it that he is referring to the various contractors/outsourcers and management involved in any IT contract with the government.
Porting Apps? Downtime.. Eh
[quote]RBS faces a Herculean job in bringing online a new mainframe operating in a core part of its day-to-day business. It must plan and execute the job without interrupting the existing service by taking the old mainframe offline during the transition.
RBS did not say when it plans to bring the new mainframe online.
But hardware is only one thing: RBS must also determine what do with the existing apps running on the system. Either it must port existing apps to the new system - which is likely - or write or buy new apps. If the former, RBS must design, write, test and then shift. If the latter, RBS must make sure the new apps work on the new mainframe and interoperate with other RBS’s other, connected systems.[/quote]
Spoken by someone that knows nothing about mainframes. Are you a consultant by any chance ?
RBS are just buying a bigger mainframe and then plugging it into their existing parallel sysplex system. Whoop de doo. All that will get them is the chance to use the newest version of the bits of mainframe software and things will run a bit faster.
No porting of apps, no downtime required. That is what makes the mainframe such a great environement to develop and run. Something that lesser mortals dont get.
Good job they are contributing so much of that lovely corporate tax that goes towards paying for said police force..
[quote]The first question a PwC (or any other 'management') consultant asked to carry out such a review will ask is: "What would you like the answer to be?" [/quote]
Hello Mr Fox, can you investigate why all my hens have disappeared.
Also telling that the senior (mis)management cant work out the causes of the problem themselves without squandering more cash on the problem. Do they actually have any IT experience or are they just managers who manage so far removed from the actual workplace that this kind of thing happens (and rinse and repeat).
Less Basil Fawlty
More organised scam. The parking operators used to employ people to collect money when people left the car park. In the name of decreasing costs they went over to automated systems and then the racket of towing and clamping anyone unlucky enough to be in one of their car parks without a ticket.
They could always go back to the man in a shed approach but I guess the revenue from charging people who dont pay or overstay, however % small that is, is worth more to them.
The "tickets" they send are just an offer to pay. So I choose not to.
Really good at this price, maybe B&N should have sold them at this price to get a bigger market share first of all.
Always playing catchup with Amazon/Kindle.
No mention of IMS
Moving from IMS to CICS was more open heart surgery with a brain transplant thrown in. CICS is the devils work.
Anyway, I know plenty of people that are mainframers in the age group of 35 - 50 but unfortunately their jobs can be done offshore much cheaper so no one is going to be hiring them anytime soon unless the whole offshoring industry collapses in a heap.
I would love a job back in a COBOL/DB2/IMS or CICS support role but i think the time I have spent away 4 years ish and my age of 40+ will mean that there really is no way back into IT unless there is another round of year 2000 type work.
I can write all sorts of complex SQL but I cant find a role that needs it solely. I must be looking in the wrong place.
[quote]I'm a self employed company director...[/quote]
or your full title... Powerfully built tax dodger.
Mike Errington's head on a plate?
Is Mike Errington still in charge of their IT?
If so he needs to be renamed Teflon, because the brown stuff certainly isn't sticking to him.
That is all that matters.
A better question
Dear HP shareholders. Your board paid way too much for Autonomy. Where does the buck stop?
Apple to buyout Adobe..
Just a thought, wouldn;t be the first time that a company has brought in someone before taking over. They have a lot of cash swirling around in their bank account. Adobe have lots of "creative" software. Plus Apple could effectively kill flash once and for all withouth any chance of it re-surfacing.
Nothing mind crippling about any programming language.
You use the tool that is best suited for the job.
The arguments set forth here are like a bunch of carpenters trying to argue the merits of a drill over a router.
If you cant get your head round cobol then maybe you just aren't cut out for a career in IT (I have written in Pascal, C, c++, java, cobol, zos assember).
Oops I did it again...
Another piss implementation.
I wonder who was involved this time
ok. The worst that could happen is that the trader will know your PIN number. He may also know your card pan number and its expiry date. But the reader wont know what is on the magstripe (which is good, cant be cloned and used in the US).
Without the physcial card the info the trader has is useless. The generated cryptograms rely on (amongst other things) the application transaction counter (which is held on the chip) which is unique to every transasction.
So I understand peoples reluctance to use something that looks odd, but because it's chip it is much more secure.
Re: A certain Pin/Chip reader manufacturer ...
Unfortunatly you are being very selective by choosing a card (not Visa/MasterCard/JCB/Discovery/Amex) with a well known defect.
So please please please, take a bank card from the UK and clone ALL of the chip data (software, keys etc).
When you have done you can then post about it.
Mr Einhorn is correct
He is spot on.
Apple are under the impression that they can utilise the 100+ billion they have in reserve better than the investor (who own the company) can. The board of the company work for the investors.
if Apple need cash to purchase something in the future they can quite easily borrow from either their investors or a bank.
Mr Einhorn is saying is that he and other investors can better utilise the captial that Apple have sitting in their bank account. They want Apple to return that captial to the shareholders in the form of new shares of dividends.
He is spot on. Any company that has captial that is just sitting there doing nothing year after year is doing a diservice to their investors.
[quote]What about the man-in-middle attack reported last year (arbitrary pin can be used for purchases at an EMV terminal with a stolen card) rendering security put in place by such a system rather moot? OK granted it does require physical access to the card.
That attack doesn't work on all card, only where issuers dont have the correct rules in place on their auth platform. It certainly doesn't work on ATM's (where the PIN is sent online) nor does it work in countries that only support online PIN. And if the issuer issuer checks the CVR correctly (Which is signed by the chip and verfified by the issuer) then you certainly cannot bypass the PIN.
Clone a chip
A bit pointless trying to "clone" a chip transaction because the information is dynamic and one time. Much more of a problem for magstripe cards or where the terminal is used for card no present transasctions.
Re: Talk about stating the obvious... @Def
Ok I will bit and call B@llsh!t. Every single one of the IT contractors I know set up as a contractor for the sole reason that they receive more income and pay less tax. Deducting travelling/accomodation costs associated with working somewhere and being able to employ your non-working wife was also a great wheeze unavailable to PAYE employees.
All well and good until the IR realised that more and more people were avoiding income tax by playing "pretend" contractor and were no different to a normal employee that changed jobs every 6/12/24 months.
90% of IT contractors are not really contractors. They are just PAYE employees that change jobs more frequently. Businesses like them because they pay less tax and are easier to hire/fire.
I think it would end badly for you. It's the balance of probabilities and how beleivable you are in court. Trying to be a smart arse in court will alienate you from the jury and a lair normally gets found out. "it must be corrupted officer" excuses if found to be untrue will be reflected in your sentence.
To think a highly skilled hacker/cracker whatever manages to infiltrate networks and launch DDOS attacks but then the file the police are trying to unlock is corrupted ! Any decent barrister will be able to show either malicous damage or wilful obstruction.
Anyway, I have several dead bodies locked in a safe in my home and there is absolutely NO WAY that I am going to incriminate myself by giving the police the combination. I have NOTHING to hide ;-)
Bailing out 6 with six months to go.
A) because they have found a much better contract
B) because they dont want to be anywhere near the project when it goes live.
Re: A 6-digit PIN gives 'emergency' cash to anyone who types it in
This is what I would worry about, the chances of guessing are 999,999 to 1 but if enough people use it then there is a fair chance that at some stage someone will guess one correctly.
Why not enter you account number or some other reference no instead (maybe your DOB even).
Re: Chip+PIN / ATMs
Hello America and your backward magstripe technology :o)
You are wrong though. EMV is used in ATM transactions, the difference is the PIN is authenticated at the issuer/processor. The US uses magstripe but only becuase they have such a fragmented market and no one to drive the changes other than the schemes (which will eventually happen between 2013-2015).
If I had the option I would do away with the magstripe on my EMV card but there are still some terminals that use it (before reverting to the chip).
Might not work with the majority of EMV cards.
I look at the article and I beleive the attack is only possible with older static data (SDA) type cards.
The problem with Cambridge is that some of their research is based on old tech standards, but there are are still some SDA cards in circulation (because they are cheap). I have not had a chance to check yet but to correctly guess the cryptogram on a DDA (dynamic data authentication) card is impossible as the chip generates its own random number so seeing two transasctions with the same ICC random number would highlight a cloned card.
There are also other technologies such as the ATC count so again cloning is made difficult if the card hasn't been stolen.
As with all tech, someone will eventually break it but as long as it isn't cheap/quick then its still worth employing.
Paywave and Passpass incorporate even more complex cryptogram generation CDA which makes the duplication even more very difficult.
But dont let the above get in the way of a good story and worry mongering :o)
[quote]Conservatives traditionally only support state intervention in cases of market failure[/quote]
I nearly fell off my seat laughing at that statement. They are quite happy to support their friends/relatives/business associates and their associated businesses. Especially if the relationship involves sponsorship of the party !
My document is out next week.
Next week I am also releasing a 60 page document. It will explain that banks have failed to invest in the one key asset that will in future prevent the global banking system from collapsing.
They are called employees, but most senior managers probably refer to them as excessive operational expenses.
All my data is safe in the cloud...
I suppose people should be gratful it didn't just wait to run out of money and some honking great repo man pulled the plug overnight and sold the servers on ebay.
Clouds. Love em.
[quote]We'll be simplifying the batches and tightening procedures a bit.[/quote]
I cant see that ending well.
See my previous posts. No change, no blame and more red tape ;-)
Re: what about the money
[quote]I'd say primarily a bank's business is making my money grow, and not losing any of it.[/quote]
The primary role of any business is to generate a profit. Risk, IT and so on all flow from that primary goal.
If you are shareholder, then I agree. Growing the share price and dividend are the primary objective of a publicly listed company. Growing turnover/market share count for nothing and are just vanity unless they can be turned into solid income (and profit).
As a customer the primary goal of any bank is to minimise the amount they spend on you, whilst making you generate income. They will be doing everything they possibly can to ensure your money grows as slowly as possible, because the margin between what they pay you as a saver and what they lend out is where their income is generated (actually probably a lot less reliant on you as a saver as they have the money market to borrow from so even less incentive to pay you anywhere near a competitive rate of interest).
On a side note, co-op premier account charge of £13 a month is pretty good I think for mobile phone insurance, worldwide family travel insurance, European RAC breakdown cover, £300 interest free overdraft.
Mr Chan, has in my opinion, hit the proverbial nail on the head.
The middle layer of management never seems to get mentioned, it isn't Mr Hester that is choosing to take risks by de-skilling the workforce but it will be his targets that are causing the problem. Required reduction in IT costs = Management finding an easy fix = ship the development off to a cheaper country whilst retaining their own jobs/salary/bonus.
It is the middle management layer that has failed. They chose not to listen, they ploughed ahead with changes and it has cost the company dearly. Given the culture at RBS, no one questions their boss above project manager level. If you did then the end of year rating system was used as a big stick.
I have said it before but the outcome of any review will be "more control". It wont point the finger of blame at any management strategy, it will be just an extra layer of change control that slows the development process down even further.
Re: Absence of evidence not equal to evidence of absence
But they do have a way.
If this was a problem then merchants and acquirers would be seeing a significant number of chargebacks where no authorisation had taken place.
(I am guessing that this "attack" makes the terminal believe that a transaction has authorised the transacton offline). There are also floor limits in place so that even if a chip card authorises a transaction offline the merchant must send it online for authorisation (or else take the hit for the chargeback).
Also sounds like its aimed at a very specific terminal or acquirer (with specific software).
The issuer (and cardholder) of the card is covered in this instance because the merchant/acquirer wont have obtained authorisation and the chip card itself wont have issued a genuine transaction certificate.
Seems a like of "might and maybe" in the article.
Why no specific details on how this type of attack would work ? There are lots of different terminal implementations and lots of different versions of software.
So until they can demonstrate going into a retail shop and buying something then i am afraid that it all sounds a bit like scare mongering and the desire to make a name for yourself (or your consulting company wink wink).
I have made plenty of cockups in my career, luckily none of them happened in an operating environement. Doing stupid stuff like DELETE * FROM CUSTOMER_DB ; WHERE CUSTOMER_ID = 5 ; (see the misplaced semi-quote, you just deleted the whole database) are much less likely to happen when you have two people, one to check the work and one to signoff. Errors get picked up BEFORE they impact the live environement, that is why you have senior developers and change management. They are there to gate keep the idiots under them.
Problems can occur for any number of reasons, but not checking what people do (ie slashing resources ) and given them root access to your o/s or god privilages on your database seems like the perfect way to end up in sticky position. Often the root cause isn't disaffection, malicious behaviour, its just fat fingers and the right (or wrong) user privilages.
I have only ever once come across one deliberate attempt at sabotage when a developer tried to add a timebomb into some code. No idea why he did it (I think his contract was coming to an end and no renewal possibly) because it was picked up when someone QA'd his code. I have also heard of code being altered to adding malicious code to extract card numbers, again picked up in QA. If you dont have checks and controls you will eventually come unstuck.
If you get to the stage where you have to call someone to interview you have already failed as a manager and deserve to be put out to pasture to find your next "opportunity".
The only conclusion that I can draw from not choosing to go to India with a camera is that Capita are rampant racists (not a version of linux in case you were wondering).
They just want nice middle class whites to be in the company brochure.. People of the Indian Help Desk you need to rise up and stamp out this sort of behaviour.
how long can hester hold on
Bob Diamond has made the news again so this story wont be appearing in any headlines, but given that RBS will be fined in the few weeks/monhts I wonder how long the CEO of RBS can hold on.
I imagine there is a change freeze from now until the new year with only regulatory changes being the exception.
Isn't it easier just to pass the blame around
Batch services can blame the implementation crew
The Implementation crew can blame the developers
The developers can blame batch services
.. and repeat.
With so much blame being passed around senior managers wont actually know who to blame.
Actually, I know the best thing to do is to keep your mouth shut. And then counter by claiming victimisation, bullying, stress, overwork, you can always throw in some blackmail as well.
Another point (and I think a very good one) whoever was responsible will know that if they do get the push they will be in line for a nice 6 figure sum from one of the weekly rags. Max Clifford is very likely to be your best friend. Just make sure you come out looking the victim. (Nick Leeson didn't do too bad).
Re: Is it legal?
And RBS set it all up nicely.
First they had an arbitary downgrade of all grades at the end of the year. They also had the bell curve, what this did was to put a lot of staff that came in and did their day to day work but didn't want to get involved in office politics or career advancement or working stupid hours into the "failing" category. It also put people that would normally have got a bonus into the "no bonus" category. We were also told that anyone getting two consecutive two's would be "managed out". (good bye payoff). No one understood the rating system either as they were given behind closed doors.
A lot of staff in their fifties were entitled to full pensions with no penalty for leaving early (ie get the pension at 50 odd that you would have got at 65). We also got a payoff of something like 3.5 x number of years service = number of weeks pay. If you were retiring you could put that lump sum into your pension and then claim 25% of your pension pot tax free. So a bloody good deal.
So generally anyone with long service who was over 50 jumped at the chance, the first wave was fully subscribed.
Anyone with with long service and a decent work history also went, it's just a case of incentivising people of else making it so miserable to work there people volunteer to leave.
It looks good for RBS because very few people have to be made compulsory redundant and they can spin the line that everyone "wanted" to go where as if they gave everyone their notice then there would be headlines in the national paper.
Glad I got out in the first wave ;-)
Re: RBS Management
Because come hell or highwater the head of IT was going to reduce the staff costs. And he based that decision on the fact that UK workers cost x and India workers cost y. And because Y is about 1/4 the cost of X that made perfect sense. They both do the same job after all. Anyone can be taught to programme, anyone can be taught to run a batch schedule. and so on.
By reducing staff costs he would have been seen to have made a massive dent in expenditure and would no doubt have given him a nice leg up in his accent to the boardroom and his bonus is very likely to be linked to cost reduction and increased output. Manday cost were about £400 for a UK and about 1/4 of that for non-uk workers. Imagine reducing your costs by 75% and with ZERO impact on your business. What could possibly go wrong.*cough*
I am sure that execs rationalise the negative internal comments by linking them to the UK staff fear for their jobs. So anyone that suggests the outsourcing is a bad idea either gets sidelined or kicked out early.
Too much ?
Price point - anyone think it is too high ? At nearer to £100 it is worth it, once it starts moving up to the £200 level it is no longer such a good deal.
I have a 7 inch android tablet that is pretty good for reading/emailing, had hdmi out, plays games etc, ok the battery isnt great but it only cost me £80 and has a micro sd card slot thrown in.
Why include NFC then exclude a microsd slot ? No one is going to pay for stuff using NFC on this device because it isn't a wallet sized phone/card. and you can pick up a microSD card with NFC built in.
Looks a nice display and I am sure it will be quick, just doesn't tempt me at the price.
RBS to sue CA
According to the FT RBS is considering taking legal action against CA. Unless CA were actually managing the change I dont see how this would work.
Being a cynic I would say that the RBS PR machine is again at work trying to throw some mud around in the hope that some of it sticks.
Of course if they do it really will be a "drains up" moment for RBS if they press, so not a bad thing. I suspect it is PR bluster.
Re: Sounds like they need...
Or Sanjeet couldn't find the UNDO button...
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
- +Comment 'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
- Apple tried to get a ban on Galaxy, judge said: NO, NO, NO
- Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws