"WHEREAS I possess a bright idea that I am choosing to disclose to you, The Advisor, with the mutual understanding that you are my friend and that you will not screw me."
Those who work on Ghost have always maintained that WordPress has become too focused on being a CMS instead of a blogging engine, so it would make sense that they would use it when they need a CMS.
Yes. In order for Target to have the information mentioned, you would have needed to have bought something online from them or you would need to have a REDcard† or have filled in a survey or mailed in a refund request or phoned customer service. Merely having bought something in a store, even using a credit or debit card, would not result in that information being captured.
Of course, Target will try to track you even if you don't provide them with contact information. E.g., if you use the same credit card across multiple visits, they won't have your contact information or even your full credit card number (which they aren't allowed to store). But they will be able to analyze what you bought over time, and that's valuable.
> [Target] won't have […] even your full credit card number (which they aren't allowed to store)
They won't have my credit card number? Wasn't how got to this very discussion because they have my credit card number?
> So far, Target says, it's determined that the breached data includes customer names, credit or debit card numbers, card expiration dates, and CVVs (cards' three-digit security codes).
They're only permitted to keep the full credit card number for as long a business need exists. For a hotel or a car rental agency, that might be days.
But for a retail transaction, it is a couple of seconds: submit the charge, mag stripes (and maybe PIN-block) and all. Then receive back the accept or decline. Just a simple HTTPS request. They are only allowed to keep part of the PAN beyond that time frame (the BIN and the last four if memory serves). No expiration date. And no CVV (the one that authenticates the mag stripe data, not the three or four digit code you enter for online transactions).
What the hackers must have done is to install malware on Target's POS terminals that was intercepting the full mag stripe data and making it available to the hackers. They must have gained free reign on Target's corporate network, allowing them to access the POS terminals remotely. The marketing database breach was just frosting on the cake.
The interval Target held the cards was probably longer than a few seconds. Depending on how they do settlement they may need to keep the PAN around longer until they settle the transactions. Some retailers do it real time (right after auth) but many do it in batches at the end of the day, overnight. That first message only authorizes a transaction. The money isn't drawn from the account until a settlement message comes through.
Target also does not have a loyalty card program. This means that the only way they can track individual purchases would be via a credit card. Target has very sophisticated marketing systems. They may have convinced their auditors that they need to keep the cards around longer because that is a legit business use. I would hope the cards are tokenized in those systems but you never know.
Also, the hack was most likely not on the POS system but on their payment switch (software for payments routing not to be confused with a network switch). There would be one central point where all their transactions are funneled to their various payment networks. This would be the place to intercept 40-110m transactions. At the individual store level it would be much more difficult to compromise that many systems across thousands of locations versus one central point and get the data out. Smaller retailers will connect their POS systems directly to the banks but large retailers usually have private dedicated circuits to their payment providers that flow through a payment switch. The POS systems connect to that central switch not the payment network.
For those predicting the imminent demise of Target, go back and look at a historical chart of how TJX's stock has performed since their breach in 2007 (mid teens to over $60/share now).
> Also, the hack was most likely not on the POS system but on their payment switch (software for payments routing not to be confused with a network switch). There would be one central point where all their transactions are funneled to their various payment networks.
Interesting. That strikes me as a rather dumb way to architect a system. Much better is a simple HTTPS request direct from the POS terminal to the payment processor. That way the bad guys have to hack the individual terminals. Of course, given a little automation, once they've figured out how to compromise one POS terminal, the rest are just a bunch of parallel loops away.
Ten or 12 years ago, I implemented POS interfaces to Fifth Third and Concord EFS. The POS in question was designed for use in individual retail stores, where there might be half a dozen registers.
Both Fifth Third's and Concord's interface took the form of a single HTTPS request to a designated URL. As I recall, Concord's was by far the simpler interface, requiring only the obvious data. Fifth Third's had a lot of legacy nonsense, requiring you to figure out what you really needed to provide. Both had a POS interface certification process, wherein you needed to hook up to a test system and correctly process a bunch of test transactions.
Fifth Third did have a batching function, but it did not require the establishment to store transactions client-side. Rather, the batch was accumulated on the payment processor's server. The POS system could request that a batch be closed (at the end of the business day, for instance). There was also a web login that the store manager could use to check on the status of the day's charges and some number of closed batches.
This is beautiful. I can't wait for the source to be available so I can use it as the frontend for everything I've imported into a WordPress-powered lifestream using Keyring Social Importers (http://wordpress.org/plugins/keyring-social-importers/).
The Publicize module of the Jetpack WordPress plugin allows that for a limited set of services: Facebook, Twitter, LinkedIn, Tumblr, Google+, and Path.
The features you just described are equally applicable to different kinds of metals/alloys. Arguably, other metals have even more practical applications. Why shouldn't those be more valuable than gold? In addition, the practical applications of gold you've just listed are, I expect, not what gold is normally used for. Economies, hopefully, aren't defined by whether their currency can make space equipment or electronics (especially since those are modern developments that predate the value in gold). So while what you've just said is true, it still doesn't fully answer the question.
> In addition, the practical applications of gold you've just listed are, I expect, not what gold is normally used for.
Exactly. Several countries have kept a reserve of gold for centuries, but probably not out of a fear that they will suddenly need a bunch of ductile metal.
The current price of gold is far greater than the values of all those things. If gold price was based on intrinsic value alone it would be worth considerably less than it is now.
I'm not arguing that the current monetary value of gold is appropriate; I'm simply answering the parent's question as to why gold was "chosen" to be valuable: it has many practical uses.
1. It's shiny: it can be used for jewelry and thus display wealth and power to fellow citizens.
2. It doesn't corrode, which means it keeps it value over time. You can store it in a a chest or a basement. (And like many metals, you can melt it into whichever shape you want, which makes it easy to seize from your enemies or taxpayers or whatever...)
All the scientific and practical uses you cite are recent (last century).
Before that, warriors didn't make swords with gold (other than decorative motifs), and craftsmen didn't build ships with it either.
"Investing" in metals today isn't limited to gold, you can invest into silver, platinum and other metals which aren't that different from gold with regards to interesting properties.
I submitted this link due to HN's proclivity for requiring the submission title to match the linked page's title, and this title was more self-explanatory than "Striking back against censorship."
That's specifically suggested in the guidelines: "If you want to add initial commentary on the link, write a blog post about it and submit that instead."
yes, but they also don't want blogspam, which they can easily classify you as if you don't add anything new to the story (i guess adding your opinion would help, not just quote the original page you're linking to)
"The Postal Service receives no tax dollars for operating expenses, and relies on the sale of postage, products and services to fund its operations." [1]
"a congressional mandate to prefund retirement health care benefits"
I'm not saying that's a bad idea in isolation. However if you're trying to make a political point that your enemy is a failure, merely force your enemy to do something sensible that no one else is forced to do, then when that destroys them, you can blame them for it, or something like that.
That was just round one. Here's round two of how to destroy the USPS, done in two simple quotes from the same story:
"In addition, it would give access to another $10 billion loan backed up by Postal Service property, which would have to be sold a decade later to pay off that loan."
"And individual Democrats and Republicans are united in their effort to prevent their own neighborhood post office or postal plant from closing."
Ta da! We require you to take out a loan, which you need because we forbid you from managing your own business, furthermore we also specifically forbid you to repay the loan. I'm sure nothing bad could happen in that situation LOL. I give 100% odds that this scheme will hit the fan as "proof of usps and bureaucrat mismanagement" when it is actually 100% the fault of congress meddling, of which at about 50% are trying to manufacture a political point to fit a predetermined agenda.
The problem with meaningless sloganeering is even if a slogan is generally correct, there will of course be outliers in opposition. This seems to be the case with the USPS. It would seem that blind faith based belief is so weak, the only way to enforce conformity is to intentionally sabotage a minor outlier.
The TLDR is they're being set up. (Edited to add, its the old game of take away authority needed to succeed, while leaving behind the responsibility of resulting failure. For a .gov, the USPS is actually pretty well managed, which is why its being targetted).
They're being set up the same way that Social Security has been set up to go bankrupt, Medicare has been set up to go bankrupt, Obamacare has been set up to crash and burn, the Community Reinvestment Act was set up to cause a housing bubble, government backed student loans were set up to cause hyper-inflation of education costs...
You see a pattern?
They're being set up because they are part of a system that has failure baked in from the beginning. Not failing is the odd surprise when it comes to government control of large complex business entities -- and even then the question of whether or not some apparent success is actually failure depends upon how closely you look at how much it cost to prevent catastrophic collapse (ie, the military).
I live in Brooklyn too. Not sure if it's a regional thing but lately all packages have been delivered via USPS. I don't currently have the problem that the OP has but that's only because I live in a larger apartment building to which USPS sends a truck with all the packages for the day.
But I can definitely relate. USPS offices are usually in very unfriendly places as far as public transportation goes. Having to travel, wait on line and then carry your package home would be a deal breaker for me as well.
I also live in Brooklyn (no doorman) and pay $9/mo for a USPS registered mailbox at a laundry store so that I never have to deal with the physical post office. I used to go there to pick up packages and it was a hellish experience. $9/mo saves all of that hassle and it is definitely worth it.
No, Amazon Lockers are nowhere near me (Williamsburg). I just don't see how it would be possible for them to scale as large as "neighborhood mailboxes" which are literally everywhere. There are at least 3 cheap mailbox / package drops on Bedford Ave on the walk home from the L train so I never have to go out of my way.
It seems like Amazon is developing quite the relationship with the USPS in New York City. Perhaps the recent increase you see in Amazon USPS deliveries is related to their recent announcement that they'll be delivering Prime orders on Sundays via the USPS in NYC and LA. [1]
It is a mix for me. It all depends on the item being shipped I think and whatever facility it is leaving from. I've had books delivered via the USPS this week to my mailbox and other times via UPS to my door. The item distribution seems random but I believe they have contracts with all kinds of carriers (even local ones that deliver via van in small areas of town I've had show up before).
In my case, I've received my prime packages from every carrier available USPS, UPS, FedEx, even local courier. I can't recall if I received anything via DHL.
I live in Western New York, but we are near FedEx and UPS hubs...which might account for the various delivery methods.
I live in a mountainous area and the Postal Service won't deliver to my house. (FedEx and UPS will). So FedEx Smart Post creates the same problem for me-- I have to go to town during Post Office hours to pick up the package (and usually wait in line). I would also pay for a UPS/FedEx only Prime. I sometimes force the issue for important or large deliveries by ordering it Next Day for $3.99 more, which ensures UPS/FedEx to my home.
That's interesting. I thought that the USPS monopoly on usage of your mailbox was premised on the fact that they don't "cherry pick" easily deliverable addresses, being required to deliver everywhere.
Can you explain more about why you don't have postal service?
I thought the same thing. I'd overlook it as it seems like Brooklyn does get USPS, but he seems to assume this is universal. I've gotten Amazon packages in Austin, San Francisco, Los Angeles, the Coachella Valley, Seattle, and rural eastern Washington, and almost none have shipped USPS.
Yeah, I also live in brooklyn, and very, very few of my prime packages are delivered by usps. I order a ton of shit for me and the companies I work for, I'm really surprised OP has this problem.
The last fifteen packages we've ordered were via the USPS. Either someone at Amazon thinks this is hilarious to mess with people, or their system for selecting carriers is oddly tuned.
I will get stuff through I think its called UPS Mail Solutions or Fedex smartpost. it is where UPS or Fedex delivers my package to the Post Office, and then the USPS carrier delivers it to my house.
"WHEREAS I possess a bright idea that I am choosing to disclose to you, The Advisor, with the mutual understanding that you are my friend and that you will not screw me."