Archive for May, 2007

Notes on Windows 2000 Server Edition…

Windows should not be used for servers. End of discussion.
OSes which have a Registry should not be used for servers.
OSes which can only be configured through a GUI should not be used for servers.

Three guesses why I didn’t get jack done today, why the entire office has no website or email, and what I’ll likely be doing tomorrow.

Leadership in educashun


Maybe their leadership was working too hard to go to school…

MA’s haunted house law

Digging for an alleged MA/Medford statute that forbids renting out rooms in a single-family dwelling, and (unrelatedly) more than three unrelated people from living together, I came across this one. Apparently if a house is believed to be haunted, you don’t have to tell potential tenants/buyers that unless they ask.

/me breaks out his infrared lens and mass spectre-ometer

Cars with Stupid Smarts

Note to self: Never buy a modern car unless you can disable all the “smarts” in a sneaky enough way as to not void the warranty. I’m sure the engineers who build in said “smarts” have the best of intentions, but it doesn’t do much good for confidence when a large, dangerous piece of machinery under your control is continually second-guessing you. My rental in MD had several of these traits, which did a great job of making me glad my own car (’96 vintage) is smart enough to play dumb.

Here are some specific stupid smarts I never want to see in a vehicle:

  • Window-Knows-Best
  • Ok, you’re the driver, master of this metal beast, doing 85 down 95 and you want to open your window a crack – just a crack – to get some air, without turning your drive into an impromptu wind tunnel test. So you ever so briefly tap the window-down button and ZZZZZT! It gets a mind of its own, zips all the way to the bottom and blows all your important papers out the window. Not an electrical fault; they’re actually designing ’em that way now. Seriously, wtf?

  • Car alarm with an attachment disorder
  • The purpose of a car alarm is to keep thieves–as in real ones–out of your vehicle. The alarm should not go off when you validly unlock the vehicle first, using its own key, then open the door. If keys are no longer considered a strong enough form of authentication, they shouldn’t unlock the door in the first place, let alone start the vehicle. The rental did exactly this, including right at the entrance to a secure facility, which I was sure would bring beefy coppers running. I figured out eventually that if I only ever locked or unlocked it with the keyless entry fob, it wouldn’t alarm when opened. (Since in my 8+ years of driving, I’ve only ever owned cars that you unlock with a key, that’s kind of the habit I’m in.)

    Now, I’m sure there’s some “system” to these newer, nondeterministic styles of car alarms, but I certainly don’t have the time or give-a-shit to psychoanalyze each manufacturer’s alarm engineer and work out just what the hell he was thinking. I think some have operation that’s dependent on which method you used to lock the door most recently (power lock button, manual lock button, key, or keyfob lock button), forcing you to remember which you used each time and use the exact same procedure to unlock when you return. Some, like my old man’s ‘Vette, punish you for using the keyfob button to lock (alarm sets if the fob is used, not if the switch is used), and some the exact other way around. I think some just alarm randomly because they like the attention.

    (For this particular car, opening the door – alarm or not – also caused the hazard blinkers to sometimes, but not always, turn on and blink until the key was inserted. I still have no idea what the triggering factor(s) for that were.)

  • Auto-locking doors
  • Which brings me to another one in the same vein, doors that lock themselves, whether anyone is inside or not. Even if the car knows the keys are not on the driver but in fact in the ignition with the engine running. My uncle had this happen on one memorable occasion with a Buick Skylark. We were meeting up for a nice family-reunion dinner at this lodge, so he pulls up right in front and gets out to help my grandma inside, leaving the engine idling because he’ll only be a minute. The moment all doors were shut, however, the car locked itself. There he is with a running car stranded in the fire lane. At that moment the vehicle was destined for a date with wirecutters to fix this design flaw, but not without a date with the locksmith first.

    (As an aside, compounding this idiotic misfeature is the trend toward manual lock buttons that slide all the way down into the door when locked–probably to make it harder to jigger open with a coathanger–but also making it difficult or impossible to exit the vehicle if the electrical system fails, the way it might during a fiery head-on or a close encounter with a body of water.)

    For my rental this week (and hopefully industry-wide), the schmarts folks have relented, at least somewhat: the doors only auto-locked once the vehicle exceeded about 15mph (albeit with the disappearing lock levers mentioned above). Perhaps some previous-gen autolock trapped keys and a baby in a car during a heatwave, resulting in a death while waiting for the locksmith and a subsequent lawsuit, ultimately sparing future motorists from this particular flavor of idiocy.

  • Semiautomatic shifters
  • This could take a bit of explaining. There once were two types of transmission: automatic and manual (stick). Now, for the BMW owners who will mostly use it for transporting groceries and kids to soccer practice, but still fancy themselves performance drivers (waiting to drop the hammer on that 17 year old in his mom’s minivan, boy did he have it coming), there are a few different variants of auto-manual hybrid. Some are a mostly-auto that can be “bumped” up and down for those times when one really needs to show the Audi next lane over who’s boss; at the other end of the spectrum are those that, most of the time, look and feel like a real stick shift. But if it doesn’t like the way you’re shifting, it will go ahead and do it for you. Many 6-speed manuals have some built-in nannyware to select the next gear for you, physically locking out the one you actually wanted. (Depending on speed, throttle position, engine temp and probably the phase of the moon, these will “skip-shift”, locking out 2nd and 3rd gear so you have to shift from 1st directly to 4th. Do a quick poke for skip-shift and the entire result set will consist of products, services and instructions on how to GET RID OF THIS STUPID FEATURE. That should tell you something.)

    (Note: Bureaucrats own most of the blame for this one, not auto manufacturers directly: per the Energy Tax Act of 1978, “performance” vehicles (lower city gas mileage than the average grocery-getter for equivalent weight) are often saddled with a Gas Guzzler tax, but adding a skip-shift feature lets them off the hook. Note this only applies to sportscars; light trucks (read: SUVs) are specifically excluded and can guzzle all they like penalty-free.)

  • “Smart” (timered) dome/headlights/radio
  • The #1 cause of a dead car battery is leaving the headlights or dome light on overnight. This is one of those mistakes most motorists make exactly once.

    The first place I saw timered “courtesy” lighting was my folks’ 93 Nissan minivan. Upon exiting the vehicle, rather than turn off once all the doors shut, the interior lights stay full-on for a preprogrammed 15 seconds, then perform a slow and dramatic fade-out as if for Act 1 at the Dashboard Orpheum. Or not, depending on the positions of two independent 3-way switches for the front and rear dome lights.

    By now (see previous examples), you’ve learned to distrust all these “smart” behaviors as cases of defective by design, behaving as they do, sometimes in one way, sometimes in another, with seemingly no rhyme or reason. So when you turn off the headlights but they don’t shut off, or you take the keys out but the radio stays on (shutting off only the moment all doors are closed again, like an acoustic analogue of the refrigerator light), or you close and lock it only to notice that the interior lights are still on, this does not exactly instill confidence (rather, visions of jumper cables might start dancing in your head). So the driver accustomed to stupid smarts feels obligated to watch and wait to make sure that all the lights and gizmos actually do turn off after the manufacturer’s various courtesy timers for each gizmo expire.

But for shit drivers… the SMART feature I want:
You know how for obnoxious jerks, AIM has a warn button? Cars should have a paintball button.

And I thought couples in my tent sounded icky…

Had JK from work follow me home yesterday to borrow my tent for this weekend. So we’re on the couch shooting the shit for a minute, when all of the sudden…yyyyeah, holy loud moaning housemate sex one room over Batman. I didn’t know my housemate’s girl was a moaner :-P I guess that’s (per Murphy’s Law 101*) one of those things you only find out when you have guests over.

* sign it will be One of Those Mornings: “did you know coffee creamer and orange juice come in EXACTLY the same kind of waxed cardboard jug?” -me, at yesterday’s staff meeting

Bulk update & APG testing rant

It’s been one of those weeks… seasons. There has been simultaneously so much, and so little, to report. Work is kind of the same old; it seems as though I’ve been spending record numbers of hours there, and yet, getting not a damned thing done. As for personal life, not much to report there either, be it achievements, new relationships or personal advancement. So what HAVE I been up to in the last undocumented couple weeks?

Meat making, and close encounters of the Midwest Grill kind
Pictionary and a crash refresher course in biology (and then some!)

Last Saturday, we made incredibly tasty tamales at JR’s; everyone pretty much fell into food coma thereafter. JR’s gerbil Gaby was also laid to rest in my backyard that morning :-(. Sunday I pretty much slacked around on my ass at home all day, eating leftover tamales and getting not much done.

Tuesday I had to be up at the buttcrack of dawn (4am) to head out to Maryland and do some testing, specifically, to shoot at some experimental armor prototypes (one prototype each of 3 different configurations) and see what happens. This was not as much fun as it sounds. Expecting a very quick wham-bam-thankyou-ma’am test, my bossman books me a flight arriving at 8-something am and leaving at 4-something pm. Given a 1-hr drive each way between the airport (Baltimore) and Aberdeen, and arriving 1-2h ahead of departure to actually catch it, this leaves not much time for testing. Still, after 3 “whams” all of our prototypes should be destroyed, so it shouldn’t take long, right? Anyway, the flight out of Boston is delayed by an hour. So I get my rental car (there must have been something big going on in Baltimore that day; the 4th rental agency I called had a nonzero number of cars left, and the smallest was a beefy minivan*) and floorpedal it to the APG security gate with all the information I have (an email with the name and number of the guy who will be my escort around the secure areas, whom I’ve never met or talked to). They’ve never heard of him. Officially you’re supposed to know the building number you’re going to before they let you through, but security guy #1 takes pity, gives me a visitor pass anyway and directs me (poorly) to another gate where they might know who this person is. Some driving in circles and asking directions and I get to the right gate. However, when SecGuy1 said go to the gate, he did not literally mean go to the gate. As I find out from gruff SecGuy#2 at said gate, visitors are not to even approach an inner gate without an escort. He meant a small white building 100 yards away with a front desk. Eventually they find out which building my contact works in and direct me there, where I surrender my cameraphone, then, after describing all the equipment I have with me, am asked to go back to the van for the Big Bag o’ Camera (item #2 on bossman’s Things To Bring list) and surrender it too. Another 20 minutes and repeated calling around, the front desk there manages to track him down and tell him he has a visitor (who it seems he wasn’t really told when or whether to expect). So I finally meet TJ, who turns out to be a young mechanical engineer and a really cool guy, and he takes me Behind the Fence to another building where the tests will be done.

“Shooting at stuff” is kind of a simplification; there was no shooting in the traditional (by-hand) sense. (Damn, and I thought that’s why they sent me of all people. Maybe that and being a US citizen with no family/etc. obligations who could go on short notice.) All the projectiles were electronically fired (keyswitch, warning siren and safety interlocks), behind a blast door, in a thick concrete chamber, sapping most of the fun out of it. We got to watch the impact from a CCTV monitor in the next room.

Probably for cost reasons, there was exactly one prototype of each configuration, meaning I only had one shot at each test (no pun intended) to get it right and collect the data. Before leaving, I was told to expect results on the order of kilo[unit]s and kilo[unit]s out of them, and brought along fancy equipment to downscale and measure results of that scale (not to mention, prevent damage to the instruments). So I connect everything up, give the first armor plate a few love taps to verify I’ve got a signal, then we’re ready to drop & pop the first test. Needless to say, I’m sweating bullets that the whole setup is correctly instrumented and the recorder is scaled (both event time resolution and amplitude) such that we’ll get meaningful data from the prototype, which will respond in a way not fully known. The round is fired and I see *something* (later found to be just the witness plate–a thin aluminum plate behind the test stand to determine if any significant fragments got past the armor) go flying. Run to the instruments and…NADA. No traces. The recorder didn’t even trigger. We just blew the first unit with NO DATA and not the foggiest idea of why. A very nervous call to my bossman saying we got no data from the first test.

It’s not until 10 minutes later anyone is allowed back into the firing chamber (some safety paranoia about venting all the gunpowder fumes first), but we find the article is still (mostly) intact, so I’m like, “um…how do you guys feel about shooting it again?” This time, (after much time re-checking all connections and independently verifying operation of each piece of equipment) the recording triggers (sensitivity now set to 500[unit] instead of 10k[unit]) and there’s a tiny little spike on the screen. It can’t really be considered a valid result (since the test article was already damaged from the first shot), but at least gave me some insight as to the true scale of the data I was measuring. It turned out to be not 10+k[unit], but about +/-2[unit]. No wonder the first recording didn’t trigger. By now it’s too late to do any more testing–these guys have to knock off at Sixteen Hundred (4pm), and I just barely get back to the front desk in time to reclaim my phone and camera bag before the receptionist goes home.

OK, so much for that flight. Now I get some directions to a stand of hotels a ways off-base (TJ was very helpful, even got computer access and Mapquested them for me) and call up the airline and book a 1-way back for the next night ($400+), and don’t bother calling the rental car place to say I won’t be back today (I’m told they’re used to it). Got a good amount of reading in, and got to sleep in a bit the next morning because everyone had a long meeting and couldn’t get back to business ’til after noon.

The next two tests go much faster and without incident. We end up firing 2 rounds into each prototype, while I scribble all the non-trace data into a notebook to recombine later. By the time all the testing is done and equipment packed up, it’s right around 4:00 again, just enough time to bolt for the airport (with a 20-min detour looking for gas at the I-95 “travel plaza” that has 15 different kinds of fast food, but only carries diesel fuel), drop the car and race for Delta’s ticketing desk, where I stand endlessly as it takes another 15 minutes and a total of three desk personnel plus a supervisor to print my ticket (“…I don’t know, sometimes it just does this, this comes up and it won’t go through…” “…now do s, star, star, special, 7…”)… of course, it’s an SSSS ticket**. To identify fliers who are to be subjected to intense hassling in the TSA screening line, airlines will mark the ticket with S’s at the bottom. SSSS involves a guy with a rubber glove, who invariably seems to enjoy his job far more than he should. Seeing that I was traveling with only 1x wallet, 2x shoes and 1x set of car keys sans metal flashlight, the personalized screening didn’t take too long (they didn’t even pull out all my credit cards looking for razor blades in between, like on the Michigan never-fly-NWA-again return flight). One-way, purchased the night before and showing up to the counter flushed and sweating may have had something to do with it. He swabbed my shoes too, but I guess any gunpowder residue wasn’t enough to trigger any alarm bells. Despite the pat-down, it would have been easy enough to tape a sharpened shard of glass to the front of my leg undetected (they only felt up the sides), then board and use it to carve rude air-travel limericks into my tray table***, or whatever it is that people who smuggle shivs onto planes do with them.

It’s Someone Else’s Project, so all the extra expenses (2 days’ engineer time, 3 plane tickets, hotel, extra day car rental and extra day parking for my car at Logan) don’t come back to bite me personally, but I’m sure nobody is thrilled to have me booking it all against their project only to show up almost empty-handed (negative results).

* note to self: Never buy a modern car unless you can disable all the “smarts” in a sneaky enough way as to not void the warranty. I’m sure the engineers who build in said “smarts” have the best of intentions, but it doesn’t do much good for confidence when a large, dangerous piece of machinery under your control is continually second-guessing you. This actually warrants a rant all its own… my main beef with this one was a dodgy alarm that would go off whenever it felt like (even though the car was legitimately unlocked before opening).

** Stand, Spread ’em & Sweat Substantially?

*** A young stewardess from Southwest
Was impressively ample of breast
If the engines should freeze,
and drop us in the seas,
I call dibs on her as a life vest

Trigger finger exercise

Got out of the house half an hour “early” today to mail some Drmn’ toys (turned out to not actually get to work any earlier, due to sucky traffic and the fistfight that almost broke out in the endless post office line today*).

A couple guys and I nipped out for an early lunch to look at this 3-family house for sale today. Yeah, yeah… One of those things I told myself on coming out here was that I would never share a wall with anyone. I mean, the whole point of owning a house is–in exchange for all that maintenance and lawn mowing crap–not having to hear someone else’s screaming toddlers and domestic disputes the next room over, and not fielding complaints for humping your laundry up the stairs after midnight or firing up Big Speakers when the muse strikes you. (Maybe this is a spoiled midwesterner wide-open-spaces thing.) But with 3 guys going in on a 3-family, I might actually be able to afford a bachelor pad** (without dipping into the ol’ 401k…).

This place turned out to be a rather unimpressive shithole place, in Stab ‘n Kill at that. After careful consultation with JK (with the windows down all the way to get the smell of the sheperd’s pie the last remaining residents were cooking on the first floor, the smoke of which had sucked right on up to the 2nd and 3rd floors through the unsealed holes in the ceilings/floors where the radiator pipes came up, out of our hair), neither of us could find any redeeming qualities for the place, even for a cheap “flipper-upper” we’d renovate and move back out of in a year.

* this middle-aged guy with a cane is at the counter telling his life story, followed by “I don’t wanna hold up the line or anything, but…” followed by a portion of a long and winding ramble about the recent (as of yesterday or so) postage rate increase to 41 cents, and how many 39 cent stamps he still has, and on and on. General form was like one of my usual blog rants, but in realtime to a hapless postal clerk while a huge line is stacking up behind.
“Well, you are kind of holding up the line.” – somebody (not me) in the back of the line
“Wow, SOMEbody woke up on the wrong side of the bed this morning!” – Cane guy
(various escalations back and forth, bystanders chipping in their own 2 cents’ stamps, Cane Guy playing the discrimination-against-disabled-guy card, and all hell breaks loose.)

** here’s what comes up if you google “bachelor pad”. (Ok, I’ll work on that compulsive Googling problem.) About half the document is saying that your interior decorating should basically consist of scattering little lies throughout the house to make women more likely to sleep with you. (“Why yes, I do always just happen to have a copy of War and Peace casually sitting out at a naturalesque 30 degree angle on my coffee table. What of it?”)

A peek inside the Trancevibe “factory”

…mostly in photo album form. Click on the thumbnails for a larger image with description…

Trance Vibe Assembly pics

Not pictured: us Fluxing-off our actual panels, or screwing the depaneled boards into the finished product, or QA testing (with a pluggable test jig and motor…get yer minds out of the gutter). It turns out these vibe motors vary in strength somewhat from one to the next… any that scores particularly weak on the vibe-o-meter gets binned (only a couple so far). Luckily, a 2-bullet unit is only a couple bucks more than a single-bullet unit when procuring the raw materials, so there are some extras to substitute as necessary.

(And no, I had no idea that (electrically and mechanically identical) vibrators came packaged as separate gay and straight versions.)

(And I definitely had no idea that stripping USB cables took so stinkin’ long :-P )

Protected: Darwin “Award” – dumb kid flips his bike, jury awards $41 mil

This content is password protected. To view it please enter your password below:

“You’ll always need something to fix.”

So I’ve been watching too much Lost lately. A lead character’s wife says this, as she leaves him for good.

Beering with some friends last weekend, relationship and old-flame topics came up, and I kind of (re-)realized that I have yet to have a normal relationship with a normal girl, and be truly happy in it. (Granted the sample size is not as large as I would like it to be.) It would kind of end up in sort of a rut, her expecting to be entertained and swept off her feet, and me not having the slightest idea of what to say or do next, feeling always on the spot. In cases with someone more…complex, dealing with these complexities seemed to keep us busy enough that she wouldn’t get to the point (in the Maslow-hierarchy-of-needs sort of way) of noticing this cluelessness. I could be totally wrong about this, just the impression I got. The thought that this trend has something to do with my almost pathological affinity toward solving problems and fixing broken things has also crossed my mind. Mostly though, I wonder if it will ever work out with someone who doesn’t have a damn thing wrong with them.

Latenight incoherent rambling brought to you by Too Hot To Sleep.

Fold or Scrunch?

I’ve seen this on a few of those ridiculously-personal-info-to-share-with-the-whole-entire-intarweb memes. Supposedly, this question, referring to one’s post-toilet cleanup style, is supposed to expose some telling detail about one’s personality makeup.

Like you really wanted to know…I fold, and proudly at that: I know the approximate per-ply breaking strength, absorption rate, etc., and consequently, how many minimum plies I want between me and the business. The answer is typically “more than the number provided by a typical TP square”, so it’s getting doubled up in a way that guarantees that many plies at any point along its surface. I’m a big fan of repeatability. Few things would suck more than hitting the structural weak point of a nondeterministic wad of bog roll and winding up two knuckles deep in the shitty part of town.

But there’s a third cleanup style seldom mentioned. The Mummy. You know what I’m talking about.

There’s no mistaking that ruggaruggaruggaruggarugga sound of your stall neighbor unreeling fifty thousand shit-tickets and gift-wrapping his hand with them, then proceeding to use that entire hand (I presume) like a big cannon bore swab. (Nor, for that matter, the sound of the porcelain thunder pot struggling to flush your stallbuddy’s (doo-ly notarized!) 100-page deposition.)

Dear User, Something Bad Happened

I’ve figured out why the whole process of installing XP (sorry folks… the OS and its manufacturer are crap, but most of the good bread only works with their toasters) was such a nightmare. I gave a good hard think, and realized that of nearly a dozen error conditions that prevented this from occurring successfully, not one of them actually produced an error message. At least, not one that would give the slightest idea of what the hell the error actually was.

I’ll spare the story of the long, dark tea-time of the Windows XP install*, but this whole error message situation is eerily reminiscent of “I’m upset with you but won’t tell you why”. (Gender stereotypes are left as an exercise to the reader.)

I love this little popup bubble I’m getting now that the OS is, indeed, installed: “ERROR: A duplicate name already exists on the network.” This is one of those notifications that appears in a cartoon bubble at the bottom-right of the screen with a little “pop!” sound. So um… what kind of name* are we referring to here? DNS name? Computer name? Workgroup name? Computer name inside of a workgroup? Which workgroup then? I haven’t set any names OR workgroups yet, so it must be some braindead default. What that braindead default is, however, is apparently classified information.

Clicking on the error bubble, or any attempt whatsoever to interact with it, like right-clicking, hovering over or attempted dragging, causes it to –pop!– disappear without a trace. Not provide any information whatsoever on which network, which kind of “name” it’s referring to, where else it exists, or how serious this problem is. (I figure “not very”, because everything seems to be working and the screen hasn’t turned blue.)

PS. Since writing this, the screen has started turning blue. A lot. One of several different BSOD codes each time, and multiple different drivers implicated by name (if any). One is the infamous DRIVER_IRQL_NOT_LESS_OR_EQUAL… heh, I like that. Rough translation: Driver not respecting the kernel’s authoritah. Nevermind the drivers I have for every piece of hardware in this machine are the latest available versions and all WHQL-signed, which, up until a couple days ago, I presumed to mean tested, digitally signed and certified by Microsoft to not have stupid bugs like this. Ok, at least I’m not getting this “duplicate name” popup anymore. (Maybe the other machine decided to change its name to The Machine Formerly Known By a Duplicated Name.)

* what’s “slipstreaming”? Hacking your own driver packs (etc.) into a custom burned Windows install CD because it doesn’t support RAID out of the torrentbox. Or your CD-ROM drive, mind you, that it is currently installing Windows from, because at that small portion of the install process it decides there’s not actually a CD-ROM drive there. Or your floppy drive containing the drivers it wouldn’t load from your motherboard drivers CD, a floppy drive which it reads just fine to get the names of all the drivers and ask you if you’d like to use them, then loads them, then is unable to find them on this very same floppy disk 6 minutes later to copy them to your Windows installation in progress (nevermind that these drivers are already resident in memory, probably NOT self-modifying/polymorphic/WOM), OR the other two (2) backup floppies you made because you don’t trust dusty old floppy disks.

** and don’t even suggest the possibility that “name” is meant as a user-friendly euphemism for e.g. an IP or MAC address…

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Scenes a faire, or, the first digits of pi as expressed in various non-integer radices and rounded to the nearest integer. Any real or perceived resemblance to certain secret codes (yeah, yeah, generate your own damn volume key) are purely coincidental.

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

^^^ The WEP key to Jack Valenti’s wireless. I’m told it’s fast enough to download an entire HD-DVD ;-)

Verified by VISA

So while checking out at newegg.com with my dual-core bundle o’ joy, I got asked (or rather demanded) to sign up to “Verified by VISA” as a required part of the checkout process. So I grumbled, because it was another hoop to jump through between me and my new toy, and another damn password to remember, but failure to do so would result in the loss of a shopping cart that took hours of research and planning to assemble, so I signed up. The official story of how this works is, the first time you shop at a VbV site you create a password which is tied to your credit card number. Now every time you shop at a VbV site, it asks for your password in addition to credit card number, allowing the site to reject a buyer who doesn’t have the password. But does it really protect the cardholder from fraud?

I may be biased somewhat on this issue, since I’ve been personally credit-frauded once (full story by clicking here, here, here, and here in that order) and know others who have (AL at work was hit twice in as many months). But it seems like this measure not only will do sweet FA to limit fraudulent use of a stolen card number*, but could actually be detrimental to the cardholder. Upon more careful review of the TOS, the following caught my attention.

(Obligitory warnings: The following represents my own interpretation of the Verified by Visa Terms of Service (TOS), for which I am contacting VISA for clarification. I am not a lawyer, and this is not legal advice. I could be wrong. No lifeguard on duty, yadayada…)


7. CARDHOLDER PASSWORD AND SECURITY

You are solely responsible for maintaining the confidentiality of your password, Registration Data and other verification information established by you with Verified by Visa, and all activities that occur using your password, Registration Data or other verification information supplied to or established by you with Verified by Visa. You agree not to transfer or sell your use of, or access to, Verified by Visa to any third party. You agree to immediately notify our customer service department at 1-800-318-9617 for debit cards and stored value cards, or 1-877-262-8636 for credit cards of any unauthorized use of your password or other verification information, or any other breach of security. You acknowledge and agree that, except as otherwise provided by Applicable Law, we shall not be liable for any loss or damage arising from your failure to comply with this TOS. Transactions made with your password through Verified by Visa will be deemed to have been authorized by you.

(All bolded sections are emphasis added by me. Note that, as is my interpretation of the above, a compromised password could be construed as a “failure to comply with this TOS”, as it pins responsibility for the password solely on the user.)

So this means for me, the dear consumer:

  • Explicitly ON-HOOK for any fraud committed with the password.
    (Time was, if some pimply-faced IT-guy at Best Buy snarfs the credit card database and buys himself a big-screen TV, the cardholder is (by federal law) only on the hook for the first $50, and usually even that is waived.) It remains to be seen whether these rights will be considered waived by agreeing to the VbV contract.
  • Another damn password to remember.
    Verified by Visa’s 8-character limit and other restrictions mean I can’t use my ‘secure tier’ password**, which is burned into my memory – I have to write this one down somewhere, which, no matter where and how this is done, is less secure than not having a written-down password.
  • No additional security whatsoever.
    If the thief snarfs the password… He shops anywhere he damn well pleases. Since he has the valid VbV password, some of the usual sanity checks (billing/shipping address match or shipping address on file, statistically anomalous usage patterns, etc.) may be bypassed.
    If the thief doesn’t have the password… he shops *almost* anywhere he damn well pleases. As I’ve been a cardholder for 8 years and this is the first time I’ve heard of Verified by VISA, my experience thus far is that a relatively small percentage of sites actually implement this. The thief simply shops at the numerous sites that don’t. Of course, that’s only if the cardholder has stumbled across one that does first, and had to sign up. If not, the thief still shops anywhere he damn well pleases.

So there’s my (non-lawyer) take. I’ll keep you posted on what VISA has to say about the bolded TOS items and their effect on cardholder liability.

* until every site on the planet uses it. I’m guessing this will happen for VbV at about the same time as it does for IPv6.

** Password tiers. Is it more secure to have 3 or so “master passwords” for different tiers of security (a small enough number that they can all be remembered, not written down), or a different password for every service, web site, bank, phone/voicemail account, and etc. (dozens or hundreds) which are far too numerous and rarely-used to be remembered? I won’t state for the record which method(s) I use, but junk logins (e.g. New York Times, or other places that make you register for the sake of having registered) tend to have the password ‘password’ as a matter of general fuck-you.