Links for 2014-10-31

  • Chip & PIN vs. Chip & Signature

    Trust US banks to fuck up their attempts at security :( US “chip-and-signature” cards are still entirely forgeable because the banks fear that consumers are too stupid to use a PIN, basically.

    BK: So, I guess we should all be grateful that banks and retailers in the United States are finally taking steps to move toward chip [and signature] cards, but it seems to me that as long as these chip cards still also store cardholder data on a magnetic stripe as a backup, that the thieves can still steal and counterfeit this card data — even from chip cards. Litan: Yes, that’s the key problem for the next few years. Once mag stripe goes away, chip-and-PIN will be a very strong solution. The estimates are now that by the end of 2015, 50 percent of the cards and terminals will be chip-enabled, but it’s going to be several years before we get closer to full compliance. So, we’re probably looking at about 2018 before we can start making plans to get rid of the magnetic stripe on these cards.

    (tags: magstripe banks banking chip-and-pin security brian-krebs chip-and-signature)

  • Elastic MapReduce vs S3

    Turns out there are a few bugs in EMR’s S3 support, believe it or not. 1. ‘Consider disabling Hadoop’s speculative execution feature if your cluster is experiencing Amazon S3 concurrency issues. You do this through the mapred.map.tasks.speculative.execution and mapred.reduce.tasks.speculative.execution configuration settings. This is also useful when you are troubleshooting a slow cluster.’ 2. Upgrade to AMI 3.1.0 or later, otherwise retries of S3 ops don’t work.

    (tags: s3 emr hadoop aws bugs speculative-execution ops)

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.