WingNews logo WingNews GitHub [2]

johndbeatty's comments

johndbeatty | 2 years ago | on: Neil Postman: A civilized man in a century of barbarism (2003)

I'm not so sure Postman's view of ChatGPT would have been entirely negative. One thing he might have liked -- perhaps very much -- is that the medium is linear, rational, and conversational. Compared to watching the "peek-a-boo world" news shows on TV he decried, having long, deep conversations on some topic of interest with ChatGPT looks quite good indeed. I'm pretty sure he would not have liked the reliance on technology, however.

johndbeatty | 3 years ago | on: My PhD Genealogy

I wanted something like this as well, and I have a prototype of something much simpler (using node2vec to generate embeddings using data from Wikidata and DBpedia (and Twitter)). It doesn't really do what you want, but you might find it interesting.

Rousseau: https://pov.is/e/93f9822c-1ed8-4bc9-aec9-064e7bb6807c Amour de soi: https://pov.is/e/82e9f674-ebbf-4c36-b225-ec1653ce3367

You can go backwards and forwards in time using by-year view (though missing data in Wikidata makes this a bit difficult): https://pov.is/e/93f9822c-1ed8-4bc9-aec9-064e7bb6807c?i=Q5&o...

johndbeatty | 7 years ago | on: The Big Hack: How China Used a Tiny Chip to Infiltrate Amazon and Apple

Agree the people and process side is very difficult to do well. Familiar with all those and more -- we have extremely good, dedicated employees who care deeply about doing those things right.

We have some fun stories on this topic, like when we were using our PCI PIN approved secure room in our development office for the first time. We papered over the cage to prevent a security camera from being able to see employees entering PINs on the HSM. An eager employee papered over this cage a little too well cutting off the natural flow of air. And then there was a bug in our offline CA code and we spent 30 minutes in that air deprived cage while debugging occured :) finally the bug was fixed, we issued the cert on our first production device, and stepped out to get a breath of fresh air. Obviously this isn't our daily driver secure CA room :)

(If anyone reading is looking for a job in security engineering, we're hiring! https://www.clover.com/careers/engineering)

johndbeatty | 8 years ago | on: Without Power, Puerto Rico Is Cash Only

Clover has had an offline feature for payments on all our devices (except our dongle/peripheral solution). It's very heavily used -- thanks to flakey ISPs, routers, WiFi, cellular, etc. We often see people go for a day or two offline.

We let you set limits on count/amount/time of offline transactions. After you come back online we send email a report telling you how many offline transactions you did and how many authorized and didn't authorize. This serves as a feedback loop to encourage fixing connectivity issues.

johndbeatty | 10 years ago | on: X-Ray Scans Expose Chip-And-Pin Card Hack

It's complicated. U.S. EMV credit is (virtually) all chip and signature. Debit is split between PIN and signature. US Debit Common AID is Online PIN, but you can legally do PIN bypass ("no cvm") or even fall back (or have user select) the card brand's application on the card (instead of the US Debit Common AID), in which case for Visa it will be signature and for Mastercard it will be online PIN. Politics and posturing.

johndbeatty | 11 years ago | on: Implementation of Apple Pay in-app payment crypto

I run a subsidiary of First Data (called Clover). I wrote and published the code for a few reasons:

- so I could answer questions more accurately and thoroughly during press interviews and with current and prospective partners. Nothing beats running code for this.

- My team doesn't trust me to write production code much any more but I need my kicks. ;)

- I'd like for people to understand Apple Pay crypto well -- it's the best I've seen in the payments industry. I'd like to even see something like this standardized for protecting cardholder data (both for card-present/POS transactions and e-commerce), where 3DES/DUKPT is still standard practice.

- There's been some misunderstandings that Apple Pay In-App is a closed system and you need to partner with them to use it. This is an existence proof that this is not the case.

- For people who are their own processor/gateway (e.g. very large companies), this gives them a bit of a head start on understanding what they need to do.

First Data has a commercialized version of Apple Pay in their new e-commerce gateway: http://www.payeezy.com/ (not to mention many gateways which process through First Data and support Apple Pay).

johndbeatty | 14 years ago | on: Why is nobody using SSL Client Certificates?

Banks in the U.S. have been largely content with username and password security, perhaps because their sites don't let you do all that much -- at least so far. Now, with more p2p functionality coming (esp. cross-bank; see clearXchange), that might need to change in a hurry. Some banks (like Wells Fargo) do phone number authentication before executing some actions (like p2p payments). https://www.wellsfargo.com/privacy_security/online/advanceda...

At Clover (www.clover.com) we've built a payment app for iOS and Android which use client certs to great effect. Once your iOS/Android device is bound to your Clover account using the client cert, you just need a short PIN to protect against unauthorized physical access to the device.

Because we're a native app, we're able to hide all the nastiness of installing the client cert. When the app is freshly installed, we first verify control over a phone number (by sending a text or calling it with a verification code). If that checks out, we issue a new client cert to that device and associate the device with the account bound to the phone number. An account is locked to a (small) set of devices (e.g. iPad + iPhone).

johndbeatty | 15 years ago | on: Ask HN: Who is Hiring? (April 2011)

Mountain View, CA (We do H-1Bs and other visas)

Clover is building a world-class team in machine learning, distributed systems, front-end, and operations. On staff is a Robocup champ, the former lead engineer for YQL, a rocket scientist turned GPU programmer, and other great engineers. Beyond being really good at what they do, the engineering staff is very friendly. We're not talking publicly about what we're building yet, but we have a well-defined mission, a clear business model, and a killer business team. Our recent Series A is from Sutter Hill Ventures, Andreessen Horowitz, Morado Ventures, and individuals.

I'm particularly eager to find an excellent operations/reliability engineer who loves to build and improve tools, a passion for quality and reliability, and a positive, friendly attitude.

Also very high on my priority list is a big-data processing engineer to design and build our data pipeline.

If you're interested, you can email me directly -- [email protected].

https://www.clover.com/jobs.html

johndbeatty | 15 years ago | on: Ask HN: Who's hiring Data Scientists/Machine Learning Engineers?

Thanks for posting this. We're building a very strong machine learning, data science, and algorithms team here at Clover. Come work with a Robocup champ and a rocket scientist in Mountain View! I'm particularly looking for people to design, build, and operate our data pipeline. Strong Hadoop experience a definite plus.

Email me at [email protected] if you're interested.

johndbeatty | 15 years ago | on: Hacking Startup School: A tool to optimize your networking this weekend

We have 66 registered users and ~2200 answers to ~90 unique survey questions. The survey system is adaptive so that the most important questions are served to you first. You'll get a list of matches of interesting people to meet at Startup School, and the system will email you once a day with the current list of your top matches.

Anyone can pose a question to the community (and please do!)

Please note below any feature requests.

page 1