The research I have been doing lately has allowed me to generate fun graphs like this one, to help illustrate the current state and trend of reported identity breaches:

Yes, it includes the high and controversial Best Western numbers.

Next step is to finish my dynamic feed based on phplot — post a chart that dynamically updates as groups like datalossdb.org edit their records.

I will be presenting the hidden details of this chart and other exciting visualizations at the upcoming ArcSight 2008 User Conference called (fittingly) “Connect the Dots”.

Maybe I should not call it spam. Craig calls it astroturf in his blog post called Official McCain effort to reward astroturfing:

Looks like the Bush people pulling McCain’s strings are officially asking people to post false info on discussion boards in return for points.

[…]

Did I mention I’m really tired of cleaning up the mess?

Ha ha, you and me both although I obviously have zero volume to worry about compared to abuse of a mega-site like craigslist.

It seems to me this is just the beginning for folks who consider blog-spam a “win” — the kind of people who pollute with abandon and then say how much they love the environment for absorbing their waste. A”win” to them means a few people get a joy ride while the rest of us get the tab. I guess the question is whether the “talking points” would ever make it on their own, without a points/incentive system, and/or whether the points system invites a less desirable crowd (mercenaries, if you will).

Bicycles rarely sit and stare at a red light when there is no traffic around. Some states apparently think decriminalizing this behavior is a good idea:

An idea is gaining momentum to allow bicyclists to pedal through stop signs, without stopping.

Bicyclists claim that it can be tough to stop a bike at a red light or a stop sign, only to start pedaling all over again.

The state of Idaho changed its law, and now California is considering the same idea. The vehicle code would be modified to allow what’s known as a “stop and roll.” Bicyclists could treat stop signs as yield signs instead, and red lights as stop signs.

Makes sense to me, but I am a long-time avid cyclist who sees no point is standing around and waiting for a light if there is no traffic. An even better solution would to dedicate a full lane with overpasses for cyclists that allow them to avoid mingling with the cage-drivers altogether. Since that probably will never happen in America (I first saw a system like this in the early 1980s in Stockholm) the stop and roll sounds like a suitable alternative.

The article has a funny “dumb-guy” quote from someone in opposition to the new law:

I just don’t think that should work. I mean, they should obey traffic laws like the rest of us

Um, if they change the law then cyclists would still be obeying when they stop and roll — it no longer would be considered against the law.

Here’s another quality comment from the same guy:

I can just see lawsuits if a bicyclist does that and then gets hit by a car and who’s going to be at fault?

Is this really any different than today? I mean you have traffic laws, and if there is a collision then the parties involved, etc. make a statement and police do an investigation. What would change? Nothing. So why would there be lawsuits from this any more than from current traffic laws? There would not be, but I think some people just throw out the word “lawsuit” to chill conversation. It reminds me of people saying “if you do this then the boogeyman will get you” or maybe “don’t resist, this is for your own safety”.

I wrote about the Best Western case yesterday, but something in today’s news caught my eye. Newsday.com reports this nugget of information:

The company said it purges guests’ credit card and other data from its systems within seven days of their checkout.

Seven days? They are prohibited by PCI from storing sensitive data after authorization, so what credit card data are they referring to here?

Was it just the PAN? Although seven days might seem short compared with a year of data, card information is meant to be masked, hashed or truncated immediately. Sensitive data has to be securely wiped as soon as a card has been authorized. How do they explain the reason for a seven day procedure that leaves card data exposed, since they say they are PCI-compliant?