Duck Penis |
Posted on 19-06-20, 12:28
|
Stirrer of Shit
Post: #421 of 717 Since: 01-26-19 Last post: 1766 days Last view: 1764 days |
Have you read Ted Kaczynski's manifesto? There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this. |
tomman |
Posted on 19-07-06, 23:35
|
Dinosaur
Post: #423 of 1317 Since: 10-30-18 Last post: 2 days Last view: 17 min. |
The Blu Dash X (now in the hands of its new owner, $COUSIN's father) came back to me, in the same unbootable status I got it last time. Redownloaded system partition, phone booted again, and all data and crapps were intact! But then... phone was behaving erratically after a while. Magisk was losing root status after a while, random Chrome windows were opening at random (some of them with unknown URLs). After trying to update Magisk, phone only booted to TWRP (recovery). Uh-oh... Reflashing the FULL image did nothing, the bastard piece of shit only booted to recovery! Finally... I pulled the SIM card out, reflashed it once more, and BOOM! Boot again! Now I get to deal with Android's FRP sekuritah theater. Long short story: if you ever https://www.getdroidtips.com/bypass-frp-google-mediatek-sp-flash-tool/ https://www.academia.edu/38242529/How_To_Reset_FRP_on_MediaTek_Phones.pdf If you've flashed your phone at least once, you already have the tools for it. Thanks Mediatek! Now I get another chance to brick this bastard. $MOM's Allcrapper is crapping its pants as usual. *yawn* Without reliable Internet access for more than 5 minutes a day, it's not even worth to take a look. Backup Whatsapp shit to a SD card and pray. Also: fuuuuuuuuuuuuck you Silly Valley assholes that are trying to kill Bluetooth OBEX as a standards-compliant way to share files between devices. In the era of dumbphones (and assuming your carrier didn't crippled OBEX THAT'S WITH YOU VERIZON!), sending files between phones was dead simple: enable Bluetooth on both devices, ensure both are visible, open photo/sound/video, find the "Send via Bluetooth" command on your OEM UI, do it, done. But nope, that's not how millenials share cat memes nowadays! You're supposed to use WhatsFuckingApp or whatever Internet-required data silo just to beam a picture between two phones that are only one meter apart! Yes, Android still does OBEX. But on my Z835, sometimes the phone insists that a pairing must be established first for no good reason at all. And on other phones, like $COUSIN's Samturd Galaxy J4, figuring out where Bluetooth-received files are located is an exercise in frustration. Also, I can't believe Samturds can't render SVG files by default (none of the Samturd built-ins can open them), yet my shittyass ZTE with Simple Gallery can do! This really gets in the way when you're trying to teach someone how to get your Inkscape art out of your PC and into your Instagranolas feeds. God damn it, my head aches every single time I'm near of a smarturd :/ Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™ |
tomman |
Posted on 19-07-12, 04:41 (revision 2)
|
Dinosaur
Post: #433 of 1317 Since: 10-30-18 Last post: 2 days Last view: 17 min. |
BLU phones really make me turn blue. Today's victim: a BLU Advance 4.0 (A270a) with the same boot logo hang as every other lovely broken Android turd that lands into my hands. Mediatek-based phones are double-edged swords: they break so easily, yet they're fairly easy to revive (plus, I'm lovin' the native Linux flasher). A few notes (because why not?) - Getting the phone to flash took several attempts for whatever reason. Kill ModemManager, just in case. - The phone had A07 firmware. I was only able to find the latest one, A10 (which comes with newer BLU branding over the same ancient Jellybean build that your favorite crapps already have deprecated). This caused the Mediatek flasher to scream at me that something has changed in the ROM structure, therefore I have to format the phone first. If this is absolutely required for the firmware download to actually work, WHY YOU DON'T DO IT ON YOUR OWN?! Gee, a "Full format is required, Do It / Cancel" dialog would have been handy, instead of the useless "THOU SHALL FORMAT! OK / More Info" currently in place! *sigh~*. Format tab-> Auto format-> Start -> you're ready to download firmware. - After phone boots for the first time, insert SIM cards back. Oh wait, you have no service now! Even worse, your IMEIs are gone! BOTH OF THEM. Apparently this is expected even if you do a factory reset or switch ROMs because lolMediatek (seriously, why IMEIs don't live in OTP EPROMs anymore?!). Luckily for us, these aren't Qualcomm phones (where you can get into a world of pain if you end with no IMEI and no EFS backup, and this is the reason of why I'm not rooting my ZTE yet) - you can actually "repair" your IMEI yourself using nothing but the phone itself, and depending on your phone, you may not even need to root the bastard. Unfortunately in my case, I DID have to root (the dialer app filters out the Engineering Mode code on this one), but you can unroot after fixing stuff. - There is no TWRP for this thing (only hacked CWM builds that are impossible to download nowadays), and I doubt Magisk supports devices that old, so your rooting options are quite limited. I used good ol' Kingo - GPS seems to be broken (it actually was broken before the reflash, according to Factory Mode testing). Not that its owner cares (it's an old lady that only uses the phone for texts, calls, and WhatsCrapp), so I'm not going to bother researching possible fixes. Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™ |
Duck Penis |
Posted on 19-07-12, 11:51
|
Stirrer of Shit
Post: #492 of 717 Since: 01-26-19 Last post: 1766 days Last view: 1764 days |
Does this change the IMEI as broadcasted to the cell towers, or just the internal representation the phone uses for e.g. WhatsApp? There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this. |
tomman |
Posted on 19-07-12, 12:05
|
Dinosaur
Post: #434 of 1317 Since: 10-30-18 Last post: 2 days Last view: 17 min. |
Make your guess. And yes, what I actually had to do was technically illegal in most of the world, but it was required to make the phone work again as a phone, and not as a palm-sized tablet computer. Once again: why those things don't live at an OTP memory?! (In the ancient times that used to be the way) Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™ |
Duck Penis |
Posted on 19-07-12, 13:14
|
Stirrer of Shit
Post: #493 of 717 Since: 01-26-19 Last post: 1766 days Last view: 1764 days |
I don't follow. Isn't IMEI burned into the baseband independently of everything else? I've seen some guides on how to "change IMEI," and it only ever changed what the phone showed in settings and to apps. And why would it be illegal to change it? If I recall correctly, there is an explicit provision in the law here (and I am sure many other countries) that network operators may not block access for devices as long as they are in compliance with the standards and do not cause harm to the network, and also must make available the standards for connecting to the network. There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this. |
tomman |
Posted on 19-07-12, 19:04 (revision 1)
|
Dinosaur
Post: #435 of 1317 Since: 10-30-18 Last post: 2 days Last view: 17 min. |
The IMEI (and its equivalents on other networks, ESN for CDMA IS-95/TDMA IS-136, MEID for late CDMA2000 IS-2000 devices) is supposed to be burned on baseband's OTP ROM, both technicallyt and legally. In a era previous to the smartdevice, changing IMEI/ESN was extremely illegal, and you needed a very expensive service box for that (the feature was included under the dubious "repair IMEI/ESN" feature banner, which was a misnomer as there was nothing to repair; a broken OTP most likely means the phone would not boot or something else). Since you can't alter OTP ROMs, said boxes resorted to apply firmware patches to the phone flash memory, forcing it to read the serial number from flash instead of OTP. Said patches were highly version and carrier specific, which means that if you ever had to update/reflash your firmware, the phone would revert to using the serial on the OTP. Suddenly, device OEMs may have decided that they could save half a cent by forgoing the need to separately program an OTP, or some similar BS (I am not into the phone industry biz, so I might be talking out of my ass, but whatever), so they decided to move some of those previously read-only sensitive byte sequences to plain flash (often protected behind secure storage partitions, TrustZone or other enclaves, or whatever). And since you can't expect quality from fly-by-night Chinesium phone factories, chipset OEMs stopped caring, or whatever. Or maybe protecting Hollywood from people ripping Netflix on their phones is much more important than actually preventing phone fraud/theft. This has nothing to do with IMEI-spoofing apps for smartdevices, which is another completely different thing (they're spoofing apps, not the baseband). Also, a phone with a broken/erased IMEI does get blocked out of mobile networks for the same reason sysadmins and network gear may block people trying to connect with zero'd MAC addresses: address collisions!* A phone with an erased IMEI may report with a random IMEI (there is a check digit, but it's only meant for labeling, and it's not part of the actual number sent to the base station) which may get accepted, or will report with an IMEI of all zeroes... which will collide with the other 360 handsets whose firmware have commited sudoku that day. Or maybe default to a hardcoded (and hence easy to blacklist) ESN that is shared with all of the devices of the same product line/model. I'm not sure to which IMEI those BLU phones do default when the IMEI is erased, but all I can tell is that while the radio will scan and detect mobile networks just fine, the carriers will refuse to let the device register into the network without a valid IMEI. Once I "repaired" the IMEIs on this thing, Movistar gladly let the phone join the network. In the case of Qualcomm phones (like my Z835), a damaged/erased EFS means a all-zeroes IMEI, which cannot exist and therefore leads to a brick (even if the GSM/UMTS/LTE radio can actually power up and blast a signal over the airwaves!) *A similar problem appeared during CDMA's transition from ESN to MEIDs, as not all networks were compatible with the new serial format, which would seriously hamper roaming capabilities. An interim solution was devised: the pseudo ESN (pESN). The pESN is actually the last 24 bits of the MEID SHA1 (IIRC), prefixed with "80" (which was previously a reserved range). Since only a part of the SHA1 was used, collisions were a real concern, but the industry downplayed the risk, as eventually all CDMA networks would have migrated to MEID (or shut down, which was what actually happened to most CDMA networks around the world). I never heard about people having problems while roaming with their MEID phones on older ESN-only networks... Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™ |
Duck Penis |
Posted on 19-07-12, 22:45
|
Stirrer of Shit
Post: #494 of 717 Since: 01-26-19 Last post: 1766 days Last view: 1764 days |
Seems like you could make good money refurbishing IMEI locked phones then. Although then you might as well just buy iCloud locked iPhones without receipts and replace the logic board and whatever else for far more profit.you can actually "repair" your IMEI yourself using nothing but the phone itself Do you need to reboot it for this? Seems like you could vastly improve privacy by randomizing IMEI per SIM card/session combination. Curious that none of the 'privacy phones' did this. But why'd it be illegal to change it though? I can only find information on cloning, which seems more like outright fraud than illegal modification. Surely, using an IMEI nobody else is using should be A-OK? There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this. |
tomman |
Posted on 19-07-13, 01:32
|
Dinosaur
Post: #437 of 1317 Since: 10-30-18 Last post: 2 days Last view: 17 min. |
Posted by sureanem A reboot is actually required, indeed. Also, none of the "privacy phones" implement this because that's, well, illegal. Oh, and having a phone which allows its IMEI/ESN/MEID/whatever to be changed at will means that if yours ever get stolen, you have a fat chance in hell to recover it, because no telco can't track it anymore. It's like selling cars with forged serial numbers, which is a couple orders of magnitude worse than stealing $200 plastic slabs. Posted by sureanem That's the most typical rationale, yeah - that dates back to the era of analog cellphones, where the security ranged between "none" and "a joke". Technology has marched on, but the laws are still stuck in the stone age. Fraud is still illegal, no matter how you commit to it. That's the typical case of "we can't have nice things because there are assholes in the world". Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™ |
Duck Penis |
Posted on 19-07-13, 13:00
|
Stirrer of Shit
Post: #500 of 717 Since: 01-26-19 Last post: 1766 days Last view: 1764 days |
Posted by tomman How come none of them let you swap out the baseband then? Those are generally quite cheap (<$1), so if you'd build it so that the baseband and SIM pop out at once and ship it with a pack of ten you could probably solve that whole issue. Then again, you could solve the whole triangulation problem by making your own baseband, and nobody does this either. I reckon the answer is simple, as always: the people running it are just out to get a quick buck and don't actually care too much about privacy, and the only people who actually care would just buy burner phones. Oh, and having a phone which allows its IMEI/ESN/MEID/whatever to be changed at will means that if yours ever get stolen, you have a fat chance in hell to recover it, because no telco can't track it anymore. It's like selling cars with forged serial numbers, which is a couple orders of magnitude worse than stealing $200 plastic slabs. Has that ever helped, though? Short of iCloud lock, which is now broken, I'm skeptical. I mean, you can just swap out the logic board. It would have helped with ordinary phones, but now? Posted by sureanem I think it's legal in the USA as long as you don't clone them. I'd bet on it being the carriers' greed/incompetence. Fuck cell carriers, worst industry in existence. Should all be nationalized. That would also solve the whole issue of security-reducing backdoors, efficiency-reducing legal wrangling, and people getting their personal information exposed for trivialities under anti-terrorism legislation. But that's for There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this. |
tomman |
Posted on 19-07-13, 17:15
|
Dinosaur
Post: #439 of 1317 Since: 10-30-18 Last post: 2 days Last view: 17 min. |
Posted by sureanem Now you're getting concepts mixed. If you make the baseband (cell modem) switchable, now by law the ESN belongs to the modem module, which is an extension of the computer device, and therefore it quickly sends you to certification hell. This is one of the many reasons of why noone makes modular cellphones (the nearest example I can think was Willcomm's PHS "SIMs", which were actually a removable cell modem in disguise, and even then that proved to be a dead end) Stop overthinking this, really. It's far cheaper to just go out and buy another phone. Posted by sureanem Ah, logic board swaps. I can't even tell if that's a gray area, akin to "chop'n'weld" (can't remember the exact term right now) rebuilt cars - it's not as cheap as just using a hardware dongle or some app to "repair" an IMEI, but sure as hell is an express way to "purify" stolen property. But then, that's another double-edged sword as I myself have performed board swaps quite a few times on devices with the express authorization of their legit owners. I'm not even sure if I want to get DA RULES involved in this... If we try to regulate phone repairs, we will quickly end into DRM, "repairing is dangerous, therefore WARRANTY VOID IF OPEN", and hot politics water. Posted by sureanem As a subscriber of a state-owned telco (CANTV/Movilnet), all I can say to that is: careful with your words, buddy. As evil as can telcos be, you definitely DO NOT WANT to apply the "n-word" to them. But yeah, that's out of scope for this thread. Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™ |
Duck Penis |
Posted on 19-07-13, 19:10
|
Stirrer of Shit
Post: #501 of 717 Since: 01-26-19 Last post: 1766 days Last view: 1764 days |
Posted by tomman Well, that depends. What's wrong with having a switchable modem? You could have a tiny microcontroller and have the main CPU communicate using a strict, well-defined protocol instead of DMA. That also solves the eavesdropping issue, since it can just cut the mic whenever not in call. It doesn't solve the triangulation issue however. I don't know why you would need certification to make your own baseband - my reading of the applicable law here (which I think is/was based on EU law) is that no certification is needed to use a device provided it conforms to standards, but devices sold must be certified. So couldn't you just ship something which needs flashing to work, and then have the phone transparently flash it on insertion? That way, you're not selling usable basebands. You could also get good economies of scale by using microcontrollers that are used for other applications and thus not likely to mess with your stuff. I don't think buying new phones is such a great idea long-term. Imagine if you want to use Signal or whatever on them. And you can't bring them home, or use a Google account. And then there's also the logistics of buying and disposing of phones. A giant nightmare. If you want a new phone each week, and buy bottom-of-the-barrel $30 phones, that's $1500 a year plus 50 trips to the phone store. Why can't you just do it like this: 1 SIM card = 1 modem, and when the SIM card has run out, it erases both and tells the user to eject them? Cheap, user-friendly, easy regulatory compliance. Ah, logic board swaps. I can't even tell if that's a gray area, akin to "chop'n'weld" (can't remember the exact term right now) rebuilt cars - it's not as cheap as just using a hardware dongle or some app to "repair" an IMEI, but sure as hell is an express way to "purify" stolen property. But then, that's another double-edged sword as I myself have performed board swaps quite a few times on devices with the express authorization of their legit owners. I'm not even sure if I want to get DA RULES involved in this... If we try to regulate phone repairs, we will quickly end into DRM, "repairing is dangerous, therefore WARRANTY VOID IF OPEN", and hot politics water. A bit on the expensive side to do in the West in terms of labor costs, I'd think. What you can do is just contact the police and ask them if it's stolen, and if it isn't ask them to write a paper saying so, then bring it to the Apple store. Of course, this can be done for mystery meat iPhones you bought off of eBay too, even if they are stolen, provided you don't live in that same country. As a subscriber of a state-owned telco (CANTV/Movilnet), all I can say to that is: careful with your words, buddy. As evil as can telcos be, you definitely DO NOT WANT to apply the "n-word" to them. But yeah, that's out of scope for this thread. Are the private ones any better then? There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this. |
tomman |
Posted on 19-08-05, 00:52 (revision 4)
|
Dinosaur
Post: #471 of 1317 Since: 10-30-18 Last post: 2 days Last view: 17 min. |
Everybody and his dog reeeeeeeeeally wants me to give my Google account to this shtiphone, amirite? Today's buttfuckery involves BANKS! Yay, doomy dooms of doomed doom, now involving your money~| See, Soviet Venezuelan banking system was pretty much forced -complete with kicking and screaming along the way- to embrace the joy of mobile payments, just like more civilized countries like Japan or Kenya have been doing since forever (and something USA will never adopt due to heavy corporate interests because God forbid you pay for that soda through interoperable payment standards). Unlike Japan's NFC solutions or Kenya's "forced-by-law" SIM toolkit apps, Venezuela's solution is a bit more mundane, involving already-established standards like SMS and websites. And of course, apps for smartdevices, if you're blessed enough to have one in the land of new banknotes with extra zeroes every month. Our banking regulator calls this "P2P", but we know it better as "Pago Movil" (mobile pay), and no matter which bank you have, as long as they've joined the P2P payment network, you're golden - you get your money in seconds instead of waiting up to 3 days for inter-bank transfers to clear (you do pay a slightly higher fee which is still ridiculously low -~0.3% last time I bothered checking-, but that's all). Oh, and you DO need a cellphone number, which combined with your national ID number, is a much easier combination to remember and transmit that a longish 20-digit account number that nobody will memorize, ever. Few banks have gone the SMS way, and unfortunately most of those have botched their implementation so badly you can't pay realistic amounts of money that way. Most however do allow to pay from any device that can run a web browser, from their onlinke banking portals (but if you go that way, you end invoking the entire security theatre, including 2FA with SMS/emails that never arrive on time - so much for "mobile" payments there). If you DO own an Android device (because iDevices are only for the ultra-rich pigs at the nomenklatura, BlackBerry is finally DEAD AND BURIED, and all other mobile platforms were refused entry at the border, just like everywhere else), chances are your bank DO have The App For That™. Install, login, pay*, done. Or not. Leaving aside our pathetic jokes of mobile networks and useless DSL links, you're supposed to source your mobile payment apps through Google Play, which means enrolling your device into the matrix, giving Teh Googles total access to your tracking device. OH HELL NO. Thankfully, Aurora Store got me covered (despite being flaky at times), so it was just matter of locating the apps and install them. This worked just fine with most of my banks, since their apps are contained into a single .APK, they don't bitch about rooted devices, or install a gazillon of services. And there is this bank, with this piece of shit. Yes, we have a bank called "Plaza". No, my local branch is NOT located at a plaza (there IS a bank at the local Bolivar Plaza, but that's a completely unrelated bank - irony is largely dead these days, it seems). And their mobile payments app feature the unlovely distribution method of split APKs, which cause nothing but pain for anyone trying to avoid Teh Googles. If you try to install their shityass app through Aurora, it will download, install... and crash as soon as you try to login:
This is because Aurora loses its mind when fetching those goddamned pesky split APKs, managing to download only the main APK, but not the dependencies (in this case, a native SQLite lib because FUCK YOU THAT'S WHY). Long short story: I had to download this app from another device (luckily $MOM's Allcrapper tablet hasn't creamed its panties this week, so I used her Google Play account to install it), then since this thing is rooted (thankfully!), all I had to do was to find the .APK and copy it somewhere else (in this case, since the device runs KitKat, my target APK lives at /mnt/asec/com.bancoplaza2.p2p-1/pkg.apk). After copying it to my PC for checking, turns out that this is the full APK, including that pesky DLL of doom. After sideloading it to my Z835 (because beaming installed apps over Bluetooth will never happen due to Oh, and this craptacular excuse of a mobile payment app wants access to my location - something that NONE of the other banks whose crapps I use requires (in fact, none of those requires any permission beyond network access - the commies ordered banks to geoblock all their online services to within the country borders, but then that's what IP addresses are for! YOU DON'T NEED A FREAKIN' GPS FOR THAT!). But hey, QR codes! GOD I HATE BANKS. And when mixed with smartdevices, the result is pure concentrated AAAAAAARGHHH!. Like a match made in the deepest levels of Hell. Also, while the idea of split .APKs is not bad in principle (just download the parts your specific device actually needs), the execution is an obvious disaster for those that actually prefer to be in control of what gets installed to their devices. Oh, and it does nothing to address software bloat, aside of some developer ego satisfaction ("butbutbut you only download the bits you need!") *while your bolivars of the week are still worth something Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™ |
CaptainJistuce |
Posted on 19-08-05, 04:46
|
Custom title here
Post: #607 of 1164 Since: 10-30-18 Last post: 66 days Last view: 3 days |
Posted by tomman Actually, the thing holding mobile pay back now is card readers. Lots and lots of card readers out there without any way of talking to a pocket computer. And the card reader manufacturers are going to charge a premium to upgrade to a new model with more features(card reader manufacturers apparently treat their customers as poorly as can possibly be done, so of course they charge extra for everything). Some places have NFC readers, and they support Google Pay and Apple Pay. For everywhere else, there's Samsung Pay. Samsung Pay works everywhere, because the PDAs that support it simulate ye olde magnetic stripe via actuation of an internal electromagnet. No one has to upgrade their hardware to include NFC readers. It is a clever hack, and I respect that, even if I hope to never own another Samsung phone ever again. That said, "banks are awful" is a universal truth. --- In UTF-16, where available. --- |
tomman |
Posted on 19-08-06, 00:28
|
Dinosaur
Post: #473 of 1317 Since: 10-30-18 Last post: 2 days Last view: 17 min. |
Posted by CaptainJistuce Holy shit, yo. 1) Doesn't USA have a banking regulator office or something that can force banks to actually not be complete assholes when talking about paying over anything that isn't a credit/debit card!? (oh, I forgot "interoperability" is a curse word up there). I can't believe my commie shithole is LIGHTYEARS AHEAD over your banks, at least with mobile payments. Our cards are not involved at all. Unfortunately at this stage, the P2P program only covers payments between humans, and only recently some banks have entered the next phase: payments from humans to corporations. Surely there are a bunch of WTFs under the hood, particularly at the security department (what if someone steals your phone? Because that WILL happen to you at some point in time. On some banks there is absolutely no security at all, in the name of convenience), but at least nothing that involves tearing the whole house down and starting over. 2) Wow, you guys still rely on magstripes. I can't even... Your banking system is indeed masochist by design then. Posted by CaptainJistuce Every country has its own flavor of "awful". Right now, ours is precariously dangling between "house of cards" and "panic~!". Every time I dip my card or send some money over a wire/licensed radio spectrum, it's like I'm playing a game of Russian Roulette. Just last week I lost big time, when the debit card networks decided it was a great time to "chip rejection" (whatever that means), while eating my money in the act. Called $BANK, they say "wait 72 hours, then come back with a formal complaint letter". If I'm lucky, I'll get my money back in FIFTEEN BUSINESS DAYS (i.e. 3 weeks, maybe a month). Normally this is not a big deal, but then, this is not a normal country. When I get my money back, it will be worth half it was worth today (in the best of cases). And yes, this happens to any random guy (or gal) over here at least once a year (the only new bit this time is the "formal complaint letter" - they used to deal with this over the phone, but I guess their call center drones defected to Argentina last year). But hey, banks know better than I. And now I have to carry them on my Sino-American pocket computer, next to the bunch of plastic cards with European-assembled rice-grain-sized microcomputers-on-a-chip. At least I can keep teh Googles and crApples away from the gory bits! Licensed Pirate® since 2006, 100% Buttcoin™-free, enemy of All Things JavaScript™ |
CaptainJistuce |
Posted on 19-08-06, 02:52
|
Custom title here
Post: #610 of 1164 Since: 10-30-18 Last post: 66 days Last view: 3 days |
Posted by tomman Of course not. Everyone with money has spent ages dismantling any sort of regulation at every conceivable level. In fairness, though as I understand things the payment processors your retailers lease the card readers from aren't banks. Merely middlemen with a very lucrative middle. Trufax: Our financial industry was insisting that magnetic stripe was good enough and we had plenty of security mechanisms in place so we didn't need to make the cards more complex(and expensive). ... Then Target lost an entire year's worth of credit card numbers through the fucking air conditioner, and the industry collectively went "The fuck was your AC even doing on the financial system, Target? Fine, we need chips because there's no accounting for stupid." And then the PEOPLE started resisting chips because they believe they're easier to hack and can be cloned remotely and I DON'T KNOW I HATE EVERYONE. --- In UTF-16, where available. --- |
Nicholas Steel |
Posted on 19-08-06, 08:47
|
Post: #243 of 426
Since: 10-30-18 Last post: 501 days Last view: 16 days |
You got a link to a good article on that Target fiasco? AMD Ryzen 3700X | MSI Gamer Geforce 1070Ti 8GB | 16GB 3600MHz DDR4 RAM | ASUS Crosshair VIII Hero (WiFi) Motherboard | Windows 10 x64 |
CaptainJistuce |
Posted on 19-08-06, 09:34 (revision 1)
|
Custom title here
Post: #612 of 1164 Since: 10-30-18 Last post: 66 days Last view: 3 days |
Posted by Nicholas SteelJust do a search for "target breach" It was all over the news for a couple months due in part to scope. But have a ZDNet retrospective. https://www.zdnet.com/article/the-target-breach-two-years-later/ The article contains a link to an article from Krebs. https://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/ (Also, I lied. It wasn't an entire year's worth of data, just an entire holiday season's worth. Not much better.) --- In UTF-16, where available. --- |
Duck Penis |
Posted on 19-08-07, 21:26
|
Stirrer of Shit
Post: #561 of 717 Since: 01-26-19 Last post: 1766 days Last view: 1764 days |
We ragging on banks now? I don't have too much against them, except for the parts where they get more and more stores and people to go Cashless™, and of course at the same time arbitrarily denying people they don't like to create accounts, effectively shutting them off from earning a living. But this is no big deal - after all, it is important to enforce compliance. But why do their UIs always have to be so dreadful? I was trying to do some transactions. Now, in the best of worlds, it would work as such: I go to my account. On the left-hand side it shows what I own, either in dollars or percent. On the right-hand side I can type in how much I want to own, or leave blank for unchanged. It then makes sure this is possible to execute, and does it on a best-effort basis. Since we don't live in the best of worlds, this is not the case, and we have to use Excel instead. Now, my bank graciously provides atomic sell/buy orders, so you can ask them to sell A and use the proceeds to buy B. You can also tell them to sell a certain share of A and use the proceeds to buy B. You can however not tell them to sell A and buy B and C in one go. So then the question you might ask is, how bad is it possible to screw up a text box? Well, step one is to add input validation. Not just any input validation, mind you. Server-side input validation with a lag of say 0.1 seconds, that gives error messages in English, and sometimes not at all, and sometimes for valid input which still however goes through. Step two is to have it change the values randomly when you scroll, and in the process round them toward the nearest percent. Step three is to block letter input, and in the process hotkeys. Did you reflexively hit CTRL-A backspace CTRL-V to clear the field and paste the clipboard? Too bad! You'll just have to use the mouse instead. This is certainly an inane complaint. I can still access my money fine, and I don't pay out the ass in fees. But why? Why would you ever want to replace a UI that worked fine with a UI that fails at such basic tasks? Do they get off on it, or what? I don't get why you Americans would complain though. You should be proud of your banking system. * Impressive stock market * Impressive central bank * Cheap mutual funds * Cash widely accepted What more could you wish for? Posted by CaptainJistuce In the civilized West we use contactless payments with NFC, and they don't require PIN for purchases below $20. Presumably, this is what they're scared of. In theory, some madman could walk around with a payment terminal and charge random people's cards. In practice, the merchant account he's using wouldn't last for too long. But such considerations have never deterred anyone from thinking up very dangerous scenarios, in which that guy with the hoodie in the dimly lit room you see in the stock photos walks around in the supermarket with a payment terminal and makes away with an earth-shattering $20 minus fees. No, Japan has that whole issue figured out. You use cash. Fast, simple, efficient. If you want cash, you go to your ATM and withdraw it. Of course, most parts of the West can't do this due to crime and whatnot, but in an ideal world that'd be the best option. You should celebrate the time you have left with archaic technology. Soon you won't be able to use cash at all, and that's when they hit you. First with negative interest rates, and then with the more insidious stuff. How about hiking up the life insurance rates, and then offering you discounts if you 'consent' to analysis of your payment history? Gym card lowers the fee, McDonalds raises it. Cash withdrawals raise AML/KYC flags, if they're even permitted. "Consenting" to location history analysis via your cell provider could net you even further discounts - spending too much time in the ghetto lowers it, so does political protests. And of course, your ISP could get a piece of the pie too. Excessive Tor usage can't be good for the credit rating, for instance. Imagine the possibilities. The government could disincentivize undesirable behaviors without having to institute any new laws or even making any public statements. Just hold a meeting with the banks and give them an offer they can't refuse, and ta-da, people start using public transport instead of taking the car, which drastically reduces CO2 emissions, as well as crime. Or were you going to bring your duffel bag full of cash on the subway? There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this. |
Kawaoneechan |
Posted on 19-08-07, 21:52
|
Coke™ Addict
Post: #328 of 599 Since: 10-29-18 Last post: 198 days Last view: 33 min. |
Oh shit, here we go again... |