Bill Processing

It’s bill-pay day, so of course I’m confronted once more with several payment portals that have security theater. What do I mean by that? I mean, stuff that looks like it’s some kind of security (preventing theft of personal information, verifying that the actor is the right person, etc.) but which doesn’t actually provide any security. Sort of like the bit where you have to take off your shoes when going through airport security — that doesn’t do anything useful, but it makes people feel as though something useful is happening.

So here I have to deal with four separate payment portals. The situation is, I’m paying a bill. I’m trying to give someone else money. And here’s what the someone else wants:

  1. Enter my checking account number and the bank’s routing number, since paying with a credit card incurs the credit processing fee. But, the paste operation is disabled on these fields. So I have to type these numbers.
  2. And, I have to type them twice, to make sure they’re the same.
  3. Fill in a CAPTCHA before submitting the payment form.

What the first step does for the portal is a mystery. Why should I be unable to paste the routing number and account number, which I copied from my banking website or my password manager? It makes no sense. I’m much more likely to make a mistake while typing than while doing copy/paste.

The second step is a legacy from the days before copy/paste. That’s an error detection step to catch mistakes on data entry. If you allow copy paste, you don’t need that step. If you disallow copy/paste, then you do need it, but why are you disallowing copy/paste? (Special bonus frustration: the fields are marked as password fields, so you can’t even read what you’ve entered — it’s all just asterisks or bullets.)

The third step is an utter mystery. I’m not entering a password, I’m paying a bill. The information displayed on the “payment received” page is the same as the information required on the “submit payment” page: account number and payment amount. As I’ve written before, who cares whether a robot submits the information?

Sketch of a Street Scene

Walking along the street this morning, I saw this: a bearded old man, bundled up in woolen hat and puffy jacket, covered in blankets, surrounded by shapeless lumps of textile – possibly tarps, or sacks – sitting in a wheelchair and parked at the edge of a convenience store parking lot. He had, somewhere, a radio tuned to a talk show. The flat quality of the voices led me to think it an AM station, which makes sense, since FM is mostly commercials interspersed with occasional music. The main voice was a woman’s, confidently using logical fallacies to promote divine creation of a flat earth.

I can delete my social media accounts and refuse to read the hyperbolic news items in the press, but that’s actually a privilege. When my dad was in hospice, the residents of the house were parked in the living room with a TV tuned to Fox and that’s what they got. I think there’s money to be made, making the helpless feel even more afraid, and I think that people are already doing it.

It’s pointless to kill your television if you leave your radio alive.

Obviously, I haven’t thought deeply about this. All I know right now is that I feel sorry for that old guy in the wheelchair. I want him to know God loves him and he doesn’t have to accept illogical nonsense about cosmology for that to still be true. And I feel sorry for all the other scared and angry people who need to be comforted by a voice telling them that the world is flat and there’s a vast scientific conspiracy trying to pull one over on them. Because the conspiracy is that voice, and if they’re listening, then they really need to be hearing something else. I wish I knew what it was.

Haxor to the Maxor

Today’s entry in the “put a computer on it” dopeslap file comes from Ars Technica. Turns out that ancient IoT devices are actually a giant security risk. If only someone had pointed this out at some time…

Okay, so, maybe sticking the Internet into everything isn’t such a great idea? Maybe?

Imagine a world where Russian hackers can’t use your doorknob to steal access to your bank account…

Capture *This*

You know what’s dumb? Putting a “Prove you aren’t a robot” widget on your invoice payment flow. Imagine for a moment that you’re a service provider and you’ve done some work for someone. You send them an invoice, and now they want to pay you some money. With me on this hypothetical journey? Good.

Now. A web browser submits some payment information to your payment portal — credit card number, invoice number, payment amount, all that good stuff.

Do you, who want to get paid, actually care whether it’s a script or a human who’s submitting that information? Let me give you a hint: no, you do not. All you want is your money.

The “protection” offered by a CAPTCHA has nothing to do with this flow. ZOMG, why am I seeing this crap this morning?

You *Are* Traffic

Driving around in traffic, one sees a lot of license plate frames. Most of them are, essentially, advertising flyers for the dealership that sold the car (or the place that last serviced the car). I think this is kind of obnoxious, and so I’m usually very happy to buy a nicely anonymous frame. (Which reminds me — I haven’t done that yet for the truck; really ought to get to that.)

There’s some dealership around here, though, that seems to sell about 80 percent of all the cars on the road. Dee gee dee gee dot com, whoever they are (they haven’t sold us anything, despite their omnipresent license plate frames), and every time I see one of these things (so, every time I’m driving anywhere) I can only think of the 1982 arcade game, Dig Dug.

As to the title of this post, the complete saying is, “You aren’t stuck in traffic; you are traffic.” So, if you’re being traffic in a Dig Dug car and suddenly a guy runs up and blows up your car with a bike pump, you know why.

Why Zero-Sum?

On the easy levels, Civilization teaches you that it’s okay if you’re a pariah state if you’ve got the biggest military. This sort of tracks with realpolitik, but it’s only a partial match. See, this bugs me. Civilization hooks me with its complexity and infrastructure. I love building a complex system. But it fails me because it is, at its heart, a zero sum game. This is just fundamentally depressing, and it’s why I like going for culture or science victory. But, and this is kind of important, the computer players *know* that it’s a zero-sum game, so you still have to spend big bucks on your military. And if you start winning and your military isn’t buff enough, they’ll stomp you. So, you have to have the *capability* of a military win, and then you can win with whatever condition you want.

What if there were a way to get everyone to win, together? What if there were a win condition like, “All players have net happiness in all cities?” Also, what if there were diplomatic options beyond, “Let’s you and him fight,” and, “Gimme your lunch money!” Maybe something like, “Look, if you stop beating up your neighbors, I’ll send some caravans your way.” There’s already this notion of players not liking you if they think you’re a war monger, but that just doesn’t have any teeth — what do you get if they like you? Not much. And so what if they don’t like you? They’re not going to like you no matter what you do, so don’t waste your time trying to placate them.

It is observably true that it is possible to increase a person’s happiness without a corresponding decrease in happiness somewhere else. Happiness is not a zero-sum game. And you know what? That’s a far, far more interesting game.

I Must Be Doing It Wrong

I’ve started this post several times, and still can’t figure out a clear path. I feel frustrated with the situation, and I don’t know enough to be able to make progress. Sometimes, writing a blog post helps me organize my thoughts so that I can see a way forward. So far, no luck. Once more, with feeling!

The Goal: learn to use Ruby and Rails.

Why: I would like to help an organization by working on software to solve their problems. To do that, I need to be familiar with the tools.

Continue reading “I Must Be Doing It Wrong”

It Writes Itself

Lotus is making an electric SUV.

My mother will probably crack up when (if) she reads that. Ars Technica is kind of excited about it, but man. You know how the Ford Pinto was really well known for exploding when it got rear-ended? So, what if, on the heels of that, Ford was all, “Okay, we see where this is going, so the next thing we’re going to build is a fuel tanker.” Go ask someone who was into cars in the 1970s about how good the electrical systems were in Lotus cars.

Electrical systems aside, I’m still coming down on the WTF side on this one. I mean, sure, the Porsche Cayenne has demonstrated that there are plenty of people who want to drive a sports car SUV, so of course Lotus will want some of that sweet, sweet money. Are you sure that Mrs. Peel will want someone to mom her ride?

Mirror, mirror

Today I wrote a simple command line utility to mirror the dependencies for a swift project. And it works! That’s pretty neat, in and of itself.

Then, because I could, I built a Docker image that has my utility installed, so I can use that image as the base for all my containerized application development. Now, when I’m on a ship in the middle of some ocean, or when my Internet connection has been severed because…well, they never do explain why…then I don’t have to sweat it.