Category Archives: Financial

新墨西哥州禁止因為學童付不起營養午餐,就要求他們以勞力付出

禁止這類變相的羞辱行為:「New Mexico Outlaws School ‘Lunch Shaming’」。 In some schools, children are forced to clean cafeteria tables in front of their peers to pay the debt. Other schools require cafeteria workers to take a child’s hot food and throw it in … Continue reading

Posted in Financial, Murmuring, Social | Tagged , , , , , , , , , | Leave a comment

紐約市也將禁止雇主詢問薪資

去年麻州立法禁止雇主詢問前工作的薪資 (參考「麻州立法禁止詢問前一份工作的薪資」),而紐約市也要加入這個行列了:「New York City bans employers from asking potential workers about their past salary」。 New York City joined Massachusetts, Puerto Rico, and Philadelphia in banning employers from asking job applicants about their pay at current or past jobs after the … Continue reading

Posted in Financial, Murmuring, Political | Tagged , , , , , , , | Leave a comment

Stripe 對於控制 API 使用量的作法

在「Scaling your API with rate limiters」這篇 Stripe 的 Paul Tarjan 提到了四種如何保護 API 的作法。 前兩種都是 rate limit。第一種是最標準的「你一分鐘可以用幾次」的方式,這是最容易理解的方式。第二種是「你同時間可以用幾個 API request」,這通常會用在大量消耗資源的 API 上,避免短時間內被打爆。 第三種是拉到整體來看,把 API 分成重要與不重要的,然後直接保留確保重要的 API 有一定的 capacity 可以用: We always reserve a fraction of our infrastructure for critical requests. If our … Continue reading

Posted in AWS, Cloud, Computer, Financial, Murmuring, Network, Programming, Security | Tagged , , , , , | Leave a comment

信用卡的先天缺陷造成盜刷問題

在「Guessing Credit Card Security Details」這邊看到的攻擊手法,基本上無解,除非信用卡的網路交易也全面改成使用晶片... 手法其實很簡單,就是先算出一個合法的卡號,然後分兩階段攻擊取得資訊: 先去找數家只需要「卡號 + 日期」的網站,用暴力法踹出日期 (假設五年就是 60 次)。 再去找數十家需要「卡號 + 日期 + CVV2」的網站,用暴力法踹出 CVV2 (1000 次)。 所以 1060 次就擺平了... 就算所有網站都需要 CVV2,也是 60000 次的嘗試而已 (找數千個網站來踹),算是完全可行的方案。而目前只能靠 workaround 來防止,像是需要多輸入姓名與地址之類的資訊來擋...

Posted in Computer, Financial, Murmuring, Network, Security | Tagged , , , , | 4 Comments

Bitmain 的生意愈做愈大了...

Bitmain 做到打算直接弄一座 data center 來挖 Bitcoin:「Chinese firm building 135MW bitcoin data centre」。居然還是用綠色能源來玩出全世界第三大吃電資料中心: The complex, which will be capable of pulling 135 megawatts of power placing it at #3 of the most powerful data centres in the world, will operate primarily … Continue reading

Posted in Computer, Financial, Hardware, Murmuring, Network, P2P, Security | Tagged , , , , | Leave a comment

把 CSC (卡片背面的三碼) 變成 OTP (動態密碼)

把信用卡背面的後三碼 (Card security code) 變成動態密碼,雖然一般只會有三碼,但對於網路消費應該會有不少幫助,不過這樣就不能完全不拿出卡片了...:「This high-tech card is being rolled out by French banks to eliminate fraud」。 產品叫做 MotionCode,會先從法國開始: Today both Société Générale and Groupe BPCE, two of France’s largest banking groups, are preparing to roll out these cards across … Continue reading

Posted in Computer, Financial, Hardware, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , | 1 Comment

ING Bank 在羅馬尼亞的機房出事...

ING Bank 在羅馬尼亞的機房發生資料損毀:「A Loud Sound Just Shut Down a Bank's Data Center for 10 Hours」。 不過原因是因為火災測試時噴發的音量太大,導致硬碟故障 XDDD ING Bank’s main data center in Bucharest, Romania, was severely damaged over the weekend during a fire extinguishing test. In what is a … Continue reading

Posted in Computer, Financial, Hardware, Murmuring, Network, Security | Tagged , , , , , , , , , , | Leave a comment

MasterCard 在英國被告收取過高的手續費

在「Mastercard sued for $19 billion in Britain's biggest damages claim」這邊看到的幾個重點,第一個是歐盟對國際手續費 1% 的限制:(雖然 Brexit...) A lawyer working on the case said Mastercard charged shops fees in excess of 1 percent for card use on international transactions between 1992 and 2008.Although the … Continue reading

Posted in Financial, Murmuring, Social | Tagged , , , , , , , , | Leave a comment

Apple 的 App Store 的訂閱制度更新

先前在「蘋果 App Store 收費模式的改變」這邊提到的改變,這幾天細節公開了:「Subscriptions - App Store - Apple Developer」。 最主要的改變在於超過一年的費用從原來的 30% 降低到 15%: Within a subscriber’s first year of an auto-renewable subscription, you receive the traditional 70% of the subscription price at each billing cycle, minus applicable taxes. After … Continue reading

Posted in Computer, Financial, Murmuring, Recreation, Telephone | Tagged , , , , , , | Leave a comment