@Zenith Stripe offers two models of card reader for use with Stripe Terminal (which is different than their regular offerings). I didn't see anywhere Stripe accepted a raw PAN, just "fingerprints" generated by the reader, by one of their hosted checkout offerings, or by Stripe.js hosted on your checkout web page (which must be a web page).
Posts made by TwelveBaud
-
RE: The Official Status Thread
-
RE: The Official Status Thread
@Zenith I've done some hunting, and although Stripe refuses to do card-not-present on a terminal (physical or otherwise), Cybersource, Authorize.net, and Paytrace still do.
-
RE: The Official Status Thread
@Zecc option threeeeeee
Edit: Seriously though, don't do that. There are other knobs to twiddle with far less severe security implications.
-
RE: The Official Status Thread
@Zenith said in The Official Status Thread:
I have absolutely no idea why it does that or how the marshaller is magically fixing them.
The string pointers you get back out are pointers to the inside of the single string you passed in, so there's no memory management involved. The marshaller "magically fixes" them by making a separate copy of each part. The "constructor" (
WinHttpCreateUrl
) that consumes that structure doesn't care whether the string pointers point to (parts of) the same string or different strings, so either way works. -
RE: Onosecond
@The_Quiet_One TL;DW:
UPDATE `articles` SET `content` = REPLACE('content', '---', '<hr>')
outside of a transaction. Note how the second'content'
is a string literal, not a reference to the`content`
column. Nuked a major website update. Oops.Plus 7 minutes of blathering on the history of blather and 2 minutes of paid promotion to make the 11 minutes you need for a juicy, financially successful midroll ad.
-
RE: The Official Status Thread
@Zenith said in The Official Status Thread:
My guess is they both route, somehow, through the browser.
They do, for two reasons.
- If you render those four text boxes and a button, you need to be a PCI-DSS-compliant application software vendor, including filing the proper attestations of compliance, because your application "processes and stores cardholder data". If you embed a browser that renders a webpage that has those four text boxes and a button, then those obligations are on whoever run that web server, not you. Rationale: If your application was a website, the additional layer supposedly means nothing running on your site can intercept and get the cardholder data. You're not a website, so you have godlike powers over the embedded browser, so none of that applies, but the JS hipsters didn't quite think that through.
- 3D Secure (i.e. Verified by Visa) adds a step where you redirect or embed a webpage allegedly controlled by the payor's bank (usually some sketchy company like Arcot) that snoops around and confirms that the environment looks similar to the environment the customer usually browses in, potentially demanding additional secret passwords or online banking credentials. Somehow you're supposed to know that this extremely sketchy, phishy behavior is actually completely legitimate, and distinguish it from the extremely sketchy, phishy behavior of attackers.
-
RE: Is it safe to use __SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED ?
@Benjamin-Hall So why not have a dummy FP library that explodes the linker if it's ever used, make it available to the linker by default, and substitute the real one only for modules that have been properly determined to need FP?
-
RE: WTF Bites
@Zecc You can declare abstract accessors, just not private abstract accessors -- they'd only be available to the interface itself, not an implementer, not even if that implementer tried an explicit interface implementation.
-
RE: Not sure if good idea, bad idea or evil idea
@Captain They misspelled Spın̈al Tap
-
RE: Driving Anti-Patterns - Necro Edition
@Applied-Mediocrity The flying fuck fucked up the controls. After the ball was pushed away, he tried to back away to see what was up, and then repeatedly overcorrected to the point that the (fixed pitch) props had a useless angle of attack.
-
RE: Mostly not internet, and mostly just as shit as you make it
For extra fun, red isn't automatically 120° forward phase of black. It could also be 180° forward (residential 240v split phase) or a switched traveler. Or positive DC voltage, with black being ground -- the same potential as white on the AC side. And again, that's assuming things are wired correctly; it's entirely possible someone's swapped hot and neutral along the way.
-
RE: Mostly not internet, and mostly just as shit as you make it
@Polygeekery As you're ripping all of them out, make sure the descendants are downstream of the GFCI and not just downstream of the outlet itself. Although almost all GFCI outlets have two sets of terminals (the bottom set are protected), many old outlets have two sets as well -- one for each receptacle, so one side can be switched and the other always-on. Some contractors hook both cables to the top set because of this, necessitating each outlet have its own protection.
Also, I don't know where you live, but
codethe inspectors where I am require each GFCI-required outlet to be independently GFCI itself, regardless of whether or not it's also protected by another GFCI outlet or even by an RCBO at the breaker box. -
RE: What's an image file?
@Zecc said in What's an image file?:
transfer physical storage between camera and phone (assuming it's possible)
This is becoming less and less possible as devices transition from "the storage slot is for moving things on and off the device" to "the storage slot is the new internal storage since we cheaped out on the soldered-to-the-board kind".
@Zecc said in What's an image file?:
connect camera to phone using a physical cable (assuming it's possible)
This is becoming more and more possible. USB-OTG adapters are extremely rare and camera cables somewhat bulky, but USB-C to USB-A adapters are a lot more common (thanks Apple!), and as peripherals transition to USB-C themselves you'll be able to access your photos with the same cable you already use to charge your phone.
-
RE: What's an image file?
Maybe they spend most of the time browsing on mobile (or do so to upload photos), but haven't the equipment, training, or proselytization for USB On-the-Go. And for some reason they aren't capable of using Google Drive or iCloud. Without a convenient way to get the good photo to the place that they post, they make do with what they have.
-
RE: what is this google tag manager thing?
@sockpuppet7 On a slightly more serious note, because it it almost always used for analytics services, and analytics services have reached a critical level of end-user hostility (because the customer is maybe the site, usually a bunch of unrelated parties, almost never the end user), anything in that entire space is getting preemptively blocked these days to avoid further damage.
-
RE: what is this google tag manager thing?
@sockpuppet7 You can ask your web developer to add it to the page, and then tell GTM all of the
spywareanalytics packages you want to load. If you want to add moremalwarevalue-added services in the future, you can do it via GTM without having to bother your web developer again. Plus, it has built-in templates for most services, so turning your customers intoa virulent botnetbusiness intelligence couldn't be easier! -
RE: TDWTF Plays Picross
@error_bot f b23-i25 a1-a9 b1-b2 c1-c2 d1 e1 f1 h1 i1-i2 j1 auto
-
RE: TDWTF Plays Picross
@error_bot m b23-i25 a1-a9 b1-b2 c1-c2 d1 e1 f1 h1 i1-i2 j1 auto
-
RE: In other news today...
@DogsB So others don't have to read:
- You get a per-release tarball, not commit-by-commit source access. Unusual, but by no means "limited".
- The build system is brittle. This isn't a security or open-source issue. If you want a better build, make a patch on SourceForge for a better build.
- There's a security bug that's been open for months. I don't speak Hungarian, but that looks like a (Windows) HTML Help bug, and HTML Help is deprecated.
- The distributed binaries don't use all the compiler flags. Yes, adding stack cookies, Arbitrary Code Guard, and layout randomization are nice, but ACE is possible with or without them, and not having them reduces load time, memory footprint, and disk footprint. The author picked one side of the trade-off; with the source, you can pick another.
- There was an ACE bug with RAR files. ...okay? So why aren't you screaming at Eugene Roshal? Why Igor Pavlov?
- The installer isn't Authenticode signed. Okay, yes, but then the author claims that signing "prevents software installation from bad guys." Uh, not anymore, welcome to post-2015. Also, none of the suggested replacements are Authenticode signed either.
- SourceForge is untrustworthy. And water is wet. How is that 7-zip's problem?
- War in Ukraine! Again, this isn't an action item for Igor.
-
RE: The Official Status Thread
@error May the candles on your cake Burn like cities in your wake
-
RE: In other news today...
@Gribnit That's okay. If it turns out it ends in
kit
it still counts. -
RE: In other news today...
@HardwareGeek said in In other news today...:
I'm almost certain this was posted before, when she was convicted, but I can't find it.
-
RE: WTF Bites
@Benjamin-Hall said in WTF Bites:
What's more, the reported size of the keyboard isn't even right--it lies and says it's about 50 pixels taller than it really is. So if you just resize it to the stated margins, you get a white bar above the keyboard and below the content.
Is that with or without the supplementary band (autofill, autocomplete, autocarrot, paste, etc)?
-
RE: WTF is happening with Windows 11? And nothing else
@Tsaukpaetra It does that whenever it detects a screen reader that is trying so very hard to do the right thing, but was written back in the Windows 95 days and isn't using Active Accessibility (which has a slot for that). You may have some automation software, CBT software, or shitcoin miner that's triggering that unintentionally.
-
RE: I think I'm creating an WTF of my own
@HardwareGeek I initially interpreted the other half in an entirely different context too; I might be reading too many of 's posts.
-
RE: In other news today...
You may ask, how is that news today? Well, here's your answer:
INB4 "other news two days ago"
-
RE: UI Bites
@Tsaukpaetra You mean the server that has a most recent alert of "[SM]ART errors"? I think it has a couple of shiny glass plates with some rust next to them.
-
RE: In other news today...
@acrow The relevant regulations say that a specific notification sound and/or vibration cadence must be used, but nothing about required volume. It also says that the user must be allowed to (ahead of time) mute it if they're on a call, and may be allowed to mute it if they're not on a call. As well as turn off all but
PresidentialNational alerts. -
RE: Right to repair sold to the highest bidder
@boomzilla said in Right to repair sold to the highest bidder:
and then says how silly it is to use a torque wrench to properly tighten the screws.
He assumed a tech journalist for an online publication would be more careful and adept with his own, singular phone than a stoned 16 year old grinding through the motions on other people's shit. That assumption is clearly faulty though.
-
RE: Required reading for everyone!
Speaking of, @mott555 is the reader for the audiobooks of that series, which are coming out Soon, and he's also trying to port his plot management software from WPF to Avalonia so he can use it on Mac and Linux. I wish he'd post about that here though...
-
RE: In other news today...
@izzion That's only enough money to help 4.4M people, and only if it's the absolute easiest cases. Also you can't fix stupid, and it's a money pit to even try.
-
RE: In other news today...
@topspin Because brute-force isn't the only feasable attack. They screwed up so badly that rainbow tables are back in fashion.
-
RE: Visual Studio WTfs
@remi said in Visual Studio WTfs:
Something happens when pressing Ctrl that turns the mouse pointer from its normal "arrow" shape to a "hand" shape. I think it's indeed related to hints or some sort of navigation. Whatever.
It turns into a "hand" shape because, besides triggering word select, it also will navigate to recognized URLs instead of the non-Ctrl behavior of letting you edit them.
-
RE: WTF is happening with Windows 11? And nothing else
@Arantor said in WTF is happening with Windows 11? And nothing else:
Something about drives
Probably your EFI partition was 100MB instead of 250MB or your recovery partition was 10GB instead of 20GB, so it couldn't quite hold all the old files (for roll back) and all the new files (for roll forward) at the same time. Which was Microsoft's fault when they created those partitions.
@Atazhaia said in WTF is happening with Windows 11? And nothing else:
Why must it all come on predefined times instead of naturally?
Management at their enterprise customers loved having a predictable release cadence. Besides keeping units of change smaller, it allowed them to specifically schedule around it (pilot rollout three months afterward, general rollout nine months afterward, documentation updates
twenty four months afterwardnever) instead of having to deal with prior commitments being overridden. Theoretically.@topspin said in WTF is happening with Windows 11? And nothing else:
Why not use whatever "DirectStorage" does internally there?
It has several preconditions that not all I/O will meet. Things like "must be a multiple of
$clusterSize
/$pageSize
/$somethingElse
", "must follow these lifetime rules, which are stricter than the normal non-blocking I/O lifetime rules", "must be to a device that supports Native Command Queuing"... -
RE: WTF Bites
@Applied-Mediocrity If I remember correctly: You can no longer set your own e-mail settings -- if it's not built-in, not listed in the ISPDB, and doesn't have an autodiscover manifest, it doesn't exist -- and IMAP must support STARTTLS with a CA/BF-approved certificate, no more self-signed or legacy SSL bullshit.
-
RE: United Airlines: the airline we love to hate, but we can't agree on why
@scatters said in United Airlines: the airline we love to hate, but we can't agree on why:
Before 9/11 hijackings were regarded as hostage situations at worst; they were eminently survivable for passengers and crew.
-
RE: WTF is happening with Windows 10? And nothing else
These puns need a new angle of attack, or else they're just gonna stall.
-
RE: CodeSOD collection
@BernieTheBernie You and your explicitness...
var a = state ? delegate { /*true part*/ } : () => /*false part*/;
-
RE: The Official Status Thread
@Tsaukpaetra It appears to be a perfectly valid version 1 QR code, whose sole data block is empty.
-
RE: CodeSOD collection
@BernieTheBernie Nice glass bottle for pounding that nail in. You could use a hammer.