Mad. Bought some new trendy Nike ACG sandals on day 1. I've been watching for new ones to drop for the last 2 years or more. I finally bought a pair in my normal size for sneakers, but that extra room you're supposed to leave for sneakers is awful for sandals. The return suggestion is to just order a new one and get a refund when your order is returned. Problem is: they are out already after 4 days of the product -- of all 4 colors. So like what do I do? I want to exchange 1:1 and just get the size that I intended. If we assume something like 30% of people bought the wrong size thinking the same as me that you'd get "effective" shoe size for sandals, perhaps there would be a matching partner to swap. But I'm skeptical that I'd get like priority on the size exchange.

It seems some people flip them on Shopee for a small profit. I'd rather get that profit than return the sandals to Nike without getting a pair. I'd even take the other colors, but I want to really wear them.

Spent 2 hours this morning trying to get my electricity bill automated. The electric company, PEA, has only partnered with _some_ banks for its online bill pay. They do not email you a bill, they do not give you a bank account to send money to either. When I rolled in raising my voice about the issues of needing to be physically present to pick up my mail and needing to ask a friend to pay for me or go to 7-Eleven to pay my bill, they seemed to be a bit confused. So I ask them: what if I leave the country for a month? How do I go to 7? How do I check my mail?

Needless to say they finally gave me some forms to autodebit this from my account. Like I get that you don't want to partner with every bank individually, but you gotta give people an option to give you money without being physically present. Like, what if I want to keep my popsicles frozen while I go to Vietnam? Or wanted to leave a router on so I could SSH to my home network vacationing to Sri Lanka? What did we do in the past before the internet?

Watch "Cobra Comrades vs. the Ruthlessly Oppressive G. I. Joe!" on YouTube

Alas this was rectifiable. The next time you try to log into the website they put in your email to do the typical verification email flow, BUT importantly you can change that email then and there and it sticks. Now, why you can't do this from the website when I just did it from the website.... I'm assuming there's some dumb bureaucratic reason for this.

Need to go to bed. This is annoying. Living in a foreign country is annoying.

Show thread

They let you run a rooted phone with microG as well so you can protect your own privacy.

I wish I could say all of the above were applicable to fiat currency banks.

(Not trying to debate crypto good/bad, but their security game is often miles ahead)

Show thread

Kraken PRO has some of the best security measures for a financial app. Allow long passwords+special characters, 2FA isn't proprietary and SMS is not supported (wish WebAuthn was though), no analytics from Google/Facebook, custom logout, PGP, and not bombarding users with hCAPTCHA

Writing a complaint email to Bangkok Bank when

> Description error - special characters (" % ; : , * ( ) < > & | + -- =) are not accepted.

Sorry, can I not write English??

I wanted to change my email address to Posteo with my Thai bank, Bangkok Bank (ธนาคารกรุงเทพ). These guys don’t let you update it through the website or the app doing a verify email code that’s the industry standard, but instead you have to submit a full-on form that is sent to Bangkok and then a human reads it and enters your email change on your behalf.

If that wasn’t obtuse enough, there’s a very critical error in this very-Thai, paperwork-loving system: “human”. I opened app to see my account is changed to “Postco”.

I found my copy of the paperwork. I definitely wrote “Posteo”. Now I have to go back to the bank—probably needing to wait 20 minutes in line again—to resubmit this form and wait another week. This didn’t need to happen; computers are good at this.

I guess I need to write in block letters this time.

Following up with a second message:
The site says “SchwabSecure”, but the link seems more marketing fluff than any security details. In addition or to enhance the current situation, I would like to see the open standard Pretty Good Privacy (PGP) supported for secure messaging, emails, and uploading of documents on the Schwab site. If I had access to a PGP key for this bank I could encrypt my PDFs and know only Schwab could read it. Currently I have no indication such a practice is happening when I upload the data. Is it being encrypted in the web client before sending or is TLS supposed to be ‘good enough’? I would also like the ability to upload my own public PGP key to Schwab to have all emails and account alerts encrypted because this is my bank data and therefore possibly very sensitive. Also while I may be using an encrypted email account, I could only assume many people are using GMail and they should have the ability to not have Google reading their mail.

Show thread

Messaging Schwab bank today:

I’m messaging to express my contempt with Schwab security practice. While two-factor authentication (2FA) is currently supported, the only options are short message service (SMS) and a proprietary Symantec time-based one-time password (TOPT). SMS is well-known to me unreliable and insecure because of how cheap/easy it is to SIM-jack. While TOTP is good, doing it through a proprietary service means this service isn’t being publicly audited, and as such I can’t be sure that there’s not a backdoor in their TOTP implementation for hackers or government entities. There are open standards for generic TOTP that can use open-source clients.

I would like to encourage 2 big changes: 1) drop Symantec and use a generic, open-source TOPT implementation on your servers (while promoting open source autheticators, NOT Google Authenicator or Authy). 2) support universal two-factor authentication (U2F) keys using the open WebAuthn standard which can be used through easily-available USB keys.

What front-end build tool are you using now? Webpack? Parcel? Rollup? Snowpack? Something simpler? Something you built?

Does it actually make senses for a README to have images for build status? Isn't the README mostly meant to be read in text form? Or since everyone uses Markdown, AsciiDoc, reStructuredText, etc. they are now meant to read it via HTTP?

I will be moving new projects from GitLab to SourceHut.

`nix --offline build . | cachix push toastal` Awesome... so I need a flag to run offline??

Show thread

When we let all this corporate infrastructure run our no-longer-open-web, a CDN service like Fastly goes down and much of the web ends up broken. Apparently I need a CDN running to do a `nix build`? Wtf.

Did you want to use FaceTime on Firefox? Too bad you're not supported... unless you override the user agent, where it works. No technical reason to block Firefox, just more corporations trying to shuffle you into browser monopolies.

Real talk though (npi), in most FaceTime use cases, you should use and suggest Jitsi.

Show older

cybrespace: the social hub of the information superhighway jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal support us on patreon or liberapay!