The "d" in 3d means "domain", so three domains: the merchant, the card issuing bank, and the card scheme(s). The first two have to opt-in to the process for it to be enabled, and most (all?) card issuing banks already have so it's down to the merchant.
Not all merchants will opt-in to 3d Secure as they might see a greater loss in revenue due to the friction it creates versus the risk. They might be taking payments in a low risk sector and use other fraud checking factors, or it might not make sense for them - examples where you end up having to produce the same card in person anyway so "card not present" fraud doesn't factor in so much.
Some merchants don't opt-in as it would lose them millions of dollars of payments an hour due to the friction: Amazon for example.
I worked on the 3d Secure (and, formally, "Verified by Visa") integration at my previous job, and for a long time I was thinking I should write a blog post on what a complete mess of a protocol and implementation it [still] is. Haven't ever gotten around to that though.
> on what a complete mess of a protocol and implementation it [still] is
Banks are banks :)
> so it's down to the merchant
... or down to the implementation team that may not even have mentioned it to the merchant if said merchant is in an area used to insecure credit card payments ...
Opting out is still customer hostile if you ask me.
> Opting out is still customer hostile if you ask me.
That's debatable - I really dislike my own card issuer's implementation as they will ring me, rather than prompt for a OTP, which is a long process and not always convenient. Other card issuers have other implementations. That's one of the, er, issues with the protocol - a lack of consistency. There are many other problems with it.
I'm using this with a credit card, and that already has strong consumer protections if fraud should happen. I, as the consumer, do not get to opt-out of this poorly implemented protocol.
Merchants are sold the protocol with the argument that it reduces chargebacks, i.e. reduces their costs, not that it is good for their consumers. If I (or someone else) makes a payment with my card, and it passes the 3d Secure process, then the chargeback option is a liability that it taken by the issuing bank - and they shift that liability further by passing it on to the card holder: "This transaction when through 3d Secure, your charge back option for it is revoked".
That's hostile to the customer.
Like I said, I have a tonne of material for a blog post. I just need to be bothered to write it.
Chargebacks are extra work for the consumer too you know.
If we're philosophising, wouldn't it be better to have a honest system where the user authorizes all charges and the merchant doesn't get to auto renew subscriptions without user input just because they feel like it?
> Chargebacks are extra work for the consumer too you know.
It's not about work it's about the burden of cost due to fraud not being passed on to a consumer such that it could put them in financial difficulty. Chargebacks are there to protect the consumer and not the merchant - The 3d Secure "liability shift" (they literally call it this in the spec) flips that arrangement. Merchants are compelled to reduce their chargeback levels as they have to pay for each chargeback case, and should it become frequent their ability to process payments will be revoked.
Just turn on 3d Secure and your merchant chargeback costs reduce significantly. Nice? Not for the consumer. But I repeat myself.
> If we're philosophising, wouldn't it be better to have a honest system where the user authorizes all charges and the merchant doesn't get to auto renew subscriptions without user input just because they feel like it?
Merchants probably should notify their users with subscriptions, sure - I got one a couple of months ago from F1TV that my subscription will renew and maybe I don't want that subscription any more, or perhaps I want to change the level of my subscription. Other merchants won't be as nice, and dark patterns will creep in. Some companies have business models built on these recurring subscriptions.
I can't recall the rules around these, but I can recall that there are (were, we're going back 12 years here) systems in place to reduce issues for recurring payments. Even when a cardholder's details are updated, including replacement of a card and its PAN[1]. Any subscriptions would be retained to avoid interruption to the consumer's subscription, which might be critical for them (the consumer).
> Any subscriptions would be retained to avoid interruption to the consumer's subscription, which might be critical for them (the consumer).
Sorry, that's complete and utter bullshit. Even if you think you're defending the customer's position, everything you said is in the vendor's favour. It "reduces friction" but only when it's in their interest.
Please write that blog post if you can! It's such an interesting part of the industry imo but there's basically ~ public documentation or discussions about it.
Related - I gave a talk a couple of weeks ago about banking interchange formats, which is related to all of this. The slides are here (top one) and the recording of the talk (which I will link) should appear soon: https://leejo.github.io/code/
> My experience with Perl is that often the batteries are rotting.
I think the batteries metaphor was meant to refer to the std lib, or (for Perl) the "CPAN" modules that are part of the core. The Perl core always keeps those batteries charged because they can't do a release if any of those are dead. They even ejected problematic modules, or those that were long since defunct, from the core so they don't have to deal with them. Python went through this exercise as well: https://peps.python.org/pep-0594/
The core Perl devs will also go to great effort to test against the entirety of CPAN ("blead breaks CPAN" testing), but some of those distributions haven't been maintained in decades so they have to draw the line somewhere. Fortunately if it's on CPAN then it's forkable (for the most part) so someone can take up maintenance.
For this year's London Perl & Raku workshop I shortlisted 70 companies to look for sponsorship. That was with minimal research and effort. These ranged from long term ("legacy") users of Perl to startups. From small companies to very large and profitable fintechs. I cover this briefly in the talk I gave at the end of the workshop: https://www.youtube.com/watch?v=el7qHRpEDeE
Yes, there is far less Perl than there was 20 years ago. But Perl was everywhere at one point, and the halflife of programming languages is long so it's still in a lot of places. Programming languages don't die, they just stop being talked about in favour of the shiny new ones.
> Programming languages don't die, they just stop being talked about in favour of the shiny new ones.
You're largely preaching to the choir, I don't disagree with anything you said.
As a web application developer who got started professionally in the 1990s, I not only vividly remember Perl being everywhere, I actively wrote a lot of it.
However, in my more recent experience, it is more likely to hear people talk about COBOL, FORTRAN or C++ than it is to discuss Perl. All of those languages predate Perl.
Java also still gets a ton of discussion and it's not shiny and new anymore.
Most of us who spent time writing and maintaining Perl in the 1990s were all too willing to abandon it in favour of other languages with similar features, not because they were shiny and new but because of major pain points with Perl (it earned the meme that it's a write-only language). In my opinion, Perl's greatest contribution and staying power was it's regex engine and syntax which persists.
I don't even like python, for what it's worth, but it's popular for more reasons than it just being "shiny and new" (to the extent that you can even say that about python these days).
My main issue is that "People still use Perl?" has essentially become a meme at this point. I'm relatively sure that any sufficiently commented on or upvoted thread on HN gets that statement in it somewhere.
Yes, Perl is still used. Extensively. People and companies just don't talk about it. That's the problem with Perl these days.
(Personally I think TAP and CPAN were Perl's greatest contributions, as I was never a heavy user of regexp).
* The Perl they have is so low maintenance they don't think about it much
* Or they're planning to rewrite it but haven't yet got around to it... after more than a decade?
* They have nobody working on it that is vocal about it or active in the community/blogsphere/etc
* The company policy is to not talk about it
* Or talk about any tech they use - think: banks, large enterprise, fintech
* Or they're successful enough they don't feel the need to talk about it
* They're open source tools or distros that have a mass of other tech so Perl gets ignored even though its practically embedded - Linux distros, git, etc
* The Perl is on the periphery, or not the core logic - test suites (memcached for example), used in build systems, pipelines, Make, oneliners, etc
There's an argument to be had that Perl's strong backwards compatibility has meant it has sat there working in the background for years (decades in some cases). And, as most of us know, when tech "just works" it doesn't get talked about.
I think that all makes sense. I would perhaps as an outside observer also lay the blame at Perl's feet - with Perl 6 the momentum seemed to crash completely over a decade or so.
Last company used Perl but we didn't talk about it because it was all frozen. If anyone ever considered touching it for more than 2 hours, it was likely to get rewritten into Python/Powershell. Last perl thing I had touched, entire repo hadn't seen a commit for 4 years until mine.
I think the lack of discussion of perl is in part because from a bird's eye view, python and perl do exactly the same stuff in exactly the same way, but python has the mindshare. Because of perl's depth and flexibility, for the average developer team it can be really hard to manage.
There's a similar story around javascript - note how es6(?) introduced `"use strict"`. Old school javascript always struck me as a bit like crippled perl with really good vendor support.
I'm of the generation that were forced to write with the right even though I was a natural lefty. I also broke my left arm when I was 2, which may have made things even more messed up. These days I:
* Write with my right, my left is not quite as quick/tidy as my right
* Swing/grip with my left (cricket / golf / etc)
* Use my phone with my left
* Mouse with my right
* Cut (scissors) with my right (but we don't have any lefty scissors so...)
* Drink a pint with my left
* Play guitar with my right (but i learnt with a RH acoustic, so...)
I'm not sure why people have started to make reversed musical instruments. I saw a video with a reversed piano, calling it "left-handed." I am a left-handed person who plays the piano and I had always thought the keyboard was laid out like an ascending scale on paper rather than having something to do with handedness - low notes on the left and high notes on the right.
The motions involved in playing music are so weird that I don't think it matters that much. Even if it does, there might be techniques that you find easier to master with one handedness or the other.
I will also add that I have been complemented on the facility of my left hand when playing, but when I hear the people who say that play scales, it's very clear that they don't practice technique with both hands equally.
Piano music is mostly written by right-handers for right-handers. I'm strongly left-hand dominant. For music that's intended to be easy to play, the primary voice is almost always on the right hand. Where the music wants the most dexterity, I have the least.
At the developed level where the composer doesn't give a damn about how easy it is for the musician to play, yes, both left and right-handers have to figure out how to realize the piece and would make use of their strengths to do so.
For instruments like guitar I think the case for reversing the handedness of the instrument is a bit stronger, since the hands serve very different roles there.
I don't think that's the actual reason, even for teaching music. The primary voice is in the right hand because the right hand is higher and so the waves it generates have higher energy at the same volume, making it the easiest voice to hear. I assume that in arrangements and pop music, the arranger naturally puts the melody on top and fills in as much harmony as they care to (which is usually not a lot unless you pay for the arrangement).
> Piano music is mostly written by right-handers for right-handers
Even if that does not directly say that people (right-handers, specifically) insert their handedness bias into the things they write, it does certainly imply that that is important for people who write piano music to put the athletic part (the melody) in the more dextrous hand. It is not. The reason for the right hand to carry the melody is the sound projection of high notes, nothing to do with handedness.
Incidentally, many famous composers in the piano canon were lefties. Rachmaninov, Prokofiev, and Ravel all have strong evidence of being left-handed. CPE Bach may have also been a lefty, as may have Mozart and Beethoven. This is not "right-handed people making right-handed music" by any means.
I taught guitar for three years to groups of undergrads. I noticed that most lefties had no problem playing a right-handed guitar. However, occasionally I would have a student that just struggled mightily and things clicked when they switched to a left-handed guitar.
I went to a Don Ross workshop once and there was a left handed player there doing the upside down RH guitar thing, which was especially impressive due to the style of music and having to play the bass notes with their pinky.
I think if I had a learned on a reversed piano - it would not transfer to a regular piano - I would be able to play better.
What which hand is responsible for (melody, accompaniment/rhythm) have very different dexterity requirements. Learning melody on the dominate hand would be preferable to me, in hindsight.
With an electronic keyboard, reversing the tones should be easy enough to do. However, I have not noticed that feature.
Wouldn't you want the more dextrous hand to be the one choosing which notes to play? My sister plays string instruments, and she has commented many times that I am lucky for being left handed because lefties have a better time with complex fingering.
I suppose that it's easier to start out right handed on guitar, though, when the right hand is more active than the left hand.
I'm a lefty and I played right handed guitar growing up. I never got very good at strumming and picking. Five years ago I switched to left-handed guitars and I think I'm much better than I ever was as a righty. Picking the strings well, to me, is the most difficult part of playing a guitar.
I've never really liked that reasoning. If that's the case, then right-handed people should be playing "left-handed" guitars, with their right hands doing the fretting.
Personally, fretting with my left hand just doesn't feel natural. When I first got interested in playing, I asked a salesman at a Guitar Center about left-handed instruments. He handed me a standard guitar, and showed me the fingering for a G chord. It was uncomfortable, but that's obviously expected for the first time I'd ever held a guitar. However, when I flipped it around and fretted with my right hand, it felt much more natural. So ever since, I've played left-handed.
I play a right handed ukulele left handed (neck in my right hand, strumming with the left hand, but strung normally). Since the body is symmetrical, and I learnt like that from the start, I've not really had an issue. Plus, it means I can pick up and play any old ukulele without having to re-string it first. However this doesn't work for something like an electric guitar which you cant really play "upside down"
- Write with my left
- Cricket/golf right
- Tennis/squash left
- Bowl/throw left
- Mouse right
- Drink left
- Eat right (fork in left hand, knife in right)
- Cut left (but usually don't bother because scissors never work)
- I also kick well off both feet (although favor the left foot slightly)
I'm definitely more left dominant but can usually do most things well enough with my right. I was also never told/forced to be right-handed.
I thought I was the only one like that, except my dominant leg for kicking is the right one, and I eat with fork on right hand, knife on left; and I use scissors with my right hand. I also play the guitar as a right-handed person.
When I tell people these things, I can see total confusion on their faces. Quite funny.
I'm one of those lefties who have been forced to write using my right hand too.
It cost me grades throughout my whole time at school and university. This is why I write with my right hand. It's ugly, but most of the time I can read it. Luckily, we have devices today which make handwriting not so necessary anymore.
It was a blessing when I learned spreading butter on bread with my left hand...in my late 20s. Those many times I just ripped through the bread. Also forced upon me on some church vacation where me doing it with my left hand was just uncomfortable for my table neighbor and why I had to stop it according to the adult watching us.
Yeah...it is more than "a bit annoying" in this right-handed world sometimes.
Get those lefty scissors. They are such a blessing!
> In this specific case it’s a little funny, just because the author is a photographer. Literally all of their criticisms (other than “it looks bad”, which is obviously both ephemeral and subjective) were leveled against photography mere decades ago
Indeed, and if you read the post fully and watch the linked presentation you would understand I have no problem with generative AI nor LLMs. My 20 minute talk goes into much more detail about this. The history of photography is littered with examples of the criticisms that are being directed towards this space.
Photography is built on manipulation, lies, half truths, misdirection, fake narrative to fit the use case, memory loss, and so on.
The problem I have in this space is the lack of competence. Both in the tools and in those using them. "This looks fine", or "this reads fine", or "this works fine" is a race to the bottom.
Oh crud, I never check the usernames posting when I should. Thanks for the polite response to a somewhat aggressive comment!
I will admit, I stopped reading at "bollocks" thinking the rest would be about your disfavored news sites, so that's 100% on me. Will try to check out your talk over dinner, your thoughts on photography here are certainly compelling.
In general I think the problem here is "you're addicted to the internet to the extent that you're consuming content you don't even like" more than any particularity of 'hero images' (TIL!) or generative art, but that's very possibly a projection of my own struggles. At least I'm addicted to HackerNews and Reddit instead of finance news, I suppose...
If you're curious about those, they're all photos of the various sporting events that happen in the village here. All the effects you see are captured in camera through movements or otherwise.
This might also be that DJI have owned Hasselblad for a while now, so they're sort of already in that space and Fuji don't want them to dominate it [too much]. Fuji's high resolution offerings are superior to Hasselblad's (IMHO) and cost half as much. They could eat up this market quite easily.
I assume Ticketmaster are fighting fires at the moment, or it could be coincidence, as I logged in to change my [unique to Ticketmaster] password and the 2FA confirmation appears to be broken, as it gave the same code 3 times and wouldn't accept it, plus the emails to reset the password aren't going out (or are going out slowly).
Hope you hashed, salted, peppered those passwords Ticketmaster. And I hope you were following PCI level 1 correctly otherwise if this is true then you're a bit fucked really aren't you.
Not all merchants will opt-in to 3d Secure as they might see a greater loss in revenue due to the friction it creates versus the risk. They might be taking payments in a low risk sector and use other fraud checking factors, or it might not make sense for them - examples where you end up having to produce the same card in person anyway so "card not present" fraud doesn't factor in so much.
Some merchants don't opt-in as it would lose them millions of dollars of payments an hour due to the friction: Amazon for example.
I worked on the 3d Secure (and, formally, "Verified by Visa") integration at my previous job, and for a long time I was thinking I should write a blog post on what a complete mess of a protocol and implementation it [still] is. Haven't ever gotten around to that though.