For those who are wondering about the alleged soft filter on the iPhone XS, and other details about the new iPhone XS camera.
What’s this about a ‘soft filter’ on my selfies? It doesn’t exist.
What is it?
The so-called unified QR code is finally out.
SGQR code is purportedly Singapore’s effort in “unifying” the fragmented e-payment market – what with DBS PayLah!, Singtel Dash, Grab Pay, LiquidPay, AliPay etc coming into the fray.
For consumers
Your current payment app probably works with SGQR already. All you need to do at the merchant checkout is:
• PICK and launch your preferred payment app
• SCAN the SGQR and check the merchant name
• PAY the correct amount
In other words, ideally a consumer can use his/her preferred payment app to make payment to a merchant through SGQR.
How well has it achieved its goals?
There are some upsides and some downsides. On the upside, consumer will only see one QR code per merchant. So it is less confusing compared to now where the payer have to carefully match the array of QR codes being shown to the right app.
On the downside, while the SGQR specification can enable multiple e-payment providers, merchants are unlikely to sign up with ALL of them (up to 27 payment schemes). So you can end up in a situation where you see a SGQR code but are unable to use your preferred payment app (say Grab Pay) to make payment. The payer have to look at the row of icons below the QR code to know which e-payment solution is accepted.
Technical Details
Very little technical information is publicly available about this SGQR code. After some research, I found on MAS website that it’s based on EMVCo QR code. EMVCo is made up of members from American Express, Discover, JCB, Mastercard, UnionPay, and Visa, and is the body that creates standards for secure payment.
Let’s try and see what the QR code contains. Fortunately the QR code in the article is clear enough to be decoded:
To parse the content of the QR code, one can refer to the EMVCo QR code specifications which is available on the EMVCo website.
After a bit of parsing,
It’s clear that this QR code contains meta-data for only some payment providers.
Conclusion
We are still in the early days of SGQR. It remains to be seen how widely adopted businesses and consumers will take to this form of payment.
For now, the only thing it probably saves is real-estate for display QR codes.
Update (2018-09-21): Yeah! This article made it onto the front page of Hacker News! See the comments on HN here.
Remember this next time you’re on a Dreamliner.
Basically it says that all Boeing 787 Dreamliners have to be switched off every 248 days. If they are not reset then the generator control units GCUs will go into failsafe mode and the plane will lose all electrical power.
Source: Reboot Your Dreamliner Every 248 Days To Avoid Integer Overflow
We are in an age where the proliferation of sensors to collect data for analytics is becoming common-place. However there needs to be more caution in completely trusting the result of the data collected, eg. sensors can malfunction, there may be software errors, unprotected endpoints can be hacked etc.
The error resulted from a faulty sensor over the main entrance that was initially detected in the spring of last year, a museum representative said. At that time, an engineer was sent to repair the device, but the device later failed a routine accuracy test in July last year.
When software doesn’t behave as expected, it can be really difficult to find out why. In this case, someone experienced an odd hanging problem while using GMail on his powerful computer and decides to investigate. Read on for all the gory details.
…I was just engaging in that most mundane of 21st century tasks, writing an email at 10:30 am. And suddenly gmail hung. I kept typing but for several seconds but no characters were appearing on screen. Then, suddenly gmail caught up and I resumed my very important email. Then it happened again, only this time gmail went unresponsive for even longer.
IOW, location data can be mined for valuable information. The proliferation of sensors in everyday devices and the rapid adoption of IoT has put the spotlight on the problem.
This was all sparked when reports surfaced earlier this year of a fitness-tracking company, Strava, publishing maps showing where users jog, bike and exercise. Since many of its users are members of the military, their jogging routes and other exercises showed exactly where the US has service members around the world, as well as showing their running routes.
Categories
PIN number analysis
There are many articles on how people chooses passwords. This article is purely on analyzing PIN numbers. Some observations are obvious but there are quite insightful ones too.
There are 10,000 possible combinations that the digits 0-9 can be arranged to form a 4-digit pin code. Out of these ten thousand codes, which is the least commonly used?Which of these pin codes is the least predictable?Which of these pin codes is the most predictable?
Source: PIN number analysis
This is both wild and wow. Someone essentially built an iPhone X look-alike both in terms of hardware and software, but it is actually running Android.
Spear-phishing is quickly becoming the most popular technique for hacking high-value targets. The SingHealth hack was suspected to be due to spear-phishing as well. HR is obviously most at risk, as they need to review resumes which can come as PDF or Word document.
The lawsuit notes the company determined that it was likely the same group of attackers responsible for both intrusions. Verizon also told the bank that the malware the attackers used to gain their initial foothold at the bank in the 2017 breach was embedded in a booby-trapped Microsoft Word document.
Source: Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M — Krebs on Security
Good pre-emptive measure to prevent possible misuse of information from the SingHealth hack.
“With immediate effect, all financial institutions should not rely solely on the types of information stolen (name, NRIC number, address, gender, race, and date of birth) for customer verification,” MAS said in a statement.
“Additional information must be used for verification before undertaking transactions for the customer. This may include, for instance, One-Time Password, PIN, biometrics, last transaction date or amount, etc.”