Archive for October 2014

Internet access monopolies punish rivals and catch innocent bystanders in the crossfire—legally.

He came to wonder whether, in their attempts to charge Netflix for access to their subscribers, Comcast and some other networks were recklessly affecting Internet connectivity for businesses like NEPC. Could that possibly be true?

The answer is yes. What started out as suspicion is now fully documented, in a study

via Jammed — Backchannel — Medium.

iPad at a Crossroads

I’m not entirely sure it’s in the best interest of the iPad to be tied so closely to the iPhone. Ultimately, a more aggressive branching of the iPad’s operating system away from the iPhone’s operating system may be necessary. Doing so may be the only way that Apple starts to answer the critical questions at the heart of the line: “What, exactly, is unique about the iPad? What can it do better than any other device? And why can’t customers live without it?”

via iPad at a Crossroads +

Apple Pay Competitor CurrentC Hacked

CurrentC, a mobile payments solution and competitor to Apple Pay, hasn’t launched officially but its already been hacked, reports Business Insider.

However, it’s embarrassing because Wal-Mart previously told us it wasn’t supporting Apple Pay because, “Ultimately, what matters is that consumers have a payment option that is widely accepted, secure, and developed with their best interests in mind.”

via iClarified – Apple News – Apple Pay Competitor CurrentC Hacked.

as previously stated.. DOA or even Dead Before Arrival

Don’t do math in iOS 8’s Notification Center

Finally, there’s the exhaustion. Haven’t we seen this story a million times before? But here we are again, with another App Store ruling that feels arbitrary and inconsistent, isn’t explained, and harms the platform overall by sending a message to developers that any attempts to innovate could be met with arbitrary rejections at any time. Even getting your app accepted and promoted on the App Store does not protect you, as Thomson discovered, because a few weeks later someone made a decision “high up.”

via Six Colors: Apple: Don’t do math in iOS 8’s Notification Center.

I was really hoping we were past this, one of Apple biggest blemishes

UPDATE: Resolved, Apple allowing it now, unfortunately I think if this hadn’t gotten so much press it would have been blown by

Risk associated with not taking ApplePay

Security: Apple Pay is more secure than plastic credit and debit cards. Any merchant who chooses not to accept Apple Pay is taking a serious risk at this point. I would not want to be the retail executive who explains to my iPhone carrying customers why I forced them to swipe a credit card at my store in December 2014 and then had my security systems breached. Based on recent history, this scenario is likely to play out, and it will be very ugly.

On-device commerce: Apple Pay in app payments are magical. As someone who has studied transaction flows, worked on many mobile payments products and considered virtually any payment interaction you can imagine, the ease and simplicity of using Touch ID to complete an on-device transaction brings an automatic smile to my face. The well documented gap between commerce revenue on iOS vs Android is about to widen significantly.

Retailers: You’re starting to see who the creative, curious, bold physical and e/m-commerce retailers are by who supports Apple Pay and other mobile payments, loyalty and coupon schemes. I am long retailers who embrace new technology through pilots and tests and then double down where they are seeing success. I am short retailers who repeat the mistakes of other industries such as music, clinging to outdated technology and customer engagement models that are proving to be broken. These retailers will eat sand while their competitors smoothly ride a beautifully cresting technology wave.

Financial institutions: If you’re wondering who the big winners are in the Apple Pay scheme, look no further than your latest issuing bank e-mail, card network website or TV ads during the weekend sports games. Card issuers and networks are literally blanketing the airwaves to market their participation in Apple Pay. Apple has embraced their tokenization and security scheme, preserved the traditional payment routing paradigm and increased the likelihood that the status quo, high interchange model stays in place.

via Rapid Fire Thoughts On Apple Pay | Just Dudas.

Graphic Design A-B Testing

Dilbert comic strip for 10/27/2014 from the official Dilbert comic strips archive..

Stupid is as Stupid does: Retailers Are Disabling NFC to Block Apple Pay

Think about what they’re doing. They’re turning off NFC payment systems — the whole thing — only because people were actually using them with Apple Pay. Apple Pay works so well that it even works with non-partner systems. These things have been installed for years and so few people used them, apparently, that these retailers would rather block everyone than allow Apple Pay to continue working. I can’t imagine a better validation of Apple Pay’s appeal.

And the reason they don’t want to allow Apple Pay is because Apple Pay doesn’t give them any personal information about the customer. It’s not about security — Apple Pay is far more secure than any credit/debit card system in the U.S. It’s not about money — Apple’s tiny slice of the transaction comes from the banks, not the merchants. It’s about data.

via Daring Fireball: Retailers Are Disabling NFC to Block Apple Pay.

would also add.. CurrentC their stupid alternative has lost already.. they just can’t / don’t want to accept it yet

ultimately what these retailers are fighting is they hate the credit card fees, but that is not going to go away no matter how hard they try at this point.

SSL History and insecurities

  • Up to circa 2003, the implementation of certificate validation in Internet Explorer / Windows did not process the “Basic Constraints” extension properly. The net effect was that anybody with a 100$ certificate could act as a CA and issue “certificates” with arbitrarily chosen name and keys.

  • Because people never learn, the Microsoft implementation of SSL used in ASP.NET was still unpatched as of 2010 (eight years later !) when Rizzo and Duong reimplemented the Vaudenay attack and built a demonstration which recovered HTTP cookies.

certificates – How does SSL/TLS work? – Information Security Stack Exchange.

great history on SSL, i hadn’t kept up on it for a while and was surprised to see how long microsoft had left these vulnerabilities open.. also interesting find i did not know about:

URLs are passed in Referrer headers – if a secure page uses resources, such as javascript, images or analytics services, the URL is passed in the Referrer request header of each embedded request. Sometimes the query string parameters may be delivered to and stored by third party sites.

How Secure Are Query Strings Over HTTPS?

An Apple Pay loyalty program could arrive

But the site confirmed information from a recent piece appearing in Digiday regarding Apple Pay monetization via iAd.

The report also does a nice job explaining how the program would work:

One way they’ve [Apple] thought up is, say you’re in a Duane Reade, hypothetically. You get a push notification from Pepsi that they’ve worked out a deal with Duane Reade that you can get a free case of Pepsi. Just pick it up and use Apple Pay at the counter.

The program will probably use Apple’s iBeacon technology, because it can apparently pass “richer” data than just an NFC connection. Apple has reportedly begun to sell, or even give away, iBeacons to some retailers for this specific purpose.

Introducing: Flickr PARK or BIRD

tl;dr: Check it out at!

We at Flickr are not ones to back down from a challenge. Especially when that challenge comes in webcomic form. And especially when that webcomic is xkcd. So, when we saw this xkcd comic we thought, “we’ve got to do that”:

Creative Commons License

via Introducing: Flickr PARK or BIRD |