shower thoughts

 an sms I sent an hour ago has not been delivered.

it's because the messaging app used RCS by default.

I'm not sure why it's set to do so, but I guess nobody would actually use RCS unless it was turned on by default. 

nobody cares if a message is sent over RCS or SMS as long as it gets to its destination.

these days, everyone has data on, unless they've turned it off, in which case they probably don't want messages either - so that's an advantage.

wonder what other advantages RCS has.

I assume, unlike MMS, there is no fallback system for RCS (MMS used to send you a SMS with a link as an alternative to downloading the MMS itself on the phone).

so RCS probably is completely carrier independent and should be free/unlimited.

can RCS have a fallback like MMS did?

that would require the messaging client to support it over SMS.

any client side SMS to RCS bridge needs an intelligent client, but there is no guarantee of that. after all, you could be sending a SMS to a 25 year old phone.

25 year old phones are interesting. they had a strange sort of data connectivity, WAP.

I wonder how WAP actually worked. it definitely wasn't regular TCP/IP, and while the pages looked like very basic HTML, I'm sure there was more to it.

I wonder what's the application protocol part of WAP. could there be applications other than a browser on WAP?

MMS is an application, in a sense.

If there could be other applications on WAP, I wonder why I never heard of them.

I'm sure if there was a way to use WAP to chat, yahoo and msn messenger would have developed an app.

man, yahoo and msn messenger on WAP was crazy!

remember hitting refresh every 5 seconds to check for new messages? and the contact list that sorted itself by time seen, with online, idle and finally offline sections?

I think there would be an asterisk next to the name of the contact who had an unread message waiting for me.

unvisited links would be blue. visited, magenta.

I wonder how big each page was. definitely under a kilobyte. but they still took time to load!

I guess mobile Internet was so slow and limited back then that there was no point counting data. if you could find a way to use more than what would be considered fair, knock yourself out!

it's so hard to come to terms with that until WiFi came to phones in 2008, the only way in was via mobile networks.

2008 is not that long ago. broadband was pretty fast. MP3s were 10 years old. YouTube existed! and yet the only way to get something on your phone was mobile data or the memory card/USB port. and only data could be realistically called online communication.

it's now November 2023. so that was 15 years ago. my second phone.

my first phone was purchased in February 2004!

i wonder what was the date I purchased it. it definitely deserves a commemorative blog post. 20 years of smartphones!

I know exactly where it would be. my old blog!

ah, my old blog. back when I blogged and nobody read it because nobody around me knew what a blog was.

it's so much easier to blog now.

I miss my old school, hand-crafted blog.

I don't need to miss my old school, hand-crafted blog.

I am going to revive my old school, hand-crafted blog!

I wonder if it'll be safe to run ASP on a windows 2000 VM and expose it via my dynamic DNS.

Nope, definitely won't be safe!

Let's just stick with old school and forget about hand-crafted.

If it's a good platform, I should be able to import all my old posts into the new blog.

wouldn't it look weird? a post a day (or a couple a week) from 2003 to 2006, and then suddenly we jump to December 2023?

actually, it won't be weird. I'm sure I'm still almost the same.

I should take the images from the original website and stick them on the blog though.

"welcome to Kristopher's corner of the world wide web" - it doesn't get more late 90s corny than that!

I remember the font. my favourite font.

did the font make Kristopher look like krist0ph3r?

if it did, I now know where I got my inspiration from.

I must blog this on my main blog. 

paypal scam/security issue: you could be billed by merchants you've terminated your agreement with!

Paypal users:

Turns out some sellers add themselves as pre-approved billers and don't/can't remove themselves when you cancel your membership/billing agreement. You have to remove it yourself, or they could charge your paypal in the future without any advance warning. Your only clue would be a notification that the money has already been deducted from your paypal, and at that point you cannot decline/reverse the transaction by yourself.

To prevent that, remove unwanted billers from the following link:

https://www.paypal.com/myaccount/autopay/

When I checked today, I had a couple of merchants on the list who I have not used in years, and am personally aware of merchants who have fraudulently charged people I know in the last couple of days. 

Paypal refuses to entertain any complaints regarding merchants if they're on the list - their argument is that you have agreed to be billed by the merchant, so any problems are now between you and the merchant. Paypal has also said that the agreement can only be ended if agreed by the user AND the merchant, which leaves the feature wide open for abuse.

The feature of being able to view pre-approved billers is new to paypal even though having pre-approved billers is an old thing. it could be that paypal added the feature in response to complaints, but their handling remains poor. Please take care of yourselves by removing billers from the list, or you might be faced with a lengthy fight to get your money back! If the balance was deducted from paypal itself you're out of luck. If it was deducted from your credit card you still have hope as you can raise a dispute there.

ps: special shout out to past users of Shaw academy (www.shawacademy.com), as they recently did this (deduct money from people who had canceled their memberships over a year ago)

security #fail

warning: long post ahead. summary at the end.

recently, I received a call from HDFC bank, from someone who claimed to be my "personal banker". I was wondering why, because I used to have a personal banker long ago, but he suddenly disappeared off the scene, and I honestly didn't miss him one bit, because there's nothing I need a personal banker for.

in fact, that guy prompted me to once tweet that "a personal banker is a salesman you're forced (or was it obliged? I don't remember) to be nice to 😁"

so this well spoken lady claiming to be my personal banker introduced herself and asked me to save her number and whatnot. and then she said that she could see I was eligible for a credit limit enhancement on my credit card. I have no idea why anyone would offer me that, as I don't even use that card. but apparently your credit limit contributes to your credit score, and it's always good to have a good credit score. or maybe I was simply in a good mood and wasn't too occupied with work that day. either way, I agreed. she said that I would receive a OTP on my mobile, which I would have to key into the IVR. sounded legit.

the IVR switched on, it asked me to enter my card number. when done, it asked me to enter my OTP. since the OTP was on my phone, and I was on the call, it took a few seconds to switch apps and read the number, memorize it, switch back and dial it. and HDFC somehow expected me to be super quick, so the IVR exited before I could dial it in. the lady was back on the line. she said I took too long, so I would have to try again. she launched the IVR again. I entered my card number. it then asked me to enter my OTP. and then I heard my "personal banker"'s voice, asking me to hurry.

WHAT?!!

I was too shocked to respond.

she was on the line with the IVR, had already heard my card number, and was about to hear my OTP!

I was literally shell shocked. I thought I was this close to being scammed. if she hadn't spoken, I'd have been a goner (metaphorically speaking).

the IVR exited, I regained my composure, and asked her why she was on the line. I told her that I was extremely uncomfortable with this and did not want to go ahead with it. she was polite, but it was clear that she didn't understand my concern. I tried explaining as well, but she was like "I can only hear beeps, not the actual number"

she obviously didn't know how tone dialing (or indeed, IVR systems) work.

I gave up and made an excuse and hung up.

I didn't really need the limit upgrade, but she had set my mind working. is there any way to verify that this is or is not some sort of scam? I thought hard, and the only thing I could come up with was the HDFC official call center. so I dialed in, and of course I had to enter my authentication details on the IVR, something I have done scores of times before, but which got me thinking this time. anyway, I guess the number listed on my card and the website had to be trusted, I hoped.

I finally got someone on the line. I asked her if I was eligible for a credit limit upgrade. she affirmed. I asked her to confirm my current and new limit. it matched what I was told earlier. she told me I would be sent an OTP and would then be put on the IVR. so far, the story matched. I had just one last point to confirm. I asked her if she would be on the line while I entered my details.

she said she would.

this time, I didn't bother arguing. I had called HDFC on their listed number, so unless an extremely well engineered scam was in place, I should be safe.

the transaction went through, I got a message from HDFC confirming that my request was accepted to etc.

I called my "personal banker" to let her know that I had done the upgrade by calling phone banking, as I was not comfortable entering my OTP on an inbound call. she still didn't understand, but I didn't care.

I haven't heard from her ever since. but I did get a call the other day from a guy who also claimed to be my personal banker. I told him I already have one, and he insisted that he was my real personal banker from the head office, while the other person must have called from some branch.

I'm pretty sure he's not from the head office, because he wants to meet me in person now. I'm just bracing myself for more insecure bullshit and another attempt to sell me something I don't need.

anyway, TL;DR:

do not enter personal details on IVR. especially on an inbound call. if it's an inbound call, selling you something you want, find a way to get to the same offer from an outbound call to a verified number. do all due diligence to verify the outbound number. and never accept an outbound number that's given to you by the caller. they are bound to make excuses to avoid this, but be firm.

do not assume any IVR is secure. those "beeps" are the keys of your keypad being transmitted across. anyone listening will know what you have entered. so be wary.

and whenever you come across a bank legitimately forcing or inducing you to do these things, give them feedback that this is not acceptable.

(ps: have you come across any other such suspicious things? let me know in the comments, I'll be happy to vet and write up about them!)