Website fixes ;-)

Thanks Rick – I hadn’t noticed that mistake – all the other links act appropriately, just not that one.

I’m surprised HTMLEdit didn’t automatically deal with this for you.

Am currently suffering from hosting issues as I updated the pages to include ARMbook yesterday at lunchtime,

Is it perhaps your local cache? There’s a picture of it, and a link, on the left menu. Going to it….shows information on the ARMini family, with a little link to a PDF at the top.

This may be the straw that breaks the camel’s back.

I’m surprised it isn’t a live update. The last time a saw a staggered update was that system ArgoNet used to use where it would upload a specially packaged zip file that would be unpacked (usually!) on the server.

Also, it should probably be RISC OS Developments that I point too these days – it is their property! ;)

Fair point. This looks like a reasonable target: https://www.riscosdev.com/about/
(assumption – somebody looking at a link about RISC OS may not actually know what RISC OS is…)

If you have a spare moment, may I suggest a look at http://www.riscosbits.co.uk/ ? Very clearly laid out with information, contact links, and a “buy it” button (via PayPal) on pretty much everything. It’s a site intended to sell stuff.

Oh.
My.
God.

Just rummaging around, came across http://www.riscube.co.uk/Machines/OrderL.html... I’m saying nothing other than noting that you do yourself no favours asking for credit card details to be sent to yourself (rather than a known payment processor) over an unencrypted connection.

I lied. I have things to say.

That assures three things:

1. There’s not a card issuer on the planet that wouldn’t consider providing that information in that way to be customer negligence.
2. Neither I nor my mother can order anything that way – all payments over about €30 that aren’t made in person (except some known platforms like Amazon) require a code sent by SMS to be entered to authorise the payment.
3. You’re explicitly asking customers to compromise their security (see below). There’s a reason merchants use payment processors these days – it’s about your liability as well as theirs. All you need is a reference number and a yes/no result on the acceptance of payment.

You might want to cast an eye over https://eur-lex.europa.eu/legal-content/EN/LSU/?uri=CELEX:32015L2366

I presume you’ll say the info is sent to you, you do the payment with some sort of terminal, the information is deleted, right? Well, let’s see. It goes from the client computer in the clear to a form handler on a completely different domain (plus.net) with all of the form fields helpfully labelled with names like “cardnumber” and “cardissue”. This will be sent to you by email (I know, I can see the address in the form markup). Which will go to your email program for you to read, print, whatever.
Can you assure a potential client that their information won’t be lifted from one of the many routers between them and plus net? Can you assure the same for the mail hop from plus net to your inbox? Can you assure that you do in fact delete messages and that they are truly deleted (and not the usual behaviour of moving them to a Trash box until they expire)? Can you assure that no copies, backups, or other interception happened along the way? More specifically, can you prove it?

It’s rhetorical. We both know the answer.

Rather sensational post that makes a few incorrect assumptions. That being said, they’re old pages, and Rick’s underlying point is valid, so I’ve made changes because no-one uses those pages and we’d rather not take card payments for machines anyway due to the fees involved – bank transfer is so much cleaner. But to follow your train of thought, can you assure me that a phonecall can’t be intercepted, yet people give card details over the phone all the time! And cheque fraud? I’ve actually seem more cheque fraud than anything else.

Rather sensational post

Written in shouty Daily Mail style to get the point across. ;-)

can you assure me that a phonecall can’t be intercepted,

No, but it’s more likely to be state actors involved in that than nefarious people looking for a card to rip off. Automated voice recognition still has difficulty with anything that resembles an accent (don’t try to go to floor eleven if you’re Scottish), whereas scanning massive amounts of textual format data for keyword matches is dead easy.

yet people give card details over the phone all the time!

I wonder for how much longer. Banks are keen to push two factor authentication to try to reduce their liability to nasties. As I said, I can’t use that method any more, period, and neither bank card works outside of the EU. One bank offers a virtual card that I can use for buying stuff from Japan, etc. It’s also useful because it’s a one-time number so if it got ripped, it would only be useful for the one purchase up to the permitted amount (there’s a little bit of leeway when dealing with foreign currency due to exchange rates, but we’re talking single euros). NatWest just sent mom some odd little gizmo that generates numbers from her card (when inserted) with an advice note saying that in the future it will be needed for logging into the bank, plus buying stuff online.

I’ve actually seem more cheque fraud than anything else.

That’s not a surprise. There was a time when a cheque was a promise to be honoured by the bank, but since they are inherently insecure (even when supposedly backed by card), that day has long gone. I don’t think the rise in technology has helped – banknotes have all manner of anti fraud measures (the amount of stuff in a euro note is quite something) but about as soon as decent colour lasers turned up, it was possible to create fake cheques that are more convincing than the real thing. Plus, it’s now easy to scan a signature and reproduce it in a way that wouldn’t be obvious without a powerful magnifying glass.

The cheque fraud website https://www.chequeandcredit.co.uk/information-hub/faqs/cheque-fraud suggests that the simplest way to avoid cheque fraud is to simply refuse them from people you don’t know (repeating this advice all the time). While this might not seem to make business sense, there are an increasing number of shops that either put limitations on how much you can pay (usually €100) or simply refuse to accept them at all. Don’t go to McDo if you plan to pay by cheque. Plus, for those who do use cheques, for amounts over some shop defined limit (often around €50) expect to have to provide two forms of government issued ID (the numbers of which will be written on the back).
Cheques seem these days to be treated as an anachronism that they can’t quite get rid of yet.

I have a cheque book with one account, I think I’ve maybe written five cheques since I came here in 2002. The other account doesn’t offer cheque services unless you’re willing to pay a surcharge (probably to cover fraud).

Anyway, the thing with cheques is essentially a person is handing you a simple bit of paper with a fancy looking IOU written on it, and very little (short of actually phoning the bank) to show that the cheque is real and/or the customer has the money to pay it (cheque guarantee cards no longer exist).

Is it any surprise that fraud happens?