I thought this was funny.
Weird comments in the thread about how he/she should have known better.
Author is not making a complaint to demand internet outrage. There is no inflammatory justice warrior content here. Sheesh!
Author admits they screwed up, decided to share the screwup, and who hasnt been trough that exact dunder blunder?
There is a strange human phenomenon, particularly visible online. Some folk see a title like that and it triggers a "How can I blame the author?" urge within before they even open the link.
This happens whenever something bad happens to someone else, be it a car accident or a major illness or being the victim of a crime.
People want to think it wouldn’t happen to them, so they go through all the reasons they would have been able to avoid the situation so that they don’t have to fear it happening to them.
People really don’t want to admit to themselves that there are a lot of things outside our control that can happen to us.
This post is a fantastic example of the poverty trap. We design laws that, on paper, help the poor; and then we blame them for not taking advantage.
When in reality, they are poorly implemented, poorly advertised, and confusing.
With a $10k cap, this program is clearly intended to help people with low assets. How many people with a net worth under, say, $20k in the US? Tens of millions! How many of those would've really loved the extra $850 to offset this year's record inflation? Basically all of them! How many of them found this obscure website with awful UX and received the money? Approximately none!
That’s definitely a thing too often. The “middlebrow rejection” or something like that. But in this case the OP got a message saying they had exceeded the limit and would get a refund. Then they repeated the transaction at the limit for a total of 20k.
From reading comments here it sounds like the author both misinterpreted things and also compulsively over deposited to test the governments software.
Testing government systems as an outsider is a really bad idea.
Because blaming the author means it's their fault, because they're stupid/didn't pay attention/whatever. The alternative is that they just made a mistake that anyone could make, which means the keyboard warriors would need to reconcile the fact that they might have made this mistake. And since we're all Very Smart People, we wouldn't make such a silly mistake. So clearly the author much be a bumbling idiot. It's the only possible explanation.
Another strange human phenomenon is that comments that criticise other comments are guaranteed to be on top in HN.
It's boring, not even about the article, and barely accurate (only very few comments actually criticise the article's author), yet that's the first thing you read here.
Felt like a wallstreetbets post. Inflation is only at "8%" (still remember back in 2021 calling this a conspiracy), so 8 / 12 = ~0.7% = 700 USD loss / month on 10k deposit.
Any website worth anything would have done a real time check on the users balance and only allow the leftover amount to be used to buy the bonds I.e if I already have $2K worth of bonds then I should be allowed only another $8K worth of bonds. How difficult is it to build this simple business logic into the user experience? Not a lot specially with the resources at their disposal. But unfortunately I can guarantee that the bureaucratic mechanisms , the digital divide that exists in the govt departments will ensure that there is no quick fix for this. And on top of that some of us may think of this as a feature :D and don’t realize what is wrong with this picture.
> check on the users balance and only allow the leftover amount to be used to buy the bonds I.e if I already have $2K worth of bonds then I should be allowed only another $8K worth of bonds.
Your pseudocode already failed the unit tests. The limit is 10k per year, and you can hold I bonds for 30 years. Someone can have 300k of I bonds in their account balance.
Hah, if you've ever used the TreasuryDirect site it's a disaster from the Windows XP days. Reminds me of those old Flash and Silverlight apps. The keyboard in the article is a virtual keyboard you click to type your password in for "security" reasons (yet there's no 2FA app supported).
I agree. The ending paragraph was truly funny writing with subtle self-deprecation that I appreciate. I laughed out loud for the first time this weekend
I only clicked on the article because the title said "all my money". I thought there was some glitch where the entire bank account got emptied. But it's just the author putting in the numbers that got withdrawn, and the author having 20K as all his money(if true, not confirmed in the article) is a coincidence. Clickbait title for sure if nothing else.
> They require you to enter your password by clicking on a virtual keyboard. This pseudo-security measure actually only slows down humans, not bots, because you can still edit the value of the text field using Javascript.
I don't think this is generally worth it as a security measure, but the goal is not to protect against automation. Instead, custom on-screen keyboards are attempts to thwart keyloggers.
> Instead, custom on-screen keyboards are attempts to thwart keyloggers.
Commercial malware doesn't work this way. The term "keylogger" is a misnomer.
"Keylogging" without context provides an unintelligible stream of garbage that might have well be from a random number generator. Most malware that I've seen either directly target the browser or the operating system, but in both cases they're looking for an unencrypted HTTPS stream, that they can re-package, upload, and store. With the goal to sell batches of credentials for specific websites.
Many people have this unusual belief that a user's stream of keys would look like e.g. www.example.com(13)username(9)password(13). But that isn't how users typically interact with their browsers, MOST websites are accessed via a search engine or favorites/bookmarks, and users often won't use the keystrokes to navigate between input elements.
Again, CONTEXT is everything with "keylogging," since most of the value is generated from WHERE not just WHAT. "Targeted credential theft" is a better way to describe it since they're stealing structured HTTP form data, not raw keyboard input (and even if they were steaming keycode inputs, they'd likely still be using the browser's context to do so).
So, in my opinion, most malware wouldn't even be aware or need specific support to bypass this virtual keyboard "security" because by the very nature of them they aren't operating at this layer anyway.
> Commercial malware doesn't work this way. The term "keylogger" is a misnomer.
I don't know about commercial malware, but at least in the 90s (which is when these kinds of on-screen keyboards started to appear), it was not unusual to find on a computer "infected" with malware a text file containing every key that was pressed since the malware was installed.
Yes, nowadays malware tends to be much smarter: also capturing an image of the area around the mouse pointer on every click (which is the reason some on-screen keyboards blank the keys when you click), only logging when the window has an specific title (which is the reason some online banking sites add lots of random spaces and punctuation to the window title), or even using lower-level code to hook into the browser and directly capture the form contents on submission (which is the reason several online banking sites require you to use invasive "anti-malware" plugins which attempt to prevent these kinds of hooks).
There's a surprising amount of malware out there that still actually captures keyboard input and nothing else. It's easier and more reliable to implement, especially in a malware context, and is usually plenty enough to extract what the operator wants (usually usernames and passwords for online banking). When additional context is collected it's often in the form of window titles. A lot of tools now gather screenshots and even better on-click screenshots, which defeat this type of on-screen keyboard device and is the main reason it's fallen out of use.
And yes, there is malware that collects unencrypted traffic, but that is _appreciably_ more complex to design and implement than simple keylogging. There's also malware which pulls credentials directly out of the web browser memory, although improved protections on cross-process memory access are making this much harder to do on real operating systems. Both of these are better methods, but they are harder and operating systems are intentionally implementing measure to defeat them. For mostly historic reasons straightforward keylogging remains easy and reliable on modern computers.
Thank you for the general explanation of the state of the art, which makes a lot of sense if one thinks about it.
But it doesn't really refute the kind of snapshot-in-time voodoo that government websites tend to build out and then never change because if doing so were to cause a problem, then someone could get blamed. I've never seen such a UI contraption in the "private" sector of banking. Not that they don't have their own obtuse slow moving corporate bullshit like snake oil "2FA" with varying requirements, it's just less bad.
FWIW related to this topic does anyone know the details of how the IRS website just decides to spit out "Permission Denied" when trying to obtain an EIN? I think it's an Akamai? message, probably due to some user surveillance garbage, but haven't investigated further. Even coming from my own naive residential IP with surveillance-friendly Chromium I still got it. I figured I'd wait a few days and try again, but same thing. It worked fine from a vanilla iPhone on the cell connection, but unfortunately I ended up doing that too late and missed the window to lock in April's rate.
Which is ridiculously annoying. I have to edit the HTML every single time to remove "readonly" on that field and paste in my randomly generated password.
Why are some fields like that? I have never understood why. It happens a lot when entering in bank account numbers. I am almost always copying and pasting the bank account number directly from my bank's website, but yet, these fields require me to type it in, increasing the possibility of a mistake.
In fact, if you notice when you log in the next time, (for many people) your browser may offer to autocomplete your password and bypass the mouse-driven keyboard, so it's definitely not even hard to thwart.
Screenshots wouldn't be of much help. The frequency would need to be almost like a low-fps video recording in order to capture the buttons' pressed state. At that is assuming the state is visually distinct in the first place.
I have learned the hard way that when dealing with government software (at least in the US), you must assume the least favorable/most unfavorable interpretation of any information given.
When I saw the email informing the author of the over-purchase, I knew there was no way out. Purchasing the difference, as the author did, would only cause more trouble. The questions now are how much will be refunded, whether any purchases will go through, and whether there will be a fine or legal action. Refer to the rule above for my guesses.
I think many people do not appreciate how devastating this is to public trust.
They assumed the government's software would do this:
(1) Purchase #1 for $25 successful --> reduce remaining limit from $10000 to $9975.
(2) Purchase #2 for $10000 rejected and refund pending --> DO NOT reduce limit since you know the purchase didn't go through.
(3) Purchase #3 for $9975 within limit --> allow purchase, reduce limit to exactly $0.
Instead, at step 2, the software seems to handle the purchase by unconditionally taking $10000 off the limit at purchase time and putting $10000 back later when the refund is processed. (And consequently, at step 3, it failed the purchase.)
There isn't an obvious reason to do it this way, so it's surprising. It seems like if you can reduce the limit, you can check if you've exceeded it and just fail the purchase and never modify the limit (at purchase or refund time).
I expect the logic for allowing a transaction looks at all 'purchases', including the current one, and sees if the total is over 10,000. If it is, throw an error, send an automated email, and let a human deal with reversing the transaction when they see what happened in the error log.
They thought they exceeded the limit by trying to send $10000+$25, so given that the $10000 was coming back, they expected that they're again $9975 under the limit.
At the end, it's clear that he still thinks that, rather than that he has 10K in I bonds and 10K to be refunded, which seems more consistent with the language and events.
The venn diagram of internet users that read about super specific financial products, decide to buy them, while not even understanding the need to keep an emergency fund such that a move like this leaves them with under $200 in their account seems to be growing.
It seems to be a weird mix of wall street cosplay and financial ineptitude.
I work in the financial advice industry, and I honestly personally believe current legislation in most countries have truly failed to protect normal people from bad financial advice, despite that being their entire point.
The problem is, giving financial advice en-masse is very expensive and risky for a company. You need to ask a lot of questions about the users situation (assets, debt, income, dependants, etc) to make an informed decision. If you give bad financial advice, your putting yourself at big legal risk. The language has to be very specific (aka hard to understand for normal humans). And often the advice comes out as rather un-opinionated and general, which for most people means it's hard to actually action and put in place. All in all, it's a big investment, big cost, stresses out your legal team - which means less companies choose to do it, which in turn make it less accessible.
The alternative camp is very clearly just choosing to give 0 advice. Just giving access to investment products, with a full hands off 'make your own choices man' approach. Think robinhood. This is where people make mistakes.
The weird thing is while legitimate companies are afraid of giving advice, anyone with a social media presence can get online and talk whatever smack they want, with very little worry of blowback. One of the biggest mistakes I see is somebody from one country (say AU) watching a youtuber talking about another country (say US) like it's a universal truth. Different financial systems have their own metas depending on government retirement schemes, importance of credit scores, mortgage systems etc. Most useful and practical advice is country specific.
Legislation has just fully failed to protect consumers from bad advice, by making the barrier to entry so high for legitimate companies looking to inform at scale that it's not financially viable - compared to just doing the hands off 'not our problem man' approach. They've also done nothing to stop people taking advice from randoms online (not that they really could). Unfortunately visiting a personalised financial advisor in the same way you'd visit a doctor, is just expensive and not an option for most.
> And often the advice comes out as rather un-opinionated and general, which for most people means it's hard to actually action and put in place
I agree with this. It seems that I have to make all the choices myself to shield the company from any responsibility so why should I pay some fee for the advice? No wonders that people get advice from random videos on YouTube or any equivalent source.
I'm not sure it's possible to protect people from bad financial advice without creating class stratification between those who can actually invest in useful things and those that can't.
People are desperate about the future. Gone are the times when having a good job, paying a reasonable mortgage for a reasonably paid house, saving a reasonable amount for retirement, while keeping a reasonable amount for emergencies (rare, before lay-offs become the knee jerk reaction of MBAs to fatten their bonuses).
Due to the increasing financialization of the economy, more and more people feel like they need to become wannabe speculators to protect their situations.
Thanks, Wall Street and Harvard Business School for fucking us all.
And fuck the Uniparty for squashing any real option to them.
Those times never existed for the vast majority of people. Minorities, single women, most men...... None of them had this rose colored past.
Statistically, more people now have more income in the US than ever before. Each income level is higher, some more than others (and this is a static snapshot, most people move around income quintiles throughout a career), options for goods are higher, items are safer (cars especially), and on and on.
The "life used to be so easy to make a good pay and have a great life" views are not backed by the evidence.
Isn’t buying a US backed bond the opposite of “speculation”?. The rate of return for a US bond has been called the “risk free rate of return” since I was in grad school over two decades ago.
Sorry, I'm not trying to be picky, but I cannot grok this sentence:
> Gone are the times when having a good job, paying a reasonable mortgage for a reasonably paid house, saving a reasonable amount for retirement, while keeping a reasonable amount for emergencies (rare, before lay-offs become the knee jerk reaction of MBAs fatten their bonuses).
Is there a word or half the sentence missing there? I cannot follow your meaning.
I have witnessed this working at FAANG where people usually have the choice to allocate their grants into either risky options or safe, straight cash. The amount of people I see going all-in into the riskiest option and then proceeding to not understand why they lost their "compensation" (?) when the stock drops frightens me.
It's because in tech you are paid so fucking much that any ridiculous screw up you might do only affects you momentarily, you can still afford your bizzaro happy life, if you've fucked your savings money there's always more cash for rent, bills, enjoyment, on the horizon. Life become a fucking toy on some levels. There is no fear.
If you have ever been to any company 401K meeting, the 401K rep will always, always, encourage young people to make risky investments and encourage people closer to retirement to make conservative investments.
Because recruiters love to go on and on about how "if the stock goes to a billion, you'll make a zillion," and they never, ever, ever mention that the stock might become worthless. The other thing is that we've had absolutely stellar economic growth since the 2008 crash, and no one under the age of 32 was working before 2008, so they really have no notion that the economy won't always be growing. It's just not on their radar.
I have a colleague who just can't justify to themselves having an emergency fund while they still have debt to pay... yet buy a brand new 40k car and think about replacing it after 2 years even though they have nothing against it.
I feel like a lot of people just can't stand having money standing there doing nothing as an insurance policy when they could be making money or buying something with it.
> I have a colleague who just can't justify to themselves having an emergency fund while they still have debt to pay
Depending on the interest rates, and assuming they can keep the line of credit if they lose their job, this might make sense since it's a choice between reducing debt now vs potentially increasing debt later.
The second part is just silly, but it's probably the attitude they got them in debt in the first place.
> people just can't stand having money standing there doing nothing as an insurance policy
And then, they pay more on their actual insurance policies to have low deductibles because they can’t afford a larger deductible because they don’t save anything.
The investment is good and safe. I also bought I bonds and will buy more as I accrue cash. It’s not even really an investment as technically you make $0 in purchasing power. This is more of a UX and lack of emergency fund fail.
This move was calculated though. With incoming pay he knew that he'd be fine regardless. Sure, another emergency before the payback might suck but likely not catastrophic given the $10k coming back in a few weeks.
Oh, I didn't realize he had worked it out so that he could still cover bills, etc. I just caught the ~$300 in the savings account and didnt see the timeline on paychecks and bills.
A Venn diagram visualizes operations between sets; that's the whole point. A diagram with two overlapping circles, for example, shows the sets and their intersection. Venn diagrams can also express unions and other logical relations.
You can take the money out of an ibond with a small penalty after a relatively short time. So it's not a huge risk if you have enough short-term credit, etc, for an emergency before the time comes when you can cash the iBond.
Seriously, what the hell. Acting like this guy is blowing his future on a roulette wheel by getting some savings bonds.
Is anybody else just sick to death of the term "emergency fund"? If you go to /r/personalfinance, every other comment is reminding people to stock up their emergency fund. Towelie says, "Don't forget to bring a towel!"
I'll tell you about my real "emergency fund": In an actual, living emergency, every single dollar I have, in every account, even my IRA, and all my credit lines combined, are my emergency fund. That's the nature of an emergency. If I empty out some specially earmarked emergency fund, I don't tell the doctor to quit taking the bullets out of my spleen because I'm tapped. "Sorry, can't touch my HYSA!" (HYSAs are another butt bug of /r/pf)
What people mean by "emergency fund" obviously is their "don't stupidly overdraft your checking account fund", but they never spell that out.
I've been in the US for 4 years and it seems like the government is just like a computer that you cannot talk to or get issues fixed somehow. It's like, if something goes wrong you're fucked. If USPS loses your documents or even your car's title, or your immigration approval notice, you're fucked, you might need to wait 2 months, or 6, or 8, and nobody cares, nobody will help you. There's no one that can help you.
It's no wonder that people vote for less government influence in the US. They just never had a good experience with it so they want to get rid of it as a band-aid solution.
And ironically, that is the entire problem in a nutshell.
People keep voting for less government (meaning workers) but not less government (meaning scope of responsibility), so the remaining workers must handle larger workloads. That's never worked out well in any industry, and it's bizarre people think it would work any better in government.
Are large organizations in other countries more human friendly? That sounds delightful. My impression from friends in the EU is that it is similar there, at least for housing and healthcare regulations.
With some experience in EU and in the UK - the only good experience I had with government is gov.uk information website.
The UK gov has its fair share of problems but gov.uk is great at explaining all their stupid rules.
South European governments are incredibly bad from my experience and from what my friends tell me, Germany, France and the Netherlands are fairly bad as well (in different ways). Maybe nordic countries fare better.
Russia used to be a bureaucracy nightmare but got much better in the last few years.
Government Can Do Nothing Right has been the propaganda line of the right-wing of the American business community since the end of WWII. A lot of the business community resented the social democratic reforms of that time (those ’50s white picket fence times) and so they sought to first argue that government was useless, and then later prove it through their government-sucks politicians.
In general, the solution to your problem is to hire an attorney. They're expensive and overkill for most things, but they know how to "talk" to the government. And just as you'd expect from Vogons, it's painful to watch.
Otherwise you're effectively left as your own lawyer, having to know tricks of how to communicate/escalate and doing online research to find out. In general if you can get a government agency on the phone they can be quite helpful (their customer service hasn't been optimized away like private companies), but you still need to know what to ask for and how to work with their bureaucratic minds.
For example, for something like a car's title, you could probably apply for a duplicate title from the DMV and get another one sent. But for immigration problems I've got no idea.
With immigration, attorneys are not a solution either. If USCIS asks them to wait 3 months before asking for re-sending a document, they shall do that. It doesn't matter if you are 2 months away from getting deported. And the papers can get lost again.
For the title, I've known a person that had the issue. It was the duplicate that was lost again, not sure why they couldn't request another one, not sure if a lawyer would have helped. But the result was a wait time of 6 months (instead of the supposed 3-5 weeks)
Similarly why it's often a great idea to get an accountant to do your taxes, as this is also an interface with the government you can just hire someone to do
The immigration system is apparently designed to do as much damage as possible. It certainly is destroying a huge portion of the global economy and polity.
Ok, but if USPS loses your important document, what do you expect them to do about it? They have no idea where it is and, unless someone paid for special tracking, no way to locate it aside from dumb luck.
Whatever agency was sending you your important document has to be the one to re-issue it and resend it. USPS has no role until it comes time to deliver it again.
I wonder: when they say "A refund of the excess purchase will be made...", does that mean they'll refund the entire $10,000 transaction, or will they keep $9,975 of it (so that you do have a $10K i-bond investment) and only refund the excess $25?
Incidentally, that exact confusion is why he made the third transaction for $9,975. The refund on his second transaction will either be for $25 or $10,000, so his third transaction will either be refunded in full or not at all.
If they refund the entirety of the second transaction, logic follows a third transaction of $9,975 would be correct if you actually wanted to buy $10k.
I suspect that's not what's going to happen though. OP will get a refund of $25 + $9,975.
Readit News
Author admits they screwed up, decided to share the screwup, and who hasnt been trough that exact dunder blunder?
Fun short read 8/10.
People want to think it wouldn’t happen to them, so they go through all the reasons they would have been able to avoid the situation so that they don’t have to fear it happening to them.
People really don’t want to admit to themselves that there are a lot of things outside our control that can happen to us.
This post is a fantastic example of the poverty trap. We design laws that, on paper, help the poor; and then we blame them for not taking advantage.
When in reality, they are poorly implemented, poorly advertised, and confusing.
With a $10k cap, this program is clearly intended to help people with low assets. How many people with a net worth under, say, $20k in the US? Tens of millions! How many of those would've really loved the extra $850 to offset this year's record inflation? Basically all of them! How many of them found this obscure website with awful UX and received the money? Approximately none!
From reading comments here it sounds like the author both misinterpreted things and also compulsively over deposited to test the governments software.
Testing government systems as an outsider is a really bad idea.
It's boring, not even about the article, and barely accurate (only very few comments actually criticise the article's author), yet that's the first thing you read here.
Dead Comment
I think it’s appropriate to say they made a stupid mistake and move on.
The author is likely a little frustrated so I can forgive their shade throwing at treasury.
Deleted Comment
Your pseudocode already failed the unit tests. The limit is 10k per year, and you can hold I bonds for 30 years. Someone can have 300k of I bonds in their account balance.
(Not that it would be hard to do it correctly.)
It’s 2022, not 1998.
I would expect a banking/payment UI to be very clear and foolproof.
Deleted Comment
Agreed, fun little article.
The author explicitly indicates that it is all of their savings:
> I sat there with my $173.12 of remaining savings and $25 in I-bonds, feeling like I had accomplished something truly remarkable.
I don't think this is generally worth it as a security measure, but the goal is not to protect against automation. Instead, custom on-screen keyboards are attempts to thwart keyloggers.
Commercial malware doesn't work this way. The term "keylogger" is a misnomer.
"Keylogging" without context provides an unintelligible stream of garbage that might have well be from a random number generator. Most malware that I've seen either directly target the browser or the operating system, but in both cases they're looking for an unencrypted HTTPS stream, that they can re-package, upload, and store. With the goal to sell batches of credentials for specific websites.
Many people have this unusual belief that a user's stream of keys would look like e.g. www.example.com(13)username(9)password(13). But that isn't how users typically interact with their browsers, MOST websites are accessed via a search engine or favorites/bookmarks, and users often won't use the keystrokes to navigate between input elements.
Again, CONTEXT is everything with "keylogging," since most of the value is generated from WHERE not just WHAT. "Targeted credential theft" is a better way to describe it since they're stealing structured HTTP form data, not raw keyboard input (and even if they were steaming keycode inputs, they'd likely still be using the browser's context to do so).
So, in my opinion, most malware wouldn't even be aware or need specific support to bypass this virtual keyboard "security" because by the very nature of them they aren't operating at this layer anyway.
I don't know about commercial malware, but at least in the 90s (which is when these kinds of on-screen keyboards started to appear), it was not unusual to find on a computer "infected" with malware a text file containing every key that was pressed since the malware was installed.
Yes, nowadays malware tends to be much smarter: also capturing an image of the area around the mouse pointer on every click (which is the reason some on-screen keyboards blank the keys when you click), only logging when the window has an specific title (which is the reason some online banking sites add lots of random spaces and punctuation to the window title), or even using lower-level code to hook into the browser and directly capture the form contents on submission (which is the reason several online banking sites require you to use invasive "anti-malware" plugins which attempt to prevent these kinds of hooks).
And yes, there is malware that collects unencrypted traffic, but that is _appreciably_ more complex to design and implement than simple keylogging. There's also malware which pulls credentials directly out of the web browser memory, although improved protections on cross-process memory access are making this much harder to do on real operating systems. Both of these are better methods, but they are harder and operating systems are intentionally implementing measure to defeat them. For mostly historic reasons straightforward keylogging remains easy and reliable on modern computers.
But it doesn't really refute the kind of snapshot-in-time voodoo that government websites tend to build out and then never change because if doing so were to cause a problem, then someone could get blamed. I've never seen such a UI contraption in the "private" sector of banking. Not that they don't have their own obtuse slow moving corporate bullshit like snake oil "2FA" with varying requirements, it's just less bad.
FWIW related to this topic does anyone know the details of how the IRS website just decides to spit out "Permission Denied" when trying to obtain an EIN? I think it's an Akamai? message, probably due to some user surveillance garbage, but haven't investigated further. Even coming from my own naive residential IP with surveillance-friendly Chromium I still got it. I figured I'd wait a few days and try again, but same thing. It worked fine from a vanilla iPhone on the cell connection, but unfortunately I ended up doing that too late and missed the window to lock in April's rate.
Deleted Comment
Couldn't you do that with a bookmarklet, so it would just take one click?
1. They don’t have network access by default. It’s not a simple confirmation screen to enable network access. You have to go into settings
2. Apps can explicitly disallow third party keyboards for password entry.
3. Keyboards run out of process from the app.
And yes, iOS has extensibility support for third party password managers.
When I saw the email informing the author of the over-purchase, I knew there was no way out. Purchasing the difference, as the author did, would only cause more trouble. The questions now are how much will be refunded, whether any purchases will go through, and whether there will be a fine or legal action. Refer to the rule above for my guesses.
I think many people do not appreciate how devastating this is to public trust.
It looks to me like he was going to get the extra $25 returned to him and have 10k in bonds. It's definitely vague though.
(1) Purchase #1 for $25 successful --> reduce remaining limit from $10000 to $9975.
(2) Purchase #2 for $10000 rejected and refund pending --> DO NOT reduce limit since you know the purchase didn't go through.
(3) Purchase #3 for $9975 within limit --> allow purchase, reduce limit to exactly $0.
Instead, at step 2, the software seems to handle the purchase by unconditionally taking $10000 off the limit at purchase time and putting $10000 back later when the refund is processed. (And consequently, at step 3, it failed the purchase.)
There isn't an obvious reason to do it this way, so it's surprising. It seems like if you can reduce the limit, you can check if you've exceeded it and just fail the purchase and never modify the limit (at purchase or refund time).
> "A refund of the excess purchase..."
So they'd be refunded the excess, i.e. $25.
Putting another $9,975 through just feels like being "too smart".
Is there no way to purchase these bonds besides this website?
It seems to be a weird mix of wall street cosplay and financial ineptitude.
The problem is, giving financial advice en-masse is very expensive and risky for a company. You need to ask a lot of questions about the users situation (assets, debt, income, dependants, etc) to make an informed decision. If you give bad financial advice, your putting yourself at big legal risk. The language has to be very specific (aka hard to understand for normal humans). And often the advice comes out as rather un-opinionated and general, which for most people means it's hard to actually action and put in place. All in all, it's a big investment, big cost, stresses out your legal team - which means less companies choose to do it, which in turn make it less accessible.
The alternative camp is very clearly just choosing to give 0 advice. Just giving access to investment products, with a full hands off 'make your own choices man' approach. Think robinhood. This is where people make mistakes.
The weird thing is while legitimate companies are afraid of giving advice, anyone with a social media presence can get online and talk whatever smack they want, with very little worry of blowback. One of the biggest mistakes I see is somebody from one country (say AU) watching a youtuber talking about another country (say US) like it's a universal truth. Different financial systems have their own metas depending on government retirement schemes, importance of credit scores, mortgage systems etc. Most useful and practical advice is country specific.
Legislation has just fully failed to protect consumers from bad advice, by making the barrier to entry so high for legitimate companies looking to inform at scale that it's not financially viable - compared to just doing the hands off 'not our problem man' approach. They've also done nothing to stop people taking advice from randoms online (not that they really could). Unfortunately visiting a personalised financial advisor in the same way you'd visit a doctor, is just expensive and not an option for most.
I agree with this. It seems that I have to make all the choices myself to shield the company from any responsibility so why should I pay some fee for the advice? No wonders that people get advice from random videos on YouTube or any equivalent source.
Due to the increasing financialization of the economy, more and more people feel like they need to become wannabe speculators to protect their situations.
Thanks, Wall Street and Harvard Business School for fucking us all.
And fuck the Uniparty for squashing any real option to them.
Those times never existed for the vast majority of people. Minorities, single women, most men...... None of them had this rose colored past.
Statistically, more people now have more income in the US than ever before. Each income level is higher, some more than others (and this is a static snapshot, most people move around income quintiles throughout a career), options for goods are higher, items are safer (cars especially), and on and on.
The "life used to be so easy to make a good pay and have a great life" views are not backed by the evidence.
> Gone are the times when having a good job, paying a reasonable mortgage for a reasonably paid house, saving a reasonable amount for retirement, while keeping a reasonable amount for emergencies (rare, before lay-offs become the knee jerk reaction of MBAs fatten their bonuses).
Is there a word or half the sentence missing there? I cannot follow your meaning.
I feel like a lot of people just can't stand having money standing there doing nothing as an insurance policy when they could be making money or buying something with it.
Depending on the interest rates, and assuming they can keep the line of credit if they lose their job, this might make sense since it's a choice between reducing debt now vs potentially increasing debt later.
The second part is just silly, but it's probably the attitude they got them in debt in the first place.
And then, they pay more on their actual insurance policies to have low deductibles because they can’t afford a larger deductible because they don’t save anything.
Also the blog clearly indicates they were going to poke the fate bear, poked said bear, and then went surprised pikachu.
Is anybody else just sick to death of the term "emergency fund"? If you go to /r/personalfinance, every other comment is reminding people to stock up their emergency fund. Towelie says, "Don't forget to bring a towel!"
I'll tell you about my real "emergency fund": In an actual, living emergency, every single dollar I have, in every account, even my IRA, and all my credit lines combined, are my emergency fund. That's the nature of an emergency. If I empty out some specially earmarked emergency fund, I don't tell the doctor to quit taking the bullets out of my spleen because I'm tapped. "Sorry, can't touch my HYSA!" (HYSAs are another butt bug of /r/pf)
What people mean by "emergency fund" obviously is their "don't stupidly overdraft your checking account fund", but they never spell that out.
At least that's how I feel here.
People keep voting for less government (meaning workers) but not less government (meaning scope of responsibility), so the remaining workers must handle larger workloads. That's never worked out well in any industry, and it's bizarre people think it would work any better in government.
The UK gov has its fair share of problems but gov.uk is great at explaining all their stupid rules.
South European governments are incredibly bad from my experience and from what my friends tell me, Germany, France and the Netherlands are fairly bad as well (in different ways). Maybe nordic countries fare better.
Russia used to be a bureaucracy nightmare but got much better in the last few years.
Otherwise you're effectively left as your own lawyer, having to know tricks of how to communicate/escalate and doing online research to find out. In general if you can get a government agency on the phone they can be quite helpful (their customer service hasn't been optimized away like private companies), but you still need to know what to ask for and how to work with their bureaucratic minds.
For example, for something like a car's title, you could probably apply for a duplicate title from the DMV and get another one sent. But for immigration problems I've got no idea.
For the title, I've known a person that had the issue. It was the duplicate that was lost again, not sure why they couldn't request another one, not sure if a lawyer would have helped. But the result was a wait time of 6 months (instead of the supposed 3-5 weeks)
Whatever agency was sending you your important document has to be the one to re-issue it and resend it. USPS has no role until it comes time to deliver it again.
The only difference is there are less opportunities for the bourgeois who are willing and able to pay to be on the other side of the velvet ropes
I suspect that's not what's going to happen though. OP will get a refund of $25 + $9,975.
This is a perfect HN post because it combines terrible technology and “let’s see how it breaks.” Thanks OP, a delightful Sunday read.
Well played, sir. Well played.