Andrew Cooke | Contents | Latest | RSS | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Choochoo Training Diary

Last 100 entries

[Programming] React Leaflet; AliExpress Independent Sellers; Applebaum - Twilight of Democracy; [Politics] Back + US Elections; [Programming,Exercise] Simple Timer Script; [News] 2019: The year revolt went global; [Politics] The world's most-surveilled cities; [Bike] Hope Freehub; [Restaurant] Mama Chau's (Chinese, Providencia); [Politics] Brexit Podcast; [Diary] Pneumonia; [Politics] Britain's Reichstag Fire moment; install cairo; [Programming] GCC Sanitizer Flags; [GPU, Programming] Per-Thread Program Counters; My Bike Accident - Looking Back One Year; [Python] Geographic heights are incredibly easy!; [Cooking] Cookie Recipe; Efficient, Simple, Directed Maximisation of Noisy Function; And for argparse; Bash Completion in Python; [Computing] Configuring Github Jekyll Locally; [Maths, Link] The Napkin Project; You can Masquerade in Firewalld; [Bike] Servicing Budget (Spring) Forks; [Crypto] CIA Internet Comms Failure; [Python] Cute Rate Limiting API; [Causality] Judea Pearl Lecture; [Security, Computing] Chinese Hardware Hack Of Supermicro Boards; SQLAlchemy Joined Table Inheritance and Delete Cascade; [Translation] The Club; [Computing] Super Potato Bruh; [Computing] Extending Jupyter; Further HRM Details; [Computing, Bike] Activities in ch2; [Books, Link] Modern Japanese Lit; What ended up there; [Link, Book] Logic Book; Update - Garmin Express / Connect; Garmin Forerunner 35 v 230; [Link, Politics, Internet] Government Trolls; [Link, Politics] Why identity politics benefits the right more than the left; SSH Forwarding; A Specification For Repeating Events; A Fight for the Soul of Science; [Science, Book, Link] Lost In Math; OpenSuse Leap 15 Network Fixes; Update; [Book] Galileo's Middle Finger; [Bike] Chinese Carbon Rims; [Bike] Servicing Shimano XT Front Hub HB-M8010; [Bike] Aliexpress Cycling Tops; [Computing] Change to ssh handling of multiple identities?; [Bike] Endura Hummvee Lite II; [Computing] Marble Based Logic; [Link, Politics] Sanity Check For Nuclear Launch; [Link, Science] Entropy and Life; [Link, Bike] Cheap Cycling Jerseys; [Link, Music] Music To Steal 2017; [Link, Future] Simulated Brain Drives Robot; [Link, Computing] Learned Index Structures; Solo Air Equalization; Update: Higher Pressures; Psychology; [Bike] Exercise And Fuel; Continental Race King 2.2; Removing Lowers; Mnesiacs; [Maths, Link] Dividing By Zero; [Book, Review] Ray Monk - Ludwig Wittgenstein: The Duty Of Genius; [Link, Bike, Computing] Evolving Lacing Patterns; [Jam] Strawberry and Orange Jam; [Chile, Privacy] Biometric Check During Mail Delivery; [Link, Chile, Spanish] Article on the Chilean Drought; [Bike] Extended Gear Ratios, Shimano XT M8000 (24/36 Chainring); [Link, Politics, USA] The Future Of American Democracy; Mass Hysteria; [Review, Books, Links] Kazuo Ishiguro - Never Let Me Go; [Link, Books] David Mitchell's Favourite Japanese Fiction; [Link, Bike] Rear Suspension Geometry; [Link, Cycling, Art] Strava Artwork; [Link, Computing] Useful gcc flags; [Link] Voynich Manuscript Decoded; [Bike] Notes on Servicing Suspension Forks; [Links, Computing] Snap, Flatpack, Appimage; [Link, Computing] Oracle is leaving Java (to die); [Link, Politics] Cubans + Ultrasonics; [Book, Link] Laurent Binet; VirtualBox; [Book, Link] No One's Ways; [Link] The Biggest Problem For Cyclists Is Bad Driving; [Computing] Doxygen, Sphinx, Breathe; [Admin] Brokw Recent Permalinks; [Bike, Chile] Buying Bearings in Santiago; [Computing, Opensuse] Upgrading to 42.3; [Link, Physics] First Support for a Physics Theory of Life; [Link, Bike] Peruvian Frame Maker; [Link] Awesome Game Theory Tit-For-Tat Thing; [Food, Review] La Fabbrica - Good Italian Food In Santiago; [Link, Programming] MySQL UTF8 Broken; [Link, Books] Latin American Authors

© 2006-2017 Andrew Cooke (site) / post authors (content).

BCI Customer Service (Chilean Bank)

From: "andrew cooke" <andrew@...>

Date: Fri, 5 Dec 2008 13:42:30 -0300 (CLST)

I decide to close my account with BCI......

I call their help line, but (after waiting) I am told it is not possible
to close an account via phone or internet; I have to go to my local branch
to talk to my account manager.

I go to my branch, but the account manager is busy.  So I sit down and
wait.  The savings lady seemed to think I am suspicious and sends someone
over to check me out.  I explain that I am waiting for my account manager.

The guy he was dealing with leaves, so I approach my account manager and
tell him I want to close my account.  He asks why.  I give a vague
explanation and ask again to close my account.  He asks why again.  I
ignore him and explain I had two worries: first, that a fixed-term savings
will be OK (he says yes); second that I have outstanding debit on a
cancelled credit card.  He checks the card (while waiting on the phone he
asked me again why I wanted to cancel: "Don't you like us?").  I ask about
the remaining balance and he says I can transfer it via the Internet. 
Finally I sign some papers, am given a number to call once the account is
empty, and told to return a "multipass" (a digital source of random
numbers, connected to a timer, used to secure internet banking - quite
neat and made by RSA Inc).

I walk home and triy to move money out of my account.  The site crashes
(technical aside - it seems to only renew the session on certain pages,
not others, and if the session is bad on some pages, you get a blank
screen rather than a login prompt).

I try again and can't even login ("please try later").

I try again and transfer the money.

I call the number I was given to finally close the account.  The person
who closes accounts was busy, so they say they would call back within 48
hours.

I walk back to the bank with multipass (the internet number thing).  The
receptionist is busy, so I wait.

The receptionist, once free, won't accept my multipass.  I have to block
it first and am told to call the phone with option 3 (there are some
phones in the bank for public use).

I call option 3, but that is for savings, not cancelling things.

I call again, and try to navigate the menus.  I am put on hold.  I waited
listening to adverts.  Eventually (after 5min?) the line goes dead.

I call again, and again am put on hold.  I notice a drinks machine and get
a hot-chocolate (last cup!).  I am still on hold.  Someone finally answers
and tells me they need to transfer me.  I am put on hold again and knock
over the chocolate.  There is nothing to wipe the mess clean.  Eventually
someone answers and says that I have called the wrong number.

I return to my account manager (who is free and chatting to the savings
lady).  It turns out there are two different phones and I am using the
wrong one.

I call the other phone and am put on hold.  Eventually someone answers and
says they need to transfer me.  I wait again.  Someone answers and they
can block my multipass.  Yes!  They cancel it and say my current account
will be charged.  I say "what?".  They say there is a charge for blocking
the multipass.  I say in that case I don't want to do it.  They say I need
to talk to my account manager.

I hang up and talk to my account manager.  I try very hard not to shout. 
He takes the multipass.  I leave and walk home again.

That's it so far; still no reply back from the person closing the account.

Andrew

Santander Security

From: "andrew cooke" <andrew@...>

Date: Sun, 7 Dec 2008 10:33:52 -0300 (CLST)

I moved from BCI to Santander (at the time I was concerned about bank
stability; I have since understood more about Chilean bank regulations and
suspect I was needlessly worried - they are much more regulated here).

Anyway, the Santander equivalent of the BCI multipass mentioned above (and
required by law, I believe), is a card called "super clave" (super key)
with a matrix of numbers.  Columns are labelled A-J and rows 1-5.  Each
cell in the matric (corresponding to a letter-digit pair that describe
column and row) has a two digit number.  These appear to be random.

When you use the web page and are required to validate your identity (for
example, to confirm a transaction), you are prompted to enter the value
for four cells (eg: G5 E4 D4 H2).

There's three interesting points here.

First, it's curious what the regulations are that allow both this and the
digital device that displays numbers.  Presumably they refer to the amount
of state required to know what the user's response should be?  Does that
include the state behind the bank's selection of which cells to request?

Second, there is a possible weakness in Santander's implementation.  Each
card (and each digital device for BCI) has a serial number.  But when you
use Santander's site they display the serial number of the card!  In
contrast, BCI does not display the serial number for the multipass.  If
the cell numbers can be predicted from the serial number (and I strongly
suspect that they can) then the person viewing the page does not need to
be in possession of the card.

Third, the digital device *feels* (intuitively) much more secure.  Even if
the two approaches are equivalent (in the sense hinted at in the first
point above), the digital device has an additional comforting "security
through obscurity".  It cannot be easily photocopied, for example.

Andrew

Comment on this post