Does anyone know of any implementation of an enhanced or augmented Luhn formula for checking modulus-10 “double-add-double” check digits on payment cards?
Enhancement was suggested in this paper: http://d.researchbib.com/f/6nnJcwp21wYzAioF9xo2AmY3OupTIlpl9XqJk5ZwNkZl9JZxx3ZwNkZmpmYaOxMt.pdf
Would an enhanced Luhn check be of practical use?
It is a little odd that this paper was accepted into a peer-reviewed journal. The paper described what essentially were identified as issues with Fletcher's checksum in the 1970s; it length and data transposition can't be detected accurately.
But let's think about the practical aspects of this proposal. If you really dig into the details, it is really infeasible to implement for many reasons.
The Luhn algorithm was made as a simple, best-effort method to validate a card number. Back when credit cards were starting to be widely processed electronically (they had been done with paper imprints before), there were no always-on networks to call a service for validation. The Luhn can be implemented with no need for network connectivity to perform the validation. This is the first premise for establishing infeasibility: you must be able to perform the validation without the need to traverse the network.
This "no network traversal" premise makes the MII lookup infeasible. There are two ways to implement this:
A web service where the MII lookup is performed. This means every data entry will require one network call to validate the card number before the network call to process the payment. There is a possibility that the validation call will take as long or longer than the transaction processing. In the case of the validation, it has to be synchronous - the user needs to wait for the result before they can continue the order. If the call can't be completed for some reason, the customer may just order somewhere else.
Processing the card authorization can be asynchronous. Amazon does this; they confirm receipt of your order and will often confirm payment processing later.
A periodic distribution of the MII database to all devices. Every mobile phone app, payment terminal, website, ERP, and so on will constantly need to add new MII and delete old MII. Many of them may be outdated for a period of time causing denied transactions for some merchants but approved transactions for others when using the same card. Consumers would distrust using the cards.
Finally, the author made a false assumption about the length of the card. The Luhn algorithm works well for many lengths because the card number length can be longer or shorter than 16 digits. Consumer cards are 15 digits for Amex and 16 for other cards. Commercial cards can be longer than 16 digits; I have seen commercial air fuel cards up to 20 digits. Had the author looked at the IEC/ISO 7812 standard, this would have been understood. The standards committee is even proposing extending the length of the standard card number. The great thing is that when/if the card number length is extended, the Luhn algorithm will still validate the card.
Do yourself a favor, rely on the Luhn as your first step but then let the processor do the heavy lifting for you by validating that the card is undeniably correct via the existing card processing network.
I did a Google search and found an implementation in software of just the same two enhancements proposed by Hussein et al, in a Luhn check by a software developer, Pawel Decowski. It is his jQuery Credit Card Validator, (Decowski, 2015/2016). I would speculate that Decowski was influenced by Hussein et al.
Decowski, P. (2015/2016) jquery-creditcardvalidator [Online]. Available at https://github.com/PawelDecowski/jquery-creditcardvalidator (Accessed 11 April 2017).
Related
I'm using OpenUri and RSS in Rails 5.2.3 and Ruby 2.6.1 to do this.
I'm trying to parse WeWorkRemotely's RSS feed, however, they have one field description that contains all the information in a string. For example, when I parse it in Rails it returns:
"<img src=\"https://we-work-remotely.imgix.net/logos/0015/9022/logo.gif?ixlib=rails-2.1.3&w=50&h=50&dpr=2&fit=fill&auto=compress\" alt=\"Logo.gif?ixlib=rails 2.1\" />\n\n<p>\n <strong>Headquarters:</strong> San Francisco \n <br /><strong>URL:</strong> http://www.loom.com\n</p>\n\n<h1><strong>About Loom</strong></h1><div>Loom is a new kind of work communication tool, already helping over a million people get their message across through instantly shareable videos. Our users work at companies like HubSpot, Square, Uber, GrubHub and LinkedIn. Our mission is to be the global leader in human workplace communication. Founded in 2016, Loom has raised $15 million from top-tier investors including Kleiner Perkins, General Catalyst and Slack Fund.</div><h1><strong>The Role</strong></h1><div>As a Technical Support Engineer, you will be a key part of Loom's support experience at scale and provide timely and effective resolution to customer issues by applying your technical and troubleshooting skills.</div><div><br></div><div>We are looking for support champions who are genuinely happy to help others. If this sounds like you, you came to the right place!<br><br><strong>As a Technical Support Engineer, you will…</strong>\n</div><ul>\n<li>Help customers through email to ensure they are successful with our product</li>\n<li>Leverage effective troubleshooting to quickly identify the source of customer issues and provide a prompt and appropriate solution</li>\n<li>Troubleshoot, investigate, and create detailed bug reports for our Engineering team</li>\n<li>Jump on ad-hoc calls with customers to troubleshoot issues live, as necessary</li>\n<li>Identify bugs, test, report, and working with our Engineering team to assist with a fix</li>\n<li>Actively collect insights from customers and focus on closing the communication loop by providing product feedback to the team</li>\n<li>Provide timely updates to the Support and Engineering Managers regarding new trends in issues</li>\n<li>Develop and document best practices to enhance SL2 troubleshooting processes</li>\n<li>Create technical documentation such as FAQs, guides, knowledge-base articles and how-to’s for Loom customers</li>\n<li>Help the Engineering team develop tools to help our Support team work quickly and efficiently</li>\n<li>Dive into the codebase and gaining domain knowledge of different parts of Loom</li>\n<li>Make efficient changes to the codebase to solve small and quick tasks/issues</li>\n</ul><div>\n<br><strong>You could be a good fit if you have..</strong>\n</div><ul>\n<li>Previous experience delivering excellent support experiences with respect, empathy and understanding</li>\n<li>A minimum of 4+ years of Technical Support and Customer Support experience</li>\n<li>Gained experience/proficiency in Saas solutions and electron apps (CSS, JavaScript, HTML) or have earned a degree in a technical field like computer science</li>\n<li>Technical understanding and ability to troubleshoot and resolve technical problems on your own</li>\n<li>The ability to handle high volume of support conversations</li>\n<li>Excellent written and spoken English</li>\n<li>Are available to work in the Central or Pacific Time Zone and on a full-time schedule that may span weekends and may include holidays as our customers need us</li>\n</ul><div>\n<br><strong>A bonus if you have experience with...</strong>\n</div><ul>\n<li>Installation, configuration, and troubleshooting of Windows and Mac</li>\n<li>Troubleshooting protocols like HTTP, HTTPS, WebSockets, DNS</li>\n<li>Understanding of TCP/IP and ARP to run packet traces and troubleshoot network issues</li>\n<li>Any of these certifications: Cisco CCNA, Microsoft Certified Solutions Expert (MCSE), Apple Certified System Administrator, CompTIAA+, CompTIA Network+</li>\n</ul><div><br></div><div><strong>Perks at Loom</strong></div><div><br></div><div>* Competitive compensation and equity package</div><div>* Medical, dental, and vision coverage (US-based team), healthcare reimbursement (non-US based team)</div><div>* Unlimited PTO</div><div>* Remote-first team</div><div>* Paid parental leave</div><div>* Yearly off-site retreats (this year we went to Costa Rica for a week!)</div><div>* Learning & Development reimbursement</div><div>* Wellness reimbursement</div><div> </div><div><strong>SF office perks</strong></div><div>* Remote weeks every other month</div><div>* Daily in-office lunch, unlimited snacks & drinks</div><div><br></div><div><strong>Remote-specific perks</strong></div><div>* Home office & technology stipends</div><div>* New Hire Onboarding in SF</div><div><br></div><div><strong>Loom is an equal opportunity employer.</strong></div><div>We are actively seeking to create a diverse work environment because teams are stronger with different perspectives and experiences.</div><div><br></div><div>We value a diverse workplace and encourage women, people of color, LGBTQIA individuals, people with disabilities, members of ethnic minorities, foreign-born residents, older members of society, and others from minority groups and diverse backgrounds to apply. We do not discriminate on the basis of race, gender, religion, color, national origin, sexual orientation, age, marital status, veteran status, or disability status. All employees and contractors of Loom are responsible for maintaining a work culture free from discrimination and harassment by treating others with kindness and respect.</div>\n\n<p><strong>To apply:</strong> https://jobs.lever.co/useloom/15398ec6-b2c1-4f95-9ef5-8fa2a62c1bed?lever-origin=applied&lever-source%5B%5D=WeWorkRemotely</p>\n"
What would be the best way for me to actually grab data from this block? Even if I try to pick things up like img src, head quarters, or a href links, it's a big string where I can't easily split that makes sense.
Don't treat it as a string, treat it as an HTML document. Then you can employ the full power of CSS or XPath selectors (or even manual traversal using Ruby methods).
require 'nokogiri'
doc = Nokogiri::HTML.fragment(str)
# img src
doc.at_css('img')["src"]
# => "https://we-work-remotely.imgix.net/logos/0015/9022/logo.gif?ixlib=rails-2.1.3&w=50&h=50&dpr=2&fit=fill&auto=compress"
# headquarters
doc.at_xpath('.//strong[contains(text(), "Headquarters")]/following-sibling::text()').text.strip
# => "San Francisco"
Our group is working on a sentiment analysis research project. We are trying to use the Twitter API to collect tweets. Out aimed dataset involves a lot of query terms and filters. However, since each of us has a developer account, we were wondering if we can pool API access tokens to accelerate the data collection. For example, we will make an app that allows us to define a configuration file that contains a list of our access tokens that the app will try to use to search for a tweet. This app will be run on our local computer. Since the app uses our individual access tokens, we believe that we are not actually not bypassing or changing any Twitter limit as the record is kept for each access token. Are there any problems legal/technical that may arise from this methodology? Thank you! =D
Here is a pseudocode for what we are trying to do:
1. define a list of search terms such as 'apple', 'banana'
and 'oranges' (we have 100 of these search terms, we are okay
with the 100 limit per tweet)
2. define a list of frequent emotional adjectives such as 'happy', 'sad', 'crazy', etc. (we have have 100 of these) using TF-IDF
3. get the product of the search terms and emotional adjectives,
in total we have 10,000 query terms and we have computed
through the rate limit rules that we would need at least
55 runs of 15-minute sessions with 180 tweets per 15-minute.
55 * 15 = 825 minutes or ~14 hours to collect this amount of tweets.
4. we were thinking of improving the data collection by
pooling access tokens so that we can trim down the time
of collection from 14 hours to ~4 hours, e.g. by dividing the query items into subsets and letting a specific access token work on a subset
We were pushing for this since we just think it's efficient if it's possible and permitted since why not and it might help future researches as well?
The question is, are we actually breaking any Twitter rules or policies by doing this? By sharing one access token per each of us three and creating an app that we name as clones of the research project, we believe that in turn we are also losing something which is the headroom for one more app that we fully control.
I can't find specific rule in Twitter so far about this. Our concern is that we will publish a paper and will publish the app we will program and use for documentation and the app we plan to build. Disclaimer: Only the app's source code will be published and not the dataset because of Twitter's explicit rules about datasets.
This is absolutely not allowed under the Twitter Developer Policy and Agreement.
Twitter developer policy 5a:
Do not do any of the following:
Use a single application API key for multiple use cases or multiple application API keys for the same use case.
Feel free to check with Twitter directly via the developer forums. StackOverflow is not really the best place for this question since it is not specifically a coding question.
A week ago Buzzfeed announced a new viral traffic tracking tool called "Pound" (Process for Optimizing and Understanding Network Diffusion). Whereas marketers and webmasters are currently used to seeing social traffic in aggregate buckets per source, Pound promises to help us visualize the actual person-to-person sharing of content and the traffic resulting from each step... sorta, apparently the tool can't (or opts not to) match individual users to their corresponding node in the network:
Pound does not store usernames or any personally identifiable information (PII) with the share events. Each node in the sharing graph is anonymous. We are not able to figure out who a user is by looking at the graph data.
Interesting. I assume Buzzfeed is keeping this anonymous to preempt complaints when the company uses Pound to sell ads. More interesting, the hint the Buzzfeed engineers provide as to how this tool works:
Pound data is collected based on an oscillating, anonymous hash in a sharer’s URL as a UTM code.
How might this work? Does the UTM code mutate every time a link is shared or reshared? I don't understand how this is possible. If it's not, how might this functionality be possible?
We have a system that allows you to scan your credit card on a MSR and from the dump I pull the needed fields such as name/cc/exp. Recently we had to add globalized credit cards to this. For almost all of the card provided, I was able to still pull the information since they seemed to all follow a standard. One exception however was a Maestro card. The format is completely different, and since I neither have one to verify actual number on card vs dumped data, nore have access to any other dumps, it's very hard for me to figure out the correct format of these. I also did some google searching with little luck of extracting data from a MSR dump.
Unlike almost all other cards, track one does not start with "%B" and Track two does not start with ";". Both tracks do appear to end with "?" (based off analyzing the whole dump, not by track). Track 3 does appear to be empty, which is normal.
The whole dump seems to lack any name data and is basically in the format of:
###=###?
###=###=###==#=###?
Note that besides the single #, where I had 3 it was variable length.
Again I only had access to one single dump, which for obvious reason I cannot post here.
If anyone has some example code in any language, or can link me to some help, I'd really appreciate it.
Thanks in advance,
Anthony
Is it possible that the card you are testing is faulty or simply a non standard card that is generally not supported? try to check track data from other maestro cards before assuming your system is at fault.
I say this because ISO 7813, the governing standard for transaction cards is pretty clear regarding the fact that track 2 data begins with start sentinel ";" and that all valid bank cards have a format code "B" following the start sentinel "%" in track 1.
check the standard carefully and make sure your system is parsing correctly:
http://www.gae.ucm.es/~padilla/extrawork/tracks.html
As a derivative of my previous curiosity question I had a followup curiosity. Is there a future and/or an application for the 6502, the VIC and the SID chips ? I know they are still produced, and used. For example, I remember the 6502 makes a perfect controller chip for small appliances. the SID for sure is still present in some "retro" sound synthesizer, although my guess is that it's just emulated. What about the VIC ?
Community wiki question as there's no correct answer.
I would look at 6502.org, including its list of commercial support and list of projects.
For example, I remember the 6502 makes a perfect controller chip for small appliances.
I dunno about the VIC and SID chips (special purpose video / audio chips are different than a CPU), but I don't see any reason to use a 6502. There are tons of cheap low-power microcontrollers (e.g. Microchip PIC, Atmel, TI MSP430, etc) that are readily available, have more CPU horsepower than a 6502, have useful peripherals (ADCs, UARTs, built-in oscillator, etc), and have real-time debugging features. Why use a 30-year-old microcontroller?
I would think their future is limited. I don't know what kind of quantities are still being produced but you have to figure even the 486 is probably being produced in far greater quantities than the 6502. So even though the 486 might be overkill for some applications its availability determines its price thus making it more attractive to device manufacturers.
Then, as you say, the functionality of the 6502, VIC, and SID chips are easily emulated these days--even in software. So that might drive the demand for those chips down since its probably cheaper to emulate.
Cost means it still sells millions of units each year. 6502 is cheapest 8 bit CPU; doesn't have 6 month lead time like Stm8, braindead memory model like pic or 8051 or overpriced like avr, pic, msp430. To go cheaper you have to go 4 bit which is very limited. Admitedly arm chips like stm32f030 are only a few cents more but there is a company called Walmart that asks for products to be as cheap as possible so manufacturers cut cents of costs.