I've told folks half joking and half not that if they really want to level up their English, they should learn French. Once you know what to look for, you notice all the English words that came from French. It's something like 30% of our words.
Not by any metric you'd care about. (And almost certainly not by any metric at all.)
Your comment contains 49 words. 4 come from Norse, 2 come from Latin (without passing through French), and 3 come from French. The remaining 40 come from Old English.
That's the count by token. By lemma, I counted 9 duplicate words, of which two are Norse and 7 are English. That brings French all the way up to 7.5%!
It's true, though, and in fact 30% is a conservative estimate. The percentage of English words that come from French varies from 29% to 45% depending on whether you count derivatives of those words.
What overview? That page repeats a bunch of claims on the basis of nothing, with a big banner at the top of the page warning you that none of the content is supported by any evidence.
The only citation on that page is a dead link to a Canadian university's "about our French program" page, which, while it does claim that 45% of all English words "come from French words" (again, on the basis of nothing), nevertheless manages to contradict the Wikipedia page that cites it by estimating the number at 50,000 rather than Wikipedia's reported 80,000.
I spent a lot of time in undergrad researching to find the books cheap online or buy the Indian paperback version that is only hardcover in the US. The oncampus bookstore gave peanuts when you sold it back and some profs were oblivious and would just require the newest version when the older version would work.
There needs to be a minimum amount of content that has materially changed in order to call it a new edition. Moving questions around and adding a word here or there is not cool.
Chip + Signature depends on the venue which makes it really annoying.
Went to a new city, one place out of the four I visited required a signature, the rest were fine with tap to pay/chip+Pin. Some places are fine until some arbitrary limit, etc. The place that made me sign? The purchases were $5-$6.
Chip + Signature is a dumb USian thing because merchants didn't want to change their readers to have a secure PIN pad.
Contactless has different floor limits than Contact (chip). For example, in AU, the limit for contactless without PIN is ~AUD100. In the UK, I believe its GBP30.
If you tap for a payment over that limit, the reader will ask for the PIN.
The primary difference is that if a customer uses contactless/contact and PIN, then the risk of the transaction is passed to the network/issuer, instead of the merchant.
The UK has a limit of £100 for contactless cards, with a requirement to insert and enter your PIN after a few successive taps. Apple Pay and Google pay technically don’t have the PIN requirement as they’re authenticated and technically don’t have a limit, but in practice most shops still have a £100 limit.
It depends on the POS configuration/support of CDCVM (Consumer Device Cardholder Verification Method). If it doesn't support it, Apple Pay/Google Pay is just a regular EMV contactless card from the POS's perspective, so the regular limits apply.
On some POSes, you can get a hint of when the POS either doesn't understand CDCVM or isn't configured to verify it when you tap with Apple Pay/Google Wallet and you get back a "Cardholder Device Not Verified" on the receipt.
Obviously ultimately, even with CDCVM support, it's up to how things are configured, but in the UK at least, every single POS I've seen that returns "Cardholder Device Verified" will let transactions through the same way as if you did Chip+PIN.
> but in practice most shops still have a £100 limit.
I've not found this to be the case anymore, sometimes the terminal will display a limit or the merchant will believe the limit applies to phones, but no limit is technically enforced.
In my experience few merchants limit Apple Pay to the contactless limit (Tesco being a notable exception) but many of the times I’ve used Apple Pay for larger purchases the person helping me has been surprised that it worked.
> Chip + Signature is a dumb USian thing because merchants didn't want to change their readers to have a secure PIN pad
Americans don't want to punch in a PIN. We have more cards per capita and are habituated to the convenience of a swipe. (Unlike much to the world, our fraud risk sits almost entirely on the merchant side.)
Contactless had no hope with a PIN. Merchants catered to that despite higher cost and risk.
I’m not sure if it’s true for all EU countries and banks, but in general you don’t put in your PIN every time with contactless. The card usually works for a number of transactions without a PIN, often up to a certain limit, after which it asks you to insert it again.
It is arbitrary and random. Some machines will ask for it and others won’t. Some automated machines will refuse US cards altogether. Wait til you’re at a tollbooth entering the Autoroute trying to use all your US cards, and none of them are accepted.
> Americans don't want to punch in a PIN. We have more cards per capita and are habituated to the convenience of a swipe.
When Chip + PIN was introduced in the UK in 2003, people were widely concerned about the potential for inconvenience (entering a PIN takes longer than a swipe, the transaction might take longer to be processed, you might forget the PIN altogether).
In reality, fear outweighed the reality, the world carried on as usual and people adapted very quickly. It's now just totally normal here to enter a PIN and the average British person would feel far more inconvenienced if asked to sign for a transaction instead (which has become such a rare event here that the average person would be completely taken by surprise if asked to do so).
Unlike most of the world, where when a Chip+PIN or contactless payment is made, where the risk is transferred from the merchant to the acquirer/issuer.
That was the whole point of moving to EMV, it removes the fraud risk from the merchant.
That's different to the charge-back risk, which is where the customer disputes the transaction itself.
> where when a Chip+PIN or contactless payment is made, where the risk is transferred from the merchant to the acquirer/issuer
In parts of the world where the consumer's bank bears the risk, and there is in imbalance between commercial and consumer banking, there is a powerful group--consumer banks--to apply pressure.
Sometimes that results in fewer consumer protections. In most: indirect pressure on merchants. (I can think of no country with an imbalance in favor of commercial banking with a strong consumer sector.) This state describes most of the world: optimized for cost reduction.
> That was the whole point of moving to EMV, it removes the fraud risk from the merchant
Who bears fraud risk varies.
In America, it was always the merchants. They have limited leverage over Visa and Mastercard. With the banks neutral and a valid competitor in American Express, there was nobody who wanted to anger consumers by taking away their swipes. (If you're that merchant, you're cash only.) So they optimized for purchasing convenience.
Australia is a cost optimizer. America a convenience optimizer.
I'd argue the opposite. In the US, the merchants had too much power to delay the introduction of Chip+PIN readers.
The fraud of magstripes was huge, because there was literally no security. Anyone could create a magstripe. Customers using credit cards in the US are protected by legislation against that fraud.
The whole point of EMV was to remove the capability of fraud by replicating the magstripe. It meant that the transaction could correctly tell between "card present" and "card not present" transactions. So the risk of card-present transactions is dramatically lowered, independent of who is responsible for the fraud.
It is to both the merchants and the banks benefit to reduce/remove fraud. The banks offloaded it to the merchants in the US (as they did in other countries), but the introduction of EMV was "sold" to the merchants in the rest of the world by the banks saying they would take on the risk of fraud for "card present" transactions.
The banks were never "neutral" in the US. Visa/MC were both bank consortiums.
America is not a "convenience optimizer" its a "changing consumer behavior is hard so lets not do it" optimizer.
> In the US, the merchants had too much power to delay the introduction of Chip+PIN readers
Merchants had more power, but the ultimate deciders were consumers, who have not only a choice in merchants but a choice in cards.
> the risk of card-present transactions is dramatically lowered, independent of who is responsible for the fraud
Nobody cares if business goes down more than the fraud costs.
> Visa/MC were both bank consortiums
This is wrong. American Express is bank-like because it owns its own credit book. Visa and MasterCard are payment processors. They are publicly traded and not bank consortiums. This is crucial to understanding the power dynamic: the payment processors do not take diktats from the banks.
> America is not a "convenience optimizer" its a "changing consumer behavior is hard so lets not do it" optimizer
Sure. Friction avoided for not being worth the trouble is optimising for convenience.
I can personally tell you that had a card gone chip + PIN mandatory, I’d have dropped it, and if a merchant started requiring special payment requirements I’d expect compensation for the trouble. Many merchants, notably Starbucks, did this, but it could never go mainstream. And unlike countries where consumer banks were incentivised to lobby for reforms, that political will to override the public’s preferences couldn’t exist here.
Both Visa and Mastercard started out as companies that were owned by a consortium of banks.
"By 1970, BofA gave up direct control of the BankAmericard program, forming a cooperative with the other various BankAmericard issuer banks to take over its management. It was then renamed Visa in 1976."
Both Visa and Mastercard mandated upgrades to merchant terminals in the non-US world. For example, in Australia, as of 1 August 2014, Chip+PIN was required.
That upgrade has been delayed repeatedly in the US because of pushback from the merchants that don't want to upgrade their terminals. It has nothing to do with the consumers.
Visa in the US states: "When you upgrade to chip technology, you continue to be protected from counterfeit fraud losses. As of October 1, 2015, businesses that don’t accept Visa chip card transactions may be responsible for any resulting counterfeit fraud. Similarly, effective April 17, 2021, Visa transactions made at ATMs and Automated Fuel Dispensers (AFDs) will be included in the Liability Shift Policy."
In the US however, they continue to support signatures, which have been removed pretty much every where else:
"No. Visa continues to support a range of cardholder verification methods (CVMs) including signature, online PIN, and no-signature for low-value, low-risk transactions. Visa will maintain interoperability across those methods with technical standards, business rules, and compliance programs."
Funnily enough my card doesn't work contactless with PIN. I need to shove it into the chip reader to make it work.
Which, thinking about it, is exactly how it should be.
The closed circuit of chip reader and pin was always touted as super secure. Then suddenly, you could pay contactless with most cards regardless of the amount and enter the PIN. Too me this always seemed to subvert the "super secure" chip & PIN authentication.
It's a small "hardship", really. On small amounts contactless works just dandy and having to present the physical card to the chip reader for larger amounts makes me actually feel better.
> Too me this always seemed to subvert the "super secure" chip & PIN authentication.
Chip and Pin usually implies offline PIN. The terminal supplies the PIN, after a one-way transform of some sort IIRC* to the chip on the card, which then verifies it locally against a stored version of that same hash or whatever.
With contactless you're doing online PIN. The terminal applies a transform and some sort of asymmetric key encryption to the PIN, and this gets sent to your bank. There's nothing any less secure here.
(* I wrote an EMV 'kernel' a long, long time ago, in about 2002, and some more PIN block processing code about 8 years back. So it's been a while!)
Chip + PIN is basically the EMV standard for cards with chips on them (and the small set of connectors for when the card is inserted in a reader).
There is very little difference in the process when using NFC, except that the power to the chip in the card is via the NFC field.
There are some changes to the business rules around processing contactless payments. Although the same floor limits for asking for the PIN for contact and contactless are pretty much the same these days.
> Chip + PIN is basically the EMV standard for cards with chips on them
Worse than that, it's a marketing name :)
Or it was in the UK. Strictly speaking the cards contain a customer verification method list that gives the terminal the info about whether and in what priority order it should process PIN offline, online, signature or other methods. This method allows american cards to function elsewhere in the world, depending on the terminal risk profile, and euro cards which usually would require a PIN to function in PIN-less US terminals.
> There is very little difference in the process when using NFC, except that the power to the chip in the card is via the NFC field.
Sure, but in contactless EMV there is no user interaction part of the process, so 'offline PIN' is not a possibility. This is because the transaction process would have to halt while the user entered their PIN and continue afterwards. So I'm pretty sure that for contactless transactions there is no offline PIN CVM. The process is also going to be slightly different in that the card/phone doesn't stick around for any post-transaction issuer scripts, and IIRC from the short time I worked on a contactless product, there is only a single application-cryptogram generation phase compared to the two in a chip transaction, though I can't remember the significance of that now!
Or can I ... the second Gen AC phase is where the card signs off on the bank's authorisation of a transaction, if the transaction has gone online. Strictly your chip card can still decline a transaction even if the bank says it's OK. This is missing in contactless flow because, again, it would require the transaction to pause and take longer than a quick wave.
> I didn't need to re-present the card to the reader. It processed the rest of the transaction after the PIN was entered.
Yeah that's an online PIN, it's sent to your bank for verification, not the card (which has already done its part of the transaction).
(If you want to be pedantic, yes, you're quite right! The EMV transaction process is still going on at that point, between the terminal and the bank, and it has indeed paused to allow the user to enter a PIN. The process between the terminal and the card has completed though, so offline PIN can't be done, because in the offline PIN process the card performs the verification.
Very true, and if there's one thing about EMV, it is pedantic and convoluted and confusing, primarily because it has evolved and is not particularly subject to "intelligent design". :)
Whatever the card reader supports. What EMV call a "kernel" is not what a Linux person would call a "kernel". EMV don't really care, what they care about is that the protocols are followed and that the CHD (Card Holder Data) is protected and that the transactions are properly encrypted at rest and in transit.
So you could write it in Visual Basic if you wanted, but your PCI auditor might have a problem with that. :)
As far as I understand it EMV has L1 and L2 "kernels", then there is an "L3" that is acquirer specific.
When a device is "PCI-PADSS" certified, the L1/L2 kernels are what are tested.
When a merchant is PCI-DSS audited, it is a combination of the PCI-PADSS certification for the device, as well as the L3 layer and other business processing rules around handling the CHD (Card Holder Data). The L3 is supplied by the merchant's acquirer (often with the terminal itself) and the acquirer has had the device validated as part of their PCI audit.
EMV L1 Kernel: The "app" that understands the EMV protocol and data exchanges ("APDUs") between the reader and the card. The equivalent of the PHY chip and ethernet frame handler in ethernet.
EMV L2 Kernel: The "app" that understands the EMV business rules and processing of transaction. The equivalent would be the IP layer in networking land.
EMV L3 Kernel: The specific "acquirer" rules, eg, there is a BIN (Bank Identification Number) accept/deny list that an acquirer will accept. It also has other rules about limits etc that the acquirer imposes. The equivalent would be IPTables in Linux.
PCI-PTS is another one we were concerned with as a terminal vendors, which involved a bunch of stuff around tamper-proofing and tamper-evidence, as well as vetting the cryptographic algorithms in use, some level of source code security evaluation etc. Complicated old business.
I was very proud when my security library, including implementations of all sorts of ANSI X.9 standards, derived-unique-keys-per-transaction, a keystore that was destroyed on tamper, secure program code update mechanisms etc etc passed certification, on a device with 128k of SRAM and 256k of program memory.
Shame it never made it to market. Stupid unicorn company taking on tens of millions in debt and then exploding... still, I got a few trips to China out of it.
So the 'kernel' I wrote was not the one running on the card. 'In the Industry' (which sounds so pretentious!) the core of the EMV logic that runs on a terminal is often referred to as the kernel. It's not much like a real OS kernel!
The kernel I wrote in about 2002/3 was in C and allowed a PC using a dumb reader (with secure PIN pad) to run the transaction, on Windows, Linux or (shudder) Unixware at the time.
Years later in 2014 when I worked on a terminal product the company had bought in a third party kernel, also written in C to run on an embedded MIPs board. There was a platform SDK and a custom gcc variant to build bare-metal executables. You bootstrapped the kernel by passing it a malloc implementation and a couple of hooks to other things like accelerated crypto functions etc, and it provided an API to run the transaction.
I also worked briefly on a contactless terminal product in 2012, which IIRC was C and C++ (old-skool C-like C++) on a proprietary OS of some sort, and they were moving to embedded linux on ARM at the time.
(edit - See also rswall's parallel answer, it's very good. I wrote an EMV L2 kernel in that parlance, and interacted with another.)
There's basically no difference in the "security" of using the card physical contacts to power/communicate with the on-card chip vs using NFC for the same thing.
What is secure is not about the communications, it's about what information is exchanged, how the dynamic CVV is generated and used, how the PIN is validated in a Chip+PIN environment.
The PIN pad, where you enter the PIN is just as secure using the contacts or contactless. The PIN doesn't leave the PIN pad in the clear.
> Chip + Signature is a dumb USian thing because merchants didn't want to change their readers to have a secure PIN pad.
there's a write up on this that i cannot find. the reason was actually that some criminal organization with ties to lots of political pacs had their money cow being fraud (or money laundering) on gas stations. so they forced gas stations to never update the pins for this very specific reason.
>If you tap for a payment over that limit, the reader will ask for the PIN.
This is country-dependent; while this is the case in Spain, it's not the case in France, where the terminal will insist the card be inserted and the PIN entered.
I'm pretty similar except for the digital portion software. My final work notes live as an org-roam database because it has really rich linking, export and embed options. Day to day is in paper and the pertinent stuff is "elevated" to digital.
Diagrams get inserted as an image as-is and can be tagged with pertinent info. I do have the benefit of having decent handwriting that most can read as is or be OCR'd.
I started using a bullet journal some years back and quickly dropped all the rules and artistic spreads for regular notebooks and most recently a pre-printed planner from Japan.
Just went to the Bullet Journal site, wow, there's an app now? There is so much going on there. It's too much. I'm also team fountain pen.
I was an originalist on Emacs and totally agree. I tried Spacemacs and then doom and got to throw away 80% of the customizations I'd acquired over the years.
The only thing that pushed me from Spacemacs, which is a nice distro, to doom was Spacemacs instability. I needed some things from the beta channel and it lived up to its name.
Totally agree. Before starting with a paper journal about 4 years ago, I was using todo.txt for tasks with some org-mode to supplement. I stuck with it for a good while (2012-2016) but needed more flexibility.
I did go through an experimentation phase trying to do what the "official" bullet journal people and the bujo "influencers" suggested. Instead of having to restart and adapt to a new app, I could try a little bit and discard what didn't work or I didn't like.
To the point that grandparent made about:
> A paper journal is almost always impossible to search, easily damaged, easily lost, and easily customized with stickers, different pens and pencils, and other decor.
I can't run a grep on a notebook, no, but I often know about when I took a note on something to find it quickly. I usually run through a single notebook for a bullet journal per year. I started with fountain pens the same time I shifted back to analog. I have a little fun with colored ink, changing colors at most once a week. I tend towards waterproof/water-resistant inks that can weather some random wetness and still be fine. Some of them are even UV-resistant/forgery proof. I'm not taking hours upon hours to create the perfect spread.
I'm not writing outside in the rain. I've misplaced my phone more than my notebook. With the way that many are paper phobic these days, I'm not in real fear that my book would grow legs and walk off.
I've always liked to write things. I got into FPs a couple years ago because it's less pressure and the color selection.
Re: obsession/cost, it is what you make it.
I know folks who won't buy a pen over $5, others who think nothing of dropping $200-$1000.
I know pen folks that have a single bottle of ink and a single pen or two. Others that have dozens of pens and shelves of inks. Ink is relatively cheap. I have a bottle that cost me $20, came with a free pen, is waterproof ink and will last me about 130-200 refills. Another one was $5 for like 60-100.
How long a refill will last depends on a lot of variables(ink qualities, paper absorbency, flow, nib size) but it is possible to do this hobby for the same amount or cheaper than buying single use pens. For example,
The cheapest good pen you can buy without waiting for a month for it to come from China is a Platinum Preppy for $4. You can buy a pack of 10 cartridge refills for 6.75. That brings the price per use down to $0.97, comparable to what it would cost for a low to mid-grade ballpoint. If you instead decide to go for the real amortized savings and buy a bottle and either refill the cartridge via syringe/get a converter, you could reasonably get down to $0.50 per refill.
Even cheaper are the pen brands from abroad that have some models that cost a dollar for the pen and the converter(converter alone can be up to $8 if bought separately with some pens). You could even beat Bic prices. Priced out to as low as 7 cents per refill if you get cartridges in bulk and don't care what the ink is(1USD for pen + ~7USD for 100 cartridges).
It doesn't have to be this bespoke money pit hobby. One thing I have noticed is that zero people borrow pens from me now so I don't have to replace the pens that used to grow legs and walk off.
