The whole point of R2 is to remove predatory practices of egregious charging for egress, and if somehow they went back on this promise that would be a very bad PR.
This is not an option for the majority of businesses now as PayPal requires mandatory funds hold which may routinely be on the order of 90 days. So even if you sweep it daily, you still have 1-3 months of your MRR sitting in flight and at risk indefinitely.
I do all my business via PayPal, and have done so for 20 years. No mandatory funds hold. My account is cleared monthly, but I could have chosen daily (that screws with my own personally accounting). $200k/year transaction volume.
Too many people generalize specific stories or their own PP experience to all of PP.
PayPal offers the only viable micropayments service on the planet. Ardour.org saves 23c on every US$1 transaction we make (and there are a lot of them). There are no alternatives to this at the present time (and if there are, tell me about them).
PayPal is an enormous percent of total sales at my company. We accept all sorts of other payments types. So we drop PayPal and then what exactly? Suffer the loss of customers?
If using Paypal imposes additional operational risk, it's entirely reasonable to charge users extra for using Paypal. Offer them lower prices for using a payment method that isn't 100% shite.
As a seller, you are going against paypal TOS if you charge a fee to use it, the same way a credit card carries the risk of chargebacks but you aren't alowed to charge a credit card fee. I agree that this would be an effective risk-management tactic (less the fact that the fee you charge to mitigate the risk still gets processed by the risk factor) but it would also worsen your chances of getting banned.
This is indeed what I would do if I'd absolutely have to use PayPal. Customers can use it if they really want to, but they're the ones paying for the risk.
I pay a few companies by PayPal. I even switch to competitors if they are very similar (reputational-wise too) and one accepts PayPal while the other requires my credit card; but that doesn't happen very often.
The issue is that the credit card system is broken. PayPal is a bit less broken from the customer POV. (At least in my country, where if they just removed money from my bank account, I'd go to the police and somebody would likely be arrested - or rather, I'd report to my bank, confident they would go to the police.)
I have no good solution to this either. Fixing the credit card system requires replacing credit cards, and the US will be an enemy of anybody that tries that.
For me, it's the extra security and convenience. If the website doesn't use Shopify/PayPal, I'm trusting them with my credit card information and who knows how good their database security is.
It's the total lack of security. With the automatic consequence that all kinds security theater get imposed, stripping people of all kinds of rights, and solving none of the problems.
As a customer, I don't see the fees. But yes, by an eagle-eyes view the amount of inefficiency on the system is a problem too, as is the oligopolization. But those don't get in my mind when I make that kind of choice.
> It's the total lack of security. With the automatic consequence that all kinds security theater get imposed, stripping people of all kinds of rights, and solving none of the problems.
Not that I’m claiming that credit cards are a bastion of security, but could you be more specific?
What rights are you giving up? What inefficiencies do you see?
Have you tried promoting other methods such as standard credit card payments above PayPal? Have you AB tested removing PayPal? It could be a convenience but not a blocker.
Paypal also has massive costumer trust outside of HN. Many people would not dare enter their credit card info on a website but will happily click the buy with paypal button. It also has incredibly low friction, which makes you more money.
In europe, the UX flow for someone ordering with a credit card goes:
Enter cc info -> wait for 3d-secure notification -> click it -> enter passcode and possibly fingerprint as well -> click approve -> wait for the site to send you back from 3d-secure page -> order confirmed
With paypal, this flow, that happens everytime someone buys from your site, even repeat costumers, is reduced to:
Click buy with paypal -> possibly login to paypal again -> click "yes i want to pay this" -> order confirmed.
Some sites even make use of paypal's delivery address API and don't even require you to enter it.
It's really a no-contest that costumers using paypal will drop out of the flow at a significantly lower rate than costumers using a card. In some markets, your busines is dead in the water if you decide to not accept paypal.
As a user who uses paypal a lot, this is exactly why - I don't trust random websites with my credit card number, but I already have decided to trust paypal and given an option to use paypal vs a site's own CC processing, I'll use paypal.
I'd love to be wrong though, since after reading all this I kind of feel bad for the merchants, but otherwise I'll continue to prefer using paypal.
Lots of so called challenger banks offer virtual cards which can be used with merchants you do not trust, thus mitigating the risk of them having your ACTUAL card number which they can abuse/leak.
Yes, but if you already have PayPal, it's much easier to just use it as opposed to:
1. get an account with a new back
2. transfer funds
3. have new temporary card issued
4. use that card to pay
Me too. The issue is that while PayPal is pretty bad, I don't know of any other processors that are any better (from the customer perspective). And PayPal is universal, nobody else is. I don't want to have to manage multiple payment processors.
If I don't get the 3d secure authentication from my bank when buying something with a credit card then I don't trust this site. The places I buy from don't even offer paypal as an option, I guess they must be too expensive for the local web shops.
This isn't a Paypal-specific practice, but rather a common practice for credit card acceptance for certain types of business; if these customers go to some other bank for card acceptance a merchant account, they'll get similar conditions.
I'm pretty sure that seizing customer funds is part of their profit model. They've been doing it for a very long time, and well beyond anything that could reasonably be explained via regulatory or card scheme requirements.
Official install guide is underlining that all the Cloudflare's offerings are still a disjointed bunch. You need to enable billing in 3 separate products in 3 different UIs (while only Images requires an actual paid plan, Access requires a credit card to onboard and Workers Unbound is probably a good idea to enable right away).
Why so much management/onboarding complexity if you really want to compete with AWS as a general-purpose cloud?
> "Don't send me your details, I've fixed the problem for you and everyone else with the same issue" = green flag
While I agree with the sentiment, fixing it in this way for any org of the CF-like scale will take days or weeks (because of peer reviews, compliance etc.). Fixing it fast by adding exception in some control panel is probably fine.
What's alarming is that the escalation process didn't really change for all the time I'm using Cloudflare as a customer (8 yrs now?) and watching jgrahamc's involvement. The fact he has a bat signal trained on the HN is a major red flag.
I'd keep a woodpile nearby only as an emergency stock, just for the case you described (when you cannot go to the forest due to the storm or being sick).
I agree that the rest of the house has questionable design choices though.
btw, this paper card approach was replaced by physical hardware OTP tokens (lasting multiple years until they have to be replaced), it’s as secure as the supply chain (which is also a factor for paper cards), so I’m not sure why Korea still clings to this as tokens are obviously a net gain in ops cost
I dunno where you got the idea that South Korea still clings to paper-based number cards, but OTP tokens have been in use for the better part of a decade here. Nowadays you don't even need hardware tokens, since it's considered OK to replace them with mobile apps that use TPM to manage keys.
Sorry about that. My bank still provides me with cards. I never asked about a OTP dongle and I don't want to enable mobile banking, so cards it is. But almost everyone in Korea (who isn't paranoid about a single compromised device) is now on mobile banking, rather than website banking.
The Canada Revenue Agency does something similar, where instead of TOTP they ask you to print a grid of alphanums and they ask you for combinations.
The only problem is I think they're only good for a couple months at which point you need to do verification by mailed token which is a royal pain in the ass
As pointed out, legislation detailing the exact measures needed to be done. I guess they copied over the idea of European TANs but they never found out about hardware OTPs.
Update is valuable, but I'm surprised there is no word on you looking for another payment processor. I do realize it's a painful process from the integration & KYC bullshit perspectives, but I'd be looking for alternatives after experience like this.
Also, it's good that Stripe deservedly gets bad publicity for shit like this, but nothing will really change unless they start losing paying customers.
It's a typical setup, PayPal even have the automated daily bank withdrawal for merchants. What you probably fail to mention or notice that the company transferred the money once they clear the mandatory hold window.
Exact width of the window may be adjusted case by case and depends on the stuff you sell — e.g. if it's digital goods with immediate delivery it may be shorter, if it's physical goods it may be certain amount of days after delivery verified by tracking number. In my case I was working for a company that provided proxy auction participation support, PayPal forced 30d non-negotiable hold on all our transactions.
So, you may transfer it every night, but it's safe to assume that 25-100% of your monthly revenue going through PayPal is sitting there at all times.
Even if you withdraw it, they can still come after you to get ‘their’ money back. PayPal (in the UK at least) requires a direct debit authorisation to be able to withdraw funds to a bank account. Part of that agreement is that they can also take money from your bank account if they decide to.
My experience with this is that I sold an iMac on eBay, then a week later PayPal informed me that the person who paid in fact has stolen someone else’s login, and so they sent a debt collection agency after me to make me refund the money, even though I no longer had the iMac.
Nausea issue is not solvable by any standalone device. We'll either have direct brain jack-in that can override full range of sensory input (so there will be no dissonance between your sense of balance and vision) or we're stuck with mostly static experiences (teleporting point-to-point instead of moving etc.) which are not immersive.
Not seeing the first one delivered within 5 years for sure and probably not within 50.
Do you have numbers of the percentage of people who do get motion sickness from vr? Perhaps 50% of the population not going vomity is a large enough market? Perhaps 10%? As devices get better the market will grow. I can definitely feel off at 60Hz, but no problem so far at 120 if the latency is kept to a minimum.
Plenty of people get seasick, but there are still quite a few of us who enjoy sailing a day through a proper October Storm.
I don't have an exact number, but let me answer your question with another question — why else are the most popular VR games (Beatsaber, Alyx etc.) either completely static or move-by-teleport? My suspicion is that they were playtested _ad nauseam_ and this showed significant portion of the players to be affected.
> I can definitely feel off at 60Hz, but no problem so far at 120 if the latency is kept to a minimum.
This is a common misconception and the type of nausea I'm talking about has nothing to do with the screen update latency or head tracking latency. Strongest effect happens when you're mostly stationary in the real world (sitting or standing on the floor) but moving in VR (let's say riding a rollercoaster). In this case, your vision tells your body that you should feel acceleration/deceleration, but your inner ear tells your body you're completely stationary. This is a contradiction commonly associated with intoxication and body deals with it accordingly.
I accept that strength of the effect is different for everyone, for me personally when I tried the rollercoaster demo on Quest 1 nausea lasted for 2 hours (!) despite the fact that I was never seasick in my life before.
If your need is video conferencing, relatively recent ‘insta360 link’ is _very_ good. I’ve ditched my mirrorless+HDMI setup in favor of it and haven’t seen any drop in quality.
Companion app is pretty shit though, but they seem to be working on it.
The whole point of R2 is to remove predatory practices of egregious charging for egress, and if somehow they went back on this promise that would be a very bad PR.