I have never had an issue with the system and I am in total support of the cashless system. It is so good that you can wake up in the morning and even before you get to your car, pay for parking knowing where you will be going and not be bothered at all ./Ok3ch On Tue, Aug 4, 2015 at 2:24 PM, Jared Oyier via skunkworks < skunkworks@lists.my.co.ke> wrote:
Maybe it’s coz you are so much against the system.. :)
City Hall was loosing a lot more money by accepting “cold hard cash”.
From a policy implementation or a system implementation point of view, if you allow such exceptions then within no time there will be no one using the system or following the policy however good the solution could be.
-- Jared Oyier Sent with Airmail
On August 4, 2015 at 3:57:20 PM, John K. via skunkworks ( skunkworks@lists.my.co.ke) wrote:
Well. The parse error just cost me 2,300. Had a meeting in town, luckily got a parking tried to pay for parking to no avail for almost 10 minutes, either the NCC app crashes shows the message "Parse Error" (whatever the f*** that means), I give up. Look around for the yellow jacket guys, damn, nobody around so I find a watchman nearby, and he agrees to pay for me the 300 when the council guys show up.
I get back 1.5hrs later, only to find my car clamped. WTF? The watchman is there, gives me back my 300 and says they don't accept cash anymore. City council lady nearby even comes and confirms yes we don't accept cash anymore. What the fuck? This is the height of stupidity, I have cold hard cash in my hands, are you in the business of receiving e-transactions or cash? I was so mad things almost got out of hand. I showed her the app with its stupid error, nothing, says I pay the fine or they tow, insists the system is up and it's my fault for not trying harder.
I have money but that's no, its still not money according to them; did Kenya change it's laws and real paper currency has no value any more?
Hope they get sued this is f** bullshit.
Regards, John K.
On 2 August 2015 at 11:02, Jangita via skunkworks < skunkworks@lists.my.co.ke> wrote:
quite obvious... Kenya yetu ᐧ
On 1 August 2015 at 21:30, Joseph Koech <josephkoech.dev@gmail.com> wrote:
I wonder, how comes tried and tested payment platforms like PesaPal and Lipisha were not used. Ama ni kujuana. On 1 Aug 2015 15:59, "Jangita via skunkworks" <skunkworks@lists.my.co.ke> wrote:
lol, I've always asked myself if say New York can fall back on traffic police when electricity disappears! ᐧ
On 1 August 2015 at 15:39, John K. via skunkworks < skunkworks@lists.my.co.ke> wrote:
I wonder why they just don't fall back to cold hard cash when the system is down. What happens if it's down for a week?
Regards, John K.
On 31 July 2015 at 17:45, Kennedy Kairu Kariuki <kkairu@gmail.com> wrote:
Someone mentioned the issue on depending on one system eJijiPay hitch hands motorists free parking
http://www.businessdailyafrica.com/eJijiPay-hitch-hands-motorists-free-parki...
Kind Regards,
Kennedy KK
Mobile: +254-721-699119 / +254-20-5283207 Skype: k.kairu Gtalk: kkairu
On Wed, Jul 29, 2015 at 11:08 PM, John K. <kamau.john@gmail.com> wrote:
> They did but how did a financial app get to production without it in > the first place. And.. It had to be pointed out by the public for the fix > to be issued. > On 29 Jul 2015 10:07 pm, "Kennedy Kairu Kariuki" <kkairu@gmail.com> > wrote: > >> I thought they said they've fixed the HTTPS issue on twitter???? >> >> >> Kind Regards, >> >> Kennedy KK >> >> Mobile: +254-721-699119 / +254-20-5283207 >> Skype: k.kairu >> Gtalk: kkairu >> >> >> On Wed, Jul 29, 2015 at 9:12 PM, John K. via skunkworks < >> skunkworks@lists.my.co.ke> wrote: >> >>> What I wrote is based on what I have heard from 2 different >>> unrelated sources, and since I have no proof it makes it all an allegation, >>> hope that makes it clear. Whether they came in via dubious methods or not I >>> have no proof and all I have is hear say. That being said, the system is >>> here and so it must be judged by industry standards when it comes to >>> handling real world money. >>> >>> >>> Regarding.. >>> >>> @1. The system was not compromised, it had no security at all. How >>> can a system that will accept payments from hundreds of thousands of users >>> not even have https, and to make matters worse a hard-coded IP address? The >>> system is going to be a mobile wallet, the first thing in mind should be >>> security, nothing else. There should not even have been a version 1.0 >>> without a basic audit be a team of security engineers. I find it impossible >>> to trust a company handling money that could not figure this out on their >>> own. >>> >>> @2. I agree there are a lot of variables to consider and maybe >>> they did win legitimately. However, there are already established firms >>> that have gone through the hassle of figuring it out. Why do we need >>> another mobile wallet? This part makes no sense to me. Here's a simple >>> workflow of how to get your cash to that 2nd wallet. >>> >>> *Bank > Mpesa/Orange/Airtel > JamboPay Wallet > City Council* >>> >>> Why that extra step is required? All the other platforms work just >>> as well, and they're tried and tested. If you are in tech you know that the >>> solution with the fewest points of failure is the best. I find it hard to >>> swallow that between Safcom,Equity,Orange,Airtel,PesaPal,KopoKopo, etc >>> nobody offered a competitive solution that would have worked without as >>> many hitches. >>> >>> @3. If one of the company's prime form of payment gets 1 star >>> reviews then this should raise flags everywhere. This is a sign that they >>> have a big problem with either the developers, project managers, QA or >>> management. I can only imagine what the back-end is like >>> >>> >>> Let us not forget this is a company processing payments that can >>> seriously impact your life. If you pay for parking and it doesn't reflect, >>> then you find your car clamped while your kid sits in the cold rain waiting >>> to be picked up, what will JP tell that parent? and that's just one >>> scenario, I can think of plenty more. And to make matters worse it seems >>> the system has been forced on us, it's a take it or leave it scenario and >>> it's clear all the possible implications have not been well thought out. >>> >>> Finally, defending a sloppy solution is not the way forward, I >>> prefer we tell the hard truth, ignoring it won't make it go away. They >>> should be held up to the same (if not higher) standards that other systems >>> are held up to. They either improve or we (the city) finds another provider. >>> >>> >>> >>> >>> No https? I still shake my head the day I saw my pin in plain >>> text. Amazing. >>> >>> Regards, >>> John K. >>> >>> On 29 July 2015 at 18:44, Jared Koyier <jaredkoyier@gmail.com> >>> wrote: >>> >>>> So John K. so you start by saying "Based on your investigations" >>>> then you end up talking about allegations! "Allegedly grab a chunk..." >>>> >>>> Let me say this; >>>> >>>> 1. The fact that a system has been compromised by users doesn't >>>> make the developer(jambopay) or the owner(Kidero) culpable. All systems are >>>> vulnerable. The issue here could probably be a privileged user with >>>> legitimate access for all we know. >>>> >>>> 2. There are lots of factors that informs any entity to pick a >>>> solution. The fact that Equity or KCB offered solutions earlier and were >>>> not picked does not qualify as a reason to castigate another solution. >>>> Equity if i recall had a huge misunderstanding with Narok county in >>>> collection of Maasai Mara revenues. >>>> >>>> 3. That image on user review...come on! Everyone has an opinion >>>> that is biased by their particular environment. Even Iphone6 which has been >>>> sold like crazy wolrdwide has bad reviews on GSMARENA. There are a million >>>> variables why someone gives a bad review. >>>> >>>> i am yet to fully understand jambopay , but am guessing theres a >>>> gap it bridges btn cityhall, mpesa and cars parked >>>> >>>> >>>> Sincerely, >>>> Jared Oyier >>>> >>>> >>>> On 29 July 2015 at 16:41, John K. via skunkworks < >>>> skunkworks@lists.my.co.ke> wrote: >>>> >>>>> The main benefit of exploiting it would be to get a user's PIN, >>>>> this would only work if you know who you are targeting. There is another >>>>> vulnerability that can work but I'd rather not mention it here, never know >>>>> who might decide they can try it out. >>>>> >>>>> My 2c. >>>>> >>>>> <begin_rant> >>>>> >>>>> Based on my own investigations JamboPay is the evil love child >>>>> of Kidero and Kiamba. Apprently they used to allegedly grab a chunk of >>>>> parking receipt books every evening, burn them and keep the money. Then >>>>> they realised they may as well be the ones to provide the IT system and so >>>>> do with it whatever they want. They looked for someone that will agree to >>>>> their terms, for months and it seems they finally found someone who agreed >>>>> and so the devil child was born. >>>>> >>>>> Doesn't anybody find it strange that the JamboPay came in so >>>>> quickly? Equity Bank and KCB (not to mention plenty others) have approached >>>>> NCC for years with a parking payment solution. Equity even offered to buy >>>>> the devices and throw in a 5b loan to sweeten the deal, but still nothing. >>>>> Then in a couple of months a company comes in and is now the SOLE company >>>>> that can process parking payments. Like Wtf? >>>>> >>>>> How can a system that we technical folk here have shown has >>>>> serious security flaws, has user issues as shown below, still be the SOLE >>>>> system trusted with the millions of shillings made from parking in Nairobi? >>>>> >>>>> >>>>> >>>>> >>>>> [image: Inline images 1] >>>>> >>>>> >>>>> I'll end by asking why do we even need another mobile wallet? >>>>> Between Mpesa, Airtel Money, Orange Money and now Equitel we have enough. >>>>> And if Jambopay must stay, why can't other companies be allowed to process >>>>> county payments? For now you're screwed if the jambopay system has issues. >>>>> Shouldn't you be able to switch to mpesa paybill, visa or any other >>>>> provider if need be? It seems all we've done is converted the easily stolen >>>>> parking receipt books to ones & zeros, and given someone the "Delete" key. >>>>> >>>>> I feel so ashamed for this country when stuff like this happens. >>>>> >>>>> </end_rant> >>>>> >>>>> >>>>> Regards, >>>>> John K. >>>>> >>>>> On 29 July 2015 at 13:41, Isaac Kiplagat < >>>>> isaac.kiplagat@gmail.com> wrote: >>>>> >>>>>> John K... >>>>>> >>>>>> Can we exploit the vulnerability to raise the missing millions >>>>>> collected from parking from 272M to 500M in the FY and ensure that Kidero >>>>>> is out of office in the next ellection :). I mean, may be this was the >>>>>> cause of missing millions that could be accounted for from parking fees- >>>>>> Auditors report(political). >>>>>> Or >>>>>> Should we see Dan, MD Jambopay and perform comprehensive test >>>>>> to the system for a small pay (Economic) >>>>>> >>>>>> Or >>>>>> Go to media and get cheap publicity and flatten our broke ***es >>>>>> (Social). >>>>>> >>>>>> >>>>>> This is the definition of *Political and Socio-econmic >>>>>> development in Kenya* >>>>>> >>>>>> Regards. >>>>>> Ik >>>>>> >>>>>> >>>>>> >>>>>> On 29 July 2015 at 13:00, 0xexplorer via skunkworks < >>>>>> skunkworks@lists.my.co.ke> wrote: >>>>>> >>>>>>> Out of curiosity, have you alerted the service provider i.e >>>>>>> City Hall? >>>>>>> >>>>>>> Based on your experience, I suspect this is a case of >>>>>>> collusion with the back office guys. >>>>>>> >>>>>>> -------- Original Message -------- >>>>>>> Subject: Re: [Skunkworks] NCC Mobile County App Security >>>>>>> Time (GMT): Jul 29 2015 09:10:23 >>>>>>> From: skunkworks@lists.my.co.ke >>>>>>> To: kamau.john@gmail.com, skunkworks@lists.my.co.ke >>>>>>> CC: lmwangi@gmail.com >>>>>>> >>>>>>> I'll just leave this one here >>>>>>> >>>>>>> I work in the CBD and often use the streets 'kanjo' parking. I >>>>>>> like convenience hence i normally pay seasonal parking when my pocket >>>>>>> allows, either the one month or three months. So this 'respectable' Kanjo >>>>>>> lady approaches me yesterday while leaving the parking slot and says she >>>>>>> notices my seasonal parking is expiring today, 29th July. >>>>>>> >>>>>>> I say 'yes' and she asks whether i mind promoting her. How i >>>>>>> ask? She offers to renew my seasonal parking then i pay her in cash or >>>>>>> mpesa. I agree but on on condition, that i get the confirmation message >>>>>>> from JamboPay and that when i dial *217# i will get a valid response. We >>>>>>> agree to meet today at 7:00am at my usual parking spot. She calls me today >>>>>>> at 6:50am asking if she should proceed to pay i say yes am on my way to >>>>>>> town. I arrive 30 minutes later but still no JamboPay message. However she >>>>>>> calls me and tells me that her 'person' has gone to City Hall to pay (FIRST >>>>>>> ALARM BELL!!!). >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> skunkworks mailing list >>>>>>> skunkworks@lists.my.co.ke >>>>>>> ------------ >>>>>>> List info, subscribe/unsubscribe >>>>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>>>>> ------------ >>>>>>> >>>>>>> Skunkworks Rules >>>>>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>>>>> ------------ >>>>>>> Other services @ http://my.co.ke >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Isaac Kiplagat. KIP® >>>>>> >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> skunkworks mailing list >>>>> skunkworks@lists.my.co.ke >>>>> ------------ >>>>> List info, subscribe/unsubscribe >>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>>> ------------ >>>>> >>>>> Skunkworks Rules >>>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>>> ------------ >>>>> Other services @ http://my.co.ke >>>>> >>>> >>>> >>> >>> _______________________________________________ >>> skunkworks mailing list >>> skunkworks@lists.my.co.ke >>> ------------ >>> List info, subscribe/unsubscribe >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>> ------------ >>> >>> Skunkworks Rules >>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>> ------------ >>> Other services @ http://my.co.ke >>> >> >>
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke