Keyboard.io has a writeup of the BoC from the other side, so that’s cool. It brings up some things I didn’t notice: that the “lightning” cable is actually a dual lightning/Android cable. I also can’t remember if I got the repair stencil and just set it aside forgotten because I don’t have anything iPhone, or if there wasn’t one.
The smart watch has been fun to play with. I eventually made it down to Best Buy for a $1 SIM card and $10 burner phone (because I have zero space for new apps on my real phone, and because I want to play with every skeevy watch app on the Play Store), but ran into some ugly snags there.
I’ve long had a love-hate relationship with Tracfone, which my real phone also is. The service has been pretty great for the price, but when I sent a password reset request and they responded by sending my password in the clear I realized that mayyyyybe this wasn’t a company I really wanted to trust with my credit card information. But hey, it’s cheap, so you measure the risk.
But this time, midway through the transaction, Firefox threw a “You’re about to submit values from a secure page into an insecure page,” and I clicked cancel instead of proceed because even for Tracfone, that’s a new low. I got a blank white screen as a result, which turned out to be the above. Not sure if Tracfone is violating PCI standards or not - the credit card transaction went through successfully (so my card was charged within a nice SSL transaction), but the phone activation didn’t. So a MITM could “only” have stolen the activation/minutes, and not gotten full access to the card (as far as I can tell).
So now I need to get around to yelling at Tracfone about this, soon as I decide if I want a refund or for the transaction to be completed.