I'm the developer of the ExchangeRate-API.com service.
Obviously it's upsetting to have our API used by a scammer, but our service couldn't have been involved in this hack beyond fetching a JSON-formatted response of up-to-date exchange rates because that's the only functionality our service/domain provides.
My guess is that the scammer implemented a call to our API to fetch up-to-date exchange rates in order to make their fake wallet seem more plausible & real. Interestingly my API doesn't even support any exchange rates involving cryptocurrencies and so the scammer would have had to additionally integrate with a different API to get something like the up-to-date exchange rate between BTC and USD.
The API is a very simple service - it's just a few endpoints that supply JSON formatted exchange rates over HTTPS. Anyone with an email address can sign up to use the service for free and there are even some totally "open access" endpoints that don't require any authentication. One of these has been used in the GNU `units` converter software for a while.
With regard to proving it's a legitimate service, this is the point where I wish I had made more progress with the landing page update that emphasizes social proof I've been working on recently! The API is used by ICs/teams at hundreds of recognizable companies. There are tens of thousands of free users including some that have used the API consistently for free for over a decade. I guess you could check many instances of the service being archived on the wayback machine? https://web.archive.org/web/20240000000000*/https://www.exch... I'll definitely admit the domain does look a bit odd but back in 2010 when registering it the "Exact Match Domain" bonus was a big factor for SEO. The site has been a top 3 Google result for "exchange rate api" pretty consistently - presumably also how the scammer ended up using the service.
I've used Cloudflare since approx. 2019 and their "cloudflared" tunnel infrastructure since approx. 2021 to secure servers against DDoS.
I'll contact popey to see if we can get more details on the exact path/request they saw being made to our domain and if that leads to any further information or logging from our side.
I think what parent is saying is the DNS request could have gone to your domain but the TLS handshake and HTTP POST could have contained another domain, because your site and the bad actors server could both be behind the Cloudflare CDN, which would handle both transparently.
No, I mean the initial HTTP request can go to some other site, which can then issue a redirect to anywhere it pleases (i.e. to exchangerate-api.com).
If you're running a malicious service and you want to throw people off the scent, one common strategy is to redirect to random legitimate services so that anyone investigating thinks you're part of the other service.
Long comments like this often look like they're going to present a serious diatribe but this is actually a balanced take.
The line "The two mega coal power stations have been beset with issues as well" even radically undersells just how much of a debacle these two power stations have been. They were supposed to be the 8th/9th biggest coal stations in the world & accurately sized to solve the pending shortages in time, the major contracts went to legitimate companies like Alstom, GE & Hitachi. They were supposed to take approx. 5 years from 2007 and cost a reasonable approx. R30 billion each.
What's actually happened is that 15 years later neither is fully operational and the money spent has crossed 10x the original plans. The parts of the stations that currently do work are hamstrung by massive and debilitating design flaws that regularly cause trips or bigger issues (e.g. a smoke stack collapse last month) and there is no clear end for the construction in site even after all this time & money. And these aren't complex nuclear plants - these are just standard coal power stations. How to build them is quite well understood by now!
It's a combination of sustained and massive corruption (every now and then the current administration finds a few extra billion to recoup from a corrupt contractor), poor original designs that have complicated every subsequent step in the waterfall chart and finally unfortunate incompetence (for instance one of the 6 units at Medupi was entirely blown up after hydrogen wasn't vented before maintenance. The entire generator room must now be replaced with new parts from France at the cost of multiple billions of rands and over a year and a half of additional delay).
Finally, w.r.t. the reforms mention in parent comment's final line - I think they have a chance. South Africa has previously had a radically regulated energy sector. Basically you couldn't generate your own power, period. But due to the pressing political weight of the current situation there have been increasing steps away from the ideological commitment to exclusively state run coal powered grid. Large energy users and businesses can now do paperwork for approval to run their own multi-megawatt stations and basically every big factory, mine, mill etc. is now doing this to varying degrees. The big mining houses especially will spend a lot of money building their own infrastructure now. Between allowing the grid to buy private power (a lot of which is affordably priced renewable energy) and a lot of heavy demand starting to make its own power I think there's a fair chance things will stabilize in the next 2 years. The big question is electoral conferences and the next elections. If EFF wins meaningful electoral power there is a strong chance SA will go the route of Venezuela quicker than people think - and I say that as someone who is very committed to staying here and doesn't subscribe to most of the negative takes people can have about SA.
There are much stricter rules now, KYC on exchanges etc. But up until 2017/2018 I'd say the tax authorities weren't paying much attention and I'd be surprised if people with money who wanted to get it out didn't take advantage.
Does KYC on exchanges stop you from taking your money out of the country if you earned it legally in the first place? I'd think that the process would go like this:
1. Transfer the majority of your legally earned savings in rand, on which you have already paid taxes, from your South African bank account to a South African coin exchange, using it to buy Bitcoin, or Dai, or Ethereum, or whatever. Since this is white-market money, KYC should be no problem, right?
2. Transfer your Bitcoin (etc.) to a wallet or wallets you control, maybe with multi-signature authorization, maybe using an Electrum seed phrase, etc. Presumably this is what an exchange is for, right? Buying Bitcoin and then sending it somewhere.
3. Move to New Zealand or the Netherlands or wherever your new job is.
In 2017/2018 people could just go to a bank, or one of the many foreign exchange companies that operate in SA, and transferred their money anywhere in the world, legitimately. Exchange controls have been largely done away with for individuals.
Interestingly I wouldn't say it seemed so. AIDS devastated the political base of the politician in question and people who fought for the right to treatment were also politically popular. I think it may have just been a strange ideological bent in a specific set of political circle. Thankfully these ideas and policies have been pretty much entirely consigned to history now. The consequences were terrible though, nearly a million children were orphaned because of both parents dying of AIDS. I can't find a specific source to cite a specific number, they all reference much higher numbers across the whole Southern African region.
Exchange control has been somewhat relaxed compared to when I'm guessing when your parents left. It used be insanely punitive. Provided you have up to date tax clearance I think you can now take R11m out the country per year. So approx. $600k per year. So people with a higher net worth than this who are leaving will have to a take a few years to fully financially emigrate, but it used to be much more complicated and restricted. If you have a substantially larger net worth you can also negotiate with the reserve bank! Famously Mark Shuttleworth - the Ubuntu linux founder - had a series of big court cases litigating some of these rules. He sold Thawte for approx $500m(?) to Verisign while South African but then moved to the UK. It's still a very unusual thing and foreigners are often surprised that a country with western style democracy has some China-style exchange controls.
Due to how long these power cuts have persisted a lot of businesses, industry and the middle class & up have almost habituated to the levels up to 4. Shopping centers have generators, business parks have full solar and retail stores have battery backup. For instance a local clothing chain (Foschini) installed 300+ Tesla powerwall setups so that all their locations can be totally uninterrupted even with 2.5/5/7.5 hours per day of power cuts. Cell towers, fiber infrastructure, hospitals, even traffic lights at busy intersections all have battery backup these days.
The reason this announcement is making the news is because levels above 4, like the two weeks or so of stage 6 we recently had are much more problematic. You start to run into issues where cell tower batteries can only charge like 80% back up with the number of hours powered per day - and so after a few days they no longer have enough charge to keep up with the interruptions and go offline, disrupting communications & internet access.
Additionally the provisions heavy industry has made over the years to deal with this become insufficient and you start to lose shifts and thus there's a lot of evidence the economy is very materially affected at these levels of cuts.
Of course the real weight of this crisis lands massively on the poor and disrupts job growth when it's desperately needed, curtails foreign and local investment etc. To discuss how parts of society can easily function with the lower stages of power cuts is not to miss how insane this all is... A society of 60 million people has largely stood by while this has happened for approx. 15 years now. And it's not like this is a matter of a poor nation without the ability to invest - approximately $40 billion USD has been spent by the power utility just in capex alone in this period - and afterwards they are producing less power than at the start... Quote from a local article: "It means that Eskom destroyed 46 GWh of power generation per R1 billion spent on increasing its power generation." [1]
> Of course the real weight of this crisis lands massively on the poor
Yes, the poor shoulders this crisis more than the minority non-poor. But, it is in their power to fix it, because it's the masses of poor that have been voting the same government into power repeatedly for almost 30 years.
What would you have us do? Revoke their voting rights? They vote for more poverty every single time, and there's nothing anyone can do to get them to change there minds.
> What would you have us do? Revoke their voting rights?
This is easy to say as a non-South African, but the results of your elections seem to be highly regional[1], especially around Cape Town v.s. the rest of the country. If you then compare that to South African power stations[2] you can see that they're clustered around high population regions.
Then you have the SAPP[3] where nations in Southern Africa have interconnected grids. E.g. Namibia[4] is impacted by South Africa's blackouts, but not to the point of their own supply shortages mirroring Eskom's outages, and they're planning to become independent.
So if a country of 2.5 million to your north can run their own semi-connected grid, can't parts of South Africa form their own local experiments in grid management using their own tax base?
I've got no idea how hard that would be to pull off politically, but presumably easier than "convince the entire country not to vote for the ANC", or "full independence for the Cape" etc. We're only talking about energy infrastructure.
I'm assuming that the need to recharge all those batteries means that, when the power gets turned back on, usage spikes very rapidly, making the problem worse.
Since those batteries aren't 100% efficient, a fair amount of this power is probably being lost to the batteries themselves.
Absolutely. That said, the bigger effect is actually from geysers since almost every house has one whereas batteries are not as widely spread. As the power comes back on the geyser will suddenly draw substantially since the temp will have fallen during the scheduled cut.
Accordingly there have been big govt. subsidies for geyser timers to put on your DB and solar geysers to try reduce this effect. Big information campaigns about not running the geyser all the time etc.
The consequences can be substantial, the city electricity depts. have to continually deal with substations and local transformers blowing up (literally, in an explosion, I've seen the aftermath!) because of the demand surges. Some areas are exempted from the scheduled cuts in my city to preserve older infrastructure.
Additionally, insurance companies report big spikes in claims from devices being damaged due to the unstable power as it reconnects. In my house everything is behind varying levels of surge protection, and interestingly I actually have SA made surge plugs that don't pass power through for the first 5 minutes after powering back on. This way my fridge compressor won't be damaged by unstable power (e.g. sudden substantially lower voltage, or a surge) as the scheduled cut ends.
Yes. Most houses in SA have electrically heated water stored in a tank called a geyser. There are other options - some apartment complexes have central heat pump hot water, some houses have on demand heating via gas - but the most common is something like a 100/150/200 litre insulated steel tank in the roof that stores hot water and regulates it to 60 degrees C via thermostat.
> Between 2007 and 2021, Eskom invested R680 billion to increase its generation capacity. However, after this huge investment, Eskom produced less power than when it started.
The power plants started in 2007 with initial budgets of R79 billion and R81 billion and were due to be completed in 2012 and 2014. Neither are fully operational, produce far less than the design capacity of 4800MW, have significantly overrun their budgets (R145 B and R161 B respectively), and require another R33 B to finish! Is this all corruption or ???
edit:
Here's another article: https://archive.ph/LctJi . tl;dr: mismanagement, corruption, and a very long history of pricing power below cost and borrowing to cover. Plus handouts to inefficient coal suppliers creating that bad cost structure that wasn't passed on to buyers.
If they already have the infrastructure they should just skip ahead to 100% solar/wind power with no base load infrastructure. Storage/batteries at the endpoints makes base load redundant and wasteful.
Yeah all that batteries do is time-shift power usage. If there's an overall shortfall of power generation, batteries don't really help on a systemic level.
And every little business having its own diesel generator is just like building more power stations, but much dirtier and less efficient...
Exactly. I've had conversations with friends about how much less effective load shedding must be now compared to when it started because of the proliferation of battery backup. At the beginning, an two hour cut would have reduced total GWh used substantially. But now, as soon as the cut ends demand will spike as batteries charge. Without data on just how many batteries there are it's hard to work out at what point an additional hours cut will be required!
Of course it's not the biggest crisis because grid-level electricity usage spikes overwhelmingly at morning and evening peaks. So if you can use the power cut schedules to shift demand away from these peaks, even if the batteries reduce the efficiency a bit, you're still having a substantial effect on the required peak grid power.
The problem is that not everyone can afford battery backup, due to the poverty in our society the country basically has to have a reliable base load. Coming from the sections of society where everyone has solar, inverters, datacenter style lipo UPS in their houses etc. it's also been interesting to me how inefficient storage at the endpoint is. People are spending R300k ($17k) on batteries and inverters sized to their houses' peak load, but 90% of the time they could actually get by with radically less. I read on HN about a company making a smart Distribution Board for houses - seemed like a really good idea based on this. If you can intelligently manage load you can cut your off grid setup cost substantially at minimal inconvenience.
This whole thing sounds like an astounding market failure. Many can buy their way around society's inability to deliver (even quasi-) reliable electricity, but just wow.
I'm not sure there even could be 200+ currencies? There are only 193 members of the UN and many will share either the Euro or the US Dollar as their currency. E.g. countries like El Salvador just directly use Dollars and don't have their own currency.
So it's either referring to how many pairs they support or the marketing is over reaching a fair amount...
I don't like being negative on HN - but this doesn't feel like a good faith Show HN.
The product isn't available to use - it baits you into putting your email address in but then just tells you that you've been added to a waitlist.
Secondly, there are so many APIs like this. There are a few that are reliable and have been around for years - but there is an endless churn of new ones created, barely maintained and then abandoned. What is different about this one? There doesn't seem to be anything new about it or any specific reasons to think it isn't just yet another cloned SaaS product being "growth hacked" on HN.
We didn't mean to make it feel like a bait, we'll make it clear that it's a prelaunch. We'll correct that right away on the post and the website.
If you want me to unsubscribe you let me know.
And about your second point: Our data is more accurate and we have better customer support.
I know there are many products in this market, but it's more convenient for us to have a successful product than to start and stop with new things.
If you'd like to get to know us, we're Zyla Labs, and have already built two products like this one.
I've experienced exactly the same as you both except all the way back in 2015 and so I'm going to offer some unsolicited advice in case it's helpful. I had never heard of panic attacks before I got one, had never worried once about my mental health etc. and so I also ended up at the emergency room convinced my death was imminent.
Considering my healthy history my doctor and I agreed to try deal with it on a lifestyle level. I did meditation, yoga and revised my diet. I became more healthy but still had the panic attacks. We then stepped this up to therapy which I did for a year but still had the panic attacks. They were totally random and incredibly draining. My life & work were seriously affected and so I eventually followed the doctors advice to consider medication. Saw a psychiatrist and started the most basic SSRI at the minimum dose for panic disorder. I had a few attacks during the first two weeks and then they just stopped entirely. 100% completely. Haven't had one since.
So - my advice. If you are seriously struggling with panic attacks on a continuing basis despite a reasonable level of lifestyle interventions please don't do what I did and basically resist trying psychiatric medicine because you're healthy, successful and happy in your life and can't see a "legit" reason to be on meds. It felt like a much bigger intervention to me than it really is. I know for some people dealing with this sort of thing isn't this easy but for a lot it seems it can be.
(Also I don't blame my doctors at all, I always felt well informed about the options available to me. Obviously in retrospect with the way my life was affected meant I should have seen a reason to try meds sooner. At least the year of therapy was good for me even though it didn't stop the panic disorder!)
In my case I tried to convince my therapist to prescribe medications, but he resisted. I mean he more like advised me to try CBT way and only fallback to pills in case of failure, because they only serve as a crutch if your thinking process went wrong. It just happens that some people need this crutch temporarily and will be fine later by themselves. After 4-6 sessions I picked my PAs apart without any medications, but stayed to fix my other issues for a year. So ymmv, I guess.
I wonder if something like St Johns wort would be enough to keep the panic attacks at bay if the SSRI is so light. Not that in your shoes I’d want to risk a switch after years of success. But it might be a good thing to try for someone who is hesitant to be prescribed.
Just wanted to add here for anyone considering St. John’s wort - it has a ton of negative interactions with lots of very common drugs, so check to make sure you aren’t already taking something that will interact with St. John’s wort. Ask your doctor.
For example, it can make birth control pills fail, allergy meds build up in your system, and serotonin build up if combined with another anti-depressant.
