That's not the only issue; there's also a lot of compliance issues that having a hosting company can take care of. There's whole sections of PCI and HIPPA compliance that you can just write off as "not our problem, talk to AWS".
Theoretically, it isn't. In actuality, and in our experience, there are a lot of compliance standards where just saying "we're on AWS" gets you 90% of the way toward acceptance. Its mostly buzzword compliance.
That's just not true. Most of PCI compliance is documenting practices and operations. Have you even completed all various levels of compliance? Or have you just done one level?
The difference is between "Ok nerds, log in your eve clients, get on mumble, and undock and press F1 to shoot this guy. Someone pull up the map on Dotlan so we can see where we're going. Someone ping me on Jabber when you found the hostiles." vs. "Capsuleers, please board your spaceships, and prepare to undock and fire your weapons. Gallente pilots, break off formation and assist the Logistics wing!"
I'm in Test Alliance Please Ignore. I was sitting on coms when this all went down - The Judge stole everything not nailed down, flipped the citadel to Goonswarm, and everything went to hell.
Some background: TEST and Co2 have been best friends for about a year and a half, until recently, when (there's some one-sided propaganda in this statement) the Co2 leadership (really just GigX) decided that having friends wasn't as good as shooting everyone. So, Co2 and TEST reset standings to neutral or hostile, and commenced fighting.
Goonswarm and TEST have been, at various times over the past 10 years, best friends, bitter enemies, and - where we are now - sort of "frenemies", where we are not friendly, and we shoot each other, but we also don't invade each other's space, and we're more likely to fight together against common enemies in big fights.
So... back to last night...
TEST quickly organized a fleet of space-haulers to bring them Test Cultures (an in-game item that we jokingly have claimed as our own - http://games.chruker.dk/eve_online/item.php?type_id=2319 ), and tell them that, while we didn't like GigX, we had no problem with most of the Co2 line members and they were welcome to evacuate their assets safely with our help.
(times in pacific)
(8:44:29 PM) pleaseignore.com:
Situation developing:
The Judge stabbed GigX in the back. The 68FT Keepstar now belongs to Goonswarm. Many fortizars across Impass
belong to Test. This is a huge blow to Circle-of-Two and we hope their line members can see the writing
on the wall for this war now.
For now, we are running an aid flotilla, in part for the memes, but in part to sincerely extend the
olive branch to the line members of Co2 who remember when we were good friends. Feel free to join the
flotilla and bring a hauler with Test cultures to 68FT. We want to offer them our support, for the shit
they don't want to asset safety, because we aren't total shitheads. (I'm speaking for other people
because I'm totally a shithead)
The war isn't over, but we just got a huge boost. Be ready to burn GigX's sov. Be ready to fleet up and
finish off our front, so we can help the allies who have been showing up for us.
#### SENT BY Farmstink to All online test @ 2017-09-12 03:44:29 EVE Time ####
Goonswarm, though, hates Co2, and wanted to come and screw with them, now that they owned the big space citadel where all of Co2's assets are. Well, TEST thought that would be funny, too, so I and another titan pilot created a chain of warp-bridges to help Goonswarm get to the Co2 main system as quickly as possible, so that they could play with their food.
(8:53:30 PM) pleaseignore.com:
Also, this is kind of a fantasy moment for goons right now. We will be bluing them temporarily and
allowing them safe passage through our space while they play with their new food for the next
week or so.
#### SENT BY Dran Arcana to All online test/allies @ 2017-09-12 03:53:30 EVE Time ####
At one point, we thought that GigX had managed to disband the alliance entirely - which would have dropped all of Co2's sovereignty and left their space wide-open for the taking... which would have been a long night of work for us.
(10:31:48 PM) pleaseignore.com:
GIGX DISBANDED CO2
WOT
#### SENT BY Lomgrim to All online test/allies @ 2017-09-12 05:31:48 EVE Time ####
(10:32:17 PM) pleaseignore.com:
Time to toast boys. Get in fleet 1 mumble, now. Impass is free for the taking and we're fucking taking it.
#### SENT BY Xiaodown to All online test @ 2017-09-12 05:32:17 EVE Time ####
But that was a rumor - info was coming fast and loose for a while there. What ended up happening was just that The Judge was twitch streaming Co2 Alliance Chat, and when GigX got on, he made real-life threats against The Judge. Which, I mean, the rule is leave it all in-game; shooty-shooty-lasers at people in game, but have a beer at fanfest. Anyway, his twitch stream is here: https://www.twitch.tv/videos/174199105 but it's long and boring if you don't play eve. I don't know what timestamp the GigX threat is made, but here are some screenshots: https://i.imgur.com/2vhedbl.png (Baekkel is an alt of GigX), and https://i.imgur.com/g966goh.png
I don't understand the giving up of the Keepstar to Goonswarm. Was it not The Judge's intention to take over CO2, but just to screw it over as best he could?
Im not personally aware of who the The Judge is, but I'm assuming they were a high level director in CO2. The only way you could take over a Corp is to start a vote to elect a new CEO, and the to elect a new alliance leader you'd have the get the majority of CEOs to change their vote for lead corporation. Since there is no way for The Judge to the over CO2, the best thing they could do is take everything that isn't nailed down. There is no way The Judge would have the time to unanchored the keepstar and get a freighter there to safely extract it, so the only possible thing left was to meme CO2 and give ownership over to The Imperium.
> While I love reading Hacker News posts about the amazing infrastructure at successful companies, I worry that these discussions may encourage an over-emphasis on perfection and scale.
God yes! I read all these blog posts about people's amazing automated deployment systems that use 17 different technologies where they have F on top of E on top of D on top of C on top of B on top of A on top of Kubernetes on top of Docker on top of AWS, and it's like, A.) When did you actually do any, you know, "work" - the stuff that you can charge clients for and make money? And B.) What's going to happen when some company or someone releases a patch or security update for any of the 7829271 applications in the stack that breaks everything?
You know what we run? Linux. On AWS. Using chef - although every community cookbook I ever look at makes me less sure that that was the right call (most community cookbooks make me think suicide might be the right call).
I mean, "apachectl graceful" has existed for 20+ years. Sending a graceful (USR1) to apache will cause it to re-read its config, close and re-open log files, and send a signal to all children that they should exit after their current work is finished. If they have no work, they die immediately. New children are created under a master process that has the new configuration.
I know that HAProxy is not an apples to apples comparison with something like apache, but I don't see how something similar would be a huge burden to add.
A multi-protocol (way more than http) load balancer with health checking just has more state than a web server. Check bug history for apache, and you'll see that modules that deal with state, like mod_security, have had issues with graceful reload in the past.
It's not that surprising to me, especially given that haproxy is 17 years old. Expectations of a load balancer where pretty light when it was invented, so the internals weren't built for hot reload.
If you can restart without downtime you don't need a hot config reload. Suddenly you can treat config as immutable and discard an entire category of bugs as well.
It wasn't going to be so much that, as a card that you could put multiple credit cards on, but that still functioned entirely like a credit card - meaning it could be swiped in vending machines, by waitresses, and everywhere that accepts cards, without the need for an apple pay or google pay or whatever NFC payment hardware.
It's for people that keep multiple cards in their wallet.
Given the shift to chip-and-PIN, which can't be emulated like this -- Plastc claimed they could but never demonstrated it (because it's impossible) -- they were way too late to market with this idea even 3 years ago.
And if merchants are going to roll out new POS hardware they might as well jump to NFC as it leapfrogs cards on convenience. And security, if your device implements tokenization and fingerprints-instead-of-PINs (like Apple Pay and others). Also it's built in to lots of phones and watches now.
I don't know what was promised by Plastc exactly but I assume you need to register your card numbers somewhere (like with Apple Pay) and then when you use your Plastc card to pay (with chip and PIN or not), their back-end issues a payment transaction using the selected card. Am I wrong?
Over here in Europe we have Curve that does exactly that, without the fancy hardware: https://www.imaginecurve.com
Yes, that is not what Plastc was. Plastc was like copying the data from the front of your card and displaying it on a different one (mag-strip included).
Curve has its own card number. The closest thing to Curve here was a card called Wallaby. It somehow redirected charges from one card to another... I think they were getting creative with the processing rules and got shot down. Not sure how Curve does it exactly but I'm skeptical of their long term viability. Either they're similarly creative or they are acting like a merchant and recharging every transaction and eating some interchange. Maybe they get away with that more in Europe where interchange is low but it's still a net loss.
Anyway Plastc was about trying to actually emulate a card. All this has been leapfrogged by Apple and Samsung Pay.
As far as I understand, Curve is viable due to the fact they issue corporate cards (you can see "for commercial use only" on their cards).
Europe has capped interchange fees to 0.2% and 0.3% for debit and credit cards respectively. However, three-party schemes (like Amex) and corporate cards are exempt and charge more. But you're right, I'm not sure how MasterCard is happy with that (since the product is clearly targeted at consumers).
I see, so they're charging merchants high corporate card interchange and then recharging the consumer card. Yeah, that's sketchy. I wonder if they're pocketing the difference.
> Given the shift to chip-and-PIN, which can't be emulated like this -- Plastc claimed they could but never demonstrated it (because it's impossible)
If they'd had a whole lot of market share already, maybe they could have persuaded issuers to provide private keys in some way that could be imported into the Plastc device (which might itself then have a tamper-resistant smartcard processor like the one in the individual chip cards).
Horrible security and wouldn't work for the most secure chip and PIN cards which never share their private key. Apple Pay's approach is better: issuer assigns a unique number to the device along with its own authentication scheme, rather than trying to emulate another.
Yeh, this always seemed doomed outside the US, which in general appears to be ahead of the US for card security. Especially in AU, I don't even really go to bars with cash any more, I just use contactless payment with my card literally everywhere. Coffee, lunch, bars, etc. - pretty much everywhere has paypass/paywave now and has for years.
Even three years ago, the writing was surely on the wall that they were exploiting weaknesses in old tech to pull off their product, so there was an obvious sunset on their ability to operate their core product. Why would they invest in something that already has an end date on it?
Even though I have a contactless card, I still prefer cash because it reminds me how much I'm spending. It's all too easy to tap away $40 several times a month and wonder where it all went.
I found the opposite was true.. Having cash in my wallet meant I didn't know where it got spent (not specifically in bars though, just in general so maybe we're talking about different things).
With tap + debit, I can track all my individual transactions via services like Mint, plus my bank sends me an email on every transaction that happens to my accounts, so I have redundant logging of where all my money goes.
From the looks of it, Bunq is a bank. I didn't see the product you are talking about but I suppose it may be like a payment processor forwarding orders to third parties.
Plastc is a purely technical solution, it has a rewritable magnetic strip so you can copy any card to it, not just payment cards.
You can't do it with chips because chips are designed to be impossible to copy. They have secret keys inside and I don't think card providers are willing to reveal them and weaken their security.
IIRC Chip and Pin uses a challenge-response type set up with public key crypto to authenticate your card with your bank. You cannot clone that, as processing is done on the card - not the reader, and the card never reveals it's secrets.
"To rip it off, someone would have to get into the physical chip circuit and manipulate things to get your bank information. Not only is this level of data surgery really difficult, but it also requires a set of high-tech equipment that can cost north of $1 million."
That's presumably " … cost north of $1million in 2016, rumoured to have been done in 2017 by Bunny with $10 worth of decapping acid and a borrowed STEM revealing implementation details and flaws, then with a demonstrated contactless remote exploit working on a RaspberryPi with a $12 USB TV tuner and a hand-wound antenna at CCC or DefCon in 2018"...
So, not $10 if you needed a borrowed, expensive piece of equipment. It is not possible for most of us to jaunt out and borrow a fancy microscope. That only underscores the "expensive equipment required argument". The contactless payment hack is much more practical, though. (Oh you also need far beyond average hardware hacking knowledge and skill, which itself is generally more difficult to acquire and learn ).
And as for "far beyond average hardware hacking skill", I suspect if you got Bunny Huang, Michael Ossmann, and Travis Goodspeed together and curious - this might well be broken in a single weekend! ;-)
Your link just describes decapping and reading the state of mask programmable PROM. Reverse engineering a secure IC and coming up with an exploit is several orders (like 10) of magnitude more involved.
Great point. So for Plastc to work, all you'd have to do is mail in your card so they can treat it with acid and run it through a scanning transmission electron microscope, destroying it in the process.
I was always bemused about this idea that putting multiple credit cards on a single physical card is some great feature that a lot of people want and would pay money for.
In my experience, having many credit cards is a complete pain to manage, because for each card you need to monitor the statement, set up the automatic payment (or do it manually), change the address when you move, etc, etc, and no sane person is going to want to do that for lots of cards. The fact that it also fills you your wallet is really the least of the problems you'll have.
It's nice to have one card as a backup, and some hardcore churners / points collectors are going to want 5 or 6 cards and use different cards for different categories... but they're real niches, it's not something that a mainstream, mass market consumer is going to want to manage.
I have a Curve card, which is essentially this. I paid for the beta and got a free wallet out of it (a nice Tumi one) and £50 in reward points so overall I've actually profited from it. There isn't a monthly charge (yet). Curve is a prepaid Mastercard that acts as a middle man. You spend, it charges whichever card is currently selected. You get extra benefits like zero fees abroad, cash withdrawals, etc.
There is also a reward program which is OK if you shop at the places where you get points, but it's no different to signing your card up to a cashback program like Quidco. There are a few big names like Boots, Waterstones and B&Q where I go reasonably often. https://www.imaginecurve.com/curve-rewards-web/
The main advantage to me is security. If your card gets stolen, you can revoke it within minutes without worrying about someone having access to your debit card. Because it's linked to the app, you can see immediately when transactions happen. You can do the same with a debit card of course, but it's an added layer of obfuscation.
Originally it was supposed to be an amazing loophole for American Express users. You could spend Amex everywhere including on cash withdrawals and rack up points like nobody's business. Then Amex pulled out, so that was a bummer. A lot of people on HeadForPoints got very annoyed and felt like they'd been suckered in. To be fair to Curve, they compensated everyone.
I believe you can still use it to withdraw cash on credit cards though, so there's still a way to manufacture points spend.
I use mine daily and while it's fine 95% of the time, there have been sporadic occasions where it's been declined. You can't use it at pay-at-pump petrol stations, for instance. It's not reliable enough yet that I can go around with only a single card in my wallet (which sort of ruins the idea of it). It's really useful for traveling abroad though.
So, for reference, I'm a guy who has multiple cards. I have two debit cards and a credit card.
The credit card is a credit card (and I mostly use it for company purchases that get reimbursed).
The two debit cards correspond to two different checking accounts. I have a "main" checking account that my check gets deposited into, and another account that I use for, mainly, online purchases or recurring subscriptions like netflix or anything where I am worried about card security. I transfer money into the account, then make the purchase, never leaving more than a hundred bucks or so floating in the account. That way, I limit my own pain in the event that someone gets hacked or my card gets leaked online - I'd much rather not be able to pay netflix than not be able to pay rent.
At one point, I also had a home depot card when my wife and I were fixing up our house in preparation to sell it.
I have a wallet that functions effectively as my phone case and wallet in one, and reducing the number of cards I have to carry around to - potentially - drivers' license, one payment card, and clipper card would be fantastic.
About a decade ago, I took a sudden flight to a small airport in Colorado due to an emergency at work. When I arrived, I had nothing but a Visa, and a few dollars Canadian.
I was frustrated to find that I couldn't get food or call my work, because Visa wasn't accepted anywhere. The highlight was trying to make a call on a payphone and talking to the operator. When I asked if I could use my credit card to make a call, she listed off MasterCard and a half-dozen credit cards I'd never heard of. "How about Visa?" "No, sorry."
I will forever remember the janitor for lending me his cell phone and getting me out of that mess. After that, I made sure I carried multiple cards.
This. I ride not-particularly-reliable motorcycles. My personal philosophy is to always have access via at least two different financial institutions and their computer networks to sufficient debit/credit funds to get myself and a possibly broken bike home from the most remote place I could possibly end up on a trip.
(I did once end up having a tremendously fun weekend in Melbourne thanks to a broken down bike and a weekend long outage of my then only bank's ATM network - but it would have been even more fun with more than the cash in my pocket and relying on friends for somewhere to sleep until a branch opened on Monday morning...)
On the London transport network you've been able to pay at the barriers with a contactless credit card in the same way as you would use an Oyster card for a couple of years now. It's weird that other transport networks haven't adopted it yet
Such a system has been in use in Singapore for more than 15 years.
Vienna does away with all of this fuss by simply doing random checks, issuing on the spot fines for fare evaders, and not having to manage the expense of turnstiles etc.
I kind of like the barriers, if you are on the station platform, then you have definitely paid. For me, the stations that don't have barriers are more stressful, as you run the risk of forgetting to tap your card (or the tap not registering) and incurring a maximum fare.
In Nürnberg, you can either buy paper tickets from ubiquitous automats or in the local transit app (with a pre-configured credit card or current account). I love it.
Local bus drivers will sell tickets, but there are also ticket validation machines in the middle of most busses. Local trains and subways are trust basis, but I've seen more random ticket checks recently. Ticket checks are more frequent on long-distance trains, but still, no barriers. I have yet to travel on local or long-distance trains in Germany or Austria that aren't trust-based.
Berlin has a similar proof-of-payment system, where there are no physical barriers between the street and train platforms. Most people have multi use tickets; you can buy week, month, or year long tickets.
I definitely prefer the proof-of-payment setup more. London (which has turnstiles) can get crazy backups with people trying to tap into / out of the system, and the Berlin system lets you engineer more convenient and therefore customer-friendly stations -- no need for mezzanines, paid vs free elevators, and the like.
That's what caused me to get stopped by the police my first day in Berlin a few years ago. I wanted to go to a board game store, so I looked one up on Google in the hotel lobby, walked to a u-bahn station, paid a couple euros for a ticket, walked downstairs and got on a train.
And promptly got pulled off the train at the next stop for not paying.
They were very understanding when I explained I had only been in the country about two hours (and showed my passport stamp as proof). They explained that there are machines to punch holes in the tickets... I did think it was strange that there weren't any turnstiles, but I figured, maybe you run into them on the way out or something (and I had only been in a foreign country two hours, everything was strange).
FWIW the police does not perform ticket checks in Berlin. Traditionally it was done by employees of the public transport company and now increasingly by third party contractors.
Some stations in London can be so busy, that they'd need some way to prevent people from overcrowding the platform even if there were no barriers.
It's pretty common for smaller stations near major football stadia to have the barriers controlled manually after big games -- totally open for some minutes, then completely shut until the platform has cleared.
(London used to have a proof-of-payment system on the articulated buses, since you were allowed to board at any door, and it still exists on the trams.)
In London, the barriers automatically charge the maximum fare if you forget to touch in or out of the system. It helps because you can jump the barrier to get into the system but you never know if ticket inspectors/security will be present at the station where you plan on alighting. The penalty for being caught jumping the barrier is significantly higher.
Caltrain (the heavily dysfunctional system serving a minor portion of the San Francisco Bay Area) is similar, but a little less convenient --
Tag in and forget to tag out, you pay the maximum fare.
Forget to tag in, hope you don't get checked. There is no option to tag out without having tagged in. (Although I've seen this happen to someone, and he was just given a warning.)
Get checked without having tagged in, pay $400, which is about 30 times the maximum fare.
Or, looking at it from a different perspective, the fine is maximum fare by definition. Then you can pay the posted fare or decide whether the expected fare based on fine x probability of capture
My dream for something like this is having everything on one card would let you manage the complexity a lot better.
Having one single interface to pay all bills and see spending breakdowns aggregated across all your cards, recommending the optimal order to pay down cards (if you are going to carry a balance).
Then on top of this, automatic fallback in case one card is declined, new numbers for every online transaction (not tied to a single provider).
You could even layer on top a simple scripting language to choose the card to be used for a given transaction. E.g. Use my rewards card when buying gas, but if I've maxed out the points then use the lowest interest card. Or round robin the cards to spread out the balance.
Or imagine a group outing where everyone can all combine into a single virtual card, with the ability to distribute charges however you want on the back end.
There are a ton of cool possibilities available (albeit very challenging to get right). And in theory, many people have at least 2 cards for redundancy purposes. Add in no fee rewards cards (Target, etc) and it will add up even for non hardcore points collectors.
One of the Plastc alternatives, I can't seem to find it now, was a device like Plastc, but also a yearly subscription fee, because they promoted the benefits being that the card would automatically switch between your available cards to optimize rewards.
At a gas station you would use the card that had the best gas points. At the grocery store it would switch to the card with the best grocery points...
I was never interested in it, because I don't really want to manage many cards, but I can see the appeal in it.
This sounds like a genuinely useful technology that will sadly never make it past the Big Credit gods. Card providers seem to make their profits when you're not managing your card usage so intelligently.
> It's nice to have one card as a backup, and some hardcore churners / points collectors are going to want 5 or 6 cards and use different cards for different categories... but they're real niches, it's not something that a mainstream, mass market consumer is going to want to manage.
I don't think this is the case. I think the average person has several credit cards (and is probably in the red on all of them).
On the other end of the spectrum is the financial-savvy user that also has multiple credit cards: One that gives them a gas discount, one for their Costco membership, one for restaurant cash-back, one for general purpose cash-back, one that waives the foreign currency conversion fee, etc.
> one that waives the foreign currency conversion fee
I have a credit card for precisely this purpose (it's also general-purpose cash back). It's not as useful as you might expect -- most places in China that accept foreign credit cards do so only through an agreement with a chinese bank that imposes a ridiculously disadvantageous exchange rate. (But there's no "conversion fee" -- the bank generously bills you in USD. How nice of them.) They don't seem to be able to bill your card in yuan directly even though the card supports it.
On the other hand, my debit card from the same bank that also has no foreign currency conversion fee works perfectly to get cash from ATMs.
Quite possible, but when I checked it was something like 0.5%, more than an order of magnitude better than the "convenience" of having a chinese bank bill your card in USD.
I asked them (my bank) about it, got a response I don't remember, and decided I could live with 0.5%
> having many credit cards is a complete pain to manage, because for each card you need to [...] change the address when you move
Why? I did that once, and it was a huge pain. But the cards work just as well no matter what they think your address of record is. Now I just don't change it.
So you use your old address as your billing address? Aren't you worried about the new resident of your old address receiving official communications intended for you?
In USA, you can file change of address forms with USPS. Any and all financial firms will get that change within a few months, and over that period USPS will forward automatically.
What I don't understand is the need for multiple credit cards. I have a bank card (an EC-card) and I haven't used my credit-card since a month (other than automatic transactions).
Yes you are sensible. But most people are not, they live in debt and shuffle it between the various cards. There are also people that just like collecting these things so they have a wallet full. Five cards should cover the personal, marital and work requirements in debit/credit flavours.
Why would you ever use a EC card instead of a credit card? Credit card companies literally pay you to use their cards. Why turn down that money?
I carry two credit cards because one is American Express and pays me more but fewer places accept it, so I have a backup Visa that pays me a bit less but everywhere accepts it.
A lot of merchants, like small hotels and restaurants, in Germany and Austria flat out won't take credit cards, because of the expense. They often will take EC cards and have the chip-and-PIN readers for it.
Americans never believe this until they've made a frantic run to an ATM after hosting a big dinner out or when they want to check out of that charming Gasthaus in a ski town.
When I first got over here in 2004, Media Markt (large electronics chain) didn't take credit cards, but did take EC-cards.
The EU imposes a maximum 0.3% fee to the merchant for accepting a credit card. This is to avoid any unfair competition between cash and cards, and between poorer people not eligible for cards that get cashback.
The UK used to have cards giving 2-3% cashback, sometimes more, but they've all been withdrawn.
I don't bother with a credit card, since it's one less automatic bill payment and one less statement to check.
I have a card that gets me miles instead of cash. I did the maths and worked out those were better value for what I wanted. Again, they're just free miles and I'm always flying with the airline anyway so I'm never making extra trips in order to spend them.
The genius of the system I use is that I have multiple credit cards (American Express, Visa) but actually they all just feed into the same account with the same bill to make managing them simple.
Pretty much. And 3-4 other, very similar startups- most have ended the same way in failing to get anything to market. Dynamics has been around for a while with a similar product, but B2B sales strategy, though they don't seem to be getting much traction. Cool idea on the surface, but clearly has some fatal flaws. Just funny to me how VCs are willing to fund essentially the same company that has failed multiple times before... though in this case, maybe their VCs actually did the diligence and that's what led them to back out (total speculation).
In Canada most payment terminals have the NFC hardware built in, it's just a question of whether it's actually enabled or not. It's very rare these days for me to see it disabled. I've used Apple Pay a lot and have never used it at a merchant that advertises it - if the machine allows tap, Apple Pay just works. I assume that Google Pay is similar.
> What This Means For Backers:
> It’s been a long road with a lot of obstacles. The support of our amazing backers has been incredible, which makes this announcement even harder. We were so incredibly ready for production in order to hit our deadlines but without capital it is impossible for us to move forward and we will not be able to fulfill any pre-orders.
Yes, the map is always the same as in the terrain is the same and the major buildings are in the same spot.
However, every playthrough, the resources are distributed randomly throughout the map (in designated spawn spots; for example, there may be 4 or 5 places in one zone that a rifle will spawn, but it'll actually spawn at most at one of them); food resources are randomly distributed; and there are these "secret bunkers" on a couple of the maps that are randomly done as well. There is exactly one per map, and the potential spawn places for them are all difficult to reach.
Also, some houses/huts/etc are generated and may not exist in all maps (i.e. there are maybe 8 "spots" where a house could be but in any given playthrough there could be only one or two with the other 6 being burnt down, inaccessible shacks), and that affects the available resources - you can go into houses and find canned goods, better clothes, etc.
The reason the map is the same is because the sandbox is only the pre-release game - there's going to be a single player campaign with a story, so the map corresponds to the story.
Also, trust me, the familiarity with the map is not a down side that detracts from game play. Much like a real survival situation, you're too busy trying to not starve or freeze to death to worry about it.
My problem with the game is the impracticality of eating as much as the game says you have to eat. If you're hunkered down in a shelter, chilling in a warm sleeping bag with many warm clothes on, near a fire, and your body temperature is fully normal, you don't need to consume 4000 calories in a day. But, in the game, it seems like 2kg of cooked deer meat will only get you through 8 hours. In a real survival situation, that should be like several days' worth of food at least.
There's lots of not-so-deep ones out there in the new "board games renaissance", too - like Forbidden Island / Forbidden Desert, Sheriff of Nottingham, or recently this year, Secret Hitler.
They take like 2 minutes to set up, 2 minutes to understand the rules, and are loads of fun even for kids (maybe not so much on the kids with the Hitler).
