Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "phone verification"
-
My current project at work: purchase verification, aka anti-fraud.
It's been two weeks, and my boss is flipping out because it isn't done. A robust anti-fraud solution. in two weeks. And he thought one week was a little much.
like, fucking really?
There are companies whose entire service is helping combat fraud. and he wants this done in a bloody week?
What makes me laugh through my tears of frustration is that the company that moved into the previous office? Yep, anti-fraud. Their entire business model is providing anti-fraud services to other businesses. They even tried selling him on it when they moved in. Bossman sales guy turned it around and sold my freaking desk out from under me instead.
But like. They're a small company: they had 9 people when they moved in, and were looking to add three more, so a total of 12 people. (I totally considered jumping ship, but their stack was too different.)
So. Bossman wants me to replace 9-12 people and their entire business in a fucking week. Yeah.
"Oh, but it's just sms verification" says he. What he also wants is the ability to flag users as fraudulent, have sticky verifications so they can't bypass them by backing out, have email checks as well as sms, have deferred verification to allow collecting required info (e.g. phone number), verification fallback, lockouts, manual admin whitelisting, admin blacklisting, and different rules per merchant and rule groups for affiliates to apply to all of their merchants, and of course the ability to customize those merchant/affiliate anti-fraud rules. But he shortens this gigantic list to "I want sms verification," despite actually asking for all of the above. I don't want to know about the mental gymnastics and/or blindfolding required to equate the two, but he's nuts.
Yeah.
All of that.
In a goddamn week.
And I get chewed out when it isn't done? Fuck off.
Go build me a goddamn 5m ft^2 castle out of basalt and marble using only your toothbrush and a rusty garden trowel, and have it done in a week. No outsourcing.
talk about ridiculous.5 -
Mac: Hello welcome please sign in
Dev: Fair enough
Mac: Oh you haven’t signed in in awhile please get get verification from other device
Dev: kk
Mac: Oh you don’t have a dev account, please sign in on this website
Dev: Hm.
Mac: In order to sign up for a dev account you need to download this app
Dev: ???
Mac: Are you sure you want to open this app you just downloaded?
Dev: Sigh.
Mac: In order to sign up for a dev account on this app you need to sign into it
Dev: For the love of god
Mac: Ok now you can build with Xcode.
Xcode: No you can’t. You have to sign in
Dev: fuck sakes.
Mac: Are you sure you want Xcode to access files on your computer?
Dev: …Yup
Xcode: Signing in isn’t enough you have to select the fact you are signed in a dropdown nested 3 menus deep.
Dev: God damn.
Xcode: Build failed please sign in to phone as well.
Phone: New sign in detected, please verify with alternative device.
Dev: Jesus.
Xcode: Build success! Pushing to iPhone.
Dev: Finally.
Xcode: Unknown error occurred. Please go to support.apple.com for help. :)
Dev: …20 -
Recovering a legacy Gmail account after receiving a notice of a blocked login.
*Tries to remember the bloody password*
*Actually remembers it*
> Sorry your password isn't enough. Your father's phone number that you used a decade ago can be used for verification though!
Google, let's get this straight. Things have changed. I know the fucking phone number and yes I can enter it, and out of sheer stupidity I did send an authentication code his way. Unfortunately however, things have changed in 10 years. I can instantly kill the fucker on the spot if I were to meet him ever again. Do you think that I'm going to get that fucking code?!
> Oh but you can try to email the code to the very account that you're trying to recover, despite the fact that you know the password for it.
TO THE FUCKING SAME ACCOUNT THAT I'M RECOVERING.
Must've taken a true genius to code that in!!!13 -
We are on a roll here people (side note, if You are joining the site, thank you but if you are using disposable email accounts at least wait for the verification code to arrive to said account):
So our most well know and belowed CMS that brings lots of love and feels to those that have to (still) deal with it, had some interesting going on:
Oh Joy! "Backdoor in Captcha Plugin Affects 300K WordPress Sites", well arent You a really naughty little boy, eh?
https://wordfence.com/blog/2017/...
Remember that "little" miner thingy that some users here has thought about using for their site? Even Yours truly that does make use of Ads Networks (fuck you bandwidth is not free) even I have fully condenmed the Miner type ads for alot of reasons, like your computer being used as a literal node for DDoSing, well... how about your "Antivirus" Android phone apps being literally loaded with miner trojans too?
https://securelist.com/jack-of-all-...
"When You literally stopped giving any resembles of a fuck what people think about Your massive conglomerate since You still literally dominate the market since alot of people give zero fucks of how Orwellian We are becoming at neck-breaking speed" aka Google doesnt want other webbrowsers to get into market, Its happy with having MemeFox as its competitor:
https://theregister.co.uk/2017/12/...
Talking about MemeFox fucking up again:
https://theregister.co.uk/2017/12/...
And of course here at Legion Front we cant make finish a report without our shitting at Amazon news report:
"French gov files €10m complaint: Claims Amazon abused dominance
Probe found unfair contracts for sellers"
More News at:
https://legionfront.me/page/news
And for what you may actually came and not me reporting stuff at Legion's Orwell Hour News™ ... the free games, right?:
Oxenfree is free in GoG, its a good game, I played like 2 months after its release and I think I heard they wanted to make a Live Action movie or some sort of thing after it:
https://www.gog.com/game/oxenfree
Kingdom Classic is also free:
http://store.steampowered.com/app/...
Close Order Steam Key: HWRMI-2V3PQ-ZQX8B
More Free Keys at:
https://legionfront.me/ccgr4 -
Other services : Please type your phone number to verify that it is you. It will be only used for verification process.
Me : Sure, why not? (Happily types in my number)
Facebook : Please type your phone number to verify that it is you.
Me : Hmmm (sees help)
Facebook : It will be used for verification process and will be visible to your friends. You can always change the scope settings.
Me : (reads as...) It will be used for verification process and will be visible to your friends and will be automatically sent to the NSA for free. You can always change the scope settings when you become the CEO of Facebook.
#deletefacebook -
!!oracle
I'm trying to install a minecraft modpack to play with a friend, and I'm super psyced about it. According to the modpack instructions, the first step is to download the java8 jre. Not sure if I actually need it or not, but it can download while I'm doing everything else, so I dutifully go to the download page and find the appropriate version. The download link does point to the file, but redirects to a login page instead. Apparently I need an oracle account to download anything on their site. stupid.
So I make an account. It requires my life story, or at least full name and address and phone number. stupid. So my name is now "fuck off" and I live in Hell, Michigan. My email is also "gofuckyourself" because I'm feeling spiteful. Also, for some reason every character takes about 3/4ths of a second to type, so it's very slow going. Passwords also cannot contain spaces, which makes me think they're doing some stupid "security" shenanigans like custom reversible encryption with some 5th grade math. or they're just stupid. Whatever, I make the stupid account.
Afterwards, I try to log in, but apparently my browser-saved credentials are wrong? I try a few more times, try enabling all of the javascripts, etc. No beans. Okay, maybe I can't use it until I verify the email? That actually makes some sense. Fine, I go check the throwaway inbox. No verification email. It's been like five minutes, but it's oracle so they probably just failed at it like everything else, so I try to have them resend the email. I find the resend link, and try it. Every time I enter my email address, though, it either gives me a validation error or a server error. I try a few mores times, and give up. I try to log in again; no dice. Giving up, I go do something else for awhile.
On a whim later, I check for the verification email again. Apparently it just takes bloody forever, but it did show up. Except instead of the first name "Fuck" I entered, I'm now "Andrew", apparently. okay.... whatever. I click the verify button anyway, and to my surprise it actually works, and says that I'm now allowed to use my account. Yay!
So, I go back to the login page (from the download link) and enter my credentials. A new error appears! I cannot use redirects, apparently, and "must type in the page address I want to visit manually." huh? okay, i go to the page directly, and see the same bloody error because of course i do because oracle fucking sucks. So I close the page, go back to the download list, click the link, wait for the login page redirect (which is so totally not allowed, apparently, except it works and manual navigation does not. yay backwards!), and try to log in.
Instead of being presented with an error because of the redirect, it lets me (try to) log in. But despite using prefilled creds (and also copy/pasting), it tells me they're invalid. I open a new tab container, clear the cache (just to be thorough), and repeat the above steps. This time it redirects me to a single signon server page (their concept of oauth), and presents me with a system error telling me to contact "the Administrator." -.- Any second attempts, refreshes, etc. just display the same error.
Further attempts to log in from the download page fail with the same invalid credentials error as before.
Fucking oracle and their reverse Midas touch.10 -
I've just noticed an app review that I've given and would fit right into the wk123 (that's the insult one, right?).
"Biggest pile of junk that I've ever seen. You have one job! To register the fucking phone number (which you could get with Phone permission) and verify it (which you can do with the SMS permission) and you should either have the user do that once upon installation or you automate it entirely so that it can run in the background! You can fully automate this, and it's not that complicated that it needs 10 whole seconds of loading time in between! Heck, this pile of crap can't even continue into the main view after entering the verification code! You haven't published the source code (and maybe that's for the best) but if it was, I'd probably immediately get cancer by viewing your crappy spaghetti code. Dear developer, please take a step back and (re)join the PC tech support guys. You have no place in the development world."
To top it all off, that app currently only needs phone permission to verify my number (at least they've done that much). So I figured, I've already gone through that authentication flow so let's remove that permission to abide by the principle of least privilege.
Except that the fucking crapp just goes through the "requires phone permission" shit again whenever that permission removal happens. Fucking piece of garbage!!! That such spaghetti code fuckers even have a job, it boggles my mind.4 -
Long rant ahead.. 5k characters pretty much completely used. So feel free to have another cup of coffee and have a seat 🙂
So.. a while back this flash drive was stolen from me, right. Well it turns out that other than me, the other guy in that incident also got to the police 😃
Now, let me explain the smiley face. At the time of the incident I was completely at fault. I had no real reason to throw a punch at this guy and my only "excuse" would be that I was drunk as fuck - I've never drank so much as I did that day. Needless to say, not a very good excuse and I don't treat it as such.
But that guy and whoever else it was that he was with, that was the guy (or at least part of the group that did) that stole that flash drive from me.
Context: https://devrant.com/rants/2049733 and https://devrant.com/rants/2088970
So that's great! I thought that I'd lost this flash drive and most importantly the data on it forever. But just this Friday evening as I was meeting with my friend to buy some illicit electronics (high voltage, low frequency arc generators if you catch my drift), a policeman came along and told me about that other guy filing a report as well, with apparently much of the blame now lying on his side due to him having punched me right into the hospital.
So I told the cop, well most of the blame is on me really, I shouldn't have started that fight to begin with, and for that matter not have drunk that much, yada yada yada.. anyway he walked away (good grief, as I was having that friend on visit to purchase those electronics at that exact time!) and he said that this case could just be classified then. Maybe just come along next week to the police office to file a proper explanation but maybe even that won't be needed.
So yeah, great. But for me there's more in it of course - that other guy knows more about that flash drive and the data on it that I care about. So I figured, let's go to the police office and arrange an appointment with this guy. And I got thinking about the technicalities for if I see that drive back and want to recover its data.
So I've got 2 phones, 1 rooted but reliant on the other one that's unrooted for a data connection to my home (because Android Q, and no bootable TWRP available for it yet). And theoretically a laptop that I can put Arch on it no problem but its display backlight is cooked. So if I want to bring that one I'd have to rely on a display from them. Good luck getting that done. No option. And then there's a flash drive that I can bake up with a portable Arch install that I can sideload from one of their machines but on that.. even more so - good luck getting that done. So my phones are my only option.
Just to be clear, the technical challenge is to read that flash drive and get as much data off of it as possible. The drive is 32GB large and has about 16GB used. So I'll need at least that much on whatever I decide to store a copy on, assuming unchanged contents (unlikely). My Nexus 6P with a VPN profile to connect to my home network has 32GB of storage. So theoretically I could use dd and pipe it to gzip to compress the zeroes. That'd give me a resulting file that's close to the actual usage on the flash drive in size. But just in case.. my OnePlus 6T has 256GB of storage but it's got no root access.. so I don't have block access to an attached flash drive from it. Worst case I'd have to open a WiFi hotspot to it and get an sshd going for the Nexus to connect to.
And there we have it! A large storage device, no root access, that nonetheless can make use of something else that doesn't have the storage but satisfies the other requirements.
And then we have things like parted to read out the partition table (and if unchanged, cryptsetup to read out LUKS). Now, I don't know if Termux has these and frankly I don't care. What I need for that is a chroot. But I can't just install Arch x86_64 on a flash drive and plug it into my phone. Linux Deploy to the rescue! 😁
It can make chrooted installations of common distributions on arm64, and it comes extremely close to actual Linux. With some Linux magic I could make that able to read the block device from Android and do all the required sorcery with it. Just a USB-C to 3x USB-A hub required (which I have), with the target flash drive and one to store my chroot on, connected to my Nexus. And fixed!
Let's see if I can get that flash drive back!
P.S.: if you're into electronics and worried about getting stuff like this stolen, customize it. I happen to know one particular property of that flash drive that I can use for verification, although it wasn't explicitly customized. But for instance in that flash drive there was a decorative LED. Those are current limited by a resistor. Factory default can be say 200 ohm - replace it with one with a higher value. That way you can without any doubt verify it to be yours. Along with other extra security additions, this is one of the things I'll be adding to my "keychain v2".11 -
For some reason, Google really, really, really wants to know peoples' phone numbers.
Of course, they say it is "only to protect us even more". But if the Twitter phone number misuse incident tells us anything, Google could change their mind at any time.
Around 2012, Google started begging people for their phone numbers upon login, but did not lock users out yet: https://groovypost.com/unplugged/... .
At some point, likely in the late 2010s, Google started locking people out of their accounts until they disclose their phone numbers. This is very unethical. Twitter already did it earlier (around 2016). Many countries' governments outlawed burner phones and people need to disclose their identity to acquire a phone number, as often under the pretext of "fighting terrorism". Surely not for mass-surveillance, am I right? ( https://comparitech.com/blog/... )
Since a few years, Google demands a phone verification for every newly created account. Honestly, that is still better than holding peoples' existing accounts hostage until they disclose a phone number, since locking people out of their accounts a while after creation causes them to lose access to their data.
Of course, people should store any data they do not wish to lose locally. Online services are not personal archives.8 -
TL;DR: Google asked me to PROVIDE a phone number to verify connection from a new device, on the said device.
Yesterdayto log into my work Google account from my personal laptop to check emails, calendars update and so on. I opened up a private navigation window, went to Google sign-in page, entered my credentials, all is well.
Google then decided to "verify it's me" and prompted me to PROVIDE a phone number (work account without work phone means no phone number set up) so that they can send a verification code to the number I just provided to make sure the connection is legit.
Didn't want to do that, clicked "use another method" and got asked to fill the last password I remember, which would be my current password thanks to my trusty password manager. After submitting, I'm prompted with an error saying I have to contact my admin to reset my password because they can't log me in with my CURRENT password.
I ain't gonna do that, so went back to login page, provided my phone number, got the code, filled in the code, next thing I know I'm browsing through my emails.
What the duck? Could have been anybody giving any phone number. So much for extra security.
Also don't care that they have my phone number, the issue is more about the way used to obtain it: locking me out of my account and having no other way of logging in.6 -
Google Business Profile is probably not meant for developers. "Help customers find your business by industry." Dev: set primary category to "Web Developer". Google: We didn't understand your category. Please select from the suggestions that appear when typing. Dev, typing: "Web D"... Google suggests: "Web Designer, Web hosting company, Well drilling contractor, Waterbed shop". Okay, Google, nevermind.
Google: "Update your customers. Keep your customers up to date about your business!" Dev clicks "add update", adds info about that customer should use different phone number temporarily due to broken phone. Google: "Your post has been removed from your Business Profile on Google because it violates one or more of our post content policies." Okay Google, at least you let me add an additional phone number on my profile without requiring to verify my primary number that I currently have not access to. Anything else?
Google: "Claim your €400 free advertising credit" Dev: clicks "claim credit" Google: "To access this Google Ads account, enable 2-Step Verification in your Google account." How to combine idiocy and deceptive patterns in a single UI: Google knows! Apart from their search engine, their unique business advantage is simple that they suck a little less than Apple and Microsoft. Sorry, not a day to be proud of our profession, once again.5 -
Guys what I want to know is how do you secure your code so that they pay you after you deliver the code to them?
So recently I was in this internship that I secured with an over-the-phone interview and the guy who was contacting me was the CEO of the company (I'm going to refer to him as "the fucking cunt" from now on). He asked me to do some OCR and translations and I managed to write a few scripts that automate the entire process. The fucking cunt made me login remotely to his desktop which was connected to the server (who the fuck does that) and I had to operate on the server from his system. I helped him with the installation and taught him how to use the scripts by altering the parameters and stuff, and you know what the fucking cunt did from the next day onward? Dropped contact. Like completely. I kept bombing emails upon emails and tried calling him day after day, the fucking cunt either picked up and cut the call immediately on recognising its me or didn't pick up at all. And the reason he wasn't able to pay me was, and I quote, "I am in US right now, will pay you when I get back to India." I was like "The fuck was PayPal invented for?" Being the naive fool that I was, I believed him (it was my first time) and waited patiently till the date he mentioned and then lodged a complain in the portal itself where he had posted the job initially. They raised a concern with the employer and you know what the fucking cunt replied? "He has not been able to achieve enough accuracy on the translations". Doesn't even know good translation systems don't exist till date ( BTW I used a client for the google translate API). It has been weeks now and still the bitch has not yet resolved the issue.And the worst part of it was I got a signed contract and gave him a copy of my ID for verification purposes.
I'm thinking of making a mail bomb and nagging him every single day for the rest of his life. What do you guys think?7 -
This “Auto save” feature in the latest app version is buggy..
-> new rant
-> prefilled with previous rant..
Anyway, here my actual rant begins.
Apple, go fuck yourself, seriously.. put your trillion dollars way up your arse...
Moved to Ireland, want to switch country..
“If you want to switch countries, cancel your Apple Music subscription first”..
so be it. Cancelled it..
“Your subscription will be cancelled in 28 days”.
FUCK YOU, YOU COCK SUCKING BASTARDS!!
I NEED TO SWITCH THE STORE TO BE ABLE TO DOWNLOAD BANKING APPS AND STUFF LIKE THAT..
But ok, I’m screwed in this regard..
Suddenly iMessage stopped working. This is kind of a big deal because I have unlimited data but only unlimited sms to Irish numbers and I need to communicate with people in Switzerland and Germany..
Internet works so I try to turn iMessage off and in again. But that doesn’t work.. i can only reactivate iMessage via WiFi.
So I go back to the hotel, reactivate iMessage..
“Verifying imessage” >> google..
Leads me to an Apple forum: “the verification of iMessage can take up to 24h”.
Are you fucking kidding me? I’m in a new country and rely on this overpriced shit..
Fun but sad fact, I have a second phone with me. IPhone 4 with iOS 7 and that thing WORKS!!
If this is where the future is going we’re all gonna die very soon.. plains crash, power plants explode but hey, at least they have data about it and it looks shiny. That’s all that matters..
Another reason to switch to android..
MacOs fucked me up so I already switched to windows + Linux. Next one will be getting rid of iOS, they don’t build small phones anymore anyway..1 -
Google simply can't knock off harrassing their users with security theatre.
A friend of mine has a small personal YouTube channel. He has recently been bombarded with several phone verification requests a week: "Verify it's you. To continue your session, complete a brief verification. This extra step helps us keep your account safe by making sure it’s really you. "
While frequent verifications may be understandable on YouTube channels with millions of subscribers, channels with only a few dozen subscribers are not attractive hacking targets. A verification would be justified before a potentially harmful action such as deleting videos or deleting a channel. But not for normal everyday use.
What's next? Will they ask users to "verify it's them" every ten minutes, "just for extra security"? Just to verify that it is "really, really, really, really, really" them?
It's not security. It's security theatre.
Sorry, Google, but users are not in the mood of doing a phone verification every other day.
Has this been Google's perverted wet dream all along?1 -
fucking zoho and their fucking sign up and authentication process.
they need a mobile phone number for the sing up, alright fine, I provide. but after submitting the form, nothing fucking happened and i am redirected to the initial sign up page. fuck you.
try again and guess what, said my phone number is already used and i can try sign in with it. ok alright, i try to sign in using my number and my password. guess what? i am redirected back at the initital sign up form page. fuckkkkkkkkkk.
i try again with another number. and then this time, guess what? said the fucking email is already existed. jesus fucking fucking christ.
browse around their help desk and found this. https://help.zoho.com/portal/kb/...
sure I follow the advice and guess what? yeah i'm redirected back to the FUCKING GOD DAMN same page again.
I gave up and wanted to send them a reply on their help desk and try to log in using one of my other existing zoho accounts. GUESS WHAT? THEIR HELP DESK LOG IN IS NOT WORKING. ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRR.
I click "Sign In". Login as User or Login as Agent dropdown appear. I click Login as User since my user account is already logged in. It nothing happened. It flashed and I am back at the help desk thread with no changes. It is still "Sign In" at the top. I fucking give up.3 -
That's it, where do I send the bill, to Microsoft? Orange highlight in image is my own. As in ownly way to see that something wasn't right. Oh but - Wait, I am on Linux, so I guess I will assume that I need to be on internet explorer to use anything on microsoft.com - is that on the site somewhere maybe? Cause it looks like hell when rendered from Chrome on Ubuntu. Yes I use Ubuntu while developing, eat it haters. FUCK.
This is ridiculous - I actually WANT to use Bing Web Search API. I actually TRIED giving up my email address and phone number to MS. If you fail the I'm not a robot, or if you pass it, who knows, it disappears and says something about being human. I'm human. Give me free API Key. Or shit, I'll pay. Client wants to use Bing so I am using BING GODDAMN YOU.
Why am I so mad? BECAUSE THIS. Oauth through github, great alternative since apparently I am not human according to microsoft. Common theme w them, amiright?
So yeah. Let them see all my githubs. Whatever. Just GO so I can RELAX. Rate limit fuck shit workaround dumb client requirements google can eat me. Whats this, I need to show my email publicly? Verification? Sure just go. But really MS, this looks terrible. If I boot up IE will it look any better? I doubt it but who knows I am not looking at MS CSS. I am going into my github, making it public. Then trying again. Then waiting. Then verifying my email is shown. Great it is hello everyone. COME ON MS. Send me an email. Do something.
I am trying to be patient, but after a few minutes, I revoke access. Must have been a glitch. Go through it again, with public email. Same ugly almost invisible message. Approaching a billable hour in which I made 0 progress. So, lets just see, NO EMAIL from MS, Yes it appears in my GitHub, but I have no way to log into MS. Email doesnt work. OAuth isn't picking it up I guess, I don't even care to think this through.
The whole point is, the error message was hard to discover, seems to be inaccurate, and I can't believe the IRONY or the STUPIDITY (me, me stupid. Me stupid thinking I could get working doing same dumb thing over and over like caveman and rock).
Longer rant made shorter, I cant come up with a single fucking way to get a free BING API Key. So forget it MS. Maybe you'll email me tomorrow. Maybe Github was pretending to be Gitlab for a few minutes.
Maybe I will send this image to my client and tell him "If we use Bing, get used to seeing hard to read error messages like this one". I mean that's why this is so frustrating anyhow - I thought the Google CSE worked FINE for us :/ -
Bittrex is "amazing"...
I had lost my 2FA a long time ago (as my phone fried) and missed the account ferification deadline which caused my account to get disabled. Off we go to support!
0. Nothing to rant about at this point. I just created an account in their zendesk, logged in and logged a ticket to reset my 2FA and reactivate my account. They asked me for info, I provided it to them and got my 2FA disabled. Hooray!
1. I then asked to reenable my account. They sent me a link to restart the verification process. I open up that link and log in. I'm asked to upload some photos. I select requested photos from my galery and hit [UPLOAD]. An error pops up saying that smth wrong happened and I need to reload that site and reupload my photos. After page refresh they are telling me they are validating my uploaded info (w/o any way to resubmit my info, which, according to the error seen below, was not successfully submitted in the first place)...
2. So I reach out to the support guy again. Guess what he replies! He says he's sorry but he cannot help me any more and I need to create a NEW ACCOUNT in their support site with the same email <???!!!???>
3. I try to log in to the support portal and my access no longer works. MY ACCOUNT HAS BEEN DELETED! WTF!!!
4. I do as I'm told and create a new acc with the same email. Now I can log back in. So I'm raising a new ticket saying I still cannot finish my verification process due to the same error. It looks like it's going to be a fun ride with them so I can't wait to see what they'll reply.2 -
I just had such a forfilling moment.
Normally, i often (force myself) go to bed at night, after i worked on a project of mine, with these thought saying "oh man i wanted to get that feature done today" or "i want to finish this and that part of my code".I am sure everyone of you knows the feeling, when your brain communicates that you are just not done for today.
Today it was different. I got a project of mine working in it's first state, where i put much heart, love and time in.Just a few minutes before i finished for today i got my server responding the expected numbers(some kind of pin-code). It's a very easy system: Someone(at the time only me and my debug mode :3) on a android phone request a verification which is checked and processed by the server. The server creates a random six-digit number, returns it encoded to the client and sends an email to the user, which currently sends it in plain text(shame on me).
Yeah, the user enters the number and voilà
And of course, all the Pincodes can only be used once.
I got to bed with this feeling of luck and succes.
I hope tomorrow is going to be a productive day!
I am so lucky right now.
Have a good day everyone! -
Fuck the feelings of powerlessness and helplessness. when a friend comes crying for you for help with their hacked account and you keep asking them about what they did to protect it in the first place and they reply with nothing, no recovery email, no recover phone, no secondary verification, NOTHING. and you can do nothing but stand there and watch them cry while you can literally do nothing because there literally nothing you can do to retrieve their stolen accounts. FUCK BLACK HAT HACKERS.3
-
The global joke of Information Security
So I broke my iPhone because the nuclear adhesive turned my display into a shopping bag.
This started the ride for my character arc in this boring dystopia novel:
Amazon is preventing me from accessing my account because they want my password, email AND mobile phone number in their TWO.STEP Verifivation.
Just because one too many scammers managed to woo one too many 90+y/o's into bailing their long lost WW2 comrades from a nigerian jail with Amazon gift cards and Amazon doesn't know what to do about anymore,
DHL is keeping my new phone in a "highly secure" vault 200m away from my place, waiting for a letter to register some device with a camera because you need to verify your identity with an app,
all the while my former car insurance is making regress claims of about 7k€ against me for a minor car accident (no-one hurt fortunately, but was my fault).
Every rep from each of the above had the same stupid bitchass scapegoat to create high-tech supra chargers to the account deletion request:
- Amazon: We need to verify your password, whether the email was yours and whether the phone number is yours.
They call it 2-step-verification.
Guess what Amazon requests to verify you before contacting customer support since you dont have access to your number? Your passwoooooord. While youre at it, click on that button we sent you will ya? ...
I call this design pattern the "dement Tupi-Guarani"
- DHL: We need an ID to verify your identity for the request for changing the delivery address you just made. Oh you wanted to give us ANOTHER address than the one written on your ID? Too bad bro, we can't help, GDPR
- Car Insurance: We are making regress claims against you, which might throw you back to mom's basement, oh and also we compensated the injured party for something else, it doesn't matter what it is but it's definitely something, so our claims against you just raised by 1.2k. Wait you want proof we compensated something to the injured at all? Nah mate we cant do that , GDPR. But trust me, those numbers are legit, my quant forecasted the cost of childrens' christmas wishes. You have 14 days or we'll see you in court haha
I am also their customer in a pension scheme. Something special to Germany, where you save some taxes but have to pay them back once you get the fund paid out. I have sent them a letter to terminate the contract.
Funniest thing is, the whole rant is my second take. Because when I hit the post button, devrant made me verify my e-mail. The text was gone afterwards. If someone from devRant reads this, you are free to quote this in the ticket description.
Fuck losing your virginity, or filing your first tax return, or by God get your first car, living through this sad Truman dystopia without going batshit insane is what becoming a true adult is.
I am grateful for all this though:
Amazon's safety measures prevented me from spending the money I can use to conclude the insurance odyssey, and DHLs "giving a fuck about customers" prevention policies made me support local businesses. And having ranted all this here does feel healthy too. So there's that.
Oh, cherry on top. I cant check my balance, because I can only verify my login requests to my banking account wiiiiiiith...?2 -
The company I used to work for, despite me not working there contacts me to get a verification code because the crappy developer they hired can't change a couple settings on the apple website and add themselves as a developer.
At the start of this all, a couple months back I gave them the code out of courtesy, but at this point, as i'm heavily invested in the development stage of my actual job as a vr developer, I won't take time out of my day to even answer the phone for them.
But what really pisses me off is the person who contacts me, my assumbly best friend, who during the last 12 months has only called me for these codes, so work related shit or just personal shit and never to hang out or play games or generally what we used to do as friends before he got a job at that stupid company doesn't have the balls to tell his boss that i'm busy with my job, that maybe if payment was offered as an incentive that I would be happy to be contacted.
When I left that company I didn't setup anything to make it so they would have to contact me, all I did was add myself as a developer of their app. I also heavily documented everything I did, all the issues I faced and the workarounds I found, and everything including all login information needed to get things working, I went above just "developing" the app I added in all the credits to all work used in the app as partly to make sure we don't get sued for stealing someones work without the right credit.
I hate the fact that I worked for minimum wage and did all of this shit, but I never complained at all about things like the 1 1/2 hour travel time (one way I might add) to my boss, the amount of money I spent on public transportation, the little money left over that I didn't even spend and instead give to my parents.
They know nothing about how hard that year was for me, and if they want to get this code, my so called friend can come chat in person, in his off time and when I'm done working on my own shit and we can discuss terms because this shit is just not fair at all.5 -
Brave Browser.
There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.
Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:
Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”
If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.
But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:
“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”
Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.
In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.
Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.
I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.
There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.
In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.
Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.15 -
So, there was that post about Valve that send your steam password through an email. I changed my password to see if it was true (I couldn't believe it). And I had to do phone verification....
I thought for a sec it wouldn't stop, but yeah atleast I got the message.5 -
Sus!
yesterday I bought a cool domain in namecheap, I was very lucky to find short and good one for my case.
Today (at weekends!!!!) I receive a letter:
>Hello **redacted name**,
>
>We are contacting you from the Namecheap Risk Management Team regarding your '**redacted name account**' account.
>
>Unfortunately, your Namecheap account was flagged by our fraud screening system as requiring verification and was locked.
>
>Please follow the instructions below to get your account verified:
>
>- take a color photo of the credit card used for the payment at **redacted link**
>
>Please make sure all of the edges of the credit card are visible, and that we can clearly see the card holder's name, expiration, and last four digits of the card number. The screenshots or images of the card cannot be accepted for verification. >If the submission does not meet these requirements, we can either request to submit the details again or permanently suspend your account.
>
>- provide a valid phone number and the best time to call you (within normal business hours, US Pacific time).
>
>If we do not hear back from you within 24 hours, we will be forced to cancel your orders.
>
>We apologize for any inconvenience that may result from this process. This extra verification is done for your security and to ensure that orders are legitimate. This industry, unfortunately, has a high rate of fraudulent orders, and this sort of >verification helps us drastically reduce fraud and ensure our customers remain secure. Such documents are used for verification only and are not provided to third parties in any way. Account verification is a one-time procedure, after your account >is verified, you will never face this issue again.
>
>Looking forward to your reply.
>
>---------------
>Dmitriy K.
>Risk Management
> Namecheap, Inc.
what if I did not notice it in 24 hours? It is the weekend for god's sake! People usually rest until monday.
They would what, cancel order and scalpel it to super high price?!
I have some doubts if the request is trully having anti fraudulent origins.
What if I used digital visa card? How was I supposed to photo it?
And the service they provided for photoing accepts only photos from web camera. I was lucky that I bought recently web camera with high enough amount of pixel power and manual focus. What if I did not?
That's all really SUS!
The person can not notice the letter within 24 hours time frame until the morning, when it would be already too late.10 -
Ok... so I have a unique question/opportunity. I can't give all the details but here's the jist:
3yrs ago I was hired to consult a now prominent(still decently well known then) web-based company with many thousands of users, dealing with a lot of money and leveraging a social environment. They had several issues but initially they really needed me to find/train chat mods.
I did not take the offer for monetary reasons, like all consulting I've done, I had additional reason and/or fondness to fix the issues. In this case it was an interesting challenge and I knew several customers and some support staff so it'd be worthwhile.
They (without request) reduced their typical 2mo probationary period to 2wk for me. With less than a day left of that period, I was 'hacked' via a pushed telegram update, on the account they made me create for work purposes (they had control of the phone number not me).
During this 'hack' one of the 2, currently active, culprits sent a message to his tg account from the 'hacked' one and quickly deleted the entire convo. The other pretended (poorly) to be me in the chat with the mods in training (at least a few directly witnessed this and provided commentary).
Suddenly, I was fired without any rationale or even a direct, non-culprit, saying anything to me.
The 'hack' also included some very legit, and very ignorantly used, Ukrainian malware.
This 'hack' was only to a 2nd gen lenovo yoga I got due to being a certified refurbisher... just used for small bs like this chat mod/etc job. I even opened up my network, made honey pots, etc., waiting for something more interesting... nope not even an attempt at the static ip.
I started a screen recording program shortly after this crap started (unfortunately after the message sent be 'me' to the dude who actually sent it happened... so i still dont know the contents).
I figured I'd wait it out until i was bored enough or the lead culprit was at a pinnacle to fall from...
The evidence is overwhelming. This moron had no clue what he was doing (rich af by birth type)... as this malware literally created an unhidden log file, including his info down to the MAC id of his MacBook... on my desktop in real time (no, not joking... that stupid)
Here's my quandary... Due to the somewhat adjacent nature of part of our soon to be public start-up... as i dont want it to turn into some coat tail for our tech to ride on for popularity... it's now or never.
Currently im thinking, aside from any revenge-esq scheme, it'd be somewhat socially irresponsible to not out him to his fellow investors and/or the organisation that is growing with him as one of few at the forefront... ironically all about trust/safety/verification of admins in the industry.
I tried to reach out to him and request a call... he's still just as immature. Spent hours essentially spamming me while claiming it wasnt him but hed help me find whoever it was... and several other failed attempts to know what i had. When i confirmed he wasnt going to attempt a call, i informed him id likey mute him because i don't have time for back and forth bs. True to form he deleted the chat (i recorded it but its of no value).
So... any thoughts?7 -
Anyone here uses scaleway VPS?
The tickets I raised got deleted without any proper resolution. And that is shady AF. The tickets were attended by some customer support guy and he had told he would call to verify. But that never happened.
And now all the tickets I raised has disappeared.
I can't activate my account because phone verification is not possible since the code they never arrives3 -
Hey guys, I have almost developed the backend of an app like reddit. My question is about authentication. How should I authenticate my user. Is phone number necessary to add phone otp?Because I don't want to get any legal trouble if someone posts objectionable content on the platform. Most of the apps today need phone number, I dont know why except reducing spam accounts.
Or shall I verify email by otp. But its hard to track disposable emails. I cant go for only gmail too as its banned in china. Email domains of china are weird.
Can I get into legal trouble for objectionable content posted by any evil user?
I dont want to go for auth.10 -
I have Avira Password Manager and for 3 days now I can't access it because they send a verification code to the phone but that code was never received... FUCK YOU AVIRA5