It's a third-party client making authentication and data collection requests, just like the hundreds of other credential stuffing toolkits (OpenBullet et al.) that are smashing the Venmo platform 24/7.
The most likely outcome for anyone using this is their account becoming restricted for unusual access patterns by the existing models already in place.
The Ragged Trousered Philanthropists by Robert Tressell.
Taught me everything I needed to know about being a painter.
Perhaps not the 'best' book ever, but certainly one of the most impactful for me as a common-or-garden 18-year-old realising for the first time that our political and economic systems aren't some sort of almighty edict and could be critiqued.
Love love love this. I recently saw something about Rails 8 (probably Kamal?) and decided to build a toy app using the main git branch parsing and displaying Telegram logs. I haven’t used Rails or done any front-end work since the traumatic 2->3 upgrade over a decade ago.
My two main takeaways were:
1) This is fun
2) Why do we put up with all this garbage in modern development
2a) Okay I guess Tailwind is more useful that I assumed
And it’s legitimately made me think I could build and launch something on my own, which I’ve never had the confidence to try before.
I hadn't realised until reading this, that I use this exact method for Best Buy.
Not intentionally though - I have my password stored in 1Password, so I know it's correct, yet every time I try to purchase something through bestbuy.com I trip some sort of ATO protection that falsely claims my password is invalid.
I'm entirely willing to believe it's something on my side (ad blocker, local DNS blacklisting, etc.) but after a certain number of occurrances, you get bored trying to debug the problem and just follow the path of least resistance.
> Not intentionally though - I have my password stored in 1Password, so I know it's correct, yet every time I try to purchase something through bestbuy.com I trip some sort of ATO protection that falsely claims my password is invalid.
Are you sure it's not a maxlength mismatch? It is very common to have the "change password" field to have a different (or no) maxlength and then have the login page have a different maxlength. So you change your password to some 60 character password, then you log in where the maxlength is only 40 characters... wrong password! I actually have a policy now of having the maxlength stored in application config so it propagates to all password fields in my apps.
Edit: Just checked and yes there is a length mismatch (form to set password has maxlength of 54, but login page has no maxlength set). So if your password length is > 54 and 1Password doesn't automatically cut the password it stores to 54 characters or fewer, you won't be able to log in.
I know a few sites, one of them being Spotify, that will lock your account based on "suspicious activity", lie that your password is invalid, and force you to reset your password.
Great read! I love a pour over, but it's always "...but only if you have time" because I know how much of a pain they are for the staff.
I wonder if the Starbucks story was one of those situations where the CEO had a pet project but the rest of the company silently conspired to kill it? I feel like I'd be the exact target market for this, yet I've never heard of either Clover nor Starbucks Reserve before.
I don’t think I’ve ever had a single interview that left more than about 60 seconds for candidate questions. Maybe you can tease some of this stuff out with the “hiring manager chat” as that tends to be less formal, but in panels?
What level/grade are folks generally talking about here? Or is this a difference between applying for a role vs. being hunted for it?
If you aren't being given time to ask questions during an interview (within reason of course, like 5-10 minutes) you need to go elsewhere. I've never had a job interview (on either side of it) where the candidate didn't have plenty of time to ask questions.
I’ve had places where I pointed out we’d mostly solved the problem and do you want me to keep going or allow time for other questions, they’ve always picked keep going and I’ve always checked out at this point.
I’m not going to work for you based on the negligible amount of information I’ve gotten out of you so far. I’m still workshopping more assertive ways to just say this. We are wasting our time here folks.
I used to get people who were happy if I helped them fill up the half hour or hour. The questions I asked often told them more about me than my answers.
But it’s been a while since that happened. Long enough that I believe your never.
That's wild, I usually offer candidates closer to 15 minutes (out of an hour interview), and have insisted upon the same when interviewing. Been doing both for a decade, mostly startups.
> Every time this topic comes up, people delightedly mention the German Tank Problem, but I have never, not once, seen anyone post an actual example of when a modern business got rekt by a competitor using knowledge gained from monotonic IDs.
At $previous_job (payments provider), the sales engineers would often spot merchants using sequential order IDs and mention it to the account managers.
Rekt? I guess not, but knowing what percentage of their business we processed was extremely valuable information when it came to renegotiate the contract.
That does sound feasible. There are a number of airports (SFO probably being the largest) that have their security screening performed by non-TSA third-party companies, which I suppose is the ultimate political embarrasment lever to pull.
It has never been, is not, and will never be, different. Instead of paying fees to TSA SFO pays slightly more to the contractor doing the job. It's the same. Same rules, same procedure, same equipment. Same, same, same. The only difference is the patches on the shirts.
Everyone in here has cultural amnesia about air travel in the 90s.
The current system is TEN BILLION TIMES better than post-lockerbie.
For anyone else wondering, it's AS27612 and the registered address is mentioned online -- unsurprisingly -- as the "CALEA Implementation Unit".