Mastodawn

evol

@evol@evolved.systems

41 Followers

31 Following

520 Posts

not evil • recovering perfectionist • neurodivergent • colorblind (protanomaly) • sometimes makes pretty pictures

some things I made:
https://evolved.systems/chaoskit
https://evolved.systems/palettes

Matrix	https://matrix.to/#/@evol:evolved.systems
Website	https://evolved.systems
GitHub	https://github.com/evoL
Pronouns	he/him

#VibeCoding your MFA

L'égrégore André ꕭꕬ Jun 9

Cautionary tale about checking your thumbnails before uploading.

Niki Tonsky Jun 10

macOS Tahoe buttons be like

Lu wilson Jun 4

Pojutrze wybory. Nie angażuję się zwykle w poważny sposób na tematy polityczne poprzez swoje social media, ale dziś zrobię od tego wyjątek, na jeden post. Wybaczcie mi.

Mam do was, konkretnie do tych spośród was którzy nie chcą iść głosować w drugiej turze wyborów prezydenckich, bo nie odpowiada wam żaden z zaproponowanych kandydatów, jedną prośbę. Zanim postanowicie tę niedzielę przespać, spójrzcie na swoich przyjaciól ze Stanów Zjednoczonych. Czy są oni ostatecznie zadowoleni z tego, że wielu spośród nich pokazalo "moralną wyższość", nie głosując na "mniejsze zło"? Czy też może patrzą nerwowo na coraz to nowe decyzje i wypowiedzi ich prezydenta?

Wszystkie sondaże pokazują, że wygrać może którykolwiek kandydat. Różnica jest zasadniczo poniżej błędu statystycznego. Wszystko, nawet pogoda; każdy, nawet wy, może ostatecznie zmienić wynik tych wyborów.

Na stole opcje są tylko dwie. Któraś z nich musi wygrać, innej drogi nie ma. Ja już zdecydowałem. Mam nadzieję, że zrobicie to i wy.

Do zobaczenia w niedzielę przy urnach.

Annika Backstrom May 25

"To all of my friends, It looks like someone has hacked into my e-mail account and sent something, but I am unable to pick it up and see what it was." https://www.yyyyyyy.info/

▁▂▃▄▅▆▇ `^^^^^~ ░ ui▀┳╲ ☺ .info ▓

Jan Rychter May 25

I am so tired of companies believing their APP is the center of everyone's world. Get it into your heads: your app is a TOOL. Like a screwdriver. That, in this particular case, I would like to use to adjust levels of my microphone interface.

I don't want a "better experience", and I don't care about your "new app". You are overhead. Cost. Drag.

Watching Microsoft’s robots telling Microsoft’s other robots that they need to agree to Microsoft CLAs in between Microsoft’s developers begging Microsoft’s robots to actually understand the problems they’re trying to fix in Microsoft's platform code on Microsoft's version-control website is kind of amazing.

This is definitely the future Terry Gilliam promised us.

CJ "siege" Bellwether May 16

SHAKE IT BABY

1,000,000 votes out of 1,000,000 needed for the EU citizens initiative calling for a conversion therapy ban

It is 7 AM CEST. The EU citizen initiative calling for a ban on "conversion therapy" (here meaning, pseudoscientific attempts to "cure" LGBTQs) is less than 250,000 votes from success. This is astounding, the votes have like, *tripled* in a week.

The page says voting ends "May 17", and I wish I knew if that meant "at midnight tonight" or "midnight tomorrow" or what. Uh. Do you know

Germany is ~6,000 local votes from endorsing it. Are there 6,000 Germans on this website

https://eci.ec.europa.eu/043/public/#/screen/home

×

#VibeCoding your MFA

Johndgeek 🌎2d ago

@beyondmachines1 Talk about vibe coding the pipeline.

Steffen Voß 2d ago

@beyondmachines1

Alerta! Alerta!2d ago

@beyondmachines1 🤣

Sherlock Schaf 2d ago

@beyondmachines1 🤪

@beyondmachines1 Please tell me this is just a joke form someone wrote and not a screenshot of a publicly facing service.

Veronica Olsen 🏳️‍🌈🇳🇴🌻2d ago

@makdaam @beyondmachines1 I assume it is a joke, but you never know these days.

@veronica @makdaam I'm betting on Debug = True

std::polar 1d ago

@veronica still dubious

Ari [APz] Sovijärvi 2d ago

@makdaam It has to be a joke, but I've seen so many of these where whoever made it obviously hadn't stopped to think how their "clever" system would fare in the real world. This includes those "secret questions" that you can easily lift from the person's social media.

@apzpins @makdaam The solution to that is *don't use those things as your security questions* so you can joyfully play the game. It's really that easy. Signed: Piep Abbenes (my 1990s pornstar name)

@apzpins No, it doesn't have to be a joke. That's the worst part.

There's a guy who vibed out an online app with Cursor which had credential tokens in the client side javascript. He believes that was no biggie, and exposing his customer data is just part of the learning process.

He's releasing more webapps, same quality, now trying to add mobile ones. He's added a layer of "real browser detection" with Vercel on top to keep him safe.

Ari [APz] Sovijärvi 1d ago

@makdaam My own experience with such coders was when I was told to give customer's web dev a virtual. It got owned in less than 12 hours, because he eventually figured out how to make MySQL listen to the public IP so he could use some kind of a graphical tool running on his own laptop to access it.

Felt like parents asking to give their kid a loaded shotgun and then be all surprised when the worst happened. But all in a day's work and so forth.

@makdaam @beyondmachines1 +1

I hope too this is just a poorly made demonstration thingy that explains how to integrate some actual #2FA!

Cuz to me thats #NegativeFactorAuthentification instead of #TwoFactorAuthentification!

https://infosec.exchange/@beyondmachines1/114692899794487589

BeyondMachines :verified: (@beyondmachines1@infosec.exchange)

Attached: 1 image #VibeCoding your MFA

Infosec Exchange

@makdaam @beyondmachines1 "for debugging porpoises"

Alister Bulman 1d ago

@makdaam @beyondmachines1 Did you hear what Grindr use to do with a password reset?

They returned it along with the API response that would tell you that "the URL has been sent to your email address"

https://www.troyhunt.com/hacking-grindr-accounts-with-copy-and-paste/

Hacking Grindr Accounts with Copy and Paste

Sexuality, relationships and online dating are all rather personal things. They're aspects of our lives that many people choose to keep private or at the very least, share only with people of our choosing. Grindr [https://www.grindr.com/] is "The World's Largest Social Networking App for Gay, Bi, Trans,

Troy Hunt

@alister @beyondmachines1 Auth recovery flows seem to be a common weak spot.

@alister @makdaam I've seen something similar in other places. Not intentional, just dev losing focus.

Heighten Pattern Recognition 2d ago

@beyondmachines1 all I see is hunter2

@beyondmachines1 chat is this real?

@kae_bytheocean no clue. But I'm thinking Debug = True

Martin Schröder 1d ago

@beyondmachines1
Even then: When would the frontend ever get the code?
@kae_bytheocean

@oneiros @kae_bytheocean seemed like a great idea at development debug time 🤷

"x0cx0x" sure is an interesting way to censor the first six digits of a phone number

@dzamie not ai generated, just typical OCR errors (probably the OCR software included in mastodon)

I suppose "ai" is just a synonym for "general-purpose LLM" these days, yeah

vita is at gpn :3 2d ago

@beyondmachines1 i took like a whole minute to understand this T~T

Nico Erfurth 2d ago

@beyondmachines1 I fear it's real, isn't it?

Kit 🏳️‍🌈🏳️‍⚧️🇺🇦2d ago

@beyondmachines1 What application is that, smh? I'm not sure the people know the purpose of sending a code to your phone XD

The Psychotic Network Ferret 2d ago

@beyondmachines1

sullybiker 2d ago

@beyondmachines1 Oh dear god

@beyondmachines1
Perhaps it is the number of an entirely different code.

neocat_floof_explode

@ozzelot That is so evil

@beyondmachines1 The correct code has arrived at the phone and this is for internal use by people who have access to the DB and have no intention to bother with phones, I assume

@ozzelot that's what we call a back door. And having a back door is always a bad idea.

@beyondmachines1
Well, if it weren't for little old security through obscurity, it would be a front door!

@beyondmachines1 is this real?

@lunch I'm putting my money on Debug = True

@beyondmachines1 2Fast 2FA 2Furious

@beyondmachines1 really streamlines the authentication process

@boscoandpeck we need HX, Hacker eXperience

@beyondmachines1 😂 I can see the job listing now for a full stack hx developer

Stanley Nerdlinger II 2d ago

@beyondmachines1
Wait. Let me get my phone.

Justin Derrick 2d ago

@beyondmachines1 Your alt-text needs a little tweak, the 'xxx-xxx' looks a little messed up.

Chief Master Sergeant Walter H 2d ago

@beyondmachines1 Better UX, that.

@chief everyone is happy. Customers, hackers, everyone!

Andy Fletcher 2d ago

@beyondmachines1 About 15 years ago I had a bank account in Qatar. They had SMS authentication for transfers.

The form asked you for your Qatar Id - easy as it was displayed at the top of the webpage then invited you to put in a phone number for the SMS authentication message to be sent to. You could use any phone number - your own, the wife or even a co-worker. I tried!

@X31Andy I bet there are such implementations even now

@beyondmachines1 LMAO 🤣

@beyondmachines1 accessibility feature here I come

OpenComputeDesign 2d ago

@beyondmachines1 Please don't ask me how long I had to stare at this before I realized what was wrong 🤦

@OpenComputeDesign like looking for my glasses while i'm wearing them 🤷‍♂️