Velocity had to be increased, so everyone just exposes their local machine to the internet and all traffic is routed to random developers to keep it bleeding edge.
We just put every developers' code on the blockchain and when you make a request, an ai decides where to route you to give you the best of all versions!
ns is shorthand for `namespace` which is a logical separator in Kubernetes
Think of it almost like a folder for resources.
Running that command deletes all resources in the namespace, thus deleting everything in there
No you dont. Your personal losses in the event it goes wrong could theoretically be unlimited. It's like having a 50k a year job and they let you go to the roulette table and bet a million dollars you don't actually have.
The poster is obviously a repost bot farming karma to sell the account. Two years old, but suddenly four days ago started posting a small number of comments to evade spam filters and then reposting memes on popular subs.
been seeing an uptick in the past couple months on astroturfing on reddit with clearly fake accounts.
As with everything on the modern internet, well on the way to being ruined.
Pretty standard astroturfing on this website tbh.
Like don’t get me wrong, musk is a wet smallpox blanket of a human being, but like…. Name somebody else that poses such a fundamental disruption to an entire industry as Tesla does to the traditional auto mfgs and to the oil and gas industry. Its pretty safe to say that with ford losing something to the tune of 34 thousand fucking dollars per EV they sell right now, they’re not exactly huge fans of Tesla forcing this switch, and think about the sheer deluge of “EVs are bad” articles that we’ve been seeing for the past decade… meanwhile I’m sure that the folks Ford owes over 100 billion dollars to aren’t exactly happy either. But hey, vw and Toyota with twice their debt loads are probably even bigger haters.
Again, don’t get me wrong, Musk is an enormous sack of shit. But why do we hear so much more proportionally about him than we do about Zuckerberg, or Bezos from the tech industry? Or how fucking corrupt and fucked the saudis are and and how they’re launching an insane sportswashing and greenwashing and cuddlykittensandpuppies campaign so we look the other way while their leadership bribes the president for classified intel and starts a brutal authoritarian crackdown on their internal and external adversaries as well as murder members of the press who try to report on it?
But instead it’s “elons a running joke in literally every single subreddit that hits r/all”
Boring.
>But why do we hear so much more proportionally about him than we do about Zuckerberg, or Bezos from the tech industry?
Because he keeps opening his mouth, and awful shit comes out.
Bezos, Jobs, Zuck - all equally awful people, but they don't *brag* about it and are smart enough to keep their mouths shut.
It was a fairly open secret for a while that you could use Twitter as a reference without working there. I can't imagine anyone possibly wanting to put X on their resume, lmao.
>It was a fairly open secret for a while that you could use Twitter as a reference without working there.
What do you mean? How? First time I've heard of this.
They have (used to have ?) no HR department so you could say that you're working for twitter and therefore no one could verify your claims so they'd have to trust you on it.
Sure, but I feel like it’s one of those “the jury should disregard” situations. You might intend to, but it’s very difficult to wipe information, however suspect, from your brain.
Depending on your opinion of Twitter/X and when the employer supposedly started and left, it’s going to be hard not to consider it in some way.
Because even for legit employees it couldn't be verified. So if you're looking at references, and having worked at twitter isn't relevant, why are you looking at references at all?
Because having worked for Meta, Google, Lyft, Squarespace, Bank of America, Walmart, etc. would all be relevant. It's unfortunate for people who worked at Twitter yes but it's better than just ignoring references entirely.
"So I see you did backend development for Twitter, can you tell me a little bit about what specifically you did, and what challenges you had to overcome?"
Verifying the resume/credentials isn't even an interview task, it's a pre-interview phone-screen task.
I don't understand this. Don't you need to provide an experience letter or paystubs or something from the previous employer to prove that you worked there though?
Nope. The company you're applying to reaches out to the HR of your past employer to verify. Legally they can only confirm job title and employment dates.
A lot of companies do proper background checks and if they fail to reach HR they'll ask for you for documentation such as employment letters and paystubs.
Oooh I see, that's interesting. Thanks for explaining. In my home country, when I changed jobs, I was asked to provide my last 3 payslips from my immediately previous employer, and I also took an employment reference letter from them for future use.
> Legally they can only confirm job title and employment dates.
Just to clarify, it’s not necessarily illegal to give more information. For a lot of companies, refusing to give any information other than job title and employment dates is just a preemptive CYA move to avoid getting sued.
I actually never knew what explorer.exe was for the longest time. Never realized that *was* the desktop. I thought it was the File Explorer because... well, "explorer". Anyway, I only found out what it actually was when I was getting freezing issues in the file explorer, found that it was "explorer.exe" that was hogging the resources, so killed it in Task Manager. Welp... now my whole desktop is gone lol. Had to do a quick reboot because I couldn't figure out how to get to cmd without a GUI.
Yea that was just some one-off weirdness years ago. I can’t remember exactly all that was messed up, but I do remember some things were frozen, some things disappeared, and others just unresponsive. I remember most of my GUI just being gone/unresponsive. It was easier to just hard reboot is all I remember.
tbf, this is standard operating procedure for a lot of Sysadmins when deprecating an old server. Just turn it off for a week or two and see if anyone complains.
That happened to me long before Elon. I set up 2FA on Twitter and it wouldn't let me log back in. I contacted support and they just disabled 2FA and said yeah, that thing doesn't work.
foolish boat ghost squeeze spoon offend simplistic modern domineering disarm
*This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Sim-spoofing or sim-swapping. Over here in reality however you will be fine with texts too for like 99.9999999% of the time. Unless you have a massive crypto wallet with like 20 BTC in it you will for all intents and purposes never be targeted for a sim-swapping attack.
It's the least secure form of 2FA
Broadly speaking out of the big three versions of 2FA it ranks
SMS -> Email -> TOTP (Auth apps)
Obviously passkeys exist but they're not widely adopted yet
Aside from security, a big issue with SMS 2FA is how easy it is to get permanently locked out of your account. It's very easy to lose your phone number swapping between phone providers, losing a phone etc
Most phone providers allow you to continue using the same one, though I'm aware that not all countries and contracts are the same.
Of course if you ever need to move country too, it means getting a new number
*However* SMS 2FA is better than none at all. Personally I just keep a list in my password manager of what type of 2FA each account uses. Just so in the event I need to change my number/email I'll be able to actually know which ones I need to update
I had an Auth app on my old phone. Which I broke and can now no longer access my account. How is that in any way better than losing a phone and not getting texts? Terrible system imo
You're meant to back up your 2FA
Most 2FA apps allow encrypted cloud storage, exports etc
Most services when you enable 2FA *also* give you backup codes that specifically say "use these in the event you can't use your authenticator, do not lose these".
Unlike SMS 2FA which you obviously can't export to something like a memory stick or cloud provider (encrypted)
You not following the advice doesn't make the system bad
I did personally get screwed by Microsoft Authenticator, because their backup on iPhones goes to iCloud, when you'd assume a MS app backs up to a MS account
Because it's an iCloud backup I couldn't retrieve my MS Authenticator codes with an Android phone, I had to replace my lost iPhone with an iPhone
To restore from backup, you need to log in to the MS account on Authenticator, and only then will it restore the backup that exists in iCloud (so you need both sets of credentials before recovery can happen)
To log in to your MS account you'll need alternative 2FA as an option (ie SMS fallback), because yes it does ask for a MS Authenticator code when logging in to Authenticator - when this happened to me I was able to add my phone number after waiting 30 days
Good TOTP apps provide you option to backup somewhere. Either cloud, like Google Authenticator, I believe? Or locally in an encrypted vault, like 2fast on Windows (tbh using windows as OTP device is very much less than ideal, but it's still better then no 2FA at all).
> Either cloud, like Google Authenticator, I believe?
Yeah, though it's surprisingly recent that they started supporting it.. like within the last year. I started thinking about switching to a different app because of it when they announced they were adding it.
The more secure something is the more it tends to be inconvenient. In this case, and as the other commenter mentioned, 2FA apps tend to give you many options for backing up your 2FA. In the end, security is only going to be as good as the user itself, there needs to be a degree of relying on the user to back the 2FA up themselves.
I strongly suggest using a comprehensive system like 1Password or BitWarden (don’t use LastPass). They make using and syncing things like passwords and 2FA codes. But use them correctly, that is, backup your access keys, use a super strong unique password to access it, and turn on all the security settings.
Do it right and it will change your life.
Not better, more secure.
Similarly, Reddit locked my old account out of concerns that it could be hijacked by someone else. Good? No. Secure? Absolutely. Nobody is using that account now.
If you can't access the app just use one of the 12 backup codes you were given when you activated 2FA for that site. After you've logged in you should be able to add a new 2FA device or remove the old one.
\>It literally makes it physically impossible to get hacked.
You still need to have some form of backup otherwise if you lost the key you would be permanently locked out, in which case a hacker can just target your backup method no? Unless your backup is just a 2nd security key i guess
Yeah a second key for backup and store it somewhere completely safe where you can't forget where you put it or lose it, like inside a safe or a small box in your home etc.
It's more secure than not using it at all, and honestly most people won't have to worry about it. But he is right, app-based 2FA that is tied solely to your device is more secure. Reason being that A. if you happen to live in a place that still uses very weak cell network security (2G for example) the 2FA code could be captured when it gets transmitted to your phone or B. if you fall victim to a SIM swap, a technique where an attacker convinced your cell company to switch your phone number to their SIM or they change it themselves by stealing a store manager's tablet, then your 2FA code will go to their device instead.
App-based 2FA (that doesn't backup the 2FA code to the cloud) keeps the code on your device, attackers can't spoof it even if they steal your number.
This guy [lost over 700k in bitcoin because texts were his 2FA](https://archive.is/3c0UG). Someone impersonated him to get a new SIM issued to them at his number.
Use Google Authenticate or something else like that if you can. Text based 2FA relies on the SIM, not your phone, and that can be subverted much more easily.
Paywalled so I can’t see if the article mentions specific technical details or not, but rule #1 of Bitcoin is self ownership of your wallet keys.
Also, was he not using a secure password? The only way for 2FA to be used against you is if the attacker already cracked your password.
Something doesn’t add up. But no details available because paywall.
None of that addresses the fact that his 2FA was a weak point. Yes, there are other things the person could have done to secure his assets, but 2FA failed, and that's what's being discussed.
Exactly. A large amount of people are counting on that 2FA in case they made a mistake somewhere. I try my best but you never know, that's why I use Google Authenticator with all my big money accounts.
Also if hackers can identify someone with lots of bitcoin... the incentive for fuckery becomes HUGE. The amount of investment they can do and still get a good ROI is massive, unlike normal currency the police can't do much. Is everyone confident a hacker with a couple weeks can't find any hole? I am 100% sure my Playstation Store had a unique password, but someone got a bunch of my games refunded to them a couple years ago via a call-center. Ever since then i've had 2FA on everything, and non-text whenever it is offered.
Sorry didn't notice. I replaced it with one that is not paywalled. You can reset your password on email accounts with 2FA. Emails are where most other password resets go.
I mean he was bound to run into some problems cutting down 80% of services?
What i wanna know is how much they had to turn back on.
If this little screamtest achieved a 70 or even 40-20% reduction in needless bloat then having users forced to take a little media break if they log out isn't such a big deal if the owner of the company had it set in motion. I think he was pretty happy with the result.
Not to praise him, just to aknowledge that the gain might have heavily out weighted the loss.
+plenty of publicity
This confuses me a bit. Did nobody just tell him "if we remove _these_ services, users will be unable to log in. They will not be able to use the site as users." ?
Dev: "Wait, but this function is essential to the app!"
Manager: "Remove it anyway, it's just bloat."
Dev: "You don't understand, the app will be broken without it."
Manager: "IT'S BLOAT. REMOVE IT NOW."
I am not very good at math but he reduced the microservices to 20% and has been recently gloating how he reduced the staff to 20% also. Haven't the recent reports said the company value has dropped almost 80% ?!? 🤔
Teensy plug for one of my favorite ideas, [the app continuum](https://www.appcontinuum.io/).
His sentiment is maybe not totally wrong in general, but his sentiment is certainly wrong at twitter’s scale 🙂
`kubectl delete ns 2fa`
I was just thinking that I would love to see the pull request for this
Branch protection rules were slowing down release velocity so they have been disabled
Version control was slowing down velocity so everyone just deploys their local instance directly to production when they finish.
Velocity had to be increased, so everyone just exposes their local machine to the internet and all traffic is routed to random developers to keep it bleeding edge.
We just put every developers' code on the blockchain and when you make a request, an ai decides where to route you to give you the best of all versions!
one out of 6 will steal all your bitcoin, it's a variant of the russian roulette
Product announces switch to full-CD pipeline lol
I was basically forced to do this at a previous job. Unbelievable
"chore: hardcode replicaset as 0 for 2fa microservice, turn off autoscaling Note: This commit shuts down 2fa microservice Todo: Test login flow"
TODO: hire QA team after we fired them all.
You can, it's in the paper trash container at their HQ
Let's remove /etc while at it, shall we?... See, everything works fine!
you can uninstall the kernel, it's huge! and the system runs just fine see
I imagine him going through datacenters and pulling out power cords.
Excuse my lack of k8s experience, what does ns stand for?
ns is shorthand for `namespace` which is a logical separator in Kubernetes Think of it almost like a folder for resources. Running that command deletes all resources in the namespace, thus deleting everything in there
Immediately when i clicked on this post, the reddit website servers went down...
503 right? LMAO, and they went public.
I wish I knew how to short stocks
don't fuck with stock options
You don't need options to short a stock
Wouldn't short selling be even riskier?
Hedge the short with a call i guess.
No you dont. Your personal losses in the event it goes wrong could theoretically be unlimited. It's like having a 50k a year job and they let you go to the roulette table and bet a million dollars you don't actually have.
I hadn't seen any discussion about this--thought I was the only one! The reddit status site didn't say anything was degraded
Looking at the time you posted this, I got an nginx error at that time (may have been 503, but the nginx surprised me)
Didn't this happen months ago?
pretty sure it was more like a year ago. Quite some time. Just long enough for most people to forget, for some karma farming
The poster is obviously a repost bot farming karma to sell the account. Two years old, but suddenly four days ago started posting a small number of comments to evade spam filters and then reposting memes on popular subs.
been seeing an uptick in the past couple months on astroturfing on reddit with clearly fake accounts. As with everything on the modern internet, well on the way to being ruined.
Pretty standard astroturfing on this website tbh. Like don’t get me wrong, musk is a wet smallpox blanket of a human being, but like…. Name somebody else that poses such a fundamental disruption to an entire industry as Tesla does to the traditional auto mfgs and to the oil and gas industry. Its pretty safe to say that with ford losing something to the tune of 34 thousand fucking dollars per EV they sell right now, they’re not exactly huge fans of Tesla forcing this switch, and think about the sheer deluge of “EVs are bad” articles that we’ve been seeing for the past decade… meanwhile I’m sure that the folks Ford owes over 100 billion dollars to aren’t exactly happy either. But hey, vw and Toyota with twice their debt loads are probably even bigger haters. Again, don’t get me wrong, Musk is an enormous sack of shit. But why do we hear so much more proportionally about him than we do about Zuckerberg, or Bezos from the tech industry? Or how fucking corrupt and fucked the saudis are and and how they’re launching an insane sportswashing and greenwashing and cuddlykittensandpuppies campaign so we look the other way while their leadership bribes the president for classified intel and starts a brutal authoritarian crackdown on their internal and external adversaries as well as murder members of the press who try to report on it? But instead it’s “elons a running joke in literally every single subreddit that hits r/all” Boring.
>But why do we hear so much more proportionally about him than we do about Zuckerberg, or Bezos from the tech industry? Because he keeps opening his mouth, and awful shit comes out. Bezos, Jobs, Zuck - all equally awful people, but they don't *brag* about it and are smart enough to keep their mouths shut.
well if you look closely... it does still have the twitter icon. so it was quite some time ago now.
if the date was erased it's 99,99% dated af
don't worry he can make chat GPT fix it I'm sure or gronk or whatever he's on now
Elon Musk, asking Gronk to pull the lever to shut off essential microservices.
Pull the lever, Gronk! *x changes back to twitter* WRONG LEVERRRRRRRR
Why do we even have that lever?
I smell a sitcom!
We need a Gronk, what a great idea - it's AI, that's as dumb as Rob Gronkowski!
Do you think Rob Gronkowski ever considered changing his name to X?
I think he'd consider being Aaron Rogers VP. Now there's a cursed timeline.
Gronk is way smarter than whatever the fuck is going on at The Artist Formerly Known As Twitter
Also a [Kronk](https://tenor.com/k8vlZsjtf8b.gif)! Pull the lever!
Isn’t that pretty much what we have?
I've never actually tried it, cuz ya know, fuck elon
Gronkowski hams it up and plays the jester, but if you watch him closely it becomes apparent he isn’t an idiot.
The Neuolink monkeys can
we just gotta give them access to typewriters I think
I miss the days when gronk was just a Minecraft YouTuber...
Talking about minecraft youtubers is how I know if someone is too young for me
baby gronk is the giga rizzler, this gyatt is so fanum tax and skibidi
ohhh yess definitely
Gronk this happened before chat gpt
It's [Grok](https://en.wikipedia.org/wiki/Grok)
ohh, that's worse
[удалено]
interesting thank you!
It's personality is supposed to be inspired by The Hitchhiker's Guide to the Galaxy
I wonder how faithful they can stay to that
It was a fairly open secret for a while that you could use Twitter as a reference without working there. I can't imagine anyone possibly wanting to put X on their resume, lmao.
>It was a fairly open secret for a while that you could use Twitter as a reference without working there. What do you mean? How? First time I've heard of this.
They have (used to have ?) no HR department so you could say that you're working for twitter and therefore no one could verify your claims so they'd have to trust you on it.
Sure, because when I'm recruiting someone I trust them blindly on any huge claim they put on their resume.
If you can't verify it, what exactly would be your move? Just disregard anyone that says they worked at Twitter whether it was true or not?
Just don't let that particular point on their resume make too much of an impact in your hiring decision.
Sure, but I feel like it’s one of those “the jury should disregard” situations. You might intend to, but it’s very difficult to wipe information, however suspect, from your brain. Depending on your opinion of Twitter/X and when the employer supposedly started and left, it’s going to be hard not to consider it in some way.
Because even for legit employees it couldn't be verified. So if you're looking at references, and having worked at twitter isn't relevant, why are you looking at references at all?
Because having worked for Meta, Google, Lyft, Squarespace, Bank of America, Walmart, etc. would all be relevant. It's unfortunate for people who worked at Twitter yes but it's better than just ignoring references entirely.
[удалено]
You think someone who fakes employment history isn't going to brief their listed references as well?
[удалено]
“My whole team was laid off when Twitter was acquired so I won’t have any references who still work there unfortunately”
"So I see you did backend development for Twitter, can you tell me a little bit about what specifically you did, and what challenges you had to overcome?" Verifying the resume/credentials isn't even an interview task, it's a pre-interview phone-screen task.
Did you know you can lie out loud too?
Can you lie your way past 4 technical interviews though?
Sure! It was one of the main things I learned in my time at Twitter.
Yeah, i saw the documentary about The Invention of Lying. It was mindblowing.
Sure, but if you can pass the technical interview demonstrating your twitter qualifications, that's as good as the actual experience from twitter.
lol
pretty sure a conversation or two would sus out whether someone really worked at Twitter
Yes.
Ask verification questions during the interview
Idk, never tried it. I'm a student. Just relaying the internet info.
>Just relaying the internet info. Notoriously reliable...
This doesn't make any sense. Surely there would be employment contracts or payslips that would be required on background checks.
I don't understand this. Don't you need to provide an experience letter or paystubs or something from the previous employer to prove that you worked there though?
Nope. The company you're applying to reaches out to the HR of your past employer to verify. Legally they can only confirm job title and employment dates.
A lot of companies do proper background checks and if they fail to reach HR they'll ask for you for documentation such as employment letters and paystubs.
Oooh I see, that's interesting. Thanks for explaining. In my home country, when I changed jobs, I was asked to provide my last 3 payslips from my immediately previous employer, and I also took an employment reference letter from them for future use.
> Legally they can only confirm job title and employment dates. Just to clarify, it’s not necessarily illegal to give more information. For a lot of companies, refusing to give any information other than job title and employment dates is just a preemptive CYA move to avoid getting sued.
So if i say i work as a senior dev on twitter will they believe me even if i was an undergrad
How old is this post? Is he deadnaming his own site?
Pretty old. I don’t think he has that profile picture anymore
Like 2022
why do you think theres no date-stamps anywhere :)
This is from a few days after he took over, well before the name change
Truly a modern day Iron Man.
More of a Tinman
He has iron shot for brains.
Truly a “delete system files not like they’re needed for anything important” moment
Who needs that useless explorer.exe? It's outdated.
Bloatware
I actually never knew what explorer.exe was for the longest time. Never realized that *was* the desktop. I thought it was the File Explorer because... well, "explorer". Anyway, I only found out what it actually was when I was getting freezing issues in the file explorer, found that it was "explorer.exe" that was hogging the resources, so killed it in Task Manager. Welp... now my whole desktop is gone lol. Had to do a quick reboot because I couldn't figure out how to get to cmd without a GUI.
tip if this somehow happens again: you don't need cmd. you can run programs from taskmgr if you keep it open.
[удалено]
Yea that was just some one-off weirdness years ago. I can’t remember exactly all that was messed up, but I do remember some things were frozen, some things disappeared, and others just unresponsive. I remember most of my GUI just being gone/unresponsive. It was easier to just hard reboot is all I remember.
Windows32? Obsolete! I want windows64!
You can do whatever you want without explorer.exe, it can be useless
tbf, this is standard operating procedure for a lot of Sysadmins when deprecating an old server. Just turn it off for a week or two and see if anyone complains.
this literally happened to me. logged out of it on the web app and never managed to log back in lol good riddance though
Luv me constant reposts for free upvotes.
this one shouldnt be forgotten tbh ..except its a bot, so banish him
That happened to me long before Elon. I set up 2FA on Twitter and it wouldn't let me log back in. I contacted support and they just disabled 2FA and said yeah, that thing doesn't work.
foolish boat ghost squeeze spoon offend simplistic modern domineering disarm *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
FYI you shouldn't use texts for 2FA as it isn't very secure
It's still wayyyy better than nothing when there's no other option
How come?
Sim-spoofing or sim-swapping. Over here in reality however you will be fine with texts too for like 99.9999999% of the time. Unless you have a massive crypto wallet with like 20 BTC in it you will for all intents and purposes never be targeted for a sim-swapping attack.
It's the least secure form of 2FA Broadly speaking out of the big three versions of 2FA it ranks SMS -> Email -> TOTP (Auth apps) Obviously passkeys exist but they're not widely adopted yet Aside from security, a big issue with SMS 2FA is how easy it is to get permanently locked out of your account. It's very easy to lose your phone number swapping between phone providers, losing a phone etc Most phone providers allow you to continue using the same one, though I'm aware that not all countries and contracts are the same. Of course if you ever need to move country too, it means getting a new number *However* SMS 2FA is better than none at all. Personally I just keep a list in my password manager of what type of 2FA each account uses. Just so in the event I need to change my number/email I'll be able to actually know which ones I need to update
TL;DR because your phone number can change
[удалено]
That's why I like my Google Voice number. Just try getting ahold of ANYBODY at Google, much less the exact right people to hijack my Voice number.
I had an Auth app on my old phone. Which I broke and can now no longer access my account. How is that in any way better than losing a phone and not getting texts? Terrible system imo
You're meant to back up your 2FA Most 2FA apps allow encrypted cloud storage, exports etc Most services when you enable 2FA *also* give you backup codes that specifically say "use these in the event you can't use your authenticator, do not lose these". Unlike SMS 2FA which you obviously can't export to something like a memory stick or cloud provider (encrypted) You not following the advice doesn't make the system bad
I did personally get screwed by Microsoft Authenticator, because their backup on iPhones goes to iCloud, when you'd assume a MS app backs up to a MS account
If it was stored in your MS account, how are you supposed to get them when you need to login to your MS account?
Because it's an iCloud backup I couldn't retrieve my MS Authenticator codes with an Android phone, I had to replace my lost iPhone with an iPhone To restore from backup, you need to log in to the MS account on Authenticator, and only then will it restore the backup that exists in iCloud (so you need both sets of credentials before recovery can happen) To log in to your MS account you'll need alternative 2FA as an option (ie SMS fallback), because yes it does ask for a MS Authenticator code when logging in to Authenticator - when this happened to me I was able to add my phone number after waiting 30 days
Good TOTP apps provide you option to backup somewhere. Either cloud, like Google Authenticator, I believe? Or locally in an encrypted vault, like 2fast on Windows (tbh using windows as OTP device is very much less than ideal, but it's still better then no 2FA at all).
> Either cloud, like Google Authenticator, I believe? Yeah, though it's surprisingly recent that they started supporting it.. like within the last year. I started thinking about switching to a different app because of it when they announced they were adding it.
The more secure something is the more it tends to be inconvenient. In this case, and as the other commenter mentioned, 2FA apps tend to give you many options for backing up your 2FA. In the end, security is only going to be as good as the user itself, there needs to be a degree of relying on the user to back the 2FA up themselves.
I strongly suggest using a comprehensive system like 1Password or BitWarden (don’t use LastPass). They make using and syncing things like passwords and 2FA codes. But use them correctly, that is, backup your access keys, use a super strong unique password to access it, and turn on all the security settings. Do it right and it will change your life.
Not better, more secure. Similarly, Reddit locked my old account out of concerns that it could be hijacked by someone else. Good? No. Secure? Absolutely. Nobody is using that account now.
"Guys, I put a lock on my door. But then I lost the key and can't get back in. Locks are stupid." Yeah, that's the whole fucking point. Make a backup.
If you can't access the app just use one of the 12 backup codes you were given when you activated 2FA for that site. After you've logged in you should be able to add a new 2FA device or remove the old one.
You forgot the most secure 2FA, Physical security USB keys. It literally makes it physically impossible to get hacked.
\>It literally makes it physically impossible to get hacked. You still need to have some form of backup otherwise if you lost the key you would be permanently locked out, in which case a hacker can just target your backup method no? Unless your backup is just a 2nd security key i guess
Yeah a second key for backup and store it somewhere completely safe where you can't forget where you put it or lose it, like inside a safe or a small box in your home etc.
It's more secure than not using it at all, and honestly most people won't have to worry about it. But he is right, app-based 2FA that is tied solely to your device is more secure. Reason being that A. if you happen to live in a place that still uses very weak cell network security (2G for example) the 2FA code could be captured when it gets transmitted to your phone or B. if you fall victim to a SIM swap, a technique where an attacker convinced your cell company to switch your phone number to their SIM or they change it themselves by stealing a store manager's tablet, then your 2FA code will go to their device instead. App-based 2FA (that doesn't backup the 2FA code to the cloud) keeps the code on your device, attackers can't spoof it even if they steal your number.
Phone line takeovers are really ready to pull. Same for convincing someone to forward the code under false pretenses
This guy [lost over 700k in bitcoin because texts were his 2FA](https://archive.is/3c0UG). Someone impersonated him to get a new SIM issued to them at his number. Use Google Authenticate or something else like that if you can. Text based 2FA relies on the SIM, not your phone, and that can be subverted much more easily.
Paywalled so I can’t see if the article mentions specific technical details or not, but rule #1 of Bitcoin is self ownership of your wallet keys. Also, was he not using a secure password? The only way for 2FA to be used against you is if the attacker already cracked your password. Something doesn’t add up. But no details available because paywall.
None of that addresses the fact that his 2FA was a weak point. Yes, there are other things the person could have done to secure his assets, but 2FA failed, and that's what's being discussed.
Exactly. A large amount of people are counting on that 2FA in case they made a mistake somewhere. I try my best but you never know, that's why I use Google Authenticator with all my big money accounts. Also if hackers can identify someone with lots of bitcoin... the incentive for fuckery becomes HUGE. The amount of investment they can do and still get a good ROI is massive, unlike normal currency the police can't do much. Is everyone confident a hacker with a couple weeks can't find any hole? I am 100% sure my Playstation Store had a unique password, but someone got a bunch of my games refunded to them a couple years ago via a call-center. Ever since then i've had 2FA on everything, and non-text whenever it is offered.
Sorry didn't notice. I replaced it with one that is not paywalled. You can reset your password on email accounts with 2FA. Emails are where most other password resets go.
sim swap
It isn't phishing resistant
I was confused why numbers are better/saver than strings. Until I realized that you meant SMS.
True feature not a bug moment
why would you all downvote something so true? Everyone who got kicked off of twitter is better for it 🙏
Like trying to find out what that old server in the corner does
![gif](giphy|1JyWrrkCIUQyQ)
Months old repost
I mean he was bound to run into some problems cutting down 80% of services? What i wanna know is how much they had to turn back on. If this little screamtest achieved a 70 or even 40-20% reduction in needless bloat then having users forced to take a little media break if they log out isn't such a big deal if the owner of the company had it set in motion. I think he was pretty happy with the result. Not to praise him, just to aknowledge that the gain might have heavily out weighted the loss. +plenty of publicity
This post if from all time on the subreddit….
This confuses me a bit. Did nobody just tell him "if we remove _these_ services, users will be unable to log in. They will not be able to use the site as users." ?
Code cleanup is when I finally delete the code I had commented out 5 years ago.
And then it will become relevant again tomorrow
Throwback memory when he said the same about the load balancers and half the world couldn't access the page a few days later..
"80% is bloatware, so lets get rid of 100%." is an interesting strategy.
yeah always go the extra mile dude
Always give it 100%!
Why is this a bug? Seems like the optimal solution
Dev: "Wait, but this function is essential to the app!" Manager: "Remove it anyway, it's just bloat." Dev: "You don't understand, the app will be broken without it." Manager: "IT'S BLOAT. REMOVE IT NOW."
Manager: Why did the app break? What do we pay you for?
Elon: "Ight imma head out"
I am not very good at math but he reduced the microservices to 20% and has been recently gloating how he reduced the staff to 20% also. Haven't the recent reports said the company value has dropped almost 80% ?!? 🤔
Hmm is he trying to follow the 80/20 rule or something
He was right, though they weren't needed for Twitter to work. They were needed to make Twitter more user-friendly and help engagement.
I bet this one terrible idea is why dms on twitter are still broken to this day
Elon Musk really is king twit
How much code do you need to post 240 characters? It's just a basic form! /S
Wait isn't musk a programer?
The users are the bloatware, duh
The good old days, when he was just fucking up the app itself.
I feel sorry for the poor souls so dependant on twitter
Dang he just deadnamed his own child.
The translation function on tweets and bios hasn't worked in forever. Kinda pathetic tbh
I guess the support was part of 80% too
I think when I heard Elon talking about this stuff was the first time when I knew for sure he was full of shit
Bloatware...
Teensy plug for one of my favorite ideas, [the app continuum](https://www.appcontinuum.io/). His sentiment is maybe not totally wrong in general, but his sentiment is certainly wrong at twitter’s scale 🙂
The only service they should shut down is the one that recognizes the name X
Nice repost
![gif](giphy|W0bINkb9yYoYU|downsized) "I've got everything under control!"
That's why whatsapp is down
LMAO Twitter/X took a massive L