I think I might be the only developer left on this forum, and maybe on the planet, who still uses Microsoft OS daily (for over 30 years). I rarely have issues with it, find it incredibly stable, and have made a lot of money using it.
Not sure why, I just felt the need to post this.
Oh, and just to make myself look even worse, Copilot in VS Code has been an amazing asset in my development.
Agreed. I had enough issues with my router yesterday I purchased a different brand router and decommissioned my ASUS. I was not aware of this wide-spread issue until today. Much like HP printers, I will think twice about recommending or purchasing an ASUS.
>I will think twice about recommending or purchasing an ASUS.
With the recent ASUS motherboard over voltage, emergency BIOS update, warranty void if update used then reverse that threat.... the insanity of it all. Many people are saying that.
Then purchase what? From what I understand most consumer router manufacturers do push automatic updates. Usually installed when the router is power cycled.
What a prick. The more I learn about the core Seinfeld group the less I like them. Googling Heidi Swedberg and looking at some pics of her it seems obvious why they didn't get along with her. She's a genuinely likeable and good-hearted person. At least that's my impression.
My wife and I have visited Chicago from Ohio about five times over the last ten or fifteen years. We’ve brought in the new year on the Navy Pier a few of those years. We really enjoyed our visits.
We’ve heard enough about the crime in Chicago over the last few years that we’ve agreed to stay away for a while.
I'm not sure why I feel the need to mention this, but without doing a deep dive on the statistics, we hit the tipping point to not return.
Probably the city just got boring to you. It's great for a couple visits, but after that you gotta decide to live here, or go see other places. I like Montreal, have you tried there?
I forgot to include this in my original post. I use the Microsoft authenticator application to authenticate my account. My mistake was also including my mobile number as an alternative way to authenticate my account. I don’t know if I was aware of this or if Microsoft prompted me for my phone number at one time and I did not think through all the ramifications.
We set up multiple different types of recovery and backup and restore options for the saas pass authenticator and password manager to let you the individual be able to customize it as you wish.
The threat model is increasing for personal use as solely SMS based account recovery is becoming more widespread. The increase in crypto usage is another accelerant.
I have not regained access to my bitcoin account, in part because I have not contacted customer support to do so. I’ve been too busy regaining access and continuing to support my client base.
My account is locked, and I am pretty sure my funds are still there. It will be a significant loss, but not devastating as this was my non-primary investment account.
I still don’t know the full extent of my losses.
So far, my losses are primarily loss of billable time. I am not a litigious person, but I am also going to educate myself as to what ‘pain-and-suffering’ means. Both my personal and business bank accounts are ok. I now understand why banks do not use email addresses as the login id. The thief would not (easily) be able to align my email address with my bank login id.
Once through this, I plan disassociate any portion of my login id with my name.
If your crypto was stored on an exchange then this is par for the course; rule number one is that if you don't control the private keys, the coins are not yours.
You haven't even tried to regain access to it? Instead of spending time on HN you might want to reach out to Coinbase.
Agreed. Done.
"Thanks for taking the time to contact us. We're currently receiving a high number of requests so we may take longer to respond, but our team is working hard to get to every inquiry quickly."
> I now understand why banks do not use email addresses as the login id. The thief would not (easily) be able to align my email address with my bank login id.
This is an important point and one I've been thinking about for years. There's so much discussion about using password managers and good password practices and 2fA but almost no discussion on how using a single identifier to log into all these various services is in itself a huge security vulnerability. If we had different login usernames for each service, gaining access to people's accounts would be that much more difficult.
Email should be reserved for communications and not double as a means for authentication.
I had to remove this detail from my original post as it was too long:
Boost mobile is negligent and not following industry standards. Their whole security model is based on a 4-digit pin. At first I thought somebody had a script working its way up through all the combinations at the login screen, but I no longer feel that is the case. The fact that at least nine of us had this same issue within days makes me think there is a wide-spread issue here.
I don't have a source to hand, but I've heard from other post-mortems that in SIM-jacking attack the carrier has been socially engineered into not bothering with the pin, ongoing court cases RE negligence perhaps on-going.
They have to be able to issue a new SIM card without a pin in the case of a lost phone though. In that case they should probably check government identification, of course, and not be available remotely.
I thought you needed the PIN if you wanted that, too? As in, if you lose your phone and don't have the PIN set up with your carrier, you've lost your number and can't restore it.
The "industry standard" is that SIM-swapping it not difficult. Arvind Narayan's group at Princeton demonstrated this pretty convincingly. This isn't unique to Boost.
Does coinbase really allow account recovery with just an SMS? It seems to me like the attacker must have had more than just control over your SMS number.
Maybe it would make it more clear that this was not 2FA attack.
It might be confusing but that was account recovery attack.
For account recovery there is no "password" as thieves just made their own password while having your phone number.
So phone number as a password recovery option is not secure without any additional checks. Not 2FA because with this attack there was no second factor.
Remember that there's also the traditional way of pulling this off, which is to pay someone at the phone company to do things in their support system for them.
I too had a lot of respect for Cuban regarding this.
Article from Inc:
Mark Cuban Made Shark Tank Change Its Contracts After threatening not to return until an equity clause was removed from contestants' contracts, Mark Cuban finally got his way.
Just for appearing on the show, owners agree to give up 5% of their company or 2% of future royalties.
...
Cuban said the clause was removed retroactively, meaning every contestant who's appeared on the show since Season One will be relieved of the commitment. However, how that will work out logistically remains unclear.
Several years back (and things may have changed) Panasonic had a patent on the inverter and was the only microwave that offered it. I purchased a Panasonic for that reason and love it.
This from their website:
The Panasonic Microwave Ovens powered with patented Inverter Technology™ deliver evenly cooked meals, from edges to center, every time.
I had the same microwave and I loved it. Unfortunately it caught on fire, and according to Amazon reviews we weren’t the only ones. Luckily my wife was in the kitchen when it happened.
I’m sure whatever model they’re selling now is different, so I’m not trying to scare people off. The point is I now have a microwave without an inverter and I hate it. It might end up going to my photography studio and I’ll get a new one for the home.
My experience with a Panasonic inverter & grill oven was that it didn't make the food hot, even if you gave it double the time. That defeated the point for me.
I ended up using a cheapo 600W microwave that cost 1/4 of the expensive Panasonic but would actually make food hot.
I've also had other experiences of bad usability in Panasonic products. Pointless extra button presses to to tell it you actually want to _microwave_ at _full power_. Who knew you would actually want to use your microwave for microwaving? /s Just let me press the time & start, already.
I now have a Samsung with convenient controls and a cheerful tune.
My Panasonic bit the dust after about five years of use with a light show. I believe the magnetron shorted and burnt out the power supply. As I was microwaving water for tea, there was a bright white light on the inside of the microwave. Family also described a similar failure around the same time frame of ownership.
I enjoyed that microwave before that happened and was thoroughly impressed with the ice cream soften setting.
Not sure why, I just felt the need to post this.
Oh, and just to make myself look even worse, Copilot in VS Code has been an amazing asset in my development.
reply