Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "social login"
-
I recently found a company that used employee social security numbers as their login username and their MMDDYYYY as their password (which could not be changed) also their entire network was using a router with no wifi password set. :/8
-
Day 1 10:00 am
Login to email account (Zimbra)
Your password is incorrect (I entered it correctly, this was a permanent issue ,used to happen in the company with many employees)
Reset your password by logging into internal company portal.
11:00 am
Logged into company portal, somehow. 2 Mbps internet shared among 104 people, you can imagine the speed.
Reset email password
* your password has been sent to your email id*
Are you fucking kidding me? U have emailed me the password to the same email I can't log in to?
Where did the architecture designer get this top notch weed from?
Day 2
Asked HR to reset my password (using a colleague's email)
Day 3
No reply from HR yet
Day 4
I went to meet HR, she's on vacation. So they have 1 person managing the password reset, for 5000 people with no backup person. Cool.
Day 5
Your internal company password has expired. Check your email for link to create new password. This is some next level shit going on.
Day 6
I called up Internal IT team to generate a new email for me.
They asked me to raise a ticket.
I can't raise a ticket because the only way to do so, is through the portal.
Day 7
Nothing. Btw, personal email and all social networks were banned. You can't even open stackoverflow.
And this was a research lab, amazing huh?
Day 8
Loss of pay for 4 days since I can't login to company portal to fill timesheet.
Day 9
HR comes back. Resets my password.
I try to generate my new password for portal.
The password policy:
Password can't be same as last 10 passwords
Passwords expire every week
8 characters minimum, 2 upper case, 2 lower case, NO SPECIAL SYMBOL. WTF. How long do u think its gonna take to crack that?
Fuckers had a company wise policy to automatically lock PC every 1 min if not used. Who the fuck can keep on using it continuously! I'm reading an article, and bam ! Locked. 2 wrong entries and that's it, repeat all steps again. Fuckers really didn't want to let me do my job, just keep on logging in all day.12 -
This is what happens to overworked PMs.
Me: When users create accounts with social logins, they don’t have passwords in our database. If they try to enter an email and pw on the login form, what do you want the error message to say?
PM: Can we add a modal that says “Your account doesn’t have a password, set one now.” And have a password field?
Me: ☠️ That…would…allow…anyone…to…hijack…an…account…
PM: Right. Never mind.12 -
So... I’m sitting here doing pretty much nothing, just reading through some rants when all of a sudden I get a wave of emails.
Pinterest!
We noticed a login from a new device or location and want to make sure it’s you.
Device: Firefox, Windows 8
Where: New Jersey, United States (Approximate)
OhhhhhKay then... so there’s a couple of problems with this, 1 I didn’t even know I had a Pinterest account, 2 I don’t have Pinterest in my password manager either.
So I follow the link and fair enough it’s actually pintest, so I attempt to login, to no avail, oh maybe it’s a social login..., ok let’s try google, nope that wasn’t it, deletes account, logins with Facebook, oh here we go, checks logins, 1 random jersey player, deletes account, swaps to Facebook, changes password (this fucker was already 100+ characters) and adds 2FA and contains no new logins 🤔
Ok... so what the fuck, either someone managed to get through a long ass password or something phishy is going on, the email for FB logins is seldomly used (maybe a handful of services at best) as I have another for all the junk and spam bullshit I expect from today’s “marketing”rant emails i’ve had enough internet for today pinterest. i have a pinterest? internet no one is safe social login2 -
"Systems open to all, but closed to intruders"
HEY, HP, PACK YOUR WHOLE FAMILY OF TRASH SOFTWARE INTO YOUR TRAILER HOME AND DRIVE IT OFF A CLIFF. WHAT THE __FUCK__ DOES THAT EVEN MEAN YOU LITERAL BLOAT FLIES. HOW ABOUT WE START WITH THE FACT THAT ALL IT TAKES IS ONE DUMB MOTHER FUCKER ANYWHERE IN A COMPANY GIVING AWAY ONE LOGIN IN A SOCIAL ENGINEERING ATTACK TO POP THIS NICE FART FILLED BALLOON YOUR DRUNK SALES AND MARKETING MORON PARADE CAME UP WITH.
STOP FUCKING ADVERTISING ON MR. ROBOT AND LET ME PRETEND IT'S NOT A PRODUCT FOR JUST ONE MOMENT FUCK YOU FUCK YOU FUCK YOU4 -
Senior dev. "we need a reason why we haven't fully implemented social service signup yet"
Junior dev. "let's say it's new for us"
Senior. "great idea. Let's get this done."
..,
Now try to signup to pixabay using your Google account.... 😒1 -
NO. NO. A THOUSAND TIMES: NO.
I clicked on this out of genuine curiosity to see if someone was finally trying to discourage people from annoying the shit out of website visitors. A summary of the suggestions in their article as to what to use popups for:
1. Announce new products/services, features, policy updates, new blog posts
2. Promote your sales or coupons (including countdowns)
3. Encourage people to input their e-mail address / subscribe, perhaps also offering some vague thing they will get as a reward for doing so
4. Contact forms (e.g. support etc.)
5. Prompt visitors to confirm their age before showing content
6. Login/register forms
7. Display social media "share" buttons when a visitor has scrolled a certain way through the page content.
8. Display cookie consent prompt.
9. Help guide visitors to the part of the website they want to go to.
Of these: 1, 2, 3, and 7 need to die for sure. If a website does any of these things I'm inclined to immediately leave and never return. 8 is a little annoying but seems a necessity.
Someone even replied to the Tweet saying that popups are annoying, the company responded with "let's change that!"
Blank portions of the screenshot are to avoid promoting the company unintentionally as a result of the rant ;)3 -
What the fuck is up with this fucking tour bus company called Akdeniz?
These fucking retards want me to login to instagram etc. to get wifi access. Like wtf. Is not my 30 TL not enough?
Are you really going to save my login data for a few TL? Why would you dipshit people want me to login with my social media account (besides of that I do not even have an Instagram account. Miss me with that gay shit.)
I do not have a fucking fuckbook and a twittermyass.
I hope y'all fucking die by sucking my long ass dick, incompetent braindeads!8 -
Oh boy, this is gonna be good:
TL;DR: Digital bailiffs are vulnerable as fuck
So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:
The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.
So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!
This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.
I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.
Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!
Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...
The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.
But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.
So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)
So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"
So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones6 -
i want to get my own social network up and running.
so far ive got -
login 100% securely
register (1000% securely)
view someone’s profile (10^7% securely)
to add -
scrypt (maybe bcrypt, however scrypt looks like the better option)
friend a user
track their every move (ill use facebooks and googles apis for that)
to describe my product -
ai
blockchain
iot
big data
machine learning
secure
empower
analysis
call me when im a gazillionaire
but seriously, im making a social network and i hope its done by wk105 tbh3 -
Social Captain (a service to increase a user's Instagram followers) has exposed thousands of Instagram account passwords. The company says it helps thousands of users to grow their Instagram follower counts by connecting their accounts to its platform. Users are asked to enter their Instagram username and password into the platform to get started.
According to TechCrunch : Social Captain was storing the passwords of linked Instagram accounts in unencrypted plaintext. Any user who viewed the web page source code on their Social Captain profile page could see their Instagram username and password in plain text, as they had connected their account to the platform. A website bug allowed anyone access to any Social Captain user's profile without having to log in ; simply plugging in a user's unique account ID into the company's web address would grant access to their Social Captain account and their Instagram login credentials. Because the user account IDs were for the most part sequential, it was possible to access any user's account and view their Instagram password and other account information easily. The security researcher who reported the vulnerability provided a spreadsheet of about 10,000 scraped user accounts to TechCrunch.3 -
They asked to me build corporate website with Registration, Social login, API integration, Maps, Distance calculator, Weather, Currency convertor, etc. Using WordPress.
I don't know whether I am f@#*ed or doomed or something else.2 -
>TINFOIL GUYS!!!!!
guys don't just deactivate your FB acc, request deletion, beacuse if you deactivate and use any services like any page login or any social services like insta, and you use your FB credentials to login, the gets reactivated and your news feed even shows what you have missed in the mean time , so all of the (your) data is still in their servers15 -
Client: I want a fixed timescale and cost on this project.
Me: OK, what do you need?
Client: We need to integrate our website with our CRM system, which we're in the middle of rebuilding and don't know what data will be available from it. We also want sophisticated Google maps integration, online sale, digital agreement signing and a customer login section that works as a social network for our clients. And we want it in six months time. And an app. And we want you to pitch for free with some initial design concepts. And we want details of you project management strategy.
Me: Ok... Do you know what you want your app to do?
Client: Yes, it's an app! So how much will this cost me?
Me: D':2 -
!rant
Who here remembers dateprog.com? If you don't, it was a dating site for devs and those who like devs. I'm tempted to ressurect the damn thing, although not as a dating site but more of a social network (think GitHub + Tumblr). Anyone else think that'd be a good idea? I'm also thinking this'll be more than just my weekend sorted, haha. It'd have to have chat, code repos, GitHub login, etc... what do you guys think?
Also not planning to invade the territory of devRant I was just wondering if anyone was interested. Maybe even some kind of extension to devRant, as a social coding platform? I'm not sure aha. Welp, anyway if anybody's interested drop a comment! :)5 -
So I had this Google account for all of clients social, hosting, etc.
Out of the blue client wants access to these accounts.
Unfortunately I had not logged into these accounts in a long time.
Now when I try to login Google is not sending 2f texts to my registered number, even the give code over call option is not working, my number is recieving texts and calls, so it's not a network issue.
To top it all off due to numerous attempts it won't let me try other options and my recovery email recieved security alert of the said attempts with no option of actually specifying it was a legitimate attempt.
Fuck this overly protective attempt at security and fuck the guy who thought it was a good idea to send emails about attempts but not including any option to actually do something about it.6 -
Am currently developing an app which uses an IaaS named Auth0. Great experience so far, reasonable docs, unlimited users, social login, sso and support for about $29/m.
After an inquiry from a customer to provide MFA, I contacted Auth0 to see what it would take to use this feature.
"We only offer this in our Enterprise plan which starts at $18k/yr."
Well, fuck me with a pitchfork and call me Bridget the midget. I'll code it my goddamn self.1 -
Can anyone help me with NativeScript social Oauth login with Vue.js ? I've been trying to figure out how to implement it. Thanks in advance.
-
Need complete control over information you're fetching while logging in via social site in Django
Check this out: https://prakhar.xyz/backend-control... -
hey, so i have recently started learning about node js and express based backend development.
can you suggest some good github repositories that showcase real life backend systems which i can use as inspiration to learn about the tech?
like for eg, i want to create a general case solution for authentication and profile management : a piece of db+api end points + models to :
- authenticate user : login/signup , session expire, o auth 2 based login/signup, multi account login, role based access, forgot password , reset password, otp login , etc
- authorise user : jwt token authentication, ip whitelisting, ssl pinning , cors, certificate based authentication , etc (
- manage user : update user profile, delete user, map services , subscriptions and transactions to user , dynamic meta properties ( which can be added/removed for a single user and not exactly part of main user profile) , etc
followed by deployment and the assoc concepts involved : deployment, clusters, load balancers, sharding ,... etc
----
these are all the buzzwords that i have heard that goes into consideration when designing a secure authentication system for a particular large scale website like linkedin or youtube. am not even sure how many of these concepts would require actual codelines and how many would require something else.
so wanted inspiration from open source content to learn about it in depth, replicate and create new better stuff if possible .
apart from that, other backend architectures like video/images storage system, or just some server for movie, social media, blog website etc would also help.2 -
App Review – Zomato 2.0
Some apps are as essential as oxygen by example of https://apps.apple.com/us/app/... . Zomato, for sure, is one of them. If you love to eat outside and you’re not living in a cave, chances are that you’ve already gone through Zomato on the web or used one of their mobile apps. If not – Zomato is the place where you can locate eating joints, scan through their menus, check for home delivery numbers and a lot more than that. If you are diabetic you keep sweets in your pocket, similarly Zomato is something every food-loving person needs to keep in their mobile phones(I agree how PR-ish that sounds but it’s true).
Zomato had recently integrated social features on its website. That was followed by the much needed overhaul of their mobile apps. They’ve also updated their iOS app recently and I decided to give it a shot. Zomato 2.0 on the iPhone is super slick to say the least. The redesign brings a lot of character to the app. The Zomato app is now much more smoother, cleaner and powerful. The added social functionality adds more value to the app.
Design and Features
The 2.0 update completely changes the entire look and feel of the app. Everything from the app’s start screen to restaurant details has been changed. The default menu lets you explore and search eating places. Now there are icons for top 25 restaurants, reviews, favorites and more. The icons have been perfectly placed and it’s very easy to spot what you’re looking for.
Everything is just right. The app is highly responsive and there’s hardly any lag. If any, it will depend on your internet connectivity. Browsing menus is still a breeze and I personally love the way you can toggle between information, menu, photos and last but not the least, the reviews. Everything placed just perfectly to help you make that ultimate make or break decision – to eat or order from here or not?
Social
Everything is getting social. Even the next door Dolly-beauty-parlor apps are getting more social now. Zomato just integrated its social features on the web recently and they’re now a part of their mobile apps. On the iPhone app you need to login to access these social features. There’s a Top Foodies leaderboard that could prove to be a crucial game mechanic for the app. Browsing users’ profiles allows you to follow users. The profile pages tie up a user’s reviews and followers. This is all pretty neat and a part of a major plan at Zomato to take over the world.
With lists, network, user reviews etc. there’s a lot more to the app. I’m hearing that there’s still a lot more to come when it comes to social features on the Zomato iPhone app. I better start following up with people and posting reviews. This just kicked Foursquare where it hurts the most. And with that I’ve lost the little amount of motivation I had to check-in to places on Foursquare1