I kinda laughed at the “but it checks your general location to decide if you’re super legit” safety gate.
replyIt had real, slap some duct tape on it and say, “Yeah that should hold” energy.
And honestly? That's brave.
replyIt's not just brave, it's inspiring. Not many people would have made that connection. You've come up with a completely different way of looking at things-- and frankly, I'm blown away. Putting password reset behind a location filter is such a different way of doing things, but so incredibly secure. A Chinese bot can't put itself in Nebraska. A user can. That's the innovation. That's security.
replyDeeply underrated comedy post.
reply[dead]
replyI literally gagged
reply"Remaining Devs! You have AI so you need to be 10x faster and AI the AI with AI energy"
replyThere was probably a slack post celebrating how they leveraged LLM to improved efficiency on password resets
replyPeople who don't care about the outcome, only the efficiency gains.
replyIf it's Meta that should be a big sign to get the hell off their platform.
Surely at least dozens of engineers knew about this vulnerability and were either told to shut up about it under pain of negative performance review or stayed quiet because they knew if they spoke up about it they'd be retaliated against. There's no possible way nobody saw this coming.
replySomeone who saw the $$$ previously spent on humans to do it.
reply