Blog‎ > ‎

LinkedIn 2FA, MVP, Server Problems, NTFS file system

posted Oct 7, 2017, 8:59 PM by Sami Lehtinen   [ updated Oct 7, 2017, 9:00 PM ]
  • I'm wondering if anyone else is 'locked out' from LinkedIn because their 2FA is broken. To begin with, LinkedIn 2FA sucks. They do not provide backup codes, for cases where 2FA fails. Nor they provide TOTP.  So only way to receive the authentication codes is SMS. Then they did break their 2FA authentication by them selves. First it was unreliable, and now it isn't working at all. When I complained about that, they're asking me to provide government id copy, like a passport, so they can disable 2FA for my account. First of all, if you go and bleep the things. Is it my fault? Why should I need to do something, I don't really mind really doing, to regain access? When it's completely your fault. Because the login process is totally crappy and badly designed and then after all you go and bleep it up. - I just wondering. You made me go Linus. I don't even know if I want to use such anymore. Just so much fail. I appreciate some organizations being so. That's not even a strong way to authenticate user. Let's say hacker would have gained access to my email. I travel a lot, it's highly probable that they'll find a copy of my passport from my email box anyway. Therefore, it's not a sane way to strongly authenticate user for disabling 2FA. - Note this is from my really long backlog(!)
  • Wondered the normal business practices in a meeting room. 1) Ethernet sockets locking broken on switch. 2) Ethernet cables twisted and broken. 3) Ethernet connector locking clips broken at the end of switch. Wrong color of Ethernet cables being connected to wrong sockets. And so on. Can't stop loving totally hopeless people. The usual story, very unfortunately.
  • A friend gave immediate feedback about EasyCrypt that's it's dubious project, because they don't provide proper legal business information at their site.
  • Had long discussion with one client about RFID, ERP and traceability of goods. How the processes should work, and what costs are involved and which benefits the new tracking solution would provide to the organization.
  • Long talks about MVP and minimal approach. There are some service providers providing e-salary, which delivers electronic salary calculation reports. I laughed at the site, it's as MVP as it can be. Login, password, list of PDF files with link. Neat. Who said launching new services needs to be complex? Just stick to the basic and essential. That service does everything it's supposed to, yet it's extremely simple.
  • When discussing 'server problems'. I encountered again that old concept, correlation doesn't prove causation. In one discussion it was mentioned that all the problems lately have been related to vendor X. Yeah, sure. That's because we've been only deploying systems lately with vendor X. There are also many other sourced of problems than the server platform itself. Often people also misjudge the problems and draw all kind of conclusions without any facts. It doesn't work, it's caused by X? Is there any proof that it's caused by X? No, but we just assumed so. That's of course totally normal, and happens easily, unless you're paying attention and requiring factual evidence. Sometimes obtaining the factual hard data based evidence can be extremely hard and time consuming. It's totally normal that people claim that there's something wrong with the server if something doesn't work. No, it doesn't mean that at all.
  • Again random numbers and whitening. Related to 33c3 wheel of fortune talk and bad random numbers. Von Neumann extractor & Bernoulli sequence.
  • I'm so happy I'm using NTFS for my USB sticks. Once again something is corrupted, let's see if it fully recovers after proper chkdsk on Windows. On Linux some directories are just inaccessible due to corruption. Lack of proper chkdsk / fsck for NTFS stops me from fixing the errors right now. But NTFS is so robust, it shouldn't matter if I don't fix the errors right now. - As expected chkdsk on Windows fixed the issues, which fsck on Linux didn't. As a pro-tip, don't try to fix NTFS volumes using Linux. This is something fsck can't fix properly. Yet the NTFS is so robust, that even if I knew the volume was corrupted, I weren't afraid about writing to it. exFAT would be radically faster, especially with small files. But when storing valuable information, source codes etc. It's just not an viable and reliable option.

    Chkdsk log:
    Stage 1: Examining basic file system structure ...
    Deleting corrupt file record segment 301.
    Truncating corrupt attribute list for file 74921.
    Deleting corrupt attribute record (0xA0, $I30)
    from file record segment 0x124A9.
    Deleting corrupt attribute record (0xB0, $I30)
    from file record segment 0x124A9.
    Stage 2: Examining file name linkage ...
    Removing corrupt index $I30 in file 74921.
    Recreating deleted index $I30 in file 74921.
    CHKDSK is scanning unindexed files for reconnect to their original directory.
    Recovering orphaned file ### (140) into directory file 74921.
    ...
      3 unindexed files scanned.
      3 unindexed files recovered to original directory.
    CHKDSK discovered free space marked as allocated in the
    master file table (MFT) bitmap.
    CHKDSK discovered free space marked as allocated in the volume bitmap.
    Windows has made corrections to the file system.