I use Lookify.io which lets you look up a carrier without creating an account - you can also see if anyone else flags it as spammy but who knows if the reports are anything other than anecdotal
This is the craziest part of the whole article - imagine you wanted to own something like "555-FOOD" - to have this vanity number work in every area code, you'd be looking at hundreds of thousands of dollars (annually?) if you used Verizon to route the calls
Well, yes? At the end of the day that requires Verizon to provision that number in every single area code, which historically are all separate little domains.
It's kind of like complaining that if you want to have foobar.tld for every top-level domain, you have to fork out money to every TLD registrar to make it possible.
The point is you don’t have to dial an area code with the 555.
555-abcd, sans area code, would just work and route to you no matter where (in the USA) a caller was calling from.
Therefore it is equivalent to having that number in every area code.
Now there is a good chance you aren’t old enough to know/remember this, but people in the US didn’t have to dial an area code (and occasionally nearby area codes) when calling people in their own area code. In the era of land lines this was the norm.
You paid a lot of money per minute to call people “long distance” in other area codes.
Now it’s absolutely normal and routine to dial with an area code, in large part because people’s numbers follow them around and there is no reason to think someone geographically near you is in the same area code.
Even the article points out that it was difficult and expensive to maintain, why is it unreasonable to charge proportionally to that, or indeed whatever the small number of people wanting it will actually pay?
I found the article light on details about what exactly needs to happen and why Verizon charges the fee. Would Verizon charge 2,500$ for me to get a 1 area code 555 number for my cell phone for instance? For multiple area codes, why is it difficult to route more than one number to a secondary number ? Is it passing along the origin area code data that requires different hardware or software than normal numbers ? Etc …
What, exactly, is difficult and expensive to maintain about a 555 number compared to any other?
Let's be real, we're all tech engineers here. Telephony backbones are all IP based now. It's all just mappings on a computer that routes your call to the right next hop. There's nothing at all special about maintaining one mapping vs another.
Iirc the article mentioned that 555 numbers used to be reserved for internal use, so my hypothesis is that implementing external 555 numbers likely required some sort of retrofit.
But I don’t have any domain knowledge here, so this is really just a guess
> Telephony backbones are all IP based now. It's all just mappings on a computer that routes your call to the right next hop.
All I know about telecoms comes from Wikipedia, but that makes no sense. Why would the technology that determines where to route your call be related to the protocol used to transfer data long distances?
Telephony backbones are, for the most part, just SIP. When I say they’re IP based I mean they’re not old school POTS loops anymore.
It might have cost 2500 per area code when that was a requirement and you had to set these up loops up manually across longer distances, but nowadays it literally is just going to be a mapping in a computer, like any other.
As I said, you paid per minute long distance charges to call another area code. A 555 number would not be long distance. Therefore they charged up front.
Wow, 10 minutes to start reading the code from scratch and find the vulnerability. Then just another 20 minutes to confirm the bug with an exploit, some of which were spent fighting with a broken dev environment. That is impressive!
Anecdote: Out of every bank and financial institution I have ever tried hacking (ethically, as part of bug bounty programs) Goldman Sachs is hands down, without a doubt, the most secure externally. By a long shot. They have what basically amounts to a central authentication service that 95% of their public facing IP’s resolve to. Their sub domains are locked down, they have a reasonably good patch schedule, they swiftly denylist your IP after running light scanners - it’s not a joke. I challenge you to find a vulnerability - when you do - get some money for it: https://hackerone.com/goldmansachs
I consulted at GS for a public web project and their security team were not only smart, but very well integrated into the dev process. They had a dedicated security team who would do routine code reviews, pen tests and the like. If they had specific requirements like adding captcha or barring IPs, they would put them in our backlog fully groomed and prioritized. They were very thorough but not iron-fisted gatekeepers.
One of my friends got an internship doing dev there in like 1999/2000. They were already using 2FA (with a chunky but functional hardware dongle that had a small 8-segment display that updated every minute or two) to secure SSH access. Even with that, there were very tight limitations on what could be accessed at all over the network. I'm slightly impressed if I see an org that has a 2FA setup half that good now twenty years later (there are soooo many that don't).
I remember those dongles - and they weren't cheap. We had one for a sensitive part of the business (which probably was counter-productive because it got passed around like a potato).
Many of us including myself are unable to fathom living a life like this, but I imagine this man will die in peace with a flock of sheep to his name, listening to the cuckoos.
And he will be just as happy (if not happier) as any of us reading this article.
Sincere question - not meant to be inflammatory: Do you actually believe that most employees in the United States are coerced/forced to sign employment contracts, or are you simply playing devil's advocate?
It is virtually impossible to survive in the United States without employment.
I don’t think the “coercion” perspective is the most convincing argument, personally: but there really isn’t much of an alternative to employment. The fact that the US has starving children speaks to how little of a social safety net we actually have.
I guess while I wouldn’t personally use “coercion” in a debate about this stuff, it’s also somewhat of a reasonable argument when you consider the alternatives. It’s just very ... meta.
Of course. For most people, if they don't work, they can't pay for food and shelter. They will then be coercively denied those things via property law enforcement.
"Do the bidding of an employer or be forcibly denied food and shelter" sure sounds like coercion to me.
My favorite part of this response is in the footnote on page two, which states:
>If your client sincerely fears that this depiction is too realistic to be perceived as parody, Krazam’s video should be the least of its reputational concerns.
Followed by screenshots from the video showing the DocuSign "Docustage" and Meme Center (Sponsored by GE). At the end of the video itself, the Coachella participant is banned from the event because their "vibes are not compliant with the Coachella policy".
Glad EFF stepped in here to protect small creators such as this one.
Something that really blew my mind was that one of my favorite bands: Metallica's comment on how people are to interact with their performances. "Where here to provide the party, if they don't like how we do it, that's on them."
It says a lot on the ego of the producer of the product. [Also that they're treating it as a product.. yes metallica corporate I see you] It completely disreguards of how the individual relates to it and is more focused on control on how they want things.
That whole philosophy you should expect in dictatorships, not in cultures that embrace free expression.
To be fair, wouldnt you set ground rules for your guests if you threw a house party? If those guests dont abide by your rules, you're just going to embrace them to keep doing it?
Ragging on them simply because they want to put ground rules down, so everyone can have fun, is pretty immature. Yes concerts need rules. The venue can be held liable for certain things drunk/high dumbasses are going to do. You need to be specific about what rules are so dictatorish or you just sound like a 15 year old pissed off with their parents.
I'm not talking about house rules. Having good safety rules is fine at venues and I fully support those.
I believe they were talking about setlists, etc. (They refuse to play some songs live, etc) There are artists that are ridiculously over reaching, like the phone bans, face recognition bans, etc.
Is this a security problem? Depends on who you ask - but I'm willing to bet it would fall into the "accepted risk" category for the Facebook security team if they had to evaluate this.
The reality is that phone number lookup services are available all over the web which provide even more information (first+last name, address, zip code, social media profile links, etc etc etc) for free (https://www.bestfreephonelookup.com/phone-number/ as an example) - these services get their info from data aggregators and usually - your carrier! I don't see how Facebook exposing (in _limited_, very specific circumstances) the first name of a persons phone number being a security issue.
All the people in this thread screaming GDPR violation don't understand that if someone decides to stop using Facebook and delete their account, this method to lookup someone will not work. Sidenote: If you're really paranoid about having your phone number expose your real name when you're using any type of service online, just sign up for a Google Voice (voice.google.com) account and link it to your cell phone - I use this whenever I sign up for anything online and it saves me a ton of spam and scam calls.
EDIT: Facebook removed the ability to use the in-app search box in Facebook to find people based on just a phone number, this has been removed for at least 2 years.
- This isn’t even necessarily a hack. At best, this is a mild inconvenience to the user accounts that you are locking out, on what appears to be a legacy system, due to a quasi-brute force.
- You are “hacking” this company, without their permission, because you want “payback” that Amazon didn’t hire you for what you perceive to be a racially opinionated interviewer. Despite whether this theory (yes, it is purely speculation) is true or not, I would imagine this is HR 101 and a company as large as Amazon would go to great lengths to ensure that this is not the case.
- Your sense of entitlement goes even further, despite having illegally “hacked” a company, after all of this you expect a payment from them?
If anything, this post reaffirms that they made the right decision in not hiring you for the role you were being considered for, and guarantees that you won’t have an opportunity to interview again.
Agreed. Any recruiter who does look you up now will find a medium post with a vindictive tone against your interviewer. That can't be productive, especially when you base your theory on nothing substantive.
