21 votes

Twitter’s SMS two-factor authentication is melting down

15 comments

  1. [9]
    Greg
    Link
    It's been clear enough for a long time that Musk is a self-aggrandising asshole, but I genuinely didn't realise he was this technically incompetent. Him taking credit for the achievements of...

    It's been clear enough for a long time that Musk is a self-aggrandising asshole, but I genuinely didn't realise he was this technically incompetent. Him taking credit for the achievements of others is par for the course, but the turning off microservices tweet is beyond parody and along with the other comments in the last few days suggests he really does think he's smarter than an entire tech department (who also had years of product-specific knowledge) and then he acts on that belief. He doesn't just cynically grab the praise for his engineers' work, he's acting as if he really means every word he says, and I did not see that coming!

    It also seems like "move fast and break things" is being elevated to an achievement in and of itself rather than a means to an end. I can believe that layoffs might have been needed, I can see that adding a subscription tier is a good revenue generator, I can even understand that changes to the moderation system could potentially make business sense. There is still literally zero reason to do all of the above in the space of two weeks. "Fast" could just as well have meant two or three months - still lightning speed for an organisation at this scale - and been done with something resembling a plan. It's as if he sees the chaos itself as a sign of success.

    16 votes
    1. [3]
      rogue_cricket
      (edited )
      Link Parent
      Worth noting he also owns a car company which is attempting to break into fully autonomous driving, as well as a space company which launches large pieces of metal into the atmosphere with...

      It also seems like "move fast and break things" is being elevated to an achievement in and of itself rather than a means to an end.

      Worth noting he also owns a car company which is attempting to break into fully autonomous driving, as well as a space company which launches large pieces of metal into the atmosphere with explosions. Both of these things have enough physical power that missed details and cut corners can easily directly kill people.

      I was cynical about autonomous driving before this. Seeing his inflated ego causing him to eschew the advice of SMEs and change things so quickly on a live environment with no thought for testing and quality assurance makes me want MUCH stronger regulations on autonomous vehicles.

      EDIT: and MUCH more transparency.

      13 votes
      1. [2]
        Grzmot
        Link Parent
        Tesla's self-driving is also a lot of hot air (=marketing) and nothing else. Other manufacturers on the market have surpassed them, albeit full self driving is still illegal on most roads.

        Tesla's self-driving is also a lot of hot air (=marketing) and nothing else. Other manufacturers on the market have surpassed them, albeit full self driving is still illegal on most roads.

        4 votes
        1. Amarok
          Link Parent
          When it comes to the raw body count I'd say Tesla's new kamikaze mode (nsfl) has yet to be surpassed. :p

          When it comes to the raw body count I'd say Tesla's new kamikaze mode (nsfl) has yet to be surpassed. :p

          3 votes
    2. [4]
      DanBC
      Link Parent
      It's somewhat surprising that the people who were forced to turn off 2FA didn't also sign him out of his account.

      It's somewhat surprising that the people who were forced to turn off 2FA didn't also sign him out of his account.

      5 votes
      1. [2]
        FishFingus
        (edited )
        Link Parent
        Humanity would've thanked them. As missed opportunities go, that one's got to sting. But I imagine he fired them before they realised they had been.

        Humanity would've thanked them. As missed opportunities go, that one's got to sting. But I imagine he fired them before they realised they had been.

        3 votes
        1. Greg
          Link Parent
          Satisfying though it would’ve been to press that button, I’d bet that he’d just yell at someone sufficiently high up in the tech team until they found a way to manually log him back in. I’d...

          Satisfying though it would’ve been to press that button, I’d bet that he’d just yell at someone sufficiently high up in the tech team until they found a way to manually log him back in. I’d absolutely applaud them for style if someone had logged him out, it would’ve been hilarious, but it wouldn’t have kept him out for more than an hour, and based on the conversations I’m seeing with the people who very publicly warned about this I don’t think it would’ve prompted any real introspection either.

          2 votes
      2. Adys
        Link Parent
        TOTP 2FA is working. If musk is using sms 2FA, he’s at quite a great security risk in the first place as he is exactly the type of person who would be targeted by sim swaps.

        TOTP 2FA is working. If musk is using sms 2FA, he’s at quite a great security risk in the first place as he is exactly the type of person who would be targeted by sim swaps.

        2 votes
    3. Adys
      Link Parent
      I agree with you and feel the same way. I would have thought him smarter. I’ve long ago stopped gawking over Musk but I still try to give people credit for their successes. I guess he is just …...

      I agree with you and feel the same way. I would have thought him smarter.

      I’ve long ago stopped gawking over Musk but I still try to give people credit for their successes. I guess he is just … lost up his own head, now. Dogfooding his own mythos.

      3 votes
  2. CharlieConway
    Link
    It's incredible how much damage Elon has done to whatever remained of his self-appointed "tech genius" mythos. The dude announced that he was disabling microservices seemingly on a whim. That's an...

    It's incredible how much damage Elon has done to whatever remained of his self-appointed "tech genius" mythos. The dude announced that he was disabling microservices seemingly on a whim. That's an impressive degree of public incompetence on display right there.

    I saw an amusing article from The Onion earlier if anyone could use a laugh: Elon Musk Demands Twitter Servers Explain What All These Wires For

    12 votes
  3. Thrabalen
    Link
    Musk is a man who, discovering holes in his wooden bridge, begins tearing up planking from the bridge to use to repair the holes.

    Musk is a man who, discovering holes in his wooden bridge, begins tearing up planking from the bridge to use to repair the holes.

    9 votes
  4. [4]
    Adys
    Link
    They also broke some forms of Twitter oauth. I have one account where I log in with Twitter and forgot to set up a backup login method. I’ve fixed it now but remember to never have a single login...

    They also broke some forms of Twitter oauth.

    I have one account where I log in with Twitter and forgot to set up a backup login method. I’ve fixed it now but remember to never have a single login method for an account if you use oauth. Google (and possibly apple) is the only oauth provider reliable long term and even they aren’t immune to being down sometimes, taking your ability to log in with it.

    5 votes
    1. [3]
      skybrian
      Link Parent
      I haven’t investigated as much as I should, but I think GitHub is a reliable oauth provider?

      I haven’t investigated as much as I should, but I think GitHub is a reliable oauth provider?

      3 votes
      1. [2]
        Adys
        Link Parent
        It’s rarely supported. So you have the other side of the equation: if there are few users using it on the service you’re logging into, it’s not as well tested and the integration can break or even...

        It’s rarely supported. So you have the other side of the equation: if there are few users using it on the service you’re logging into, it’s not as well tested and the integration can break or even be taken down.

        Oauth cuts both ways.

        2 votes
        1. skybrian
          Link Parent
          It's used quite a bit for developer websites, though. You can assume lots of developers have a GitHub account.

          It's used quite a bit for developer websites, though. You can assume lots of developers have a GitHub account.

          4 votes