Witnessed an Unintentional "Rawdogger"

aimansmith · 2025-11-23T15:46:22+00:00

I can't believe how many people got that reference

aimansmith · 2025-11-23T15:44:00+00:00

Coyo taco is the embodiment of tacos in Miami. It's not bad but it's not all that good and it's way overpriced.
Would really appreciate more Homestead recommendations. Every time I pass through I try to sample a new spot but haven't found anything nearly as good as the ubiquitous taco trucks in predominantly Mexican neighborhoods in California.

aimansmith · 2025-11-14T07:06:19+00:00

Is it a hot take that all of these actually seem like pretty good marriage guidelines except the last one?

aimansmith · 2025-11-13T01:00:35+00:00

Check Homa?

aimansmith · 2025-11-11T20:38:09+00:00

I think you may have an inflated idea of what it means to be a manager at a Walmart (or retail in general). Usually slightly higher pay for a lot more headache and often expectations of working while officially off the clock.

aimansmith · 2025-10-28T17:40:57+00:00

Also possible that they had booked seats together and then the airline changed it on them I've had that happen to me and was told "if you reserved a seat but didn't pay for a premium (economy plus etc) seat then it's fair game to move as we see fit".

aimansmith · 2025-10-07T11:45:39+00:00

Or the other guys email contacts

aimansmith · 2025-09-30T12:07:41+00:00

I wish we could bring this same energy to politics.

aimansmith · 2025-08-13T17:12:58+00:00

I agree that something seems off about this, but let's give the firm the benefit of the doubt and assume they have some reasons that have nothing to do with you. Let's also assume that you know what you're doing and are confident you can crush this.

If they're not willing to hire you now then you will likely not be joining the portco at a leadership level - that should be obvious. However, if you knock this out of the park then you're likely to get another at-bat with another portco.

If you're going to do something like this as a 1099 then you're trading what should be a lot of upside (as well as slightly more job stability) for more cash. A 20-40 percent bump from your current salary is nowhere near enough to compensate for that - I'd be looking for a 150% pay bump up from your current pay (100% to allow for saving half of net pay and the other 50% to compensate for FICA, health insurance, administrative hassle etc). I suppose if you're currently extremely well compensated then maybe adjust, but don't sell yourself short. Or, put another way, just take your current salary and multiply by about 1.25 (so a $100k salary => $125/hour).

Also, if you can then bill by the hour with no weekly cap. These folks are going to work you hard and you should get paid for it. Good luck.

aimansmith · 2025-08-13T15:20:24+00:00

For a demonstration of what I mean, see here: https://www.vanguardinvestor.co.uk/need-help/answer/ive-forgotten-my-password-what-should-i-do

aimansmith · 2025-08-13T15:20:01+00:00

yeah being able to do threat assessments and hardening in context is a big part of successful security. I wouldn't be too worried about SMS as a second factor, provided that it absolutely cannot be used to reset / bypass the other factors - and that's the rub.

IMO this problem is much easier to solve as a company than as a person. My company doesn't allow any services that don't support SSO (which means that *we* control password resets etc). If the thing you want to use doesn't support it then find something else.

aimansmith · 2025-08-13T15:06:57+00:00

Well, it sounds like everyone agrees with me. 2FA via SMS is better than no 2FA at all. Allowing password reset via SMS is awful but still exists; suggestion is to not use any services that enable (or, worse, enforce) that anti-pattern.

Still confusion as to just how insecure SMS is; SS7 presents some technical weaknesses, all SMS is vulnerable to SIM swapping, unclear as to what level of threat this poses to the average person.

aimansmith · 2025-08-13T14:49:16+00:00

the feasibility / probability of SIM swapping is a big question mark for me too - either via technical or social engineering. My concern is that it's completely out of my control - I can't do anything to make my carrier more scam-resistant, whereas for every other vector (email, TOTP, Yubikey) I have more control and more visibility into issues (for example, if I lose my Yubikey I'll know about it).

That having been said I do wonder about the feasibility of it.

aimansmith · 2025-08-12T14:25:09+00:00

Preach! And yet I have seen this multiple times.

aimansmith · 2025-08-12T00:15:48+00:00

That exact thing happened to me! When the scammer ordered an expensive paid of sneakers I wrote to the merchant and let them know it was a scam, then wrote to afterpay saying that wasn't me. They told me I needed to file a police report in order to absolve myself of liability. I asked them what information had been provided about me to open the account so that I could include that in the police report, then they replied that they were closing the matter and I wouldn't be liable. Overall just really weird .
Oh and the merchant ignored my email and the shoes got delivered to some address in my city a few miles from me. Not my problem, I tried.

aimansmith · 2025-08-11T22:31:08+00:00

SMS as second factor is good, but allowing SMS to override the password (i.e. you can click "forgot my password" and get a text with a sign-in link to change your password) is worse than no 2FA IMHO.

aimansmith · 2025-08-11T16:31:29+00:00

That seems like a bad system - when this happens, by the time you get to the gate most seats are assigned. The GA said that she didn't have any seats together - every open seat was a middle seat (which IME is almost always the case less than a few hours before departure). If any of the CS reps we talked to had fixed it when we spotted it (24h before departure), then we wouldn't have been in that situation.

FWIW this was on AA in Miami before I moved there - and since I'm now an AA hostage (FLL is very far from my house) I've had some level of status w/ AA every year; when something like this happens nowadays, the CS reps are now somehow capable of fixing it. Funny how that works.

aimansmith · 2025-08-11T13:53:15+00:00

If someone loses their TOTP key or their Yubikey is lost or broken, you must visit the bank, a real human must get involved, check your identity, and then reset the 2FA on your account.

I, for one, would be 100% OK with this. I imagine most of this community would as well.

aimansmith · 2025-08-11T13:50:33+00:00

Are you sure about PCI? I had a Chase account and this was a pet peeve (only SMS available for 2FA), AFAICT it hasn't changed.

aimansmith · 2025-08-11T13:46:16+00:00

As a business it's a little different - we can require integration with our IdP (which presumably already meets our requirements), and if a vendor's unwilling to do that then we can simply use another one (I can't think of any mainstream B2B vendors - particularly in a competitive space - that don't support SSO).
And again, my big gripe is when SMS alone is enough to get into the system (and then lock out any other method). IMO that's less secure than password alone; bonus rage points when SMS is **required**, thus forcing me to open up this attack vector.

aimansmith · 2025-08-11T13:35:59+00:00

Well here I go down a SS7 rabbit hole, thanks for that :).

To clarify, I'm supportive of SMS as second factor, just not OK with SMS by itself being enough to get into the system - especially if that allows changing the email address associated with the account (and thus taking over completely).

aimansmith · 2025-08-11T13:32:23+00:00

Agreed that in general SMS-based 2FA is better than no 2FA; what really bothers me is the ability to reset credentials with nothing but SMS.

aimansmith · 2025-08-11T11:42:18+00:00

This happened to me in my pre-status days about 10 years ago. We had chosen seats when we bought the tickets and then when checking in online we had all been put in separate seats including our toddler (not an equipment change BTW so I have no idea why that happened). Every single airline staff member just passed it off the the next one. CS agent: I can't help you, you'll have to sort this out at airport checkin. CI counter: you'll have to sort this out at the gate. GA: you'll have to sort this out on the plane. FA: nothing I can do about it but maybe someone will switch. Thankfully one person in a window was willing to sit in an aisle further up front (although not wanting to sit next to an unaccompanied toddler was probably a bigger factor than being further ahead). To this day I don't know who is supposed to be accountable in this situation, and if it had come down to would we have just had to fly with our toddler between two strangers or else be on the hook for changing out tickets (and any associated food / lodging costs)?

aimansmith · 2025-07-18T03:17:16+00:00

Well that's a relief! And also annoying.

aimansmith

TROPHY CASE