How to bypass Credit Karma's 2FA
Locked out of your Credit Karma account’s 2FA? No problem! Here’s how I can log into mine:
- Log in with my username and password.
- Try the 2FA challenge once and let it fail.
- Navigate to accounts.creditkarma.com
Ta-da! I’m in. I reported this a month ago but they haven’t acknowledged it as an issue yet. If I stumbled across this, you can bet the bad guys are already using it.
Street art in Berlin.
The afternoon’s adventure: Traveler’s Notebook aficionado nerdery.
![Photo of a page in a notebook: “- Went to a nearby stationery store to get a Traveler’s Notebook stamp” And a red stamp saying “Luiban Berlin, Germany \[…\] Official Partner Shop Visit Pass”](https://cdn.uploads.micro.blog/763/2025/image-20250416-143601-53ed421d.jpg)
This is what a dare looks like.
My wife and I went to the Memorial to the Murdered Jews of Europe.
My god.
My god.
It’s never been so hard to make myself stay and learn about something important.
2025-03-17: I report a critical vulnerability (trivial, complete 2FA bypass) to a well-known company’s security email alias. No reply.
2025-04-07: I report it again to their bug bounty program.
2025-04-09: They close it as a duplicate.
Their bug bounty program says, basically, “we never disclose reports. Don’t discuss them with anyone.”
23 days into this episode, I’m starting to weigh the responsible thing to do here.
cormiertyshawn895/PixelPerfect:
Pixel Perfect lets you increase the text size of iPhone and iPad apps on Mac. Say goodbye to small and blurry text, and enjoy pixel-perfect graphics, all rendered at 100% native resolution.
I just learned about this nifty little MIT-licensed tool that makes iPhone apps running on Macs render text at the correct size. It makes those apps so much more pleasant!
I am not thrilled with the price of new video games. Don’t take this to mean that.
But in 1982, the Atari 2600 game “E.T.” went for about $120 in 2025 USD. I promise you that any modern AAA game is much more fun.
I’d started a new job a month before April Fools. I got to the office very early and then had the idea to put a piece of tape over everyone’s optical mouse laser. I scurried around and got everyone except the office manager, including myself. Then I left.
When I returned to the office, people stifled giggles and watched me go to my desk. I sat down, wiggled my mouse, and said, “Hey, what’s wrong with my computer?” My coworkers started laughing and came over to show me how I’d been “tricked.”
The office manager arrived a little later. I watched with my new chums as she came in, sat down, and started working without any incident. Someone popped their head into her office to ask if her computer was working, and she laughed and said of course it was. I sowed the seeds of discord: “She must’ve done it!”
And that’s how the whole office blamed the office manager for my April Fools joke. I was quite pleased about that.
France Fines Apple €150 Million Over iOS Data Consent Rules - Bloomberg
Things like this are why it’s hard for me to take EU regulation seriously. (In before “but what about the US…” Yeah, I know.)
It’s purely good that Apple makes apps get your approval before allowing them to track your actions. France claims this is hard for the poor companies like Facebook that want to collect every move you make. Yes. It’s supposed to be. That’s the point. I want it to be.
I ordered new prescription sunglasses today. The optometrist asked if I wanted regular or mirrored lenses.
I was almost personally offended.
There’s no plausible scenario in which I wouldn’t prefer mirrored sunglasses.
This is a copy-paste of a conversation I just had with my kid.
Kid: Can I get a ride home at like 10:15
Me: Yeah
Kid: Never mind im gonna be here late
Me: Oh, OK
Kid: Okay like can u do 10:17?
That’s still within the margin of error of when I was going to be there in the first place.
But her emails!
After White House national security adviser Michael Waltz’s idiotic misadventure of texting top secret war plans to reporters, I don’t ever, ever want to hear another word about Hilary Clinton’s email server. Not a whisper.
AG Bonta reminds 23andMe customers of right to delete data
AG Bonta reminds 23andMe customers of right to delete data:
California Attorney General Rob Bonta issued a consumer alert Friday urgently warning the public that 23andMe is in financial distress and instructing customers on how to delete their data.
That’s good enough for me. I used 23andMe when it launched and love the promise of gaining medical insights from my own genetic data. That’s a powerful vision I still support. But given the lack of federal privacy protections on this most sensitive and personal of all data, I’d rather delete it than let some creep buy it in a fire sale.
Unboxing the DM42n
I didn’t need a new calculator. I have an HP 50g on my desk I hardly use. I work on a full-sized computer capable of unimaginably fast and intricate math. And yet, from the moment I saw a SwissMicros DM42, I had to have one. Then they recently released the updated DM42n version, which clinched it. I ordered.
It arrived today.
When I opened the small, heavy parcel, an owl greeted me. I don’t know why. It’s a fine-looking owl, though.
Beneath the owl, there’s a meticulous little cardboard box. Ah, we’re so close now!
Nope! Inside that box is another wrapper, with directions on how to open it.
An Easter egg: behind the inner wrapper, there’s a nice picture of the Matterhorn.
The inner wrapper is also persnickety in all the right ways. I followed the diagram to carefully pull apart the sine wave-shaped flaps without tearing them.
Now we’re down to the textured leather-like case.
And inside that is the beautiful little tool I’ve been drooling over for many months. That stainless steel obelisk is surprisingly heavy for its size. This isn’t a plasticky TI.
For completeness, the back. It feels “soft” in a way I wouldn’t expect a steel case to, it’s assembled with beefy screws, and it has large rubber feet.
It’s a beautiful device, luxuriously wrapped like a piece of jewelry, but with the heart and mind of one of HP’s best-ever RPN calculators, except improved. This is a happy day.
I am “hurt my back playing video games” years old.
Some friends and I got a pack of Orbic mobile hotspots so we can install the EFF’s Rayhunter software on them to detect “StingRay” IMSI-catchers. This is what one looks like.
RIP Mark Klein
In Memoriam: Mark Klein, AT&T Whistleblower Who Revealed NSA Mass Spying
I moved in down the block from Mark when we first came to the Bay Area. One day he saw me getting out of my car and noticed my EFF hat. He asked if I worked for them, and I said I’m just a happy supporter. He told me they once helped him out of a bind and said I should look him up.
Mark was a super nice guy. He also had the world’s most aggressive golden retrievers that would bark at me as I walked down the block. One day I found a “sewer cleaning” van parked on the parallel street behind his house, but to this day I wonder what it really was. They drove off right after I took a picture of it.
