Honeypot.net

April 25, 2025

Sharon Osbourne calls for Irish band’s U.S. visas to be revoked after Coachella show - pennlive.com

“At a time when the world is experiencing significant unrest, music should serve as an escape, not a stage for political discourse.”

This is the stupidest possible take on music and art. Her husband sang “War Pigs”.

April 24, 2025

California is now 4th-largest economy in world, surpassing Japan

Some Americans constantly talk about how much CA supposedly sucks and is on the edge of collapse. My favorite criticism is that “no one wants to live there because it’s so expensive”, although the fundamentals of capitalism explain that it’s so expensive because so many people want to live there.

Meanwhile, back in reality…

April 22, 2025

Synology Lost the Plot with Hard Drive Locking Move - ServeTheHome

Summary: Synology wants to force users to buy Synology-branded HDs in even their consumer NASes. If they do this, I’ll never buy another NAS from them, ever.

Imagine Toyota requiring you to use Toyota gasoline. No way, no how.

How to bypass Credit Karma's 2FA

April 18, 2025

Locked out of your Credit Karma account’s 2FA? No problem! Here’s how I can log into mine:

Log in with my username and password.
Try the 2FA challenge once and let it fail.
Navigate to accounts.creditkarma.com

Ta-da! I’m in. I reported this a month ago but they haven’t acknowledged it as an issue yet. If I stumbled across this, you can bet the bad guys are already using it.

April 17, 2025

Street art in Berlin.

A painting hanging on a brick wall. It’s black and white of a young woman in a leather jacket, captioned “Look into your heart, There I’ll be”.

April 16, 2025

The afternoon’s adventure: Traveler’s Notebook aficionado nerdery.

Photo of a page in a notebook: “- Went to a nearby stationery store to get a Traveler’s Notebook stamp” And a red stamp saying “Luiban Berlin, Germany […] Official Partner Shop Visit Pass”

April 15, 2025

CVE program faces swift end after DHS fails to renew contract, leaving security flaw tracking in limbo | CSO Online

This is fine.

April 14, 2025

This is what a dare looks like.

Photo of a glowing red button behind a clear plastic shield, labeled in German, and a sign saying “DO NOT press the button” in English. I do not read German so can’t be held responsible for the consequences of my investigation.

April 13, 2025

My wife and I went to the Memorial to the Murdered Jews of Europe.

My god.

It’s never been so hard to make myself stay and learn about something important.

Among the based of thousands of enormous concrete pillars. It’s hard to describe the oppressive spirit here.

April 9, 2025

2025-03-17: I report a critical vulnerability (trivial, complete 2FA bypass) to a well-known company’s security email alias. No reply.

2025-04-07: I report it again to their bug bounty program.

2025-04-09: They close it as a duplicate.

Their bug bounty program says, basically, “we never disclose reports. Don’t discuss them with anyone.”

23 days into this episode, I’m starting to weigh the responsible thing to do here.