barnabees

I was filling out a rental application on on-site.com and a modal popped up telling me I had been texted a link and had 5 minutes to resend the link. I got a text from 32858 and it was of the form https://api.equifax.com/business/secure-mfa/v2/authentications/verification-tokens/<long hexstring>/verify. I clicked on it and it took me to a page that just had the text, "Authentication completed. Return to your application," or something like that. I don't remember what the domain was.

I couldn't find anything online about this, so I'm wondering, is this legit? Or is this somehow an elaborate ploy to steal my identity? What's also weird is that the website didn't change after I clicked on the link, but at some point I saw a back button on the page which closed the modal, and now I'm wondering if that button was there the whole time. Also, if I tap on the link again, I get redirected to secureauth.io/expired, but I can find no information about that domain online. My co-applicant never had the modal pop up and never got a text.

Just came across this tweet criticizing the Parler social network for using a relational database:

https://twitter.com/sarahmei/status/1348477224467394560

My understanding was always that for relational data (e.g., social networks) you should use a relational database. Is the person in this tweet correct? If so what is a better option?

I'm developing a simple app where users can upload pictures. The app directly uploads images to Firebase Storage from the client, and sends the URL of the uploaded image to my server. I'm concerned about the security of this. There's no way to rate-limit users uploading images, so one malicious user could hypothetically upload millions of images and burn through my budget.

What's the standard way of handling this? I'm also considering proxying uploads through my server which gives me more control but is less performant and wouldn't really stop a dedicated user.

I was looking through the list of inactive companies on Y Combinator's startup directory and got to wondering: does it hurt to be an inactive company in their directory? Like, will potential future investors see that your last company failed and hold that against you?

I've looked at Google Places, Mapbox, Foursquare, and HERE, and I can't figure out which one to use.

People who have used these services, what are your thoughts on them, good or bad? I initially considered Google Places but the price is way too steep ($17 per 1000 searches!!). Currently leaning toward HERE but I haven't heard much about them and don't know if it's a good idea to rely on a relatively under the radar company.