This was a big pain in the ass for me to figure out. I ended up using the free version of Mosyle and hiring someone on Fiverr to help me figure out how to get the licenses assigned to our managed devices.
Supabase doesn’t make a public users table by default. The user schema is in auth and secured. The problem is that unskilled developers bypass those controls out of convenience and put data into Public without RLS. Even the Supabase docs warn against this.
The point is that why they even have to make new users table? Something is driving them in this direction and as a counterexample you have Pocketbase where you don't have to.
To store application-specific data about users. The Supabase doc or examples show this. Where else would you put such data?
But what the docs don't cover is the provided Users table. Missing documentation is why I gave up on Supabase; and the Users table was one of the first problems I encountered. I could find no details on what to expect in each column at any given time.
Upon creating a new user, values get set in this table for no apparent reason. So if your application depends on knowing the verification status of a new user (for example), good luck... Supabase claimed every user was verified upon creation.
The auth schema is intentionally not exposed to the rest api for security reasons. You need to use an auth hook to put data where you need, or an RPC with appropriate privileges, and of course RLS on any tables.
It's actually more complicated, but the draining of scam money at scale (ie: billions) is done with the help of collaboration of the Triads and Mexican cartels. IE: Chinese scammers rob the world of billions. They ultimately end up with tons of crypto but still need to launder it. They collaborate with the Mexican cartels to buy USD cash from them paid via crypto. Then the Triads re-launder that cash or sell it to other Chinese nationals in the USA.
The big banks also get a cut when they launder these funds. There are more profits to be made by enabling (or at least not stopping) scams then there is in preventing them. Market forces at work.
Not sure if the op is reading, but I also detected the same Coinbase hack around the same timeline. From what I can tell, literally everything was compromised because even their Discord channel's api keys were compromised and were finally reset around April or May. This means their central secrets manager was likely compromised too.
This appears to be the / a source for the devices in question. It's worth reading over the technical details of how it all works. It's both terrifying and impressive. Cards can be identified using a barcode encoded on their thin edge from meters away.
reply