Just called Asus for a problem with my router, went to send them my systemlog.txt for analysis

"Oh we don't have an email you can send that to"

Me: "(me calling bullshit) let me talk to the tech team.."

*Get transferred*

"Hello this is the supervisor"

Me: "fml"

"Ya we don't have an email you can send that to, but we can use a different departments verification services to get a file from you, has to be a picture though"

Me: "What? I got a .txt file here, I just want to get it to you, does it really have to be a picture?"

"Has to be a picture or a PDF, we can't take txt files"

Me: "fkin.. srsly? Fine"

I can't believe Asus's system srsly. I think it's for virus protection, but viruses can be embedded in both picture formats and PDF, but not in txt. So wtf is going on lol

My current project at work: purchase verification, aka anti-fraud.

It's been two weeks, and my boss is flipping out because it isn't done. A robust anti-fraud solution. in two weeks. And he thought one week was a little much.

like, fucking really?

There are companies whose entire service is helping combat fraud. and he wants this done in a bloody week?

What makes me laugh through my tears of frustration is that the company that moved into the previous office? Yep, anti-fraud. Their entire business model is providing anti-fraud services to other businesses. They even tried selling him on it when they moved in. Bossman sales guy turned it around and sold my freaking desk out from under me instead.

But like. They're a small company: they had 9 people when they moved in, and were looking to add three more, so a total of 12 people. (I totally considered jumping ship, but their stack was too different.)

So. Bossman wants me to replace 9-12 people and their entire business in a fucking week. Yeah.

"Oh, but it's just sms verification" says he. What he also wants is the ability to flag users as fraudulent, have sticky verifications so they can't bypass them by backing out, have email checks as well as sms, have deferred verification to allow collecting required info (e.g. phone number), verification fallback, lockouts, manual admin whitelisting, admin blacklisting, and different rules per merchant and rule groups for affiliates to apply to all of their merchants, and of course the ability to customize those merchant/affiliate anti-fraud rules. But he shortens this gigantic list to "I want sms verification," despite actually asking for all of the above. I don't want to know about the mental gymnastics and/or blindfolding required to equate the two, but he's nuts.

Yeah.
All of that.
In a goddamn week.

And I get chewed out when it isn't done? Fuck off.

Go build me a goddamn 5m ft^2 castle out of basalt and marble using only your toothbrush and a rusty garden trowel, and have it done in a week. No outsourcing.

talk about ridiculous.

Recovering a legacy Gmail account after receiving a notice of a blocked login.

*Tries to remember the bloody password*
*Actually remembers it*

> Sorry your password isn't enough. Your father's phone number that you used a decade ago can be used for verification though!

Google, let's get this straight. Things have changed. I know the fucking phone number and yes I can enter it, and out of sheer stupidity I did send an authentication code his way. Unfortunately however, things have changed in 10 years. I can instantly kill the fucker on the spot if I were to meet him ever again. Do you think that I'm going to get that fucking code?!

> Oh but you can try to email the code to the very account that you're trying to recover, despite the fact that you know the password for it.

TO THE FUCKING SAME ACCOUNT THAT I'M RECOVERING.

Must've taken a true genius to code that in!!!

!!oracle

I'm trying to install a minecraft modpack to play with a friend, and I'm super psyced about it. According to the modpack instructions, the first step is to download the java8 jre. Not sure if I actually need it or not, but it can download while I'm doing everything else, so I dutifully go to the download page and find the appropriate version. The download link does point to the file, but redirects to a login page instead. Apparently I need an oracle account to download anything on their site. stupid.

So I make an account. It requires my life story, or at least full name and address and phone number. stupid. So my name is now "fuck off" and I live in Hell, Michigan. My email is also "gofuckyourself" because I'm feeling spiteful. Also, for some reason every character takes about 3/4ths of a second to type, so it's very slow going. Passwords also cannot contain spaces, which makes me think they're doing some stupid "security" shenanigans like custom reversible encryption with some 5th grade math. or they're just stupid. Whatever, I make the stupid account.

Afterwards, I try to log in, but apparently my browser-saved credentials are wrong? I try a few more times, try enabling all of the javascripts, etc. No beans. Okay, maybe I can't use it until I verify the email? That actually makes some sense. Fine, I go check the throwaway inbox. No verification email. It's been like five minutes, but it's oracle so they probably just failed at it like everything else, so I try to have them resend the email. I find the resend link, and try it. Every time I enter my email address, though, it either gives me a validation error or a server error. I try a few mores times, and give up. I try to log in again; no dice. Giving up, I go do something else for awhile.

On a whim later, I check for the verification email again. Apparently it just takes bloody forever, but it did show up. Except instead of the first name "Fuck" I entered, I'm now "Andrew", apparently. okay.... whatever. I click the verify button anyway, and to my surprise it actually works, and says that I'm now allowed to use my account. Yay!

So, I go back to the login page (from the download link) and enter my credentials. A new error appears! I cannot use redirects, apparently, and "must type in the page address I want to visit manually." huh? okay, i go to the page directly, and see the same bloody error because of course i do because oracle fucking sucks. So I close the page, go back to the download list, click the link, wait for the login page redirect (which is so totally not allowed, apparently, except it works and manual navigation does not. yay backwards!), and try to log in.

Instead of being presented with an error because of the redirect, it lets me (try to) log in. But despite using prefilled creds (and also copy/pasting), it tells me they're invalid. I open a new tab container, clear the cache (just to be thorough), and repeat the above steps. This time it redirects me to a single signon server page (their concept of oauth), and presents me with a system error telling me to contact "the Administrator." -.- Any second attempts, refreshes, etc. just display the same error.

Further attempts to log in from the download page fail with the same invalid credentials error as before.

Fucking oracle and their reverse Midas touch.

So I just created this Registration GUI (part of a bigger app) for my uni project and was demonstrating how good the app was to all my friends.

Suddenly someone came and said let me verify this. I said go on with a doubtful mind. Obviously I had some verification for all the fields in the GUI but I was closely watching him.

He signed up with this email: " @ . "

😞

Holy fuck nvidia. Why the fuck you want me to login to your fucking app in order to download a fucking driver. You also want me to click a fucking link that you sent to my email for verification on every fucking login? Why on earth someone would stole my fucking nvidia account? To see which drivers I use? What the fuck nvidia? Oh wait. DO YOU DARE ASK ME TO SETUP TWO FACTOR AUTH TO SECURE MY ACCOUNT?!? What the fuck? Even if I put my credentials online no one would care to login my fucking nvidia account. Just let me download my fucking driver!

this just happened a few seconds ago and I am just laughing at the pathetic site that is Facebook. xD
4 years ago:
So I was quite a noobie gamer/hacker(sort of) back then and i had a habit of having multiple gmail/fb accounts, just for gaming, like accounts through which i can log in all at once in the same poker room, so 4/5 players in the game are me, or just some multiple accounts for clash of clans for donations.
I had 7-8 accounts back then. one had a name that translated to "may the dead remain in peace "@yahoomail.com . it was linked to fb using same initials. after sometime only this and 2 of my main accs were all i cared about.even today when i feel like playing, i sometimes use those accs.

2 years ago.
My dad is a simple man and was quite naive to modern techs and used to hang around with physical button nokia phones.But we had a business change, my father was now in a partnership in a restaurant where his daily work included a lot of sitting job and and casual working. So he bought a smartphone for some time pass.
He now wanted to download apps and me to teach him.I tried a lot to get him his own acc, but he couldn't remember his login credentials.
so at the end i added one of my own fake ID's(maythedead...) so he could install from playstore, watch vids on youtube and whatever.

The Actual Adventure starts now
Today, 1 hour ago:
I had completely forgot about this incident, since my parents are now quite modern in terms of tech.
But today out of nowhere i recieved an email that someone has JUST CHAINGED MY FB PASSWORD FOR ONE OF MY FAKE ACCS!?!??
what the hell, i know it was just a useless acc and i never even check my fb from any acc these days, but if someone could login into that acc, its not very difficult to track my main accs, id's, etc so i immediately opened this fb security portal and that's where the stupidity starts:

1)To recover your account they FUCKIN ASKS FOR A PHYSICAL ID. yeah, no email, no security question you have to scan your driving license or passport to get back to your account.And where would I get a license for some person named "may the dead remain in peace"? i simply went back.
2) tried another hack that i thought that will work.Closed fb help page, opened fb again , tried to login with my old credentials, it says" old password has been changed,please enter new password", i click forget password and they send an otp. i thought yes i won, because the number and recover mail id was mine only so i received it.
when i added the otp, i was first sent to a password change page (woohoo, i really won! :)) but then it sends me again to the same fuckin physical id verification page.FFFFFFFFFuck

3)I was sad and terrified that i got hacked.But 10 mins later a mail comes ,"Your Facebook password was reset using the email address on Tuesday, April 10, 2018 at 8:24pm (UTC+05:30)."
I tried clicking the links attached, hoping that the password i changed(point<2>) has actually done something to account.NADA, the account still needs a physical license to open:/

4) lost, i just login to my main account and lookup for my lost fake account. the fun part:my account has the display pic of my father?!!?!
So apparently, my father wanted to try facebook, he used the fake account i gave him to create one, fb showed him that this id already has an fb account attached to it and he accidently changed my password.MY FATHER WAS THE HACKER THE WHOLE TIME xD.
but response from fb?" well sir, if you want your virtually shitty account back , you first will have to provide us with all details of your bank transactions or your voter id card, maybe trump will like it"

Oh boy, this is gonna be good:

TL;DR: Digital bailiffs are vulnerable as fuck

So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:

The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.

So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!

This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.

I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.

Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!

Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...

The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.

But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.

So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)

So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"

So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones

Chat apps. What's the idea? Those are basically tools of violence. They give you a possibility to in real-time stop someones work and start demanding service. Now. Immediately.

Usually people send you first email and then they after 10 seconds chat "did you see my email?? read it! serve it! please me!" Usually it's just a small request to document something, review someone else's document. Do it ASAP. If you were coding something, then drop it and do someones job for them instead.

You got a request for me to create some verification case list? Put it into my backlog. I might start doing that in week or two. Or month. In case there's nothing else more important. Since I know that you are working with something that you think is the whole universe, but trust me, I got my own problems already.

But hey, if I don't reply to your chat in a minute, please feel free to walk behind me and start explaining your life. No need to wait even for me to get my headphones off. "Oh you are in conf call? Well, this is just a quick thing blaa blaa..."

oh FFS my university pissed me off so bad right now that I had to wait 20 min to cool down to be able to write a rant about it...

so, one of the university department offer an email address which is the official university approved email for student packs like jetbrain's. I wanted to renew my jetbrains subscription, but for that I have to get a verification email on that address..
But since the only time I use it is this annual renewal I dont know the webmail's url..
So I search for it on the department pages, services and its nowhere to be found. Finaly I found it on a student maintained wiki page.
I try to log in.. no luck. try another password, still not it. Try all of the passwords that I remember using in the previous 3 year and no luck.
well fck it the password change is managed by a website where I can log in with a different method, so I change the password and try to log in again.
No fcking luck! And at this point I bashed my head against the wall because I found out that the password change takes them about 1 or 2 hours... hours! wtf...

That's it, where do I send the bill, to Microsoft? Orange highlight in image is my own. As in ownly way to see that something wasn't right. Oh but - Wait, I am on Linux, so I guess I will assume that I need to be on internet explorer to use anything on microsoft.com - is that on the site somewhere maybe? Cause it looks like hell when rendered from Chrome on Ubuntu. Yes I use Ubuntu while developing, eat it haters. FUCK.

This is ridiculous - I actually WANT to use Bing Web Search API. I actually TRIED giving up my email address and phone number to MS. If you fail the I'm not a robot, or if you pass it, who knows, it disappears and says something about being human. I'm human. Give me free API Key. Or shit, I'll pay. Client wants to use Bing so I am using BING GODDAMN YOU.

Why am I so mad? BECAUSE THIS. Oauth through github, great alternative since apparently I am not human according to microsoft. Common theme w them, amiright?

So yeah. Let them see all my githubs. Whatever. Just GO so I can RELAX. Rate limit fuck shit workaround dumb client requirements google can eat me. Whats this, I need to show my email publicly? Verification? Sure just go. But really MS, this looks terrible. If I boot up IE will it look any better? I doubt it but who knows I am not looking at MS CSS. I am going into my github, making it public. Then trying again. Then waiting. Then verifying my email is shown. Great it is hello everyone. COME ON MS. Send me an email. Do something.

I am trying to be patient, but after a few minutes, I revoke access. Must have been a glitch. Go through it again, with public email. Same ugly almost invisible message. Approaching a billable hour in which I made 0 progress. So, lets just see, NO EMAIL from MS, Yes it appears in my GitHub, but I have no way to log into MS. Email doesnt work. OAuth isn't picking it up I guess, I don't even care to think this through.

The whole point is, the error message was hard to discover, seems to be inaccurate, and I can't believe the IRONY or the STUPIDITY (me, me stupid. Me stupid thinking I could get working doing same dumb thing over and over like caveman and rock).

Longer rant made shorter, I cant come up with a single fucking way to get a free BING API Key. So forget it MS. Maybe you'll email me tomorrow. Maybe Github was pretending to be Gitlab for a few minutes.

Maybe I will send this image to my client and tell him "If we use Bing, get used to seeing hard to read error messages like this one". I mean that's why this is so frustrating anyhow - I thought the Google CSE worked FINE for us :/

Bittrex is "amazing"...

I had lost my 2FA a long time ago (as my phone fried) and missed the account ferification deadline which caused my account to get disabled. Off we go to support!

0. Nothing to rant about at this point. I just created an account in their zendesk, logged in and logged a ticket to reset my 2FA and reactivate my account. They asked me for info, I provided it to them and got my 2FA disabled. Hooray!

1. I then asked to reenable my account. They sent me a link to restart the verification process. I open up that link and log in. I'm asked to upload some photos. I select requested photos from my galery and hit [UPLOAD]. An error pops up saying that smth wrong happened and I need to reload that site and reupload my photos. After page refresh they are telling me they are validating my uploaded info (w/o any way to resubmit my info, which, according to the error seen below, was not successfully submitted in the first place)...

2. So I reach out to the support guy again. Guess what he replies! He says he's sorry but he cannot help me any more and I need to create a NEW ACCOUNT in their support site with the same email <???!!!???>

3. I try to log in to the support portal and my access no longer works. MY ACCOUNT HAS BEEN DELETED! WTF!!!

4. I do as I'm told and create a new acc with the same email. Now I can log back in. So I'm raising a new ticket saying I still cannot finish my verification process due to the same error. It looks like it's going to be a fun ride with them so I can't wait to see what they'll reply.

Fuck the feelings of powerlessness and helplessness. when a friend comes crying for you for help with their hacked account and you keep asking them about what they did to protect it in the first place and they reply with nothing, no recovery email, no recover phone, no secondary verification, NOTHING. and you can do nothing but stand there and watch them cry while you can literally do nothing because there literally nothing you can do to retrieve their stolen accounts. FUCK BLACK HAT HACKERS.

I've always thought that Wordpress is HOT CARBAGE for custom solutions. The opinion is influenced by devRant actually. And I'm really starting to see that after few of months working with it.

For context, it's a accommodation booking site with sub-theme that uses plugins such as Woocommerce Bookings. I didn't build it but I'm now developing and maintaining it.

The emails... I've tried to make them function properly. But no. Because we skip the fucking verification step to allow instant booking it just won't send them. I made yet another workaround and casted some spells. NOW IT SENDS THE EMAIL TWICE...

I'm done. It's good enough.

The global joke of Information Security

So I broke my iPhone because the nuclear adhesive turned my display into a shopping bag.

This started the ride for my character arc in this boring dystopia novel:

Amazon is preventing me from accessing my account because they want my password, email AND mobile phone number in their TWO.STEP Verifivation.
Just because one too many scammers managed to woo one too many 90+y/o's into bailing their long lost WW2 comrades from a nigerian jail with Amazon gift cards and Amazon doesn't know what to do about anymore,

DHL is keeping my new phone in a "highly secure" vault 200m away from my place, waiting for a letter to register some device with a camera because you need to verify your identity with an app,

all the while my former car insurance is making regress claims of about 7k€ against me for a minor car accident (no-one hurt fortunately, but was my fault).

Every rep from each of the above had the same stupid bitchass scapegoat to create high-tech supra chargers to the account deletion request:

- Amazon: We need to verify your password, whether the email was yours and whether the phone number is yours.

They call it 2-step-verification.

Guess what Amazon requests to verify you before contacting customer support since you dont have access to your number? Your passwoooooord. While youre at it, click on that button we sent you will ya? ...

I call this design pattern the "dement Tupi-Guarani"

- DHL: We need an ID to verify your identity for the request for changing the delivery address you just made. Oh you wanted to give us ANOTHER address than the one written on your ID? Too bad bro, we can't help, GDPR

- Car Insurance: We are making regress claims against you, which might throw you back to mom's basement, oh and also we compensated the injured party for something else, it doesn't matter what it is but it's definitely something, so our claims against you just raised by 1.2k. Wait you want proof we compensated something to the injured at all? Nah mate we cant do that , GDPR. But trust me, those numbers are legit, my quant forecasted the cost of childrens' christmas wishes. You have 14 days or we'll see you in court haha

I am also their customer in a pension scheme. Something special to Germany, where you save some taxes but have to pay them back once you get the fund paid out. I have sent them a letter to terminate the contract.

Funniest thing is, the whole rant is my second take. Because when I hit the post button, devrant made me verify my e-mail. The text was gone afterwards. If someone from devRant reads this, you are free to quote this in the ticket description.

Fuck losing your virginity, or filing your first tax return, or by God get your first car, living through this sad Truman dystopia without going batshit insane is what becoming a true adult is.

I am grateful for all this though:

Amazon's safety measures prevented me from spending the money I can use to conclude the insurance odyssey, and DHLs "giving a fuck about customers" prevention policies made me support local businesses. And having ranted all this here does feel healthy too. So there's that.

Oh, cherry on top. I cant check my balance, because I can only verify my login requests to my banking account wiiiiiiith...?

My trying to login to my email account my.email.address@example.com via web:

Site: You need to verify that you are really you. We sent a verification email to my.email.address@example.com please click the link in this email to verify your identity.

I just had such a forfilling moment.

Normally, i often (force myself) go to bed at night, after i worked on a project of mine, with these thought saying "oh man i wanted to get that feature done today" or "i want to finish this and that part of my code".I am sure everyone of you knows the feeling, when your brain communicates that you are just not done for today.

Today it was different. I got a project of mine working in it's first state, where i put much heart, love and time in.Just a few minutes before i finished for today i got my server responding the expected numbers(some kind of pin-code). It's a very easy system: Someone(at the time only me and my debug mode :3) on a android phone request a verification which is checked and processed by the server. The server creates a random six-digit number, returns it encoded to the client and sends an email to the user, which currently sends it in plain text(shame on me).
Yeah, the user enters the number and voilà
And of course, all the Pincodes can only be used once.
I got to bed with this feeling of luck and succes.

I hope tomorrow is going to be a productive day!

I am so lucky right now.

Have a good day everyone!

A word of advice:
If you integrate email verification very tightly in the registration flow, it will be a world of pain to implement changing the email address.
It's alright, I didn't want to do anything this afternoon anyway.

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

It was the last year of high school.

We had to submit our final CS homework, so it gets reviewed by someone from the ministry of education and grade it. (think of it as GPA or whatever that is in your country).

Now being me, I really didn’t do much during the whole year, All I did was learning more about C#, more about SQL, and learn from the OGs like thenewboston, derek banas, and of course kudvenkat. (Plus more)

The homework was a C# webform website of whatever theme you like (mostly a web store) that uses MS Access as DB and a C# web service in SOAP. (Don’t ask.)

Part 1/2:

Months have passed, and only had 2 days left to deadline, with nothing on my hand but website sketches, sample projects for ideas, and table schematics.

I went ahead and started to work on it, for 48 hours STRAIGHT.

No breaks, barely ate, family visited and I barely noticed, I was just disconnected from reality.

48 hours passed and finished the project, I was quite satisfied with my it, I followed the right standards from encrypting passwords to verifying emails to implementing SQL queries without the risk of SQL injection, while everyone else followed foot as the teacher taught with plain text passwords and… do I need to continue? You know what I mean here.

Anyway, I went ahead and was like, Ok, lets do one last test run, And proceeded into deleting an Item from my webstore (it was something similar to shopify).

I refreshed. Nothing. Blank page. Just nothing. Nothing is working, at all.

Went ahead to debug almost everywhere, nothing, I’ve gone mad, like REALLY mad and almost lose it, then an hour later of failed debugging attempts I decided to rewrite the whole project from scratch from rebuilding the db, to rewriting the client/backend code and ui, and whatever works just go with it.

Then I noticed a loop block that was going infinite.

NEVER WAIT FOR A DATABASE TO HAVE MINIMUM NUMBER OF ROWS, ALWAYS ASSUME THAT IT HAS NO VALUES. (and if your CPU is 100%, its an infinite loop, a hard lesson learned)

The issue was that I requested 4 or more items from a table, and if it was less it would just loop.

So I went ahead, fixed that and went to sleep.

Part 2/2:

The day has come, the guy from the ministry came in and started reviewing each one of the students homeworks, and of course, some of the projects crashed last minute and straight up stopped working, it's like watching people burning alive.

My turn was up, he came and sat next to me and was like:

Him: Alright make me an account with an email of asd@123.com with a password 123456

Me: … that won't work, got a real email?

Him: What do you mean?

Me: I implemented an email verification system.

Him: … ok … just show me the website.

Me: Alright as you can see here first of all I used mailgun service on a .tk domain in order to send verification emails you know like every single website does, encrypted passwords etc… As you can see this website allows you to sign up as a customer or as a merc…

Him: Good job.

He stood up and moved on.

YOU MOTHERFUCKER.

I WENT THROUGH HELL IN THE PAST 48 HOURS.

AND YOU JUST SAT THERE FOR A MINUTE AND GAVE UP ON REVIEWING MY ENTIRE MASTERPIECE? GO SWIM IN A POOL FULL OF BURNING OIL YOU COUNTLESS PIECE OF SHIT

I got 100/100 in the end, and I kinda feel like shit for going thought all that trouble for just one minute of project review, but hey at least it helped me practice common standards.

Just remembered that I still had a foobar invite link in my email inbox 😋

The challenges are odd though, first challenge was super easy (basically an idiot check), but while I was able to convert 3 cans of energy drink into a functional solution in half an hour, the verification utility is not very verbose at all. So in Python 3.7.3 in my Debian box it worked just fine, yet the testing suite in Foobar was failing the whole time. After sending an email to my friend that gave the link (several years ago now, sorry about that! 😅) asking if he knew the problem, I found out that Google is still using Python 2.7.13 for some reason. Even Debian's Python is newer, at 2.7.16. To be fair it does still default to Python 2 too. But why.. why on Earth would you use Python 2.7 in a developer oriented set of challenges from a massive company, in 2020 when Python 2 has already been dead for almost a whole year?

But hey now that it's clear that it's Python 2.7, at least the next challenges should be a bit easier. Kind of my first time developing in SnekLang regardless actually, while the language doesn't have everything I'd expect (such as integer square root, at least not in Debian or the foobar challenge's interpreter), its math expressions are a lot cleaner than bash's (either expr or bc). So far I kinda like the language. 2-headed snake though and there's so much garbage for this language online, a lot more than there is for bash. I hate that. Half the stuff flat out doesn't work because it was written by someone who requires assistance to breathe.

Meh, here's to hoping that the next challenges will be smooth sailing :) after all most of the time spent on the first one (17.5 hours) was bottling up a solution for half an hour, tearing my hair out for a few hours on why Google's bloody verification tool wouldn't accept my functioning code (I wrote it for Python 3, assuming that that's what Google would be using), and 10 hours of sleep because no Google, I'm not scrubbing toilets for 48 hours. It's fair to warn people but no, I'm not gonna work for you as a cleaning lady! 😅

Other than the issues that the environment has, it's very fun to solve the challenges though. Fuck the theoretical questions with the whiteboard, all hiring processes should be like this!

implementing an email verification .. it shows differently in different email .. If I fix something for yahoomail .. it shows broken in gmail .. just fedup of this .. my whole day has been wasted for this shit today .. 😑😑

So, there was that post about Valve that send your steam password through an email. I changed my password to see if it was true (I couldn't believe it). And I had to do phone verification....

I thought for a sec it wouldn't stop, but yeah atleast I got the message.

Fuck I feel fucked up just for completing user account management, authentication, email verification, password reset. Securing all of this with ssl and checking for any security loopholes.

I can't believe this took me more than a couple months.
Well I was lazy and unmotivated.
I fucking hate crafting stupid ass routes in nginx.
I fucking hate making a nice responsive gui.
I have to design even the stupid html for the emails. Fuuuuck.

So much boilerplate on top of that with username and email validation.

I learnt regex 5 times over the past couple months, still not enough.

And now I actually have to build the functional part.

On the plus side I can reuse this stupid boilerplate if I can make it more modular and readable.

There's shit ton of comments to the point where I feel like an idiot for including so much info. It's like I've written it for a toddler to take over.

Gawd. Anyways it's over now. 50% I guess.

I can finish the rest of the server more quickly and then spend another year designing the Android application.

I'm really lazy in places where I have to design UI/UX. Although at this point it's kinda what could put my application at the top. (I'm lazy, I ain't bad.. I just hate implementing my ideas I wish I could just visualize and have it appear on my screen)

I do like parts of gui that involve little math problems that would make motion smooth and efficient.

Coinbase is a miserable clock sucker...

You can't understand that your stupid app doesnt split sir names during ID verification? A month of playing ring around the support email bot... "Try updating chrome!"...

Go duck yourself,
John S Jr. Smith

TLDR: I wanted to change email to new one, but I could not remember which one I have
currently. I found out an API in DevRant JS files for email verification and used
it to find it out.

So, I am moving from Gmail to Protonmail Pro, absolutely love their service.
I wanted to do same on Devrant but I could not figure out my current mail for
"I lost my password" form. My Password Manager have only login saved, and profile does
not show email address.

I thought that this user information is stored on server so it have to be some way to retrieve it. I dug
in source code and I've found:

`<div class="signup-title">Verify Your Email</div>`

Which has event assigned to function which uses jQuery.ajax (love it btw :D) to call:

`url: "/api/users/me/resend-confirm",`

This seems like worth a shot. Few copy-pastes and one ajax call later:

*Ding*

From: support@devrant.io
To: dawid@dawidgoslawski.pl
"Welcome to Devrant"

Got it :) So I have already changed in march when DevRant on previous layout.

This is what I love in this profession - problem solving. AI will not replace human
in any way, we will just stop coding array iterations and data manipulation - we will focus
on real problem solving and human touch (like design, convincing management for changes).

Im ranting in progress of the issue so i dont get the urge to do any of the things not seem as acceptable to fix this issue.

Issue: yesterday i activated a device i havent had any (even prepaid) service on in years, and had a 'new'(to me) number assigned...

Today, after being sick so muting nuisances immediately for rest, i check, 3missed calls from the same, less spammy looking number. I havent use this number for even a txt code verification at all... aside from 1 call to comcast (for the blissful irony of seeing if its an option (they need to survey physically) since im suing my current isp who didnt take my VERY NICE and explictly required in their business t&c, refund for the issue's duration.. after months of tryjng to directly get a message (not using my not technically hacking expertise like just scrubbing for email formatting and popped up in their inbox (calling them is more frowned upon)...

Their conclusion as to "why" (they nvr solved the issue... dhcpv6 was in aggressive lease mode(no response per lease(NOT batches) of about 60 for about 20 devices which i ofc use my /28 static ipv4 block... not ipv6 (they also claimed there was no logs til i dug and found verbose, long history high/med high debug level logs in their prop. dev's gui... which they forced me to use, has 2 separate cores/stacks which is done for 1 reason only... constant simultaneous ipv4 and ipv6 (so ofc was auto enabled)...

Basically it was spamming do to a config issue with their scripts, and their WAN6 dev/script's config. Have found a single person who knows what ipv6 (or v4) or wan6 device actually means... their conclusion from multiple "specialist departments " ..."we dont support ipv6 so if u had issues caused by using something we dont support it's your fault... sooooo ludacris.

.... ok back to main point.
callback options
1 schedule a call back for "later"
2 dont schedule and hang up/try some other time
3. cancel callback and join the end of the cue(from previous message it told me a callback in 6-10m or lose your place in line and go to the end... hours later no call and they definitely have the number as it reiterated -.-
...
answer to wait in line>
experiencing extremely high wait time
>your current wait time 31-60m
2.5sec later.. let me connect you to a rep ...etc (identical as in callback options intro)
> your current wait time is 30sec
waiting nearly 25min whilst typing this.(i did make sweet potato stuff, propagated a rose, fed JSON some of his new, in closure buffet of things he previously never encounted and bought a literal ton of rubber mulch)40min to a rep 5more to solve (last guy at same position didnt know this option exited, despite me decribing it verbosely to him.

Everything the automated syst asks is about account numer... there is none ive never even had a burner that was at&t brand.

Wzf.

Hate it when clients told you a specific requirement but then changes it the last minutes. You can't justify or argue. Can't do nothing about it but only follow. Just a high paid slave.
Example:
Client-verbal: background color of all 5 pages
Me-with email verification: ok. I will bg color of all pages will be red based from our last meeting.
Client email reply: ok
After a few days
Client: I think we have misunderstanding. What I meant was 4 pages red only. The 5th page should be maroon.
Me in my mind: wtf. Of course I can't argue but just agree and follow. The demo is near and he'll just inform the last minute. I will not win this argument.

Also, there are no acceptance criterias in the user story.

TLDR
Apparently if you delete your google account as an only admin of a workplace by just clicking remove account on expired subscription screen when you are on document page you not only loose access to google workplace but also you can create new workplace google account using same domain and email immediately and it’s fresh google domain account without domain verification and with everything wiped off from your old account. So you don’t have access to anything but on the other side there is possibility to use gmail as spam hub if google fucked ip something in their dns verification and once verified and after that expired domain gets bought again it stays verified.

Well I luckily migrated my gmail to other provider 3 years ago and I lost nothing important there but lol.

You can easily lock out yourself from your domain.

I opened ticket using some questionnaire and by adding another dns txt record to my domain to claim access to workplace admin page and let’s see what they do.

If they ever respond to that ticket and how long it will take to get it resolved.

This is good test to see if google is still a people’s company or an evil corporation.

I was using workplace as long as it was free from days of google app engine and begging of cloud revolution. I remember at best times I could chat with google support employee about spam I got from domain registered on google servers and he was processing ticket for me.

Is it normal to use rabbitmq AND kafka in the same backend?

Rabbitmq for email verification, password reset etc and all that email bullshit handling

While kafka handles real time chat communication?

Since i noticed both of them work exactly the same. Producer/consumer. Pub/sub shit. Cant tell the difference other than a slightly different syntax

Hey guys, I have almost developed the backend of an app like reddit. My question is about authentication. How should I authenticate my user. Is phone number necessary to add phone otp?Because I don't want to get any legal trouble if someone posts objectionable content on the platform. Most of the apps today need phone number, I dont know why except reducing spam accounts.

Or shall I verify email by otp. But its hard to track disposable emails. I cant go for only gmail too as its banned in china. Email domains of china are weird.

Can I get into legal trouble for objectionable content posted by any evil user?

I dont want to go for auth.

Lets say i have to send an email to the user when:

- user forgot password (email sent with a token to verify the user owns that email, and token identifies for which user is this link valid)

- email verification (email sent with a token to verify the user who just registered, where this token uniquely is generated for each newly registered user)

- etc

Notice how both of these cases include the same shit:
- sending emails
- generating unique tokens
- attaching each record to individual user

Does this mean i should pack this up in 1 single model in the database and differentiate which type of email it is over an enum (EMAIL_CONFIRM, FORGOT_PASSWORD etc)?

Or should these shits each have a different model and thus different tables in database?