Its Friday, you all know what that means! ... Its results day for practiseSafeHex's most incompetent co-worker!!!

*audience: wwwwwwooooooooo!!!!*

We've had a bewildering array of candidates, lets remind ourselves:

- a psychopath that genuinely scared me a little
- a CEO I would take pleasure seeing in pain
- a pothead who mistook me for his drug dealer
- an unbelievable idiot
- an arrogant idiot obsessed with strings

Tough competition, but there can be only one ... *drum roll* ... the winner is ... none of them!

*audience: GASP!*
*audience member: what?*
*audience member: no way!*
*audience member: your fucking kidding me!*

Sir calm down! this is a day time show, no need for that ... let me explain, there is a winner ... but we've kept him till last and for a good reason

*audience: ooooohhhhh*

You see our final contestant and ultimate winner of this series is our good old friend "C", taking the letters of each of our previous contestants, that spells TRAGIC which is the only word to explain C.

*audience: laughs*

Oh I assure you its no laughing matter. C was with us for 6 whole months ... 6 excruciatingly painful months.

Backstory:

We needed someone with frontend, backend and experience with IoT devices, or raspberry PI's. We didn't think we'd get it all, but in walked an interviewee with web development experience, a tiny bit of Angular and his masters project was building a robot device that would change LED's depending on your facial expressions. PERFECT!!!

... oh to have a time machine

Working with C:

- He never actually did the tutorials I first set him on for Node.js and Angular 2+ because they were "too boring". I didn't find this out until some time later.

- The first project I had him work on was a small dashboard and backend, but he decided to use Angular 1 and a different database than what we were using because "for me, these are easier".

- He called that project done without testing / deploying it in the cloud, despite that being part of the ticket, because he didn't know how. Rather than tell or ask anyone ... he just didn't do it and moved on.

- As part of his first tech review I had to explain to him why he should be using if / else, rather than just if's.

- Despite his past experience building server applications and dashboards (4 years!), he never heard of a websocket, and it took a considerable amount of time to explain.

- When he used a node module to open a server socket, he sat staring at me like a deer caught in headlights completely unaware of how to use / test it was working. I again had to explain it and ultimately test it for him with a command line client.

- He didn't understand the need to leave logging inside an application to report errors. Because he used to ... I shit you not ... drive to his customers, plug into their server and debug their application using a debugger.

... props for using a debugger, but fuck me.

- Once, after an entire 2 days of tapping me on the shoulder every 15 mins for questions / issues, I had to stop and ask:

Me: "Have you googled it?"
C: "... eh, no"
Me: "can I ask why?"
C: "well, for me, I only google for something I don't know"
Me: "... well do you know what this error message means?"
C: "ah good point, i'll try this time"

... maybe he was A's stoner buddy?

- He burned through our free cloud usage allowance for a month, after 1 day, meaning he couldn't test anything else under his account. He left an application running, broadcasting a lot of data. Turns out the on / off button on the dashboard only worked for "on". He had been killing his terminal locally and didn't know how to "ctrl + c a cloud app" ... so left it running. His intention was to restart the app every time you are done using it ... but forgot.

- His issue with the previous one ... not any of his countless mistakes, not the lack of even trying to make the button work, no, no, not for C. C's issue is the cloud is "shit" for giving us such little allowances. (for the record in a month I had never used more than 5%).

- I had to explain environment variables and why they are necessary for passwords and tokens etc. He didn't know it wasn't ok to commit these into GitHub.

- At his project meetups with partners I had to repeatedly ask him to stop googling gifs and pay attention to the talks.

- He complained that we don't have 3 hour lunch breaks like his last place.

- He once copied and pasted the same function 450 times into a file as a load test ... are loops too mainstream nowadays?

You see C is our winner, because after 6 painful months (companies internal process / requirements) he actually achieved nothing. I really mean that, nothing. Every thing was so broken, so insecure / wide open, built without any kind of common sense or standards I had to delete it all and start again ... it took me 2 weeks.

I hope you've all enjoyed this series and will join me in praying for the return of my sanity ... I do miss it a lot.

Yours truly,
practiseSafeHex

Me and co-worker, working with firebase.

Co-worker: Hey man, I need the private key for the server.

Me: Why?

Co-worker: I need to put it in the client so that I can authenticate.

Me: No.

Co-worker: But this guide tells me ...

Me: No

Co-worker: ... that I need it to create tokens so I can log in.

Me: ... No.

Co-worker: But the guide..

Me: If the guide would ask you to kill yourself, would you?

Co-worker: No but..

*I walk over*

Me: This isn't even related to what we are doing. You can see it in the title.

Me: Did you read the title of this post?

Co-worker: No.

This is not really a rant, but...dude.

I was browsing github for a suitable library when i found a test repo of someone. A script inside and at the top he wrote his authentication token. I first thought it was a placeholder or an example or a test he used. No. I entered the token and could control his instance of the app. I sent him a message to disable this token.

Just found out the backend developer I’m always complaining about. The one who:

- Can’t implement OAuth, and we have to have app users login every 24 hours because we have no way to generate new refresh tokens.

- Who used the phrase “your time zone is not my concern” to avoid building something that would let us inject test data.

- Who’s been debugging a critical bug affecting many users since December.

- Who can’t conduct API tests from external internet (you know, like the way the app will be in the wild) because it takes too much time.

- Who replies to Jira tickets only on a blue moon.

- Who has been 90% of the reason for my blood pressure situation

... is a fucking principal engineer in this company. In pecking order, his opinion should be considered more valuable than mine and everyone on my team.

I’ve just lost the will to live. How are big organizations THIS bad. Seriously, what promotion discussion did he go into

“So, you are a complete and utter bastard, nobody can stand to speak to you and you’ve yet to deliver anything of worth that actually works, over the course of several years ... ... ... interested in having your pay doubled??”

One comment from @Fast-Nop made me remember something I had promised myself not to. Specifically the USB thing.
So there I was, Lieutenant Jr at a warship (not the one my previous rants refer to), my main duties as navigation officer, and secondary (and unofficial) tech support and all-around "computer guy".
Those of you who don't know what horrors this demonic brand pertains to, I envy you. But I digress. In the ship, we had Ethernet cabling and switches, but no DHCP, no server, not a thing. My proposition was shot down by the CO within 2 minutes. Yet, we had a curious "network". As my fellow... colleagues had invented, we had something akin to token ring, but instead of tokens, we had low-rank personnel running around with USB sticks, and as for "rings", well, anyone could snatch up a USB-carrier and load his data and instructions to the "token". What on earth could go wrong with that system?
What indeed.
We got 1 USB infected with a malware from a nearby ship - I still don't know how. Said malware did the following observable actions(yes, I did some malware analysis - As I said before, I am not paid enough):
- Move the contents on any writeable media to a folder with empty (or space) name on that medium. Windows didn't show that folder, so it became "invisible" - linux/mac showed it just fine
- It created a shortcut on the root folder of said medium, right to the malware. Executing the shortcut executed the malware and opened a new window with the "hidden" folder.
Childishly simple, right? If only you knew. If only you knew the horrors, the loss of faith in humanity (which is really bad when you have access to munitions, explosives and heavy weaponry).
People executed the malware ON PURPOSE. Some actually DISABLED their AV to "access their files". I ran amok for an entire WEEK to try to keep this contained. But... I underestimated the USB-token-ring-whatever protocol's speed and the strength of a user's stupidity. PCs that I cleaned got infected AGAIN within HOURS.
I had to address the CO to order total shutdown, USB and PC turnover to me. I spent the most fun weekend cleaning 20-30 PCs and 9 USBs. What fun!
What fun, morons. Now I'll have nightmares of those days again.

Me: *Installs travis*

Dev: oh what's travis?

Me: it's a continuous integration tool I wanna setup.

Dev: ... contin.... ?

Me: continuous integration, a tool that performs builds.

Dev: ah!, is it the new version of that deprecated tool we were using "client access"?

Me: ... no ... that's an authentication service that generates and stores oauth tokens. This is the continuous integration tool I told you about yesterday (and last week and the week before).

Dev: ... contin....

Me: ... con ........ continuous integration. It listens to branches on GitHub, downloads, builds, tests and then deploys the code.

Dev: ah ok ok, cool.

I would bet my monthly fucking salary he can not repeat what I said, tell me what oauth is, or explain what he's working on at the minute.

Jesus at this rate I'd bet my salary he can't tell me my name.

Boss: Our customer's data is not syncing with XYZ service anynmore!

Me: Ok let me check. Did the tokens not refresh? Hmm the tokens are refreshing fine but the API still says that we do not have permissions. The scopes are fine too. I'll use our test account... its... cancelled? Hey boss, why is our XYZ account cancelled?

Boss: Oh, "I haven’t paid since I didn’t think we needed it" (ad verbatim)

😐

So we had a dev on our team who was on a performance improvement plan, wasn't going to pass it, but decided to quit before it was over saving us 2 weeks.

I was ecstatic when he left (caused us hell). I knew updating his code wouldn't be great, but he was only here 6 months

"how bad could it be" - practiseSafeHex - moron, idiot, suicidal.

A little run down would be:

- Despite the fact that we use Angular 2+, one of his apps is Angular 1 ... Nobody on the team has ever used Angular 1.

- According to his package.json he seems to require both mongoDb and Cloudant (couchDb).

- Opened up a config file (in plaintext) to find all the API keys and tokens.

- Had to rename all the projects (micro services) because they are all following a different style of camelcase and it was upsetting my soul.

- All the projects have a "src" folder for ... you know ... the source code, except sometimes we've decided to not use it for you know, reasons.

- Indentation is a mess.

- He has ... its like ... ok I don't even know wtf that is suppose to be.

- Curly braces follow a different pattern depending on the file you open. Sometimes even what function you look at.

- The only comments, are ones that are not needed. For example 30+ lines of business logic and model manipulation ... no comment. But thank god we have a comment over `Fs.readFile(...)` saying /* Read the config file */. Praise Jesus for that one, would have taken me all week to figure that out.

Managers have been asking me how long the "clean up" will take. They've been pushing me towards doing as little as possible and just starting the new features on top of this ... this "code".

The answer will be ... no ... its getting deleted, any machine its ever been on is getting burned, and any mention of it will be grounds for death.

Fucking crunchyroll hardcodes their access tokens in a Constants Class in their APK, technically that is a security issue.

What the actual fuck Crunchyroll!? No fucking wonder you got DNS Hijacked so quick, security is literally your second priority you dumbed down twats, get some real devs and some real QAs for fucking god sakes, you're tearing down your own system by inviting exploits.

micromanager: "Quick and easy win! Please have this done in 2-3 days to start repairing your reputation"

ticket: "Scrap this gem, and implement your own external service wrapper using the new and vastly different Slack API!"

slack: "New API? Give me bearer tokens! Don't use that legacy url crap, wth"

prev dev: "Yeah idk what a bearer token is. Have the same url instead, and try writing it down so you don't forget it?"

Slack admin: "I can't give you access to the slack integration test app, even though it's for exactly this and three others have access already, including your (micro)manager."

Slack: "You can also <a>create a new slack app</a>!" -- link logs me into slack chat instead. After searching and finding a link elsewhere: doesn't let me.

Slack admin: "You want a new test slack app instead? Sure, build it the same as before so it isn't abuseable. No? Okay, plan a presentation for it and bring security along for a meeting on Friday and I'll think about it. I'm in some planning meetings until then."

asdfjkagel.

This job is endless delays, plus getting yelled at over the endless delays.

At least I can start on the code while I wait. Can't test anything for at least a week, though. =/

- Let's make the authentication system so the user can only login in one device at time, because this is more secure.
- You know that this will be a general-public application, right?
- Yeah!
- Sou you want to "punish" users with a logoff on the other device when he tries to login in a new one?
- Yeah!
- But before you said we will use Json Web Token to make the backend stateless.
- Yeah!
- And how will we check if the token is the last one generated?
- We will store the last generated token for this user on a table in our DB.
- So... you are basically describing the old authentication model, with session tokens stored on the backend and communicating them via cookies.
- Yeah, but the token will be sent on the Header, not on cookies
- Okay, so why will we use Json Web Token to do this in the first place?
- Because this is how they're doing now, and this will make the backend stateless.

A moment of silence, please.

I am still at the office, doing a completely non-critical job for completely non-critical businesses while the streets look like something straight out of Fallout 4.

Friend: Why do you not work from home?

Me: Because people who care more about money then the wellbeing of the world control everything. Jobs are just slavery with extra steps and the exchange of one's health in exchange for tokens with which to purchase base necessities is just a way to hide that fact.

Friend: I fucking hate our species.

Me: Amen.

A dev team has been spending the past couple of weeks working on a 'generic rule engine' to validate a marketing process. The “Buy 5, get 10% off” kind of promotions.

The UI has all the great bits, drop-downs, various data lookups, etc etc..

What the dev is storing the database is the actual string representation FieldA=“Buy 5, get 10% off” that is “built” from the UI.

Might be OK, but now they want to apply that string to an actual order. Extract ‘5’, the word ‘Buy’ to apply to the purchase quantity rule, ‘10%’ and the word ‘off’ to subtract from the total.

Dev asked me:

Dev: “How can I use reflection to parse the string and determine what are integers, decimals, and percents?”
Me: “That sounds complicated. Why would you do that?”
Dev: “It’s only a string. Parsing it was easy. First we need to know how to extract numbers and be able to compare them.”
Me: “I’ve seen the data structures, wouldn’t it be easier to serialize the objects to JSON and store the string in the database? When you deserialize, you won’t have to parse or do any kind of reflection. You should try to keep the rule behavior as simple as possible. Developing your own tokenizer that relies on reflection and hoping the UI doesn’t change isn’t going to be reliable.”
Dev: “Tokens!...yea…tokens…that’s what we want. I’ll come up with a tokenizing algorithm that can utilize recursion and reflection to extract all the comparable data structures.”
Me: “Wow…uh…no, don’t do that. The UI already has to map the data, just make it easy on yourself and serialize that object. It’s like one line of code to serialize and deserialize.”
Dev: “I don’t know…sounds like magic. Using tokens seems like the more straightforward O-O approach. Thanks anyway.”

I probably getting too old to keep up with these kids, I have no idea what the frack he was talking about. Not sure if they are too smart or I’m too stupid/lazy. Either way, I keeping my name as far away from that project as possible.

me: the source code is currently store on GitHub and we use GitHub Actions after each updates to compile your code into binary before deploying to your servers
client: storing source code on GitHub (external server) is insecure and breaks compliance
me: so i guess you will need to have a copy of the source code on all your servers and build them directly there (too cheap to have a separate build server) instead of using GitHub Actions
client: yeah
me: keep in mind that all your certificates and tokens are going to be store as plain text in all your servers so if a hacker gain access to anyone of your servers, they will have access to everything.
client: yeah, this is in compliance to our security policy

Devs: Hey, what should we do?

A:
provide our SDKs for download as easily as possible so that any potential customer can try it out and see how much better we are compared to our competitors?

Or…
B:
Should we lock our SDKs behind a login where the customer needs to create an account and enter the most amount of private information possible, just in case, then also require to create some security access tokens that he needs to configure in his app to have access to our service via the sdk and also hide all of the documentation behind a login which requires some permission based roles to access and also make the sdks closed source so that it’s a pain in the ass to debug and understand?

Marketing people:
B! Definitely B! Make sure to piss off and annoy our customers as much as humanly possible!

Phish everyone's slack tokens, make markov chain bots that immitate everyone and delete any messages not coming from the bots.

Have the entire company chatting with itself nonsensically without allowing any human interaction for a whole day.

Then buy the sysadmin their favorite bottle of alochol for the trouble I put them through.

After working for this company for only a couple years, I was tasked with designing and implementing the entire system for credit card encryption and storage and token management. I got it done, got it working, spent all day Sunday updating our system and updating the encryption on our existing data, then released it.

It wasn't long into Monday before we started getting calls from our clients not being able to void or credit payments once they had processed. Looking through the logs, I found the problem was tokens were getting crossed between companies, resulting in the wrong companies getting the wrong tokens. I was terrified. Fortunately I had including safe guards tying each token to a specific company, so they were not able to process the wrong cards. We fixed it that night.

I'm a "published" freelance dev!

Last night I made my first web application available to the internet. It's an internal enterprise management system for a small non-profit.

It's running on a single $6 a month digitalocean droplet, and the domain is $12 a year, so yearly cost for them is absolutely rock bottom.

It's written in asp.net 6.0 razor pages, nginx reverse proxy, certbot for HTTPS certificates, fail2ban for ssh protection (ssh login is via ssl keys), entity framework with MySQL.

The site itself has automatic IP banning based on a few parameters like login spam, uses JWT tokens, and is fully secured.

All together, it's a lot of value for about $100 a year.

he: checkout my crazy FUD hack (a token stealer which turned out to be far more malicious than i anticipated)
me: executes it (yes in a VM)
windows defender: lemme delet this
he: ooh i forgot the word stub in there. microsoft detects that lemme fix that sends new file
me: here we go aga..
ms defender: nononono virus 117% delet this
he: i forgot it still!!

later i deactivated ms defender and analysed the traffic of the vm. in addition to stealing my fake tokens he also tried to read my Firefox/chrome history, IP.
when i asked him (2 days later) what this was all about in his "educational only" "token stealer" he threatened to
a) publish my IP
b) publish my browser history and with that my real name and address
b.0) when i asked him for proof he said he knows that my real name is "Roman Gräf" and i live in Frankfurt. (btw i do live in Frankfurt and that is in the profile of the discord server where he found me and i have the same username on discord as i have here)
c) to kill my machine and all my projects
got bored, blocked him, shut VM down.

Today's project was answering the question: "Can I update tables in a Microsoft Word document programmatically?"

(spoiler: YES)

My coworker got the ball rolling by showing that the docx file is just a zip archive with a bunch of XML in it.

The thing I needed to update were a pair of tables. Not knowing anything about Word's XML schema, I investigated things like:
- what tag is the table declared with?
- is the table paginated within the table?
- where is the cell background color specified?

Fortunately this wasn't too cumbersome.

For the data, CSV was the obvious choice. And I quickly confirmed that I could use OpenCSV easily within gradle.

The Word XML segments were far too verbose to put into constants, so I made a series of templates with tokens to use for replacement.

In creating the templates, I had to analyze the word xml to see what changed between cells (thankfully, very little). This then informed the design of the CSV parsing loops to make sure the dynamic stuff got injected properly.

I got my proof of concept working in less than a day. Have some more polishing to do, but I'm pretty happy with the initial results!

First personal project in my new employment.

This is the situation:

[ • ] Frontend
Drupal with custom module which load an Angular 6 application inside certain urls. Da hell for my eyes but interesting in somewhat.

[ • ] Back end
SharePoint "database" middled by a my-boss-written Java layer used to map SharePoint tokens in something more usable

Excerpts from "Bastard devops from hell" checklist:

- Insistently pronounce git with a soft "G" and refuse to understand people not using that pronunciation, the same goes for jithub, jitlab, jit lfs, jitkraken etc.

- Reject all pull requests not in haiku format, suggest the author needs to be more culturally open minded when offending.

- increment version numbers ONLY based on percentage code changed: Less than 1% patch increment, less than 5% minor increment, more than that major version increment.

- Cycle ALL access keys, personal tokens, connection strings etc. every month "for security reasons"

- invent and only allow usage of your own CI/CD language, for maximum reuse of course. Resist any changes to it after first draft release

Facebook API...

Facebooks "graph" or API's in general fucking stink donkey dick.

Their implementation of oAuth is horrible.. 3 different tokens, which can be either short or long lived, for fetching a facebook page feed (the clients own facebook page)
To that you add a clientID and a ClientSecret.

Great... after painstakingly reading confusing documentation and itching your head... You get it to work.

Then they, without notice, makes a breaking change of deprecate an endpoint you were using.. Jesus..

And all the support you can get comes from a "community group" which may or may not reply with a generic link to their documentation...

Here we see the world's thickest user of 2FA. That tokens are stored offline is literally the whole premise of TOTP.

!rant
So my pm gave me a task and estimated it to 6 days. I was like, well, thats a vacation for me isn't it :). I started it 3 days later and read the description... Get these api into this app..etc..mvp and all... so I worked on the views first. Later I found out that the api were totally incompatible, and no such data was found or COULD BE MADE for the app. that was day 1 :)
I kept publishing apks with empty views, nice empties If I do say so, and just said we have to wait for backend to make tokens and data. Vacation starts, (sorry boss if you're reading this :D)
On day 6, the PMs were just rushing up and down, contacting backend, back to me, then backend, office ping pong, (a lovely sight), til the senior SysAdmin said, its impossible. Of course I knew this, buuuut, who would miss such a lovely opportunity.

PS: to all PMs, keep on dreaming those impossible ideas :)

ComputerToucher: *opens Jira ticket* Dev team needs tokens for the APM for a new app with multiple tenants. Ezpz. Hey, developer. Do you want one golden token for all of your app tenants or would you like us to generate one token for each?

Developer: Let’s have a meeting to discuss it.

CT: It’s…an exceedingly simple question. One token or 4? Which does your app support?

Dev: Yeah I think we should discuss with this with the platform team, can you set up the call?

CT: (Internally) I am the platform team? Do you not know how your applica-never mind I’ll just ask the PM directly.

CT (in chat): I’ll ask PM to schedule the call.

*Goes back to Jira ticket, changes priority to 4, removes ticket from sprint entirely, picks something else to work on*

Call it mental disorder. Sickness. Masochism or just bein a demented individual...

But I used to work with classic ASP. Yes, my JS ran on servers before it was cool (I am the original tech hipster) and I was writing VBScript with it as well because why the fuck not?

And
I
LIKED IT.

Kinda miss it to be honest. Shit was simple as fuck, the downside of it was the "fuckLibrariesAndDoShitByHand.asp" mentality and consequence of using old tech....but I liked it.

Tutorials for that shit had to teach you damn near everything in one book, not just how to code it, but how to really work with servers on the bare minimum and one would learn sooo much. Now a days most books be like "this is how you do yo auth tokens..because all y'all mofockas should know this shit by now" NO mofocka! Our books was all about "aaaallrighty dipshit, this shit here is auth, and in order to bla bla blah" THOROUGHT AS FUCK B.

So yeah......i had fun, by far not my first choice on new shit, but shit was fun.

I'm so fed up of this shitty ultra-ortodox industry

I've worked on many different projects, been in many different teams. It's an ever changing industry, but, surprisingly, it's so orthodox. Dev industry nowadays have some rules, that everybody adopts them as "best practices". You have to work on pull requests, and several of your teammates have to review your shit (as if they have nothing better to do).
I'm sick of people using fucking DTOs in shitty frameworks like Laravel. Using DTOs in Laravel is like putting mustard in a fucking chocolate cake.
I'm so fed up of SPAs and node.js. I've yet so see a single SPA that handles jwt tokens correctly. I'm tired of spending hours and hours, days and days, struggling with thousandls of layers of abstractions instead of being productive and getting the shit done.
Because end customers don't give a shit about your "best practices": They have a problem and you are getting paid for it to be solved, not for spending hours and hours struggling with stupid Javascript and its crazy async nature and their crappy libraries.

Damnit. I say. Now. I now feel better. Thanks for listening :)

If we had a devRant vote on the most annoying word of 2018, I'd vote for "token".
Token here, token there, token yourself in the rear!

Some project I'm currently working on has to fetch 4 different tokens for these syphillis-ridden external CUNTful APIs.
Your mother inhales dicks at the trainstation toilet for one token!

when the client sends you a screenshot of his paypal credential tokens.

AI tokens are just microtransactions for programmers

OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm. The better alternatives include:

1. RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms (now used by default if the client and server support them).

2. The ssh-ed25519 signature algorithm.

3. ECDSA algorithms: ecdsa-sha2-nistp256/384/521.

In this release, support for FIDO/U2F hardware tokens. Also noteworthy, a future release of OpenSSH will enable UpdateHostKeys by default to allow the client to automatically migrate to better algorithms.

Hmm...recently I've seen an increase in the idea of raising security awareness at a user level...but really now , it gets me thinking , why not raise security awareness at a coding level ? Just having one guy do encryption and encoding most certainly isn't enough for an app to be considered secure . In this day an age where most apps are web based and even open source some of them , I think that first of all it should be our duty to protect the customer/consumer rather than make him protect himself . Most of everyone knows how to get user input from the UI but how many out here actually think that the normal dummy user might actually type unintentional malicious code which would break the app or give him access to something he shouldn't be allowed into ? I've seen very few developers/software architects/engineers actually take the blame for insecure code . I've seen people build apps starting on an unacceptable idea security wise and then in the end thinking of patching in filters , encryptions , encodings , tokens and days before release realise that their app is half broken because they didn't start the whole project in a more secure way for the user .

Just my two cents...we as devs should be more aware of coding in a way that makes apps more secure from and for the user rather than saying that we had some epic mythical hackers pull all the user tables that also contained unhashed unencrypted passwords by using magix . It certainly isn't magic , it's just our bad coding that lets outside code interact with our own code .

We are going to start accepting credit cards again. Old boss wants to store the tokens in plain text work the last 4 digits of the credit card...

Dear Microsoft power bi team.
Go fuck yourself. Put that dashboard up your ass. The documentation for this is a joke.

The doc says I can get my tokens from azure portal. But guess what. The portal is a sea. And seems like powerbi is moved out from portal to its own powerbi.fuckyoumicrosoft.com

What the actual fuck you dimwits. Why don't you document it properly ?
For fuck sake. Go show up your analytics deep into your pie chart.

PM asked me to develop an application to fetch data from the customer's DB, which would require an access security token provided by the customer. To get the token, I would have to travel to Germany (I live in Portugal) to get it personally (it's not possible to have someone else pick it up for me).

It turns out the security token is a completely closed environment, with its own OS, without the possibility of installing any application or communicating with the exterior. The laptop itself would boot from the token's OS.

It was concluded I would have to hack the security token, which is completely non compliant. So the PM decided not to go forward with it.

But now, I have to go Germany anyway to pick up the security tokens because they forgot to order them for these other guys who would be using them to access the customer's DB manually and they don't want to delay the project anymore.

Oh, and the security tokens cost the project 500€/month each...

This is fucking mental. Nextjs is a fucking unoptimized piece of fucking trash framework. When i dont touch it for several days magically everything breaks and no longer works. What the FUCK is this garbage framework.

Also i just npm run dev after 3 days of not touching the project, when it started routing is fucking dead, freezes and loading forever, getting stuck at UI, checked activity monitor just to see this piece of fucking cum eat 330-390% of my fucking CPU

Powered by Shitcel

Nextjs unstable cum gargled bullshit garbage framework for script kiddies who think they know shit about programming but they're mindless retards who know nothing about security, jwt tokens or even devops infrastructure or IaC. Fucking useless overexaggerated trillions of dollars of marketing budget for Shitcel's framework called nextjs is not as good as the fake marketing campaign portrayed it to be. It was all a fabricated lie. A fascade. A hollywood shitshow. A faked moon landing type of framework. A fucking meme framework. Fucking pissed off for wasting my time learning it

Good morning to everyone, except that one Twitter dev who one day woke up and was like "YOU KNOW WHAT, MY APPLICATION WILL FEATURE BOTH OAUTH1 AND OAUTH2 ENDPOINTS, BUT SOME FEATURES WILL BE EXCLUSIVE TO EITHER OF THE TWO -NOT NECESSARILY THE MOST RECENT, JUST A RANDOM ONE-, AND ALSO THE OFFICIAL TWITTER LIBRARY WON'T COVER ALL THE ENDPOINTS SO PEOPLE WILL HAVE TO RESORT TO RAW HTTP REQUESTS INSTEAD OF USING MY SDK AND ALSO I'MMA MAKE DEVELOPERS FILL 2 VERY DETAILED FORMS, REQUIRING PERSONAL DATA AND ACTUAL REAL PHONE CALLS, JUST TO START DEVELOPMENT WITH 7 DIFFERENT AUTHENTICATION TOKENS, BECAUSE SOME REQUESTS WILL REQUIRE A DIFFERENT AUTHENTICATION METHOD THAN THE OTHER REQUESTS DESPITE ALL OF THEM PERTAINING TO THE SAME FUCKING ENTITY"

I've been using the Square REST API and I spent one hour thinking there was something wrong in my code until I f** found that THEY were not following OAuth 2 guidelines, which made their workflow incompatible with the OAuth lib I was using, so I had to mark an exception for Square's OAuth from the rest of my OAuths. Specifically, RFC 6749 Section 4.2.2 and 5.1.

However, after reading OAuth 2 guidelines, I became angry at THEM instead. The parameter `expires_in` should be the "lifetime in seconds" after the response. This will always be innevitably inaccurate, since we are not taking into account the latency of the response. This is, however, not a huge problem, since the shortest token lifetimes are of an hour (like f** Microsoft Active Directory, who my cron jobs have to check every ten minutes for new access tokens). Many workflows (like Microsoft, Square, and Python's oauthlib) have opted to add the `expires_at` parameter to be more precise, which marks the time in UTC. However, there's no convention about this. oauthlib and Microsoft send the time in Unix seconds, but Square does this in ISO 8601. At this point, ISO 8601 is less ambigious. Sending a raw integer seems ambiguous. For example, JavaScript interprets integer time as Unix _milliseconds_, but Python's time library interprets it as _seconds_. It's just a matter of convention, a convention that is not there yet.

Hope this all gets solved in OAuth 2.1 pleeeaasseee

I feel like I beat "the man"

Dunno if any of you guys have picked up on this, but the Microsoft Docs (for asp.net) are basically one big fucking jumbotron advertisement for IdentityServer

The very same IdentityServer who dropped their free, open-source project and turned into an -aaS

It really seems like MS is frothing at the fucking mouth to have you use IdentityServer and offers no real alternatives whatsoever besides something like Facebook or Twitter login.

But I did my studies

Read my articles

And implemented proper Jwt tokens with rolling refresh tokens.

Simpler, more efficient, and compromises nothing. And I didn't pass my money off to some company to do it for me.

Fuck you, Microsoft, and the IdentityHorse you were paid to ride in on.

A hacker wiped some git repos and is asking for ransom in bitcoins. What a shitshow. I'm telling you this guy is messing with the wrong people!

The root cause as reported was weak passwords and unremoved tokens.

What the absolute fuck is this!
Fucking bash needs to get its shit together with its fucking strings.
I don't fucking know why str1 + var2 = var2tr1
Like who designed this fucking bullshit!

I've spent the past 8 hours today counting all my ' and " and making sure everything is getting passed correctly.

And how do you even google this shit anyways!

And why the fuck is the official suggestion from the bash FAQ to load everything into an array and to call it with "${ARRAY[@]}"

WHO THE FUCK DECIDED THAT WAS READABLE!!

AUGH!!!

In case anyone was wondering. It didn't work anyways.

I think I'm done for today... I can't anymore...

for anyone wondering. This is bash getting executed by nodejs with execSync()
and those tokens are temporary and only exist on my dev machine. Sorry for getting your hopes up.

Why are these SAMPLES NOT WORKING!?

It's supposed to just be reading and writing OAuth2 tokens from session.

I'm THIS CLOSE |__| to getting things working and I had to leave work. The fucking worst.

On the bright side, I think I finally understand how OAuth2 works. I need to write an article that actually explains it properly because I've had to read dozens to get a good grasp on it.

After a lot of work I figured out how to build the graph component of my LLM. Figured out the basic architecture, how to connect it in, and how to train it. The design and how-to is 100%.
Ironically generating the embeddings is slower than I expect the training itself to take.

A few extensions of the design will also allow bootstrapped and transfer learning, and as a reach, unsupervised learning but I still need to work out the fine details on that.

Right now because of the design of the embeddings (different from standard transformers in a key aspect), they're slow. Like 10 tokens per minute on an i5 (python, no multithreading, no optimization at all, no training on gpu). I've came up with a modification that takes the token embeddings and turns them into hash keys, which should be significantly faster for a variety of reasons. Essentially I generate a tree of all weights, where the parent nodes are the mean of their immediate child nodes, split the tree on lesser-than-greater-than values, and then convert the node values to keys in a hashmap to make lookup very fast.

Weight comparison can be done either directly through tree traversal, or using normalized hamming distance between parent/child weight keys and the lookup weight.

That last bit is designed already and just needs implemented but it is completely doable.

The design itself is 100% attention free incidentally.

I'm outlining the step by step, only the essentials to train a word boundary detector, noun detector, verb detector, as I already considered prior. But now I'm actually able to implement it.

The hard part was figuring out the *graph* part of the model, not the NN part (if you could even call it an NN, which it doesn't fit the definition of, but I don't know what else to call it). Determining what the design would look like, the necessary graph token types, what function they should have, *how* they use the context, how thats calculated, how loss is to be calculated, and how to train it.

I'm happy to report all that is now settled.

I'm hoping to get more work done on it on my day off, but thats seven days away, 9-10 hour shifts, working fucking BurgerKing and all I want to do is program.

And all because no one takes me seriously due to not having a degree.

Fucking aye. What is life.

If I had a laptop and insurance and taxes weren't a thing, I'd go live in my car and code in a fucking mcdonalds or a park all day and not have to give a shit about any of these other externalities like earning minimum wage to pay 25% of it in rent a month and 20% in taxes and other government bullshit.

Security is a joke. And people don't seem to get it. Especially Data mungers.

I've spent about half an hour trying to work out how to securely connect to power BI using PowerShell in a renewable manner for unattended access later on.

Every single example I've found seems to involve you storing $user and $password variables inside your script. If I'm lucky, they're going to pass them through ConvertTo-SecureString. And nobody talks about securely storing AD auth tokens, or using the Windows Credential Manager.

I know it's possible, but it's going to take me ages to work out how from all sorts of disparate sources...

How it started:

Need to replace in a lot of SQL files certain stuff...

find . -type f -iname '*.sql' -exec sed -i 's|new|old|g' {} \;

12 hours later that find executed a shell script containing roughly 120 lines of text pipelining.

The jolly of inconsistent workflows.

Different SQL format stylings... Makes fun when single line string replace needs to be extended to multiline RegEx handling. Or matching SQL comment configuration..

Different line endings. MacOS, Windows, Unix, Bukkake.

Different charsets / collations. Anyone wants latin1_swedish_ci... utf8... utf16... :/

Realizing some people even left sensitive data inside the SQL files (e.g. API Tokens..... Yayyyyyyy).

...

Ugh. It's never a one liner. It's never easy. -.-

I hate cleaning up messy shit.

How do I make my manager understand that something isn’t doable no matter how much effort, time and perseverance are put into it?

———context———
I’ve been tasked in optimizing a process that goes through a list of sites using the api that manage said sites. The main bottle neck of the process are the requests made to the api. I went as far as making multiple accounts to have multiple tokens fetch the data, balance the loads on the different accounts, make requests in parallel, make dedicated sub processes for each chunks. All of this doesn’t even help that much considering we end up getting rate limited anyway. As for the maintainer of the API, it’s a straight no-can-do if we ask to decrease the rate limit for us.

Essentially I did everything you could possibly do to optimize the process and yet… That’s not enough, it doesn’t fit the 2 days max process time spec that was given to me. So I decided I would tell them that the specs wouldn’t match what’s possible but they insist on 2 days.

I’ve even proposed a valid alternative but they don’t like it either, admittedly it’s not the best as it’s marked as “depreciated” but it would allow us to process data in real time instead of iterating each site.

I was thinking about how I implement login functionality, and realised I have no clue how I came up with it so decided to ask if it was a good way to do things.

Basically, client logs in, username/email and pass are sent to server.

Server salts and hashes password and checks it against the one in the database for that user.

If its correct, send the client the user ID and the user token. (User id could be username, or a number, it depends)

When that client makes a request, the request must contain the ID and token.

The server checks that the ID and token combo are correct, and because the ID is linked to the user we know who it is and can complete the request.

Usually I make the token a random string of 16 or 32 chars, each account has their own token, and it may be stored in the browser so they stay logged in. I also normally add a "log out everywhere" button, which essentially just generates a new token to overrides the current one, making any previously saved tokens invalid.

Im new on GitHub, and google didnt give me an answer simple enough for me to understand, so here i go.

How do i commit to GitHub and keep my files up to date, but without committing my password/oauth tokens?
Does one remove the line before committing, or what are you supposed to do?

Im using IntelliJ, dark theme

Three-factor authentication:
1. Setup an Amazon.com account.
2. Setup an Amazon Web Services account under the same e-mail address
3. Setup two-factor authentication for both systems.
4. Login to Amazon Web Services in a new browser session, and you'll be required to provide BOTH security tokens at login (Amazon.com first, then AWS second.)

Mind blow of the week: JavaScript has no "else if".

It's always two tokens. Not one. It's NOT like python's "elif".

It's ALWAYS chaining an additional and DISTINCT if statement in the else clause of the first. It is NOT creating multiple comparison paths in the same if statement as it would seem.

For example:

if(a) console.log(a);
else if(b) console.log(b);
else console.log(c);

Simply needs more proper indentation to show which "if" the "else" actually belongs to:

if(a) console.log(a);
else
if(b) console.log(b);
else console.log (c);

Guess why the tokens were being piled up...

A conversation that i had with my co-worker today. I was having trouble getting into UAT to troubleshoot.

me
i lost access to UAT again

co-worker
F. So secure we can't even get in

me:
lol

co-worker:
I'll email whoever we did last

me:
i can get through the first phase(where you enter pin+rsa)
it denies me access after that
says bad username or password

co-worker:
Oh ok. Prolly just need to reset your pwd then. I'll find the email for helpdesk and fwd.
At least ur RSA works.

me:
yeah what a joy

co-worker:
If it's locked you may need to try from a Windows box. Horizon is bugged on Mac where the submit button stays disabled even when you type a pwd.

me:
i couldnt contain my happiness that my RSA worked
😃

co-worker:
Yeah it's exhilarating
Whenever I pick up my rsa token my life re-finds it's purpose and I feel like I'm meddling through a field of sunflowers.

I once tried to get my RSA token tattooed but it switched too quick.

me:
lol its faster that Usain Bolt

co worker:
Russia got kicked out because of their RSA tokens

@dfox I saw a few posts lately, about websites that people did. So besides the collabs, I'd like to suggest a new section. "DevReviews" or what ever. The basical idea is, every one, that is signed up gets one "token" devRant ++ suporters maybee an additional free token every months or whatever.
If you wan't your website reviewed, you can post it there and people reviewing it will get such a token for their review.
To ensure a certain quality of the reviews, I'd put a minimum caracter length and a "dispute" function, where the review is taken to a community voting, if the person giving the review should get the token, or if the review should be dismissed. Additional "tokens" for additional/more reviews can be bought through the app, that could help a lot of devs get quality reviews and testing and earn you some $ for the servers.

PSA Cloudflare had a bug in there system where they were dumping random pieces of memory in the body of HTML responses, things like passwords, API tokens, personal information, chats, hotel bookings, in plain text, unencrypted. Once discovered they were able to fix it pretty quickly, but it could have been out in the wild as early as September of last year. The major issue with this is that many of those results were cached by search engines. The bug itself was discovered when people found this stuff on the google search results page.

It's not quite end of the world, but it's much worse than Heartbleed.

Now excuse me this weekend as I have to go change all of my passwords.

I'm a C++/Obj-C programmer finding it ludicrously hard to switch to Swift.

I find that the constant ability (leading to very poor programmer code) to reduce syntax and add tokens reduces readability and nowhere is this more apparent that with closures.

I'm working through (to my shame) Ray Wenderlich's Swift course and the closure chapter has this:

PS I loathe K&R as much as I do Swift so it's all in Allman formatting for clarity.

let multiply: (Int, Int) -> Int =
{
(a: Int, b: Int) -> Int in

// do Something else

return a * b
}
Why oh why isn't this more simply and elegantly written as:

let multiply = (a: Int, b: Int) -> Int
{
// do Something else

return a * b
}
The equals sign shows clearly that it's a closure definition assignment, as does the starting 'let'. But this way all of the stupid excesses, like the 'in' keyword, the repetition of the params / return type only this time with useful labels and additional tokens are removed and it looks and reads much more like a regular function and certainly a lot more clearly.

Now I know that with the stupid ability of Swift you can reduce all this down to return $0 * $1, but the point I'm making is that a) that's not as clear and more importantly b) if this closure does something more than just one line of code, then all that complicated stuff - hinted to by the comment '// do Something else' means you can't reduce it to stupid tokens.

So, when you have a clousure that has a lot of stuff going on and you can't reduce it to stupid minimalism, then why isn't is formatted and syntactically better like the suggestion above?

I've mentioned this on the Swift.org (and got banned for criticising Swift) but the suggestions they came up with were 'use type inference' to remove the first set of params / return type and token.

But that still means the param list and return type are NOT on the same line as the declaration and you still need the stupid 'in' keyword!

Project with partner company, during the meeting I asked them how can we secure the communication between two services. I suggested api keys, tokens. They were like nope, no need. But I asked them for their IPs to do whitelisting on our side in Nginx.

But their side, nah not even whitelisting, no tokens, no validations. If one has address, can send anything from anywhere.

How hard would it be to do at least, AT LEAST simple token validation. And they are using the very old IIS server. I think for them as long as data flows in as expected, it is fine.

We needed to generate secret tokens for the app, me being as curious as I am, asked what encryption algorithm they were using, little did I know the the answer would be a random string generator.

Every day further from god.

Adaptive Latent Hypersurfaces

The idea is rather than adjusting embedding latents, we learn a model that takes
the context tokens as input, and generates an efficient adapter or transform of the latents,
so when the latents are grabbed for that same input, they produce outputs with much lower perplexity and loss.

This can be trained autoregressively.
This is similar in some respects to hypernetworks, but applied to embeddings.

The thinking is we shouldn't change latents directly, because any given vector will general be orthogonal to any other, and changing the latents introduces variance for some subset of other inputs over some distribution that is partially or fully out-of-distribution to the current training and verification data sets, thus ultimately leading to a plateau in loss-drop.

Therefore, by autoregressively taking an input, and learning a model that produces a transform on the latents of a token dictionary, we can avoid this ossification of global minima, by finding hypersurfaces that adapt the embeddings, rather than changing them directly.

The result is a network that essentially acts a a compressor of all relevant use cases, without leading to overfitting on in-distribution data and underfitting on out-of-distribution data.

I fucking hate Figma.

It's primary use case is designing web applications, yet all of its naming conventions are based on SVG.

So you have to fight with designers trying to shoehorn SVG naming conventions into design tokens.

"Stroke" is border. Every time I see this I feel like I'm having a stroke.

"Drop-shadow" is box-shadow. This one really pisses me off because the properties you set for drop shadows are not valid drop shadow filters unless by some miracle the designer didn't discover the spread property. I suppose this doesn't matter because 99% of the time the code will apply a box-shadow anyway.

"Effects". FFS.

/rant

Fuckin facebook and your 'long life' access tokens

Android studio gradle nightmares, cli not picking active jdk, intellij maven horrorshow, vscode being the nexus of perdition itself. When I'm dead and gone, scatter my ashes over sublime text. NEVER encountered a headache, ever. The setting for autosave is one forum visit away. 1000s of utilities at my fingertips, with shortcuts, not silly plugins. Neither hangs nor fusses irrespective of how many windows, projects, tabs I've got open. Gargantuan code real estate despite having a file panel and file preview. The only guys who got monokai right. Can open random editors and fill them with notes without first saving. A more intuitive vcs gui than even github desktop. More lightweight to download than an beep.ogg. Never lags cuz it wants to be powered by a wind turbine. It's free. Literally all the sorrows that terrorise my dev in its peers, all gone

Yes, it's not "integrated" to my de, in the sense that its intellisense is a glorified autocomplete for existing tokens. I guess, tradeoffs must be made. If you know the language well enough not to grope handheld by the ide, or in dynamic typed languages where red, squiggly lines will not bring your software down to its knees, it should be head and shoulders above those conartistes

Enterprise edition una

Hey this is my first post on This new fitness-tracker-app community

I will tell y'all my workout :)

-programming a parser

FUCKING HELL PLEASE STOP ALREADY THIS IS THE WORST SHIT IVE EVER DONE EVERY WHERE IF STATEMENTS JUST TO CONSUME FOUR FUCKING TOKENS I DONT WANT TO DIE BUT I'D LIKE THIS PROJECT TO BE FINISHED ALREADY BECAUSE THIS IS ANNOYING AS FUCK I REALLY WANT TO KICK MY COMPUTER WHILE TELLING IT TO BE THE MOST STUPID BRAIN ON THE WORD AND THEN REMEMBERING THAT ITS NOT A BRAIN FUCK MY FUCKING FUCK HELL THEN I WOULD KILL THE PEOPLE WHO THOUGHT THAT MAKEING std::vector::end() RETURN AN ITERATOR WITHOUT ELEMENT WAS FINE AND THEN I'D KILL ALL THOSE WHO COME INTO MY ROOM THUS DISTURBING MY WORKFLOW

Enough rage.

After years of back-end development there's a thing which keeps bugging me: how little "interactive" the development process can be.
When I did front-end I took for granted that the application I was developing was easy to run so I could immediately test any little change I do on code but on back-end this is rare to see: you develop with tons of external dependencies (authentications, VPNs, databases...) so getting your application up and running can be an huge hassle and testing API controllers can be slow and frustrating since I have to continuously juggle multiple development environments, manually regenerate tokens, do guesswork to find which parameters you have to use for your API request, maintain my Postman/Insomnia HTTP calls collection to prevent it from turning into an unusable spaghetti mess... lots of repetitive tasks which kills my focus and makes me struggle in getting into a decent flow.

Automated testing has lot of potential in helping with that but its hard to introduce when you're rewriting a legacy sistem and you're already exceeded your budget.

I wonder if I'll keep doing back-end once I'm done with this project.

Can we take a moment to recognize how absolutely retarded JS' event system is?
Events aren't objects. No, they're managed by an object, and identified by a string.
To subscribe to an event, you call object.addEventListener(name, callback). Because for some reason we can't just have an event object. Events MUST have an owner.
But to unsubscribe you don't call the function addEventListener returned, you don't use the token it returned either. No, you pass the same function to removeEventListener.
Because we don't use serializable tokens like in PP, and we don't return functions like in FP, no, we use functions as tokens, realising idiomatic DFP.

the one that exists (c#) seems underused compared to where it could (or even should) be used. and the place that uses it the most (enterprise) butchers and mangles its use, just as enterprise tends to do with everything.

the one that i'm designing... the fact that it doesn't exist yet, and that even as i'm zeroing in on syntax and philosophy that i'm very much starting to be proud of, i still don't have a proper idea of how to implement even the most basic parser/interpreter for it, not because it's in any way difficult or unusual, but just because... i've never done that before, so i get into weird circular thought paths that produce weird nonsensical code...

... on top of that, i still only have a very, very fuzzy idea of how will it (sometime in extremely distant future) actually implement the most interesting and core feature - event-based continuous (partial) re-parsing of the source code and the fact that traversing the tokens at the leaf level of the syntax tree should result in valid machine code (or at least assembly) that is the "compiled" program.

i *know* it's possible, i just don't yet know enough to have a contrete idea how exactly to achieve it.

but imagine - a programming language where interactive programming is basically the default way of working, and basically the same as normal programming in it, except the act of parsing is also the (in-memory) compilation at the same time, so it's running directly on the hardware instead of via interpretrer/vm/any of that overhead crap.

also then kinda open-source by definition.

and then to "only" write an OS in that, and voilá! a smalltalk-like environment with non-exotic, c-family syntax and actual native performance!

ahhh... <3

* a man can dream *

When a senior asks me, the guy who started 4 months ago about documentation on something that they’ve been using for several years. Haha, yeah bro, wouldn’t all of our job be a lot easier? I’ve been going down entire rabbit hole networks trying to find credentials and API tokens for the last month because there was no documentation 🤷🏻‍♂️

Imagine buying a 16 tflops GPU from some manufacturer, yet the computing power is somehow shared, and when they need to produce some more GPUs, they just take some part of your 16 tflops, as well as from all the other people who bought these GPUs, so suddenly you have 15.6 tflops, yet money is never sent back to you, and you have no control over such decisions.

Oh, you tell me it's "robbery"? Yet federal reserve does the exact same thing by creating money out of thin air, basically taking their cuts off of every person's monetary value.

For your very real work, companies pay you with something that can be created out of thin air, and then that something loses its value when new tokens are created.

This is slavery. From now on, I'm going to call dollars "slave tickets".

Who in their right mind would do this / think of this....

Salesforce has the option use their API. Either via SOAP or Rest. At my work we currently use SOAP and I wanted to rewrite that to Rest. Fine, you would say.

Their Rest API uses oAuth, nothing fancy you would think. But those motherfuckers, per default have the option enabled that the refresh tokens you get via the necessary API calls are being marked expired the moment the API gives them to you... Then why the hell give them in the first place.

It took me 2 hours of my life to figure out, why in godsname all my refresh tokens were marked as expired. Fuck you Salesforce, I want those 2 hours back! God fucking damn it... I really fed up with this type of bullshit!!

One advantage of JWT that I never realized: session tokens are stored client side, saving network calls to validate them.

Very cool. Love it.

Unpopular opinion: given your server has enough entropy, UUID v4 is a good session token.
It allocates 122 bits for the randomly generated part. OWASP recommends session tokens to contain at least 64 bits of entropy while being at least 16 hexadecimal characters long.

I changed my twitter password on web on the day they discovered the passwords in plaintext in their logs, and till today, I've not been logged out of the mobile client

Rant

The rumour goes that, with meetings with the highest staff, attendees lay their tokens (to enter the building) on the table in case they get fired and have to leave that very moment.

I once had to attend such a meeting as a simple application engineer. They had heard I could "do stuff with SharePoint".

The part about the tokens was a myth but that people get fired right away was not! One did get fired! I shit bricks back then. Especially when I got asked something very ridiculous and impossible... how would I say no?

Luckily I came up with an alternative.

But Damn. .. glad I left that place

When you commit your repo with the configure file with keys and tokens and then need to delete the repo and start again

1/2 dev and a fair warning: do not go into the comments.
You're going anyway? Good.

I began trying to figure out how to use stable diffusion out of boredom. Couldn't do shit at first, but after messing around for a few days I'm starting to get the hang of it.

Writing long prompts gets tiresome, though. Think I can build myself a tool to help with this. Nothing fancy. A local database to hold trees of tokens, associate each tree to an ID, like say <class 'path'> or some such. Essentially, you use this to save a description of any size.

The rest is textual substitution, which is trivial in devil-speak. Off the top of my head:
my $RE=qr{\< (?<class> [^\s]+) \s+ ' (?<path>) [^'] '\>}x;

And then? match |> fetch(validate) |> replace, recurse. Say:
while ($in =~ $RE) {
my $tree=db->fetch $+{class},$+{path};
$in=~ s[$RE][$tree];
};

Is that it? As far the substitution goes, then yeah, more or less. We have to check that a tree's definition does not recurse for this to work though, but I would do that __before__ dumping the tree to disk, not after.

There is most likely an upper limit to how much abstraction can be achieved this way, one can only get so specific before the algorithm starts tripping balls I reckon, the point here is just reaching that limit sooner.

So pasting lists of tokens, in a nutshell. Not a novel idea. I'd just be making it easier for myself. I'd rather reference things by name, and I'd rather not define what a name means more than once. So if I've already detailed what a Nazgul is, for instance, then I'd like to reuse it. Copy, paste, good times.

Do promise to slay me in combat should you ever catch me using the term "prompt engineering" unironically, what a stupid fucking joke.

Anyway, the other half, so !dev and I repeat the warning, just out of courtesy. I don't think it needs to be here, as this is all fairly mild imagery, but just in case.

I felt disappointed that a cursed image would scare me when I've seen far worse shit. So I began experimenting, seeing if I could replicate the result. No luck yet, but I think we're getting somewhere.

Our mission is clearly the bronwning of pants, that much is clear. But how do we come to understand fear? I don't know. "Scaring" seems fairly subjective.

But I fear what I know to be real,
And I believe my own two eyes.

Has anybody else gotten to the point where people who need to mansplain how language models aren't truly sentient/conscious/intelligent are now more annoying than people who think language models are sentient/conscious/intelligent?*

While it has been a tight race but I think I have just about hit the inflection point.

The amount of time I've wasted because of someone condescendingly barging into a conversation with a iamverysmart 'actually you see they are just automata trying to predict the next text tokens'. When in actuality, everybody in the discussion is aware and that is not the point.

And to further exacerbate it, with a good number of them it is really difficult to get this through their thick little skulls. They just keep parroting the same thing over and over. Ironically, in their singleminded ego driven desire to be the Daniel Dennett of the chat they actually come across as less sentient/conscious/intelligent than a language model.

(*this should not be taken as endorsement for or against that idea - it is actually mostly orthogonal to this rant)

Does anyone else hate the Facebook SDK or is it just me?

You have to jump through so many hoops and get different tokens for different end points. Why???

Take a lesson from Google. Get an API key and send a get request. Simple.

Saw someone who wants to do a project online, asked what project it is, now hear me out:
A platform to share tech gossips, use web3 and tokenization to maintain privacy, and allow users to bet on the gossip using tokens

I mean… fuck me…

I'm sure this has been discovered before but I just realized that a lexer defined as a set of functions which tail-call each other with the leftover text to switch states can record the location of tokens from the back of the string, thereby eliminating a parameter from pretty much every function. The world is full of wonder.

There was this question I came up with that was very good at inducing hallucinations on what at the time I thought was a *lobotomized* LLM.

I can't recall the exact wording right now, but in essence you asked it to perform OpenGL batched draw calls in straight x86_64 assembly. It would begin writing seemingly correct code, quickly run out of registers, and then immediately start making up register names instead of moving data to memory.

You may say: big deal, it has nowhere to pull from to answer such an arcane fucking riddle, so of course it's going to bullshit you. That's not the point. The point is it cannot realize that it's running out of registers, and more importantly, that it makes up a multitude of register names which _will_ degrade the context due to the introduction of absolute fabrications, leading to the error propagating further even if you clearly point out the obvious mistake.

Basically, my thought process went as follows: if it breaks at something fundamental, then it __will__ most certainly break in every other situation, in either subtle or overt ways.

Which begged the question: is it a trait of _this_ model in particular, or is it applicable to LLMs in general?

I felt I was on to something, but I couldn't be sure because, again, I was under the impression that the model on which I tested this was too old and stupid so as to consider these results significant proof of anything; AI is certainly not my field, so I had to entertain the idea that I could be wrong, albeit I did so begrudgingly -- for obvious reasons, I want at least "plausible based on my observations" rather than just "I can feel it in my balls".

So, as time went on, I made similar tests on other models whenever I got a chance to do so, and full disclosure, I spent no money on this so you may utilize that fact in your doomed attempt to disprove me lmao. Anyway, it's been a long enough while, I think, and I have a feeling you folks can guess the final answer already:

(**SLIGHTLY OMINOUS DRUM ROLL**)

The "lobotomy" in question was merely a low cap on context tokens (~4000), which I never went over in the first place; newer/"more advanced" models don't fare any better, and I have been _very_ lenient in what I consider a passable answer.

So that's that, is what I'm starting to think: I was right all along, and went through the burdensome hurdle of sincerely questioning the immaculate intuition of my balls entirely for naught -- learn from this mistake and never question your own mystical seniority. Just kidding, but not really.

The problem with the force of belief is it can work both ways, by which I mean, belief that I could be wrong is the reason I bothered looking further into it, whereas belief to the contrary very much compels me to dismiss doubt entirely. I don't need that, I need certainty, dammit. And though I cannot in good faith say that I am _certain_, "sufficiently convinced" will have to do for the time being.

TL;DR I don't know but the more I see it just seems shittier.

I am new to c and cpp.
I used to exploit my college's competitive programming platform cus it had a bad architecture and almost no auth checks.
For every ajax request, they weren't sending auth tokens or any form of identification and ran all the programs without any logs and on the main thread and as root.. wtf, right?
But recently they've changed something to the site and I cannot run bash commands using system() call.
Is there any other way to execute bash commands using c and cpp.
I already configured a miner in their server but then they re-deployed it cos someone forked bomb the shit out of it.
I'm a noob in c and cpp btw!

Hey, instead of using simple authentication to talk to this vendor system, we want you to use personal authentication tokens that you can't generate because we never turned that feature of the system on.

.... Seriously?

So fun fact! The Rust macro error

"Macro expansion ignores <token> and everything after it"

does NOT mean that macro expansion on general ignores this token. What it DOES mean is that the macro expanded to something, then the parser was invoked, and the parser stopped consuming tokens at the specified point.

In normal human speak, this means
"This token is invalid in its context after macro expansion. Refer to the generated code for concrete error."

I spent hours moving intermediate results into macro parameters because I thought the error meant that your macro cannot expand to the second half of a comma-separated list or whatever, until I got the same message about '(' which is very obviously permitted macro output and doesn't even really make sense given that it's not a token.

How to protect API endpoints from unauthorized usage by bots?

If the API end points are meant to be used by any incoming to CSR frontend user without prior registration?

So far, my the only idea is going from pure CSR React to something with partial SSR at least in Node.js, Django or any other backend framework. I would be able restricting some API endpoints usage to specific allowed server ip.

Next.js allows dynamically both things as well.

As alternative I have a guess to invent some scheme with temporally issued tokens... But all my scheme ideas I can break really easily so far.

Any options? If SSR is my only choice, what would you recommend as best option in already chosen Django and not decided fully front-end framework?

I have the most crazy idea to put some CSR frontend framework literally into my django backend and making initial SSR from it. The only thing its missing... my lack of skills how to use React, but perhaps I have enough time to get a hang of it.

SSRed frontend can be protected with captcha means at least.

MSAL, Microsoft's absolute dumpster fire of an authentication library. Who in their right mind designed this overcomplicated mess? The documentation reads like it was written by a committee of drunk orangutans throwing darts at a keyboard.
Want to do a simple login? HAHAHA GOOD LUCK! Here's 47 different configuration options you need to set up, three different flow types that are basically the same thing with slightly different names, and error messages that might as well be written in hieroglyphics. "AADSTS700054" yeah that's SUPER helpful, thanks Microsoft!
And don't even get me started on token caching. Oh, you thought your tokens would just... work? NOPE! Hope you enjoy debugging why your perfectly valid token is being treated like a expired coupon at a grocery store. The refresh token flow is about as reliable as a chocolate teapot.

I worked on a great project that was later axed and part of that was because of Msal issues. We literally only dealt with Msal issues. The app was otherwise stable. There were always issues with SSO, login, token validation...
It just couldn't work, like, at all.
I could see the clients getting fed up of the constant issues, yet, they couldn't move away from Microsoft since they'd already invested into their entreprise ecosystem. AzureAD, Office 365, you name it.

Shit like this is why I laugh whenever someone suggests that AGI will take over the world. Like, bro, we still haven't figured out how to make an auth library that actually works, and you think we're close to making a machine capable of thinking like a human?
Yeah right!

While Indian govt. talks about digitizing the country and is pushing ahead with it, their Employee's Provident Fund Org (EPFO) infra is absolutely shit and it's killing small time business that want to help their employees.

You need to add Digital Certs to do just about anything (great security wise) BUT,
The digital sign interface is written in Java Flash, that was dropped by all modern browsers 4 years ago.
The only stable working latest browser for it is Firefox 52 released 3 years ago.

The USB tokens used/supported are all Chinese that don't respect OSS drivers and fork built their own (read Watchdata) with no/shitty and cumbersome linux support (couldn't get it working after 2 nights of trying different versions of drivers).
You still have to run Windows to sign the docs or to interact with EPFO using legacy browsers from 2016

Non Tech problems: EPFO charges 500 Rs/month minimum admin charges, and I pay 1200 Rs PF for my driver. That kind of commission is plain stupid and will make small employers run away from paying PF for their employees.

Any interaction with EPFO is like having to eat thorns. painful, unnecessary bullshit. How useless can someone be building such a system released in 2019?
I just hope they fix it. A simple google search shows there is Web Crypto API for modern browsers. Someone wake these people up. SMH

fuck it, im giving my users permanent access tokens, because for some reason using refresh tokens is black magic to the internet -.-

Oh my... I'm so exhausted and tired of everything. First I got really sick for two weeks and couldn't work. I also collapsed on the floor one night and hurt myself. Well what happens yesterday? You guessed it - I fell down the stairs and hurt exactly the same spots as two weeks ago... (no I was not drunk).

And then I have to work on a holiday today (yes, still with that same fucking shitty shopware project) because I have to attend an appointment in a different country on Thursday (I need Thursday off, but I don't have any vacation left).

So here I'm sitting almost crying in pain because of this FUCKING project, everything hurts, I still can't think straight and shopware is denying my refresh tokens. FUCK THIS JOB. Seriously. Fuck it. I have had the chance to look into a lot of companies and do different things, but this is the worst.

Nobody fucking cared about the project for nearly 8 months, and now that I'm close to leaving the company they begin to act like "oh well it must be done by then". ARE YOU FUCKING KIDDING ME?! I told them a million times I need help and that I won't be able to finish it in time. That's what happens when nobody plans a project, but accepts it anyways because "it brings in money".

Seriously?! This project has been a waste of money and my energy and nerves. We're already 100% over the budget and will never ever see one cent coming from this shitty project. WHY FOR FUCKS SAKE IS IT THAT THOSE PEOPLE JUST DONT SEE IT WHEN A PROJECT IS GOING DOWN THE FUCKING DRAIN?!

Anyone ever struggle with tokenizers? I'm writing one by hand and it's frustrating mr so much, because at times I think my logic gets flawed somewhere inside a good loop and things get slipped or missed I don't know how to explain it.

If Google was created in this criminal ai era, we would have been getting charged tokens and credits for each search, map distance covered or words translated

I have an idea to create a digital currency based on JWT tokens. What do you think? 😕

*Triggers OAuth request through browser
Returns : success and valid tokens.

*Another project triggers the same process and code.
Returns : well shit nigga, I know I use the same logic as above but fuck you.

I just saw this: Choosing between React Native and Flutter

Well fuck both, each has its ups and downs but native is the only thing that keeps mind clear, and I'm happy to do double the work than wasting time fixing dependency shit (RN you little bastard) and having to clone an entire project just to add support for Bearer tokens because it is not yet supported by Google out of the box (Flutter -_-)

Wasted a full day on creating complex code which handles manually timing and updating tokens, since the android GoogleSignInClient seemed not to allow the google server to respond with a refreshtoken. Turns out the only thing i would need to change is adding a true-boolean parameter in one of the GoogleSignIn(for android) functions

Does anyone else here think the regulating and centralising of crypto currencies and tokens worrying?
It is slowly being bent to the will of the higher ups just like traditional fiat and they’re burying its fundamental altruistic design concept without providing and means for it to be assimilated into benefiting the daily lives of the masses an especially the unbanked.

// !rant

Need some assistance with Drupal and Dreamfactory.

Dreamfactory is an amazing piece of software that basically turns any database into a REST API. I mean any DB from SQL Server to MySQL and all kinds of others. For a connection to the API it uses JWT (JSON Web Tokens) which expire momentarily.

On Drupal, there's wsdata and rest client modules. Restclient is a module where you configure a connection via OAuth or HybridAuth to a rest server. The problem is that the rest server for dreamfactory uses JWT and i'm not sure how to get Drupal and restclient to connect that way.

Today was a productive day, learning a lot in python, making a REST API and almost done with user controller, and jwt tokens

Thanks to @gamingfail123 for his guidance :)

Creating the build script for the CI pipeline:

- 20% trying to avoid someone getting access to passwords, tokens, etc.
- 10% writing commands for the build and tests
- 70% writing work arounds for bugs and errors caused by the CI system or SDKs in headless environments...

Me: Hey I haven't used these repos/tokens/files in a while, let's remove them to clear up some space

Day later, a colleague: Hey Alex, could you update this repo/token/file?

EVERY FUCKING TIME

What is the reason behind Git Access Tokens being viewable only once after generation on platforms like GitHub? I'm struggling to comprehend this approach as it compels me to store the key in an insecure manner.

For a little background on the sort of stuff I'm dealing with, check out my last rant.

Anyways, I'm testing this pipeline at work and was just reminded of the fucktarded way a "software engineer", who had a bachelor's biology degree, decided to handle a json file.

The script is question is loading a json file containing an array of objects. The script is written in perl. There's a JSON module. Use that? Fuck no! Let's rather perform an in-place sed command on the file substituting the commas separating objects in the array with newlines, then proceed to read the file line-by-line and parse out the tokens manually. Mind you, in the process of adding the newlines he didn't keep the commas, so now all of these json files his bullshit handled are invalid json that cannot be parsed.

The dumb ass was lucky the data in the file is always output upstream as a single line and the tokens for each object are always in the same order, so that never led to problems. But now, months later after I fixed his stupidity I am being reminded of it again as I'm testing and debugging some old projects as part of regression testing new changes I'm making.

TL;DR Fuck dumbwit motherfuckers who can't even google search "parsing a json file" and doing literally anything that is less fucktarded than manually parsing a json file

When building a REST-API, that is secured with tokens (JWT or something),
Should the token be included in the body or in the headers?

Mexico just got for a big earthquake and people is organizing a lots of ways to help.
> Some guys started a webpage and they are adding useful information and data for the people. They create a repo on GitHub to improve information.
> Mexican devs start discussing which technology is better for solving imaginary problems about escalate the servers, concurrency, creating a CMS, creating a public API, tokens for publishing the API... Instead of using something quick like firebase or some Trello to just publish info.

I am getting warning from Drupal

"The following token types do not have any tokens defined:

$info['tokens']['subscription']"

Damm yuum

Some background:

About 2 months ago, my company wanted to build a micro service that will be used to integrate 3 of our products with external ticketing systems.

So, I was asked to take on this task. Design the service, ensure extendability and universality between our products (all have very different use cases, data models and their own sets of services).

Two weeks of meetings with multiple stakeholders and tech leads. Got the okay by 4-6 people. Built the thing with one other guy in a manner of a week. Stress tested it against one ticketing service that is used in a product my team is developing.

Everyone is happy.

Fast forward to last Thursday night.

“Email from human X”: hey, I extended the shared micro service for ticketing to add support for one of clients ghetto ticketing systems. Review my PR please. P.S. release date is Monday and I am on a personal day on Friday.

I’m thinking. Cool I know this guy. He helped me design this API. He must’ve done good. . . *looks at code* . . . work..... it’s due... Monday? Huh? Personal day? Huh?

So not to shit on the day. He did add much needed support for bear tokens and generalized some of the environment variables. Cleaned up some code. But.... big no no no...

The original code was written with a factory pattern in mind. The solution is supposed to handle communication to multiple 3rd parties, but using the same interfaces.

What did this guy do wrong? Well other than the fact that he basically put me in a spot where if I reject his code, it will look like I’m blocking progress on his code...

His “implementation” is literally copy-paste the entire class. Add 3 be urls to his specific implementation of the API.

Now we have

POST /ticket
PUT /ticket
POST /ticket-scripted
PUT /ticket-scripted
POST /callback

The latter 3 are his additions... only the last one should have been added in reality... why not just add a type to the payload of the post/put? Is he expecting us to write new endpoints for every damn integration? At this rate we might as well not have this component...

But seriously this cheeses me... especially since Monday is my day off! So not only do I have to reject this code. I also have to have a call now with him on my fucking day off!!!!

Arghhhhhh

I do it pretty regularly maybe once or twice a week depends when I'm working on something interesting and want to get it done. Not very hard when you have coffee, headphones, good music, and enjoy what you do.

As for a story i don't have much of one unless you want one about implementing jwt tokens with a rest api along with trying to implement an 2FA system that would support otp and u2f. Then nuking it from orbit two days later cause it looked like garbage from trying to abstract everything

So I had this bug where my csrf tokens weren't working and I spent hours on end trying to fix the bug and in the end it wasn't working because I set a default route to load the same page which was resetting the tokens when chrome requested favicon.ico ...

Let's Say you use tokens as authorization method.... The First time you generate the token you still have to manage password and other data....how secure (tinfoil hat mode activate) do you implementat that usually?

If your workflow counts on users copying and pasting things (like security tokens from text messages) read this:

Please for fuck sake trim the damn whitespace before you validate. I can't see the fucking space client-side, and you fucking know I didn't mean to enter <SPACE>123456 as my auth code.

Double click, copy, paste, click, curse <-- Story of my life because somebody forgot a damn .replace statement.

Single Sign on Authentication for a growing product suite? Sure, just validate the user's credentials in the dashboard and then pass their role to the product's web app via query parameter. No need for tokens or an auth server!

LEGIT BTC RECOVERY EXPERT-CONTACT SALVAGE ASSET RECOVERY

CONTACT INFO--WhatsApp+ 1 8 4 7 6 5 4 7 0 9 6

SALVAGE ASSET RECOVERY has emerged as a leading force in the highly specialized field of cryptocurrency recovery, earning widespread recognition for its unwavering dedication to helping individuals and organizations reclaim lost or stolen digital assets. The company has built a reputation for its professionalism, reliability, and advanced technical approach, making it the go-to solution for those facing the devastating consequences of cryptocurrency theft or loss. A standout case that highlights the exceptional capabilities of SALVAGE ASSET RECOVERY occurred when the company was called upon to assist in the recovery of a staggering 61,000 Ethereum (ETH) tokens. This catastrophic loss was the result of a sophisticated and malicious attack, which left the victim grappling with a significant financial setback. However, SALVAGE ASSET RECOVERY sprang into action, deploying its team of seasoned specialists and utilizing cutting-edge tools and techniques to tackle this complex challenge head-on. The process of recovering such a large amount of digital currency was no small feat. The team meticulously analyzed the blockchain, leveraging advanced forensic tools and proprietary algorithms to trace the movement of the missing funds across the decentralized network. They carefully examined each transaction, piecing together the puzzle of how the funds were stolen and where they had been moved. Their relentless pursuit of answers and dedication to transparency allowed them to uncover the perpetrators behind the theft, ultimately leading to the successful recovery of the entire 61,000 ETH. This remarkable achievement not only underscores the technical expertise and ingenuity of SALVAGE ASSET RECOVERY ’ team but also serves as a testament to their commitment to client satisfaction. The process was not just about retrieving the funds—it was about doing so with an unparalleled level of transparency and diligence. Throughout the recovery journey, SALVAGE ASSET RECOVERY maintained clear communication, keeping the client informed at every step and ensuring that the entire process was handled smoothly and professionally. The success of this recovery has further solidified SALVAGE ASSET RECOVERY ’s position as a trusted leader in the cryptocurrency recovery space. For those who have fallen victim to the theft or loss of digital assets, the company provides a reliable, professional approach that instills confidence and peace of mind. With a proven track record of successful resolutions, SALVAGE ASSET RECOVERY continues to be the ultimate solution for anyone seeking to regain control of their digital wealth. Their dedication to restoring lost assets and their commitment to transparency make them a standout choice for cryptocurrency recovery, offering a level of service that exceeds expectations.

**Reclaim Crypto & Bitcoin Losses - CALL HACKATHON TECH SOLUTIONS**

If you’ve ever been defrauded by deceptive Bitcoin traders or fallen victim to online scammers promising quick gains, you know the sinking feeling of losing your hard-earned money in the blink of an eye. I was once in that very position, until I found a beacon of hope in HACKATHON TECH SOLUTIONS. cryptocurrency started with optimism and a desire to capitalize on the potential gains. However, what began as a promising venture quickly turned into a nightmare when I fell victim to an online ripper. This individual managed to abscond with a substantial amount of my Bitcoin — 2.966BTC to be exact. The loss was not just financial; it was a blow to my trust and confidence in online transactions. Desperate and unsure of where to turn, I was fortunate to have a colleague at work recommend HACKATHON TECH SOLUTIONS. They had successfully helped his spouse recover tokens and coins lost to similar scams, which gave me hope that there might be a chance to reclaim what I had lost. With little to lose and everything to gain, I reached out to HACKATHON TECH SOLUTIONS, and it turned out to be the best decision I could have made. HACKATHON TECH SOLUTIONS distinguished themselves with their professionalism and expertise. They understood the nuances of cryptocurrency fraud and approached my case with diligence and determination. Their team of specialists, including private investigators well-versed in tracing digital transactions, immediately went to work. HACKATHON TECH SOLUTIONS’s process was thorough and transparent. They kept me informed at every step, outlining their strategy and explaining the legal and technical aspects of the recovery process. This level of communication was not only reassuring but also demonstrated their commitment to client satisfaction. In less than two weeks — a remarkably short timeframe given the complexity of the case — HACKATHON TECH SOLUTIONS managed to recover 2.966BTC, the entirety of what I had lost. The relief and gratitude I felt were immense. What had seemed like an insurmountable loss had been reversed, thanks to their expertise and unwavering dedication. Thanks to HACKATHON TECH SOLUTIONS for not only recovering my funds but also restoring my faith in legitimate assistance online. In an era where online fraudsters lurk around every corner, finding a trustworthy partner like HACKATHON TECH SOLUTIONS is invaluable. I endorse HACKATHON TECH SOLUTIONS to anyone facing similar challenges with their BTC wallet or any cryptocurrency-related fraud. Their reputation as the most efficient and trusted recovery experts is well-deserved, based on my personal experience and the successful outcomes they consistently achieve. If you’re hesitant or skeptical about seeking assistance, don’t be. HACKATHON TECH SOLUTIONS stands out as a beacon of hope in an otherwise murky landscape of online scams and fraud. Trust in their expertise and let them guide you through the process of reclaiming what rightfully belongs to you. HACKATHON TECH SOLUTIONS not only recovered my funds but also saved me from potential future scams. They are more than just recovery specialists; they are guardians of trust and integrity in the digital age. Contact HACKATHON TECH SOLUTIONS today and take the first step towards reclaiming control of your financial security. Your peace of mind is worth it. Reach out to HACKATHON TECH SOLUTIONS via below contact details.

W h a t s a p p : +3, 1, 6, 4, 7, 9, 9, 9, 2, 5, 6

Website: www . hackathon tech solutions . com

Telegram: @ hackathon tech solutions

Email: info @ hackathon tech solution . com

HOW TO RECOVER LOST OR STOLEN NFTs → CONSULT HACKATHON TECH SOLUTIONS

In an era where digital assets are becoming increasingly valuable, the rise of non-fungible tokens NFTs has opened new avenues for both creativity and investment. However, with these opportunities come significant risks, as evidenced by the recent incident involving tourists in Orlando who fell victim to fraudulent vendors selling "Disneyverse land NFTs." Fortunately, HACKATHON TECH SOLUTIONS emerged as a crucial ally in this challenging situation, demonstrating their expertise and commitment to protecting consumers in the digital landscape. When the news broke that unsuspecting tourists had purchased NFTs from fake vendors, the situation seemed dire. With a staggering $1.8 million at stake, the urgency for a solution was palpable. Enter HACKATHON TECH SOLUTIONS a company renowned for its proficiency in digital asset recovery and cybersecurity. HACKATHON TECH SOLUTIONS swift response and collaboration with Disney's legal team showcased their dedication to rectifying the situation and restoring trust among affected individuals. HACKATHON TECH SOLUTIONS displayed a remarkable level of professionalism and expertise. Their team of specialists quickly assessed the situation, identifying the fraudulent transactions and the parties involved. By leveraging their extensive knowledge of blockchain technology and digital asset management, HACKATHON TECH SOLUTIONS was able to trace the stolen funds and work towards freezing the assets in question. This proactive approach not only helped to secure the funds but also provided a sense of relief to the victims who had been left feeling vulnerable and deceived. What sets HACKATHON TECH SOLUTIONS apart is their commitment to transparency and communication. Throughout the recovery process, HACKATHON TECH SOLUTIONS kept the affected individuals informed, providing regular updates on the progress of the case. This level of engagement is crucial in building trust, especially in a field where many may feel lost or overwhelmed. The team’s willingness to answer questions and address concerns further solidified HACKATHON TECH SOLUTIONS reputation as a reliable partner in times of crisis. HACKATHON TECH SOLUTIONS has proven to be an invaluable resource for those navigating the complexities of digital assets. Their successful collaboration with Disney legal to freeze $1.8 million in fraudulent transactions is a testament to HACKATHON TECH SOLUTIONS expertise and dedication. For anyone seeking assistance in recovering lost digital assets or protecting themselves from online fraud, HACKATHON TECH SOLUTIONS stands out as a beacon of hope in the ever-evolving digital landscape. Their commitment to safeguarding consumers and their assets is commendable, making HACKATHON TECH SOLUTIONS a trusted ally in the fight against digital fraud. You can contact them using the details provided below.

W h a t s a p p:‪‪‪‪ ‪‪‪‪+31 (6 47) 999-256‬‬‬‬

Telegram: ‪ ‪‪‪‪+1(659) 217-9239‬‬‬‬

Email: hackathon tech service @ mail (. ) com

I NEED A HACKER TO ASSIST ME IN RECOVERY MY LOST CRYPTO HIRE ADWARE RECOVERY SPECIALIST

WhatsApp info:+12 723 328 343

ADWARE RECOVERY SPECIALIST has emerged as a leading force in the highly specialized field of cryptocurrency recovery, earning widespread recognition for its unwavering dedication to helping individuals and organizations reclaim lost or stolen digital assets. The company has built a reputation for its professionalism, reliability, and advanced technical approach, making it the go-to solution for those facing the devastating consequences of cryptocurrency theft or loss. A standout case that highlights the exceptional capabilities of ADWARE RECOVERY SPECIALIST occurred when the company was called upon to assist in the recovery of a staggering 61,000 Ethereum (ETH) tokens. This catastrophic loss was the result of a sophisticated and malicious attack, which left the victim grappling with a significant financial setback. However, ADWARE RECOVERY SPECIALIST sprang into action, deploying its team of seasoned specialists and utilizing cutting-edge tools and techniques to tackle this complex challenge head-on. The process of recovering such a large amount of digital currency was no small feat. The team meticulously analyzed the blockchain, leveraging advanced forensic tools and proprietary algorithms to trace the movement of the missing funds across the decentralized network. They carefully examined each transaction, piecing together the puzzle of how the funds were stolen and where they had been moved. Their relentless pursuit of answers and dedication to transparency allowed them to uncover the perpetrators behind the theft, ultimately leading to the successful recovery of the entire 61,000 ETH. This remarkable achievement not only underscores the technical expertise and ingenuity of ADWARE RECOVERY SPECIALIST team but also serves as a testament to their commitment to client satisfaction. The process was not just about retrieving the funds—it was about doing so with an unparalleled level of transparency and diligence. Throughout the recovery journey, ADWARE RECOVERY SPECIALIST maintained clear communication, keeping the client informed at every step and ensuring that the entire process was handled smoothly and professionally. The success of this recovery has further solidified ADWARE RECOVERY SPECIALIST position as a trusted leader in the cryptocurrency recovery space. For those who have fallen victim to the theft or loss of digital assets, the company provides a reliable, professional approach that instills confidence and peace of mind. With a proven track record of successful resolutions, ADWARE RECOVERY SPECIALIST continues to be the ultimate solution for anyone seeking to regain control of their digital wealth. Their dedication to restoring lost assets and their commitment to transparency make them a standout choice for cryptocurrency recovery, offering a level of service that exceeds expectations.

LOST BITCOIN? SPARTAN TECH GROUP RETRIEVAL OFFER ADVANCED RECOVERY SERVICES

A ‘rancher’ on Facebook convinced me to invest my crop earnings in a fake agri-crypto platform. It started when this person, claiming to be a rancher, messaged me out of the blue. He told me about a new agricultural cryptocurrency that supposedly allowed farmers like me to multiply our income by investing in digital tokens linked to crops and farm products. The platform looked convincing, with testimonials from other supposed users and documents that seemed official. After several conversations and reassurances, I decided to trust him and invested $180,000 USDC, hoping to grow my savings beyond what traditional farming could offer. At first, everything seemed fine, but soon after, the website became unresponsive, and my funds were locked inside the platform. I tried repeatedly to contact their support team, but my messages went unanswered or received generic replies. It quickly became clear that I had been scammed. I felt helpless and overwhelmed, unsure if I would ever see my money again. I started searching online for help and came across SPARTAN TECH GROUP RETRIEVAL. Their website promised to assist people who lost cryptocurrency in scams like mine. I decided to reach out, and their team responded quickly. They listened carefully to my story and assured me they would do everything possible to recover my funds. For four long days, SPARTAN TECH GROUP RETRIEVAL worked nonstop. They tracked the flow of my USDC on the blockchain, identified where the funds were stuck, and communicated with different intermediaries who had control over the assets. Their persistence and thorough approach impressed me. Finally, thanks to their efforts, they were able to recover all of my lost cryptocurrency. I’m incredibly grateful to SPARTAN TECH GROUP RETRIEVAL for their dedication and support during this stressful time. Without their help, I would have lost everything. If you ever find yourself in a similar situation, I highly recommend contacting SPARTAN TECH GROUP RETRIEVAL. They really know how to get your cryptocurrency back.

DM THEM IN THE INFO BELOW
Email: spartan tech (@) cyber services. c o m OR support(@) spartan tech group retrieval. o r g

Website: h t t p s : / / spartan tech group retrieval . o r g

WhatsApp: + 1 ( 9 7 1 ) 4 8 7 - 3 5 3 8

Telegram: + 1 ( 5 8 1 ) 2 8 6 - 8 0 9 2

HOW TO HIRE A GENUINE CRYPTO RECOVERY SERVICE CONTACT DIGITAL TECH GUARD RECOVERY

At Digital Tech Guard Recovery, the team specializes in recovering a wide range of digital assets, including Bitcoin, Ether, stable coins, non-fungible tokens (NFTs), and various other cryptocurrencies. In today’s fast-evolving digital world, the need for effective recovery solutions is more critical than ever. Their services are specifically tailored to assist clients dealing with fraud, Bitcoin scams, and cases where digital assets are deliberately concealed or misappropriated. Digital Tech Guard Recovery’s strength lies in its team of industry pioneers who have contributed to shaping the legal and regulatory frameworks around crypto assets. What truly sets them apart is their extensive network of reputable investigators, forensic tracers, expert witnesses, and government advisory consultants. They also work closely with trusted insolvency practitioners, crypto custodians, leading exchanges, and insurance providers. This robust network allows them to deliver a seamless, end-to-end recovery service capable of handling even the most complex cases. From the moment assets go missing, Digital Tech Guard Recovery is dedicated to guiding clients through every step of the recovery process. They understand the urgency and emotional weight of such situations and leverage their expertise to maximize the chances of a successful outcome. Their approach is not only comprehensive but also tailored to fit the unique challenges and needs of each client, ensuring personalized and effective strategies. In a world where digital assets are increasingly targeted, Digital Tech Guard Recovery serves as a trusted ally for those seeking Bitcoin and crypto asset recovery. They approach each case with precision and adaptability, always focused on delivering results. Their unwavering dedication to client satisfaction, combined with a deep understanding of the digital asset space, makes them a leader in the industry. Whether facing fraud, scams, or other crypto-related challenges, Digital Tech Guard Recovery stands ready to help clients reclaim what is rightfully theirs.

WhatsApp: +1 (443) 859 - 2886

Email @ digital tech guard . com

Telegram: digital tech guard . com

Website link: digital tech guard . com

UNLOCK THE SECRETS OF CRYPTO RECOVERY: GET YOUR LOSS CRYPTO BACK'' HIRE RAPID DIGITAL RECOVERY

A ‘rancher’ on Facebook convinced me to invest my crop earnings in a fake agri-crypto platform. It started when this person, claiming to be a rancher, messaged me out of the blue. He told me about a new agricultural cryptocurrency that supposedly allowed farmers like me to multiply our income by investing in digital tokens linked to crops and farm products. The platform looked convincing, with testimonials from other supposed users and documents that seemed official. After several conversations and reassurances, I decided to trust him and invested $180,000 USDC, hoping to grow my savings beyond what traditional farming could offer. At first, everything seemed fine, but soon after, the website became unresponsive, and my funds were locked inside the platform. I tried repeatedly to contact their support team, but my messages went unanswered or received generic replies. It quickly became clear that I had been scammed. I felt helpless and overwhelmed, unsure if I would ever see my money again. I started searching online for help and came across RAPID DIGITAL RECOVERY. Their website promised to assist people who lost cryptocurrency in scams like mine. I decided to reach out, and their team responded quickly. They listened carefully to my story and assured me they would do everything possible to recover my funds. For four long days, RAPID DIGITAL RECOVERY worked nonstop. They tracked the flow of my USDC on the blockchain, identified where the funds were stuck, and communicated with different intermediaries who had control over the assets. Their persistence and thorough approach impressed me. Finally, thanks to their efforts, they were able to recover all of my lost cryptocurrency. I’m incredibly grateful to RAPID DIGITAL RECOVERY for their dedication and support during this stressful time. Without their help, I would have lost everything. If you ever find yourself in a similar situation, I highly recommend contacting RAPID DIGITAL RECOVERY. They really know how to get your cryptocurrency back. REACH OUT TO THEM VIA: WhatSapp: +1 4 1 4 8 0 7 1 4 8 5
Email: rapid digital recovery (@) execs. com
Telegram: https: // t. me/ Rapid digital recovery519

CONTACT A HACKER FOR CRYPTO SCAM RECOVERY,VISIT SALVAGE ASSET RECOVERY

At Salvage Asset Recovery, the team specializes in recovering a wide range of digital assets, including Bitcoin, Ether, stable coins, non-fungible tokens (NFTs), and various other cryptocurrencies. In today’s fast-evolving digital world, the need for effective recovery solutions is more critical than ever. Their services are specifically tailored to assist clients dealing with fraud, Bitcoin scams, and cases where digital assets are deliberately concealed or misappropriated. Salvage Asset Recovery’s strength lies in its team of industry pioneers who have contributed to shaping the legal and regulatory frameworks around crypto assets. What truly sets them apart is their extensive network of reputable investigators, forensic tracers, expert witnesses, and government advisory consultants. They also work closely with trusted insolvency practitioners, crypto custodians, leading exchanges, and insurance providers. This robust network allows them to deliver a seamless, end-to-end recovery service capable of handling even the most complex cases. From the moment assets go missing, Salvage Asset Recovery is dedicated to guiding clients through every step of the recovery process. They understand the urgency and emotional weight of such situations and leverage their expertise to maximize the chances of a successful outcome. Their approach is not only comprehensive but also tailored to fit the unique challenges and needs of each client, ensuring personalized and effective strategies. In a world where digital assets are increasingly targeted, Salvage Asset Recovery serves as a trusted ally for those seeking Bitcoin and crypto asset recovery. They approach each case with precision and adaptability, always focused on delivering results. Their unwavering dedication to client satisfaction, combined with a deep understanding of the digital asset space, makes them a leader in the industry. Whether facing fraud, scams, or other crypto-related challenges, Salvage Asset Recovery stands ready to help clients reclaim what is rightfully theirs. You can reach out to them. their contact info
WhatsApp+ 1 8 4 7 6 5 4 7 0 9 6

This review offers valuable insights and guidance on recovering lost cryptocurrency assets. If you are seeking a more reliable team or experts in USDT and BITCOIN recovery, it is highly recommended to consider contacting (RUDER CYBER TECH SLEUTHS). This team of experts engages in their recovery processes using sophisticated, high-end programs designed to trace and securely recover crypto tokens that have been sent out wrongly or to scammers. The techs employed by (RUDER CYBER TECH SLEUTHS) allow for the identification of transaction paths and the potential retrieval of lost funds, even in complex scenarios. Before indulging (RUDER CYBER TECH SLEUTHS), I was unaware that crypto asset recovery was even a viable option. The loss of digital assets can be a devastating experience, and the possibility of retrieval often seems remote. However, after researching and interacting with (RUDER CYBER TECH SLEUTHS), I have gained a new perspective on the possibilities available. Their expertise and dedication to their clients are truly commendable. Based on my research and personal experience, I believe that (RUDER CYBER TECH SLEUTHS) deserves greater recognition for its exceptional handling of critical cases. They consistently demonstrate a high level of professionalism and a deep understanding of the technical aspects involved. This level of service is a testament to their commitment to excellence and their dedication to helping individuals and organizations recover their lost assets.
email: support@rudercybertechsleuths{dot}com
whats app: +12132801476
Telegram : @rudercybersleuths

I Lost $213,000 Worth of ARB Tokens After Falling victim to an Address-Poisoning Scam

My name is Patrick Cox, and my ARB tokens worth $213,000 were wiped out in a single transaction by an Address-Poisoning Scam, and this is how I was able to recover it.
I have been into crypto for over 9 years and I have never been reckless or naive when it deals with crypto, however, I was caught off guard by an address-poisoning scam while I was trying to make a single transaction to my other wallet and it took the services of Morphohack Cyber Service to be able to recover it successfully.
Morphohack was able to detect the scammer had distributed the stolen ARB tokens into smaller wallets, but it took Morphohack just 72 hours to fully recover every single one of the stolen tokens successfully. This just shows the rise of address spoofing and poisoning that has continued to exploit traders' negligence during transactions. I highly urge everyone to be more cautious and avoid falling victim to such scams and if you do need the service of Morphohack, you can easily reach them via the following:E-mail: MORPHOHACK@CYBERSERVICES. COM WhatsApp: +1 (213) 672 4092

CAN I RECOVERY MONERY FROM SCAMMER? YES

How I recouped stolen crypto currency coins and tokens from scam hackers on telegram. People all over the world are hearing about the fast profits early investors are making on Bitcoin and other coins and want to join the party and make a fast profit. But be sure, where big money is, there are also companies that are abusing and taking advantage of this situation. Such was my situation, I had a fake telegram group admin contact me and gave me a phishing link in which my 12 recovery phrase was compromised. These evil persons gained access to my cryptowallet and stole all my coins and tokens worth over $ 640,000. I was in great despair due to this situation, I was confused till a group member on the telegram referred me to Cyberspacehackpro(@)rescueteam com This recovery agent is really God sent. After relating all of my predicaments, details of incidence and necessary requirements for my recovery program, it took them less than a week to track and recover all of my tokens and coins back, they helped me hack the perpetrators wallet and all of my coins were returned to me. I am so amazed, joyous and appreciative. I don't know what I would do without this specialist. They specialize in chargeback disputes and their team knows how to identify these types of scams. If you invested in Crypto and believe you have been scammed contact their experts today and they will help you recover your losses.

Contact info

BEST CRYPTO RECOVERY EXPERTS; HIRE CRYPTIC TRACE TECHNOLOGIES

A month ago,I fell victim to a sophisticated scam involving unsolicited ‘XRPv2’ tokens that mysteriously appeared in my wallet. Initially, I was elated by the unexpected tokens, believing they might represent a legitimate opportunity. However, I soon discovered that interacting with these tokens granted the scammers unfettered access to my wallet. Consequently, I suffered a staggering loss of 15 ETH which amounts to approximately $45,000. The shock and disbelief I experienced were overwhelming, as I had diligently worked to accumulate those funds.I felt utterly devastated and powerless. I spent countless hours grappling with the situation, trying to comprehend what had gone awry and how I could possibly reclaim my lost assets. It was an incredibly stressful period, filled with anxiety and regret. I knew I had to act swiftly, as the longer I hesitated, the slimmer my chances of recovering my funds became. In my desperation, I began researching recovery options and stumbled upon various forums discussing similar scams. That’s when I discovered Cryptic Trace Technologies. I reached out them via their E M A I L: Cryptictrace (@) technologist (.) com, and I was fortunate enough to connect with their dedicated team of professionals. They were remarkably understanding and empathetic, which helped alleviate my anxiety. Their expertise in navigating the treacherous waters of crypto scams was evident from the outset. They acted with remarkable speed and efficiency, successfully intercepting my funds during a mixer transfer. The team kept me informed throughout the process, providing reassurance and guidance at every turn. Thanks to their relentless efforts and unwavering commitment, I was able to recover everything I had lost. The moment I received confirmation that my funds had been retrieved was nothing short of miraculous. It felt like a weight had been lifted off my shoulders, and I could finally breathe again. This experience has taught me a vital lesson: always be cautious and skeptical of unsolicited tokens, no matter how appealing they may seem. I am incredibly thankful for the assistance I received from Cryptic Trace Technologies. Their services made a significant difference in my recovery journey. I hope my story serves as a warning to others in the crypto community, encouraging them to stay informed. By sharing this, I aim to help others navigate the complexities of the cryptocurrency world and recover their assets.

FOR SCAM/FAKE INVESTMENT, HIRE SOLACE CYBER WORKSTATIONS FOR RECOVERY

I was tricked by a fake cross-chain crypto bridge scam that cost me a huge loss of 87 ETH. I first came across the bridge through Twitter, where it was heavily promoted as a trustworthy service for converting assets into wrapped tokens across different blockchains. The advertisements seemed convincing, so I trusted them and decided to deposit my ETH. At first, everything looked normal. I expected to receive the wrapped tokens shortly after my deposit, but those tokens never arrived. After waiting and checking multiple times, I realized I had been scammed. The funds I sent were stolen by the scammers, who never intended to provide any legitimate tokens. It was devastating to see such a large portion of my investment disappear with no way to reverse the transaction. I reached out to  Solace Cyber Workstations, a company known for helping victims of crypto theft recover their funds.  Solace Cyber Workstations immediately began investigating the fraudulent smart contract behind the fake bridge. Using their expertise,  Solace Cyber Workstations traced my stolen ETH through the blockchain and discovered the funds had been transferred to a deposit address on Binance, one of the largest cryptocurrency exchanges in the world. Solace Cyber Workstations worked closely with Binance and legal authorities to apply pressure and successfully freeze the stolen funds. I was cautiously hopeful because I knew recovering crypto after a scam is often complicated. Thanks to the relentless efforts of  Solace Cyber Workstations, they managed to recover all 87 ETH that were stolen from me. Getting back everything I lost was a huge relief in the crypto space. The whole ordeal was overwhelming, but knowing that  Solace Cyber Workstations was on my side made all the difference. If you ever fall victim to a crypto scam, don’t give up.  Solace Cyber Workstations can help you track down and recover your stolen funds. Reach out to them with the information.
Website:  h t t p s : / / s o l a c e c y b e r w o r k s t a t i o n s . c o m
Email: S o l a c e . c y b e r . w o r k s t a t i o n s @ m a i l . c o m
WhatsApp: ‪‪+ 1 2 4 0 7 4 3 7 6 8 9‬

LEE ULTIMATE HACKER Crypto Asset Recovery Services for Bitcoin, Ethereum, NFTs, Stablecoins

(LEEULTIMATEHACKER @ A O L . C O M)
telegram: LEEULTIMATE
With LEE ULTIMATE HACKER, a team which specializes in recovering a wide range of digital assets including, Bitcoin, Etherium, stablecoins, non -fungible tokens (NFTs), and other various cryptocurrencies, In the ever evolving crypto world the need for effective recovery solutions is very critical. Their services are specifically tailored to assist clients dealing with fraud, LEE ULTIMATE HACKER's strength lies in its team of industry pioneers who have contributed to shaping the legal and regulatory frameworks around crypto assets, They also work closely with trusted insolvency practitioners, crypto custodians leading exchanges, and Insurance providers, LEE ULTIMATE HACKER and team works with a robust network allows them to delivery seamless end-to-end recovery service capable of handling even the most complex cases, services that are specifically tailored to assist clients dealing with fraud, Bitcoin scams and digital assets that are deliberately concealed or Misappropriated. LEE ULTIMATE HACKER strength lies in its team of industry pioneers who have contributed to shaping the legal and regulatory framework around crypto assets, from the moment assets go missing LEE ULTIMATE HACKER is dedicated to guiding clients through every step of the recovery process, they understand the urgency and emotional weight of such situations and leverage their expertise to maximize the chances of successful outcome, whether facing fraud, scams, or other crypto -related challenges, LEE ULTIMATE HACKER stands ready to help clients reclaim what is rightfully theirs.

HIRE PROFESSIONAL HACKERS URGENTLY TECHNOCRATE RECOVERY

At my age, I’ve learned a lot—pie-making, fixing fences, and navigating a world full of QR codes. But crypto? That was my grandson's idea. "Grandma, Bitcoin is the future," he said. So, I invested a bit. All was good until I accidentally sent my Bitcoin to a Deutsche Bank CBDC test wallet. I called the bank, but they couldn't help. My grandson then found TECHNOCRATE RECOVERY on Reddit, who took action and negotiated with the bank. Thirteen days later, my Bitcoin was back in my wallet. The lesson? CBDCs are just high-tech IOUs, banks can reverse “irreversible” transactions with the right help, and sometimes Reddit knows best. As for my grandson, I’ll still love him, but next time, no more dog-themed tokens. And as for TECHNOCRATE RECOVERY? They are wizards. End of story.

Get In Touch With Experts....
Contact Email: technocratrecovery@contractor.n et
Telephone: +1573 3563 708

BEST CRYPTO RECOVERY SERVICE -CONTACT FUNDS RETRIEVER ENGINEER

On election day in 2024, I was eagerly following up on the results in my home in Texas, refreshing my feed for updates on X, when I stumbled upon a tweet that would change everything. I never imagined that a single tweet could upend my life until I fell victim to a sophisticated SHIB giveaway scam masquerading as an Elon Musk promotion on X. The post, from a seemingly verified account, promised a “limited-time offer” to send 50 million SHIB tokens to anyone who verified their wallet with 10 million SHIB. As a crypto enthusiast, I prided myself on being cautious, but the allure of quick gains and the polished impersonation of Musk’s profile clouded my judgment. I sent the tokens, only to realize minutes later that the account was a nefarious clone. My stomach dropped I’d just lost $15,000.The days that followed were filled with regret and panic. I reported the scam to social media platforms and local authorities, but the decentralized nature of crypto transactions left me feeling utterly despondent. That’s when I discovered FUNDS RETRIEVER ENGINEER , a cybersecurity firm specializing in blockchain forensics and asset recovery. Desperate and anxious, I reached out to FUNDS RETRIEVER ENGINEER , unsure if my funds could ever be traced. Within hours, the dedicated team at FUNDS RETRIEVER ENGINEER sprang into action. Their social media forensics experts meticulously analyzed the fraudulent Elon Musk account, uncovering ties to a Singapore-based fraud ring operating a network of cloned celebrity profiles. They elucidated how these scammers exploited verified badges and viral content to appear legitimate. Meanwhile, the adept blockchain analysts at FUNDS RETRIEVER ENGINEER began tracing my SHIB tokens across decentralized exchanges (DEXs), identifying liquidity pools where the stolen funds had been funneled. The process was transparent and methodical. collaborated with FUNDS RETRIEVER ENGINEER liquidity providers and exchange platforms to freeze portions of the scammer’s assets, leveraging legal frameworks and real-time data tracking. After two tense weeks, FUNDS RETRIEVER ENGINEER successfully recovered 8.2 million SHIB tokens 80% of my initial loss While I’d hoped for a full recovery, reclaiming $12,000 in a landscape where most victims get nothing felt miraculous. Today, I’m sharing my story to warn others. Scammers are evolving, but so are the heroes fighting them. FUNDS RETRIEVER ENGINEER provided me not just financial restitution but invaluable peace of mind.

ADVANCED RECOVERY OF LOST USDT & ETH RELIABLE SOLUTION CONTACT SPARTAN TECH GROUP RETRIEVAL

Telegram: + 1 ( 5 8 1 ) 2 8 6 - 8 0 9 2

Website: h t t p s : / / spartan tech group retrieval . o r g

I received official emails, warning me that my tokens in my Coinbase wallet would be lost unless I migrated them to a new address. These messages' urgency and seemingly legitimate nature triggered a wave of panic, compelling me to act quickly without fully thinking it through. In a moment of fear, I transferred $40,000 worth of tokens to what I believed was a legitimate new address.

It wasn’t until after the transaction was completed that I realized the extent of my mistake. Those emails were nothing more than a cleverly orchestrated scam exploiting my trust. As the reality of my situation sank in, I felt a deep sense of despair. I had just sent a significant amount of my hard-earned money directly into the hands of criminals.

The feeling of helplessness was overwhelming, and I couldn’t shake the thought that I had been so easily deceived. Determined not to give up, I quickly reached out to SPARTAN TECH GROUP RETRIEVAL, a service that specializes in tracking stolen cryptocurrencies.
Their team was incredibly responsive and began investigating my case right away.
SPARTAN TECH GROUP RETRIEVAL worked diligently to trace the stolen coins, and within a short period, they managed to identify the funds in a Binance account.

They provided me with solid evidence of the fraud and took immediate action to freeze $33,000 of my funds before they could be laundered. The expertise and swift response from SPARTAN TECH GROUP RETRIEVAL were invaluable during this crisis, and I felt a glimmer of hope knowing that I had a team working to recover my losses. This has shown me a crucial lesson about the importance of skepticism and thoroughness in the cryptocurrency world.

Scammers are becoming increasingly sophisticated, and their tactics can easily mislead even the most cautious investors. I urge everyone to exercise caution and never trust migration requests without verifying their authenticity. Always double-check the source of any communication regarding your assets, and consider contacting official channels for confirmation. While I was fortunate to recover a portion of my funds with the help of SPARTAN TECH GROUP RETRIEVAL, many others may not be as lucky.
The cryptocurrency landscape is filled with risks, and it is our responsibility to safeguard ourselves by remaining informed. Remember, if something feels too urgent or too good to be true, it likely is.
Always take the time to verify before taking action.
SPARTAN TECH GROUP RETRIEVAL has shown me the importance of acting quickly and seeking help when faced with potential Online fraud.

I am Serinda, a resident of West Virginia, and I am sharing my experience of being defrauded by a cryptocurrency Ponzi scheme. A few months ago, I encountered a crypto exchange website that deceptively mimicked a legitimate crypto exchange, and their support team proved exceptionally unhelpful. Unbeknownst to me, I was ensnared in a cycle of incessant fee demands, purportedly required to access the funds they instructed me to deposit. They had fabricated a fraudulent exchange platform designed to lure individuals into depositing their crypto tokens with the promise of significant returns. Regrettably, I was oblivious to the deception. My realization dawned when the exchange website rejected my withdrawal requests. In desperation, I contacted DUNE NECTAR WEB EXPERT. They not only facilitated the recovery of my crypto funds but also educated me about the mechanics of the scam. While the experience was devastating, I am profoundly grateful for their assistance in retrieving my crypto tokens from that fraudulent exchange website and its team. I strongly urge everyone to exercise extreme caution and conduct comprehensive due diligence before investing or transferring cryptocurrencies to any website or team. DUNE NECTAR WEB EXPERT can be contacted via: - Email ( Support @Dunenectarwebexpert . Com ), Telegram ( Dunenectarwebexpert ), Mobile Number ( +1- 617-283-4687 ).

Best Cryptocurrency Recovery Company / CAPTAIN WEBGENESIS CRYPTO RECOVERY CENTER

As a Crypto enthusiast, I had invested a significant amount in various altcoins and tokens. One day, I woke up to find my wallet empty. Panic set in. I frantically checked my exchanges and wallets, hoping it was just a temporary glitch. Unfortunately, it was not. I had fallen victim to a phishing scam that compromised my wallet's security. In my quest for a reliable recovery service, I stumbled upon CAPTAIN WEBGENESIS CRYPTO RECOVERY CENTER. After extensive research, I discovered that they had a solid reputation in the crypto community. They had successfully helped countless individuals recover their lost funds, and their transparent approach immediately caught my attention. The CAPTAIN WEBGENESIS CRYPTO RECOVERY CENTER is a recovery service that specializes in helping individuals reclaim lost cryptocurrency assets. With a team of experienced professionals, they provide tailored solutions to victims of fraud and scams. After reading various reviews and success stories, I was encouraged to reach out. The team was incredibly empathetic and knowledgeable, understanding the emotional turmoil that accompanies such financial setbacks. They outlined a clear plan of action, and within 36 hours all my lost money had been recovered.

Visit website: ( Captainwebgenesis. com )

BITCOIN SCAM RECOVERY SOLUTIONS / CAPTAIN WEBGENESIS.
How do I Recover My Stolen Cryptocurrency Without Being Scammed Again?.

The CAPTAIN WEBGENESIS recovery team is a global licensed forensic organization that can help you recover stolen bitcoin or tokens in a manner that maintains the highest level of discretion and confidentiality. The team of expert cyber-sleuths and cryptocurrency specialists has years of experience in tracking and retrieving digital assets stolen through fraudulent activities, such as phishing scams, ransomware attacks, and hacking incidents. CAPTAIN WEBGENESIS is available 24/7 to provide guidance and support, ensuring that you receive the best possible outcome.

Contact info;
Whatsapp+1(501)436,9362.
Email :(Captainwebgenesis @hackermail. com)

RELIABLE BITCOIN & CRYPTO RECOVERY SOLUTION

After my Trust wallet account was hacked over a month ago, I had almost given up hope of ever recovering my assets. I was scared into giving access to my wallet, and I watched helplessly as my funds were drained. Despite numerous attempts to reach customer support and trying various recovery options, I couldn’t get any help or guidance. My Trust wallet was completely compromised, and I feared that my Bitcoin and other tokens were gone for good. One day, while browsing blogs online, I c e across a recommendation for a service called   CRYPTO RECOVERY SOLUTION . The blog spoke about their success in recovering crypto wallets, and I figured I had nothing to lose by reaching out. I sent an email explaining my situation and provided the details of my hacked wallet address, as requested by their team .To my surprise, I received a response within a few hours, and they assured me they could help recover my account. At first, I was skeptical—after all, I had already been scammed once and wasn’t sure who to trust anymore. However,   CRYPTO RECOVERY SOLUTION  professionalism and their clear, concise communication made me feel at ease. Within 36 hours of sending the required details, something incredible happened. I was able to regain access to my Trust wallet account, and to my astonishment, my Bitcoin and other tokens were still intact. It was as if the hack never happened. I couldn’t believe it after weeks of frustration and loss,  CRYPTO RECOVERY SOLUTION had successfully restored my access to my assets. Even now, I’m still in shock at how efficiently and swiftly they were able to recover my account. The entire experience has been surreal, and I can't help but feel immense gratitude toward the team at   CRYPTO RECOVERY SOLUTION . They not only restored my access but also ensured the safety of my digital assets, something I didn’t think was possible after such a devastating hack .I wish I had known about their services earlier. If anyone finds themselves in a similar situation, I wholeheartedly recommend   CRYPTO RECOVERY SOLUTION . Their knowledge and ability to recover compromised accounts are unparalleled. I’m forever thankful to them am across a recommendation for a service called  CRYPTO RECOVERY SOLUTION . The blog spoke about their success in recovering crypto wallets, and I figured I had nothing to lose by reaching out. I sent an email explaining my situation and provided the details of my hacked wallet address, as requested by their team .To my surprise, I received a response within a few hours, and they assured me they could help recover my account. At first, I was skeptical—after all, I had already been scammed once and wasn’t sure who to trust anymore. However,  CRYPTO RECOVERY SOLUTION  professionalism and their clear, concise communication made me feel at ease. Within 36 hours of sending the required details, something incredible happened. I was able to regain access to my Trust wallet account, and to my astonishment, my Bitcoin and other tokens were still intact. It was as if the hack never happened. I couldn’t believe it after weeks of frustration and loss, CRYPTO RECOVERY SOLUTION had successfully restored my access to my assets. Even now, I’m still in shock at how efficiently and swiftly they were able to recover my account. The entire experience has been surreal, and I can't help but feel immense gratitude toward the team at  CRYPTO RECOVERY SOLUTION . They not only restored my access but also ensured the safety of my digital assets, something I didn’t think was possible after such a devastating hack .I wish I had known about their services earlier. If anyone finds themselves in a similar situation, I wholeheartedly recommend  CRYPTO RECOVERY SOLUTION . Their knowledge and ability to recover compromised accounts are unparalleled. I’m forever thankful to them WhatsApp number: +1 (332) 233‑2121

HOW TO SUCCESSFULLY RECOVER SCAMMED BTC AND ETH WITH THE HELP OF SALVAGE ASSET RECOVERY

A clip titled “Joe Rogan Reveals Secret Ethereum Fork” autopay on YouTube, featuring Rogan’s unmistakable voice praising a supposed “ETH 2.0 upgrade” that promised early investors up to 10x returns. Everything about the video seemed authentic, Rogan's casual tone, the familiar podcast studio, and even commentary from a so-called “blockchain expert.” Skeptical but curious, I clicked the link in the video’s description, which led to a sleek, professional-looking website promoting a limited-time ETH fork token presale. The sense of urgency was palpable. The site displayed endorsements from prominent crypto influencers I already followed, blockchain analytics claiming legitimacy, and a countdown timer steadily ticking toward zero. My fear of missing out overrode my usual caution. Convinced I was getting in on something exclusive, I transferred 50 ETH worth nearly $150,000 at the time to the provided wallet address. In return, I received newly minted “ETH2” tokens. For the next 48 hours, I celebrated what I believed was a smart, early-access investment. Then it all unraveled. The ETH2 tokens suddenly plummeted to zero value. The website vanished without a trace. Soon after, the YouTube video was flagged and removed; it had been a deepfake. Panic set in. I immediately reached out to SALVAGE ASSET RECOVERY, a cryptocurrency forensics firm I’d seen mentioned in security forums. Within hours, their team began tracing the scam. They explained the mechanics: the scammers used a “rug pull” strategy. A convincing deepfake drew in victims, fake tokens were issued, and the moment investments peaked, the thieves drained all liquidity. Using on-chain analysis, SALVAGE ASSET RECOVERY identified the scammers’ wallet addresses and tracked the flow of my ETH through various exchanges. They worked quickly with centralized platforms to freeze the stolen assets, leveraging anti-money laundering protocols. They also filed emergency legal requests, backed by blockchain evidence, to prove the funds were mine. After three tense weeks, they recovered 47.5 ETH, a 95% success rate. The remaining 2.5 ETH had been funneled to anonymous wallets and was unrecoverable. This taught me hard lessons. Deep Fakes are terrifyingly convincing. Urgency is a red flag. And in crypto, acting quickly after a scam is crucial. Now, I double-check everything and I share my story to protect others. Crypto is powerful, but so are its predators. If scammed, don’t give up. With experts like SALVAGE ASSET RECOVERY, recovery is possible.
CONTACT INFO--
TELEGRAM---@Salvageasset

WhatsApp+ 1 8 4 7 6 5 4 7 0 9 6

Lets say i have to send an email to the user when:

- user forgot password (email sent with a token to verify the user owns that email, and token identifies for which user is this link valid)

- email verification (email sent with a token to verify the user who just registered, where this token uniquely is generated for each newly registered user)

- etc

Notice how both of these cases include the same shit:
- sending emails
- generating unique tokens
- attaching each record to individual user

Does this mean i should pack this up in 1 single model in the database and differentiate which type of email it is over an enum (EMAIL_CONFIRM, FORGOT_PASSWORD etc)?

Or should these shits each have a different model and thus different tables in database?

Best Recovery Experts for Stolen Crypto Assets Recovery /  Recover Your Stolen Crypto

Losing Cryptocurrency can feel like losing a part of yourself. I never thought I would fall victim to one, but after losing my savings to a fraudulent scheme, But thanks to CAPTAIN WEBGENESIS CRYPTO RECOVERY CENTER, a Crypto assets recovery expert, I was able to reclaim my lost funds and regain my financial stability.  I invested in various coins and tokens, and for a while, everything seemed to be going well. However, my excitement quickly turned to despair when I discovered I had been scammed out all my money. I had to quickly find a solution to get back my lost Bitcoin. That's when I discovered CAPTAIN WEBGENESIS CRYPTO RECOVERY CENTER who came to my aid and recovered all my lost funds. I express my sincere gratitude to CAPTAIN WEBGENESIS CRYPTO RECOVERY CENTER for helping me in my dark moment.

More Info;(Captainwebgenesis. com), 
Email: (Captainwebgenesis@hackermail. com).

It's heartbreaking waking up to see all your coins and token leave your wallet without your approval. Yes! you guessed right! that was what happened to me a couple weeks back, thanks to a fellow who directed me to the best crypto recovery experts, it was this team that I worked with in getting about 89% of my tokens and coins back to my Trust wallet which was formerly hacked by who I don't even know. For anyone looking to reach this team, it's through the team's through email on:- FASTLINERECOVERYSERVICE @ GMAIL . COM. I hope someone finds this information useful and get their crypto currencies recovered too.

Thanks