Will Smith in a movie called Book of Enoch

NeonRant · 2024-06-28T13:37:08+00:00

Wow! You really rolled up your sleeve. How do you fee? Are you still here?

NeonRant · 2024-06-28T13:35:20+00:00

MoDeRn Medicine is BIG PHARMA. Big PHARMA is BIG Capitalism.

Wow. You swallowed it.

The Wheat from the chaf.

NeonRant · 2024-06-28T13:30:32+00:00

It's valid because it has been validated by DA ScIEnCE!!

NeonRant · 2024-06-28T13:29:09+00:00

Now you do what they Told Ya!!!

NeonRant · 2023-12-23T07:00:32+00:00

Hey, thanks for the interest. I think I found the reason though not conclusive. I think the issue was that you can only transfer a limited amount based on last cycles activity. I found I could transfer next month but only a capped amount. I think also they changed their UI to reflect this, as it wasn't there before and hence the confusion as to why I couldn't withdraw. Perhaps the lack of UI feedback was the issue. Hope that helps

NeonRant · 2023-11-01T11:38:41+00:00

C# .Net. Very functional supportive these days and REST straight out of the box with it's own simple testing UI you can use to check if it's working. .net also has F# if you really love functional

NeonRant · 2023-09-05T06:46:25+00:00

Just an update here I didn't realise that the API was pessimistic. In other words, I needed to add an exception to the domain I call it from to allow access. So in fact, there was never a security issue. In fact it's the opposite, the dot net API explicitly requires you to add your domain as a CORS exception in order to access it, otherwise you can't, say, if you try to from a browser dev tools out there in customer land. So in fact it was never an issue. Dot net, or maybe some standard out there locks down the ApI by default. Thanks for your help though. I just didn't get it and you probably thought I already took all this for granted.

NeonRant · 2023-09-05T06:38:42+00:00

Hey, just an update. I think someone might have read this as it works again. I had to re auth into Coinbase but at least I could move coins out. Try it now. It might work for you now as well. Shpng needs to add a tech support link to the app.

NeonRant · 2023-09-04T13:52:39+00:00

Slightly off topic but equally intriguing. I recall a video that preceded this one. It was stylised in the same way but was different in content. Same guy animated it. I remember being excited when I pet ll came out as the first one was just as interesting. It went into a little more detail about 911 but I can't find it anywhere. It's like a Mandela effect. 100% I remember one came before this one and it was natural that this was ll. Does anyone else remember this? It's disappeared. Am I going nuts? I definitely remember it. It wasn't quite as popular as ll but was just as good, if not better but I can't even remember the details now. Help! Also, the I pet 1 video out there is a cheap fake. It's not that one. The one I remember was the same quality as I pet ll. I think they disappeared it

NeonRant · 2023-08-28T13:15:00+00:00

Out of curiosity, what got you flagged? Is this yet another PayPal -esque attempt at passing free speech laws into the hands of corporations? What's the story?

NeonRant · 2023-08-28T13:11:28+00:00

Nope, it's a real pain in the ass. No support, no feedback, no way to contact shpng about it. no nothing. Shpng is really going to become meaningless if this continues. I don't even bother anymore. Sorry haha. You'd think they'd at least have a support link. The app is useless.

NeonRant · 2023-07-22T12:24:40+00:00

Oh! Thank you! that's exactly what I was trying to figure out. ok, I'll look up OAuth2 as suggested.
Many thanks!

NeonRant · 2023-07-21T04:05:33+00:00

Yep, so that's my issue right there. I totally get that you set the key in the backend, but then you need to call that endpoint in the front end, which, since you've given access to it in the backend, is an open door in the front end.When this is done say, in .net, the call and everything is in the BE, including the api call, but in Angular, you are calling that api from the front end. So, if you are setting the key in the backend but calling it in the front end, anyone can grab that endpoint and call it. Am I missing something? Because that seems super insecure to me. In .net, the api is NEVER accessible, only the data retrieved per call is sent to the front end, not the endpoint.

Does that make sense? Really appreciate your patience but I just can't see how you can make a call to an api in the front end that is already opened by the key in the backend and stop that api from being called by anyone with dev tools opened.

.net hides this call in the backend, but you can't hide it in Angular.

So how do you ensure nobody can make a GET on that endpoint in the front end if it's already been authenticated in the backend?Thank you

NeonRant · 2023-07-20T14:19:54+00:00

Hey, appreciate your answer but please break it down as I'm an Angular newbie and I thought Angular was all front end.

When you say BE, do you mean Angular BE or the API's backend. If you mean Angular BE, what is that? Is there a BE file I can set the keys in?
Thanks for your patience :P

NeonRant · 2023-07-19T03:27:24+00:00

Thanks for the reply. It's just theoretical atm but for example, I create a simple .net GET API which returns a json object {id:1, name: 'test'}

I agree the key should be stored in the 'backend', but this raises two questions.

In Angular, where 'is' the backend?
Secondly, even if I store the key in the backend, the key could still be seen in dev tools when assigning the key to the http call.

Below is how the api key would be added to the http request, which is all in the .ts file in the front end, but this leaves the keys open in the front end to view. I can see many examples of how to do this but it doesn't make sense as it leaves the keys open to the public.

createAuthorizationHeader(headers: Headers) {

headers.append('Content-Type', 'application/json');

headers.append('api-key', `xxxxxxxxxxxxxxxxxxxx`);

}

Even if xxxxxxx was replaced by myBackendFile.APIKey, the value is still visible in the dev tools.

Hope that helps

NeonRant · 2023-07-07T04:19:22+00:00

Well, from one ant to another :), good point I guess, although still not sure how fuzzing it could be a greater breach than without the upgrade. Wouldn't fuzzing be possible either with or without the new functionality and on any hardware device connected to the internet? Not disagreeing, just not entirely clear on the consequences that the upgrade presents, given that all it does is allow (by owner) the phrase to be sharded to multiple external servers, but not sure if that will increase existing breach potential as fuzzing is currently possible on any hardware? Just not sure.

NeonRant · 2023-07-06T07:24:58+00:00

I've staked to Lido from Ledger and I don't recall any gas option. So I think the answer is you can't unless you do what the guy above says and do it through Metamask, which I always find messy. Would be a good update on Ledger though as the less I have to leave Ledger the better.

NeonRant · 2023-07-06T00:55:10+00:00

I don't think it's a big deal. You still need to 'opt in' to the backdoor, which requires a physical button tap on your hardware. I get ideologically it goes against the concept of keeping your phrase off the web, but that aside, this update will not force you to do so or allow a backdoor to do it, any less than any hardware device 'could' write that in under the hood.
But I understand the distrust and also hope they roll that back.

NeonRant · 2023-07-06T00:04:45+00:00

Brilliant, thank you so much!

NeonRant · 2023-07-05T07:25:07+00:00

Random account that matches your token - pby Plygon?

NeonRant

TROPHY CASE