Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Ngnr.club – A link-in-bio service for engineers (ngnr.club)
25 points by zabana 11 months ago | hide | past | favorite | 45 comments



Hey zabana, it looks like one of your endpoints is leaking password hashes that might be undesired?

POST https://cognito-idp.us-east-1.amazonaws.com/

Response:

``` { "ChallengeName": "PASSWORD_VERIFIER", "ChallengeParameters": { "SALT": "*", "SECRET_BLOCK": "*", "USER_ID_FOR_SRP": "*", "USERNAME": "*", "SRP_B": "**" } } ```


SRP (Secure Remote Password) does not store password in hashes, but rather uses a zero knowledge proof https://en.wikipedia.org/wiki/Secure_Remote_Password_protoco...

Without making the same post call, I thinnk you are seeing the challenge codes for the proofing


I wasn't aware of this. Thank you for the clarification. That's another rabbit hole I will soon lose myself into ^^


It still contains SALT and SECRET_BLOCK?


Oh ! Will investigate and fix ASAP.

Thanks for the help !


Sup, ngnr?

The name doesn’t roll of a tongue, IMO.


Took me a bit to understand at first, but now I read it as `engineer`


yeah that's exactly how it's pronounced :)


*by some variants of the english language at least.


It does if you pronounce it "sup, ngna."


Hey everyone, thanks for checking out the site and for signing up.

It seems that AWS cognito verification emails are subject to a daily limit of 50.

Your accounts are indeed created, but the confirmation emails containing the code are not being sent.

I'm working on fixing this issue as I'm writing this.

Thanks for your understanding.


Update number 2:

All users who have encountered issues signing up should receive an e-mail soon informing them that their account is verified and active.


The issue is fixed now (hopefully).

If you are able to sign up without issues, could you please confirm in this thread ?

Thanks


CodeDeliveryFailureException

Cognito received the following error from Amazon SES when attempting to send email: Email address is not verified. The following identities failed the check in region US-EAST-1: name@domain.com"

I don't have an email though.

Attempting to register again yields UsernameExistsException.


Nice catch !

I've updated the email to my personal email and ran a quick test, so it should work fine now.

Thanks for the help !


I can't re-register the same username because it already exists. And I can't log into that username because I didn't receive the confirmation email. Alternatively, I tried to do a password reset but have not received an email for that either.


I've just activated all unconfirmed accounts. You should now be able to sign in with no issues.

Thanks for your patience !


I'm still getting "User is not confirmed" :( user @matt


Working now :)


Was able to sign up without issues.


Heh, seems like you hit your limits. I was trying to secure my own name and kept getting generic error occured.

then i opened up the dev tools and saw

index-01401dc0.js:124 Exceeded daily email limit for the operation or the account. If a higher limit is required, please configure your user pool to use your own Amazon SES configuration for sending email.


Same, and then trying to sign up again gives "User already exists". Trying to sign in then gives "User is not confirmed". :D


Ouuhh ! Nice catch ! Thanks for the heads up. Will fix ASAP.


What kind of engineers? Anime engineers?


We're very inclusive haha

Truth is, I had to get creative otherwise the site would've looked bland.


I really like the simple UI and focus on projects/blogs. Cool site!

I think I found a bug, though - it seems like when I save on the "social media" page, it blows away data from the others. I was able to do this twice and it cleared out my name, location, and bio. Hope that helps!


Thanks for the feedback !

I'll look into that and come up with a fix ASAP.

Glad you like it !


Congrats on the launch!

I've seen this UI style become more popular, and I'm wondering if there's a name for it? E.g. "material design" is immediately recognizable, and I'm curious if this style comes from a similar UI framework.


Hey thanks for the kind message !

For this project I did everything from scratch but I used inspiration from a few things I saw on codepen and dribbble.

I'm not a designer that's why there's gifs everywhere haha


Seems like registration is kill for now. Hoping to register when it's back online :)

EDIT - cannot use a proton.me email apparently? Email address is not verified. The following identities failed the check in region US-EAST-1:


Yeah I've updated the Cognito User Pool configuration to use SES for emails instead of the default cognito sender.

If you try again now, you should be able to sign up no problem !

Cheers :)


$ User already exists

...

$ Cognito received the following error from Amazon SES when attempting to send email: Email address is not verified. The following identities failed the check in region US-EAST-1: <my gmail address>


I've just confirmed your account (@dylan)

Thanks for your patience !


The name immediately looked like "engineer club" to me. But it refused to take my password, and not in a fun way like that password game the other day


It may be failing the validation on AWS cognito's side.

Added to the todo list.

Thanks for the feedback !


Cool name and nice looking site! Looking forward for the signup to recover.


Cool but couldn't sign up. @patrick, used a masked fastmail address.


Would like to try it but yeah hitting your limit still.


Your account is now confirmed ! (@jest)


the name... cmon.


I know, I know ... ^^'


eng.surf is available

(coming up with domain names is the best part of coding!)


How did I not think of this haha


fwiw unfortunate name...


I know.

I realised it after the fact but then it kind of grew on me so I decided to keep it.

Thanks for the feedback !

Much appreciated.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: