OwnerRez | Remote (GMT -8 to GMT +3) | Senior Full Stack Engineer | Full Time
OwnerRez is a vacation rental software platform for property managers and owners that integrates with channels like Vrbo, Airbnb, TripAdvisor, and booking.com as well as direct websites to manage vacation rental properties, bookings, and guests -- making the entire process automated.
We're looking for a senior full stack engineer to join our team to design and develop features end to end -- from web UI to backend business logic, services, and the database. We’re also looking for ops skills and desire to join our on-call rotation.
Our stack: .NET (MVC, jQuery on the frontend, WebAPI on the backend), MySQL, Redis, DynamoDB.
OwnerRez | Remote | Senior Full Stack Engineer | Full Time
OwnerRez is a vacation rental software platform for property managers and owners that integrates with channels like Vrbo, Airbnb, TripAdvisor, and booking.com as well as direct websites to manage vacation rental properties, bookings, and guests -- making the entire process automated.
We're looking for a senior full stack engineer to join our team to design and develop features end to end -- from web UI to backend business logic, services, and the database. We’re also looking for ops skills and desire to join our on-call rotation.
Our stack: .NET (MVC, jQuery on the frontend, WebAPI on the backend), MySQL, Redis, DynamoDB.
OwnerRez | Remote | Senior Full Stack Engineer | Full Time
OwnerRez is a vacation rental software platform for property managers and owners that integrates with channels like Vrbo, Airbnb, TripAdvisor, and booking.com as well as direct websites to manage vacation rental properties, bookings, and guests -- making the entire process automated.
We're looking for a senior full stack engineer to join our team to design and develop features end to end -- from web UI to backend business logic, services, and the database. We’re also looking for ops skills and desire to join our on-call rotation.
Our stack: .NET (MVC, jQuery on the frontend, WebAPI on the backend), MySQL, Redis, DynamoDB.
OwnerRez | Remote | Senior Full Stack Engineer | Full Time
OwnerRez is a vacation rental software platform for property managers and owners that integrates with channels like Vrbo, Airbnb, TripAdvisor, and booking.com as well as direct websites to manage vacation rental properties, bookings, and guests -- making the entire process automated.
We're looking for a senior full stack engineer to join our team to design and develop features end to end -- from web UI to backend business logic, services, and the database. We’re also looking for ops skills and desire to join our on-call rotation.
Our stack: .NET (MVC, jQuery on the frontend, WebAPI on the backend), MySQL, Redis, DynamoDB.
OwnerRez | Remote | Senior Full Stack Engineer | Full Time
OwnerRez is a vacation rental software platform for property managers and owners that integrates with channels like Vrbo, Airbnb, TripAdvisor, and booking.com as well as direct websites to manage vacation rental properties, bookings, and guests -- making the entire process automated.
We're looking for a senior full stack engineer to join our team to design and develop features end to end -- from web UI to backend business logic, services, and the database.
Our stack: .NET (MVC, jQuery on the frontend, WebAPI on the backend), MySQL, Redis, DynamoDB.
They announced a fix but it hasn't rolled out everywhere yet -- it requires converting to a new "Amazon Web Service" login that is separate from your normal amazon.com account
It's because Mike Hearn retired from the Google anti-abuse team - their bot protections went downhill from there, and now bulk Google accounts sell for a few cents each.
It's easy to make money when you can send out thousands of spam emails, each with hundreds of recipients, for under a cent.
And where do those bulk Google accounts come from? Compromised accounts due to weak/leaked passwords, without 2FA.
What does Google do about them? Making it harder to log in to dormant accounts from new devices and locations. What's the result? Periodic HN complaints on someone unable to access their decade-old dormant account, or an active account with a truly forgotten password, etc.
Anti-abuse is hard. Damned if you do something, damned if you don't.
They could do far more things to solve this issue...
For dormant account reactivation, they can ask the user for lots of details that are in the account. For example, "please type in email addresses of as many people as possible that you have sent emails to from this account". Which cities have you previously logged into this account from?
All info would be optional, but the more the user provides the quicker they're going to get in.
When the user has provided enough information to be fairly sure that it's a real user attempting to login, then start a 7 day countdown. During the 7 days, contact the users top contacted email addresses and ask them to reply confirming the user is trying to reactivate the account.
Hire attackers to try and break into old accounts, and use their input to find the likelihood of each type of information being correctly given by the real account owner and an attacker.
> For dormant account reactivation, they can ask the user for lots of details that are in the account. For example, "please type in email addresses of as many people as possible that you have sent emails to from this account".
Oh. no. I'd rather they just up an deleted the account, instead.
Google is already painful enough to get into old accounts that you haven't used for a while.
For a dormant account, what's the chances that you're going to remember the email address that someone used years ago? People have address books for that, and the address book is locked on the other side of that password prompt.
> During the 7 days, contact the users top contacted email addresses and ask them to reply confirming the user is trying to reactivate the account.
Yeah, nah. That's awful for several reasons.
It's another phishing-like prompt - "Hey joe bloggs is trying to log into their email. Do you think it's really them? Click here to let them into their account".
If you invert it, then you're at risk of someone with a grudge against you clicking the "No, it's an attacker" link. Even a friend clicking it because they think it's funny.
There's no way I'd want most of the people I email to have any involvement in accessing my account, without me being able to nominate specifically whom the system emailed.
God no. I don't think you've thought of the edge cases at all. I have a 2nd email address I use for emergencies and almost never log in, but when I need it, I'm going to need it straight away, not in a week.
Also, gmail should never ever by emailing your contacts! It has no idea what your relationship with them is or what information about your actions you want to keep secret from them.
Back in the day, when online banking used printed TAN-lists as a second factor, phishing sites would ask "Please type in your next 10 TANs". That is what your "please type in as many"-idea reminds me of. :-)
Have you ever tried to recover an old google account? They ask much harder questions than the silly examples you gave. It’s already extremely difficult for legitimate users.
> Making it harder to log in to dormant accounts from new devices and locations.
There is no justification in making it difficult to log in to accounts that have never sent spam, that's the user-hostile part of gmail. They have it in their logs which accounts are sending spam.
When an attacker gets into a dormant account and sends spam, it's because they have already mined all the data in that account... Ie. they've already taken over every account that used that account for password resets, they've already stolen any credit card numbers they could find in the drafts folder or pictures of driving licenses and passports that were uploaded to Google Photos...
Sending spam is the last step... The steps beforehand are much more damaging to the user involved. And, sure, you could blame them for reusing their login password, but not being well versed on computer security isn't widespread, nor a reason to punish them.
And Facebook, for some reason. Which is weird as I've never signed up for any Facebook owned service. Never looked into how they do it, but they keep coming.
All of the lying and "nudging" and viewpoint policing is what made the "conspiraloons" so big (great word BTW). It was quite clear by March or April 2020 that a lot of lying was going on (wether "for the greater good" or some more nefarious reason) and also clear that everyone in media, politics, and science that should have been asking questions was instead giving a doe eyed acquiesce that the emperor was in fact wearing beautiful clothes.
Thanks, but not mine. At one time I used to read Indymedia, an open-posting forum. There were a lot of pretty conspiraloonatic posts, often about 9/11 and "chemtrails". This was the early noughties. The word's been around a long time.
I had the same issue with unavailable, but on an instance in us-east-1b. Finally just got the force stop to go through a minute ago and it's now running and available again.
> Can you expand on that? What feature do you use in east 1 that isn’t everywhere else that it’s your whole implementation?
Your question reads as a strawman. It matters nothing if EC2 is also available in Mumbai or Hong Kong if by default the whole world deploys everything and anything to us-east-1, and us-east-1 alone.
It's not a strawman. There's a huge difference between "AWS is down" and "customers don't know how to use AWS". For the people who use AWS correctly, they only had some degraded service, not downtime.
> It's not a strawman. There's a huge difference between "AWS is down" and "customers don't know how to use AWS".
Deploying a service to a single region is not, nor has it ever been, "customers don't know how to use AWS".
If anything, cargo culting this belief in global deployments being necessary, specially with services that have at most a regional demand, is a telltale sign a customer has no idea about what he is doing and is just mindlessly wasting money and engineering effort in something no one needs.
This blend of bad cargo cult advice sounds like a variant of microservices everywhere.
OwnerRez is a vacation rental software platform for property managers and owners that integrates with channels like Vrbo, Airbnb, TripAdvisor, and booking.com as well as direct websites to manage vacation rental properties, bookings, and guests -- making the entire process automated.
We're looking for a senior full stack engineer to join our team to design and develop features end to end -- from web UI to backend business logic, services, and the database. We’re also looking for ops skills and desire to join our on-call rotation.
Our stack: .NET (MVC, jQuery on the frontend, WebAPI on the backend), MySQL, Redis, DynamoDB.
Details: https://www.ownerreservations.com/senior-software-developer