Or just allow multiple accounts to use the same email (with an upper limit)
Already people can chuck a + in the user part and register with the same email like joe+2@gmail.com so really there's not much point trying to maintain a 1:1 user to email ratio.
I don't think saying "but these popular sites let you enumerate registered email addresses via this other form" is justification to be lax about protecting against user enumeration attacks on your own site.
The actual take away should be more like "I found a security issue in the registration form of these popular sites, they should fix it"
Enumerating valid emails, even if rate limited, lets an attacker build a contact book for targeted phishing attacks, connecting leaked passwords, brute forcing and is also useful in recon to determine what sites a person may have an account with, and more. It's worth protecting against as much as possible.
Retiring a TLD is cruel to anyone using the domain, especially with the prevalence of TLS. Just as retiring "land" that someone paid for and is living on would be cruel.
The tendency for technologies to evaporate and be migrated to replacement for $reasons is too frequent.
Domain TLDs should remain constant. If .gb no longer represents a geopolitical entity then transition it to a new manager with a contract that stipulates maintenance of established domains. Don't set precedent for pulling TLDs out from under people.
> It is staggeringly unlikely that you would ever have encountered a .gb domain in the wild. The only domain which is registered, though inactive, is hmg.gb - standing for His Majesty's Government. The domain was originally created in the mid 1980s, and abandoned at some point in the 1990s. There are no active domains which use .gb and today, the government only uses .gov.uk for its domains.
A couple of challenging communication and behavior patterns I've experienced are:
* Didn't clarify requirements. Didn't outline or discuss potential solutions and tradeoffs to different approaches up front. Instead spent days writing an overcomplicated implementation based on their understanding of the problem in isolation. Typical code review feedback triggers a defensive response citing sunk cost fallacy and will not engage with non-syntactical questions, for example "why did you choose approach it this way instead of that way" is ignored or called out of scope
* Didn't prepare or share meeting agendas ahead of time. Instead tries to explain meeting context verbally on the fly. Monologues for 10-15 minutes touching unrelated points, outlining different ways we could structure the meeting, gives random bits of anecdotal context, then says "what do you think?". Is met with crickets. Attendees are confused and very little is established or clarified. Rinse and repeat at the next meeting.
These left me pretty much stumped and negatively affected my future efforts with the individuals.
I wonder how other people would approach these situations?
Already people can chuck a + in the user part and register with the same email like joe+2@gmail.com so really there's not much point trying to maintain a 1:1 user to email ratio.