Now that The Rings of Power promo is starting back up, I'll probably start talking about that on here too because I loved S1, and am very excited for S2. (I'll avoid spoilers though.)
If you'd just like to follow just my Laravel and Security work, I'd suggest signing up for my weekly security tips on http://securinglaravel.com. 🙂
In short, the Tolkien Estate put the TV rights up for sale and Amazon won, and Simon Tolkien (JRR's grandson) is a consultant on the show. I also believe the Estate provided Elvish translators and other resources.
I don't know if Amazon got the rights before or after the show runners pitched their idea though.
I don't think the Estate have any control over the film rights, but I could be wrong on that one.
@outofcontrol
It's too late for an import file, but I did scrape the tag pages to retrieve the list of tagged posts, and then used their API to update the posts.
My first full-time dev job was building a domain name registration system, so I'm very good at sniffing out domain scams.🧐
I received an suspicious looking email yesterday, so let's see how far I can string this along and what their goal is... 😈
(I'll keep this thread updated)
The first email from SL came from a different domain to the registry, but I've just noticed the latest is the actual domain. So I think it's a deceptive sales tactic scam rather than a third party scam.
I don't think ZN is real, their email was far too coordinated with SL, timing wise. Plus why reach out to me anyway, to tell me they are going to do it?
@valorin upps! I meant SL when I said ZN. I didn't realize that the messages in your screenshots were supposedly from two different entities.
Well, that's a rather interesting twist. They're trying to play the good cop/bad cop game with you.
This is weirder than I thought it'd be. Even if SL and ZN aren't the same entity, the way China's Internet regulations are composed would make it frightfully lucrative for someone to go around randomly filing paperwork to register Western trademarks because you can't have a domain in China unless you have a location in China or someone willing to act as your representative in China... and maybe that's what SL is actually trying to do... turn around and offer to be your representative.
I've been a small-scale domain reseller for many years and had people forward versions of that SL letter to me. I saw it constantly for about 10 years. It seems to have quieted down in the last 10 or maybe those emails are just getting blocked more effectively now.
Getting closer to migrating Securing Laravel to Ghost, but now there is a new issue: Substack manage the Stripe account, so I can't link Ghost to import subscribers.
Every set of instructions I've seen talked about connecting to the Substack Stripe before disconnecting Substack so billing is uninterrupted. Even the stuff from concierge.
I'm wondering if my account is somehow set up differently. I've pinged concierge, so hopefully they've encountered it before.
Do you use Encrypted Environment files in Laravel?
I think they are great for some special use cases, but given the prevalence of API keys and credentials found in repos, is it worth it to use them all the time?
There was a bit of a debate about this last time I posted it, so I'm curious to see how we're all feeling about them now. Or maybe I'm just being a old security grump? 🧐
@valorin Naive question: could you setup your own platform in laravel or something built on laravel, and integrate payments? I think you know someone to pen test the site 🥳
@outofcontrol That was my original plan, and is still my eventual goal, but I just don't have the time to spend on setting up a full newsletter site at the moment. I'm having enough trouble finding time for my course. 😔
The big appeal with Ghost is the Concierge who are doing the hard parts of the migration for me, so I can get off Substack faster.
Let's checkout three of the configuration options available as part of Laravel 11's Automatic Password Rehashing: custom fields, disabling rehashing, and changing bcrypt rounds.
This is your periodic reminder that anything you get from the user - including callback URL query params - should be considered untrusted user input and validated accordingly...
Otherwise, someone like me will come along and use it to steal your private keys! 😈
(True story)