wynd's wall

← back to profile

zu:

Where you second to reach 100? Or third?

6/7/2022, 11:45:11 PM
wynd:

Third, I was only in 2nd when I had like 30 or something

6/7/2022, 11:48:24 PM
zu:

K

6/7/2022, 11:48:39 PM
zu:

hi wynd

6/7/2022, 1:15:42 PM
wynd:

hello

6/7/2022, 2:59:32 PM
zu:

for some reason I wasnt following you

even though I thought I was

anyway I followed now lol

5/31/2022, 1:21:51 PM
joebiden:

Thanks, try to follow faster next time - Wynd

6/3/2022, 4:37:36 PM
zu:

Ok

6/3/2022, 5:34:51 PM
wynd:

To verify, I did not say this

6/3/2022, 6:08:05 PM
zu:

Lol ok

6/3/2022, 7:18:46 PM
joebiden:

You are such a loser ZU

6/7/2022, 4:21:52 PM
joebiden:

OMG!!!! WYND HACKED MY ACCOUNT AND SAID THIS!!! IM SO SORRY - Joe Biden

6/7/2022, 4:22:16 PM
wynd:

Are you kidding me, no I didn’t say that

6/7/2022, 4:31:45 PM
zu:

Lmao

6/7/2022, 4:33:19 PM
nebulous:

https://lankybox02.github.io/bundle/view.html#56

your username has “ (banned)” on the navbar if you're banned and you cannot share, edit or delete projects

5/30/2022, 9:32:01 AM
nebulous:

aka you're not banned

5/30/2022, 9:32:11 AM
wynd:

Yeah I thought I was a first, because I couldn’t find the project, because most viewed projects are out of order lol

5/30/2022, 1:10:54 PM
tnix:

Bundle has all user information public here: lankybox02 - Replit

This is really bad. Firstly all tokens have to be hashed to be kept secure, which is very bad for performance, and yet all the hashes are still public. Secondly, having them hashed doesn’t mean they can’t be cracked, someone could run a script to crack these passwords pretty quickly.

This is basically a data breach, this information should not be public.

6/17/2022, 11:15:14 AM
tnix:

Link seemed to have broke: https://replit.com/@lankybox02/bundle-api?v=1#auth.json

6/17/2022, 11:15:38 AM
zu:

Are you gonna reverify? You should

5/26/2022, 1:22:51 AM
wynd:

Dunno, now people can’t ask me to ask jeffalo to verify them, but on the other hand people might try to impersonate me ig so maybe

5/26/2022, 1:25:41 AM
zu:

I would reverify for that exact reason since someone literally just did try to impersonate u

5/26/2022, 2:17:05 AM
wynd:

aight I did

6/4/2022, 7:08:02 PM
quantum-codes:

Unverified? Did you rename or smth?

5/20/2022, 11:28:29 AM
quantum-codes:

I totally didn’t see you asking jeffalo to unverify

I found out myself 😂

5/20/2022, 11:29:29 AM
og:

wind

5/16/2022, 4:29:16 PM
wynd:

y

5/17/2022, 10:17:37 AM
joebiden:

most trash user on the site :/

5/16/2022, 4:21:36 PM
wynd:

same

5/17/2022, 10:18:09 AM
joebiden:

follow me

5/13/2022, 4:37:32 PM
oren:

Me when Wynd is online

5/12/2022, 8:16:56 PM
wynd:

I’m online a decent amount lol

5/12/2022, 8:29:04 PM
sierralima:

why did you follow me?

5/11/2022, 7:19:45 PM
wynd:

my goal is to follow everyone

5/11/2022, 8:05:45 PM
sierralima:

thx for it tho

5/11/2022, 8:07:18 PM
wynd:

youtu.be

5/11/2022, 12:02:39 PM
wynd:

test: wasteof.time

5/11/2022, 12:00:21 PM
wynd:

neat it recognizes tlds

more tests: withaz.ally

5/11/2022, 12:01:50 PM
wynd:

byushjbjbej.XN--XKC2DL3A5EE0H

5/11/2022, 12:02:19 PM
nebulous:

Wait so how do accounts work if there is no password

Glad you asked! Each account has a different “session” that is saved in your local browser data, along with the username. When you enter the website, the API checks if your username matches with your session. You cannot actually see that session because the only time your browser will actually receive it is when you sign up, so that it can be saved in your local browser data.

4/29/2022, 5:36:14 PM
wynd:

So I can’t sign on from anything but the built in discord browser now?

4/29/2022, 5:45:18 PM
nebulous:

what

4/29/2022, 5:46:18 PM
wynd:

Am I only able to sign on with the device+browser I made the account with?

4/29/2022, 5:48:41 PM
nebulous:

well, yes, but i am planning to create a token feature where you can generate a key for your account that you can use to log in from other devices

4/29/2022, 5:50:37 PM
wynd:

Ok that’s good

4/29/2022, 5:52:39 PM
tnix:

Uhh, that sounds bad. Accounts could very easily be lost and it sounds like there’s one token that can be used, meaning if the token is stolen that person has full access over their account. I would recommend just using normal accounts and also having a token pair, one for accessing the site that expires after a short amount of time and one that refreshes the session with a different token, also detect token re-use and all of that.

6/17/2022, 10:58:48 AM
wynd:

This was a conversation about a website that doesn’t seem to exist anymore

6/17/2022, 11:05:10 AM
tnix:

Were you talking about Bundle or some other site?

6/17/2022, 11:11:55 AM
wynd:

riverbox, it was like bundle but before

6/17/2022, 12:19:34 PM
nebulous:

i legit have no idea about what i was talking about here. Your password and username were saved in localStorage and that was basically the entire auth system. Bundle uses a better system now

6/17/2022, 3:58:36 PM
ratio:

what does wynd mean?

4/28/2022, 5:21:28 PM
wynd:

Me I believe

4/28/2022, 7:31:01 PM
ratio:

yes

5/2/2022, 7:58:42 PM