►
Description
Neste meetup os integrantes do time "BR HEXA" que foi vencedor no Hackaton Virtual 2022 da Kong, estarão apresentando:
porque um modelo de autenticação baseado apenas em login e senha pode não ser suficiente e por que soluções de autenticação de vários fatores (2FA ou MFA) são necessárias
uma introdução ao TOTP (time-based one time password)
uma apresentação do plugin Kong que desenvolvemos para proteção OTP e que foi o vencedor do Hackaton Virtual 2022 da Kong
algumas dicas sobre como se destacar ao participar de futuros hackatons da Kong (mas as dicas valem para outros hackatons também)
A
A
From
the
Brazilian
community
at
the
event
virtual
right,
And,
then
our
agenda
for
today
we
are
going
to
basically
talk
about
explaining
the
problem
that
we
attacked.
The
problem
is
that
we
solved
it
is
a
problem
related
to
enabling
the
protection
of
a
timepiece
for
routes
responses
in
Kong
So.
Before
we
talk
exactly
about
the
Plugin,,
we
have
to
explain
the
problem,
right,
that
we
are
involved
the
problem,
the
problem
that
contextualizes
us.
A
So
starting
to
talk
about
the
problem,
here,
right
when
you
enter
your
online
accounts
when
you
log
in
to
some
services
or
you
perform
the
procedure
that
the
people
of
the
World
authenticate,
right,,
which
is
basically
you
tell
the
service,
you
prove
to
that
service
that
you
are
who
you
said
you
are,
and
that's
typically
right.
In
the
early
days
of
technology,
we
practically
provide
there
a
user
and
password
a
login,
an
email,
a
password,
a
CPF,
a
password,
a
combination,
there
basic
credentials
by
text
that
an
internal
check
was
made
in
the
service.
A
It
verified
that
things
were
correct
to
that
system.
But,
unfortunately,
things
unfortunately,
unfortunately,
It
depends
on
the
point
of
view.
The
technology
has
rolled
to
such
a
point
that
this
mechanism
may
not
be
enough
to
ensure
the
safety
of
a
number
of
civilians
online
for
a
number
of
reasons,
including
the
fact
that
that
passwords
can
be
shared,
including
the
fact
that
science
can
leak,
including
the
fact
that
users
and
passwords
are
often
easy
to
guess
and
find
out.
We
have
technologies
today,
for
example,
based
on
massively
parallel
processing
by
GPU
Where.
A
You
can
test
thousands
or
even
millions
of
combinations
of
logins
and
passwords
from
the
second
until
reaching
a
valid
password.
It
is
very
common
for
users
to
use
the
same
password
useless
for
different
services.
Passwords
can
be
company,
databases
can
be
compromised
and
you
can
have
the
famous
leak
of
passwords
on
the
internet,
deep
web,.
It's
full
of
full
of
cases
like
this.
You
can
have
infections
and
security
problems
on
the
machine
itself
on
the
user's
devices
can
be
compromised
with
software
of
the
type
that
log
some
tools.
A
Some
attack
tools
directly
on
the
network
infrastructure,
one
level
package
monitoring
an
expert
in
the
field
of
security.
He
con
talk
about
it
even
a
little
more
than
I
do
about
the
amount
of
risks
that
we
have
when
ours
also
that,
on
the
authentication
day
they
depend
purely
on
login
and
password,
and
then
once
we
depend
that
we
already
understand
that
we
cannot
depend
only
on
login
and
password,.
Nor
do
we
need
to
So
combine
other
tools,
other
authentication,
techniques,
other
authentication
factors
that
combined
will
allow
vascular
access
to
your
account
to
your
online
service.
A
And,
then
Here.
We
have
some
examples
of
additional
factors:
documentation
of
additional
authentication
factors
in
biometrics
based
on
facial
recognition,
voice,
recognition,
confirmation
code
that
can
be
sent
to
any
device
or
to
any
user
account
via
email
to
SMS
WhatsApp.
We
can
have
authentication
that
uses
a
combination
of
physical
devices,
e.g.
cards.
A
A
range
of
physical
devices
that
may
be
required
require,
after
them,
by
the
user
at
the
time
of
access
some
strategies,
such
as
secret
questions,
predefined
by
the
user,
with
information
that
only
that
user
will
know
so
the
user,
in
addition
to
having
to
provide
an
email.
But
he
also
has
to
answer
you
a
secret
question
there
when
authenticating
him,.
So
that
means
that
in
a
world
where
just
a
login
is
enough,,
we
can
end
up
having
two,
three
or
several
authentication
factors
operating
together..
A.
A
Little
more
robot
if
we
manage
to
provide
a
solution
where,
even
if
the
user's
login
password
ends
up
being
compromised
by
one
of
the
mechanisms
that
I
previously
provided,,
another
authentication
mechanism
will
be
required
and
the
user
will
not
be
so
vulnerable,
right?.
So
when
we
talk
about
authentication
factors,
we
are
typically
talking
about
three
basic
concepts:
icos
right
things
that
something
the
user
is,
that
is
things
that
are
part
of
the
person
of
the
entity
of
the
user
of
the
natural
person.
All
these
elements,
the
fingerprint
it
is
yours
alone.
A
It
is
yours,
unique
your
retinal
signature.
It
is
yours,
only
Iris
voice
recognition.
All
this
is
the
only
one.
This
is
who
you
are
And,
then,
when
we
also
talk
about
possession
of
physical
devices,
we
are
talking
about
something
that
the
user
has
something
that
the
user
has
a
key,
an
object,
a
smartphone,
a
badge,
a
fish,
something
so,
and
then
we
are
talking
about.
It
is
also
not
another
concept,
something
that
the
user
knows,
so
something
that
you
have
or
something
that
you
know
that
the
idea
that
example
there
of
the
secret
question.
A
A
And,
then,
when
you
go
to
access
that
account
that
system
that
application
raffles
among
the
available
authentication
factors,
2
3
or
4
of
these,
so
that
your
access
and
your
operation
in
your
account
is
guaranteed
And,
then
you
can
continue
there
Robson
with
presentation
of
the
concepts
Oh
cool,.
You
can
leave.
B
Doesn't
work
so
ATP
is
like
a
password,
but
it
can
only
be
used
once
So.
Therefore,
it
means
the
only
ones.
So
often
it
is
used
to
make
a
combination
with
a
normal
password
with
an
additional
authentication
mechanism
that
will
provide
this
security.
This
now
the
ATPS
are
exactly
what
they
look
like
right.
One
point
one,
and
that's
it
right
then,
after
using
this
password
once
it
is
cleared
right
the
next
time
you
need
to
access
this
application
in
another
way.
B
This
will
be
done
automatically
right
so
that
it
increases
security
and
makes
it
more
difficult
for
attackers
to
break
into
your
account
or
it's
a
private
account.
So
users
can
access
the
otp,
right,.
That's
where
there's
a
website
through
an
application
through
a
smartphone
application
there.
we
can
take
an
example
text
message
right,
a
token
of
the
owner.
Then
you
can
consider
a
keychain
And.
B
Then
you
are
a
generator
example,
for
example,
mo
ney
login
protector
it
generates
and
your
TP
that
you
can
use
as
an
application
on
your
phone
and
whenever
you
receive
an
SMS
there
with
a
code
you
can
help
to
enter
your
website
And.
Then
you
are
using
ATP,
so
the
variety
of
the
standard
algorithm
normally
used
sh1
right.
C
B
Generates
this
ATP
all
these
algorithms
use
two
inputs
to
generate
the
ATP.
It
is
a
seed,
a
movement
factor.
Then
you
need
to
understand.
The
seed
is
a
static
value.
It
is
a
secret
key
and
it
is
normally
created
when
you
establish
a
new
account
on
the
server.
There
is
already
an
indication.
So
while
the
seed
does
not
change,
then
the
movement
factor
changes
changes.
Whenever
a
new
TP
requested
as
a
movement
factor
is
generated,
there
is
a
big
difference
between
ATP
and
right
And.
B
B
Uncle
ATP
is
based
on
time
without
disposable,
based
on
that
time,
and
then
the
se
mind
static
outpia
there
is,
how
does
the
movement
factor
is
based
on
time
and
it
is
not
a
counter,
the
difference.
Is
it
uses
a
time
step,
which
is
the
time
it
uses.
It
uses
the
30
60
seconds
of
duration
and
the
password
it
does
not.
It
will
be
more
valid.
If
you
need
it,
you
have
to
request
a
new
one
through
the
application.
The
difference
is
that
it
uses
the
one-time
password
algorithm
right,
based
on
the
ATP
hmec.
B
D
Here
is
a
basic
ttp,
flow,
okay,,
it's
basically
like
Robson
commented
is.
When
you
create
your
account,,
you
can
use
an
application
to
generate
this
authentication,
and
at
that
moment
you
will
be
getting
the
seed.
When
you
read
the
QR
Code,,
there
will
be
both
the
seed
on
the
client
side
and
the
seed
on
the
server
side.
That
way
every
time
I
eat
the
Google
has
to
have
it
work
every
30
or
60
seconds.
A
new
teotp
is
generated.
D
Here
it
is
saying
that
the
basic
flow
that
happens
is
that
here
there
will
be
an
idp
or
an
authorization
server
that
will
do
the
front-engine
of
authentication.
Normally
the
flow
happens,
you
will
put
your
email
or
user
name
your
password,
and
then
you
will
be
asked
for
the
verification
code.
This
code
can,
for
example,
receive
sms
by
email
use.
An
application
like
Google
has
cator
And.
There
are
some
others
already
in
the
market.
D
A
D
Hotp
is
one
It
came
before
your
ATP,
so
I
ttp
is
an
evolution
of
http
that
basically
Hotp
has
a
vulnerability
that
it
is
susceptible
to
brute
force,
attacks
Because
as
it
is
based
on
a
counter.
So
every
time
that
you
want
to
generate
a
new
code,,
you
need
to
click
on
it
in
the
generator
to
generate
a
new
code..
This
code
will
be
valid
until
a
new
code
is
generated.
D
A
A
D
D
Developed
the
code
in
lua,
it
allows
you
to
register
the
plugin
at
Route
or
services
level.
Ok,
basically,
the
function
of
the
Plugin
is
to
intercept
the
request
and
check.
If
it
has
a
code,
it
has
a
little
bit.
It
has
a
code
and
later
validate
if
this
code
is
valid,
to
be
able
to
pass
the
request
through
a
desired
service.
This
is
a
lot
today.
This
is
very,
very
usual.
This
is
very
normal
in
our
day-to-day
life,,
especially
when
using
banking
applications
or
github,
for
example,.
When.
D
D
D
D
D
The
http
calls
we
used
luarast
Edith
pi.
We
also
created
a
load
test
with
k6
and
within
our
project.
There
is
also
the
Postman
collection
that
we
placed
the
requests
to
be
made
to
test
the
flow
that
we
created
and
in
the
project
also
made
available
docker
compose
that
we
can
quickly
upload
the
environment
to
test.
The
Plugin
here
is
a
sequence
diagram
that
we
put
to
exemplify
and
make
visible
how
the
request
flow
works.
So.
We
have
a
client
this
client.
D
He
will
at
first
need
to
create
a
user.
This
user
will
be
created,
for
example,
in
the
vault,
which
is
our
environment,
will
have
the
answer
from
the
vault.
After
creating
we
can
do
it
already
generate
the
ATP
in
the
case
here
we
are
not
using
any
application,
but
some
application
could
also
be
used
to
facilitate
the
generation
of
the
ATPS.
D
So
when
we
generate
the
totp,
it
will
be
generated
for
me
and
the
account
will
last
for
30
seconds
and
Walt
will
respond
with
that
ATP
of
yours
now
I
am
able
To
make
a
request
to
the
endpoint,
for
example,
to
transfer
money,
and
what
would
I
need
to
do?
I
need
to
pass
all
the
data
to
transfer
the
money
and
I
also
need
to
pass
a
code
that
I
previously
received
from
the
vault.
D
D
That
we
put
it
as
403,
which
is
the
guy,
doesn't
have
authorization
right
here
is
an
example
of
the
configuration
when
we
use
the
that
we
are
going
to
send
the
code
in
the
bar,.
So
we
have
the
definition
of
the
Service
that
we
are
putting
here
in
the
route,
right,
an
important
point
here.
This
is
the
declarative
with
fig.
It
is
the
format
that
Kong
debelates
accepts
to
register
the
routes
So.
In
this
case,
we
have
a
yamo
file
that
has
this
format
and
Kong
understands
and
registers
its
route
to
make
it
work.
So.
D
The
idea
is
very
similar,
using
admir,
nickname
Kong
to
make
the
inclusion
of
being
viço
or
route.
In
the
case
we
are
using
the
kongp
validator
plugin.
It
has
the
following
configurations:
we
have
the
Backyard
url,
which
is
basically
the
host
of
the
otp
generator
service.
We
have
a
back
and
pef,
which
is
what
is
the
pack
that
I
need
to
send
it
to
validate
the
code.
D
I
have
the
Walt
token,
which
is
basically
APK
to
make
the
communication
between
Kong
and
Walt,
and
it
has
the
Body
location
field
which,
in
this
case,
I'm
defining
where
I'm
going
to
send
the
wrong
code.
So
in
this
in
case
I'm,
going
to
have
the
MF
a
it's
going
to
be
an
object
and
inside
it
I'm
going
to
have
an
attribute
called
code
in
the
header.
It's
very
similar.
D
D
For
example,
I
want
that
when
I
register
in
the
service
level,
then
the
service
level
I
would
be
able
to
use
the
reder,
so
the
header
would
be
enabled
for
all
my
routes
is
another
very
important
thing
that
is
not
possible
for
now
is
to
be
able
to
customize
the
response.
When
the
code
is
not
sent,
then
the
tp
is
not
sent.
For
example,
Oh.
If
you
didn't
send
your
ATP
in
instead
of
403,
you
will
receive
one
r$
400,
so
it's
allowing
to
do.
That
is
the
other.
A
D
A
D
An
error
500
in
the
communication
of
him
trying
to
make
some
attempts,
because
there
may
have
been
a
network
problem
or
the
audio
was
going
up.
Yet
he
created
a
new
incan
and
something
was
going
up
in
that
sense
to
add
RPC
protocol
support.
This
already
here
is
already
very
interesting:
I,
don't
know,
for
example,
a
totp
provider
that
manages
RPC.
There's
a
product
to
be
created,
and
we
already
want
to
support
RPC,
mainly
because,
as
Kong
will
always
have
to
have
a
little
leg
on
Walt
for
it
to
work,.
D
A
Don't
know
luau
a
repository
of
artifacts
similar
to
Java
people
should
know
there.
Mei
comes
Central
repositor,
so
luarrox
is
like
it
was
like
made.
Central
artifacts
in
lua
are
published
and
made
available
so
that
they
can
be
used
in
any
project
based
on
low
rocks
and
using
those
dependency.
Files.
cia
dos
Famosos
pack
right
so
Lula's,
plugin
architecture,
pattern,
I,
use,
Roxy
pack
and
uses
low
rocks
as
a
Central
for
storing
and
obtaining
artifacts.
D
And
evolve
the
plugin
as
a
consequence,,
so
now
will
be
the
time
for
the
demo,.
We
will
run
it
and
show
it
working
The
plugin
and
the
flows
that
we
worked
on
in
the
project.
So,
we
have
the
it's
very
small
I,
try
to
make
it
bigger.
Here
we
have
this
structure
of
folders
So.
We
have
the
last
one
where
the.
D
D
D
D
So
here
is
the
definition
of
Kong
here
the
definition
of
Walt
basically
does
not
have
the
structure
to
run
Walt
in
development
mode,
and
here
is
Walt
need
ttp.
Basically,
it
will
go
up,
it
will
point
to
this
vault
and
it
will
change
this
command
always
come
back
from
that
moment
on,
our
Walt
is
available
to
be
an
ATP
screen
generator
and
the
http
is
well.
It
is
the
implementation
of
httpb.org.
D
Here
in
the
post,
basically,
when
they
import
this
Collection
just
follow
the
steps
that
we
have
the
prim
First.
The
necessary
request
is
the
creation
of
the
user
So.
You
have
to
pass
these
properties
here.
Basically,
I'm
saying
that
who
will
be
Richard
will
be
Walt.
I
can
put
other
items,
for
example
in
Google.
What
is
the
name
of
my
account
Mateus?
What
it
is
the
period
of
30
seconds?
This
is
how
long
your
ATP
will
be
available
to
be
used.
D
A
D
Exactly-
and
we
could
also
put
this
voucher
behind
the
Kong-
it's
just
for
didactic
reasons
here,
we
didn't
put
it,
but
it
would
also
be
possible
to
put
it
here.
Is
the
request
needs
to
be
made
to
generate
the
important
token,
the
name
of
the
account
And,
also
the
vault
for
the
Xbox
token,
which
is
the
Api,
so
I
can
connect
to
the
vault
and
generate
the
token
when
I
send
it
I
send
it.
It
will
generate
this
code
here.
It
is
valid
for
30
seconds
later.
D
A
D
D
This
moment
so
I
went
through
Kong
for
the
plugin.
It
is
worth
two
this
code
here
and
allows
me
to
pass
it
to
the
http
Bin.
So
basically,
here
it
is
just
returning
me
that
it
was
sent
so
some
headers,
the
name
and
some
information
and
the
Bari
itself
that
I
sent
it
gave
me
back.
If
I.
Try
again,
it
will
not
allow
you
to
pass
the
code
at
the
end.
I
will
generate
a
new
code
here
now.
I
will
try.
This
request
here
is
also
from
httv,
but
it
is
just
a
route.
D
D
D
Understood
That
the
user
to
arrive
at
that
moment,
he
will
already
be
authenticated
in
the
idp
But.
The
important
thing
is
that
he
has
this
flow,
also
the
authentication
I'm
with
idiot
WT,
for
example,
to
have,
in
addition
to
the
authentication,
also
to
have
the
code
at
this
moment
of
assuming
that
the
user
is
already
authenticated.
His
jwt
token
has
already
been
validated.
A
A
Of
this
type
and
the
second
protection
coming
from
our
ATP
pudding,
now
I'm
going
to
share
my
screen
here,
Matheus
very
practical
for
you
who
are
interested
in
doing
like
we
did
to
participate
in
one
Especially
in
the
racato
ns
from
the
conga,.
How
do
you
do
a
virtual
ragatão,
like
that?
Every
year,
always
linked
to
the
events
of
the
conqueror,
right,,
which
are
the
big
annual
event
of
Kong,
right,
of
the
Kong
community?.
A
How
did
we
win
this
competition,
this
dispute,,
as
you
can
imagine,
it's
an
international
event
with
teams
from
several
countries
participating
and
it's
not
exactly
our
victory,.
It
wasn't
entirely
the
result
of
the
house,.
It
had
a
logical
reasoning
that
we
implied
to
reach
this
result,
then,
first,
your
participation
in
the
project
at
rakaton,
Whatever
project.
You
are
going
to
carry
out
in
your
life,.
A
It
depends
on
you
putting
together
a
good
team,,
a
committed
team,,
a
team
with
iron,,
an
interested
team
that
will,
as
soon
as
possible
start
studying
the
possibilities
that
you
have
within
the
scenario
that
is
being
proposed
to
start
doing
things
as
soon
as
possible,
c
to
start
studying
what
is
being
proposed.
That
is
being
suggested
as
the
theme
of
that
rakaton.
It
is
necessary
so
that,
before
you
start
running
something
Where,
are
you
effectively
writing
code
that
you
understand
the
problem?
A
Some
problem
that
you
identify
some
problem
that
you
are
capable
of
solving
solve
And?
Then
there
is
a
very
cool
approach
that
comes
from
the
publication
of
the
book,
startline
that
presents
a
concept
of
the
Golden
Circle.
This
concept
was
this
term,
and
this
concept
was
presented
by
Simon
Side.
Basically,
you
start
with
why
you
focus
more
on
the
quality
of
the
idea
than
technical
perfection.
A
A
Nothing
is
a
requirement
for
you
to
do
well
in
the
trans
race,
at
least
focus
on
the
idea,
get
a
good
idea,
start
with
the
problem,
understand
why
you
are
attacking
that
solution,
and
you
can
use
this
Golden
Circle
approach
where
you
start
with
why,
understanding
the
problem,,
then
you
talk
in
your
lap
and
then
you
go
into
the
details.
What
that
will
be
built
so
notice?
We
only
build
things
effectively.
We
are
going
to
get
our
hands
dirty
in
the
third
part
of
our
subject.
A
So
we
start
by
understanding
the
problem,
understanding
why
we
are
doing
it.
How
are
we
going
to
solve
that
problem?
And
after
what
way
are
we
going
to
build
a
solution
that
delivers
this
solution?
A
very
simple
but
well-,
structured
reasoning
that
has
a
very
powerful
theoretical
basis,
so
I
strongly
recommend
it
after
you
pick
up
this
book,
Golden
Surf
Read
it
because
it
is
very
interesting
that
the
Simon
Sider
who
proposes
there
and
then
we
have
to
once
we
understand
the
problem
and
we
already
know
more
or
less
what
we
are
going
to
do,.
A
We
have
to
think
about
building
something
that
is
something
new
or
something
better
than
what
already
exists,
because
if
you
take
something
you
already
have
and
make
something
worse
than
what
already
exists,
you
won't
be
adding
value,
but
it
doesn't
have
to
be
something
super
complex
revolutionary
from
another
world.
You
will
see
from
the
flow
that
we
described
that
our
plugin
is
a
relatively
simple
implementation
of
an
external
httpa
call
to
fart
come
back.
A
There
is
nothing
very
sophisticated
in
the
implementation
that
we
made
it
available,
but
it
only
solves
a
problem
and
if
you
open
it
like
we
did,
open
the
plugin
documentation
palette
of
the
docker
HUB,
you
will
realize
that
there
was
no
official
plugin
there
in
the
plugins
palette
focused
on
protecting
a
timepiece,
so
people
This
is
a
problem
that
many
people
will
want
to
solve.
People
need
to
have
multiple
authentication
factors,
One
Time
parts
and
mainly,
and
the
base
team
of
something
that
has
been
used.
A
lot
doesn't
have
the
Kong
Plugin.
A
For
that
it's
something
simple
to
do.
Let's
do
it
then
Understand
the
reasoning
we
saw
something
new.
We
saw
something
useful
and
that
wasn't
necessarily
so
complex
in
the
revolutionary
the
result
of
our
victory,
not
raka.
Just
that
one
thing
has
to
be
very
clear:
it's
not
because
you're
developing
something
simple,
and
it's
not
necessarily
super
complete
super
revolutionary
that
you're
going
to
do
anyway
or
without
attention
to
detail.
The
main
issue
is
to
provide
the
best
possible
documentation.
A
If
you
access
rei
de
mim
from
our
repository
today,
you
will
see
that
the
pace
is
very
detailed.
It
documents
well
All
the
plugin
parameterization
options.
We
provide
a
composite
docker
script
that
makes
it
very
simple
for
you
to
upload
an
installed
environment,
enabled
AND
running
that
we
provide
a
collection,
a
Postman
collection,
to
make
life
easier
for
those
who
are
going
to
send
it
a
set
of
requests
there.
A
So
you
don't
have
to
register
the
meals
normally,
so
we
made
the
user's
life
easier
through
an
excellent
documentation,
infrastructure
automation,
script,
even
though
it
is
a
solution
that
is
not
necessarily
super
hyper
complex.
The
issue
is
good
documentation
and
attention.
The
details
will
allow
your
rakaton
evaluator
to
look
at
the
work.
A
You
did,
understand
that
you
are
proposing
a
real
solution
to
a
problem
that
exists
and
see
that
you
made
an
effort
that
you
dedicated
yourself
to
deliver
a
nice
result,,
however
organized
it
may
be,
no
matter
how
top
the
team
you
buy
a
card
and
a
modest
share
here,
because
we
are
not
a
top
team.
There
will
never
be
time
to
do
everything.
There
will
be
time
to
do
everything
you
do
when
we
start
to
develop
ourselves.
A
lot
of
things
come
to
our
minds.
We.
Could
increase
land
cover.
A
A
Put
the
brakes
on.
to
do,
we
will
discard
no,
we
will
do
what
We
will
put
it
in
the
documentation
too.
That's
why,
in
our
project,
our
video,
it
has
a
documentation,
a
rubbish
title
of
the
project,
so
that
whoever
accesses
the
project
not
only
understands
what
the
plugin
does
but
understands
other
things
that
the
plugin
can
do
very
soon
and
we
open
the
door
for
more
people
to
also
collaborate
with
a
project.
After
all,
it's
in
githup,
it's
a
projector
thought
you're
already
something
for
the
community
to
also
support
us
evolve.
A
Right,,
as
even
Leonardo,
has
some
more
interesting
information.
There,
one
is
some
things
he
is
already
doing,.
He
will
be
able
to
bring
a
nice
contribution
there
to
for
community
with
some
evolutions
in
the
legal
part
to
follow
and
some
other
things
that
in
the
end
we
talk
to
Leandro.
A
little
bit
is
a
very
important
issue
here.
When
you
work
as
a
team,
At
rakaton,
it
is
absolutely
essential
that
your
team
communicates
that
you
take
this
seriously
as
if
it
were
a
project,.
A
So
what
did
we
do
in
addition
to
having
a
collaborative
code
environment,?
Nobody
was
waking
up
the
code
separately
on
nobody's
machine,.
We
were
commenting
on
the
code
in
the
repository,
opening
curricuestes
between
us
for
us
to
do
the
collaborative
review
point,,
we
structured
a
bunch
of
tasks,
We
created
a
project
on
the
leash
where
we
were
moving
cards
as
if
we
were
in
the
real
project
working
in
a
real
company.
This
is
absolutely
essential
to
guarantee
an
efficient
workflow
where
everyone
communicates
transparently.
A
Everyone
knows
what's
going
on,
everyone
knows
who
is
doing
what
everyone
knows.
What
is
most
important
to
do?
Everyone
knows
what
we
have
to
focus
on.
Everyone
knows
where
the
artifacts
are,
and
all
of
this
is
absolutely
essential
for
anyone
who
imagines
they
are
a
rakaton
that,
with
few
days
for
you
to
work,
imagine
that
you
will
have
to
work
asynchronously
at
crazy
hours
after
hours.
That
is
the
ragatão
scenario,
right,.
Nobody
will
get
there
at
work
and
the
next
boss
said
I'm
going
to
participate
here
in
the
hakaton
and
there's
two
weeks
off.
A
Then
I'll
come
back
here
because
I
want
to
win
Capão
da
Honda,
your
boss.
Will
let
you
quit
your
job
to
dedicate
it
for
two
weeks.
It
won't.
So
what
will
happen?
You
will
have
to
work
in
the
available
hours
you
have
in
the
lunch
time
weekend,
night
time
or
the
time
each
one
can
work
for
this
to
work.
You
need
to
have
transparent
communication
through
r
written
using
a
management
structure
based
on
some
control
mechanism.
It
does
not
necessarily
have
to
be
a
trelo
tram.
It
can
be
a
spreadsheet
on
Google
Drive.
A
It
can
be
something
based
on
crime
Box.
It
does
not
matter
at
the
moment
of
management
that
you
are
going
to
adopt.
The
important
thing
is
that
your
team
communicates
and
has
a
high
sense
of
responsibility
and
Honey
chip
of
the
project
when
the
project
belongs
to
the
team.
The
team
commits
the
team
runs
after
the
team
that
strives
the
Dal
gas
team
and
the
result
is
a
positive
result.
A
No
matter
how
much
you
will
not
win
at
the
end
of
the
day,
you
will
learn,
you
will
meet
people,
you
will
have
a
contribution
from
a
project
the
person
that
you
will
be
able
to
make
available
to
the
community,
even
if
it
does
not
arrive.
A
plugin
among
the
winning
plugins
is
a
very
important
thing
that
for
the
rakatões
da
Kong,
it
is
necessary
that
you
send
a
video
pit
of
a
maximum
of
three
minutes
speaking
in
English,
because
the
people
who
go
to
What
matters
are
people
who
don't
speak
Portuguese.
A
So
it's
good
to
buy
a
team
where
there's
someone
who
can
introduce
someone
who
preferably
knows
how
to
speak.
English
if
you
have
a
person
on
your
team
who
has
good
skills
with
video
editing
to
say
something
which
is
very
difficult,
right,
video
editing
for
us
to
try
to
make
a
little
video
cut
into
pieces
to
make
some
transitions
between
videos
and
such,.
So
it
was
a
difficulty
for
us
all
different
from
you
programmer
architects,
and
we
don't
know
how
to
design
video
editing,
making
a
slide.
A
None
of
that
we
did
what
we
could,
right,,
but
if
you
have
a
person
on
your
team
who
can
also
add
technical
support
in
this
part
of
making
documentation,
artifacts
and
visually
pleasing
videos,,
this
will
certainly
increase
your
chances,
there's
a
following:
mind,
right?,
which
has
been
raca
Tom
I,
obviously
put
the
image
of
Botafogo
for
the
person
to
put
the
request.
Off,
right,
miss
an
opportunity
with
this
one.
This
image
is
right
here.
This
one
is
Bernardo
who
he
was.
He
was
elected
Kong
Champion
of
the
year.
A
He
was
there
at
the
conquerimith
event
in
San
Francisco
right.
He
was
one
of
the
winners.
This
trophy
he's
holding
there
is
a
trophy,
is
a
gorilla
made
of
crystal
my
trophy.
Our
trophy
we
won,
it
is
also
arriving.
Mine
has
not
arrived
yet
until
I
make
a
claim
on
the
account,
because
it
is
taking
time
for
my
my
trophy
to
arrive.
A
I
want
it
on
my
table,
the
more
so
I
can
take
pictures
and
looking
at
it
all
day,
but
understanding
that
your
racatão
is
just
a
side
effect
of
a
combination
of
organization,
determination,
a
good
choice,
a
good
effort,
blurring
the
problem.
Well,
a
little
bit
of
luck
is
between
us
too,
but
the
important
thing
is
preparation
and
willingness
to
do
it
right.
If
you
put
together
a
determined,,
well-prepared,
focused
team
that
paid
due
attention
to
the
problem
man,,
there
is
no
mistake.
A
You
will
certainly
get
some
positive
result
from
You're
going
to
win,
but
certainly
a
positive
result
is
going
to
mess
this
up
and
so
by
winning.
You
did
like.
We
didn't
even
participate
in
the
hakaton.
You
did
your
best,
we
won
here.
The
game
is
not
over
yet
the
project
The
plugin
is
now
pension
code.
A
So
that's
what
I
have
to
share
I'm
going
to
tell
you
that
we
hope
that
our
naked
victory
in
this
rackton
is
a
moment
of
encouragement
that
I
encourage
you
who
want
to
participate
in
hakaton
who
want
to
contribute
more
to
The.
Kong
community
sees
this
victory
as
an
opportunity
to
encourage
the
community,
and
we
make
ourselves
available
for
next
year's
rankton
to
really
take
the
initiative
and
organize
more
balance
for
us
to
be
able
to
arrive
with
even
more
strength
and
bring
the
trophy
home
again.
That's
not
it!
So
that's
it!
I,
don't
know!
B
I
would
like
to
thank
the
organizers,
thank
the
team
that
made
this
happen,,
especially
you
two
did
your
best,
I
saw
an
engagement
that
was
out
of
the
ordinary,.
The
organization
made
the
people
could
get
there
because
really
working
on
Saturdays
and
Sundays
is
where
we
have
commitments
and
I
was
also
full
of
commitments.
I
got
here.
I
said:
let's
organize
it
here,
but
you
had
already
done
most
of
the
things
as
usual
and
anyway
that's
it
is
each
one
helping
a
little
and
it
was
done
thanks
to
working
together.
B
And
that
we
also
take
to
the
company.
That
I
usually
say
is
this
work
work
of
cooperating
with
each
other
and
helping
like
this.
We
manage
to
reach
the
end.
I
was
very
happy
for
the
fact
of
having
participated
with
you
and
the
consequences
we
won,
right,
but
I
didn't
expect
it,
but
I'm
very
happy
with
the
final
result.
That
was
the
development
of
this
very
cool
product,.
Congratulations.
A
To
everyone
for
sure,
and
now
in
the
next
ones,
as
a
breakdown
here
of
the
information
I
learned
here
from
Leandro,
Leandro
has
some
contributions
there
that
he
can
already
communicate
to
us
and
if
you
want
to
say
something,
there,
right?
a
few
seconds
before
we
close
here
what
you
haven't
been
doing
there
with
a
plugin
already
Tell
us
there.
E
E
Facebook
I,
don't
know
if
it
still
works
t
in
a
lot
of
things.
There
is
prepared
for
you
and
me
watching
tokens
there.
So
I
have
an
authentication
goal
there
that
there
were
differential
aws.
That
is
the
method
there.
The
WS
of
the
bucket
that
is
already
implemented
there
later
I
can
send
ms6
instead
of.
A
E
E
E
E
A
Lot
of
faith
So
guys
That's
it
that
project
that
we
start
by
creating
a
small
door.
A
small
proof
of
concept
business
is
gaining,
the
body
is
growing,
the
community
is
collaborating
soon.
Projects
appears
there
in
our
our
dream
in
a
while.
Not
only
will
we
have
a
release
of
our
plugin
available
there
in
Roblox,
but
also
eventually,
it
will
appear
there
in
official
plugin
palette
there
in
the
Hub,
right
about
plugins
Maybe.
It
will
sprout
there
at
some
point,
right.
A
?
It's
been
our
time
here.
I
would
like
to
thank
you
very
much
for
your
presence.
I
would
certainly
like
to
invite
you
to
participate
in
the
next
military
of
the
Kong
community.
We
really
want
to
encourage
you
to
participate
in
the
events
winning
the
virtual
hacatons,
because
it
is
certainly
worth
it
and
the
reward
in
learning
and
networking
with
people
Network
will
definitely
change
and
make
your
career
be
catapulted
further
and
further
forward.
Ok,.