Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
devRow4957yI like the idea, you don't really need to care for front end but why not care for customer support? "Just fuck off for fucks sake." This is a sentence on the contact page ππ I mean, if you're looking to make some profit that's not great, but if not than this is a pretty funny service.
-
donuts236727yWhat motivated you to spend the time and $ to build this? How much was each?
I spent like 4hrs yesterday coding but that was to create a use case to learn ML with. -
So many stock images, so much not caring, I like itπ
But I think there should be reseller options, for resellers that really don't give a fuckπ -
donuts236727y@linuxxx wtf.... Doesnt domain n hosting usually add up to $20+ a yr?
https://my.bluehost.com/hosting/... -
@billgates It's running on the same server as much-security.nl, not paying extra :)
-
Name: Bag of angry dicks
Email:thousandangryclients@dicksonthecloud.com
Comment:
Listen here you pieces of shit. I don’t fucking care that you don’t care. I need this website GDPR compliant YESTERDAY because it’s the fucking LAW and my marketing team said search results will PLUMIT okay? We do graphs with numbers going UP okay? NUMBERS GOING UP!! I pay YOU for this!! Do you even fucking business???
*clicks button, nothing happens*
Me: Hehe. -
You should have used images with the shutterstock watermark.
but ah well, who cares. -
@RantSomeWhere I think that a site which doesn't use cookies nor collects any kind of data is very much GDPR compliant :)
-
@demortes Ahh! But on a serious note, you said the last comment about the logs without checking if that's the case?
-
@linuxxx guess I didn't expect you to. Most basic protections would rely on that. DDoS protections fail2ban etc.
-
@demortes Have got CSF for the attacks. It logs ip addresses but not related to site visits.
Also in most applications I log the ip addresses in hashed format. -
@demortes Because privacy? I don't need to know where they're from or anything (and if I do I'll run it through my geoip api and hash it afterwards). The automated system needs to compare values, that's all.
-
@linuxxx That way, if somebody *does* get hands on the logs/database (or wherever those IPs are stored in your app), they don't really have useful information (unless they want to bruteforce the hashes for some reason)
-
@linuxxx it's a good solution. Just a bit extreme but there are things about your setup I don't know. I assume this is a private server not a corporate server. You're the only one with access. For hacking it wouldn't do much to prevent reversing the hash even with rainbow tables. These are the assumptions I'm working under.
-
@demortes Why would it be extreme? Some people find me extreme for blocking Google out of my laptop but why would that be extreme?
-
@demortes "reversing the hash even with rainbow tables"
if you use some nested algos (like sha256->whirlpool->md5 etc. etc.) then you'll still slow them down a lot.
It's always possible to reverse a hash, the problem just is, do you want to invest all those resources in it?
and even if it's a private server, servers still can get hacked... -
@FinlayDaG33k let's play what if. What if the servers do get hacked? What good is an IP address for this type of website? Why do you feel IP address is worth protecting in such a matter?
-
1. Then they do not have the IP list (at most they have the hashes and can get the IPs of NEW visitors)
2. I don't understand this question
3. it can be used to link people to specific things.
For example, if you find my IP in the database leak of (for example) an anime shop, but you also find my IP in the leak of a gun shop, you can then link that together like: "they could be the same person".
You can then sell that information and make a profit on it.
Just an example ofc. -
@FinlayDaG33k anyone buying that data can't trust the reliability. But I can see what you're getting at. It's worth some thought.
-
@demortes I build a small wanker site (seriously, don't ask, I was bored and saw a small hole in the market) and I also hashed the IPs of those visitors.
I could still link their browsing through the site, but I didn't know their IPs
Related Rants
Launching a new service today:
https://wedontcare.host
If you don't like the front end, I couldn't care less!
rant
fun