Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
* Sets up some software
"Alright, and now to start the database"
* types "sudo systemctl start po-"
* hits tab -> poweroff.target
* Enter
...fuck me
little did I know, the database was already started...4 -
So I have seen this quite a few times now and posted the text below already, but I'd like to shed some light on this:
If you hit up your dev tools and check the network tab, you might see some repeated API calls. Those calls include a GET parameter named "token". The request looks something like this: "https://domain.tld/api/somecall/..."
You can think of this token as a temporary password, or a key that holds information about your user and other information in the backend. If one would steal a token that belongs to another user, you would have control over his account. Now many complained that this key is visible in the URL and not "encrypted". I'll try to explain why this is, well "wrong" or doesn't impose a bigger security risk than normal:
There is no such thing as an "unencrypted query", well besides really transmitting encrypted data. This fields are being protected by the transport layer (HTTPS) or not (HTTP) and while it might not be common to transmit these fields in a GET query parameter, it's standard to send those tokens as cookies, which are as exposed as query parameters. Hit up some random site. The chance that you'll see a PHP session id being transmitted as a cookie is high. Cookies are as exposed as any HTTP GET or POST Form data and can be viewed as easily. Look for a "details" or "http header" section in your dev tools.
Stolen tokens can be used to "log in" into the website, although it might be made harder by only allowing one IP per token or similar. However the use of such a that token is absolut standard and nothing special devRant does. Every site that offers you a "keep me logged in" or "remember me" option uses something like this, one way or the other. Because a token could have been stolen you sometimes need to additionally enter your current password when doings something security risky, like changing your password. In that case your password is being used as a second factor. The idea is, that an attacker could have stolen your token, but still doesn't know your password. It's not enough to grab a token, you need that second (or maybe thrid) factor. As an example - that's how githubs "sudo" mode works. You have got your token, that grants you more permissions than a non-logged in user has, but to do the critical stuff you need an additional token that's only valid for that session, because asking for your password before every action would be inconvenient when setting up a repo
I hope this helps understanding a bit more of this topic :)
Keep safe and keep asking questions if you fell that your data is in danger
Reeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee5 -
ŁEŊ@#fmęgwjnfčuÆ®ŊÆŁEŊ3ŋ4ħ€3łæŋ€4æł4ħæ4€ħ9æŋ98ł3ħŋ98↓łħ€9“→↓ŋħł93ŋ@38ŁŊ89ÆŁ4ĦŊ08ÆŁĦ093Đ3@09ŋæłęb„guwahęgawęgÆŁ$ĦÆEı$Ŋ(ÆŁ#Ŋ↑(łæ49↓ŋw
AAAAAAAAAAARRGGHHHHH!!!!!!!!!!!!!!!!!!!!!!!
I'm gonna break this laptop in half if I will not get a break from Windows!
I'm running it in a VM and STILL this fucker gets on my nerves SO FUCKING HARD!!!
1. CPU% 100%. Laptop fans are spinning so hard it's ready to take off
2. My hands are on the laptop. THey are HOT from the heat from inside. Hell that's uncomfortable!
3. ctrl+shift+esc to see why is cpu% 100%. It's something called WMI Host something. Kill that mthrfckr!
4. Process respawns immediately and goes up to 100% again. I have already increased handles limitation for that service a few weeks ago. Like 20x more than it was before!
5. website in IE
6. does not seem to be responding
7. hit f5. Nothing happens
8. Hit refrech buttong on the toolbar. Nothing happens
9. Place cursor at the address bar and hit ENTER. Nothing happens.
Meanwhile my hands are burning.
WHAT THE FUCK!!!
What kind of idiotic system is that!! My asshole is a better OS than this piece of SHIT!
AAAARGHHHHHHHHHHHHHHH#@ŦŊæ¶đ@#ĸogęq j
I'm super pissed. Better keep a 30-40 meters distance from me so the things I throw at you would not hit your ballz!
Now that I come to think of it, the only times I am THAT pissed is the times I am using windows. Srsly.8 -
Two big moments today:
1. Holy hell, how did I ever get on without a proper debugger? Was debugging some old code by eye (following along and keeping track mentally, of what the variables should be and what each step did). That didn't work because the code isn't intuitive. Tried the print() method, old reliable as it were. Kinda worked but didn't give me enough fine-grain control.
Bit the bullet and installed Wing IDE for python. And bam, it hit me. How did I ever live without step-through, and breakpoints before now?
2. Remember that non-sieve prime generator I wrote a while back? (well maybe some of you do). The one that generated quasi lucas carmichael (QLC) numbers? Well thats what I managed to debug. I figured out why it wasn't working. Last time I released it, I included two core methods, genprimes() and nextPrime(). The first generates a list of primes accurately, up to some n, and only needs a small handful of QLC numbers filtered out after the fact (because the set of primes generated and the set of QLC numbers overlap. Well I think they call it an embedding, as in QLC is included in the series generated by genprimes, but not the converse, but I digress).
nextPrime() was supposed to take any arbitrary n above zero, and accurately return the nearest prime number above the argument. But for some reason when it started, it would return 2,3,5,6...but genprimes() would work fine for some reason.
So genprimes loops over an index, i, and tests it for primality. It begins by entering the loop, and doing "result = gffi(i)".
This calls into something a function that runs four tests on the argument passed to it. I won't go into detail here about what those are because I don't even remember how I came up with them (I'll make a separate post when the code is fully fixed).
If the number fails any of these tests then gffi would just return the value of i that was passed to it, unaltered. Otherwise, if it did pass all of them, it would return i+1.
And once back in genPrimes() we would check if the variable 'result' was greater than the loop index. And if it was, then it was either prime (comparatively plentiful) or a QLC number (comparatively rare)--these two types and no others.
nextPrime() was only taking n, and didn't have this index to compare to, so the prior steps in genprimes were acting as a filter that nextPrime() didn't have, while internally gffi() was returning not only primes, and QLCs, but also plenty of composite numbers.
Now *why* that last step in genPrimes() was filtering out all the composites, idk.
But now that I understand whats going on I can fix it and hypothetically it should be possible to enter a positive n of any size, and without additional primality checks (such as is done with sieves, where you have to check off multiples of n), get the nearest prime numbers. Of course I'm not familiar enough with prime number generation to know if thats an achievement or worthwhile mentioning, so if anyone *is* familiar, and how something like that holds up compared to other linear generators (O(n)?), I'd be interested to hear about it.
I also am working on filtering out the intersection of the sets (QLC numbers), which I'm pretty sure I figured out how to incorporate into the prime generator itself.
I also think it may be possible to generator primes even faster, using the carmichael numbers or related set--or even derive a function that maps one set of upper-and-lower bounds around a semiprime, and map those same bounds to carmichael numbers that act as the upper and lower bound numbers on the factors of a semiprime.
Meanwhile I'm also looking into testing the prime generator on a larger set of numbers (to make sure it doesn't fail at large values of n) and so I'm looking for more computing power if anyone has it on hand, or is willing to test it at sufficiently large bit lengths (512, 1024, etc).
Lastly, the earlier work I posted (linked below), I realized could be applied with ECM to greatly reduce the smallest factor of a large number.
If ECM, being one of the best methods available, only handles 50-60 digit numbers, & your factors are 70+ digits, then being able to transform your semiprime product into another product tree thats non-semiprime, with factors that ARE in range of ECM, and which *does* contain either of the original factors, means products that *were not* formally factorable by ECM, *could* be now.
That wouldn't have been possible though withput enormous help from many others such as hitko who took the time to explain the solution was a form of modular exponentiation, Fast-Nop who contributed on other threads, Voxera who did as well, and support from Scor in particular, and many others.
Thank you all. And more to come.
Links mentioned (because DR wouldn't accept them as they were):
https://pastebin.com/MWechZj912 -
TIL indians live on the "satisfaction" plane hence saying yes to things they can't do to satisfy you, but also dissatisfy people as a form of attritional warfare, which is their specialty.
I was watching the trump v Kamala debate and was reminded of a bunch of tactics I've had used against me by an Indian lead dev, who I ignored the behaviour of and didn't think she was actually hostile to me until it was too late. but it made me feel so bad for him and I got an epiphany. it seems like the tactics are the same, so I got curious if there was an Indian art of war
Interestingly the AI said yes but directed me to the wrong book. I did find the right book eventually. it exists. the Chinese stole ideas from it to write their sun tzu art of war, but it's basically a Machiavellian manual before Machiavelli was alive. very cool
also turns out China is behind everything. I remember ages ago I got in a fight with a schizoid programmer friend of mine because he knew China was taking over everything and he wanted them to win, and I was rooting for team India because they were far less miserable than the Chinese. don't make a deal with the Chinese. guy was stupid. they treat people like irrelevant meat
China seems to be connected to everything that's going on right now.
- they're infiltrating Canadian politics, get international students to change Canadian election outcomes (200k/30m people who weren't citizens but got bussed to voting centers and just used proof of address to vote. they changed outcomes of 4 elected officials in one province, and local Chinese people are saying they get threats about their family back in China if they don't do what China tells them to -- but our elected government just keeps quiet on it and then goes to China for new orders during "climate conferences" and uselessly gives them a bunch of our fucking money)
- there was issues with the Chinese buying up real estate in Canada and just leaving them empty. it's probably still happening even though Canada eventually imposed a tax on leaving empty real estate around that you're not renting out. they're still buying up properties, and we have an increasing housing shortage as a result. one of my old apartments a white guy, who was suspicious and shifty, bought the unit and forced us to move out citing code violations (you can't kick someone out otherwise here because of very strong renter's protections). they never introduced who bought the place, but they did have 7 ALL CHINESE SPEAKING IN CHINESE people come in and measure everything at the apartment. so they're definitely still buying up real estate
- are behind the green agenda (our politicians seem to take orders from them under this guise)
- seem to strangely have had camps where they let migrants pass through the South Americas to get into united states, were very closed off and hostile to anyone snooping so it was up in the air what they were doing there. after people came to snoop the camps up and disappeared
- are who USA is competing with in the AI race, the whole AI narrative is literally a fight between the west and China
and there's a super smart systems guy who thinks they were behind the world economic forum and I'm increasingly starting to believe it
all electronics coming from China should be a concern. it isn't
there's tons of Chinese trying to enter open source software to install backdoors. they're nearly successful or successful often. same with that DDoS on DNS years ago
there's rumours they've been running Canada since the 80s, via infiltrating Canadian tech companies to steal their software and are the gatekeepers for a lot of underground stuff
I'm starting to believe even the COVID virus was on purpose. I didn't before. there was a number of labs that had that virus, a lab leak happened around Ukraine 6 months prior to the "Olympics outbreak" (seriously that was PERFECT timing for a lab leak if you wanted to do a bioweapon on purpose -- you would hit every country at once!), but there was also a lab in Canada that had it and some reporters were upset about it because the lab didn't seem to care about our national security and was letting suspicious Chinese nationals work at it, and for some reason there's been discovered a BUNCH of illegal makeshift Chinese labs in California with super vile stuff in them
and what the fuck was that Chinese spy balloon fiasco anyway. you can't shoot it down? I think that was a test to see how fast and readily the west would defend itself. or maybe they wanted to see the response procedures
and then on top of it many people think the opioid epidemic is all china. china makes the drugs. it would also fit perfectly, because in the 1800s or whatever the British empire had entirely decimated china for decades by getting them addicted to the opioid trade. eventually the British empire merged with USA and now USA is basically the head of the new British empire
I think we're at war with China and literally don't fucking know it13
Top Tags
Weekly Rant
View