When I made a PoC xss thingy.

So this webapp (which I was locally hosting) had a message functionality that allowed iframes to be sent through, but they could only originate from a specific domain. They used a bad regex tho, as the workaround was on an OWASP wiki page, which was the third search result for 'XSS'. I then used this iframe to load in a different page on this app where I could inject js in the title field. Then I discovered this field has a length limit, but I could just fit in a script that would base64 decode the hash part of the URL and eval it. I then updated the iframe to include a script that would automatically change the message signature of anyone who loaded it to include the iframe again in their message signature. Because these two pages were from the same domain, I had gained full control of the messaging app too, allowing me to do this and circumvent the csrf system.

I felt like I had achieved something.

When Nautilus is copying file 271 of 211...

When you add a personal note to the NSA after your PGP encrypted email.

I have a confession to make, I use a light theme, and I like it.

There. I said it. You can all hate me now.

It helps me to focus tho, as I use a dark UI theme. It really brings out the code.

In university, would it be better to study civil engineering for my bachelor and then move to computer science for my master, or would it be better to start with computer science in the first place?

With a bachelor in civil engineering I can always go do something else if computer science doesn't turn out, but I fear that it also might be a lot harder (to study). I'd like to hear your advice on this issue.

$ cargo new project-name
$ atom project-name

Done.

Then I forget about it.

Hello world!

When the app development course is all about static websites 🤔