Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
!Story
The day I became the 400 pound Chinese hacker 4chan.
I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.
They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...
And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.
So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.
I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.
After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.
I then minify the whole thing and stash it in the minified jquery file.
So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.
Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.
So we GIVE the penetration team login credentials... they log in and start trying to crack it.
I sit and wait. Grinning as fuck.
Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.
We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.
"We think you may have been compromised by a Chinese hacker!"
I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.
My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.
If only it was more common to use video in these calls because I WISH I could have seen their faces.
Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.
Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.
9 -
Apple you drove of delusional suckers! When will your retarded fashion devices finally support WEBP?!
A gallery page with images, and thanks to WEBP, it's 408 kB. Because Google made WEBP and handed out a well documented CLI FOSS compression tool that even can convert the source PNGs to lossy WEBP with bloody transparency. Well done, Google!
Except that Apple's shitty management can't take it that Google actually made something nice, so no WEBP. Instead, JPEG-2000 that enjoys nearly no fucking tool support. The free tools that even can deal with that mostly don't support transparency, and the encoder sucks donkeys so that JPEG still fucks JPEG-2000 big time.
So it's JPEG with matching background for iOS. Fine, but since JPEG's blocky artifacts are much more visible, the compression can't be that high, and it's 769 kB. That's 88% more image data for Shittari than for non-retarded browsers and even Edge! EDGE!!
Oh and if the user changes light/dark system mode according to surrounding light conditions, guess what happens? Yep, since JPEG doesn't support transparency, now it's different JPEGs with dark background via the media query in the "picture" element, and it's another 754 kB download. Bloody 1523 kB instead of 408 kB, that's a factor of 3.7!
Fuck your ass Crapple, with an electric eel!19 -
Algorithms real life implementation
On the way to your college canteen? -> A* search
Waiting in line in the canteen? -> Queue
Notice that girl standing in front? -> Linear search
Searching for her dad in the phone book? -> Binary search
Stupid! Google it! -> Trie
Search for her on Facebook! -> Depth-first search
Found her! Friend request? Accepted! Send a Hi! -> Graph
Writing her a secret love letter? -> Caesar cipher
Uploading your first date pic on fb? -> Image compression algorithms
Looking through her Whatsapp messages? -> KMP algorithm
She found out and had your first fight? -> Start over with some gifts! Backtracking
Got her list of items to buy? -> Array
Too many items! Low on cash, maybe? -> Priority queue
Making her play treasure hunt for her gifts? -> Linked list
Wait! Go back! Is that a ring? -> Stack
Girl’s family not agreeing to your proposal? -> Divide and conquer
Got married? Congrats! Going for your honeymoon? -> Travelling salesman problem
Your mom packing luggage for you? -> 0/1 Knapsack problem
She packed your favorite pickles? -> Hash table
Driving to the airport? -> Breadth-first search1 -
Since I love playing music on my piano, and because I love programming, I created this:
A program which uses YIN (some kind of FFT algorithm) to create this audio spectrum. It can read from any audio source, be it microphone or the computers audio output. There are 3 lines in the graph at the bottom:
Both magenta lines, both are movable, allow you to just select a part of the audio spectrum to show, which is very useful if you just want to get the chords out of a song, or just the notes.
The cyan line can also be moved, it tells the program the lower limit to calculate the actual notes/chords from the frequency bars (which are calculated by the FFT algorithm).
In the top right of the spectrum is, in magenta color, one single note. It shows the currently loudest frequency as a note.
In the top right corner is a simple image of a one-octave piano. Every note over the cyan line will be shown on this piano. This is very useful for chords.
Since compression will fuck this image up, here is a link: https://i.gyazo.com/fbbee76faecbac3...
What do you think about it? I fucking love it.
2 -
In my last year of high school (for those familiar with the Indian education system, that's Class 12), for my final project I made an image compressor/decompressor in Turbo C++ that used a discrete Fourier transform (DCT, actually) to work on 8x8 px blocks of images. I based it off some stuff I found about how JPEG compression works. It worked even better than I'd hoped even though it was slow as molasses (I programmed a naive Fourier transform instead of using a FFT variant). I remember jumping with joy all around my room at 3 o'clock in the morning like an excited gas molecule in a box. Fun times.
-
Had some fun with textgenrnn (Tensorflow text generating thingy on Github). So I created a tiny dataset with some example c# code and let it train for a while.
Sorry people, but I ruined our jobs. We don't need to write code anymore.
Update: image was unreadable due to compression. Let me find an alternative.
7 -
Why does the image compression on here suck so bad? It's especially bad if you try to post text. Just go and buy pied piper and your problems are solved.4
-
Any WordPress developers here? Which free plugin is best for image compression/optimization?
Need Quick Suggestions!!2 -
Oh yeah, I wanna rant... What is this awful image compression on DevRant?! A lot of time, images posted by ranters are illegible if they contains text. If we are lucky enough, the ranter will then post an Imgur, else... It would be really great to get an image quality equal to DevRant quality... Please!2
-
9 Ways to Improve Your Website in 2020
Online customers are very picky these days. Plenty of quality sites and services tend to spoil them. Without leaving their homes, they can carefully probe your company and only then decide whether to deal with you or not. The first thing customers will look at is your website, so everything should be ideal there.
Not everyone succeeds in doing things perfectly well from the first try. For websites, this fact is particularly true. Besides, it is never too late to improve something and make it even better.
In this article, you will find the best recommendations on how to get a great website and win the hearts of online visitors.
Take care of security
It is unacceptable if customers who are looking for information or a product on your site find themselves infected with malware. Take measures to protect your site and visitors from new viruses, data breaches, and spam.
Take care of the SSL certificate. It should be monitored and updated if necessary.
Be sure to install all security updates for your CMS. A lot of sites get hacked through vulnerable plugins. Try to reduce their number and update regularly too.
Ride it quick
Webpage loading speed is what the visitor will notice right from the start. The war for milliseconds just begins. Speeding up a site is not so difficult. The first thing you can do is apply the old proven image compression. If that is not enough, work on caching or simplify your JavaScript and CSS code. Using CDN is another good advice.
Choose a quality hosting provider
In many respects, both the security and the speed of the website depend on your hosting provider. Do not get lost selecting the hosting provider. Other users share their experience with different providers on numerous discussion boards.
Content is king
Content is everything for the site. Content is blood, heart, brain, and soul of the website and it should be useful, interesting and concise. Selling texts are good, but do not chase only the number of clicks. An interesting article or useful instruction will increase customer loyalty, even if such content does not call to action.
Communication
Broadcasting should not be one-way. Make a convenient feedback form where your visitors do not have to fill out a million fields before sending a message. Do not forget about the phone, and what is even better, add online chat with a chatbot and\or live support reps.
Refrain from unpleasant surprises
Please mind, self-starting videos, especially with sound may irritate a lot of visitors and increase the bounce rate. The same is true about popups and sliders.
Next, do not be afraid of white space. Often site owners are literally obsessed with the desire to fill all the free space on the page with menus, banners and other stuff. Experiments with colors and fonts are rarely justified. Successful designs are usually brilliantly simple: white background + black text.
Mobile first
With such a dynamic pace of life, it is important to always keep up with trends, and the future belongs to mobile devices. We have already passed that line and mobile devices generate more traffic than desktop computers. This tendency will only increase, so adapt the layout and mind the mobile first and progressive advancement concepts.
Site navigation
Your visitors should be your priority. Use human-oriented terms and concepts to build navigation instead of search engine oriented phrases.
Do not let your visitors get stuck on your site. Always provide access to other pages, but be sure to mention which particular page will be opened so that the visitor understands exactly where and why he goes.
Technical audit
The site can be compared to a house - you always need to monitor the performance of all systems, and there is always a need to fix or improve something. Therefore, a technical audit of any project should be carried out regularly. It is always better if you are the first to notice the problem, and not your visitors or search engines.
As part of the audit, an analysis is carried out on such items as:
● Checking robots.txt / sitemap.xml files
● Checking duplicates and technical pages
● Checking the use of canonical URLs
● Monitoring 404 error page and redirects
There are many tools that help you monitor your website performance and run regular audits.
Conclusion
I hope these tips will help your site become even better. If you have questions or want to share useful lifehacks, feel free to comment below.
Resources:
https://networkworld.com/article/...
https://webopedia.com/TERM/C/...
https://searchenginewatch.com/2019/...
https://macsecurity.net/view/...
Top Tags
Weekly Rant
View