AboutJack of all trades, king of no-one.
SkillsSomething in between of full-stack programmer and coding hobbyist. I like CTFs.
Joined devRant on 8/4/2017
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
> Client: Could you check for me where did they[code authors] put logic for this and that
> okey, api endpoint here, hmm
> oh sure here is the database access
> where tf is some logic....
> fml, am I blind, lets check frontend
> it's there
> it's on frontend
> and backend just puts it into database, no checks
> FU0!@#% )(#*%)H )F+#+!!@!
> *to client* We need to talk about future of this project.
There is a big chance some of you are gamers and so on.. but this, this sh!t should be shared.
Blizzard pulls Blitzchung from Hearthstone tournament over support for Hong Kong protests
Looks like I am beginning my freelance journey.
Usefull Issue Tracker / Project Management tool?
If it's foss and written in python that would be great, I would probably try to extend it with extensions later on.3
Everytime I am developing an API (from scratch, not when extending an old one) I try to return 418 HTTP error code in places that aren't yet developed or mainly when something that shouldn't have happened did actually happened. (example: failed non-essential assert, yes python)
So it's always lighter on lungs seeing people running around with wtf.png faces when their browser says "I AM A TEAPOT".2
When developing arm boards doing USB/HID stuff..
MAKE SURE YOUR USB CABLE IS NOT JUST FOR CHARGING
40+ hours of searching, debugging... and .. it was just.. cable.2
~ Stop procrastinating; the linux guide ~
# 127.0.0.1 devrant.com8
Nix vs. Win
Dual boot vs. virtualization (VirtBox vs Xen)
(TLDR at the end)
- gaming laptop ("when you student but gamer")
- "Nix nono like gaming laptops"
- currently dual boot Win10/Debian
- Debian almost breaking apart
- only xfce because nVidia
- Atheros drivers sometimes freeze whole sys
- MiXeD SoUrCeS
- **Stretch Buster Kali enters the chat**
As you can see after 2 years I have come to the point of redoing everything, wanted to ask any tips on how to setup win and any nix enviroment, win just to play some games and sometimes to reverse win specific CTFs.
Main plan was to have my lovely debian as the only system and run win10 in virtualbox - problem: windows don't like virtuals(?) and it's probably going to be unusable for games.
Also running Kali as separate virtual (why the hell I didn't do that in first place ?)
Xen is the other interesting way but I am not experienced with hypervisors.
TLDR: Would running Win10 as virtual in or alongside(hypervisor) Debian be better/same as having them separated - dual booting?12
Just dropping some current experience here.
Content security policies are big mess in both chrome and firefox.
Chrome has some 4 years old "bug" where you can't add hash of JS file to 'style-src' policy to permit inline-styles THAT would be set by this script (jQuery actually).
Firefox is beautifully unhelpful, it just pops of error "blocked ..something..", not even saying what it was.
And I am missing a pair of some steel balls to ask about this on SO because there is this much of very similar questions, nonetheless -if I did read them right- every one of them is talking about enabling style attribute, and that's something different.
EDIT2: Chrome currently generates 138 errors "jquery-3.4.0.min.js:2 Refused to apply inline style..." , this ain't hitting production.10
How do you approach generating "random" unique numbers/strings ? Exactly, when you have to be sure the generated stuff is unique overtime? Eg. as few collisions in future as possible.
Now I don't mean UUIDs but when there is a functionality that needs some length defined, symbol specific and definitely unique data, every time it does it's stuff.
TLDR STORY: Generating 8 digits long numbers so they are (deterministically - wink wink) unique is hard but Format Preserving Encryption saves the day. (for me)
I had to deal with both strings and codes today.
One was to generate shortlink word for url, luckily found a library that does exactly this. (Hashids)
BUT generating 8 digits long, somewhat random number was harder then I thought, found out on SO something like "sha256(seed) => bytes => ascii/numbers mangling" but that had a lot of collisions because of how the hash got mangled to actually output numbers and also to fit the length.
After some hours I stumbled upon Format Preserving encryption (pyffx) and man it did what I wanted and it had max 2 collisions in 100k values. Still the solution with this feels hacky af. (encrypting straddled unix timestamp with lots of decimals)6
If someone tries using "multipart/form-data" as only content type for their PUBLIC API ENDPOINTS again I am going to find them and choke them to death.
And if your documentation says you are using something else (application/x-www-form-urlencoded) I am doing it twice.
JSON apis should be standard.
EDIT: I had to fire up BurpSuite proxy, after almost an hour I accidentally switched the body type - voilà1
Fuck this I need to ventilate.
Thinking about job change because maintaining and extending 3 years old codebase (flask project) is FUCKIN exhausting. It was badly written since start by someone who obviously didn't know much about python. (Going by commit history.)
- if var != None / if var == None
- if var is not None / if var is None (well..)
- Returning self-parsed obscure JSONs from dict variable
- Serializing dictionaries into database by str() (both sqlalchemy and mysql support JSON format) - THEY ARE ALMOST UNUSABLE OTHER WAY AROUND (luckily, python can deal even with that)
- celery tasks, the way they are called they BLOCK the whole flask (not bad in itself, but if connection breaks there are no errors, nothing it just hangs)
- obscure generator/yielding that contains return of flask's response in itself
- creating fifteen thousands of variables one by one where they would look so nicely as dict keys, and hey they are then both MANUALLY SERIALIZED into returning dict by "%s" (string formatting) [okey, some of them are objecst like datetime but MATE WTF]
- many, many more, PEP lint shall not pass
I would rather deal with fresh startup owners wanting me to program unicorns in one week then trying to extend and manage zombie-like projects.
Nothing personal against the firm I actually like the place.3
Someone got quality tutorial/blog about Sqlalchemy ?
Even tho I am dealing with py+flask+sqlalchemy last 3 years I am still able to get super confused about contexts/syntaxes.
(Model.query vs session.query(Model), etc.)
so I was given this old flask project, around 3k lines written in py2, the code is simply old and not refactored. So, it's pile of shit. Migrations completely botched as the original author created reference to live data in models.
Very strict line formatting resulting in backslashed ternary conditions.
Even saw manually formatted json responses... _line by line_.
My job is to clean this mess and eventually do as much as possible to freshen the whole project.
Currently just refucktoring the code as it's the only easy thing to do out of everything that could be done (it's still slow process).
Any tricks and tips? currently considering to try upgrading it to py3 but it feels like throwing gunpowder into already burning house.3
TIL meth is abbreviation for method and not anything else.
Thought it's very fancy name of some python built-in. Meh.1
Oxygen Not Included
Another game worth mentioning.
Already spent half the week on it, the learning curve is interesting, you will eventually fail many times but with every fail the next colony is going to achieve more and more.
It's kind of missing some nuclear reactor. (Hello Factorio :)3
Friend asked me this:
"So if PHP is that bad, why there are still so many job offers for PHP devs?"12
Is there any way to disable sites binding the mousewheel (scrolling) event ? Like for example rebinding it to scroll down at the end of window load ? (tamper/greasemonkey)
I am getting furious with all these sites where they will block the whole site to make you agree cookies & gdpr shit.
Removing the foreground/blocking element is sometimes enough but often the remaining site can't be scrolled.
EDIT: Found out you can add links of script that does this to AdBlock:) For example movieinsider has it's "gdpr, cookies & shit" script at the top of head element. Add it and voilá.6
Ffs people get the fuck out off that Gitlab. I've been there sooner than you, now can't event load login form.3
So one of my first rants was about me unable to setup Debian with (lightdm) Cinnamon to be working with optimus laptop and to make the damn hdmi port work, where the port is attached to the nvidia gpu (vga passthrough?)
I have to try it with another distro because the dual-booted Windows greatly feeds my procrastination. (Like ... Factorio, Stellaris, Rimworld and etc. type of procrastination, it's getting somewhat severe. )
So what would you people of devrant recommend me to try? I am thinking a lot about Arch but I am afraid there will be a lot more problems with the lenovo drivers for various things.
The next one is classical Ubuntu, at the end this distro looks like it's at least trying to work amongst other distro's.
Also thought about Fedora because yum and RedHat. ( ..lol )