AboutGreentext master, POTUS but you don't know yet
SkillsWhatever the fuck is needed. Master one, master all.
Joined devRant on 11/23/2016
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Google Pay is about to support PayPal as virtual card (at least in Germany)
That's quite the finger to the local banks here
I like it12
To whomever just deleted his rant asking for help about showing/hiding radio buttons:
Roses are red
When I was little I wanted to play my train game, but my sister already occupied the pc by watching some Disney movie2
Pick his nose and well
You know what happened next..
Hey! You said what another dev did, not mandatory dev related! Exploited the question5
I'm looking for some beta testers. Preferably if you use a MQTT broker with some IoT connected shit.
Bonus points for IFTTT.
Leave something in the comments if you're interested and I'll get in touch if the time has come4
So I have seen this quite a few times now and posted the text below already, but I'd like to shed some light on this:
If you hit up your dev tools and check the network tab, you might see some repeated API calls. Those calls include a GET parameter named "token". The request looks something like this: "https://domain.tld/api/somecall/..."
You can think of this token as a temporary password, or a key that holds information about your user and other information in the backend. If one would steal a token that belongs to another user, you would have control over his account. Now many complained that this key is visible in the URL and not "encrypted". I'll try to explain why this is, well "wrong" or doesn't impose a bigger security risk than normal:
There is no such thing as an "unencrypted query", well besides really transmitting encrypted data. This fields are being protected by the transport layer (HTTPS) or not (HTTP) and while it might not be common to transmit these fields in a GET query parameter, it's standard to send those tokens as cookies, which are as exposed as query parameters. Hit up some random site. The chance that you'll see a PHP session id being transmitted as a cookie is high. Cookies are as exposed as any HTTP GET or POST Form data and can be viewed as easily. Look for a "details" or "http header" section in your dev tools.
Stolen tokens can be used to "log in" into the website, although it might be made harder by only allowing one IP per token or similar. However the use of such a that token is absolut standard and nothing special devRant does. Every site that offers you a "keep me logged in" or "remember me" option uses something like this, one way or the other. Because a token could have been stolen you sometimes need to additionally enter your current password when doings something security risky, like changing your password. In that case your password is being used as a second factor. The idea is, that an attacker could have stolen your token, but still doesn't know your password. It's not enough to grab a token, you need that second (or maybe thrid) factor. As an example - that's how githubs "sudo" mode works. You have got your token, that grants you more permissions than a non-logged in user has, but to do the critical stuff you need an additional token that's only valid for that session, because asking for your password before every action would be inconvenient when setting up a repo
I hope this helps understanding a bit more of this topic :)
Keep safe and keep asking questions if you fell that your data is in danger
You copy and ____
You throw it in the ____
MwF4yCq2 is what you need
Combine them and you shall succeed
Ranting about devRant on devRant:
devRant just got rid of my 3k story after I tried setting up the tags..
Yeah, not going to write that again today
---- BEGIN RANT ----
---- END RANT ----
I have to fix this fucking fucked up thing again. Fuck.
The dude who wanted to use it does not have the skills to fix it. Fuck off. This bullshit is going to get migrated asap16
THEY PULLED IT OFF! THEY FUCKING DID IT. FUCK YES!
TO THE MOON
TO THE MARRS
Falcon Heavy launch coming up!
I can't wait. That's something people should watch, fuck the superbowl!
I would say it's 60% as significant as the moon landing was, if not more; a field of technology we should really focus on, but governments rather spend money on stupid war
Make sure to tune in tomorrow, 18:30 / 06:30pm UTC, on SpaceX's YouTube channel
It's going to be spectacular, success or failure8
Want to play some Tic Tac Toe? Letting my bot go for a good first round of public testing
Probably will break right away.. Who knows :D
For starters limiting to one simultaneous game. Have fun!67
Uhmmm. Why is the merch hoodie left handed? I always look like a moron at the zipper for a good 2 seconds not knowing what to do before I realize that the zipper is left handed :D18
Merch package signed by dfox himself :D
Maybe I should keep that part, should we ever blow up like Facebook hehehe29
I proposed an introduction for a non-image feed, to separate the meme section and give quality rants a bigger chance of being seen.
Head over to https://github.com/devRant/devRant/... and give the issue a thumbs up (and possibly some additions) if you agree and would like to see something into that direction
Wan't your own personal devBanner?
Now you can have one!
We're building a powerful banner generator over here: https://devrant.com/collabs/...
The first version is up and running, still basic tho.
You can generate your own by calling this URL:
You'll have to replace "Kimmax" with your devrant name and the value after subtext with the extra text.
A cool domain is already on it's way!
We'll be working on a frontend and a ton of extra features to make this banner even more awesome.
If you got any nice ideas add them to the issue tracker here: https://github.com/cozyplanes/...
Tomorrow Halloween is being celebrated in many nations as you might know. So we do in germany. Given that in Germany tomorrow is a national Holiday, the company skipped work today, with me being on call.
My On-Call time almost was over so I got ready to party (getting into my costume), not expecting any further calls.
I finished dressing up, still had some time, so I dug into coding a bit, as a costumer called. A customer from china. As I got told later on China does not celebrate Halloween in October and they do in another way.
So I set there, accepting the call, with my Camera set to autostart (Company policy).
As a monk.
With a bleach white face.
I was greeted by a man starring me "into the eyes". Took a good 1-3 secs til we bursted out in laugher. One of the funniest calls I had so far 😂 (and a short one, thanks China-Man)2
Hamburg and surrounding area!
Leave a comment!
Let's see if we can get a group of locals together17
I know you all do love the dark side. Let me help out with the web version for ya' too :)
Optimize for big screens:
Have fun :)6