|
root of all eval posted:I do mean this but I've seen it mostly in ORMs and it feels like an expressly ORM solution where the discriminator is leaky app values. Super useful but I'm just joking around anyway oh yeah i wouldn't argue with that at all
|
#
?
Nov 14, 2025 03:23
|
|
|
|
| # ? Dec 12, 2025 16:36 |
|
|
was checking journalctl while debugging my API and i shouldnt be concerned that random IPs keep trying (and failing, obviously) to log in to my server right. like that's just basically the internet equivalent of walking around jiggling door handles
|
|
#
?
Nov 14, 2025 03:41
|
|
|
hbag posted:was checking journalctl while debugging my API and i shouldnt be concerned that random IPs keep trying (and failing, obviously) to log in to my server right. like that's just basically the internet equivalent of walking around jiggling door handles why do you have a server on the internet thats the last thing you want to have
|
|
#
?
Nov 14, 2025 03:52
|
|
|
hbag posted:was checking journalctl while debugging my API and i shouldnt be concerned that random IPs keep trying (and failing, obviously) to log in to my server right. like that's just basically the internet equivalent of walking around jiggling door handles yeah theres a ton of traffic constantly looking for insecure stuff. You shouldnt be surprised but you should also be taking appropriate measures.
|
|
#
?
Nov 14, 2025 03:55
|
|
|
Carthag Tuek posted:why do you have a server on the internet i have a website and i like to make lovely little web toys for myself
|
|
#
?
Nov 14, 2025 04:03
|
|
|
hbag posted:was checking journalctl while debugging my API and i shouldnt be concerned that random IPs keep trying (and failing, obviously) to log in to my server right. like that's just basically the internet equivalent of walking around jiggling door handles that's me, im doing that, and im stealing all ur bitcoins!!!!
|
|
#
?
Nov 14, 2025 04:20
|
|
|
i just changed my ssh port. doesn't deter an actual attacker obviously but it majorly cuts down on the random login attempts.
|
|
#
?
Nov 14, 2025 04:37
|
|
|
well i got everything working only to discover the site i was planning on using it on only lets you use iframes if its to one of their pre-approved sites. which makes sense but still gently caress that !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
|
#
?
Nov 14, 2025 04:49
|
|
|
Carthag Tuek posted:but also you should have a bunch of bigass integration tests where you just run a whole userflow through every endpoint and verify the returns exactly. theyre important to get the nooks and crannies, but are a total pain in the rear end to figure out when they fail i often think of programmers' hatred of integration tests as an extension of their hatred of business logic all this code would be so goddamn elegant if only it didn't have to actually do stuff that affects the world around it
|
|
#
?
Nov 14, 2025 04:59
|
|
|
Yeah an iframe on a different domain will completely jail its operations from the parent. Headers can block loading entirely on unknown domain parents. There are some messaging APIs that can be whitelisted and the iframe itself can assume a containers domain if you have control of both. Much like CORS it's a mega pain at times but makes perfect sense like you said
|
|
#
?
Nov 14, 2025 05:04
|
|
|
hmm well they seem to let you embed remote MP3 files and whatnot so if i can somehow get this set up to download and generate an MP3 file on-demand this could still work but then iirc getting embedded MP3s to autoplay is a pain in the rear end unlike youtube embeds they do allow youtube embeds but what i was making was a thing to provide said youtube embed based on your top lastfm track, so i was having to embed my site (which in turn embedded youtube) which it doesnt like
|
|
#
?
Nov 14, 2025 05:07
|
|
|
the AudioContext JS API can play mp3 files pretty well
|
|
#
?
Nov 14, 2025 05:55
|
|
|
aardvaard posted:i just changed my ssh port. doesn't deter an actual attacker obviously but it majorly cuts down on the random login attempts. i remember the idea of “port knocking” from one million years ago, did anyone ever implement that?
|
|
#
?
Nov 14, 2025 05:56
|
|
|
aardvaard posted:the AudioContext JS API can play mp3 files pretty well yeah they dont let you use js either or this whole thing would be incredibly easy
|
|
#
?
Nov 14, 2025 05:58
|
|
|
and i got used to a nonstandard ssh port a long time ago so i still use it even on the internal network
|
|
#
?
Nov 14, 2025 06:00
|
|
|
maybe i could try this???
|
|
#
?
Nov 14, 2025 06:08
|
|
|
you've gotta use yt-dlp now and keep it updated because youtube changes poo poo up on an almost monthly basis to break it, but it does work
|
|
#
?
Nov 14, 2025 06:09
|
|
|
aardvaard posted:you've gotta use yt-dlp now and keep it updated because youtube changes poo poo up on an almost monthly basis to break it, but it does work finding the docs for the python library for that is like pulling teeth. everything i can find just links to the CLI docs, which are Not The loving Same
|
|
#
?
Nov 14, 2025 06:21
|
|
|
well i sort of figured it out (i think) but now im trying to figure out how to get around the "sign in to prove youre not a bot" mess. if i was on my pc id just use --cookies-from-browser but this machine doesnt even HAVE a browser and if i just manually give it cookies theyre gonna expire in probably a day or two
|
|
#
?
Nov 14, 2025 06:39
|
|
|
seriously though where the gently caress are the docs for this python library google only shows me the CLI tool's docs which, from what little i can find on the python library, is not at all the same
|
|
#
?
Nov 14, 2025 06:52
|
|
|
i think the youtube cookies last quite a while as long as you do it in a private window and close the browser immediately after exporting them (i believe it rotates the cookies constantly while you use the site). would still have to replace them eventually.
|
|
#
?
Nov 14, 2025 06:53
|
|
|
the issue there is i like using youtube a lot so they would probably cycle from my regular use and then im boned. and either way i dont want to be going in constantly updating the cookie file. there seems to be a docker image specifically for getting around this but it seems a little shady and i dont exactly want to run random docker images on my poo poo
|
|
#
?
Nov 14, 2025 06:54
|
|
|
hbag posted:seriously though where the gently caress are the docs for this python library google only shows me the CLI tool's docs which, from what little i can find on the python library, is not at all the same the readme has some examples and links to the python code itself as documentation, which is not very helpful: https://github.com/yt-dlp/yt-dlp/blob/master/yt_dlp/YoutubeDL.py#L183
|
|
#
?
Nov 14, 2025 06:54
|
|
|
aardvaard posted:the readme has some examples and links to the python code itself as documentation, which is not very helpful: https://github.com/yt-dlp/yt-dlp/blob/master/yt_dlp/YoutubeDL.py#L183 best ive found is this dev.to post which doesnt help with providing cookies or anything like that either
|
|
#
?
Nov 14, 2025 06:55
|
|
|
https://github.com/yt-dlp/yt-dlp-wiki/tree/master
|
|
#
?
Nov 14, 2025 06:56
|
|
|
yeah guess what these are docs for the CLI tool not the python library poo poo ones at that
|
|
#
?
Nov 14, 2025 06:57
|
|
|
...and manually passing a cookie file gives me a "request entity too large" error eurrrggggghhhhh
|
|
#
?
Nov 14, 2025 07:16
|
|
|
it seems like i'd want to be passing it visitor data instead of cookies anyway but there's exactly gently caress all documentation on how to do that with the python library (again, not the cli tool)
|
|
#
?
Nov 14, 2025 07:28
|
|
|
hbag try running this cmd in whatever dir you cloned the repo to: python3 -m pydoc -p 1234 yt_dlp then visit: http://localhost:1234/yt_dlp.html
|
|
#
?
Nov 14, 2025 09:44
|
|
|
ffffffriday morning motherfuckers! one of our ad groups from the user view ("what am I a member of") reports one name of "fart_admin", from the group view ("get me the members of the group with name") has a different name with a space in it i.e. "fart_ admin" and says the group without the space in the name doesn't exist how the gently caress is this even possible e: pretty sure this has something to do with azure AD Vs EntraID and internal vs. external ad because our old AD group lookup says that the group names are the same
|
|
#
?
Nov 14, 2025 11:18
|
|
|
hbag posted:was checking journalctl while debugging my API and i shouldnt be concerned that random IPs keep trying (and failing, obviously) to log in to my server right. like that's just basically the internet equivalent of walking around jiggling door handles Anything exposed on the internet will get that kind of poo poo constantly. I set up a honeypot server one time and just caught endless stuff within minutes. e.g. https://github.com/jaksi/sshesame and you can watch what they try to do when logged in. fail2ban is a favorite of mine to manage some of that
|
|
#
?
Nov 14, 2025 12:07
|
|
|
Port 22 gets spammed to gently caress, yes. Make sure your ssh server doesn't even offer any interactive authentication and the load should be minimal. Moving the port and setting up fail2ban should be understood as a measure to reduce log spam, not as a security measure in itself. Another thing that's super useful is not listening on ipv4 at all.
|
|
#
?
Nov 14, 2025 12:13
|
|
|
Carthag Tuek posted:i think a combination of both in moderation is the best way because thats what we do my rules of thumb are: - tests should be simpler than the thing they're testing (which precludes most unit tests) - only write tests against designs you're otherwise confident in (which precludes most test-first patterns for greenfield stuff)
|
|
#
?
Nov 14, 2025 13:45
|
|
|
all teams in the company were using the same twilio short code. the team that actually "owns" it made a change and now our replies don't work as they're now being forwarded to a new callback url i know nothing about twilio so im trying to read the docs, is everything just surface level anymore? why is it so hard to find actual code documentation, i just want to know if it's possible for us to override the callback url on a msg basis because i am being told it will take 8-12 weeks to get a new short code and can't get that process started because product has made themselves invisible  i know nothing about twilio. why am i the default for EVERYTHING? this is only 1 of the ~3 fires i got dragged into this week. need weekend e: webhook, am i thinking of webhook?
|
|
#
?
Nov 14, 2025 14:11
|
|
|
ok cool i just got a DM from someone telling me i should ask chatgpt "the return null thing" because i said "you can't just return null in an express endpoint it will not do anything and the client request will hang" and pasted me chatgpt's response when he asked "can you return null in a nodejs javascript code" and chatgpt said you can
|
|
#
?
Nov 14, 2025 14:32
|
|
|
the fact that you even want detailed docs means your coworkers think you're a wizard. this is just how it is now
|
|
#
?
Nov 14, 2025 14:50
|
|
|
Gummiworms posted:ok cool i just got a DM from someone telling me i should ask chatgpt "the return null thing" because i said "you can't just return null in an express endpoint it will not do anything and the client request will hang" and pasted me chatgpt's response when he asked "can you return null in a nodejs javascript code" and chatgpt said you can
|
|
#
?
Nov 14, 2025 14:52
|
|
|
Not sure which is worse: "Well I asked ChatGPT and it said..." or "Oh Claude generated that"
|
|
#
?
Nov 14, 2025 15:04
|
|
|
Gummiworms posted:all teams in the company were using the same twilio short code. the team that actually "owns" it made a change and now our replies don't work as they're now being forwarded to a new callback url try reading MS docs where they just insert steps that involve completely separate components/config items that you've never heard of and probably can't access "grant your identity access to the azure data blob *screenshot of completely different application*" uhhhhh that access isn't required for any of the other steps how am I supposed to do that? Do I need some other level of admin above the fabric workspace level "For more information on what you're trying to achieve, trying blowing it out your rear end"
|
|
#
?
Nov 14, 2025 15:11
|
|
|
|
| # ? Dec 12, 2025 16:36 |
|
|
Powerful Two-Hander posted:ffffffriday morning motherfuckers! lmao it's not just me, this has been happening completely at random where like 50% of groups/accounts are getting extra spaces inserted in the names and we're only finding out when something unexpectedly breaks and we go squint at the name and realise no idea why AD is reporting different names for groups you're in Vs groups that exist, I'm thinking now it's maybe that we have Unix AD/LDAP and windows AD because I think my old job had a problem where we had both and you had to gently caress around duplicating accounts into both environments and make sure the name was exactly the same otherwise you could connect to some things but not everything
|
|
#
?
Nov 14, 2025 15:32
|
|