The value after the : isn’t in double/single quotes, so it is a literal value. Thus, a float value will be parsed as a float. Whether it is 1E-5 or 0.00001. They are numerically equivalent, but not stringly equivalent.
If you are having errors parsing your JSON, then use a proper JSON library instead of trying to roll your own.
But that’s a stringify method, tho.
JS passes a float to the console. Console prints the float however it wants to.
Just do strict comparison when you want to compare a variable to1e-5.
Cause a string of 0.00001 should be passed through parseFloat (or whatever your language equivalent is) before you compare it to a variable with the value f0.00001
Id recommend Proxmox on a cheap n100 nuc.
Makes it easy to spin up VMs, take snapshots of them, tinker and break them, then roll back to the snapshot
No.
Users that do not decrypt their storage lose their storage permanently.
Users that decrypt their storage get to continue to use it, but it isn’t not encrypted.
No encryption is broken.
Users are swapping convenience for privacy. (Or privacy for convenience? Whichever way that is).
Broken implies it is unusable or useless. As in “Apples encryption is unusable”.
This is not the case. It’s not broken. Users are given the option to remove the encryption to be able to continue to use the storage.
Essentially: https://xkcd.com/538/
So you have local DNS set up?
If you ping (or dig) speed.mydomain.local, does it resolve the same address as local_ip?
Considering you are accessing local_ip:3000 and the domain on port 443, there is clearly a firewall somewhere redirecting packets or a reverse proxy on the domain but not on local_ip:3000
Follow the port chain, forwarding, proxying etc. One of those will be bottlenecking. Then figure out why
Edit:
Just because your ISP speed is 100mbps and you are seeing 500mbps, doesn’t mean the connection isn’t hairpinning through your router via it’s public IP (as in, the traffic never leaves your router, but still goes through it)
Ah, piss. So it is.
I’m going to blame it on autocorrect, even though we both know I just got it wrong
[Object object]
When you solve the issue, take a pause and then walk back the problem and how to fix it.
If it’s a “forgot where something was”, take a pause then start with “sorry bout that, it’s this…”.
Own the mistake, learn from it, let others learn from it. But dont waste everyone’s time
Stephen King dark tower?
No. Not western, no guns, no science, not really horror.
WoT is the whole “forgotten/suppressed magic, ‘the one’, forces of long imprisoned evil” kinda fantasy, along with a rise to power, world politics, massive battles, adventure, and - I guess - romance.
Has a lot of the tropes, but carves a great story and adventure.
I genuinely recommend it. I’ve read it 3 times, and I enjoy the TV series.
It’s a 15 book epic fantasy, with the last 3 books written by Brandon Sanderson according to (deceased, 2007) Robert Jordans notes.
It’s good.
It has it’s faults, Robert Jordans writing has it’s faults.
But it is good, a great story, a great adventure, a great over-arching story. And 15 books long, makes it great read to sink into and enjoy.
Hmm, maybe I mean moral?
Like, there is a correct way to go about something regardless of context.
As opposed to doing something because of the context.
Any exploit should be notified to the software/platform maintainers with a proper disclosure timeline to ensure it gets fixed in a timely way.
That is the correct way.
Abusing the shit out of a poorly implemented nazi government is the moral thing to do, but would go against a white hat’s ethics. Collectively a good thing to do, but not the correct thing to do as a white hat.
Are gray hats more ethically and morally true?
This is getting to deep for me.
I guess what I mean is that they are blasting through flimsy guardrails.
Yeh, the difference between being high value (twitter) and an actual high value (government) target are entirely different. I bet many countries were salivating over the mere idea of these servers.
I guess they will pass some laws about “hacking being illegal”, arrest some poor self-hosters that did nothing wrong, declare a victory, and change absolutely nothing - other than ruining people’s lives.
I remember an article about a batch of compromised NICs from China that had backdoor firmware in them. You can harden your software system all you want, but when the literal hardware is backdoored, you are doomed.
I think it was Supermicro. So am American company and not a small Mfr.
I wonder if DOGE have reputable hardware, or if they cheapest out on servers.
Yeh, but they aren’t keeping control.
They have been elected. They have 4 years.
So far, it doesn’t seem that they have broken any laws or whatever, that would cause the system to reject their workings. They’ve rigged the courts, so the system is unlikely to reject their workings.
I’d say it’s more of a constitutional coup. They are using loop holes to seize more power.
I think it will be an attempted self-coup in 4 years.
Regardless, it isn’t worth arguing about.
It’s wrong. It’s a shit sandwich, the flavour of shit doesn’t matter.
Sorry for the wall of text.
You would hope that a public front end is entirely isolated from critical systems.
Hackers got in.
Either they saw there was nothing of value, and figured they would embarrass the owners.
They got in, saw shitloads of value, but decided the ethical thing was to embarrass as opposed to exfil/exploit/sell the access.
Or the hackers were explicitly aiming to embarrass the owners, and didn’t explore scope beyond that.
It’s likely “gay furry hackers” or similar, and it’s “grey hat” hacking.
The ethical route, ie “white hat”, is to contact the owners about the exploit with a fixed period disclosure. Ie, “fix this in 30-90 days, or we will publish our method”.
“Gray hat” are more like this. Where they find an exploit, it could go deeper, but they do some lulz instead. Basically make it obvious something has been hacked, but not actually exploit it further.
“Black hat” would find the exploit (even if it was limited access) then sell it while trying to leave no trace, so it can be exploited again. Or straight up exploit it themselves.
There is a possibility of foreign agents doing false-flag gray hat shit. Exfil sensitive data, cover their tracks, then “botch” some “hahaha you’ve been pwnd” stuff. Both getting sensitive data, and derailing the US government (because Musk has been authorised by Trump. It’s a huge undermining).
With the timeline, this seems like gray hat, or black hat further exploited by gray hat. Or false flag.
The obvious aim is to embarrass the owners.
This casts serious political shade on the DOGE servers that have been hooked into government networks without oversight. Any further data exfil is a bonus to certain foreign countries.
Best case scenario is that this is domestic gray hat, the muSSk team learn from it, and figure out how actual internet security works, and harden their systems accordingly.
I mean, the actual best case is that this DOGE coup gets stopped. But the president has authorised DOGE, so this is what America wants. So, not a coup.
Ideally, this hack has 0 actual scope of security vulnerability.
Other than the “yeh, but if they can get into your public web server (something expected to be hardened as fuck, and might as well be static file hosting. Seriously, why is there a database for this shit), how can we trust your servers on government networks”.
But chances are the exploits to get into this server will be similar to the exploits to get into the government connected DOGE systems. Unless the sysadmin & network admins (god bless them) have managed to maintain some control that muSSk doesn’t understand, and are able to mitigate the tsunami of access such a compromised server might unleash.
I feel like “look at twitter” is probably enough of a defence to decline president musk.
It would probably need to be wordier for court proceedings.
So strip out the typescript.
Or compile it, and use the result. Typescript doesn’t minify, so worst case is you have some odd looking code. But it will be functionally the same.
If you are really lazy, feed it into chatgpt and ask it to remove the typescript.
That is the Web UI frontend. It’s designed to run in the browser.
That is the literal reference implementation. That is what the Lemmy Devs coded as the web fronted to work with the Lemmy backend, as deployed on all (maybe, most) Lemmy instances.
It’s not any 3rd party reimplementation. It’s not example code.
It is the 1st party, guaranteed to be correct, Lemmy markdown processor.
You won’t find a better reference.
https://github.com/LemmyNet/lemmy-ui/blob/main/src/shared/markdown.ts
Literally from the Lemmy ui GitHub repo
My experience of checksums are in things like serial where they can potentially recover a corrupt bit.
I presume in the case of encryption, a checksum is more of a hash of the raw data? Like a one-way deterministic compute. Easy to get a hash of data, extremely difficult to get data from a hash.
In which case, it’s fine. Passwords are hashed (granted, multiple times), but a cryptographically secure hash is not to be underestimated.
I think it’s handguns and anything semi-automatic or automatic that are designed for violence.
Basically anything that makes it simple to shoot more than twice, or makes it easy/convenient to carry.
Bolt action or double barrel shotguns are for hunting or actual self defence.
They are tools.
Pump actions, handguns, semi-autos and automatics are for “I have made a very bad mistake”.
If your rifle is semi-automatic, have there ever been actual occasions where you have gone “thank god this is semi-automatic”?
It’s a server with integrated UPS and KVM console.