Stack Overflow was the antithesis of “Just say something wrong on the internet so that someone will correct you with the real answer” because none of the negative threads actually answered the question lol.
- 0 Posts
- 114 Comments
Joined 2 years ago
Cake day: July 29th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
3·8 days agoidk let’s ask yaml
wth is the point of a guest network if you have 443 blocked lmao.
Even my VPN port is 443 so it gets past basic port filtering because HTTPS is usually the only one allowed compared to other protocols.
“Man if we had the original source code, it’d be so much easier than reverse engineering this binary in Ghidra”
The source code in question:
This one is funny because it 100% still exists somewhere, but I haven’t had the chance to verify it again.
Okay so basically its a data recorder box (ex: brainbox) that connects to a bunch of industrial sensors and sends the data over the network with your preferred method.
Builtin firmware gives you an HTTP webui to login and configure the device, with a user # and password.
I think the user itself had a builtin default admin which was #0, which everyone uses since there wasn’t really much use for other users.
Anyway, I was looking at the small JS code for the webui and noticed it had an MD5 hashing code that was very detailed with comments. It carefully laid out each operation, and explained each step to generate a hash, and then even why hashes should be used for passwords.
Here’s the kicker: It was all client side JS, so the login page would take your password, hash it, and then send the hash over plaintext HTTP POST to the server, where it would be authenticated.
Meaning you could just mitm the connection to grab the hash, and then login with the hash.
I sat there for like 10 minutes looking at the request over and over again. Like someone was smart enough to think “hey let’s use password hashing to keep this secure” and then proceeded to use it in the compleltly wrong way. And not even part of like a challenge/handshake where the server gives you a token to hash with. Just straight up MD5(password).
It was so funny because there were like a hundred of these on a network, so getting a valid hash was laughably easy.
I never got to check if this was fixed in a newer firmware version.
233·1 month agoOne one hand, a superior ROM choice
On the other hand, subpar crappy Google hardware
Me flipping on reverse thrust and parking brake before touching the ground in FSX because I’m like 100 kts above the landing speed
The funniest thing about proprietary nvidia drivers on linux is that they’re still easier to install than using the GeForce app lmao.
dnf install akmod-nvidia
No sign in to a fat game launcher ad ridden app to upgrade your GPU driver
Mainline linux on mobile is solving this problem as we speak: https://postmarketos.org/
I expect a full collapse of the Google Android behemoth about the same time we get Half Life 3.
Yeah it’s great because even without a make plugin, you can just add your make command to the vscode actions that’ll run your makefile.
Or even better, get the plugin which will auto populate targets from the makefile lol
–recurse-depth=3 --max-hits=256
474·7 months agoSo basically just knockoff reddit then?
In theory yes since they’re essentially sponsored by RedHat. (RedHat is owned by IBM)
Which is funny because the Snowden leaks actually showed the NSA likes using Fedora for their fancy spy tech lol.
I guess a good alternative would be OpenSUSE.
Big grants and research money connections are typically only accessible because your paper got published in a “reputable” journal, which of course you only have a chance of getting if you publish with a “reputable” system.
spoiler
Reputable my ass
Ubuntu, and the experience was crap lol.
Then I got to try Debian on a server and it was much nicer.
Then I saw Torvalds uses Fedora, and given that he also disliked Debian and Ubuntu for their lack of end user ease, I switched and have been happy ever since.
Seriously though, GNOME 40 really should not be the default DE. It made me think Linux UI was years behind Windows when it was actually the opposite with proven DEs like XFCE, KDE, and GNOME 3/2 etc.
Xfce 4.20
On my way to attempt an upgrade from Xfce + Compiz to Xfce + Wayfire lol
241·9 months agoProbably since it’s the main redhat upstream and they want the advantage of already widespread usage.
Although at that point why not OpenSUSE for the same reason you mentioned.
Security articles and blogs slapping “for fun and profit” onto the end of all of their titles
The superior mountain goat that’s actually a goat: