@dusnm@fosstodon.org
@dusnm@fosstodon.org avatar

dusnm

@dusnm@fosstodon.org

Hi there! I'm a software developer from Belgrade, Serbia, mainly dealing with distributed systems. An all-round nerd, minimalist and a tinkerer. I sometimes engage in political commentary. My opinions are my own. Besides computing, I'm interested in philosophy of religion, politics, psychology, biology and literature.

:php: :javascript: :typescript: :python: :golang: :c_language: :bash:

πŸ‡·πŸ‡Έ ⭐⭐⭐⭐⭐
πŸ‡¬πŸ‡§ ⭐⭐⭐⭐⭐
πŸ‡·πŸ‡Ί ⭐

Proud member of #CasioCult :f91w:
#nobot #nobots πŸš«πŸ€– He/Him

This profile is from a federated server and may be incomplete. Browse more on the original instance.

dusnm, to webdev
@dusnm@fosstodon.org avatar

One of the more interesting perks of running a website is that the access logs sometimes contain interesting things.

Imagine my surprise finding this in the access log:

GET /.vscode/sftp.json

One of the more creative attempts of gaining unauthorized access to SSH I've seen in a while.

joel, to gaming
@joel@fosstodon.org avatar

Not a bad day of work lol...

Part of me wants to automate this or just use skraper but, another part of me really enjoys the process as well

not as many snes game covers

dusnm,
@dusnm@fosstodon.org avatar

@joel Why are the two MediEvil games not on the list? Why did you choose to commit such a heinous crime?

  • MediEvil
  • MediEvil II

Go, download both of them.

dusnm, to bluesky
@dusnm@fosstodon.org avatar

This is what considers a perfectly acceptable implementation of a two-factor authentication system.

Just send an email with the 2FA code. This is insanely irresponsible and I'm sure they know it.

Since most people unfortunately reuse passwords, any sane person must reasonably assume the email is likely to be compromised as well...

I have no clue why they don't use . Unless the attacker has access to the device with the shared secret, it's borderline impossible to defeat.

dusnm,
@dusnm@fosstodon.org avatar

@mackuba TOTP can be considered a "quick fix" as it's trivial to implement.

DuncanMSussex, to Eurovision
@DuncanMSussex@mas.to avatar

A few hours before the show but sending out an early toot to start my Eurovision thread!

Picked up a lot via osmosis, especially the various dramas this year, but avoided the actual songs so hopefully going in blind-ish.

#eurovision

dusnm,
@dusnm@fosstodon.org avatar

@DuncanMSussex I love the song. You really have to speak the language to understand it fully. It’s both deeply personal and an omage to Serbian history. I don’t really know if it’s a good fit for Eurovision, but I wouldn’t have anyone other than Teya Dora representing our country.

drewdevault, to random
@drewdevault@fosstodon.org avatar

There are not actually many good games for the NDS, it seems

dusnm,
@dusnm@fosstodon.org avatar

@drewdevault

While there's an absolute metric tonne of shovelware, the DS is home to some of my favorite games of all time:

  • New Super Mario Bros
  • Phoenix Wright: Ace Attorney (and all the sequels and spinoffs)
  • Professor Layton and the Curios Village
  • Elite Beat Agents
  • Mario & Lugi: Bowser's Inside Story

And a DSi exclusive:
Shantae: Risky's Revenge

dusnm, to golang
@dusnm@fosstodon.org avatar

Writing a spec compliant implementation of a server that receives webmentions in .

Making sure I cover all edge cases is so time consuming...

ayo, to random
@ayo@ayco.io avatar

Is this a bad idea

dusnm,
@dusnm@fosstodon.org avatar

@ayo Really depends on the implementation.

dusnm, to random
@dusnm@fosstodon.org avatar

Everything is political. This much should be self-evident.

What much of the public thinks of as apolitical is, in fact, synonymous with uncontroversial. It's therefore both a reflection and a reinforcement of the status quo.

Being apolitical is both a political statement and an expression of a privilege granted to those that fall under the umbrella of a societal default.

andypiper, to random
@andypiper@macaw.social avatar

It is unbelievable to me that home routers do not have mobile-friendly web UIs in 2024.

dusnm,
@dusnm@fosstodon.org avatar

@andypiper I can't imagine ever wanting to use my phone if my computer is right over there in the corner. I imagine it's useful in remote administration scenarios, but damn, if you're gonna do that you already know your way around networking.

sushee, to random
@sushee@fosstodon.org avatar

as a firm believer that every senior engineer can be onboarded within two weeks and can start working right away I'm creating lists upon lists and example commands how things work so that my new collegue can start right away to actually DO stuff. also 4 nice, juicy upgrades on-hold until he arrives :) now preparing the bug buffet to choose from to get into the ugly stuff :blobcatgiggle:

dusnm,
@dusnm@fosstodon.org avatar

@sushee Can you actually understand the business and the system enough in just two weeks?

onepict, to random
@onepict@chaos.social avatar

"I'm more concerned with the prevailing attitude in tech that it can do what it likes with our data and it doesn't feel it has to ask us. If anything the default is that you have to opt out of their processing of your data. Which is predatory behaviour as people need to know that they can opt out and the procedure for it needs to be simple, clear and concise. "

https://onepict.com/20240315-barn.html

dusnm,
@dusnm@fosstodon.org avatar

@onepict It's the classic mentality of "It's better to ask for forgiveness than for permission", which is wild, because no other form of human interaction is based upon it, other than relatively benign things.

For some reason it's more prevalent in tech than in other fields. We work with machines so much that it can sometimes be hard to remember that we're indeed humans and that we should be building software for humans as well.

dusnm,
@dusnm@fosstodon.org avatar

@otfrom @onepict I didn't know it was Grace Hopper who first said it. Figures tech bros would twist her words.

ayo, (edited ) to webdev
@ayo@ayco.io avatar

πŸŽ‰ Project /threads now live!

πŸ”— https://ayco.io/threads -- a way to select social posts and (in the future) offer fine-grained topical subscriptions.

Depending on your requirements & resources, you can also have your own threads deployed on your site, either of the two options

  • personal.site/threads
  • threads.personal.site

This is the first of some tiny self-hostable apps I plan to work on, that can be composed together.

dusnm,
@dusnm@fosstodon.org avatar

@ayo Nice job. Damn, such a simple python app. Flask's templating honestly feels like cheating, considering how much more work you need to do in something like Go to support the same thing. 😒

drewdevault, to random
@drewdevault@fosstodon.org avatar

I needed a break from Real Work, so I'm speedrunning writing a Unix-ish operating system

Day 3

dusnm,
@dusnm@fosstodon.org avatar

@drewdevault Of course, just the idea of files having different entries in the FS table, but pointing to the same underlying data on disk is still something I find a little bit like black magic. πŸ˜‚

tulpa, to random
@tulpa@fosstodon.org avatar

So many password reset processes are trivially easy to abuse or defeat.

dusnm,
@dusnm@fosstodon.org avatar

@tulpa How would you go about verifying the identity of a person who requested a password reset?

dusnm,
@dusnm@fosstodon.org avatar

@tulpa "I wouldn't" doesn't cut it. People often forget passwords. It's paramount there exist some mechanism to reset it.

The main weakness of the established method (just send an email) is that people reuse passwords.

A better approach is requiring 2FA be turned on at all times. So, even after confirming access to the email address, you must now additionally confirm ownership by way of using TOTP codes.

I think this works well enough.

jefflewis, to random
@jefflewis@hachyderm.io avatar

Why is it so complicated to run a local web server for development that uses subdomains and SSL? I’m drowning in docker, nginx, puma, and rails. It seems like this should be so simple with just a few config files, and yet… 😭

dusnm,
@dusnm@fosstodon.org avatar

@jefflewis Take a look at this:

https://github.com/FiloSottile/mkcert

Make an entry in your /etc/hosts file of the domain you want to test with and then procure a locally trusted certificate with mkcert. It can procure a wildcard certificate that's valid for all subdomains as well. πŸ˜„

  • All
  • Subscribed
  • Moderated
  • Favorites
  • β€’
  • normalnudes
  • rosin
  • ngwrru68w68
  • GTA5RPClips
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • thenastyranch
  • Youngstown
  • Durango
  • slotface
  • everett
  • vwfavf
  • kavyap
  • megavids
  • Leos
  • khanakhh
  • cisconetworking
  • cubers
  • InstantRegret
  • ethstaker
  • osvaldo12
  • modclub
  • anitta
  • provamag3
  • tacticalgear
  • tester
  • JUstTest
  • All magazines
    •