Yeah, it's really good fun. I can highly recommend it. This is also a good way to train (new) developers to think like attackers, how to break in, destroy something or raise awareness of some classes of bugs. Then you can avoid them next time. It's surprising to me what vulnerabilities come up during this event every time. So, absolutely worth it, win, win.
Yeah, it's really good fun. I can highly recommend it. This is also a good way to train (new) developers to think like attackers, how to break in, destroy something or raise awareness of some classes of bugs. Then you can avoid them next time. It's surprising to me what vulnerabilities come up during this event every time. So, absolutely worth it, win, win.
As far as I know females are sitting in the shrubs and males fly around, but they're not all that quick. They are slowly moving glowing dots that you can easily follow with your eyes. The bigger problem might be that they turn off and then on again. So, one could count duplicates. However, there's typically a bit of distance between them (at least 30-50 cm I'd say, often more). Counting the same individual multiple times is not all that common (assuming that they don't speed up when turned off). My counting was also conservative I believe.
Ah, Die Maus also covered them a few days ago: https://www.youtube.com/watch?v=OVGD5QEvtoc At the end, there's a video were you can see the speeds a bit.
Before I left I tried to call a mate to join me, who apparently wasn't home yet, though, didn't pick up. But in the very end I surprisingly met her in the forest and we were super happy to encounter all the fireflies. She also said that today was her first time this year to spot them. I'll definitely check them out in the next days, too.
Apart from all the glowworms, I also came across some goats, two deer (one of which only the ears showing out of the grass), according to the sounds I sadly must have scared up four more, bucketloads of tadpoles, four big and very active anthills next to each other and three bats to finish the stroll off. I call that extremely successful.
GoatThere ya go: https://lyse.isobeef.org/waldspaziergang-2025-06-24/
Once a year the security guys organize a really great hacking event, though. Teams can volunteer to hand in their software dev instances and all workmates are invited to hack them and report security vulnerabilities. That's a lot of fun, but also gets frustrating towards the end when you don't make any progress. :-) There's also some actual hands-on training in advance for preparation of the two days. Unfortunately, I missed the last event due to my own project being very stressful at the time.
When I had a Do What You Want Day I also show my direct teammates what I learned in the hopes of this being interesting to them as well. I'm the only one in my team using this opportunity, sadly.
pledge(…)/unveil(…)/landlock/capabilities I came across the great EWONTFIX blog, in particular this article here: https://ewontfix.com/17/ Super interesting.
returns tell me that you're not a real Rust programmer. :-D Personally, I would never omit them either. They make code 100 times more readable.
I upcycled decades old table football aluminium pipes to become my handles. The spacers are made from the inner tube. Two minutes of handsanding with 400 grit sandpaper polished it up nicely.
Drawers on the workbenchhttps://lyse.isobeef.org/tmp/hobelbankschubladen/
$ ls > /dev/null
$ echo $_
--color=tty
Yeah, exactly what you think:
$ which ls
ls: aliased to ls --color=tty
Alt+. is going to be my favorite one! In the above, it would also give me /dev/null, which might be probably more what I would expect.
tt. Sure, I can easily edit my feed in vim to fix typos. But then I still have to manually remove the old message from the cache so that the new message is inserted on next reload and I don't end up with "duplicates" in the message tree.
pledge(…) and unveil(…) before, right? I somewhere ran across them once before. Never tried them out, but these syscalls seem to be really useful. They also have the potential to make one really rethink about software architecture. I should probably give this a try and see how I can improve my own programs.
I sent the dealer an e-mail about that with all sorts of other issues as well. Let's see if they fix anything of that some day. Or yet just even read it.
display() doesn't actually display it. But it's a Rust thing.
Normal links are blue while images are teal. I thought I differentiate the two if I easily can. The underline of URLs comes from my terminal and is not tt's fault.
Configuring colors is in the todo list. But of course, providing a sane default is definitely something I'd like to have.
Message tree view:
Screenshot of the message tree viewReply form:
Screenshot of the reply form
I saw a flock of pidgeons circling around and some sort of rat or mouse quickly running over the road in front of me from one field into the next one with a giant nut in its mouth. Or so I at least believe, couldn't really tell, it happened so fast.
A couple enjoyed the setting sun on a bench and stripped their shoes on this warm evening. Somebody forget their bottle of water on the summit, but it looked rather cool in the evening light:
Water bottleNot sure what they're doing, but they now set up scaffolding at the ruin. I heavily doubt it, but it would be cool if they rebuilt the castle. :-)
On the way back I met up with a mate who couldn't come along right from the beginning. We saw two deer on the meadow, but it was already too dark for my camera, the photos were totally rubbish. The sunset turned really pretty and colorful just in time when I reached home. https://lyse.isobeef.org/waldspaziergang-2025-06-10/
Pink saturn^Wsun disk
Ctrl+U to the front or Ctrl+K to the end puts it in a buffer that can be pasted by pressing Ctrl+Y! That's neat. Even removing the last word with Ctrl+W moves it into this paste buffer.https://jvns.ca/blog/2024/11/26/terminal-rules/#rule-5-vaguely-support-readline-keybindings
I guess I have to implement pasting in
tt as well.
In any case, happy hacking!
Since you have a proper server – haha, not just one – and hence are not limited, I suggest you learn a real programming language and don't waste your time with this PHP mess. It might have improved a wee bit since I was a kid, but it felt like some hacked together shit. The defaults also were questionable at best, it was easier to hold it wrong than right. This stands testament to bad design and is especially terrible from a security point of view.
You're right, programming is like any other craft. You only truly learn by actually doing it. And this just takes time. Very long time to master it. Or as close to as it gets. The more you know, the more you realize what else you don't know (yet). It's a never ending process. So, take it easy, don't get discouraged, happy hacking and enjoy the endeavor! :-)
After some (expensive) tucker at the Wasserberghaus, we tried to actually visit the summit this time. However, there's nothing to see, just a rough logging trail (46-49). That was a dead end, so we had to turn around. It was some nice exploring, but I reckon this was my first and last time up there. :-)
Wasserberg on the left, Fuchseck on the rightUnfortunately, we didn't go to the neighboring Fuchseck this time, only the Wasserberg with some extras.
https://lyse.isobeef.org/wanderung-auf-den-wasserberg-2025-05-18/
Nice, did you print this keychain yourself?
Sunset
> […] These changes will apply to operations like cloning repositories over HTTPS […]
On a positive note: Finally time to get rid of as many Go dependencies as possible. :-)
The
echo in line 13 is useless, you can simplify this to: newdir="$WD/$now" If you reversed this line with the previous one, you could make use of the variable in the directory creation: mkdir "$newdir".In line 16, pull the directory change out of the loop upfront. The loop body doesn't modify the working directory, so no need to reset it with each cycle. In fact, you could even spare the
cd altogether when you simply tell find where to look: find "$basedir" -type f….I didn't try it, but if I read the manpage correctly, you should be able to simplify line 19 as well:
> -C Change to DIR before performing any operations. This option is order-sensitive, i.e. it affects all options that follow.
Hence, remove the
cd and put the -C "$WD" as the first argument to tar. Again, I didn't try it. Proceed with caution.Finally, you don't need to specify the full path to
rm in line 21. I bet, /bin is in your PATH. When you removed the previous cd from my last suggestion, the relative path that follows won't work anymore. So, just use the absolute path that you already have in a variable: rm -rf "$newdir"I hope you find this tiny review a wee bit useful. :-)
Regarding
find | grep foo, I recommend find -name '*foo*', prologic. Also, I regularly use -type d and -type f to find directories or files.
I didn't draw any plans, just measured a few times and then went to cutting a bunch of particle board leftovers at the table saw. I routed rebates on the sides, fronts and backs to lap the boxes and sink in the bottom. It turned out that having no plans was a stupid idea. I cut exactly on the lines as I calculated and measured, however, the math in my head fell apart when it eventually met reality. The bottoms are too short, so I gotta glue on some strips. Also, with the longer fronts, the sides won't work either, I have to fix them as well. :-D
Finally, the lid of my cyclone bucket broke when the negative pressure got too large. Oh well. It was just an old wood glue bucket, I've got another empty one, so I can use that lid but strengthen it first with some plywood. Something for future Lyse to deal with.
All in all, it was still good fun. Wood (haha) do it again, but at least with some sketches on paper. ;-)
@prologic You'll sometimes find the "Creation Date" in
whois. Our domain was registered in 2009. Woah. That's also been a while, crazy.
That doesn't justify all the WAF crap in the first place, though. In my opinion it's just a filthy plaster applied to an injected wound. The software itself must be secure. Otherwise, don't put that shit on the internet. Probably not even operate it at all. Nowhere. Fix it or throw it in the bin.