• Activity
  • Votes
  • Comments
  • New
  • All activity
    1. Day 4: Passport Processing

      Today's problem description: https://adventofcode.com/2020/day/4 Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c. Please post your...

      Today's problem description: https://adventofcode.com/2020/day/4


      Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c.

      Please post your solutions in your own top-level comment. Here's a template you can copy-paste into your comment to format it nicely, with the code collapsed by default inside an expandable section with syntax highlighting (you can replace python with any of the "short names" listed in this page of supported languages):

      <details>
      <summary>Part 1</summary>
      
      ```python
      Your code here.
      ```
      
      </details>
      
      13 votes
    2. Day 3: Toboggan Trajectory

      Today's problem description: https://adventofcode.com/2020/day/3 Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c. Please post your...

      Today's problem description: https://adventofcode.com/2020/day/3


      Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c.

      Please post your solutions in your own top-level comment. Here's a template you can copy-paste into your comment to format it nicely, with the code collapsed by default inside an expandable section with syntax highlighting (you can replace python with any of the "short names" listed in this page of supported languages):

      <details>
      <summary>Part 1</summary>
      
      ```python
      Your code here.
      ```
      
      </details>
      
      12 votes
    3. I've created a temporary sub-group for Advent of Code 2020, subscribe if you're interested!

      As we did last year, I've set up a temporary sub-group that we can use for this year's Advent of Code at ~comp.advent_of_code Some discussion and solutions were starting in this thread, but it...

      As we did last year, I've set up a temporary sub-group that we can use for this year's Advent of Code at ~comp.advent_of_code

      Some discussion and solutions were starting in this thread, but it will be easier to organize inside a devoted sub-group, and also makes it simpler for people to both find and avoid the relevant topics.

      If you posted solutions in that topic, please move them into the threads for Day 1 and Day 2.

      I automatically subscribed everyone that commented in or voted on that original topic, as well as everyone that posted a comment in any of last year's topics, but nobody else. So if you're interested in participating in Advent of Code or discussing it, please subscribe to the sub-group. Posts from the sub-group won't be shown to logged-out users by default either, so any logged-out users that want to observe will need to visit the sub-group directly (or you're welcome to email me and request an invite so you can register and subscribe).

      I've also set up scheduled posts to happen automatically as each day's puzzle unlocks.

      25 votes
    4. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      10 votes
    5. Alternative to TeamViewer for LAN?

      Currently, controlling one of my PCs from another requires me to manually log into Windows on the remote computer so I can get the TeamViewer pw and then connect from the host. Is there another...

      Currently, controlling one of my PCs from another requires me to manually log into Windows on the remote computer so I can get the TeamViewer pw and then connect from the host. Is there another program that will launch at Windows startup so I log into Windows on the remote computer from the host? I don't need internet remote control and I'd prefer a free alternative that doesn't require an account or internet access to enable this type of feature (which I believe TeamViewer does). Remote computer is on Win 8, host on Win 10. EDIT: I was wrong, see below.

      9 votes
    6. Fortnightly Programming Q&A Thread

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.

      Don't forget to format your code using the triple backticks or tildes:

      Here is my schema:
      
      ```sql
      CREATE TABLE article_to_warehouse (
        article_id   INTEGER
      , warehouse_id INTEGER
      )
      ;
      ```
      
      How do I add a `UNIQUE` constraint?
      
      6 votes
    7. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      9 votes
    8. Can you write ad-blocker rules to essentially blacklist mention of certain people?

      I've just read a journal from someone on another site saying that they wished there was a blacklisting system which stopped them seeing submissions from, to or about certain other users in their...

      I've just read a journal from someone on another site saying that they wished there was a blacklisting system which stopped them seeing submissions from, to or about certain other users in their feed, as it is potentially trauma-inducing for them to log in and keep seeing them come up. I assume that the person looking for this blacklist isn't realistically able to just leave the site, because it's the most populous of its kind and serves as an art portfolio or source of income.

      Is this, or something like it, actually possible to do with custom ad-blocker rules, or do they need to just wait for the site's admins to get around to it?

      6 votes
    9. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      9 votes
    10. If you could rewrite 1 element of modern computing, what would it be and why?

      The question mostly says it all, but I will give one of my ideas. I would replace the concept of a holistic app and instead replace it with a loose collection of features. The point would be to...

      The question mostly says it all, but I will give one of my ideas. I would replace the concept of a holistic app and instead replace it with a loose collection of features. The point would be to allow the end user to build a GUI from elements of multiple apps. You could have buttons that perform multiple functions in multiple apps. It would allow you to streamline and remove remove annoying elements; you could lock interface elements so you don't have to relearn the interface when the devs randomly decide to change it.

      11 votes
    11. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      12 votes
    12. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      9 votes
    13. Fortnightly Programming Q&A Thread

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.

      Don't forget to format your code using the triple backticks or tildes:

      Here is my schema:
      
      ```sql
      CREATE TABLE article_to_warehouse (
        article_id   INTEGER
      , warehouse_id INTEGER
      )
      ;
      ```
      
      How do I add a `UNIQUE` constraint?
      
      6 votes
    14. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      8 votes
    15. Programming Challenge: Over-engineer obfuscation of a mailto link on a hypothetical webpage

      This is a bit of a silly challenge that came to mind when I saw a discussion about obfuscating mailto links on the unofficial Discord server. This challenge is intentionally meant to be ridiculous...

      This is a bit of a silly challenge that came to mind when I saw a discussion about obfuscating mailto links on the unofficial Discord server. This challenge is intentionally meant to be ridiculous and encourages horrendous solutions that should never see the light of day in actual production code.


      Some Background

      On the internet, bots are an incredibly common. They may do anything from crawling through webpages to map out valid links on the web, to spamming forums with links to scam websites. Among some of the less ethical uses of bots is the collection of any email addresses that might be sitting around in a webpage's source code, either made visible to the user or hidden behind some alternative text. These bots collect these email addresses for any number of purposes, including phishing attempts to hijack accounts.

      Commonly, these emails can be found sitting inside of so-called mailto links, which will open your default mail application and pre-populate the recipient's address, preparing you to send a new email in a single click. It's a safe bet that the vast majority of mailto link implementations aren't very sophisticated, simply providing a snippet that looks much like the following:

      <a href="mailto:johnsmith@example.com">Contact Me</a>
      

      Given the above, most bots will likely only ever scrape a webpage for a link containing href="mailto:. A simple form of obfuscation to combat a bot could be to leave the href attribute empty on initial page load, capture the on click event, dump the mailto email address into the href attribute, and finally remove the on click event handler from the link before re-sending the click event.

      We're not here for simple, however.


      Challenge

      As suggested in the title, the challenge is to over-engineer this obfuscation. There is only one hard requirement:

      Clicking the "Contact Me" link should, to the user's perception, function (mostly) identically to a simple mailto link. Specifically, clicking the link should ultimately result in the user's mail application opening (or being prompted to open) with no further input from the user and the "to" field being correctly pre-populated with the intended email address. This means that captchas and the like are not allowed. Delays in triggering the mail application due to processing layers of obfuscation, however, are expected and acceptable (although "until well after the heat death of the universe" is not an acceptable delay, so let's be reasonable).

      Apart from the requirement above, solutions that require increasingly more sophisticated methods of de-obfuscation for a bot to discover your email address are preferred. The more complicated a bot's design would need to be to discover your email address, and the more painful it is for other programmers to see the abomination you've created, the better.

      CSS is not required. A functioning webpage is not required. An entire web server is not required. A full, working web project including a framework with defined routes, security features, a VM provisioning script, and whatever the fuck else you would need is not required. You can build an actual web project around this if you wish, but code snippets and some comments explaining what does what will be more than sufficient.

      11 votes
    16. In which a foolish developer tries DevOps: critique my VPS provisioning script!

      I'm attempting to provision two mirror staging and production environments for a future SaaS application that we're close to launching as a company, and I'd like to get some feedback on the...

      I'm attempting to provision two mirror staging and production environments for a future SaaS application that we're close to launching as a company, and I'd like to get some feedback on the provisioning script I've created that takes a default VPS from our hosting provider, DigitalOcean, and readies it for being a secure hosting environment for our application instance (which runs inside Docker, and persists data to an unrelated managed database).

      I'm sticking with a simple infrastructure architecture at the moment: A single VPS which runs both nginx and the application instance inside a containerised docker service as mentioned earlier. There's no load balancers or server duplication at this point. @Emerald_Knight very kindly provided me in the Tildes Discord with some overall guidance about what to aim for when configuring a server (limit damage as best as possible, limit access when an attack occurs)—so I've tried to be thoughtful and integrate that paradigm where possible (disabling root login, etc).

      I’m not a DevOps or sysadmin-oriented person by trade—I stick to programming most of the time—but this role falls to me as the technical person in this business; so the last few days has been a lot of reading and readying. I’ll run through the provisioning flow step by step. Oh, and for reference, Ubuntu 20.04 LTS.

      First step is self-explanatory.

      #!/bin/sh
      
      # Name of the user to create and grant privileges to.
      USERNAME_OF_ACCOUNT=
      
      sudo apt-get -qq update
      sudo apt install -qq --yes nginx
      sudo systemctl restart nginx
      

      Next, create my sudo user, add them to the groups needed, require a password change on first login, then copy across any provided authorised keys from the root user which you can configure to be seeded to the VPS in the DigitalOcean management console.

      useradd --create-home --shell "/bin/bash" --groups sudo,www-data "${USERNAME_OF_ACCOUNT}"
      passwd --delete $USERNAME_OF_ACCOUNT
      chage --lastday 0 $USERNAME_OF_ACCOUNT
      
      HOME_DIR="$(eval echo ~${USERNAME_OF_ACCOUNT})"
      mkdir --parents "${HOME_DIR}/.ssh"
      cp /root/.ssh/authorized_keys "${HOME_DIR}/.ssh"
      
      chmod 700 ~/.ssh
      chmod 600 ~/.ssh/authorized_keys
      chown --recursive "${USERNAME_OF_ACCOUNT}":"${USERNAME_OF_ACCOUNT}" "${HOME_DIR}/.ssh"

sudo chmod 775 -R /var/www
      sudo chown -R $USERNAME_OF_ACCOUNT /var/www
      rm -rf /var/www/html
      

      Installation of docker, and run it as a service, ensure the created user is added to the docker group.

      sudo apt-get install -qq --yes \
          apt-transport-https \
          ca-certificates \
          curl \
          gnupg-agent \
          software-properties-common
      
      curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
      sudo apt-key fingerprint 0EBFCD88
      
      sudo add-apt-repository --yes \
         "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
         $(lsb_release -cs) \
         stable"
      
      sudo apt-get -qq update
      sudo apt install -qq --yes docker-ce docker-ce-cli containerd.io
      
      # Only add a group if it does not exist
      sudo getent group docker || sudo groupadd docker
      sudo usermod -aG docker $USERNAME_OF_ACCOUNT
      
      # Enable docker
      sudo systemctl enable docker
      
      sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
      sudo chmod +x /usr/local/bin/docker-compose
      sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
      docker-compose --version
      

      Disable root logins and any form of password-based authentication by altering sshd_config.

      sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
      sed -i '/^PasswordAuthentication/s/yes/no/' /etc/ssh/sshd_config
      sed -i '/^ChallengeResponseAuthentication/s/yes/no/' /etc/ssh/sshd_config
      

      Configure the firewall and fail2ban.

      sudo ufw default deny incoming
      sudo ufw default allow outgoing
      sudo ufw allow ssh
      sudo ufw allow http
      sudo ufw allow https
      sudo ufw reload
      sudo ufw --force enable && sudo ufw status verbose
      
      sudo apt-get -qq install --yes fail2ban
      sudo systemctl enable fail2ban
      sudo systemctl start fail2ban
      

      Swapfiles.

      sudo fallocate -l 1G /swapfile && ls -lh /swapfile
      sudo chmod 0600 /swapfile && ls -lh /swapfile
      sudo mkswap /swapfile
      sudo swapon /swapfile && sudo swapon --show
      echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
      

      Unattended updates, and restart the ssh daemon.

      sudo apt install -qq unattended-upgrades
      sudo systemctl restart ssh
      

      Some questions

      You can assume these questions are cost-benefit focused, i.e. is it worth my time to investigate this, versus something else that may have better gains given my limited time.

      1. Obviously, any critiques of the above provisioning process are appreciated—both on the micro level of criticising particular lines, or zooming out and saying “well why don’t you do this instead…”. I can’t know what I don’t know.

      2. Is it worth investigating tools such as ss or lynis (https://github.com/CISOfy/lynis) to perform server auditing? I don’t have to meet any compliance requirements at this point.

      3. Do I get any meaningful increase in security by implementing 2FA on login here using google authenticator? As far as I can see, as long as I'm using best practices to actually ssh into our boxes, then the likeliest risk profile for unwanted access probably isn’t via the authentication mechanism I use personally to access my servers.

      4. Am I missing anything here? Beyond the provisioning script itself, I adhere to best practices around storing and generating passwords and ssh keys.

      Some notes and comments

      1. Eventually I'll use the hosting provider's API to spin up and spin down VPS's on the fly via a custom management application, which gives me an opportunity to programmatically execute the provisioning script above and run some over pre- and post-provisioning things, like deployment of the application and so forth.

      2. Usage alerts and monitoring is configured within DigitalOcean's console, and alerts are sent to our business' Slack for me to action as needed. Currently, I’m settling on the following alerts:
        1. Server CPU utilisation greater than 80% for 5 minutes.
        2. Server memory usage greater than 80% for 5 minutes.
        3. I’m also looking at setting up daily fail2ban status alerts if needed.
      9 votes
    17. Fortnightly Programming Q&A Thread

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.

      Don't forget to format your code using the triple backticks or tildes:

      Here is my schema:
      
      ```sql
      CREATE TABLE article_to_warehouse (
        article_id   INTEGER
      , warehouse_id INTEGER
      )
      ;
      ```
      
      How do I add a `UNIQUE` constraint?
      
      5 votes