Skip Navigation

PenguinCoder

@ Penguincoder @beehaw.org

Posts
71
Comments
574
Joined
4 yr. ago

Bit-breaker working in cybersecurity/IT. Only languages I know are English and Programming ones.

Sometimes I write things about technology.

If I told you the SHA256 for this sentence starts with 'c, 5, four, a, and a', would you believe me?

  • Google will begin punishing sites for back button hijacking in June

    Jump

  • I hate that especially on github and reddit. I don't want your half asssed shitty implementation of code search with difference hot keys to do what I expect it to do.

  • A PHP Dev Just Solved a 20+ Year-Old KDE Plasma Problem No One Else Would

    Jump

  • since coding a whole game in assembly indicates deep understanding of what you’re doing, whereas the problem with vibe coding is that it requires only the shallowest understanding.

    Yes, that was indeed my point. That and being, who else really can understand the assembly coded game, compared to who can understand the AI written vibe coded app. The Dev who wrote it in assembly certainly understands it and a lot. The person who vibe coded an app...probably doesn't understand most of it.

  • A PHP Dev Just Solved a 20+ Year-Old KDE Plasma Problem No One Else Would

    Jump

  • Yes, it does. Sure it works, but at what cost to security and actual human understanding?? RollerCoaster Tycoon works and I'm not saying its insecure or vibe coded, but it's written in friggen assembly!

    The problem isn't the vibecoding inherently, it's the people that are doing it. Vibecoding just enables them to exist.

    They have no concept of what it means to produce general software for actual users using different setups. They generally have little patience and will abandon their projects very quickly. They are completely reliant on the models to fix any problems (or add features), so anything that, for whatever reason, a model can't fix will remain broken.

    Look at this vibe coded app and thread on reddit for just one example https://old.reddit.com/r/selfhosted/comments/1rckopd/huntarr_your_passwords_and_your_entire_arr_stacks/

    Was that vibe coded tool used correctly? Done, does not mean good, or safe, or even usable.

  • Lua programming language @sopuli.xyz
    PenguinCoder @beehaw.org

    New Lua-based malware “LucidRook”

    blog.talosintelligence.com /new-lua-based-malware-lucidrook/

  • Handala Hackers Releases Massive Data Breach of Former Mossad Chief

    Jump

  • Now those are the Epstien files.

  • Steve Wozniak says he's "disappointed a lot" by AI and rarely uses it

    Jump

  • It’s not human. Stop having this expectation.

    Then it needs to stop being interjected and trying to take over the Human aspect of tech, art, creativity, etc.

    Till then...

  • FCC moves to block new foreign-made routers

    Jump

  • A step above, pro-sumer grade. Takes some knowledge to get right, has some advanced fiddly bits if needed, but not as complex or powerful as a mikrotik or enterprise gear. Not as sad as a Netgear or Belkin consumer grade crap.

  • Age checks creep into Linux as systemd gets a DOB field

    Jump

  • I'm gonna sound like Prof Snape here, but Goddamnit Poettering!

  • FCC moves to block new foreign-made routers

    Jump

  • There goes Ubiquiti and Mikrotik's. Ugh. Good homelab and SMB routers. Shit, that's basically anything that isn't Cisco, even though those are really only assembled in USA not even manufactured.

  • Over half of Americans say health care, a weeklong vacation and a new car are unaffordable: ABC News/Washington Post/Ipsos poll

    Jump

  • Well no shit. Basic survival is taking a good 80% of the paycheck. Probably CC and other debt takes the remaining. Maybe a few bucks left for a fancy coffee or red bull. Ain't got no time or money for Healthcare or vacations.

  • What are some lesser-known or obscure TV series that you think should be much bigger, and that people would enjoy if they watched it?

    Jump

  • TURN is a great show. Very compelling, some truth to it although not the main characters or the spy ring itself. Finishingsn episode always leaves me wanting to immediately watch the next.

    Obligatory, fuck Simcoe.

  • US to release 172 million barrels of oil from strategic petroleum reserve

    Jump

  • Not why it's there or supposed to be used for...

  • Removed

    The new Jolla Phone with Sailfish OS is on track to start shipping in the first half of 2026 - Liliputing

    Jump

  • Some key components of Sailfish OS have been licensed proprietary by Jolla from the start and ever since (as of Sailfish OS 5.0 in February 2025). Since September 2025 some closed parts of Sailfish OS have been open sourced, with the announcement that more parts are to be followed.

  • Ray is basic.

    Jump

  • The oldest shark teeth are from the Early Devonian, about 410 million years old. These are without a doubt sharks, although different species than exist currently. The earliest fossil of a plant engaging in this evolutionary strategy is a 12 meter tall palm-like plant from China. It dates back, again, to the Early Devonian, but less than 400 million years ago.

    Which means the first toothed sharks predate the first plant which could be called a tree by 10 million years.

    Sharks are older than the rings of Saturn!

  • Johnson: US Must Wage War With Iran Because of Its “Misguided Religion”

    Jump

  • I cannot believe that was actually said by a United States representative, where it is and has been codified in the nations constitution, that freedom of religion is a right of the people via the first amendment. Freedom of religion means any religion, but also, freedom from religion.

    to wit: The civil rights of none shall be abridged on account of religious belief or worship, nor shall any national religion be established, nor shall the full and equal rights of conscience be in any manner, or on any pretext, infringed.

  • In an effort to keep the Strait of Hormuz open, Trump is financing insurance for all ships, and pledged the US Navy to escort them, which would bring them into striking range of Iran

    Jump

  • No hiding it, no attempt to wash it. Oil flows, and US armed forces will 'protect' it.

  • LexisNexis confirms data breach as hackers leak stolen files

    Jump

  • For 70% of the companies out there, If your company or website collects it; hackers will get it. Your PR 'trust us' words have no meaning or substance.

  • I get along with every coworker but 2 out of 14, manager is somebody who sabotaged me in the past. To even consider working there again is such a stupid idea, isn’t it?

    Jump

  • People don't generally quit bad jobs, they stick it out for whatever reason. They do quit having a bad boss though.

  • Best practice for resetting a user's MFA?

    Jump

  • There's a really nice high level overview of TOP/MFA by OWASP

    They say:

    There is no definitive "best way" to do this, and what is appropriate will vary hugely based on the security of the application, and also the level of control over the users. Solutions that work for a corporate application where all the staff know each other are unlikely to be feasible for a publicly available application with thousands of users all over the world. Every recovery method has its own advantages and disadvantages, and these need to be evaluated in the context of the application.

    Some suggestions of possible methods include:

    • Providing the user with a number of single-use recovery codes when they first setup MFA.
    • Requiring the user to setup multiple types of MFA (such as a digital certificate, OTP core and phone number for SMS), so that they are unlikely to lose access to all of them at once.
    • Mailing a one-use recovery code (or new hardware token) to the user's registered address.
    • Requiring the user contact the support team and having a rigorous process in place to verify their identity.
    • Requiring another trusted user to vouch for them.

    The most important thing I think is, the MFA reset should have a different method and flow than the password reset option. Figure if an attacker attempts the 'forgot password' method, it's assumed they have access to the users email. Therefore, you don't want to send a 'reset MFA' in the same manner. The password recovery flow should be separate to the MFA recovery flow by using some form of out-of-band verification such as sending a password reset link within a "forgotten password email" containing a randomly generated and unique token that allows the user to reset the password only. The MFA recovery flow should work in a different manner. If you are offering TOTP only, I suggest offering a fallback method in place such as a list of "backup codes" of valid OTPs that the user needs to keep safe, and is obtained when first enrolling in MFA, or otherwise an OTP sent via SMS with a short expiration time. Ask for the TOTP while entering a new password. The reset link would be useless for the attacker.

  • Microsoft is adding image support to Notepad on Windows 11

    Jump

  • Unnecessary. It's a damn text editor. Leave it simple.

  • Music @beehaw.org
    PenguinCoder @beehaw.org

    Two Burning Tappers - Dark Roads

    open.spotify.com /track/238UlVW4MznDA2YqMztjUQ
  • Chat @beehaw.org
    PenguinCoder @beehaw.org

    How's your week going Beehaw?

  • Chat @beehaw.org
    PenguinCoder @beehaw.org

    How's your week going, Beehaw?

  • Music @beehaw.org
    PenguinCoder @beehaw.org

    Raven Knight - Kiss Me in the Crypt

    open.spotify.com /track/4CDOfUQKYzthqnAfCxXhqQ
  • Technology @beehaw.org
    PenguinCoder @beehaw.org

    CLI Browser - brow6el

    codeberg.org /janantos/brow6el
  • Lua programming language @sopuli.xyz
    PenguinCoder @beehaw.org

    Lua 5.5 Released

    www.lua.org /manual/5.5/readme.html
  • Music @beehaw.org
    PenguinCoder @beehaw.org

    Esme Rose - Fuck being a princess

    open.spotify.com /track/4LP3rQhkm87kQopVQVGvJa
  • Lua programming language @sopuli.xyz
    PenguinCoder @beehaw.org

    Lua Tips and Tricks (2024)

    blogsite-sand.vercel.app /blogs/lua-tips-and-tricks
  • Lua programming language @sopuli.xyz
    PenguinCoder @beehaw.org

    Lumen-oss/lux: A luxurious package manager for Lua

    github.com /lumen-oss/lux
  • Lua programming language @sopuli.xyz
    PenguinCoder @beehaw.org

    Why I choose Lua for this blog • AndreGarzia.com

    andregarzia.com /2025/03/why-i-choose-lua-for-this-blog.html
  • Chat @beehaw.org
    PenguinCoder @beehaw.org

    Medialabs is pissing off the users at Imgur

    imgur.com /gallery/love-when-everyone-comes-together-oybbNoP
  • Lua programming language @sopuli.xyz
    PenguinCoder @beehaw.org

    Lua, a misunderstood language • AndreGarzia.com

    andregarzia.com /2021/01/lua-a-misunderstood-language.html
  • Lua programming language @sopuli.xyz
    PenguinCoder @beehaw.org

    Lua - Beginners guide

    gridlocdev.github.io /lua-beginners-guide/
  • Lua programming language @sopuli.xyz
    PenguinCoder @beehaw.org

    Need mods?

  • Technology @beehaw.org
    PenguinCoder @beehaw.org

    How I Chained Directory Traversal and CSV Parser Abuse for RCE in a Django App

    jineeshak.github.io /posts/Chaining-Directory-Traversal-and-CSV-Parser-Abuse-for-RCE-in-Django/
  • Music @beehaw.org
    PenguinCoder @beehaw.org

    Dorothy - Rest In Peace

    open.spotify.com /track/2PZ5teF9vepeL2Qq7dkd59
  • Music @beehaw.org
    PenguinCoder @beehaw.org

    Five Finger Death Punch - When the Seasons Change

    open.spotify.com /track/093pLJk6h71BCYyrcVQGEO
  • Fediverse @piefed.social
    PenguinCoder @beehaw.org

    FSE Meets the FBI! — FSE Blog

    blog.freespeechextremist.com /blog/fse-vs-fbi.html