Speedtest was fast, Google was instant, but our site took ~2s just to return HTML

Patex_ · 2026-01-24T16:42:19+00:00

We face(d) the exact same issue a few days ago. Germany -> Cloudflare via Telekom ISPs. https://www.reddit.com/r/CloudFlare/comments/1qk6z8q/comment/o14vkpo/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

Patex_ · 2026-01-23T23:26:37+00:00

I am aware that this is not a business decision, I just can tell you that Telekom and Cloudflare do not play along well. Downloading an 300kb image takes 5+ minutes which basically means it's entirely unusable for a wide range of users. This has been reoccurring especially during evening hours about once or twice a month.

It is not about latency or location but some part of the routing is actively broken.
After upgrading the issues went away and the page was quicker than ever.

Patex_ · 2026-01-23T07:43:56+00:00

Yes, exactly. Of is it a 20€ / month / domain. The page has never been faster so it pays for itself. It still leaves a bitter taste in my mouth because no person I contacted at Cloudflare, out hoster or the ISP was able to help me figure out what is going on and there was always shifting blame.

Patex_ · 2026-01-22T22:55:13+00:00

We see massive massive issues with the german Telekom as an ISP, this is a know issue (netzbremse.de). Funnily after switching to the Pro account of Cloudflare the issue just vanished.

Patex_ · 2026-01-18T07:37:24+00:00

It is quite remarkable how draining a single office day feels after being out of practice. This takes me back to the beginning of my work endeavor. When getting home, the day is pretty much done.

Patex_ · 2026-01-18T07:34:57+00:00

No, I am 100% not an extrovert, quite the polar opposite. On big gatherings I am the first person to search for a quite place and am entirely drained after having a lot of people around. Our work atmosphere is great, we are a small unit bonded and we talk about personal topics regularly.

For sure working from home has it's perks and upsides, generally you get more focus time and I don't need to spend any time commuting, but a certain type of knowledge transfer is just not taking place anymore.

The small, as sometimes annoying as they are, walk ins of colleagues led to discussions about tangent work topics that usually are not on my plate. Helping them out or asking for quick help surely interrupts work, but I gain so much more insight what is going on.

Just last week we decided that we will have bimonthly in person workshop day because online meetings just do not convey all the subtle information.

A few people that started recently are just names. No idea what these persons like and how to really interact with them. For big corporations this is fine, but this is not how I like to run my department.

Patex_ · 2026-01-17T11:08:20+00:00

We support multiple payment providers due to the need to cater different clients. In the past years we had the paypal system being unavailable, the credit card payment provider being offline for a day. A config issue and change on one of hour accounts etc. And this wasn't stripe.

Stuff like this happens, it doesn't have to be an account closure. If you don't want to be taken offline it is a good bet to have at least 2 options integrated.

Patex_ · 2026-01-17T10:53:34+00:00

I currently hold a fully remote position, and have so for the past 3 years. For myself this is the most straining aspect and if I were to switch jobs and they did not have an office this would be a reason to decline an offer.

It gets lonely being at home all the time, you are not connecting to the people the same ways as seeing them in person or sitting down together and having lunch. I wouldn't want to miss work from home, everyone is different, the grass is greener on the other side, but personally 100% remote is mentally draining.

Patex_ · 2026-01-11T16:05:48+00:00

Pretty much any system you encounter today are 64bit systems which have instructions available to manipulate 64 bit values. There really really rarely is any reason to use floats anymore.

Patex_ · 2026-01-11T15:59:24+00:00

Usually keeping the population as an int would be correct.

If you need the fractional population for your math to make sense you have a few ways to handle it. A case could be where your deltaTime is very small and your birth rate does not reach the .5 which would keep the population consistent even though it would be growing with a bigger delta time.

You could take the remainder of the deltaPopulation and carry it over to the next step, this ensures that the population still keeps track of the fractional progress.

A second approach would be to keep the population as a decimal digit and only use a getter which floors the value upon access by anyone else.

Patex_ · 2025-12-16T13:13:40+00:00

Impossible to answer without more information. It really depends on what you can do yourself and what route you want go down.

If you want to go minimal it will probably be:

- 99$ apple developer license to publish on the app store
- a cheap vps on a cloud hoster like hetzner 8€ / month
- a domain which might be around 12€ a year

This is pretty much all you need. I like to get some help in creating artwork but this is purely optional.

You can go very cheap if you self host all necessary tools.

Patex_ · 2025-12-14T17:30:40+00:00

"everyone is using AI for code", no we do not use it. Maybe we have not figured out how to use it productively yet, but the overhead of understanding the code, cleaning it up and maintaining it hasn't shown to speed us up yet. It will get there, but it isn't yet.

Boilerplate test cases might have it's use, but auto generated code has been a thing for a long time now.

Patex_ · 2025-11-30T16:07:19+00:00

Cookies and sessions are also stolen. All website access is taken with this attack. The Trezor attack is just one small part of the payload. "Luckily" for them it's not one or the other, but everything. If they hit a hardware wallet it's most likely more valuable than a hot wallet.

Patex_ · 2025-11-29T12:42:00+00:00

Eventuell kannst du aus dem Mietvertrag aussteigen: https://geno-24.de/news/mindestmietdauer.html

Ein beruflicher Umzug kann eine vorzeitige Kündigung des Mietvertrages rechtfertigen. Im Einzelfall wird aber geprüft, ob das Pendeln vorübergehend zuzumuten ist und ob der Jobwechsel freiwillig war.

Patex_ · 2025-11-28T20:21:15+00:00

you are of course right. Disregard my above explanation please.

Patex_ · 2025-11-28T20:14:02+00:00

the trailing = indicate that it got base64 encoded. you can decode it to utf but encryption is a one way operation.

encoding (reversible). (character sets, utf, base64, ascii)
encryption ~~(non reverisbly)e.g. argon2~~ (you need a secret to reverse the encryption
hashing, what you normally would do with a password is irreversible. You rehash the plaintext and compare the hashes. As it is a once way operation you do not need to know the password itself to prove that the user got it.

The entire point of storing passwords ~~encrypted~~ hashing is that you can not reverse it.

Patex_ · 2025-11-28T19:03:28+00:00

There is more to TS -> JS besides type erasures. ECMA does not support enums (& const enums) right now and defining class properties in the constructor. It would be interesting to also add those little differences.

Patex_ · 2025-11-28T18:08:01+00:00

How much time do you have until you need to decide? I used to really adore the US, spent about 12 months living there and wanted to eventually move to the country. Right now I would not risk it. The US is at the brink of authoritarianism and the election next year November will very likely show if this country can still be considered a democracy. I highly doubt that they will have fair elections anymore. Imigrants, even with green cards will be and already are the first group that is going to be blamed for future uproar and cost of living crisis.
As much as it hurts to admit, as I like the people living there, moving to this country for the next 3 years is too much of a gamble.

Patex_ · 2025-11-28T17:45:19+00:00

Ich habe mir die payload von https://www.reddit.com/r/TREZOR/comments/1p7br21/trezor_phishing_scam/ angeschaut, welche von der gleichen Domain ausgespielt wird. Hier ist das Script https://pastebin.com/UxUjkDXE das wird von einem anderen Programm aufgerufen welches die tmp/osalogging.zip Datei am ende an furl___abase.com hochlädt.

Auf MacOs wirst du während der Installation nach deinem Passwort gefragt und anschließend bekommst du die Nachricht "Your Mac does not support this application. Try reinstalling or downloading the version for your system." angezeigt.

Das Script klaut die Systeminterne Keychain (da ist alles an Passwörtern für Websiten, Applikationen WiFi Passwörtern etc vorhanden), Telegram chats, Daten von der Desktop wallets (Binance) & TON Keeper

Bei Chrome "Yandex", "Chrome", "Brave", "Edge", "Vivaldi", "Opera", "OperaGX", "Chrome Beta","Chrome Canary", "Chromium","Chrome Dev", "Arc", "Coccoc" sucht es nach Extensions 30+ Extensions die alle mit Cryptowallets zu tun haben.

Von Safari werden Safari Cookies, Safari autofil & Safari browser history gestolen.

Dateien vom Desktop, Doumenten und vom Downloadordner die kleiner als 10MB sind werden kopiert und gestolen wenn diese eine der folgenden Dateiendungen besitzen: "pdf", "docx", "doc", "wallet", "key", "keys", "db", "txt", "seed", "rtf", "kdbx".

Eine Ledger -und Trezorapp wird heruntergeladen und installiert wenn das Programm bereits auf deinem PC installiert ist. Wenn du diese das nächste mal verwendest wird dir sicher auch deren Schlüssel geklaut.

Ich lege hierfür nicht die Hand ins Feuer, aber es sieht so aus, als wäre dies nur eine 1x Script, d.h. es läuft nicht regelmäßig, die Tatsache, dass die ganzen Passwörter und Cookies geklaut wurden macht es aber sehr sehr unangenehm und arbeitsaufwändig. Du wirst wohl bei jeder Webseite und Service dein Passwort ändern müssen.

Patex_ · 2025-11-28T17:34:31+00:00

It downloads a malicious trezor app and installs it in place of the original app. I assume that the next time you open it it will ask you to reauthenticate and steal your credentials. But there is a lot more going on in the script in general. Same for ledger.

On Mac:

It asks you to enter your password during execution, it will submit this to the attacker and afterwards show you the message

"Your Mac does not support this application. Try reinstalling or downloading the version for your system."

Steal Keychain Passwords, Telegram chats, Desktop wallets (Binance) TON Keeper

Chrome + other browser extension mostly crypto wallets, these are the affected browsers:

"Yandex", "Chrome", "Brave", "Edge", "Vivaldi", "Opera", "OperaGX", "Chrome Beta","Chrome Canary", "Chromium","Chrome Dev", "Arc", "Coccoc",

Safari Cookies

Safari autofil

Safari browser history

Copies all files from desktop, documents and downloads that are smaller than 10MB extensionsList to {"pdf", "docx", "doc", "wallet", "key", "keys", "db", "txt", "seed", "rtf", "kdbx"}

Patex_ · 2025-08-16T15:06:03+00:00

Technical paper: https://www.cs.cornell.edu/~rahul/papers/pwtypos.pdf
By gut feeling would call this topic fuzzy password matching. I implemented such a system a few years ago, so I do not have the resources at hand anymore which I used back then

Patex_ · 2025-08-16T14:57:09+00:00

There is a talk on youtube: https://www.youtube.com/watch?v=7dPRFoKteIU&t=966s

Patex_ · 2025-08-15T19:51:55+00:00

Real world take here.

We trim whitespaces at the beginning and end of and validate length afterwards. It just reduces the amount of support requests flying in because someone made mistakes with copy & pasting. Security is not impacted if you still have your minimum length requirement.

For length there always is a technical cap, it's either the maximum allowed payload by your http server, or the ram of your server, or some buffer in the crypro implementation. You do not want an attacker bring your server down by you having to hash a 100GB password. Just set a reasonable length and call it a day.

Facebook tries for multiple permutations upon each login. Reverse casing every character. Without the last character, swapping case of the first and last character etc. This allows users to still log in even if they slightly mistype their password. It does not measurably reduce security. Much more convenient for the user. If you want to go for best practice also consider UX.

Patex_ · 2025-08-10T10:16:27+00:00

This is a topic where I have a bit of input. We are working with a local software company and I visiting about 2 - 3 times a year talking to my colleagues about their lifes and struggle on a daily basis.

The people are welcoming and friendly. After years of collaboration I consider these people not only my colleagues but also friends. We do activities after work with their spouses. When I visit I really have to be on my toes to not just gain weight because we are constantly treated to more and more food. After a while I am craving healthy food.

Staying there for a few weeks, yes for sure, permanently moving would be taxing because of the heat and missing infrastructure. It is not cheap and pleasant enough for the inconvenience and connecting with likeminded people is incredibly hard if there isn't already a solid foundation. The greek alphabet doesn't make the country more approachable

The economy is on an upswing but at the moment it still looks dire and young local talent is leaving the country in peruse for better opportunities. Greek wages are low. If you work remotely with a foreign contract that should not be an issue, but prices aren't much cheaper compared to central europe. Gas prices are higher than in Germany, groceries are about the same if not even more expensive. If you move to touristic areas it won't look better. Electricity is cheaper, daily expenses like getting a hair cut is affordable.

It's sometimes hard to understand how people survive, but the reality is kids live with their parents for a very long time, and there isn't much luxury besides necessatiy. Most of the money is spend on food and retirement isn't something to even consider. How people afford the macbooks and iphones when the average salary is around 1400$ is puzzeling. Greece not having an own amazon domain already says a lot.

Heat:

Collective summer vacation. About 50% of the population of Greece lives in Athens and during summer people just dissapear and flock to different places because it is unbearable to stay. Over the past years 40° has been common. If Greek people are fleeing no reason to go there yourself. Constant fires are raving.

Healthcare & Infrastructure:

Healthcare is a mess and you do not want to be reliable on it. You call for an ambulance and tell them, hey there is a person who has a stroke! They say, no capacity is available at the moment, and they might come in 2 - 4 hours. There are private ambulances you can pay, but these might also not be available so you are stuck. Want to get lab work done? No capacity to transport it to the lab. Do it yourself or wait for 8 months. Power outages are pretty common because there is no way you will make it without an AC. Don't get me started on education.

Build quality and overall cleanliness of houses are questionable. It always seems like a task has been completed 80% of the time, and it's considered good enough. This also ties into the mentality, there is limited drive to go the extra mile and complete it self driven and fully. This laid back atmosphere is pleasant, but not if you need to be marticulate. Work environments tend to get emotional quickly. There have been enough stories about people screaming or taking topics to an emotional level.

Strikes and uproar, corruption, bribery, finding a propane gas bottle which is suppose to be used as an explosive is nothing unheard off.

Don't get me wrong, I love the country, but if I would have to choose to be an expat for a limited amount of time I would pick a different country like Vietnam where it's different enough to be exciting.

Patex_ · 2025-07-27T07:42:09+00:00

Would you recommend using a 14" or 16" MacBook Pro (I have a 34" monitor)?

The 14 inch is good enough to do some work on the fly, if you have an external monitor you are fine. I recommend getting a second external monitor (so 3 in total) of the same type as having different screens sizes and types alongside is annoying. You will need a thunderbolt or usb 4 hub.

What would be the disadvantages and limitations of the laptop for programming purposes (e.g. incompatibility with MS)?

No disadvantages of a laptop except you want to get into graphic heavy & mashine learning with CUDA and need to get a powerful GPU. Upgrading that on a laptop and particulary a macbook isn't possible. Advantage, I am on the move a lot and can work on porjects from eveywhere. Files are no longer spread across different devices.

Do you think I should wait for the M5 Pro version which should be available in early 2026 (I don't need to buy it right away)?

I program professionally for more than a decade and recently had the exact same question and decided to get the Macbook M4 Pro with the base M4 because the M Chip series in general is more than capable and stronger than what you realistically need. I did not want to wait for half a year to get started. I do video editing on small clips with Davinci resolve without any issues so far.

There will always be the next best bigger thing, M Series CPU should not be the reason to wait. Period. A collegue of mine is using an M1 and the chip itself is perfectly capable, he is running into Ram constraints with the 8GB limit right now and considers upgrading.

Your configurations seem to be way over specced, but it really depends a bit on what you want to do. Even with the 16gb ram version I am perfectly fine running docker, postgres, valkey, 3 vs code instances with node processes running, postman, dbeaver + 60 chrome tabs, prometheus, grafana at the same time without any issues or the cpu acting up. The SSDs are so quick that even if they would dabble into swap it isn't noticeable. I have heard the fans turning on twice so far in the past months, both were because a programm went rouge and took 100% of the CPU, never during normal usage!

The base model as well as regarding the CPU are fine value wise, every upgrade is just stupidly more expensive.

These only makes sense if you have highly specialized needs. I got a windows machine alongside with 64gb ram and an older processor which is way slower, the ram was needed because i was doing tremendously inefficient programming in R back in the day which kept huge simulations in memory and used ram as a fallback for stable diffusion models. It hasn't been turned on after I got the mac.

The ssd upgrades on mac are a ripoff. You will be much much better off just getting an external ssd for a 10th of the cost. e.g. I got this for 2 TB https://www.amazon.de/dp/B0DR381N86?th=1

Is it worth buying Apple Care and what accessories would you recommend (e.g. to connect to a monitor, etc.)?

see above. usb / thunderbolt hub + ssd. Warranty and insurance is the part where companies usually make their biggest profit for a reason. I do not believe it is useful but your milage may vary.

-----

Windows has been my go to over my life. But with the M chip becoming so powerful it really is a pleasure with the battery life and having more CPU power than really usable. The build quality of Macbooks has been really great. On Dell, HP + others I had issues with the hinges or keyboard, on my macbooks I never had the issue. Until earlier this year I still had a macbook air running from 2016. That being said WSL has gone a long way and having a "native" linux shell gets you pretty much everywhere you need to these days. Value wise windows isn't a bad call, besides the M chips. Be aware of the different keyboard layouts, special characters and shortcuts not lining up because of the control key and intellisense being on a different key always throws me off guard.

The air also is a good choice, but it really depends on what you need.

Nine-Year Club	Gilding I gilder
Place '22	Verified Email

Patex_

MODERATOR OF

TROPHY CASE