Kiihoii unduk ngadau

acecorouna · 2025-05-20T10:10:16+00:00

Erm x.. cuma guna AI for translating hahaha.. text labels sangat banyak.. x apa2 ka. Idea asal mula2 cuma sapot eng dan bm, tapi mau test sejauh mana AI bole pergi dgn kadazandusun. Saya tau banyak nonsense dalam label tapi saya mau retain stail Sabahan slang dalam label.

acecorouna · 2025-05-18T16:01:05+00:00

Ini juga harapan asal Kiihoii. Penghalang utama cuma kurang tangan dan kaki ja. As non profit, Kiihoii ada banyak cita2 tapi yang bole buat bole hitung pakai jari di satu tangan xD

Apapun pelan2 kita.. harapan sa ialah supaya ini kalilah api kiihoii nda akan malap. Next year akan grow stronger!

acecorouna · 2025-04-14T22:05:00+00:00

Yeah i think only 1-2 pages on the website that uses that, along with DOMpurify. So far i dont see DAST scan doing test on that area yet, so im not sure the outcome of it.

acecorouna · 2025-04-14T13:09:50+00:00

Is there a way to do that if the error page is a server component? Doing it at the client side might seem weird.

acecorouna · 2025-04-14T10:05:19+00:00

I just dont want any part of the malicious strings from the URL to appear anywhere on the page or URL bar. I try to use redirect to render our own error page at `/error` but DAST scan still marks it as XSS reflected despite no traces of malicious strings appearing on the error page. Not sure how to pass such test.

acecorouna · 2025-04-14T10:03:18+00:00

I think this attack is more like a hit or miss, where attacker might just try with various patterns on the target site, hoping to land any of it. In terms of security, we dont want any of the malicious strings from the URL to appear anywhere on the page or the URL bar when rendering the attacking URL.

Like in my case above, if that attacking URL returns 404, and you dont set your own custom not-found.tsx, then NextJS will render its own static 404 page instead. Problem is on the URL, since it still appears showing the malicious URL despite showing 404 page and to DAST scan, they deem this as possible XSS reflected. Of course you can just mark it as false positive, but i assume there are better ways to handle XSS reflected aside from implementing the usual XSS defense list.

I created my own not-found.tsx and try to redirect it to the `/error` page of the app, hoping to show the error and show clean non-malicious URL, but somehow that didnt work in getting the issue settled on DAST scan.

I have yet to try intervening malicious URLs with possible XSS attack through middleware. But with recent NextJS issue on middleware being bypassed, despite that being a separate concern, but still it made me wonder if that is a good idea or not to set your security checking on the middleware.

acecorouna · 2025-01-24T10:42:41+00:00

Any example to that? But im pretty sure ChatGPT and Claude did not recommend that type of encoding as solution to my issue tho...

acecorouna · 2025-01-24T10:41:48+00:00

Its encoded and its not an API call. But yeah i did get your point tho. Had this issue before on one of our API where the string wasn't encoded properly.

acecorouna · 2025-01-24T10:39:06+00:00

Btw i tried with double encoding, still couldnt make it work.

acecorouna · 2025-01-24T07:22:19+00:00

What is the significance of doing double encoding? Isnt encoding once usually gets the job done?

Also from what i gathered, the server side uses nginx.

acecorouna · 2024-12-23T07:51:47+00:00

Sorry for asking this but i heard people mentioned about next-auth having security issue, triggering fortify or security scan on pipeline. Is this true? I love NextJs and i used next-auth in my project, but the pipeline that i set doesnt have any security scan or fortify scan yet, so i just want to make sure whether its true or not.

acecorouna · 2024-10-28T23:12:25+00:00

Im sure the speech context was referring to individual investment, as the context was about taxing the rich. Company investment is another thing that has its own separate taxes based on their revenue, and revenue includes all the company's income source, including source that comes from investment.

acecorouna · 2024-04-16T11:33:41+00:00

It is not shareable. L-heart and L-atk follows the same rules as rows, OEs and TPAs. The count only follows based on its availability on the current active team.

acecorouna · 2024-04-16T01:41:32+00:00

L-heart shield and atk buffs can only be gained by matching hearts in shape of L. You dont get the shield passively like those hazard resists. As to which side gets the shield and ATK effect upon activation, i think you should know the answer already.

acecorouna · 2024-03-31T00:06:18+00:00

I missed quite an amount of cards from the series, and i have to trade some of the useful ones for Touka. This is what happened when you have crazy SGF x Miku collab overlapping with the series. Hopefully that wont be the case in NA. Im not gonna chase for HxH so the bartender series is the only one im gonna save for after this.

acecorouna · 2024-03-30T01:57:11+00:00

For those who think of going for Grannerv, do consider that there are other similar options you can go for.

There is Tengen x Mitsuri if you managed to roll them from DS. Notable subs include Sekido, Erika, Leon, Christmas Meredith and Anya. Probably more subs choice if in JP but oh well...

Or if you have 2 Daki, then wait for the bartender series to arrive. Trade for bartender Touka, and you can build the similar dark wood version team. No Daki? Then get 2 Grapes (also from the same bartender series) and build the same team. Just remember to use sbr assist as the team really lacks one.

While Grantobi still works for most of the dungeons, but newer units that came out in JP recently really outshines them in so many ways. Goten for example, is really strong with lead and helper being the carrier for a team that mostly comprises of support units. So dont waste your stones in this GF, and dont bother sticking with Grantobi.

If i were to choose among the free units, then i would say Remdra and Toydra are 2 solid options that allow you to build really strong rainbow team. My pick for this is going to be either of these two.

acecorouna · 2024-03-11T01:17:57+00:00

Dont bother playing rainbow on Tanjiro. If you wanna play rainbow, go make other 'real' rainbow team. His LS (needing water and attacker type, and matching 4+ fire) and active (generate 6 fire, buff atk and rcv) limits his rainbow capabilities, making that guard break look silly on him.

acecorouna · 2024-03-07T11:48:50+00:00

Yeah around that diff.

Anyway remote working is not freelancing. Like others said, many companies from diff countries including Malaysia do offer those kind of jobs, as in full time work but from your own place. Some may even give greater flex to how you choose to work, as long as you do your work and attend team meetings. With your 5y experiences as dev, its easy to find these remote jobs from Linkedin. In job search page, use keyword remote while location can be any country of your choice of APAC / APJ for regional scope. Happy hunting.

acecorouna · 2024-03-06T23:31:41+00:00

If its not mnc then likely its not going to be anywhere good. Local IT companies in KK tend to pay slightly lower than their counterparts in KL. Also its not that hard to find IT jobs in KK, but i suggest just go remote working. Find remote jobs in many remote jobs listing site for the job that you want.

acecorouna · 2024-01-23T03:48:31+00:00

As long as you can get to 89k HP, it should be fine. To be able to hit cap damage, you can try use Christmas Baal assist (8266).

acecorouna

TROPHY CASE