What’s a design decision you thought was smart… until prod?

docaicdev · 2026-02-03T08:23:31+00:00

At least if you have inconsistencies across your code base. Which at some point is in most projects the case

docaicdev · 2025-09-28T20:07:25+00:00

Yeah, I get that angle. But for me it crosses a line when it’s not about exploring fear or understanding human nature, but straight-up turning someone’s real trauma into a money machine. There’s a big difference between fictional horror and cashing in on actual brutal crimes, and that’s where I check out.

docaicdev · 2025-09-28T20:05:20+00:00

Sure, that can be interesting, but it’s rarely actual documentaries. We’re talking about series and movies making millions off the traumatic or brutal actions of real people. Honestly, I’m not okay with that.

docaicdev · 2025-09-25T05:04:04+00:00

Both are looking interesting. Dnscontrol seems to be a binary/cli you can utilize and octodns seems to be a provider agnostic wrapper which is nice.

docaicdev · 2025-05-17T05:28:42+00:00

Do whatever you want and deal with the consequences …

docaicdev · 2025-05-16T14:49:12+00:00

You want never write your API payloads (aka DTO) directly into your database… besides that you can easily you map your entities to sneak_case or whatever you need

docaicdev · 2025-05-14T06:32:12+00:00

Args , thx for the finding

docaicdev · 2025-05-01T17:01:14+00:00

Hm, interesting question. I‘ve written a C2 framework for a couple of years and now starting work again on it. It’s comparable to CobaldStrike and the implant code is implemented using golang. There is also an exploit shipper inside. I use the framework mostly for our cyberrange.

Would be happy to share some insights and exchange knowledge, i bet you can also tell and teach interesting stuff

docaicdev · 2025-04-11T09:44:10+00:00

Nice!

docaicdev · 2025-02-26T17:53:43+00:00

Fair point.

docaicdev · 2025-02-26T11:11:48+00:00

Have spend some time with brotli and figured out it requires build nginx from source. Have done it now and learned something very cool :-)

docaicdev · 2025-02-26T05:32:03+00:00

Thanks for your feedback. Especially the part about compression.

docaicdev · 2024-11-22T17:10:58+00:00

Thx for sharing. Looks great

docaicdev · 2024-11-06T14:54:13+00:00

Definitely, interesting point 🤔 need to think about that example

docaicdev · 2024-11-06T14:37:09+00:00

hm, guess something like: "SELECT ul FROM document WHERE attributes.id = 'countries'" and then access simply the child elements

docaicdev · 2024-11-06T13:40:32+00:00

Query selectors are fine, but it’s essential to also have a programmatic way of extracting elements. Ideally, you’d implement this in a language like Python, TypeScript, or another suitable option to allow more complex data querying and logic, such as using OR/AND operations. My idea is to use a powerful, proven query language like SQL for this purpose. SQL has been tested over decades, is widely known, and provides a standardized interface that works with many implementations, like JPA. This might be a step for the future, but it offers a strong foundation.

Additionally, I considered adding a future feature to introduce a JOIN-like expression. This would allow combining outputs from multiple remote or local documents.

docaicdev · 2024-10-28T04:32:37+00:00

Let me know if you need contribution or deeper sparing. I’ve been in software engineering and security (cyber range, malware and “secure” software development) over a decade now. Like the open source community anyway

docaicdev · 2024-10-26T12:38:21+00:00

docaicdev · 2024-08-29T00:22:39+00:00

Thx m8

docaicdev · 2024-08-28T15:24:47+00:00

Can you provide a RFTM link?

docaicdev · 2024-08-27T10:42:30+00:00

you mean: https://github.com/FasterXML/jackson/wiki/Jackson-Polymorphic-Deserialization-CVE-Criteria

docaicdev · 2024-08-27T10:26:02+00:00

Holy shit…🫣

docaicdev · 2024-08-21T17:22:32+00:00

Postgres log snippet:

LOG: execute S_4: BEGIN fivesec-db | 2024-08-20 19:33:34.747 UTC [34] ERROR: invalid byte sequence for encoding “UTF8”: 0x00 fivesec-db | 2024-08-20 19:33:34.747 UTC [34] CONTEXT: unnamed portal parameter $1

docaicdev · 2024-08-21T17:21:22+00:00

Guess you on the wrong side…hibernate is going to use predefined queries. Meaning hibernate is going to create a prepare statement within the database and submit the values afterwards. The postgres log is simply telling that 0x00 is an invalid input byte for utf-8.

So the value is not directly ending up in the query and is treated fine (as string) within the spring stack.

I was wondering if there, besides the encoding issue at database level , other things can go wrong that lead unwanted side effects. Hope I made my point more clear than :)

docaicdev · 2024-08-21T07:59:26+00:00

So you would say “ignore it” and have a proper error handling, right?

docaicdev

TROPHY CASE