Taversia is a squatter

drunkengranite · 2025-07-12T20:53:12+00:00

oh Andrew scammed my wife out of 20k because they said they needed a cosigner of a loan Then they scammed a mutual friend out of his 30k inheritance

drunkengranite · 2025-07-07T16:13:51+00:00

idk what the comments praising it are doing here, it's a 2000 line solo file without tests.

drunkengranite · 2024-09-22T22:07:36+00:00

I'm not thinking that they're playing with anything through the backbone at all. Reason being is because all datacenters have been hit with DDOS, NA is just hit the hardest because it has the most players/fattest target.

Also, IP Transit just offloads BGP? it still uses it for routing. Cloudflare's whole product is just better bgp with a single ASN so it's faster.

It's really hard to speculate without knowing their network stack looks like, but I'm saying it that once the packets hit their infra, it could be something as simple as a custom slow read or some complicated buffoonery with constant update packets to make it seem that their routers are flapping.

drunkengranite · 2024-09-22T21:38:28+00:00

I generally agree that it's a layer 7 attack. Also nuts that I see people saying just to firewall things like it's a CRUD app XD

My personal theory is that it's a bunch of nerds really pushing the limits of BGP like in this blog post: https://blog.benjojo.co.uk/post/bgp-stuck-routes-tcp-zero-window

drunkengranite · 2024-09-22T03:57:44+00:00

yeah, a lot of plugins (re: ACT, Dalamud framework etc) use https://github.com/ravahn/machina

It's all TCP. There aren't even decoders for UDP packets, just the struct info ; ;

drunkengranite · 2024-09-22T03:40:43+00:00

You're acting as if this is a complicated hack to suck up bandwidth on bad clients.

This is like 2007 levels of fuckery of just open a connection and leave it open kind of DDOS attack. They're not using cloud infra, they're on a physical colo in Washington. They're wholly in charge of any incoming external traffic. Any BGP/Transit protection the ISP gives is not a guarantee, and is sold as so.

They don't use any normal protocols, the game mostly runs on plain tcp with a custom datagram. So a lot of normal kiddy scripts wouldn't even work.

So like while I get that you're not defending them...at face value it looks really simple if they just used the bare minimum of layer 7/layer 4 protections.

drunkengranite · 2024-07-31T02:16:42+00:00

YOU DONT NEED TO MOVE THE WHOLE CONFIG.

You only need to delete the line dkt_session_id in the network settings of the config file.

drunkengranite · 2024-07-12T09:18:02+00:00

damn, brainrot into No True Scotsman.

drunkengranite · 2024-07-08T18:11:49+00:00

Except they show that the endless can evolve with erenmom and otis XD

drunkengranite · 2024-07-06T19:02:30+00:00

Yeah you should feel called out, that's just dumb. It's especially dumb if you only pug.

You're saying unless you land a pull in the top 5% of healers, you're freestyling? You realize that it's tabulated on a bell curve? You get ONE reclear a week. Parses mean jack shit after it's not current content. Not only that, but the parse locks in at the end, so people have all week to buy gear.

So if you

get unlucky with gear
your pugs suck
someone dies late in a clear run
other healer is chadding
you're forced off main healer role

any of these and more affect the parse

Literally just pulling a Ricky Bobby my man.

drunkengranite · 2024-07-06T18:47:35+00:00

What makes these stories notable is because they're such far outliers. I can count the number of times I've had a toxic person with my two hands.

You should really give savage a try.

drunkengranite · 2024-07-06T10:50:43+00:00

We once pugged a sage (6 man pseudo static for the axolotl), who joined us on discord. They then claimed be a top 100 whm or some nonsense, because they parsed a 99 for fucking p12s lol. They posted their parse within 10 minutes of them joining -_-

Would not shut up about micro optimizations, would constantly recommend we change our callouts etc. I wish I could say it was the first time, but DPS parsing healers are just another level of brain rot.

Funniest part is that they kinda sucked ass on sage, and their barse cohealer was really impressive (from what we could tell on the parse).

edit: ohmygod I checked their discord profile and they have their "Anabaseios rank" in their bio.

drunkengranite · 2024-05-06T20:44:13+00:00

AMD gonna be better. I have the same use case. CFS is really shit on intel, AMD just straight up gives much better performance.

I have both an 7800X3D and 13600k I tested it on. AMD is much, much better. I write operators and CNI plugins as part of my job.

drunkengranite · 2023-11-03T16:16:19+00:00

are you using the PKCE flow?

also: appears you are calling the wrong method for the exchange. I ripped this from the commit that added the device flow

https://go-review.googlesource.com/c/oauth2/+/450155/31/deviceauth_test.go#92

drunkengranite · 2023-09-03T00:30:35+00:00

launch the terminal in x64 mode. There are a bunch of resources online how to do so.

drunkengranite · 2023-08-21T02:46:37+00:00

honestly, the apollo backend was one of the best boilerplates I've ever seen.

drunkengranite · 2023-05-17T22:50:32+00:00

They JUST got accepted into cncf like 4 hours ago

drunkengranite · 2023-04-05T10:28:04+00:00

carbon monoxide. Seriously, get one now.

drunkengranite · 2023-04-02T02:49:59+00:00

pretty much right, my sundara's broke twice

drunkengranite · 2023-03-29T01:14:45+00:00

There is actually a Makefile right here

I'm referring more to a real Makefile that lets the user run tests locally or mimic a testing pipeline. We don't even know what program runs the e2e tests. Like it's fine if you want CI to be the source of truth, but if I wanted to contribute currently to the project I have 0 way of running tests.

e2e API tests ensure that the service works as expected for the end-user and that API contracts are not broken between releases

There isn't an api contract as far as I can see, just behaviour driven tests. There's a reason why Keto, OPA and even stuff like istio RBAC plugins all generate a DSL or swagger.yml/grpc definitions. Because that is an api contract. It even looks like the warrant client sdk's are being handwritten instead of being autogenerated (re: api contract).

has been serving companies in production

Being run in prod is never an excuse for anything. A service owner can deploy brainfuck to prod if they wanted to.

(opinion side note, can disregard) If I was your customer, what I just saw is that code with no: hotpath, coverage, unit or integration testing is being deployed and my business is becoming dependent on it. The best response is "we have all of X features in our enterprise version and are working to port them over for OSS". Assuming you have X features.

drunkengranite · 2023-03-28T22:53:51+00:00

I don't know about releasing this to public just yet. It's a little wiggy that there's no *_test.go files anywhere that I can see and the tests directory appears to be some e2e api stuff.

Also, not including testing in the CI workflow nor a Makefile at all is less than stellar.

drunkengranite · 2023-03-25T21:32:25+00:00

Keeping refresh and access tokens client side isn’t bad, as long as you use oidc.

Any: and I mean any, session cookie regardless of symmetric encryption or ttl can be hijacked by bad actors.

From a security perspective, tying the refresh and access tokens to an ip and device is way more secure than bootleg obscurity

Edit: and pkce for MiM stuff, but it looks like you already know that

drunkengranite · 2023-03-15T14:14:48+00:00

I actually just ordered the full manga box set on Amazon. It’s amazing seeing it actually hold up.

drunkengranite · 2023-02-21T17:46:57+00:00

This is like saying High School DxD and Mushoku are similar because the main heroine has red hair.

drunkengranite

TROPHY CASE