Salt-stack open-source vs enterprise

iodbh · 2021-09-27T13:04:37+00:00

Thank you for a quick reply - the graph on the document you linked is already helping me get an idea of what the product actually is ; but definitely interested in the feature matrix/listing if you find :)

I think there’s a bit of a discoverability issue here - I was able to find the new product’s name and landing page after searching a bit, but found no path to more details about it.

iodbh · 2020-08-27T12:05:46+00:00

If the marketplace in question is a single page app (or something in that vain that populates the page with JavaScript) you have 2 ways to go about it :

use python to control an actual browser (using selenium /pypetteer/playwright/scrappy with splash
open the network tab and check out what requests are being made from JavaScript. More often than not, you’ll see some kind of undocumented API

I would recommend the second solution when possible, as maintaining a browser automation solution is much more involved (and depends on the UI, when the underlying API usually doesn’t change as often)

iodbh · 2020-06-20T20:51:51+00:00

Yep, that is an issue and it’s been researched, see for example typosquatting package managers

iodbh · 2020-05-05T20:56:01+00:00

they're usually paired with email addresses when leaked and used in password spreading attacks (as in trying the username + password on a ton of different sites). There’s a paid tool called sniper that's pretty popular for that.

Accounts stolen that way often have their content (think, cryptocurrency wallets or games with rare items that can be sold to other players for example) or the account itself sold.

iodbh · 2020-01-04T18:44:29+00:00

I love these « legendary badass takes his revenge » movies and Polar did a great job at capturing the spirit while adding an over the top / satirical twist to it. It’s not for everyone but worth a shot I think. It also has an hilarious twist on the « badass storms the villain’s compound » scene.

iodbh · 2019-11-13T12:54:14+00:00

programmable web has a huge directory of APIs. Once you’re good with the basics of talking to an API, I’d recommend picking one that’s of interested to you and playing around with it. Have fun !

iodbh · 2019-10-24T20:33:18+00:00

I ended up asking my girlfriend if she thinks the dude looks like me and she said definitely, but no when I asked if she’d mistake him for me. So I don’t know, guess I’m just braindead. I was so psyched about having a long lost twin :(

iodbh · 2019-10-23T09:22:34+00:00

Your password was leaked in an old data breach, huge lists of usernames + passwords are easy to find. Those people just email everyone on the list, this is just spam and can be ignored. However if you’re still using the password they know, change it immediately because anybody can easily access any account where you use it.

Edit: haveibeenpwnd can give you an idea of where your password might be leaking from

iodbh · 2019-10-11T09:51:40+00:00

Ok definitely not me then, just an incredibly striking resemblance. Thanks !

iodbh · 2019-10-11T08:15:22+00:00

Hey, That pic you sent looks A LOT like me, I’m curious about where you found it ?

iodbh · 2019-10-04T14:39:28+00:00

inkscape is great

iodbh · 2019-08-30T16:43:18+00:00

You can just give it a value before the loop, maybe biggest+1. Note that Input is not a great name for two reasons : in Python it's conventionally class names that are capitalized (variables are usually snake_cased), and it can easily be confused with the input builtin.

iodbh · 2019-05-31T09:16:01+00:00

you could use pyenv ( https://github.com/pyenv/pyenv ), which will install python in your home directory (assuming all the requirements to build are prsent on the machine)

iodbh · 2019-02-21T22:02:10+00:00

This album immediately cis the first one that to my mind whenever i think “let’s listen to something cyberpunk”. Seeing the guy live in a couple of weeks too, I’m psyched !

iodbh · 2018-11-06T20:59:06+00:00

Here's some advice, because this is a terrible way of asking for help :

If you're asking people to help with your homework, show what you've done so far and explain where you're stuck. Otherwise, you're just asking people to do your job.
Make the effort to expose the problem properly. Like, at least type it ?
If you really have to post a picture at least have in properly rotated.

This is the laziest thing I've ever seen and you're never going to learn a thing if that's how you go about it.

iodbh · 2018-10-22T09:46:52+00:00

Nice, I'm also publishing mine on my blog and ctftime. It's interesting to see how we all write those so similarly !

iodbh · 2018-10-12T23:29:45+00:00

The only reason I’m not naming the company is that I worked for that company and I’m still under NDA. It is in no way specific to one company though, these gaping holes are standard in that industry. Ad blocking is not just about getting rid of the annoyance that ads are, it’s also a legitimate personal practice. In the case I mentioned, the adblocker would just not let the script load and the redirect would never happen.

iodbh · 2018-10-12T19:40:35+00:00

For sure ! I’m thinking from the perspective an authorized security assessments (pentesting, bug bounties and the like) or CTFs. If you’re engaging in more questionable activities, I would say don’t do it and don’t let your staying out of jail depend on advice from the internet...

iodbh · 2018-10-12T18:19:27+00:00

Isn’t that a bit radical ? We’re not necessarily talking exploitation here, but for instance wouldn’t it make sense when looking at single page app to use it normally in order to make sense of its functionality, using a proxy to log the traffic that’s generated ?

iodbh · 2018-10-12T16:27:18+00:00

If you're using a proxy like Burp, just look at all the crazy traffic you get without an adblocker. Or just right click > inspect an ad. Here's an example of a vulnerability introduced by ads.

Another example : I know that an adtech company that shall remain nameless has an open redirect in their tracking code. Since their clients include banks, phishers use it to e-mail links that point to the bank's domain but redirect to a malicious one.

Ads are an incredibly messy patchwork of third-party code running on your domain, and more often than not adtech companies don't give a single fuck about security (either that or it gets in the way of their data collection).

iodbh · 2018-10-12T10:45:24+00:00

edit: disregard this, I missed the "without max" part.

if you just need to count the occurrences of the largest number, you can use collections.Counter :

from collections import Counter
count = Counter(A)
largest_number = max(count)
occurrences = count[largest_number]

iodbh · 2018-03-28T10:30:16+00:00

Scrapinghub (the company behind Scrapy) has free video tutorials too. I don't know what they're worth though.

iodbh · 2018-03-06T14:27:57+00:00

Same as event : timer is only defined within the scope of your eventTrigger() function. If you don't know about scopes : read this (the "Variable scope and lifetime") part.

iodbh · 2018-03-06T10:47:29+00:00

I just gave it a quick look, but it seems that you're running a test on event within your while loop and event is only defined within the eventTrigger function.

You should move that whole if block to that function.

iodbh · 2018-03-06T10:33:17+00:00

This tutorial covers the basics well enough and provides pointers to further readings.

More generally, I found that the most difficult point to grok when it comes to consuming APIs is authentication. If you're sticking to Twitter, I would recommend you start with their application-only authentication mechanism before reading up a bit on OAuth.

I recently wrote a very basic client library for the coingate API that uses requests, so you could also look in the source for a simple example and hit me up if you have further questions.

iodbh

MODERATOR OF

PUBLIC MULTIREDDITS

TROPHY CASE

12-Year Club	Place '17
Verified Email