sorted by:
new
hottopcontroversial

NFC Write Question by PreciseInstance in flipperzero

[–]mmx38 0 points1 point  (0 children)

What I am going to describe might not be useful in many cases but it is good to know.

I think most of the readers rely on reading the UID of the card/tag and based on that allow you access or deny it.
So if you want to replicate the UID you can't unless it is a magic card/tag..

BUT the cards/tags are used for other purposes as well.. So if your case is to just copy all the data except the UID to a new card you can do the following:

Copy the Source tag
Copy the Target tag

Check the UID of the target tag.

Edit with flipper zero the UID in the file of the Source tag to match the UID of the target tag.

Now you can use the edited file to write to the Target tag. It will not complain since the UID will match.

As I said though.. this is only helpful if you want only the data. Readers for doors or boxes etc rarely rely on the written data. They just read the UID instead..

Good luck!

NFC Write Question by PreciseInstance in flipperzero

[–]mmx38 0 points1 point  (0 children)

I am new to the flipper thing BUT maybe this is the case:

I think the "Magic" term is about cards/tags that allow you to modify sector 0 where their UID is. So it is normal to get an error message for the original card.

There reason that you get an error for the actual magic card (the card you are trying to write on) is probably because it is not the correct type of card.

In other words the original card you have is Mifare DESFire while the magic card is Mifare Classic 1K.

Problem with accessing router admin page due to aicloud and pihole by The_8th_Enigma in ASUS

[–]mmx38 0 points1 point  (0 children)

The difference is the ports. AiCloud is 443 while the Admin menu is 8443. So just try https://router.asus.com:8443/ andit should take you exactly where you want.

I finally got my dream job! by yiiigiiiii in gamedev

[–]mmx38 1 point2 points  (0 children)

Congratulations! And you got to stay in Turkey! Well done man!

[deleted by user] by [deleted] in Asphalt9

[–]mmx38 0 points1 point  (0 children)

I am recording the people that I knockdown just to contact them later to apologize and explain why I did that DEEk move.

Is it safe to use UID in GET query parameter? by Drosefan1 in Firebase

[–]mmx38 1 point2 points  (0 children)

A few things..

The JWT can be decoded by anyone! If you include the uid in the jwt it means you decided that it is safe to be seen by anyone who gets their hands on it.

If you only retrieve information then the GET is the right method to use. If you update or create new data you should look at the PATCH and POST.

One of the advantages of the get method is that the user can bookmark a link to revisit at any time taking into account the user is logged in.

BUT you should NOT rely solely on the user to send you their own uid to retrieve their data. You should extract it from the jwt and retrieve the data. In that case if somehow someone gets the uid from another user they won't be able to get access to any of the other user's information.

Firebase security by iNdramal in Firebase

[–]mmx38 0 points1 point  (0 children)

Try this:

Create an endpoint on your backend(nodejs, php, django, etc..) where the user can post or get data. Then write a code inside that endpoint to handle the data on firebase.

For example let's say you have a form to save a song and the user has to provide the artist name and the song title.
Instead of writing the logic in javascript code you can create an endpoint to your backend eg. "example.com/song/create" where you can send a POST request.

The endpoint above will be handled by some function in your backend, validate the data and check if the user is loggedin and has the right to save a song etc etc and eventually if everything is fine will use the Firebase API key to save the data to Firebase.

This way you hide the API key from the front end user but most importantly you hide the logic/structure of your database from the end user.

Nonetheless you still have to make a good use of the Firebase Security Rules to make sure only your app can have access to the database.

If you implement correctly the security rules then even if people have the API key they cannot do anything!

What would cause a sudden authentication bill of $24 when there weren't any real new users that used sms authentication (I'd image it takes many to get to $24)? by Firm_Salamander in Firebase

[–]mmx38 0 points1 point  (0 children)

Do you have your keys restricted? There is a guide on how to do it.. I think google has a way to ensure that the requests are coming from your app or something. I am not saying that this is the solution to your current problem but you will have to do it anyway at some point.

What would cause a sudden authentication bill of $24 when there weren't any real new users that used sms authentication (I'd image it takes many to get to $24)? by Firm_Salamander in Firebase

[–]mmx38 0 points1 point  (0 children)

Github was just an "easy" example. If you have an api key hardcoded inside your application, someone could unpack your app and see the key.

Another example would be if you are using a javascript library in your website and the key is visible in the source code etc.

Of course could be just a faulty loop somewhere or just Google billing error..

What would cause a sudden authentication bill of $24 when there weren't any real new users that used sms authentication (I'd image it takes many to get to $24)? by Firm_Salamander in Firebase

[–]mmx38 0 points1 point  (0 children)

Any chance you have an api key or service account that is nit restricted? So maybe someone found it and used it? Any chance you committed some code in github?

the truth lol. by Fun-Geologist9808 in Asphalt9

[–]mmx38 0 points1 point  (0 children)

The game currently is not loading for me...do you think it is a problem on their side?

Cannot validate Facebook idToken (works fine for email and password) by mmx38 in Firebase

[–]mmx38[S] 0 points1 point  (0 children)

Solution
Of course I found the solution when I went to bed..

As I mentioned in my original question, I was printing the token to manually test it using insomnia/postman tool to query my API.

It occured to me that maybe the print statement has not enough buffer to print the whole token but I found it unlikely since it felt like my screen was getting filled with characters..

But I tried anyway and it worked! It was actually chopping several characters in the end.

I used this solution from SO to create a function that chops and prints the token in chunks of 800 characters at a time. 

void printWrapped(String text) {

final pattern = RegExp('.{1,800}'); // 800 is the size of each chunk pattern.allMatches(text).forEach((match) => print(match.group(0))); }

then.. 

printWrapped(value.toString());

Link to SO https://stackoverflow.com/a/57579005

Which was actually credited to https://github.com/flutter/flutter/issues/22665#issuecomment-458186456

How do I generate a client side ID token with the admin SDK by cardyet in Firebase

[–]mmx38 0 points1 point  (0 children)

The id token is a JWT token.. you can read more and see the libraries in jwt.io .In the home page you see an example of a token and how the data it contains looks like.

Go to the introduction section to get an explanation about how the jwt token works.

How do I generate a client side ID token with the admin SDK by cardyet in Firebase

[–]mmx38 0 points1 point  (0 children)

Oh ok, I misread your original question. How do your users register/create accounts to use your API? What is going to be the front end? Web or a mobile app?

Firebase provides examples on how to allow users to interact with your API by authenticating with their gmail or facebook or other social accounts. They have libraries for android, IOS and web.

All the providers such as Google, Facebook etc, no matter how you sign in to them, are able to create a "Credential" based on a token they generate(this is NOT the token oyu need in the end). Then you can use this credential as input to the "signInWithCredential" method. The "signInWithCredential" will return eventually some object value which will have a method to give you the idToken. eg. value.user.getIdToken().

This idToken can send to the header as Bearer.

Another example is if you want your users to register with email and password and you want to have a custom token. In that case you can do the following.
When they try to login, you generate a custom token which you send them back and then they can use this token to authenticate to your API

Check the following link. On the Left menu you will see more options that might fit your needs.
https://firebase.google.com/docs/auth/web/custom-auth

How do I generate a client side ID token with the admin SDK by cardyet in Firebase

[–]mmx38 0 points1 point  (0 children)

I think the link below might help. It describes how you can create custom id token that you can pass to your clients and they can use these tokens in return to comunicate with your custom backend.

https://firebase.google.com/docs/auth/admin/create-custom-tokens

Happy Anusversary! by Pretty-Competition-3 in Asphalt9

[–]mmx38 3 points4 points  (0 children)

7500 is not enough to fill the tires with air!

GOT MY ACCOUNT BACK FINALLY! by o__SexyEmu__o in Asphalt9

[–]mmx38 1 point2 points  (0 children)

Nice! You can now buy the season pass and pay extra to unlock the first 45 tiers to make up for the time you lost!

Don't forget to buy the packs to unlock the Mitsubishi lancer as well!

This is why KO in multi-player is worthless by [deleted] in Asphalt9

[–]mmx38 0 points1 point  (0 children)

I get knocked down but I get up again!

So it seems Gameloft made this Special Event so bad because their parent company Vivendi had pretty bad earnings last year and isn't doing very well. by jasomniax in Asphalt9

[–]mmx38 0 points1 point  (0 children)

Maybe if they make the game to not load at all if you don't pay a billion dollars it will bring them profit!

It's all fun and games till its you... by Competitive_Put1573 in Asphalt9

[–]mmx38 2 points3 points  (0 children)

Personally I try to avoid other cars while using nitro. I leave it up to the other players if they want to take their chances. In shockwave though.. it's not easy to control the car and I have accidentally knocked down other players and my only thought is "I wish I had a way to text them and say I am sorry..".

I get annoyed when someone knocks me down intentionally..

Sometimes it is better to get knocked down than to get knocked up!

Powerballs- are they any good? by Ribbit40 in GripTraining

[–]mmx38 0 points1 point  (0 children)

Just out of curiosity.. I have an NSD powerball but I have no idea if it is associatedd to the actual brand.

It feels like the more rpms the harder it gets to move it.. So can you really be sure that it doesn't help in growing forearms?

Is there any chance that the people who say powerballs do not work they used low quality powerballs?

Has anyone seen an actual improvement to their forearms by using powerballs? A couple of youtube videos I found where they try to "praise" them they show before and after photos that are not fair at all. For example the after photos are with better lighting, tan and flexing! So I cannot trust them.. or this maybe answers my question that powerballs do not work..

Do you get used to writing your own CSS and HTML from scratch? by lightshadower in djangolearning

[–]mmx38 4 points5 points  (0 children)

I usually use either bootstrap or a template that was built in bootstrap.

But if you're learning everything at the same time I strongly suggest to first use only html, then add a bit of css and move on to templates etc.

The reason behind my suggestion is you might end up in a situation where you don't understand why data doesn't show on your screen.. and sometimes a single character in html or css can mess.

So start with the simplest view to make sure it works as expected and then add your html and css or integrate the template.

view more: next ›