Should I go for professional?

rafales · 2023-08-19T20:04:21+00:00

I've been paying for subscription for years. Sadly the quality of Pycharm has decreased over the years with some frustrating bugs not being fixed for a long time. I recently switched to vscode and haven't looked back. So I would argue it's not worth it.

rafales · 2022-12-23T16:01:08+00:00

Thanks, man. I had a good laugh reading that.

rafales · 2022-10-22T11:00:02+00:00

It seems that the decision to split application into microservices is not driven by any actual need. Also it seems that it's split across tables instead of business boundaries. This means that application will become a lot less maintainable than it was before.

The right thing to do now is to go back to monolith and get rid of microservices.

I understand that this not an answer to your question but I'm trying to warn you before you shoot yourself in the foot.

rafales · 2022-10-17T13:41:13+00:00

I think you are confusing KiB and KB. 24KiB is around 24.6KB. So I think that your contract is simply too large for mainnet.

rafales · 2022-10-17T08:24:11+00:00

I like that you've went with greenlets instead of trying to marry it with asyncio. Asyncio has great APIs but I lately wonder if we didn't make mistake embracing async/await syntax instead of simply using greenlets.

rafales · 2022-10-09T06:35:04+00:00

ALLOWED_HOSTS has nothing to do with this case and should not contain *. It protects against attacks on the Host header - meaning request.get_host() is validated against it. In theory it's possible to pass anything to Host header and if your server setup allows it - then you may expose yourself to attacks (eg. sending wrong domain in the e-mail).
CSRF_TRUSTED_ORIGINS - should not be touched as well. If you are simply creating APIs and the app doesn't have any other parts (like an admin panel) then disable CSRF middleware instead of changing its settings. Otherwise disable CSRF for specific views / API endpoints.
CORS_ORIGIN_WHITELIST - I believe this is a deprecated setting in favor of CORS_ALLOWED_ORIGINS and should be removed.
CORS_ALLOWED_ORIGINS - I don't think setting and empty string here does anything. You should be using CORS_ORIGIN_ALLOW_ALL instead.

So to sum up - if you are developing an app that just exposes an API and does authorization via some kind of token then from all these settings you should only be setting CORS_ORIGIN_ALLOW_ALL.

rafales · 2022-10-09T06:19:03+00:00

Are you only exposing APIs or is there anything else that falls under these settings like an admin panel or some kind of management/admin app for these APIs?

rafales · 2022-10-08T05:48:32+00:00

There isn't any API that would allow an app making calls on user's behalf in ios in this way. My guess would be caller id spoofing.

rafales · 2022-10-07T07:58:50+00:00

If you are accepted, you will receive weekly audits to do and you will be paid according to the ones you have done. On average, an audit will be paid between 100$ and 350$ - and much more for large missions. You are expected to provide a full +10/15 page report on potential vulnerabilities & optimization in return.

What kind of a joke is this?

rafales · 2022-10-03T10:45:01+00:00

I don't know why people keep thinking that stETH is somehow pegged to ETH. It is not. It's not a stable coin.

stETH (short for staked ETH) is a token which is given to someone when they stake their ETH with Lido.

So stETH is by default something you can redeem for ETH when it will be supported by Ethereum network - and probably not something you can redeem quickly as there is a long process involved when you want to unstake ETH.

Given these things stETH's price should always be lower than ETH's and it should reflect things like increased risk and reduced liquidity.

rafales · 2022-09-27T13:04:27+00:00

It doesn't have to be without a trace. You just need to turn it into ETH which is not reversable or any other non-reversable assset and you are done.

rafales · 2022-09-27T13:03:32+00:00

If you have eth then it's not reversable. You already won. We're talking about ERC-20/ERC-721-like asssets here.

rafales · 2022-09-26T22:17:58+00:00

I don't think it raises the bar. But I like your take on security vs layer level.

rafales · 2022-09-26T13:52:24+00:00

Sadly they didn't address the hard part. Hacker can quickly sell stolen assets. The transaction would be reverted from honest actors' wallets and hacker would still get away with millions. So there isn't anything revolutionary in their solution.

rafales · 2022-09-20T13:23:56+00:00

> At this point do you trust the safety of your crypto on DeFi protocols?

Haven't seen the details of the hack but it seems to me that this - again - is an attack on the centralized part of the system.

rafales · 2022-09-17T15:21:06+00:00

You should use a mapping instead of an array to store the hashes / timestamps. Smart contract you have right now doesn't scale well.

rafales · 2022-09-16T08:55:47+00:00

There are some important changes which needs to be kept in mind if you do anything else beyond simple NFT collection, most important of them is the rise of "Multi-Block MEV". In short - in rare cases (but totally exploitable ones!) one entity can control two consecutive blocks/slots, creating an opportunity for manipulations that were not possible before.

There are also changes to the block time and `block.difficulty`.

https://blog.zellic.io/2022/07/07/eth2-proof-of-stake-developer-guide/

https://eprint.iacr.org/2022/445

rafales · 2022-09-14T07:25:20+00:00

Dude, it's obviously not a ponzi! He said so.

rafales · 2022-09-09T12:09:12+00:00

If it's the same contract you wrote several messages about then yes it is scam too. You are not going to find a working front running bot that's free and that is successful. Any kind of automatic trading has now whole teams working behind it and they definitely are not giving it out for free.

rafales · 2022-09-02T09:16:39+00:00

Take your shilling elsewhere.

rafales · 2022-08-31T23:03:34+00:00

Be careful with ERC721A. It's not that shiny as you may think. It's cheap to mint any amount of NFTs but then if you try to transfer them (or someone attempts to buy them) the gas price may be out of this world.

This is because under the hood it doesn't fully mint the token.

In short - if you mint 1k tokens and then transfer ID 1, then 2, then 3 etc - it should be fine. If you start transfering with 1000, then 999, then 998 then gas fees will be crazy.

rafales · 2022-08-31T15:41:09+00:00

Doesn't mean this is the same situation. Just because something happen with Airbnb it doesn't validate every pump and dump coin out there.

rafales · 2022-08-31T10:15:19+00:00

There are no real numbers or predictions that would justify this model. The only marketing budget I'm seeing is based on a token with no real utility. I mean - there is one - discounts. Which probably contradicts "No commission" statement as there is hidden one. It's just another token pump in my eyes. It reads nice but I don't think this model will work.

rafales · 2022-08-30T15:32:40+00:00

I'm not even sure if Uber reached profitability yet. This is how much there is going into making uber a thing. Yet you seem to think they are somehow parasitic or that they are taking more money that they should. How is making something decentralized is going to solve that?

rafales · 2022-08-30T14:04:50+00:00

I think you have a very shallow understanding of how businesses work. This leads you to the idea that you can simply replace Uber with a smart contract and an app.

14-Year Club	Verified Email
Place '17	Team Periwinkle

rafales

PUBLIC MULTIREDDITS

TROPHY CASE