#general

and aren't damaged

no we arent talking about the same ups

I've never had something damaged by FedEx or UPS

¯_(ツ)_/¯

The worst experience I had was with DHL

yall are to funny

DHL came to my door, stuck the "pickup at our depot" notice on the door, and left. I was home, they didn't bother knocking.

Depot required 2 pieces of government-issues photo id, not just 1 like everyone else asks for

most people only have 1 piece

yup, like most people

wat

I have two now

I have a passport, 2 ids, my birth certificate, and my ssn card

like license and passport?

am i the outlier, really

birth cert and ssn aren't photo id

I don't have a passport, birth certificates don't have your picture, and we don't have "ssn" cards

driver's license and passport are

oh didnt see photo

I also have my license, ssn card, passwport, and birth cirtificate

and yea, unless you travel, you prob don't have a passport

It's in fucking bold

lol

i know but you expect me, a retard, to read

but now I have 2x picture id

examples:

The ssn card is a great

1x Identity Card, 1x Services Card

The stuff in the back changes through the ages

"Test Sample Four" is a strange name

must be one of those celebrity names

"Lord Korea" is pretty strange too

fun fact

services cards have been issued with "unknown" as gender

Needing 2 forms of photo ID is so weird

tell that to DHL

Who carries about that many

I do now, the two I showed above together

1x Identity Card, 1x Services Card

@acoustic pilot https://github.com/cpw/modlauncher/commit/1f9473a28ad910ef42539f7f789f63afa4cdbf8d

lol

ah yes the third gender

ugliness

what

O.o

what different transformer behaviour does openj9 have then

Third Gender is Block Gender

also sad that modlauncher has no license rn, i thought it'd gain enough traction to replace legacylauncher finally - but nah

would contribute n stuff

but hey it does not matter anymore anyway, i was mainly looking into this to replace legacylauncher in my Orion project

but hopefully Fabric support for spigot/paper gets more mature so i could finally archive my it :D

@void void it has a license lol

https://github.com/cpw/modlauncher/commit/6e3b898ef9d17a0999ddf59f67dc4f91cefc783e

oh?

last time i looked at it, it didn't

aanyway i still want to archive Orion xd

Anyone here have experience with mobile apps

i have experience uninstalling and disabling them all from my phone

🚮

Figured I’d reach out to some of the best in my community with a possible opportunity

?ask

Don’t pull that ask shit that failed billy

Haha

Ok.

https://imgur.com/gallery/Th0YrJt

lmao

(sound)

goes back to work with his Android dev knowledge

wiz you like that 🚮 emoji don't you

I learned java to do android long ago

tl;dr don’t use android to learn java

yea i did some android shit at one point

🚮

lmao

The ecosystem has improved

i would assume so

And I imagine the android APIs can only have gotten better than they used to be

But it’s been a long time

hi doot

made any good food recently wiz?

no one in the right mind writes apps in java anymore

they use a framework like flutter or react native

lots of people still write java apps, no reason not to

especially with java 9+

jlink and all

bby clip, does dtags work on 1.14 😮

yes there are reaons not to hence the frameworks existence

like not having to maintain 2 codebases

kashike, i have a bunch of chicken thighs defrosting atm

idk what to do with them

also wow

fuck you too

:D

Ask in the appropriate place @lapis sequoia

yes father 😭

I just assumed you meant java since this is a java community lol

did you just assume? on my christian minecraft server?

wait until god hears about this

we have knowledgeable people here?

Yes wtf

Dm me if I sparked an interest and u know what you are doing.

A job offer? Eww. I thought you had a technical question that needed expert guidance.

😂😂

Could have just started with that and prevented all the confusion

hey look its the placematapi guy

Stfu dude

cant wait for the new release of the wool placemats

maybe summer designs?

Update your server and u get it automatically

ill have you know my server has 2 dedicated players who are happy on 1.7.10

They are miserable on the inside

they dont sleep on a couch

They don’t even pvp each other

ouch

thats really rude

lmao what am i reading

i might just have to move to mvdw's placemat

😩

Good

Spend 10 to get some outdated placeholders

at least his is made in vietnam and not australia

And lose your /daddy

oh no

shit

f

Sry

hey ill program your wifes app. i am proficient in html, kotlin, and PHP

needs more JPG TCC

i can almost make out the white text behind the purple artifacts

dont blame me i just found it on yahoo

✌

@unreal quarry good job on the moon generation and gravity

Most of it was someone elses work. I just fork and modified

that rocket should need more instructions though

Yeah, I plan on removing the height restriction and adding a longer fuse time

after setting up firewall rules, how do i check test it for a possible admin login exploit?

what is the procedure?

try connecting to your offline server sans bungee

sans?

Trying to fix fps on this laptop.. it's got a 4k screen. Any recommendations for resolutions to try?

.wa sans

(DiscordBot) Definition: preposition | without - https://is.gd/IG8X9m

fucking image

It's a surface book 2. i7-8650u 16gb ram and a gtx 1060. Like its not the best but not terrible either

try running it at 1080?

Gonna try that next. 2k is definitely better so far

should look no different for minecraft anyway

Yeah. Currently testing on r6 siege

mm, my chili tonight is turning out great so far

followed a comment on a recipe with modifications, added some more modifications of my own

if you don't add cocoa powder and cinnamon to your chili, you should think about doing so

heard that as a tip years ago, but never tried it until now

is there a good project name generator around?

;D

does github not have one anymore?

bearded octo nemesis comes immediately to mind...

github's generates weird names

i want a single word

slow down kashike

slow down what

2 letter project names 🚮

just look to your left. first thing you see is the name

:^)

https://www.intralinks.com/ma-project-name-generator used to have good names

doesn't anymore

PROJECT PCP is what it just generated

do you want the name to be relevant to the project at all

pomf

kashike what did you do

anything works, basically

.-.

what?

you renamed your yarn fork pomf

pomf was the name of the repo before it was renamed to yarn

so no

oh

i did not :P

ok

i can see it from asie then

yes

Publicly Open Mapping Files

asie knew exactly what he was doing here

project wizjany

ok wiz, which of these are good:

crow, raindrop, yoga, raven, flame, splash

raven/crow maybe

flame/splash 🚮

raindrop could be good

yoga 🚮

crow, raindrop, drizzle

crow > drizzle > raindrop

hmmmm

cool, visa checkout vehemently rejects my attempts to paste info into fields

and they don't let me change my email address

easy way to pay my ass

lmao

kashike what are you making 👀

can't just ask me to help name and then not fill me in on the juicy deets :<

isn't the question

what am I not making?

:<

did you ever find out the name of the company

yeah

gl on the interview (◕ᴗ◕✿)

thanks :D

this guy has been going around fucking with big servers https://www.youtube.com/channel/UCr1EYQYUZsBLXG149KnqpOQ

i wonder what the exploit is, maybe infected jar?

2FA+ would save you from that

seriously

indeed

probably just found some admin account password

there's a few different ways

you can download 10 million username/password combos in about 30 seconds with a google search

find one that matches a minecraft account

boom, you're in

2FA+ would stop that, of course

😉

right

pretty sure mojang has a limit on brute forcing

brute forcing is retarded in 2019

so would using different passwords on different accounts

instead of sharing your passwords

but you know, people aren't very security focused

most people*

more common ways include the whole "book command" thing that happened several times

infected jar, but less likely

improper bungee setup is the most common I've seen

100% most common way is improper firewall/bungee config

only thing 2FA+ wouldn't save you from is a bad/backdoored plugin since that could theoretically remove the plugin and restart the server

though that would be very difficult

multiple usernames barty

yeah

too damned many

actually the entire reason 2FA+ exists is because the network I ran got pwned by a bad firewall rule

someone else opened a MC port and forgot to close it, didn't tell me they did

did it affect your sales?

dunno

I just did the technical stuff

network

so, bungee

ie. offline mode server

yep

logged in as one of the owners

thus, 2FA+ was born

we had backups at that point

completely restored the server and undid all damage in less than 10 mins

also half our mod team was on, including myself

so

that ended quickly

but yeah, the most common I've heard about was a bad firewall rule or bungee config exactly like that

which is why 2FA+ exists, why hasn't everyone downloaded this yet 😉

well

because you keep shoving it down our throats

I mean

🚮

I wrote it, so yeah, but I don't make plugins that suck

is there a performance difference between using an interface vs a concrete class? I seem to recall someone saying that simple field getters (Foo getFoo() { return this.foo }) get inlined or something
when accessed via the concrte class but not an interface, but can't find where I could have read that

so also yeah

@cosmic raft sadly I'm not sure 😦

you know the answer wiz?

uh

interfaces don't have fields

rip

so no?

i mean

do you mean some public static final thing

my plugins force-quit after a max of 8 seconds

and a default getter?

usually shuts down well before then though

tbh i stopped paying attention to a lot of java internals right around java 8

so the internals of streams api and default interfaces are still a bit unknown to me

but hey, i became a full time c# dev in the meantime, so if you'd like to talk CLR/CIL to me, feel free

no i mean

interface A { Foo getFoo(); }
final class B implements A { private final Foo foo; public Foo getFoo() { return this.foo; } }

void thing(final A a) { a.getFoo(); }
void thing(final B b) { b.getFoo(); }

I seem to remember someome linking something that says that passing B around has a performance increase because the getter is known to hit the field always

Pretty sure it depends on the inheritance

i just can't remember where I saw that

could take a look at the bytecode for it

I don't see a reason for the jvm to choke

bytecode isn't everything

yes they will use different calling instructions

could look at the jitted assembly for it :^)

ie one single impl should get JITd but I have heard it’s slower if you have many impl

bytecode would be a good indicator, but yes the assembly would tell all

No idea I’d that’s still the case

that's correct z

yea might be something like an invokevirtual vs invokestatic

it becomes a virtual function invoke vs a a direct one

i don't remember this shit

I mean, at that point the term "micro optimization" doesn't even begin to cover it, so I'd have to ask "why?"

so there is a very slight performance difference, then?

yes, just remembered reading this somewhere and have been trying to find it

a conversation somewhere else was mentioning something similar

and i wanted to link the article/etc

I haven't been able to test exactly the performance between a virtual function invoke and a direct one

the problem with the direct one is it gets inlined and removed

"problem"

but yeah

yes it turns out the JIT removing the code you're trying to benchmark is an issue

yeah 😛

aha, maybe this is what I remember

https://github.com/PaperMC/Paper/blob/master/Spigot-Server-Patches/0294-Speedup-BlockPos-by-fixing-inlining.patch

there is a threshold though

"well, it's technically faster!"

here kashike https://i.imgur.com/pGbdg89.png

it's invokeinterface vs invokevirtual

i was close :^)

whew boy

that is a patch

that is indeed a patch

it is a good patch

it's probably a good patch

get... is used literally everywhere

just never thought I'd see the day that patch was needed

Supposedly it has helped a lot on the tiny arm soc setups as well

ofc it did arm is god awful

Have gotten some comments on that

god help us all.

Not that you can run 1.14 worth a shit on any of them anyway

Given how poorly it runs on x86

the only person I saw do it in here had watchdog timeout to like what 200+

can someone help me disable the server max tick timeout thing? my server keeps crashing from it

paper #95 i think

I set max-tick-time to -1 in but it wont work

Hey does anyone know where to find the gif of the kid falling asleep in class and he dreams he's falling and then he wakes up?

every time I look at the redstone changes for 1.14 I nope the fuck out :/

set it to 2147483647

ok

server.properys yes?

im in Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
if that matters

actually

set it to 0

i get this one confused with another, this one is 0 to disable

ok

ok thanks

™

tm?

what is trademarked

egg's way of making a retarded meme

I try sometimes

i tought -1 was to disabe eavrything

but i guss not

thanks

my server cant run without this amazing fork of spigot :D (it littrally wont load the chunsk without suffacating players in walls without it)

i have a suggestion btw, you should add a option to disable tnt from explodeing

plugin/Skript thing

anyone know a plugin like you open a chest with key and you get random item?

for 1.14.2

@void void CrazyCrates

probably the best currently

that might be the plugin that I submitted a PR to update them to 1.14

hmmmph

hi @cold pollen :D
Careful you don't get a paper cut :O

Hello! I'll try my very hardest :)

This isn't paper related in the slightest but Idk where else to ask.

On some Discord servers there are images at the top of the channel list. How do you set that? I'm not seeing any image upload spots in Server Settings otherthan the icon spot.

verified guild

There are /guilds/ for Discord?

huh

you're in a guild right now

guild is the real name for what the discord user interface calls a "server"

Interesting.

Thanks for the info mate.

can someone explain to me how bungeecord admin exploit works?

lets say firewall rules are fucked, what does the exploiter do?

simply logs in with an admin's name

if firewall rules are in place it stops at logging in?

can't reach it to even try to login

connecting just like normal ''ip.address:25565'' ?

since its a bungee

should server be pingable if firewall is setup properly? (in minecraft client)

if bungeecord is setup properly, should the server return "If you wish to use IP forwarding, please enable it in your BungeeCord config as well!" when youre trying to connect directly?

or should it not even ping in minecraft client?

if your firewall is configured properly, you should have no connectivity to the backend server

what do you do if you have servers on multiple ips?

different machines

private networking

@meager perch took me a bit, but finally got to fixing that issue
https://jenkins.egg82.me/job/egg82/job/AntiVPN/job/add%252Fcommand/

also slightly experimental command config thing

optional "run command for VPN user" thing

(works on my end, but you know how that goes, so let me know if it breaks)

https://twitter.com/Tesla/status/1141041018835353600?s=19

(DiscordBot) ✓@Tesla (Tesla): Your next charging session is going to be SO 👏 MUCH 👏 FUN 👏 https://t.co/5YzSL36kCC (11 hours and 36 minutes ago)

I like the bot because it posts the video a second time

so you get to watch it twice

very useful

indeed

very nice

just in case you missed it the first time

wait wait wait

why is there a game console in the front of the car, with the driver controlling it?

is it April 1st already?

I assume it's a metaphor or something

I think it's real

can't be, that would be beyond stupid

It'd be a tesla thing to do. Make a racing game for you to play while charging

yeah

can't see that going wrong

ever

what is a "Switch"?

What'd be even funnier is playing a racing game while it auto drives

(if you can't afford a $250 game console what are you doing with a Tesla?)

also, that's like watching a movie on your phone as you're charging it

sure, it'll charge, but I mean

i doubt a game drains that big of a battery significantly

lol

isn't the point of playing a game inside the Tesla precisely because you're sitting there, presumably in some parking garage, bored?

I just dunno why you'd waste time and charge on a game is all

(at least charge on the Tesla)

wdym "charge on a game"

as in, power

eh, I don't get it

just buy a Switch if it happens that often

play real Mario Kart

enjoy other games

don't risk accidentally throwing the car in reverse as you're playing

but it disables the car

you cant just

put a tesla in reverse while charging

it probably does

but you gonna bet your life, someone else's life, or the car on that?

i mean yes the car is insanely safe

its completely engineered to be safe

cars in general are insanely dangerous

teslas are insanely safer compared to normal cars

"it's the least-sugary candy I could buy!"

its pretty dumb to downplay just how much safer roads would be with teslas lol

they are smart cars

the most dangerous things about a car is the human controlling it

automated driving in general has the potential to drastically reduce the dangers of driving if it were heavily adopted I think

I play games on my PC and drive in my car. I don't play games in my car, and I don't drive on my PC

tool, meet job

automated driving will not only help that but pretty sure theres studies that it would reduce traffic a shit ton also

because that is also caused by human error

the most dangerous thing about cars is the person driving it, and apparently playing games in it while behind the steering wheel, controlling the vehicle

you cant play it while driving

tf

who knows

uhh them, because its designed that way?

all I see in the ad is someone controlling a game with the steering wheel of a street-legal vehicle

then read more into it before just talking about it

lmfao

safety-precautions or not, I'm not a fan

just because something's safer doesn't mean you can use it like an idiot

also its not like they also have a perfect test crash rating or anything

safety scissors still hurt

again, "the least-sugary candy"

thats completely downplaying the significance of how safe a tesla is

cars wouldnt be so dangerous if humans aren't behind the wheel controlling it

self-driving cars are great because the computer is generally a far superior driver to a human

but

still a car

its not like any other choice is viable lmao

they could.. Not add a game into the car?

entirely do-able

they already did it, in fact

they already had entertainment options actually

only accessible in park mode but yknow

"dangerous"

What a thing to be outraged by

not a fan of those either

literally like any other car with a screen

were you in a rage when those car dvd players showed up

I'm not "outraged" - just concerned. I stated my reasoning

Actually those are pretty dangerous

some people think my reasoning is dumb

that's fine

maybe it is

Distracted drivers are super dangerous

those were only able to be used in park mode also

iirc

at least in my last vehicle that had it

Not talking about teslas. Cars in general

a lot of features

weren't accessible if i wasn't i npark

not a fan of anything that has potential to seriously distract a driver

car radio? Fine, just don't screw with it too much while driving

TV? lolno.

I'm fairly certain this whole "game in the parked car" thing is fine, but I'm still concerned because it's still a car and there's a distracted person behind the wheel

that's a safety-net removed

in a car that can't move

hopefully can't move*

what do you mean, literally go to any article

it clearly states

it only works in park mode

I hope so, yes

removing a safety-net is still one less safety-net in place

tesla vehicles already have a shit ton of precursors for humans to not be distracted, included weighted steering wheels

to sense if a person is actually touching it

neat, adding safety-nets is good

it's only several tons of metal flying at 20-80MPH

they are literally most likely one of the safest cars someone could get?? of course it has safety nets, its a smart car. you are acting like this one thing is showing they don't but you aren't even accepting the fact that it only works in park mode lmao

https://youtu.be/UJTY7ilwSq4

(DiscordBot) Why Tesla's Model X Was The First SUV To Receive A Perfect Crash Test Rating - length 3m 3s - 94,433 likes, 8,368 dislikes (91.9%) - 10,905,917 views - Business Insider on 2019.01.18

they not only have computer built safety features

its completely built up to be safe

yes, I hope that the game only ever works in a parked mode, and that parked mode doesn't fail

but why risk it?

Switch, $250

same distraction

better than hands on a steering wheel

and you can use it while driving 100% of the time

much safer though

🤔

yeah, I'd also hope that someone doesn't play their switch while driving

same hope, really

id also hope if someone notices that their car can move while playing a game in their parked tesla theyd stop playing

still the same hope

your solution isn't any better then lol

just dunno why anyone would risk otherwise is all

because charging your tesla is boring and was obviously something that needs attention too

not really a solution to a problem that.. Does this problem actually exist?

people bored while parked, charging?

yes the problem of being bored at a charging station is completely exists

I assume it does, but that often?

really?

don't people have phones or something?

sitting on your phone for a while gets boring too, plus if youre in a place with no service

¯_(ツ)_/¯

Switch?

no?

why spend money on a switch when you have a few fun games and things like netflix and hulu in your car

part of me is confused as to why they thought it was necessary

its elon musk

lmfao

he sent a rocket to the ISS just cus he could

"yes, let's remove a possible safety net because ¯_(ツ)_/¯"

eh

sure

fuck it

it's probably fine

probably.

ill eat a sock if anything bad comes from the game being put in the car

😄

I wouldn't bet on people not being dumb

good thing teslas literally have measures to stop idiots from being idiots

you'll always lose that bet

computers can always overpower people

then they just invent better idiots, really

"that's the problem with idiot-proof stuff. Just invents better idiots."

not an exact quote

but goddamn does that ring true everywhere I look

ok I just found the single most inappropriate amazon search result

pack it up boys this is it

yeeeeeeeeeeeeeeeeeesssssssssssssssssssss?

not sure I can link it

can I link sex toys on chat

oh

no

I was looking at dice cups

a "realistic" mouth fleshlight complete with a detailed throat showed up

for some reason this product's name is "sex dice masturbator cup"

hoyl shit this amazon seller is the best

neck massager - it's a device for ball torture, what in the absolute fuck

I should probably report this to amazon

hahaha

I can't link the product but the name is sufficient, here's the full name under which it's listed

actually you know what I probably can't say all of these words either

Massagers for neck and back male egg squeeze scro*** clamp ball crusher bondage scrotch torture chastity poison for men toys enjoy love shirt

that's one name for one product

this is maybe the stupidest way of doing SEO

wow

that's a product name

alright

so

mayyybe we should keep that to a minimum

man amazon has some weird shit

I'm like 80% sure you've just introduced some 12-year-old kid to the wonders of the internet

yes, shirts

and poison

enjoy, 12-year-old kid. Enjoy.

the best amazon products

if it makes you feel any better they probably won't find the product

it's not in the US store and I just reported it so it'll probably be down in a few minutes

I'm also pretty sure 10-year-olds these days know Google exists

aaaand now I'm on a list.

ur face is a list

https://giphy.com/gifs/llamas-gifgif-zarza-ITmFr8untvHZm

hm there's not a wealth of dice cups in the DE amazon

those effects are awful

think I see your uncle up there

it's not fair that the US amazon consistently has cooler shit for much cheaper

this is really stupid but I might just import it from the US

my face smells nice

are you tempted to eat it?

no

can't smell that nice then

https://www.stives.com/products/acne-control-apricot-scrub

exfoliation I read that as exploitation at first

What's up people

hello

I am a Chinese, I want to add Chinese comments to waterfall.yml.

Where is the explanation for this document?

can someone help me with this error i got

No

Can't help with what we don't know

ok

time for bed i think

interview tomorrow

https://media.tenor.com/images/367614b4f607849f7010324fd778238e/tenor.gif

is what

Mfw we found a bufferoverlow + remote code execution that affects all modern websphere versions

It's exploitable by entering stuff into our site search 😂

no u didn't, ur 2 dum

But it affects all our websites and applications

and how would that work

dumping 16gb of string data into the search?

you referring to CVE-2019-4279?

MiniDigger: ^

Ye, my boss just found that

\o/

So it's patched after all, strange

I thought we were on latest

NOPE

Not my problem 🤷‍♂️

My applications run on spring 😂

And we are migrating our main website to my application, it's going to prod in 2 months 🤷‍♂️

nice \o/

I like how the guys that found the cve PRd an exploit into metasploit, lol

Delete the server

oh I wish I could delete the server

also, turns out its not CVE-2019-4279

its way simple

its an overflow in the jsessionid

and something todo with how clustering works

so more like CVE-2008-5457

🤔

sadly I am not directly involved with any of that

mrrnen

grabs tea

oof gitlab api doesn't support setting up push mirrors

Were is nossr

Where*

@stiff yarrow What the hell is up with anime and “perverts” it seems all the boys end up running into naked girls that falls for the boy immediately?

It seems weird

Like, i wanted to see some of these shows when i had nothing else to do, but apparently they are all about molesting women?

Like, what is this

What even

Also seems like everything is about super big breasts

Is there a software to view the diff between two project folders easily ?

Yes, just search for any of the dozen diff tools for your OS

hello my love

back to bed I go

https://www.youtube.com/watch?v=gNCh3DWPkRg

(DiscordBot) Anri Kumaki - Hello Goodbye & Hello - length 5m 6s - 8,280 likes, 56 dislikes (99.3%) - 743,292 views - Việt Huỳnh on 2011.12.09

@golden gust Found WinMerge

@cosmic raft ❤

@golden gust if I have a copy of a whole git project with all the branches, how can I reimport all the branches to a new github project ?

I always only get one branch to push

should I switch and push each branch or there's a easy solution to this ?

https://community.atlassian.com/t5/Bitbucket-questions/push-master-or-push-all/qaq-p/143299

woo

worked, thanks

@vernal moth you're affected by a CVE from 2008?

Rip

hm

in Minecraft discord

there's Tree Puncher role

what's that for and how people get it?

apparently i have that role

for no apparent reason

default role?

or no

It’s one of those activity based roles

Really doesn’t mean anything

fair

@egg2, no but it looks related

we don't use weblogic

MiniDigger: where do you work?

top 5 german insurance

time to start trying exploits on top german insurance sites 🙃

we filtered it via our waf now

tbh even if one didn't find yours, there's probably other issues out there

web security 🚮 smh

Woo! Finally I've got a script to setup git repos from the command line.

setup?

like

alias setup_git_repo = git clone $1

nah, I mean create a repository on GH/GL

via their API

oic

create a remote repo

so I don't have to leave the CLI once I begin git init

doesn't gitlab allow you to create a repo just by pushing

insurance

I don't know

Explains why using websphere in <current_year>

there's a setting for it at least

dunno if it's on in the "official" gitlab

github also has a hub cli which does that and some more

there might be, but I also have the script automatically setup webhooks

so I'd need the script regardless

we are migrating all legacy stuff to jboss and all the stuff I maintain is on spring wizardfrag :D

https://github.com/LordKorea/git-setup/blob/master/git-setup

i use a private instance of gitlab and pretty sure i have a setting that just lets me push to a non-existant remote and it will create it

nice :D

Although I must admit I'm so pleased I don't use java in my day job :P

what do you do?

I use Elixir/Go

I created an app that interprets json and outputs html/css/js :D

For a UK online gambling company :P

Isn't that all apps lately? :P

and I was feeling bad for implementing gtm, lol

we hacked a json exporter into our legacy cms

that was fun

mh, gitlab.com doesn't seem to have that setting

https://docs.gitlab.com/ee/gitlab-basics/create-project.html#push-to-create-a-new-project

o i linked ee docs but it's in ce too

if its only in ee it was say so

yea just wanted to clarify

sweet

now I know that I need to take care when typing in remotes

otherwise I'll have 3 repos consisting of typo'd remotes

is it possible to set a spawnpoint where you go everytime you log on?

Like what plugin do i need?

Probably a custom one

@old drum kinda old

https://dev.bukkit.org/projects/teleport-spawn-join

Why though

Man, I love linux so much. Switched to it full-time and I have no more internet issues or pc freezing.

Were you using macOS before?

No, W10.

Hm, that doesn't sound like Windows.

I was getting so tired of it.

Switched to linux and no problems since.

Hm, what do you mean by internet issues?

The DNS was deeply fucked for some reason. http would quit working for a few seconds every few minutes.

PC itself would freeze for a few seconds, etc.

Multiple times an hour.

Ah, not my issue. But I think my issue is ISP related not Windows-related.

AHh

I also realized how much extra crap I had over on windows.

https://en.wikipedia.org/wiki/Java_Classloader#JAR_hell

is it just me

or does this actually describe plugins?

lol

it's in the Anti-Patterns Wiki page

Yes. I've actually had problems with that before. Two plugins using the same library, which make calls to Material, one has set api-version to 1.13, one hadn't, enjoy the show.

oof

That's why you relocate (:

who needs relocations when you have a child-first ClassLoader?

I did for one, the other one was just testing the library, so I didn't there. But I got a bug in my program and I wanted to debug with IJ, but it doesn't support relocations. "I'll just disable the relocation for now, debug it, and then put it back in". That was a terrible decision.

that's my anti-pattern solution this this anti-pattern

@wide chasm Child-first CL 😛

I just used Bukkit's classloader, I didn't change everything in ways that I suddenly used a different classloader.

Also, I don't think Bukkit likes it if you change the classloader. Tried it before, had to use a bunch of reflections additional constructors and whatnot before I got somewhat close to making it work.

use your own CL, don't replace Bukkit's

if you replace Bukkit's CL I and everyone else will murder you in your sleep

can you use bungeecord with ngrok?

stops sleeping

@twin lagoon probably best we continue down here

i've been using linux and windows as a dualboot for 3 years now or so

so updates & system maintenance isn't really a thing i care about anymore

though i have reinstalled windows 2 weeks ago or so

Certainly you have forfeited your right to complain about instability then if you're not maintaining half of yoru system

and now i keep windows updates on

i don't use windows a lot nowadays

only boot into it every 2 weeks or so

so there's barely any system maintenance to be done

I boot into it whenever I need to do work on D&D stuff as my art program isn't available on Linux and I'm not into Wine

so about once a week or so

Still make sure updates get done and old update files get purged.

Clean up missing registry paths/keys every month or so from installing/uninstalling things

i don't care about windows enough to do that anymore

which reminds me I need to do a paccache today

though i'm also having some issues with gnome here and there

maybe i'll switch back to macOS once I upgrade my PC

xfce is a nice de I used for a while. Switched to KDE when I decided I wanted more eye candy though

i have tried a lot of DEs

and nothing is as good as GNOME for me

https://imgur.com/CdOLpzl 🤔

you're literal first person I've ever heard talk highly of gnome

it's not like i'm extremely satisfied with gnome either lmao

most people tend to hate it though

i just like gnome's design / applications

and they've been improving lately, memory leaks fixed, animation performance fixed etc

You could spin up your own custom de.

Take the elements of gnome you like, kick out and replace the poorly performing bits, customize here and there

no thanks

that's way too much work for me

nor do I have the knowledge

Didn't I see the Arch logo on your taskbar?

i do use arch

all the knowledge is there in the wiki for the taking

:^)

oh hey an emote I never knew I needed

:arch:

awh

that's sad

Idk what server it's from

Can just steal it

how?

Right click

Copy link

https://cdn.discordapp.com/emojis/502688621942407169.png?v=1

and make custom emote for own server I assume?

using that link/image

Save and upload to own server

yeh

Anyone good at decompiling plugins want to help me determine if 2 plugins I have are malicious?

They aren't the same plugin but they're obfuscated in the same way and are both on servers that appear to be sending ddos attacks

Hello good morning

How are you folks doing?

I'm doing

using obfuscated plugins is for me already a big no no. this means they are hiding something. 99% its bad

One of them still exists on Spigot's site, the other looks to have been removed at some point

https://www.spigotmc.org/resources/easy-deaths.68351/

let me have a look

The servers in question are creating a ton of sockets at once all directed at the same IP/Port, I think someone's trying to make a botnet out of minecraft servers lol

I just turned off my computer but I'll hop back on to help check

turns off Vicarious’s cat

wat is this obfuscation

Yea..

I'm pretty sure I can see where they are doing what I suspect though

Someone should probably get these off of Spigot

https://www.spigotmc.org/resources/authors/azaelatlas.215853/

Here's the author.

Seems a bit suspicious. One resource.

The other one was called AutoItemReload

I can't find it online anymore, same obfuscation, much smaller plugin

Closed source, already a bad sign. There are some like CoreProtect and HeadDatabase and they have closed source so it's not an instant ruling but you gotta be more careful if it is closed source.

closed source and obfuscated free plugin from an author with no previous resources

We've had 3 nodes at work taken offline by the DC for bad traffic, need to come up with a way to find and remove these things

You're saying that you have two plugins of which one is likely being bad, and one of them that you're suspenting as being the issue has been removed from the site?

*suspecting

Let me open up the source and see what it's doing.

I got somehting.

well i got it decompiled

2 plugins, both obfuscated in the same way on 2 servers that are both sending bad traffic to the same IP/Port, only correlation between the 2

1 removed from Spigot, 1 still existing on Spigot

mfw luyten hates the jar and jdgui fails every other class

I can DM both of them to whoever is interested, just want to get it taken down from Spigot mostly

Solution: stop using obfuscated plugins

he used maven

lol

he used his github account

It's not me using them, I work for a host, clients are downloading these things

https://github.com/meonstudios

Might not be him but that's what package he's using.

Uhhhh..

Opening the classes with IntelliJ and I'll see what pops up.

not everything is decompiled

but i found something intresting

Its encrypthing something in AES

lulwut

Encryption? Obvious hacker stuff right there jail 'em boys /s /s

and something with a base64 dXBkYXRlNGxpZmUueHl6 => update4life.xyz

....

It doesn't always target the same IP/Port so it's being controlled by something

update4life.xyz leads to:

https://www.youtube.com/watch?v=bmkY2yc1K7Q

(DiscordBot) テオ / 初音ミク - Omoi - length 3m 31s - 27,960 likes, 192 dislikes (99.3%) - 2,049,318 views - Omoi [Official] on 2017.07.08

yeah

What the actual fuck lmao

https://pastebin.com/raw/bJadctBc Came from a thread dump of the server running it, not sure if helpful?

excellent plugin design right there, blank class names

"So where's the error coming from"
"uhh I think it's 4 blank lines? wait no 3"

ik you're baiting but it's obfuscation brian

Yeah I'm kidding it's sarcasm

it has thousnds of return statements

like wat

that looks sketchy af

This plugin is so not safe

dont use it

I don't plan to use it lol, I just want people to stop downloading it

I don't know who to contact to get it off Spigot

I just reported it.

Use the report button

below the plugin description there's a report button

For something so simple as a death plugin it's not worth using a closed source plugin.

it being closed source doesn't mean much

I reported it as well

the high level of obfuscation for a free and "simple" plugin is sus though

Yup, just found the AutoItemReload one on the 3rd node we had issues with, same obfuscation and weird encryption stuff

Guess it's been going around for a little while

that's some interesting obfuscation right there

if !(!true) {
doStuff()
}

All 3 of the ones I've found share the same class that contains the Socket creation and encryption stuff

I'm not paid enough to understand this. Just don't use the plugin lol.

Don't forget to subscribe and SMASH that report button.

That obfuscation lol

I'll report any more that I find, now to get OVH to unblock our servers

https://i.imgur.com/VJcyOy9.png

words.

mongodb doesn't have joins so it's fast
mongodb adds joins
proof mongodb is a meme

after reading through it multiple times, we've figured out what that says

"it's a left join."

malicious ddos plugin

And that's why the only public plugins I use are WE/WG, Vault, protocollib. ._.

@heavy rapids My server is on the road to flat-out forking a bunch of public plugins. Already did it to ProtocolSupport.

So we can make its 1.12.2 performance not totally crap

due to security concerns? 🤔

ah

Yeah, Shevchik's policy is to base on the latest version of Minecraft, but the horror stories of instability and performance issues in 1.13 and 1.14 have made us wary of moving past 1.12

1.12 is a good, stable release, just needs some TLC to make it really shine

yeah lol

still on .12, too

20 TPS stable, even with tons of zombies pathfinding

So we wound up forking Paper to add performance enhancements and stuff

I still fear the day I'll not be able to stall the update any longer

performance enhancements specifically related to your use-case?

some backported fixes, async lighting smuggled from Sponge, and EigenCraft redstone stuff smuggled from Paper 1.13

ah, nice

the one thing I'll probably need to do is implement async pathfinding for my NPCs

right now they use a zombie with overridden goalSelector

but judging by all I've heard so far, pathfinding in 1.13/1.14 gets worse

we essentially run a bunch of small creative-like servers anyway, so we need it

mh interesting

https://github.com/PaperMC/Paper/issues/2206

probably using side-channel attacks, e.g. timing? 🤔 as far as I'm aware there's no "newly generated" flag in the protocol

nvm

https://i.imgur.com/IUZ7Ts6.png
https://i.imgur.com/5RaLF2D.png
https://i.imgur.com/N9XEfym.png
https://www.youtube.com/watch?v=bmkY2yc1K7Q

(DiscordBot) テオ / 初音ミク - Omoi - length 3m 31s - 27,963 likes, 192 dislikes (99.3%) - 2,049,611 views - Omoi [Official] on 2017.07.08

@wide hazel What's that from?

the plugin

the obf'd plugin brought up earlier

the malicious one linked earlier

o boi some vocaloid

I like how all of the booleans are just xor'd numbers

        if (!bl) return false;
        return true;```

classic

mh, what does the plugin do with the URL?

http://update4life.xyz:8080/ just returns 自殺 which translates to suicide, nice

it creates a secure socket connection

so would be HTTPS somewhere

ZipInputStream -> CipherInputStream -> Socket

update4life.xyz:666 sends a ton of what seems like encrypted data to me

eyy

looks like that might be it

encrypted zip file

Well since I need to stall me sleeping as long as possible

Slowly chipping away at the obfuscation

looks like it's not a zip file, but a jar file

it downloads the jar, opens it unsing zip, then loads the main class inside it and invokes the main method

jar/download is encrypted with AES

not HTTPS, but the download itself

nice

This has got to be the most annoying obf I've had to deal with

I want to know why anyone would put this much effort into this sort of thing

I'm starting to get some idea on how it works tho

The fuckery the obfuscator did that is

I jumped on the bandwagon of reporting the plugin

if anyone wants a copy for analysis, get it now

don't run it though

I have the other one that is even smaller of a plugin

other one?

easy deaths?

yeah

EasyDeaths is one, AutoItemReload I found to be another that is no longer on Spigot

neat!

looks like they used to be legit

authors are different too

"EasyDeaths plugin by PinkNeonDino"

I'll DM you the other one if you want it

on plugin load

Can probably block these plugins by redirecting domain with hosts file then I guess?

you can also just not download random-ass plugins

:^)

js

Again, it's not me running them

?

i wasn't here for the original question lol

Server host, trying to prevent clients from getting our servers flagged

oh you're a host

Yea, had these things on 3 machines so far

hosts file would require you to be ahead of the curve

you could in theory go the opposite way and have a whitelist-only firewall

might be annoying tho idk

and i mean

technically they could store their malicious jars on a reputable site

stuff like update checkers usually go to github or w/e

Yea, not sure why I thought Spigot had some sort of screening process for plugins

Guess that would be hard

If you want access to 1.13 materials you need api-version set to 1.13 or 1.14

Having api-version set to 1.14 prevents it from being loaded on 1.13 servers

it wouldn't be "hard"

dbo has it

it's just..more work than not

even a basic "does this look suspicious as fuck" screening would filter this out

like, this is automatic 🚮

dbo ❤

let us listen to some nice, calming, music

https://www.youtube.com/watch?v=Ypkv0HeUvTc

(DiscordBot) Marilyn Manson - The Beautiful People - length 3m 47s - 835,532 likes, 52,037 dislikes (94.1%) - 156,345,453 views - MarilynMansonVEVO on 2009.10.06

did anyone find out what the jar it downloaded was