#general

I call BS

(sorry kenny)

I do not believe that proxi has friends

:(

proxi has no friends

Yeah you obiuslly never played practice if you said that> i can punch my friend in mc 1.15.2
@minor badge

WE're friends cat!!

but proxi has family

i dont care nort

youre part of the problem if you dont wanna push the community forwards

and perhaps,

a large part

the more important your code is to the product, the larger part you are :)

i dont even know whats going on tbh

but im living fo rit

good night simple

what

good night simple

we sneakily did https://github.com/LuminuNET/LumiPaper/blob/master/patches/server/0007-Old-combat-mechanics.patch and https://github.com/LuminuNET/BukkitOldCombatMechanics/tree/master/src/main/java/kernitus/plugin/OldCombatMechanics/module with 90% 1.8 users on a 1.15 server, and people didn't even notice it was 1.15 =^]

sleep well and sweet dreams

package kernitus.plugin

OCM absolutely sucks ngl, it's a shame it's so awfully popular

tbqh, you can fix some of the aspects already

so I threw pretty much everything out into patches 10% of the size

The real issue is stuff like the client behavioral state

e.g. you can tell the difference between the two clients just by jumping around

unpopular opinion; nobody will notice if you don't tell them it's 1.15

Oh Im not saying that we dont need to go forwars, but backwards there is a community that needs features from the old versions to exist, a pretty big very very comphetitive community, with a lot of youtubers and players

And people are not understanding anything about this community until they join it and enjoy from it and understand its mechanics

In the end people dont like change and its easy to just stick to latest versions as a developer

But I enjoy both worlds

Its annoying that old versions are unsupported when it comes to mappings, but I found stuff that are just more fun to code for 1.7.10 and 1.8.8

Then on 1.15.2

no

what they need

is a pair of balls

the intent of the game is to have fun

You aren't gonna force a large part of the community to 1.15 just by saying "update lol"

pvp is 100% more fast paced in those older versions

Which, is like, what works for them; At the end of the day, so long as they're not running in here crying for support, it's 🤷‍♂️

If they like 1.8, they're gonna stay on 1.8, and if your server updates to 1.15+ only, they're gonna move to another server with 1.8

dont they all use mods like 5zig or whatever too tho? surely a mod could just,, revert the client changes

Mojang was having a discussion about combat recently

I was dead when that was going on through

think im gonna sell my macbook for whatever i can get for it and by a nice system76

@golden gust I agree its a nice way to say it, and yeah they are not running here crying for it, they actually develop their own spigots and clients

they were just collecting feedback, no news were brought on

The sneaking to activate shield is dumb

Ruins my entire codebase :(

if it ruins your entire codebase, your codebase is probably not (very) good

tbh,

https://discordapp.com/channels/289587909051416579/555462289851940864/719652163923607623

that does not only explain a lot

it explains everything

thank you

Yes.

stop bullying people

let's bully city

be nice and friendly and loving

Programmer trial by fire code review

stop being a nerd

@heady spear kiss welcome home, honey how was your day at the office

it's embarrassing for your soul

wow what happened to being loving city

I love myself

no reply...typical

when will my husband return from the war

anyway

student life is when you write code for your arduino without your arduino working

so I actually had to make sure stuff worked on a theoretical level without powering it on every 2 seconds and had to send it to the instructor so he could test it for me

guys

i want to fucking MURDER node-sass

thing needs rebuilt every 5 fucking seconds

just use sassc

works epicly for me

drop in?

no clue

.g sassc node-sass

(DiscordBot) https://sass-lang.com/libsass -- LibSass - Sass: "LibSass. Wrappers. SassC; Crystal; Go; Java; JavaScript; Lua .NET; Node; Perl ..."

i tried node-sass like a year ago and found it sucked ass so sassc was available and easy to use

quick inotifywatch + sassc loop in bash and it's worked epicly ever since

hmm

cannot reproduce on a non-trash system .

ewww a @potent fossil

ewww a duk

mfw i just designed a skeleton loader for some profile info

then realized hey

i should probably just preload this on fucking app startup

so

trashing that component

ew

what

yeah ew

https://github.com/Mojang/DataFixerUpper/pull/50

my PR was merged

waddafuq even is that thread

😂

Only a couple people accepted the changes, probably should've waited for a bit more feedback /s

someone want to come to my server

plz

no

why

who you

This isn't the place to advertise your server.

i didn't

why

♿

lol

@wide chasm sorry

breaks two rules in one go

@wide chasm im really sorry

wow again

damn that escelated fast

@wide chasm sorry i swear i wrote it by mistake sorry again

oh my lord

for the love of god

stop

alright stop pinging

a lot of performance?

what are you doing

applying some weird ass complex regex on every character?

do blocking dns query too

just to be sure

is it just me or is your safechat thing kinda overengineered

it is

damn right

yeah I don't think too often either

yes it can

1.1 is perfectly valid ipv4 representation

and 0

used by cloudflare atm

1.1 -> 1.0.0.1

0 -> 0.0.0.0

https://1.0.0.1/

https://1.1.1.1/

both cloudflare dns

https://1.1/

holy shit look i'm a hacker

xd

i'll be throwing malicious cloudflare propaganda on ur serbur

yeah how could a normal guy understand the internet protocol v4 lol

literally what i said

0 -> 0.0.0.0

scroll above

and now let's get to that good old question...

are you making that plugin for yourself, or for fun and for free & others to use?

no place like localhost amirite

true

what would y'all suggest for doing cross-server msgs

considering that network would consist of more than 1 proxy (this plugin messaging is kinda ruled out)

was thinking about redis

& pub/sub

redis

reddit

damn whole private messages would turn into a hive mind

so no

i'd do redis

wym with "externally"

well depends on the setup

it's an external service lmao

of course you can

if you configure it correctly at least

doesnt it run on the same machine?

it does

you can idk run it anywhere

usually its a good idea to not allow remote connections

mineplex did

Nah who needs firewalls

one person helped them to change their motd

ahaha

this was quite long time ago however

nowadays on such large servers shit like this shouldn't happen, especially given the possibilities what you can use to run your servers ;)

docker, k8s, or even idk your home cooked namespacing to prevent servers/services binding to outside internetz

Tbqh

With k8s, it's harder to secure stuff

Not easier

This is why the default configuration on cloud environments is that nothing is accessible to the internet

I did worked already with kubernetes in the past and I agree with mini but normall you can just have a bare metal firewall running just allowing 443, 80 and 25565

Not via software config for what you're deploying, they don't control or care about that

They just dump you on a private subnet and firewall off any public IPs you have so they can't do anything by default

k8s is nice

I feel like an ex-Mozilla person must have been involved in kubernetes

why?

They are the first people I can find (and usually the only people) who do that kind of shorthand

i18n, l10n, k8s

The shorthand wasn't keyed by kube itself

The community gave it that name

e10s

tnt

eeeeeeeeeees?

Do u say k-8-s or k-eights

you say kubernetes

I just say kube most of the time

Never

k8s

just k8s

Yes many write k8s

But how you pronounce it?

cube

Exactly

itens

keights

just cube if i speak about kubernetes

leighteenn

leighteeen the greeen

I think md is having a stroke

*itenn

so no pod?

yikes

A whole new world has been opened

xd

shut up I'm not having a stroke you're having a stroke

A world no one wanted

no u?

Discord zoomer

With k8s, it's harder to secure stuff

more or less yeah

Discord is selling all your data to China?

k8s wraps everything away and is overwhelming at times

Of course, it's Google tech

China

and it's bit sad how much k8s is cloud-first

and your own hardware is 2nd class citizen

Things from Google make a lot of assumptions about how your stack works, require a lot of complicated setup, and have a narrow window of usefulness unless you put a lot of effort in to them

so your option is either k3s or endless agony

Because they build things for Google

since i use nixos then i had to pick latter option

I use just docker swarm for my private stuff

nix makes git look user friendly

strangled this to get k8s usable on my machine: With k8s, it's harder to secure stuff

sec

Really really cool idea, worst user interface I've ever seen

fucking clipboard

https://github.com/openebs/zfs-localpv

this one

since my whole system sits on zfs then this is 👌

If you have nixos what do you need ZFS for?

Or vice versa

"why use zfs when you could use ntfs"

that's...

explain your question

me or amaranth

amaranth

ur just shitposting

ntfs smh

People always talk about using btrfs or zfs for their OS for the snapshot support

So they can rollback bad upgrades and such

i use that to do minecraft server snapshots

@void void stinky

But with nix that's built in to the software, no fancy filesystem needed

been bragging about it here for a while now, lol

I'm waiting for https://bcachefs.org/ before I move from ext4

"i use zfs to back up my shit wbu plebs"

proxi

who smelt it

dealt it

but ye, mc backups

Love when enemies are all nice until you kill them and they then spend the entire rest of the match shittalking you and everything you do

That's some good compression.

Main thing missing from bcachefs is snapshots :D

Otherwise it does checksums, compression, encryption, RAID, etc

Soon(tm)

i'd use btrfs but sanoid does not support it

thought btrfs would make shit a lot easier

because you can actually make snapshots inside container without needing to touch host directly at all

while with zfs you need to mount /dev/zfs etc

bcache is a part of the kernel already, used for setting up SSD caches in NAS systems and such

This project is basically taking that code, which is already mostly a filesystem and has all these features, and making it a standalone filesystem

"but what's wrong with ntfs"

cringe slow windows fs

iirc NTFS itself, at least with all the latest bells and whistles, isn't terrible

But it's really complicated so open source drivers don't support all those things and the Windows IO subsystem is garbage so the only complete implementation of it is tied to the worst place to do IO

Can somebody recommend a offline invsee/enderchest viewer plugin.
I once saw something like this, but I can't remember the name :/

.g lishid openinv

(DiscordBot) https://github.com/lishid/OpenInv -- lishid/OpenInv: Open anyone's inventory as a chest,...: "About. OpenInv is a Bukkit plugin which allows users to open and edit anyone's inventory or ender chest - online or not! Features. OpenInv: Open..."

Sweet, ty!

Can someone come to my server

no

why

$50

this community is full of server administrators and tired programmers

not players

the tired programmers part is true

that cuck did the same a few hours ago

and pinged stef 3 times to apologize lmao

Love getting fucking bruteforcced

got rekt?

lol

that's what you get for using your favourite fast food name as a password

yep...

It definately wasnt that lmao

It was a root pass

guys do you have any idea if the performance of 1.16 will be better for the servers?

just dont get rekt, easy

root pass

what in the fuck

root pass

fucking idiots

i swear to god

ffs

use fucking ssh keys

disable password login

Yeah I get that now

brutforced ssh key

should not be running a server under any circumstances with such careless attitude towards security

why do people always have to learn it hard way

you're essentially saying fuck you to your players

Its definately a learning experienc

i pity them

lmao

inb4 also uses plain old ftp

then leaked the root password over some public wifi or something

and then got rekt

Whoever deleted the files is weird though

if you use ftp then you also deserve getting rekt

ALl they did was delete the jars

but like

Not the folders themselves, but the data inside them

that means they ran a script :)

Can you

Undo scripts?

no

no.

All that was left

lmao

you got fucked. good job.

I did indeed get fucked

i have no pity

root pass

hey at least you lost your virginity

i guess

Finally

I got their ip but im going to assume its a vpn

Somewhere in kenya

what are u gunna do

who the fuck uses backups in 2020

hack them back and undo the script?

@quasi valley no shit

"i just got FUCKED because i have no idea about security period whatsoever AT ALL"

I cant even be mad just because of how retarted i was

"hey btw i got their IP"

"somewhere in Kenya."

I will hax them

with what

his tiny pp

ping flood them?

boutta start knocking on doors in kenya 😤

My gaping butthole

I will shit in their mouths

Im hoping the backup I have is still sorta up to date

gonna put the hacker into your ass

head first

ez

Hello there, I have a Minecraft Server (currently on Win10 Server), will performance improve by a large amount when going to use Ubuntu Server 20.04LTS?

no

.try

https://tryitands.ee/

pftw.

yes probably

So tip of the day

Dont fuck yourselfs like I did

I used to run a server (1.14, first Paper build) with 20TPS on a AMD Athlon XII Dual Core

with 2 GB of ram

tip of the day is to follow good security practices

need atleast 128gb now

And now I am running windows with better hardware and performance sucks

listen what people say

Your using windows thats why

tip of the day is to follow good security practices
@void void i know

that wasn't for you though

That's literally the only reason why I have a Mac lol

but glad you know

Install linux on it

Because Windows is shit

no macOS works great

why I have a Mac

I'm lovin' it

mac does not protect you from getting viruses

macOS is like a fancier linux

yes

i know

SO just

I'm impressed

i love mac, but im going to sell mine soon

I started it off dont worry

macOS works great with my 50 EUR iPhone SE :)

it's because keepitfresh came back from holidays

Lmfao

^

iPhone SE (2016) is great value rn

no

android motorola 5

$50 - $75 for pretty good hardware :P

Nokia Brick (1985) is great value rn

I'll take it if you give me 20€

$1-2 for pretty amazing buttons

Ill give you atleast $2 for it dancing

u rite

Typewriters are pretty good

Smoke Signals (unknown) are great value rn

Nah morse codes like 0.5 rn

I just commincate with loud grunts

communicate*

xiaomi gang , sorry

mega cringe botnet user

Imagine getting your data sold to the chinese

oh shit everything sells your data'

you should shut up you got rekt

shhhh

by getting your root password bruted

Hi, could anybody give me a tipp to understand my issue with GSON. Well I have on eplugin, what loads a previously stored json string (tojson) into an object (I store jumppads) like that. While the object model I use to export/import from/to json has a constructor with arguments (so when I create a new one, not related to Json, I can do it directly on "new" passing all it needs) – GSON imports this one without problems.

Now in another plugin, I use the same tojson/fromjson logic and I also have a data model to store some locations along with some other data. This object also has an attribute conatining an arrayList of spawn point objects. But in this case, fromjson will fail and skip exactly the attribute/memeber containing the spawn poin ArrayList (rest gets imported), as long as the constructor of the export/import object does not offer on version without any arguments.

Since it works, I could live. But I would be nice to understand why it does not care about the constructor in one version while it does matter in another one 😛

holy sht

you realize we will literally never let you live that down, ever

yeah

probably...

you are now the Guy Who Got Fucked By A Kenyan

so

accept it

....

lul

Atleast it didnt hurt

?

It did tho

Your server got FUCKED

big fucked

they hit literally 1 directory only

nothing else except /home was touched

Which is kinda weird?

Would have expected them to literally go on a rampage but

I mean you have to do a clean re-install anyways so ¯_(ツ)_/¯

Yeah

no rats or anything

Hi, could anybody give me a tipp to understand my issue with GSON. Well I have on eplugin, what loads a previously stored json string (tojson) into an object (I store jumppads) like that. While the object model I use to export/import from/to json has a constructor with arguments (so when I create a new one, not related to Json, I can do it directly on "new" passing all it needs) – GSON imports this one without problems.

Now in another plugin, I use the same tojson/fromjson logic and I also have a data model to store some locations along with some other data. This object also has an attribute conatining an arrayList ob spawn point objects. But in this case, fromjson will fail and skip exactly the attribute/memeber containing the spawn poin ArrayList (rest gets imported), as long as the constructor of the export/import object does not offer on version without any arguments.

Since it works, I could live. But I would be nice to understand why it does not care about the constructor in one version while it does matter in another one 😛
@tired heath so in other words

it "ignores" the constructor in one, but in the other which has "Location" references it "doesn't ignore" the constructor

yeah looks like that

Location

it has a World reference

which has a Location reference

which...and so on...it's circular. think we went over this earlier today

it enters an infinite loop

the solution is a type adapter

na the location thing got solved, I split it up into single values of floats and doubles, it will not use the location in the from/to json at all

🤔

ok well

share code else idk

one mom.

YoUr GoIng To StEaL mY cOdE

shut up Guy Who Got Fucked By A Kenyan

...

nice

What did I miss holy shit

i got fucked by a kenyan

🍆 👌

i really want Hello Games to fix controller support in NMS VR

So baiscally this are the relevant code parts,
ArenaDataStorage contains a ArrayList of ArenaSpawnPoints
Export to Json works fine, when I than use load (from json) and ArenaDataStorage has a contructor with no arguments, it imports the Arraylist of ArenaSpawnPoints just fine, as soon as I do not provide a constructor without arguments, even when one what is assiging all values, it skips the Arraylist.
https://pastebin.com/ZDdyHsmC

the day that happens goodbye because ill have literally no life

that is, outside of NMS

Damn maybe my pc it self will be backdoored soon

thatd be fun

So it works, I just wanna understand why it makes a diffrence

clicks ph ad

ph ad

no ban for me

mikro doesnt see them, he obv paid for premium

those are mostly from b, 2nd b or ph itself

you def shouldnt be keeping that box, rebuild it

@tired heath so whats the loading code that works and whats the loading code that does not work

smh

@slim nymph ik

no kenny they want cc :(

ooo

Maybe someone on their can help me fix my machine

wouldn't have my name there

install teamviewer

Basically removing
public ArenaDataStorage() {
}//end ArenaDataStorage
will always lead into skipping of the Arraylist, no matter how the other constructor veriations look like

to get hacked again?

sure

Duh

you dont fix a compromised machine.. you nuke it from orbit

thought the same lmao

@tired heath well, you're not setting the array list

oh wait no wtf am i saying

you think they only touched one folder

gson needs a no args constructor

always

Ik they didnt touch just one

limitation of gson

but prob their fun secret waiting somewhere else

It would be stuiped to not fully nuke it

its just how gson works

So that question is not, why does it fail here, the question is, why does it work in my other plugin

got it ty

well are you sure they got in through ssh? got logs of that?

As far as im aware yeah but ill rechecj

pw

Im not sure how else they would have accessed it?

ftp?

They ran commands so Im assuming they did

then yes thats ssh

History shows -last as the main command

No script commands or anything?

if there was no ssh logs, it was possible you had a backdoor plugin that let them run commands from within the java process

they prob wiped history

There were seperate processes

(2 servers running_

Different plugins

So def wasnt a backdoored plug

why couldnt it?

If im comprehending this right

It would give them access to that 1 server correct?

*proccess

only if containerized in an isolated context

well fuck me

if they both runsame user w/o a container 1 server can run shell commands on anything it has access to

I wouldnt even know what plugin it would b

but the fact you have stuffi n bash history is signs of login

unless they literally spawned a bash login prompt lol

It couldnt have been a plugin

that's why you don't use closed source plugins

Server was up for 1-2 months with no signs of that

So unless they play the long game

only on your server viper

ok so bad actors now know to wait 3 months to compromise keepitfresh to make their backdoors considered safe

^

logs in bash history

I leave roughly once a week every 1-2 months so have fun

don't they know you can just prefix commands with a space to keep it out of the log? smh

Im not sure why they were checking last though

But they got my ip now so thats dope

thats why

laughs in dynamic ip address

to see if you was on the system to detect them

Ah

Nice

Im wondering if

also to potentially find other accounts to compromise

If they didnt get in through the root pass

I have an account with just access to that directory

Is there a way to see what user executed the commands?

not if they wiped logs

if its in /home/user/.bash_history its that user

but tou can also just unset HISTORY_FILE or some var like that to erase writing history

Well i can confirm it was a root pass then

those were in /root?

IS that a normal user to have?

yes

Alright nevermind

check /etc/passwd

did you use a shitty root pw or something? for one, dont use pw's...

^

SSh keys

Learned that

No it was a pretty long password

if you do have pw access, make the pw 32+ chars of gibberish

nonsense, no one would ever guess my password ||hunter2||

Was expecting taco2.

how long is long to you, and did you reuse it?

No

Never reuse

15 characters

Numbers, letters, uppercases etc

15 isn't like super long

well whereever you had that password stored is likely compromised too

Tacos > burritos

Reliablesite?

Thats the only placed its stored

Is on their website

are we still certain that it wasnt a backdoored plugin??

Yes

is ssh confirmed

wwell they logged into root

Theres bash history

oh mkay

I mean it could fake the history, lol

then maybe your pw to your host dashboard w/ access to that pw is compromised

not to /root....

gotta be root to write to root

there is

the bash history is in the root home

are you sure your server's aren't running as root? lol

not going to talk about that one

...................

oh no

whelp

well, duh. a few shell commands and yes they can get root access fro map lugin

@slim nymph Really? How does that work?

waow

just waow

This is a huge learning experience so Im trying to get better att his

you realize progamming languages basically all have ways to run system commands right

you can literally spawn a 2nd ssh server w/o any security, add a user with full sudo, then login as that, all from a compromised plugin running on root

the jvm isn't a sandbox

the only place you should be running plugins as root is inside a container

even then, pls dont

Ok then why wait 2 months though?

wait until no sign of activity to get caught?

pretty standard business

that actually makes sense.

I was gone the week they did it

or theyve had it longer and accidently deleted the files revealing themselves

might be someone who knows you

have you been kidnapped and pw's tortured from you lately

Or pull a Mason and write a backdoor into .bashrc

😂

they wouldnt mine that much, VPS hasn't big efficiency

its a dedi

You figure there would have been SOME kind of acitivity though no?

cpu mining tho lol

smart ones sit on it

ok

Damn they sat on that for a whole ass 2 months

still pretty lol

hi ryan

you dont know what they were doing for months

That is true

could of been using yo uas a proxy to do illegal things

yikesss

US had iran nuclear reactors being physically sabotaged for years until they accidently got discovered

I would have noticed a performance downgrade no?

because the virus infected a laptop

from a proxy? no

Ah

So it was either a plugin being sat on for months

or a bruteforce

Stuxnet <3

doubt it was brute force at 15 chars

Im checking with reliablesite rn to see if my account was accessed

no copy of the pw on your local pc?

No

My pc was off in that time anyhow

i did

got fucked by kenyan

I mean, it could be a pretty widespread backdoor and they only just got to/found your machine ¯_(ツ)_/¯

though running servers as root was likely culprit, specially since they only touched your mc folders, shows the person is affiliated with mc

standard attacker would of just deleted entire folder

Yeah but the history? THey had to have logged in no

does seem odd to only delete jars

Especially for how they deleted files

yes, thye logged in, but a plugin could of let them

this is what i came back to

you can reconfigure ssh, or start a new one

no

oh they prob did wipe out the entire folder and the running process just wrote new files

ik no more root pw

just disable passwords altogether

but whats weird is the data inside the folders was delete

so they just deleted everything they could? lol

as i just said, they prob deleted entire folder, and plugins recreated those folders because server was still running.

Well not all of the data inside*

Certian data was saved like uuids from saved islands, et

who cares what they did, just make sure it doesnt happen again lol

No zbk

@minor badge

Im trying to learn from this

And get more info

obvious steps to avoid include avoiding blackspigot and avoiding shady spigotmc authors

Dont install plugins that you dont know what they are doing

he does need to know entry method though, incase the compromise iss actually outside the server, local pc, admin panel for dedi

Either a plugin or a root pw comprise

or finding culprit plugin

set up 2fa for admin panel, use key auth only, dont run as root, only trusted plugins; all issues fixed

Viper ur a furry now?

@void void

no idea which plugin

All of the jars got deleted

Possibly

I had an offsite backup

That im HOPING i still have

hello am a bit late - do you know if they connected via SSH or not

I havent downloaded ANy since then

Literally had the same plugins for 1-2 months

Yes

yes- https://www.spigotmc.org/resources/spigot-anti-malware-detects-over-200-malicious-plugins.64982/

There is a spigot anti maleware plugin

Author is absolutely insane and checks every new spigot plugin

i was about to suggest using it to find any plugins that call shell commands

@junior field ssh was accessed at one point yes

They left bash history

No that is not for sure

oh they didnt clean up?

I need to know how they got it

check your /var/log/auth.log

No zbk

15 characters, numbers, letters, uppercases etc

thatll tell you if they bruteforced it since apparently they didnt clean up

also I assume youve changed your pwd since?

so they dont connect now while youre handling the incident?

no

it was

same ip numerous times

numerous being

500000?

5?

Wait no 1 minute

The IP left in last is nowhere to be found in auth log

(also you'll want to wipe everything after you eradicate the threat)

@junior field fresh install ik

so in your auth.log

are you being bruteforced by a chinese botnet or

yeah unlikely

but

if a chinese botnet has had many months

Can confirm was no bruteforce

no fail2ban

Im actually the only one that has logged in

¯_(ツ)_/¯

Accepted password for root from only shows my ip

couldve gotten lucky - 15 chars isnt very many as it goes

chinese botnets are at it 24/7

Oh shit

its the static noise of the internet

they try to bruteforce everything possible

My auth log only goes back to that 7th?

IS there a farther back log

Nevermind found out

auth.log.1?

@void void "its a strong password so its impossible to bruteforce" isnt good enough

The ip i have

unless i can 100% see it wasnt a bruteforce, i wont rule it out

Has 1 attempted connection from may 24th

And thats it

or uh

Yea enter your password on this website

post the password here

considering you shoudlve already changed it long ago

So I dont think it was bruteforced

big up lanman

@polar sonnet for the ssh, did you deny root login, did you change the default port, did you enable a firewall and did you install failtoban.
If not, is highly recommended

ofunny

Havent even got into the rebuilding stage yet

Is there way to see what ip assoicated to the user executed a command/

no

Fuckin foundi t

IS there a way to see if an ip was a vpn

Actually?

why do you care about whether its a vpn

To see

what if it was the attackers on a vpn

@polar sonnet did they SSH into root

or a different account

olol

I sent another zbk

Getting kinda in here

@polar sonnet are they your sysadmins IPs or no

this is still happening?

hi stinkylai

did he die or

I should'nt have implemented that strafe jump feature as first. Now I keep wasting at least 10 minutes after I test a new feature doing strafe jumps 😛

you should've changed your password 609 million years ago

I can almost confirm it wasnt a plugin/bture

Well may I play Columbo

4 residential connections then randomly a vpn right after

Then a history clear?

So you say only your plugins got deleted and it was not a plugin,

I 99.5% sure it was a friend I could trust

Its his city and everything

Your deticated minecraft user had a shitty password

ooo I am good

😄

no it isnt

it would take 609 million years @tired heath

would it

Yeah

15 characters, upper case lower cases, numbers, etc

Maybe some password list

some noobish one

No im almost positive it was a friend

He tried to cover is ip up

Good friend

YEah no shot

funny thing is

He runs a business also

well is funny, little bit

I have to have SOME confirmation before though

sometimes I crack myself up with my stupidity

i just googled "how to get first element of array" 😒

Actually if I would have done it, I would inject some troll plugin into an other jar, but I guess deleting will also do it

true

Its not a plugin

networking with ur mUm was pretty good 😎

It all points back to him

well yeah we got that

claro

What does set -o do?

Im not sure thta was a command left in bash history

Then it prints out a giant log

Why would they run that?

check which options they set perhaps?

as do lua, julia, R, lots of older things like fortran and cobol....

@polar sonnet becasue it shows all options what got set on/off

cobol, gods language

nope

gods language is Holy C

written by His emissary Terry A. Davis.

Rest in Peace.

hey there's even a handy list https://en.wikipedia.org/wiki/Comparison_of_programming_languages_(array)#Array_system_cross-reference_list

😔

Going to try and get some hardware that TempleOS works on soon

How do I find other developers sharing the same passion?

grinder

Terry would've made better bible plugins

Guys there was changed something important in Paper that causing this? There wasn't this error before

java.lang.IllegalStateException: Asynchronous ChunkMapDistance::addTicket!
at org.spigotmc.AsyncCatcher.catchOp(AsyncCatcher.java:15) ~[patched_1.15.2.jar:git-Paper-345]
at net.minecraft.server.v1_15_R1.ChunkMapDistance.addTicket(ChunkMapDistance.java:158) ~[patched_1.15.2.jar:git-Paper-345]
at net.minecraft.server.v1_15_R1.ChunkMapDistance.addTicket(ChunkMapDistance.java:311) ~[patched_1.15.2.jar:git-Paper-345]
at net.minecraft.server.v1_15_R1.ChunkProviderServer.addTicket(ChunkProviderServer.java:958) ~[patched_1.15.2.jar:git-Paper-345]
at org.bukkit.craftbukkit.v1_15_R1.CraftWorld.getChunkAt(CraftWorld.java:402) ~[patched_1.15.2.jar:git-Paper-345]
at org.bukkit.craftbukkit.v1_15_R1.CraftWorld.getChunkAt(CraftWorld.java:410) ~[patched_1.15.2.jar:git-Paper-345]
at org.bukkit.craftbukkit.v1_15_R1.block.CraftBlock.getChunk(CraftBlock.java:128) ~[patched_1.15.2.jar:git-Paper-345]
at de.myzelyam.discofloor.BlockChangePacketMgr$1.run(BlockChangePacketMgr.java:64) ~[?:?]
at org.bukkit.craftbukkit.v1_15_R1.scheduler.CraftTask.run(CraftTask.java:99) ~[patched_1.15.2.jar:git-Paper-345]
at org.bukkit.craftbukkit.v1_15_R1.scheduler.CraftAsyncTask.run(CraftAsyncTask.java:54) ~[patched_1.15.2.jar:git-Paper-345]
at com.destroystokyo.paper.ServerSchedulerReportingWrapper.run(ServerSchedulerReportingWrapper.java:22) ~[patched_1.15.2.jar:git-Paper-345]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]```

step 1: dont run stuff async when it's unsafe
step 2: no errors
step 3: profit

yeah, don't access the world async, lol

a yes, getting a chunk sync in an async task

101 world corruption 😄

thats why that async catcher is there

So when I disable this it could works?
async-chunks:
enable: true
threads: -1

or something?

no

the whole point with it is to catch stupidity

tell the author he's stupid

It's old plugin, it was supported on 1.13 :/

tell him he's still stupid then

it was already unsafe in 1.13

or in any minecraft version

Le me guess, it fills up the floor with colored concrete and alters it to a given rhytm, but tries to do it async

it tries to get data async so it can send a packet

instead of actually modifing the world

https://github.com/MyzelYam/DiscoFloor/blob/master/src/de/myzelyam/discofloor/BlockChangePacketMgr.java

if anybody cares enough to fix it, its open source

I didn't find another plugin on this... if it's not really difficult to fix, could someone try it please?

last commit 2017 lol

author won't fix it probably

hes still active

try raising an issue if nobody in here feels like fixing it

its trivial

ok

I'm just here to talk while doing coding breaks, sorry

would just need to remove the runnable and use getChunkIfLoaded

ok created issue, the first one there, lol 😄

mmmh

I have a question

no

imagine you have a wysiwyg editor, but also allow input via markdown and potentially bbcode or even html

and you want to store that in a database

and display it on a website

what would you store?

that sounds eww

most wysiwyg editors prolly produce html

Hey guys it wasnt my fault!

Well sorta

sorta

ideally the editor would display whatever the user input after loading the content again, mini

Essentialy I've traced it back to a guy i worked with that I though I could trust/literally runs a business

but if you allow mixing multiple stuff...

His ip, his location(ik where he had lived before), etc

I mean, I could just force markdown

found a wysiwyg that supports markdown

https://github.com/nhn/tui.editor

that seems easy, but requires ppl to know markdown

just use a switch to allow toggling between markdown and wysiwyg ¯_(ツ)_/¯

i'd store it as whatever they wrote it as

then have it rendered separately

so that if they hit the edit button, they get back whatever they put in to begin with

so I would store the format somewhere, and then the content string?

i mean you can also store original input and rendered input separately

Basically, I'd store the "raw" whatever the heck that thing uses

I personally would just store it in markdown and only have the wysiwyg part auto-format to markdown

yea

the important ux thing here is that if i write markdown, hit save, hit edit...i want to edit my markdown, not the rendered html

yeah

https://user-images.githubusercontent.com/18183560/76941970-4bdfc100-6940-11ea-9a60-94124237fa1e.gif

that editor supports wysiwyg without seeing the "code"

so I prolly just only use markdown

"advanced" users can write raw markdown

normals use wysiwyg only

markdown supports html anyways, right?

pretty sure most parsers do

ill just give that a try I guess

tbh the main issue with markdown is that it doesn't support colors by default, lol

Yea, would probs need to go more towards things like bbcode for that

back in my days

do I want to support color tho?

bbcode is just simple-html xD

Dude

Did just read the original question, actually would need a editor that parses the view on runtime so the user sees the formated text, but will store it without converting markdown to html. So the logic showing it on the frontend has to parse the markdown again and prints html, what is not an issue since you always could cache the final output
so you will have html and markdown working in the same editor

color just adds so much extra to the conversation

agreed xD

i can't even read it on my client lol

also TIL about my console supporting blink

*huggles electronicboy *

purrs

fuckinn mintt

Hows everyones day going

See, I just have a case of "k3s apparently killing the server"

hence, I kept having to reboot the darned thing

mmmh, this is hard

I think ill stick to the editor and force the usage of markdown

replaces zzzCat's stress pills with rat poison pellets.

wait, couldnt you use html to color?

Can anyone link me a basic security guide for servers, so far I'vel earned

• disable passwords, use ssh keys
• containers?
• firewalling shit to protect bungee shit

bbcode is not what markdown wanted to be

css = color

https://i.imgur.com/8edknu9.png

or inline style

yall totally misunderstanding the markdown philosophy

ok, I call that good enough

markdown is literally supposed to show semantics in plain text

Well, yea, you could use HTML, but, er... raw html is generally... errr....

https://i.imgur.com/gu8H6Am.png

using [] or <> tags to show semantics is completely opposite of markdown's goal

at least there is no xss 😄

Can anyone link me a basic security guide for servers, so far I'vel earned

• disable passwords, use ssh keys
• containers?
• firewalling shit to protect bungee shit
  @polar sonnet

.g first 5 minutes on linux

(DiscordBot) https://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers -- My First 5 Minutes On A Server; Or, Essential Security for...: "Mar 3, 2013 ... If you use your first 5 minutes on a server wisely, I believe you can do that. Any seasoned sysadmin can tell you that as you grow..."

I guess I should edit to not trust people iether

Which is my entire downfall

Thought I could trust a repitable bussiness but nooo

especially not zbk

Also you could use html attributes to strore any information you want, you can even use your own tags, standard html interpreter ignores them, while they are in dom and javascript can actually read the attributes, like data="" I mean there are plenty of possiblilities

jesus christ

ok am sold, the editor supports color https://i.imgur.com/Zv9ASKh.png

if you enable it

just creates spans

<span style="color:#4be536">me text and choose </span>

Damn having shit like this happen just kills moativation

yeah most of them use span

Good news im longer the guy who got fucked by a kenyan

everybody is on HIBP @polar sonnet

just make sure to never reuse passwords and you are fine

hibp?

have i been powned

Oh lmao

the site you screenshoted

Im not even worried aobut that was just curious

Never reuse passwords

Im talking about my server and the motivation thing

oh

eww, hibp advertises 1Password

same

Ik my actual email was access randomly 1 day

quickly changed that shit

just use 2fa...

it was one of my 3

was kinda just a throwaway

@still smelt the previous one was fixed

Wasnt technically my fault

I actually have a pwned password and I did not change it cause I use it for shit content, who ever wastes hes time to get into one of these should enjoy

^

im going to sign his email up to a spam acc

i should change the password of that ancient steam account i constantly get emails about

mfw one of my emails was included in a dump from a site I don't even know/use?

🍆

whats club penguin

aikar guess what

It wasnt my fault!

us kids liked to play with fake animals, aikar

Or a plugin

Wasn't it just one of the 3rd party servers?

They were serving it through Cloudflare

But the other main one I think is still up?

https://i.imgur.com/HjEFQyQ.png

thank you

very helpful

@polar sonnet but it was your fault

Well yes but actually no

nice extensions 👀

for giving someone untrustworthy complete unrestricted access to your server

It was a reputable business partner that I thought I could trust

That had multiple vouches/customers

is this a uh

mason?