#development

bc unless it’s got a good backend lang

Java

:sofuckingfunny:

mine would have to be node or likely php

not gonna deal with secure user accounts in java

php, node, some type of python backend

not doing logins in python either

too much room for error

fair

despite how much i love the language

stfu

idk php so i cant really say on that

but express + passport = really easy logins on node

php sucks balls but it's established

have you tried php8

i have no idea which version of php i use

8 just came out

dunno, haven’t used it but heard a lot of praises

https://gist.github.com/KritantaDev/2f17d1b8531a8e47eacca41ddd65fb5b

this is what my servers use

whatever gets installed with this

just run php --version

loss

contributions to that script appreciated

could probably automate a few things

where is emy discord account

wait is ctrl-c sigint not sigterm

maybe that's why the one script I was making wouldn't trap right

why

but yes

ctrl c is sig interrupt

keyboardinterrupt in python

ctrl d is EOF iirc

.align 16

.quad    _ctor``` use this instaead

try both but this works regardless

if u want it working just copy paste

no just ssh in and remove it

ur gonna have a lot of crashing

because u ruined the stack pointer

br x8 doesnt return

well it returns from the original one

so then the stck is 16 bytes off

that shit below br x8 wont ever be executed

black screen means it worked bc its getting injected anyway

I dream in arm

I dream in arm russian and english

anyone have a header dump from ios 14

the last pic is wrong, ldp should be #-16 too to match above

@primal perch

sorry @grave sparrow

you put some random values from stack into LR

LR and FP? I forget what the other one is

time to open dyld_shared_cache via wine ida64

wish me luck

@faint timber wine what are you a masochist?

just run it in a VM?

cba

worked out of box

I could just reboot to windows

to do the same thing

tell me you aren't opening the whole thing

the point of 7.5 is not having to do that

or

how will you run it in WINE under windows? 🤔 maybe using the linux subsystem?

https://github.com/KritantaDev/DyldExtractor use this

if you need dyld shit

is yours actually working well?

"depends"

like does it extract the stuff from neighboring libraries?

yes

cool

here let me drop you one it worked well on

wait ida 7.5 fixed loading of cache?

with 7.5 you can select just what you want

define fix

^

however

sick

then right click some crap that's broke and tell it to load that section too

you need to manually load in other libraries

yeah

its dumb honestly

what fw do you need

yeah it should be able to have dyld+deps of only that lib

the one on my github most likely works

but dyld+deps gives you deps of all deps too

like fuck me

it just loaded it didn't let me choose

wtf

then what ida version are you using?

7.5 or they wouldn't be using WINE

7.5 sp3

weird

what framework do you need

just for fun

nothing needed

well

lol

wonder if dscu couldn't load in

bc of wine

because you opened a file that was already disassembled

oh that too

you have to load the shared cache, not an i64 file

oh

lol

no

thats the binary

no, it's not

look at your title bar

if you've already opened it there's already an .i64

fucker

lmao

delete the .i64 file

and try again

it threw me off when I told it to open one thing and it opened another thing before too

sort of bad UI

fixed

thanks my blind eyes

here's two extracted frameworks @ sbingner

output is better than IDAs rn

dont load with dependencies

why

@half walrus very nice

it'll load several hundred

it loads the entire dependency

I wanted to try loading the entire cache

don't

I have 128gb of ram and a 16 core cpu

i've already done that several times

it's a complete waste of time

IDA barely runs

can you force ida to use ram and run multithreaded?

yeah it's pointless

https://iphonedevwiki.net/index.php/IDA_Pro#If_you_are_dead-set_on_using_the_arm64_shared_cache:

you can totally do it but it's slow as frozen shit

i wrote this section just for ppl like you

bc people constantly say they're gonna load the whole thing

well I can just press save

it takes over an hour to save

just make a bunch of .i64 files for different things is easier

then it'll be fast

what an hour to save jesus

yeh I just want to try it now that I have a beefy pc

if you try to use quick search IDA crashes

you have to disable the sidebar on the left

I've done it - it took like 2 days to disassemble but I could save it in like 1 min

and it didn't crash it was just crappy

probably macos IDA isn't as good as windows IDA 😛

lol mac doesn't handle 16 core cpu usage properly

and you have to find what you need by opening the 'segments' browser

and finding the framework

you cant search it

ida doesn't use more than 1 core

so that doesn't matter

yyep lol

good for having 12 IDAs open

yeh at least I have 15 cores left to use my pc normally

not good if you have anything to do

you'd think but it'll use rediculous amounts of RAM

32gb

• macos memory management

never had issues w/ it

im just watching youtube, editing plists and using discord

cant beat macos on that

same reason they barely ever upgrade iphone ram

one of the few things they got right lol

im sure theres a way to hack it to use more than one core

but thats beyond my knowledge

w/ source

yes

@faint timber yeah - run 2 copies and disassemble different things

boom 2 cores

^ lol

otherwise glhf

i'm thinking

cat $(file) / 2 > out1.bin

you could get something like substrate running

if your name is ilfak yes you could, and I have no idea why he has not

and swap out the ida dylib on macos

well, not swap it out, too much there

but hook the symbols

but that's not something you can hack in with binary editing

yeah not with that

w/ hooking however

unlss you're truly insane

i'm starting to wonder if it's possible

most of the IDA logic here is in the dylib

ida 7.0 took 30 minutes to decompile one for the obfuscated sep functions in checkra1n

that's hikari lol

yep

cfg flattened af

I mean yes it's possible but... you'd have to understand the workflow and interconnections of everything

good thing we have oss now

it's all symbolicated tho so

it's about as possible as a very complex tweak, definitely not too far out

i'm not gonna do it but if someone cared enough it might just be possible

IDA also doesn't prevent you from modifying the library

no binary drm here whatsoever

but w/ dsc libraries

you can use hopper now if you need speed

• the extractor on my github

no freezes yet fingers crossed

are u loading the whole thing in anyways

yes for the memes

sigh

alright on

lol

jsyk

it's not loading yet

ik

it's enumerating

1 core go brrr

7 threads

tell me how it is tuesday

will do

should be close to done by then

gonna get yelled at for using all the solar

buy a server

do it on idat

bc you now can't reboot ur pc for 5 days

I have a free server

website is on it

then use idat to do it there

or on a digitalocean droplet

will do that if I need to dissasmble cod

cod uses something worse than hikari

I wish python usb worked on my mac 😦

@upbeat wyvern you know offhand if it's legal for me to host extracted binaries

not sure if that's dmca-able

thought about just running all of the ones that work through it and tossing them on a website

yep, we can't even host website theos compiler

huh

apple gonna dmca us 😦

what is 'website theos compiler'

project proposed by the theos guys a couple years ago but never got off the ground

afaik

ida makes me sad

gpu is a very good resource

@half walrus I'm pretty sure it's not technically legal

they typically don't go after non-commercial stuff tho, right?

apple absolutely could dmca you

but yeah no idea what they would do

like i think they could probably dmca the sdks repo

True but that’s not even the main issue

no?

it's extracted tdb files isn't it?

not all of them

i think?

then yeah probably

but I think all the theos sdks are that

because that reason

Guess I could just do it and see

worst that happens is a DMCA since not for profit

@primal perch yeah I suppose blr would help 😛

probably true

if you have a good fair use case for it, you might be ok too but I don't know what that would be

but why do you want to host them?

because nobody uses the extractor

make it work on-device 😄

it does

:)

nice

then why doesn't anybody use it?

part of my fork was adding that

good question

you have it on bigboss or something?

the reason I don't promote it as hard as i do my own projects is its a fork

original wasn't usable

but if i promote it like i do my own stuff the guy who wrote the main chunk wont get credit

i'll look like i'm stealing clout

can you also link against them?

eh what you did is just as big imo

but he wouldn't care, PR it back to him?

already did i think?

i think my stuff got merged in

took a month tho

is why

how do you even promote stuff, twitter?

same way i promote dragon

yell about it constantly

given i'm trying to do that more w/ this too

what's dragon?

haha

https://github.com/dragonbuild/dragon

I was joking 😉

good

go use it it's better theos

I'm trying to get the extractor added to hopper officially though 😛

given the output is already better than IDAs

cuz currently fixing hopper output is completely impossible

might add to dragon except for this issue ^

gn @developers and @designers

....

that's a horrible reason not to integrate it

make it a submodule or something so it's obvious where it came from lol

seeing that windows pixel font on macOS makes me angry 😂

lool

wish I could fix it

nope, actually I've specifically been careful about what's hosted there to limit it to only headers (refer to Google v. Oracle), tbds (symbol list that definitely isn't copyrightable), and runtimes intended for distribution anyway (there's one for WatchKit 1.x apps in earlier SDKs)

yeah, but when i'm kind of dumb about that stuff it's kept me from getting on almost anyone's bad side here so, /shrug

this is half of why I'm not just accepting all the PRs adding more generated SDKs, as helpful as those people are

probably going to get around to it still

just typically write my own implementations of stuff from scratch to avoid even having to think about that

I've been manually sifting through SDKs to remove anything that doesn't seem clear-cut, which is clearly absolutely not scalable

actually they could claim headers maybe since they're verbatim, like if they really wanted to claim an inline func like CGRectMake (terrible hypothetical but anyway) is complex enough to reasonably be protectable by copyright

see now with extracted binaries i wonder how it'd play out

as they're extremely modified

wonder what the license on dsc frameworks even is

or maybe comments since that's prose, and it may have unique info Apple has never licensed for redistribution, blah blah stupid legal shit

still I think the optics of going that far is just silly

see i don't think i've ever seen apple go after non-comercial

even with hackintosh stuff

no cases come to mind, and absolutely not anything in this community that I've ever heard of

except in the explicit cases it's been a for-profit setup

iboot leak maybe

but that's a whole nother puppy

this is all symbolicated

yeah I mean, private IP leaking is extremely different from some binaries that were already distributed publicly anyway

I need to mention again how wild the Google "people also ask" box is

Is Bing powered by Google?

What is API PDF?

i'd say it could be useful to them but they have uncompressed caches internally so

which are useless in IDA now lol, output is actually worse

uncompressed is better?

err

compressed is better?

the dev caches i think just don't optimize the stubs

it's in dyld source

but because the format is different, IDA had issues with them

i'm thinking maybe it's useful for like

lldb?

ah so more like ida just doesn't know how to work with the format

possibly

yeah, it made it usable in Hopper at least

iirc, it might've just crashed there too cant remember

https://iphonedevwiki.net/index.php/IDA_Pro#InternalUI_.development_cache

need to expand that with the stuff found in dyld source

i also need to fix this entire article lord

it's just a blog post on a wiki rn

hot

@lime pivot you know of any non-limneos private header dumps?

https://git.io/iosrth

bless

unfortunately he doesn't update them any more, and the way you dump them is bad

generated by RuntimeBrowser (which I put on chariz) which continues to be an incredible tool for getting clean headers

coming along very nicely

he then… literally just runs the webserver and does a full wget mirror

(all those are links and they work)

I really really need something that just acts exactly like github, but gives me a bit more freedom

w/ header browsing?

bc that's exactly what i'm trying to do right now

or rather maybe I should say lets me do grep, including regex for extra points

http://androidxref.com/9.0.0_r3/

this is a website you can and should copy from

wonder how that could be done with php

I use this heaps at work, it's fucking amazing

of course, it's full source search, not just headers

trying to just do what limneos' site was supposed to be

in php

no hate to mass1ve's alternative

I also want wiki comments in the future so

because I need something like that myself and iphonedevwiki is too non-specific

well as a wise person once said,

not writing account logic in python

I thought about doing a better header search tool a long time ago but I have enough going on as-is lmao

a few years of delving into Android via AndroidXRef/OpenGrok spoiled me

being able to do this type of coding is

idk why php gets so much flack honestly

all of my code is in one file in a good way

it's like someone took javascript and gave it superpowers

http://localhost:8080/?framework='><script>alert(1)</script>

given, I can do this purely clientside, see https://krit.me/, but this is easier

careful you gotta escape stuff

is there a threat there

considering it can only affect client side

nah, can't do anything all that interesting exactly

no interesting cookies to steal

but it's still something you should just always handle regardless

only thing you can do with that is inject javascript into your own browser

which already has a built in console

yea, but I can send you a link that gives me your cookie

or other bad thing related to this website

see: when saurik thought it was cool to have a GET request automatically charge your credit card

LMAO

that's, extreme

I don't code for non-threats

probably not good practice but

DragonMake has an issue that lets you execute arbitrary python iirc

but trying to fix stuff like that is like

well I mean that one was just bad programming, you never ever carry out a task on a GET request

POST would have prevented it

lol cydia won't check a repo if it doesn't first respond to a certain request regarding packages.bz2

not GET or POST

cant remember

yeah erm, that should probably be changed

it HEADs /Packages.bz2 and /Packages.gz

yeah

that

fucked with me when i wrote a sanic.py repo

so you need /Packages.bz2 to always exist, even if it's just an empty file and you only serve /Packages.xz

that auto-generated everything dynamically

so i had to write a section to respond to HEADs with 200

just for cydia bc it is a special cookie

don't get me started on how the apt downloader is dumb

i don't really understand how a HEAD request is anything other than a waste of bandwidth

GET provides the exact same thing

I learned that my rate limits were actually cut in half because HEADs on downloads were just being treated the same as GETs on my end

lol

well, no, not the same thing

HEAD is just the headers

or in my case I just go "yeah it totally exists 🙃" on HEAD now

cuz the same error logic exists after the GET request

so

that results in the fun thing of APT sending the HEAD, then sending the GET even though the HEAD failed

resulting in the error output displaying the status code twice

if (!filedoesn'texist)
{bad}
if (!filedoesn'texistbutiusedGET)
{bad}

is that just outdated code?

like i cant think of a situation in the past it'd make sense either

not like a GET request to a file that doesn't exists wastes any bandwidth

honestly? apt's methods system just sucks

consider that it was designed for two things in the Bad Old Days

1. reading the hardcoded APT repo on your Debian CD (you would get the entire distro on CDs and just install what you wanted)
2. downloading updates to the packages you got on the CD via your trusty local FTP mirror

n all of ios jailbreak is built upon this

why saurik

HTTP slightly feels shoehorned in, HTTPS feels very shoehorned in

for http they wrote their own entire HTTP client, for https they used libcurl

jesus

that's something i'd do

idek if i'd go that far

best part was https was a separate package, not even installed by default, until a few years ago

do jb package managers support FTP?

oh hell yeah they would if you put them in sources.list

or cdrom or rsync

oh neat

idk what the benefits would be but i might screw with that

maybe better for a bootstrap idk

like, nobody touched that code because literally zero people will ever hit that code

I vaguely know the insane bootstrapping system uncover used was based on cdrom

effectively the ipa is your Debian CD-ROM Elu base distribution

love being an edge case

oh yeah I remember seeing that when fucking around with the packages in the IPA

good ol "no reasonable person would expect you to fix this but i found an edge case that makes my repo crash your app"

@ zebra discord

also, occasionally, Debian/Ubuntu upgrades can get in a bad state where the cdrom source is never cleaned up, resulting in the most beautiful thing you can still repro to this very day, where it asks you to please insert your Ubuntu 20.10 Groovy Gorilla CD

"if you create an entire python runtime in your depiction and simulate an entire fileystem in that runtime, and load several files into memory, depictions crash"

that's fucking amazing lmao

funnily enough only happened on zebra

was it just annhilating all of zebra's allocated memory so watchdog said nuh uh

see i'm not sure

it only broke the depiction

and only in zebra, not in any other place i viewed it

while working on a project for my job a month or two ago now I was initially loading full-quality images off of the S3 to display in the app

didn't think much of it, like yeah kinda slow but I'll make it load the thumbnails instead later

i fixed it with this

yeah uh when not running under the debugger it can easily crash after loading only about 2 photos (not even of full iOS camera quality)

aka, don't lazy load anything larger than 500b

given, it's still all loaded into the html bc that code is in cat

but something about storing file contents in the python runtime as well just broke zebra

I can still cat massive files repeatedly now in it after that fix

at least in Zebra you have the modern WebKit2 features like blob storage and webgl

I need to add localstorage support

once i expand the filesystem emulation to its own file

please insert your unc0ver 5.3.1 CD

i'm so like

this is of course not to say you should use blob storage and WebGL in a depiction

legitimately happy about how that website turned out despite how cursed the entire thing is

full functional FS emulation entirely in python, and it works and scales properly

floppy ok? https://www.youtube.com/watch?v=iT1l8Dcjb1Y&vl=fr

and if i can properly emulate file descriptors which is next, wew

which will actually be difficult due to the async nature of that

this is why we stan Android being based on Linux

multithreading python in a tweak depiction 😛

because

god is dead

things you never thought should work, magically fucking work

does it count as purely client side given the cursed nginx config though

man I forgot he literally runs a game in dosbox from the floppy

you also have access to WebWorkers in Zebra!

I shouldn't be telling you these things

i was about to say

don't make this worse

i'm already looking at how easy it'd be to implement 'binaries' compiled in webasm

because someone happened to let me know that existed, unfortunately

already the only repo with depictions that have to 'boot'

me: trying to make depictions load everything in <1 sec

krit: trying to build an entire operating system inside her depictions

god dammit

ironic given my usual obsession with making things fast

now I have to make my depictions run on Windows 95

i do want to make things faster though, might have to use the webasm python implementation

brython is ok until you try to use the regex module

while i'm trying to get my depictions to run Windows 95

the question is how I can make the win95 image do something different dynamically based on which page you're on

I think https://win95.ajf.me/win95.html can access the internet?!

i don't think it'd surprise you to know that i considered that for my depictions

however

kirb and krit are two great similar names

@nimble parcel's name is a reference to that if u were wondering @ jules

Oh yo

Pog

ok gn guys

gn

I can imagine myself spending more time implementing carousels that are compatible with Internet Explorer 1.0 (likelihood of that is approximately zero) than actually working on useful chariz features

i have never written IE compatible anything in my life

well I mean

IE5 - 8 were bad

we considered it for https://old.reddit.com/r/Monstercat but

fuck that

IE1 - 3 are really nothing like the web we know it today at all

and MS even said fuck it and just uses chromium now

w/ edge

IE…3? introduced JScript?

JavaScript But Java Is A Trademark So It's JScript

lol

which came first

Netscape invented and shipped LiveScript/JavaScript

bc if it was java, javascript was a horrible name to pick

somehow successfully licensed the Java name from Sun for reasons I still can't understand

ah so it was

its like me making pythonscript and it's a compiled staticly typed language

like… the only "Java" thing about it was that you could vaguely make objects that kinda work like Java classes but not really

and that Brendan Eich had the genius idea to port java.util.Date, feature for feature, bug for bug

so you do new Date().getYear() and it returns some nonsense value

everyone knew that was dumb

javascript is closer to async python with c syntax

he still did it anyway cause fuck you that's why

love to live in the year 121

which is why using python for client side actually feels very natural

it's also said that JavaScript was written in 10 days

would recommend if it didn't require a runtime

man I can't even build and ship a feature of my job's app in half that

sounds impossible but then again

velox was written in 3, basically

hah, I mean

shouldn't have been shipped on day 3

but

lol

😬

H+ Pro for ios 13 was written in about 12 hours

if you dont include the 5 months of half-assing work on it

when it isn't your full time job and you're on an adrenaline high (or amphetamines it's ok I don't judge) you can smash shit out in no time

I have this with Chariz cause it just comes naturally like oh I totally need to work on this thing

but my job can be so gruelling and slow despite that I literally know what to do

my favorite part of this is when it very very slowly attempts to play the startup sound

my insane ability to quickly build entire projects is offset by the fact i quickly build too many projects

hah, see, that's why it's good to have one super long-term project

like me

gonna try and pound out as much of this header site as possible in one run bc i have so many things to work on rn it's never getting touched

yeah same here w/ u already know what

my workflow depends on it so if it breaks i have no choice

yeah use getFullYear 😛

I thought it would just say 21 btw

the goal isn't can I make a few thousand bucks, it's can I make a few thousand bucks and do that every week so I can employ people and make it better and strike some big business contracts and

my goal rn is to

not have this

lol

sometimes I do feel like we're in the year 121 with how the US is going

eeeeeee

ow

yyes

the fact that i'm not panicking about that should tell you enough

lol

does that… kinda affect your plans

for getting out

yes

but i have backup plans on that bc i'm kind of used to it happening

hopefully out by may

when it's easier to get housing where i'm moving anyways

as for everything else i have a month to fix that

so we'll see

do they know yet?

parents?

yeah

nope

just going to keep it on the low and go ahead and hop on hrt for now

going to have to diy it (woo) bc insurance

thanks to someone you can probably guess for giving me instructions on how to do that lol

this is meric’a

was riding a very 'happy/confident' wave for a few days there, i think i mentioned, but i'm back in my usual mindset at this point, think things will end up fine w/ it

I'm sure it'll work out in the end

i'm good at bullshitting my way through things despite the odds and somehow ending up better off, if anything

shouldn't be in as good of a spot as i am rn and yet

adulting is bullshiting your way through

given -$600 is

probably not the best spot

but it usually works out

h+ almost ready

not polished but 'ready'

I never really drew negative but before I got my job I did find myself realising I don't actually give that many fucks about my entire net worth being like $20 and a used macbook pro

rarely let my liquid assets get very high

Chariz ready 👀

usually immediately investing it back into my business

which

i need to open a credit line

^ doing some coke & making 1k in the next 7 days is what I need right now

I probably would have cared a bit more if I had a car at that point

because i'm literally treating my bank account like a credit line rn

I still don't have a car

or even a license

i'm on the uppers where does the 1k come in

so guess I can live off savings for a good while

doing uber/food delivery like everyone and their mamas these days

how is coke gonna help with that

if anything weed 'd be better

driving for 14 hours needs something to help stay awake

caffeine

uppers are shit for that

uber drivers being potential covid superspreaders for shit pay makes me uneasy

i still need a lot of caffeinated shit to pull me through all nighters, other stuff just keeps me mentally lucid for an extra 24 hours

lord the amount of chemicals in my body rn

more for them knowing having even just some money to survive a few more days is higher on their priority list than not getting covid

god help my liver

bout to dump E on top of that

this poor body

least i don't drink

I learned my body actually really rejects most energy shit

accidentally skipped coffee one morning

realised it actually was for the better

no more headaches or dry af skin

more focused

idk how that even works

never had that issue but it can happen yeah

i get headaches if i go a day or two w/o caffeine

recall a summer camp i went to long ago

banned caffeine

basically threw a ton of kids through withdrawal for a week

then at the end of the week let em have a soda

so many people got sick

that's a dumb rule

myself included

the amount of sugar probably has something to do with that

yeah the next year since i was """friends""" with the cook they let me store some redbulls and grab coffee w/ the adults in the morning

I really can't be sympathetic to people who think they know better like no coffee it's bad for you anyway hnrrrrr

not really friends but it was a church camp and the cook and i were the only people not from the church that was the main group

tbf i can respect the sentiment lol

caffeine should be banned for <18 or at least <16

nah the people who chung those monsters are the ones I’m thinking of

addictive substance

but you can buy 300mg 16oz cans now at 12yo

used to be max 185 in stores

jumped to 300 over the past few years

been fun watching how high that's driven my tolerance

used to make me puke but now that's daily intake and then some

I can appreciate coffee is addictive because it does also taste good (as long as you don't buy nescafe) and you look forward to the taste every morning, but energy drinks man they all taste so bad

mm

don't they want me to be addicted?????

there's good ones

monster and redbull's 'default' flavors are

don't taste well

but i honestly like

there's swiss chocolate monster coffee

and it was a problem for me because it tasted so good and drank so easily i would drink wayyy too much way too quickly

oh man I figured out how to do the windows 95 thing I was thinking of

so it's kinda like drinking straight vodka for me in the fact that i don't want it to taste good bc im not drinking it to enjoy it

the US is prolly more likely to do that than ban 8 year olds from using AK47s unsupervised

I can pre-make a RAM image with a certain area designated as where to find the url that needs to be opened

stop

read that with a quick C program on boot

that's farther than i would go

lmaooo

don't go farther than i would go

i already crossed a line when my depiction broke zebra lol

didn't file an issue because like

yeahhh

i'm not sure if like

but have you figured out how to do RCE in Sileo yet

"i did something absolutely absurd but technically in scope and it broke" is something they want to deal with

I feel like this may be a bit of a heavy webpage

do i wanna know

I can name one or two ways I've thought of

…but I won't

possibly but im not even sure if it’s patched yet tbh

that's the other reason i went with 'simulation' lol

despite my website being, my website

it's still lighter than google search

in terms of download speed

i have so many questions

I remember when google.com was like the omen of tiny webpages that still look great and are functional

such as

what the fuck adam

we were discussing https://krit.me/ and a VM came up

dont blame adam this is on me lol

not to mention i unironically looked at implementing that

now it's like it renders a homepage with a fake search box and buttons that then immediately jump to the results page that's magically already there loaded up for you, it has to preload results, it has to preload AMP sites

in depictions

this went all the way to very silly things like not using </body></html> because it's not like any web browser is gonna blow up without them

and not using <head> because the extra bytes honestly do nothing useful

so not one but two people thought “oh it’s a good idea to implement my website as a fucking emulator” damn

yep!

I mean

see but i dont think adam was serious

you've seen https://kirb.me

me however

oh yeah i take that back

i literally stole the idea from you

nevermind

well

I miss when I had the Linux 3.1 for Workgroups boot screen

i commend the stubbornness effort tbh

had it myself and you gave me the inspiration to actually do it

what's that written in

I'm not sure what you could call me if not stubborn

because you should totally implement krit.me there lol

actually I need to improve my website soon too so make that three

hahahaha

just requires a live mirror of the emulated filesystem in <webroot>/fsmapping

with auto-index enabled on the webserver (in that dir)

and it should work

I think I did see someone's personal homepage actually implemented as a website in IE in win95

but it was bad

I can do better

I swear I can!!!

does webasm work on iOS?

it was absurdly painful in my case because /fsmapping/ is also webroot

should?

google it

i think it does tho

@lime pivot btw I’m gonna merge https://github.com/theos/theos/pull/538 rn if you don’t have any issues with it

because i planned/plan on implementing it to an extent in krit.me

I have an absolutely terrible idea to redirect all "real" browsers to the emulator, allowing only IE3 and googlebot to access the actual content

I was wondering how does a emu work and remembered webasm

I can't wait to see how many people curse me for that

"Windows 95 is an app downloaded from the internet"

really wish browsers would add python support

it's

why not

you know @half walrus

you can't say 'overhead' because, just look at chrome in a task manager rn

aight here we go

and its purely conditional logic anyways

and there's already a mainstream webasm python runtime implementation

back when Microsoft was on their insane rampage to destroy Netscape at all costs, one bonus "feature" was that any program could insert the right registry keys and become a scripting language in IE

so you actually could implement Python in IE6 on XP

i see nothing wrong with that

except

rce

i just had a thought

but

use webasm

wen eta <script language="python2.7">

is a cpu fan turing complete

yeah erm, I'm not sure why we didn't merge this… it seems to work?

krit.me supports <script type="text/python"> 😛

pycharm/webstorm however does not

there’s a “turn on the fan if the heat is greater than a threshold” primitive which seems similar enough to subleq to make an OISC

so i moved the python to client.py

this is where you spend several hours writing an IntelliJ plugin for that

cat client.py on krit.me if you're curious

merged

i have a window with this open yes

it shouldn't be hard to edit existing stuff

also automatically closed two issues in the process so that’s nice

however, for some reason, nobody seems to want to help

lol

maybe bc that's a cursed thing

but so is electron

god is dead

@nimble parcel do you mind if i 'steal' some ui basics from supercharge for

weee

header website

I’m good with that but you might wanna ask Alessandro too since it’s his design

ok, I had a brainfart moment and realised I didn't actually need to be that crazy actually modifying the RAM of the machine before it boots

gotcha

I can just mount a floppy disk with payload data

hard to even call it stealing when it's just printing the superclass as the subtext but /shrug

I still want to modify the RAM cause it's fucking cool

time to see how much stuff this breaks :p

ok but

i cant believe i'm debating best practice here

you can't stop me bro

but wouldn't you want to do it dynamically

one download instead of

a download for every subpage

oh I don’t think you need to ask me if it’s just that haha

or alessandro

yeah, I should be able to have js download the RAM image to memory, overwrite my allocated memory area, and then boot that

have the js dynamically patch the allocated memory

should be able to continue execution like the OS never even shut down

i did a ton of the hooks UI myself since it got pretty technical to explain

yeah totally bro

if you do this

make sure to do it in the most efficient way possible

don't you want JavaScript being a malicious hypervisor to Windows Ninety Five

nothing better than doing something conceptually horrible in the "cleanest" way possible

man, this one dude wrote this entire operating system?!?!

is your website open source btw

i know that's

I absolutely love that he left minesweeper open in the initial RAM image

a dumb question but

my question is whether that means the first game is always going to be the same for everyone

i was about to say

if its on gh i wanna throw my stuff in it and see how far i can take it

I didn't open source because I didn't want dorks copying it cause they thought it was cool

(krit is not a dork krit has permission to copy it)

should’ve started it so that people could do a competition deterministically

anything web is inherently open source

soviet national anthem plays

yeah I was like not gonna hide the code in any way, it does get optimised by mod_pagespeed and cloudflare but that's it

bc u know i refuse to use literally anything i didn't write in anything with my name on it

to an extreme at times lol

just a "stay out of my shit" comment in the <head> I remember

man

I never learned how to play minesweeper

despite being one of 6 games on my first pc

didn't miss much

watch me write a search function 200x faster than limneos' site in 5 minutes

idk how it's so slow there

remember when it was cool to credit the actual developers

feel like you’re gonna have a bunch of 40-somethings cursing at you in #developer-backroom now

😂

wont know bc i'm never getting advanced dev

just a Home Premium Developer

(insert dog laughing emoji i lost it)

yeah that'll do

clearly you’re not a developer because no orang name

worth

I dig pink name tbh

hideous colour

i have lost chat mod perms here

but worth

i respect the principle

neat

I had that one coming

can’t wait to have my perms revoked for that

• now you can tell me apart from the rest of the k.* gang

I hate how, like, clean and consistent win95 is

everything just looks correct

lol

bc they never rewrote UI since then

just tweaked it

not like win 10 where some days you need Settings, some days you need Control Panel, it may look like Windows 95, it may look like XP, it could look like Vista, it could even look like 3.1!

yyup

and apple literally rewrites everything every 2 years

just realised we’re also some of the only people in this channel with actual photos as our profile pictures

glad to join the gang

two of three of our pics have been edited by the One And Only Kritanta

barely touched urs

rip where’s my krit edit

well-known photoshop extraordinare

send me high res but u didn't post a selfie taken from a bad angle so idk what to even do

thinking of switching to this profile pic at some point

@ kirb, face height or higher when u take photos, does far more than you'd expect lol

it's mandatory as part of the ^k(r|ab)i(r|t)b?$ social contract

that's a really damn good photo

haha ty

no u

krirb

camera or portrait mode

kabit

latter

supppp

amazing that i cant tell

damnit i should’ve used a fuzzer

hi 😳

mine is portrait mode but i had to run it through a shitload of stuff in PS lol

just like how krit should have used htmlentities() at the top of this conversation 😉

focal length in portrait mode is not that good on the X

honestly it's bad in general

?

I can't believe they pulled it off without the second lens on XR, same for Google on the Pixels before they decided they're all in on this camera stovetop design

i'm really not gonna protect against client side self-induced XSS on a static website

did you XSS his website because if you managed to im kinda ashamed that I couldn’t

he's talking about the header site

but MOM 😢😢😢

there's an XSS vuln in the URL params

that allows you to

inject javascript

into your own webpage

to steal your sooper sekrit cookie to do… nothing because the cookie doesn't exist yet

i don't use cookies because i'm lazy ever

is the input coming from the get params?

yep

it doesn’t have to be self xss then does it

just embed an iframe

you can take control of the client side webpage using it

if you have anything else on that domain an attacker could control that too tho

'attacker'

it gives you the same control inspect element gives you

i like to feel like im doing important things sometimes

failing to see scope here

what’s the website’s URL?

it's a localhost website rn

although "please click this link then paste this in the js console" is somewhat less exciting than "please click this link, uh, yeah no particular reason, just click it pls"

if you host it on a krit.me subdomain someone could steal any sessions/cookies across *.krit.me

which i am far too lazy to add to any of my websites

again just direct them to your website and load the header site as an iframe

if I hosted this on chariz.com it could be the direct gateway to stealing cookies for piracy

even the logins for this are going to be discord oauth2

however

ah that’s your point too

because every attack on a store hosting digital content is gonna be about piracy

if one of you wants to send me the code to fix this feel free

it's worth nothing

something tells me this is kinda not the best use of my CPU

what you guys mentioned cant be hit rn

just gotta wrap any params you feed out to html from user input in htmlentities("blah")

it's not going to reach the echo code if it cant find the file/fw

so

that could still be bad since someone could steal the oauth token

why not bro

bc it already validates existience and nullifies if it it's not there so it can redirect to homepages

the refresh token not being present locally means it probably wouldn’t last long but long enough for an attacker to do whatever they wanted with it

so unless there's a file/dir with the exact name of the class or framework it wont reach echo

so this isn't even a vuln actually

linda!!!

anyone here write php

i'd throw this on gh while i work on it but nobody else writes php here

im ashamed to say sometimes

I love how he's not shocked, he just instantly calls his wife over

ikr it’s a beautiful gif

lol ykw

gonna point cloudflare at my PC

what could go wrong

actually does cloudflare proxy serve non-web requests

go one better

bc that's a problem if so

point it at a spare iPhone running nginx and php

on certain ports I think

my local network is

yes, it does

not ready for that

for example port 8443 iirc

specifically 22

I very much dislike that cloudflare does that

don’t think so

they call it A Feature and if you don't want it, pay them $200/month for the port whitelist feature

they do proxy port 22

oh they do?

yup i'm ok

they dont

Can anyone help me in dm to find a button coordinate inside a game?

or that would work

because they assume you could be boned otherwise if you're a noob

i mean that's kinda the major point of the proxy in the first place

otherwise why proxy it

https://support.cloudflare.com/hc/en-us/articles/200169156-Identifying-network-ports-compatible-with-Cloudflare-s-proxy

Any1

ah, so they don't forward them any more

what are these 20xx ports…?

I assume connections to any other ports are simply dropped but I’m not sure

congrats

i broke cloudflare

i can't sign in now

wtf

Or another question

I’ve a connection problem with openVPN

the problem with Macs is I quit the windows 95 thing like 5 minutes ago and the fan is still screaming

have to use incognito

is there a catch to 1.1.1.1? literally the best somewhat vpn i've used

that support website screwed my cookies or something

From a technical perspective, WARP is a VPN. But it is designed for a very different audience than a traditional VPN. WARP is not designed to allow you to access geo-restricted content when you're traveling. It will not hide your IP address from the websites you visit.Sep 25, 2019

I love how they word it as "access geo-restricted content when you're traveling"

yes… that's exactly why I happen to be the proud owner of a license to a US VPN

for when I'm travelling

http://hdev.krit.me:8080/?framework=IOSurface dab

isn't it still gonna use another IP

feel free to watch me work on this in real time

check https://checkip.dyndns.org to find out

compare off vpn vs on vpn

http://hdev.krit.me:8080/?framework=IOSurface&class=IOSurfaceObjC

already have syntax highlighting

but I'm not clear on why they say it's a VPN but it doesn't mask your IP

did embedded scrolling

instead of full-page

bc

idk

just note that'll suck on mobile

yeah wondered about that

I found out the hard way after refactoring chariz dashboard thinking I was such a genius

let me check actually

i usually write css in a way that doesn't require a media rule

safari's stupid bars don't know they need to disappear if you're scrolling something other than the main <body>

it's actually great on mobile

yeah it does hide ip

partially because the mainpage is overflow hidden

won't send screenshots but it does change

in the end I did just change it to only do the inner scrolling div in @media (max-width: 500px) or whatever my breakpoint is

but i like how it feels on mobile

oop there it is

still can say my dashboard is more mobile-friendly than Apple's even after they redid half of theirs last year

fuckin mobile safari

ikr

overflow hidden on the body means