Threads for rice

  1. 3

    I’ve been working on a DND assistant that tracks character sheets, spells, items, etc.

    It’s built in react native and backed by firestore. It’s been pretty fun trying to make something cross platform like that.

    1. 3

      Maybe it’s because I’m on mobile right now and can’t see the whole site, but I get a drop down of 6 selections - some say yes and some say no, without any other information on what is right or wrong. Is there some context I am missing? The selections themselves seem quite limited also, mostly only covering front end use cases.

      I use node for many projects, so some background or guidance on this would be very helpful, but at first glance this seems a bit confusing.

      1. 2

        That seems to be the whole site. Think it’s mostly a joke page

      1. 11

        This article has a very low quality: it reports on two not interesting facts (retrieving code via http and loading a DLL from current directory). Why is it upvoted so much?

        1. 14

          Two relevant points at least: (1) an unverified binary is downloaded and installed and (2) on Windows outdated and likely exploitable versions of OpenVPN and OpenSSL are installed.

          Then there’s the other more trivial stuff in the article that may or may not be interesting.

          Despite the abrupt nature of the article, it seems worth talking about.

          1. 4

            Yeah, I’m kind of appalled that the author completely glanced over the setup step where you download the script asking you to send your password over an unsecured connection. Forget about a man in the middle attack that switches the script, all you need is to log the HTTP requests and you get the user’s password.

            1. 4

              They seem to stop because “they couldn’t be bothered” right where things could be about to get interesting. Which is fine ofc, that’s their prerogative, but it leads to a largely uninformative article.

              1. 1

                Yeah, something has got to be wrong here. How can an article have 49 upvotes but not a single comment in its first 13 hours?

                1. 8

                  It’s an interesting find but not super engaging. It’s gross incompetence with very much not industry best practices. There isn’t much to learn from this other than “don’t write sketchy code”.