[video=youtube;iFdhUYBrS-E]https://www.youtube.com/watch?v=iFdhUYBrS-E[/video]
Sorta cross posting from the discord waywo except this video doesn't contain footage of windows being annoying.
In game console powered by a handy cvar system.
TIL That you can access the command prompt from SQL Server stored procedures
[url]https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-transact-sql[/url]
Which makes SQL Injection in SQL Server that much more dangerous
Disabled by default.
[QUOTE=FurrehFaux;52967895]
Nice try but databases are for plebs.
[t]https://i.imgur.com/j1nLyph.png[/t][/QUOTE]
Noob question, when designing DBs, shouldn't you use in your production an user without privileges like drop and truncate?
[QUOTE=gonzalolog;52971182]Noob question, when designing DBs, shouldn't you use in your production an user without privileges like drop and truncate?[/QUOTE]
If you are talking about what permissions services/applications should have for the DB, the answer is the very minimum allowed.
[QUOTE=gonzalolog;52971182]Noob question, when designing DBs, shouldn't you use in your production an user without privileges like drop and truncate?[/QUOTE]
I just log in as root over ssh cuz it's easier than sudo-ing all the time. Apache runs as a non-privileged user, though. Also don't use a db either, I just have a small bit of inline php that checks whether the page is beng POSTed and calls the program with a base64 string as an argument.
[QUOTE=FurrehFaux;52972151]I just log in as root over ssh cuz it's easier than sudo-ing all the time. Apache runs as a non-privileged user, though. Also don't use a db either, I just have a small bit of inline php that checks whether the page is beng POSTed and calls the program with a base64 string as an argument.[/QUOTE]
Similarly, I have a PHP form that sends me an email whenever a user wants something from the database. I read the email, and whatever data is requested, then I look it up in a 20,000 row Excel spreadsheet and email them back with the results of their query. The spreadsheet takes about 20 minutes to load on my i7 PC, so I typically wait until I've got about 20 requests and then do them all at once
I've been pouring tons of work into my renderer (the more abstract scene-kit-esque frontend, that is), and I'm starting to make progress in at least planning things out and understanding how to leverage vulkan's upsides well. Working around the downsides of Vulkan is giving me a headache, though.
At JWki's suggestion (and it's a good one) I started more explicitly defining the jobs of classes - i.e, "geometries" entail the renderable data I can render onscreen, but they don't contain all of the state, data, or methods required to render them. Instead, these are rendered by "feature" renderers e.g icosphere's are all grouped together and rendered by the Icosphere renderer.
But then this is where things get complex. Pipelines in Vulkan hold a ton of the state used when drawtime comes around. If I was going to psuedo-code that structure out, it'd look a lot like this:
[code]
VulkanPipelineState {
[ group of state objects relating to fixed-func pipeline, 10 total ]
[ vertex binding + attribute data ]
[ data about the shaders used ]
[ subpass pipeline is used in ]
[ renderpass pipeline is used in ]
[ pipeline layout describing uniform layout ]
}
[/code]
Those last three members complicate things, tremendously. A good chunk of those fixed-function state objects are easily filled out on a nearly program-wide basis: yes, I'm using the depth stencil, yes I'm using MSAA and it has X samples. The rest are based on the geometry being rendered and small tweaks to things like winding direction and backface-culling. Initially I wanted to store the pipelines in the feature renderer, but that doesn't work since the feature renderers would need to know ahead of time which subpasses and renderpasses they will be used in + they'd need valid handles for each. So then I moved the pipelines to the renderpasses: I had the clever idea of making feature renderers register themselves with their pack of pipeline state info, a std::type_index object, and a callback taking only a command buffer that is used at drawtime.
But this doesn't really work either. Since a single renderpass can have multiple subpasses, and since things like material rendering for non-static meshes can require multiple pipelines anyways, things got loads more complicated. Initially I was storing data about a feature renderer in a map where the type_index was the key which won't work with multiple pipelines per type, but I can't really use a multimap since I'd have to maintain some ordering of the pipelines and subpasses when I go to render all the pipelines at the same type_index.
There's also the matter of descriptor sets - these describe uniform layouts, effectively stating what resources are bound at what binding index in which shader stages ahead of time. These aren't really bound and used until draw time BUT their siblings/sorta-children descriptor set [I]layouts[/I] are (these describe the layout of the sets). These have to be created and setup before pipeline creation, being bound to the pipeline layout used in the pipeline state object above (this layout describes the descriptors and the lovely "push constants"). What makes things fun is the quirks of using multiple descriptor sets or set layouts - lets say you have three of these sets, like so, in your descriptor set layout
[code]
0 - Some common UBO data
1 - Fixed material data
2 - Dynamic material data
[/code]
Then lets say you have a shader that doesn't use the common UBO data, just the stuff at bindings 1 and 2. It still needs to bind a descriptor set at 0 - descriptor set layouts aren't tied to their corresponding descriptor sets via handle or anything, only index. So the set layout says there's gonna be a binding at 0, but if you don't use it you have to use an empty descriptor set at this location and start your bindings at 1 & 2 for this shader. I still don't dislike Vulkan, but there is a penalty to the lack of state and the really low-level you work at. The honeymoon period is over, and I'm starting to dig into things tougher than just building super-thin C++ abstractions over Vulkan resources. I would also like to point out that I learned that last chunk of info about sets and layouts just half an hour ago, while reading this article lol - [url]http://kylehalladay.com/blog/tutorial/2017/11/27/Vulkan-Material-System.html[/url]
That wasn't something I had really considered in my system and architecture design thus far, but now it has to be something I keep a rather vigilant eye on. Yay! If it wasn't for the articles and info + opinions that JWki tosses at me frequently, I'd have dug myself into a [I]very[/I] deep hole with my renderer already
[QUOTE=proboardslol;52972878]Similarly, I have a PHP form that sends me an email whenever a user wants something from the database. I read the email, and whatever data is requested, then I look it up in a 20,000 row Excel spreadsheet and email them back with the results of their query. The spreadsheet takes about 20 minutes to load on my i7 PC, so I typically wait until I've got about 20 requests and then do them all at once[/QUOTE]
I mean I was aiming more towards portability than simplicity when making this. also security as well, afaik there's nothing to exploit since it only accepts base64 input and doesn't touch anything outside a hardcoded (local) directory.
[QUOTE=FurrehFaux;52974508]I mean I was aiming more towards portability than simplicity when making this. also security as well, afaik there's nothing to exploit since it only accepts base64 input and doesn't touch anything outside a hardcoded (local) directory.[/QUOTE]
If you have root exposed on Port 22 then you're being hammered day and night by Chinese and Russian botnets trying to brute force your password, so you should either use ssh keys or install fail2ban
[QUOTE=proboardslol;52974737]If you have root exposed on Port 22 then you're being hammered day and night by Chinese and Russian botnets trying to brute force your password, so you should either use ssh keys or install fail2ban[/QUOTE]
I'm hosting all this on an arch vm on my desktop. even if i had ssh exposed they wouldn't be able to get anything meaningful. sandboxes 4 lyfe
Been developing a game with a team. Got to show it off at a campus event.
Here's a trailer:
[media]https://www.youtube.com/watch?v=aHL2UPw8NbI[/media]
Here's a video of a kid skipping a hard level. (As soon as I said nobody skips levels :why:)
[media]https://www.youtube.com/watch?v=ZmN0oG2AbRI[/media]
And here's an unrelated sucky child who needed consoling.
[t]https://my.mixtape.moe/ivocya.jpg[/t]
[QUOTE=Naelstrom;52975075]Been developing a game with a team. Got to show it off at a campus event.
Here's a trailer:
[media]https://www.youtube.com/watch?v=aHL2UPw8NbI[/meda]
Here's a video of a kid skipping a hard level. (As soon as I said nobody skips levels :why:)
[media]https://www.youtube.com/watch?v=ZmN0oG2AbRI[edia]
And here's an unrelated sucky child who needed consoling.
[t]https://my.mixtape.moe/ivocya.jpg[/t[/QUOTE]
Is that Daxter? :v:
Game looks hella fun, you should upload a demo.
[QUOTE=Ott;52975212]Is that Daxter? :v:
Game looks hella fun, you should upload a demo.[/QUOTE]
Haha that's essentially what we were going for. Jax and Daxter or Ratchet and Clank. Clothes were in the pipeline but the deadline snuck up on us so he's naked.
You're welcome to try out the build here: It's pretty big though because I stole so many assets from valve games. [url]https://github.com/Kickshot/Kickshot/releases/tag/v0.0.14-develop[/url]
[B]Question: What are you working on[/B]
[B]Answer: my career?[/B]
I've been working as an intern for the last year at a local company in CRM/CTI integrations in a (wish we were) Agile .Net shop. I started out with a few other guys doing bugfixes in their backlog, then got rehired as an intern for the summer developing plugins for a new API they're coming out with. Then, this fall I got rehired to work on a project for that API (Not the API itself, but I did make a few suggestions for changes to the API that were included). They have me working on a backend API that the frontend API calls to get configuration variables for a user. In fact, this is my project entirely that they've given to me. I'm a bit of a code monkey right now since they do give me some pretty direct orders on what they want, but I do get quite a bit of control over how those things are implemented (within some parameters).
I started out on this project in .Net framework MVC 4, but a couple weeks ago they told me they wanted everything ported to .Net core for portability.
Additionally, I've been working 16 hours a week for the last year and just got rehired for next semester and they agreed to increase my hours to 27-30 hours a week.
Finally, on my last day before I go on Christmas vacation, I discovered an XSS vulnerability in our main product (which I haven't touched in like 8 months; I figured this vulnerability out kind of from memory). Essentially we were sending Javascript as a view directly to the dom which then appended it inside of a <script> tag. This isn't secure, but most of the string was hardcoded. The exception was that we were exposing a boolean configuration variable to the frontend by inserting it into this code (something like `var MyVariable = {config.myboolean.value}`. This boolean is a user-defined value inside our configuration tool, but we never check to see if the value is legitimately a boolean, since our configuration class stores it as a string, so if a user wanted to insert `alert('hello')` as the "boolean", there's no parsing or casting to ensure that it's either true/false.
My boss labeled this as low priority because our customer's servers shouldn't be exposed on the internet, but having read a few books about social engineering, I feel like someone could call up an unsuspecting Admin pretending to be us and give him instructions on how to install an "Update"
At work I'm working on this AR horror interactive experience for iOS using Unity and ARKit. Pretty fun stuff, deadline in a week. It's an actual customer (I work in consultancy) project too, so that's awesome.
Free time: When I do have time to code, I work on the challenges of the [url=http://adventofcode.com/]Advent of Code[/url]
[img]https://i.imgur.com/KSqZyds.png[/img]
So far so good. Nothing super hard yet.
It's nice to do actual brain challenges and not just 'patience' challenges like 90% of programming seems to be nowadays. By patience I mean 'look at that, some random fucking error that shouldn't even happen in the first place. Good luck finding what boolean you forgot to set to false or what class you should have instantiated...' or those 'hey you dumb fuck welcome to AWS, let's see how far you survive this 9000-step tutorial where you have to shove our shitty cli up your ass, have fun' kind of challenges. that shit makes me wonder if I should even be a developer.
[QUOTE=proboardslol;52975795][B]Question: What are you working on[/B]
[B]Answer: my career?[/B]
I've been working as an intern for the last year at a local company in CRM/CTI integrations in a (wish we were) Agile .Net shop. I started out with a few other guys doing bugfixes in their backlog, then got rehired as an intern for the summer developing plugins for a new API they're coming out with. Then, this fall I got rehired to work on a project for that API (Not the API itself, but I did make a few suggestions for changes to the API that were included). They have me working on a backend API that the frontend API calls to get configuration variables for a user. In fact, this is my project entirely that they've given to me. I'm a bit of a code monkey right now since they do give me some pretty direct orders on what they want, but I do get quite a bit of control over how those things are implemented (within some parameters).
I started out on this project in .Net framework MVC 4, but a couple weeks ago they told me they wanted everything ported to .Net core for portability.
Additionally, I've been working 16 hours a week for the last year and just got rehired for next semester and they agreed to increase my hours to 27-30 hours a week.
Finally, on my last day before I go on Christmas vacation, I discovered an XSS vulnerability in our main product (which I haven't touched in like 8 months; I figured this vulnerability out kind of from memory). Essentially we were sending Javascript as a view directly to the dom which then appended it inside of a <script> tag. This isn't secure, but most of the string was hardcoded. The exception was that we were exposing a boolean configuration variable to the frontend by inserting it into this code (something like `var MyVariable = {config.myboolean.value}`. This boolean is a user-defined value inside our configuration tool, but we never check to see if the value is legitimately a boolean, since our configuration class stores it as a string, so if a user wanted to insert `alert('hello')` as the "boolean", there's no parsing or casting to ensure that it's either true/false.
My boss labeled this as low priority because our customer's servers shouldn't be exposed on the internet, but having read a few books about social engineering, I feel like someone could call up an unsuspecting Admin pretending to be us and give him instructions on how to install an "Update"[/QUOTE]
I recommend getting that XSS vulnerability fixed ASAP. The amount of work required to clean up after an actual attack would be much greater than simply adding a patch to escape the characters. It's good that the vulnerability isn't accessible to the internet, however there's still the risk of things going wrong either from someone with access to the servers exploiting the vulnerability or perhaps someone from the outside obtaining remote access to exploit the vulnerability.
It's an accident waiting to happen.
Animations and models are doing pretty good. So that of course means moving on to something different.
So.. Buttons:
[img]https://i.imgur.com/lkmmyOg.gif[/img]
[QUOTE=_RJ_;52976768]I recommend getting that XSS vulnerability fixed ASAP. The amount of work required to clean up after an actual attack would be much greater than simply adding a patch to escape the characters. It's good that the vulnerability isn't accessible to the internet, however there's still the risk of things going wrong either from someone with access to the servers exploiting the vulnerability or perhaps someone from the outside obtaining remote access to exploit the vulnerability.
It's an accident waiting to happen.[/QUOTE]
I said essentially this, but my boss has it low on the list of priorities :/
[QUOTE=proboardslol;52976796]I said essentially this, but my boss has it low on the list of priorities :/[/QUOTE]
If that's the case and your boss doesn't want it fixed yet then you've done all that you can, keep your fingers crossed in the meantime. If shit hits the fan you can explain your position, how you brought up your concerns, and how the work wasn't prioritized. No blame should come your way.
Also I started freelancing. I just got paid $100 to do a small little weather calculator for a chemical company, and right now I'm setting up a database and small web portal for a construction company and should get $500 for that
[QUOTE=proboardslol;52977678]Also I started freelancing. I just got paid $100 to do a small little weather calculator for a chemical company, and right now I'm setting up a database and small web portal for a construction company and should get $500 for that[/QUOTE]
How did you get into it
[QUOTE=Asgard;52977724]How did you get into it[/QUOTE]
Upwork introduced a feature where employers can say that they want to hire US only. This got rid of the "competing with someone in India" issue, so I tick that box to only look for employers who hire American. Beyond that, I just filled out my profile as far as I could (I'm stuck at 90% because I have no certifications because I'm not a sucker), took the english, php, javascript proficiency exams, etc.
Also, I changed my proposal strategy. I used to apply by highlighting my personal history only, saying "here's my github, here's some things I worked on before", but what I started doing was, based off of the project requirements, start putting concrete technical suggestions in. For the construction job, I said "I suggest using PHP on the backend, creating these forms, and creating a MySQL database etc etc."
Also, I'm kinda lowballing right now to build a client history so I can work my way up to higher rates.
A lot of freelancers hate Upwork right now though because last year I think they raised their rates. For your first, like $1,000, they charge 20% (so I only got $80 from the first contract and I'll get $400 for this one).
[vid]http://carp.tk/$/1aSV0Z.mp4[/vid]
Asteroids (2017)
Writing this in python for shits and giggles because my intro class requires the project to be in python. The in-game currency will be next to useless, you'll only be able to buy hats and rocket colors, while you won't be able to earn diamonds at all in the game. There will be a fake menu buy screen with list of actual weapons (AK-47, P90, snipers, pistols and the like), lens flare, chromatic aberration, CRT curving, bloom, loot boxes, fake microtransactions and all that fun stuff.
Dank hitmarker 360 noscope bro
[QUOTE=proboardslol;52977847]Dank hitmarker 360 noscope bro[/QUOTE]
You're actually gonna get an achievement if you manage to spin the rocket 360° and shoot an asteroid that's sufficiently far away.
Learning Angular for work and freelancing as well. I like it a lot
Oh boy, haven't visited this thread in a long time.
Got a new job (that doubled my wage!) a while ago so "what I'm working on" is mainly work stuff involving 3D printing. Perks are that I get to design and print pretty much anything I want at the office, which really has been fun.
I've also been working on a freelance project for some startup folks. Super happy about this one as the pay is great and I get to entirely manage the infra while still working with others, so I have CI and Docker based builds and deployments set up exactly how I like them. Also get to use React, so good times all around.
As little extras, I'm still continuing to reverse engineer an old Xbox/PS2/Gamecube game to extract the assets for the small but lovely fanbase, and I'm helping Skippy with [url]https://facepunch.com/showthread.php?t=1588287[/url] setting up serverside stuff and whatnot for upcoming features.
[QUOTE=proboardslol;52975795][B]Question: What are you working on[/B]
[B]Answer: my career?[/B]
I've been working as an intern for the last year at a local company in CRM/CTI integrations in a (wish we were) Agile .Net shop. I started out with a few other guys doing bugfixes in their backlog, then got rehired as an intern for the summer developing plugins for a new API they're coming out with. Then, this fall I got rehired to work on a project for that API (Not the API itself, but I did make a few suggestions for changes to the API that were included). They have me working on a backend API that the frontend API calls to get configuration variables for a user. In fact, this is my project entirely that they've given to me. I'm a bit of a code monkey right now since they do give me some pretty direct orders on what they want, but I do get quite a bit of control over how those things are implemented (within some parameters).
I started out on this project in .Net framework MVC 4, but a couple weeks ago they told me they wanted everything ported to .Net core for portability.
Additionally, I've been working 16 hours a week for the last year and just got rehired for next semester and they agreed to increase my hours to 27-30 hours a week.
Finally, on my last day before I go on Christmas vacation, I discovered an XSS vulnerability in our main product (which I haven't touched in like 8 months; I figured this vulnerability out kind of from memory). Essentially we were sending Javascript as a view directly to the dom which then appended it inside of a <script> tag. This isn't secure, but most of the string was hardcoded. The exception was that we were exposing a boolean configuration variable to the frontend by inserting it into this code (something like `var MyVariable = {config.myboolean.value}`. This boolean is a user-defined value inside our configuration tool, but we never check to see if the value is legitimately a boolean, since our configuration class stores it as a string, so if a user wanted to insert `alert('hello')` as the "boolean", there's no parsing or casting to ensure that it's either true/false.
My boss labeled this as low priority because our customer's servers shouldn't be exposed on the internet, but having read a few books about social engineering, I feel like someone could call up an unsuspecting Admin pretending to be us and give him instructions on how to install an "Update"[/QUOTE]
I feel like you shouldn't be explicitly describing your company's unpatched security flaws online lol
[QUOTE=Perl;52979476]Oh boy, haven't visited this thread in a long time.
Got a new job (that doubled my wage!) a while ago so "what I'm working on" is mainly work stuff involving 3D printing. Perks are that I get to design and print pretty much anything I want at the office, which really has been fun.
I've also been working on a freelance project for some startup folks. Super happy about this one as the pay is great and I get to entirely manage the infra while still working with others, so I have CI and Docker based builds and deployments set up exactly how I like them. Also get to use React, so good times all around.
As little extras, I'm still continuing to reverse engineer an old Xbox/PS2/Gamecube game to extract the assets for the small but lovely fanbase, and I'm helping Skippy with [url]https://facepunch.com/showthread.php?t=1588287[/url] setting up serverside stuff and whatnot for upcoming features.[/QUOTE]
Can you say what sort of 3D printing stuff you're doing? I've moved (somewhat thankfully) away from the world of 3D printing since I finished my slicer, but if you happen to have questions or stuff to ask about that sort of thing feel free to PM me. If I can't help, someone else at my company can
I've gotten further on my rendering system. Now I can generate the data needed to setup an object's pipelines based on the shader descriptor set bindings - previously, these were compiled in. Now, they're generated at runtime. There's some expense to this, so I'll probably look at finding a way to cache it on-disk in like JSON or something, but so far it's really nice to have and should open up the path for even more data-driven design for this project
Sorry, you need to Log In to post a reply to this thread.
What are you working on? v67 - March 2017
