WingNews logo WingNews GitHub [2]

pR0Ps's comments

pR0Ps | 3 years ago | on: Logging in Python like a pro

You can actually do this with any level of log message by passing `exc_info=True` to it. This is super useful in cases where you want to log the exception context, but don't need to be at a high logging level.

Ex:

    logger.debug("A non-critical exception occurred", exc_info=True)

pR0Ps | 3 years ago | on: Logging in Python like a pro

Maybe it's Stockholm syndrome, but contrary to what seems like most people I don't actually mind the built in logging library. Sure, it reeks of its Java roots and can be a bit of a pain to set up configure, but once that's done it's incredibly flexible and generally works really well.

One of the main gripes I do have with it is its reliance on the old-school %-based formatting for log messages:

    logger.debug("Invalid object '%s'", obj)
As there are real advantages to providing a template and object args separately, this is a bit of a shame since it pushes people to use pre-formatted strings without any args instead.

I fixed this for myself by writing bracelogger[0]. If this is a pain point for you too, you might find it useful.

Ex:

    logger.debug("Invalid object of type {0.__class__.__name__}: {0}", obj)
[0]: https://github.com/pR0Ps/bracelogger

pR0Ps | 5 years ago | on: Gron – Make JSON Greppable

While it's true that jq's DSL has a bit of a learning curve, being able to try expressions and see immediate feedback can help immensely.

Here is a demo of a small script I wrote that shows jq results as you type using FZF: https://asciinema.org/a/349330 (link to script is in the description)

It also includes the ability to easily "bookmark" expressions and return to them so you don't have to worry about losing up an expression that's almost working to experiment with another one.

As a jq novice, I've personally found it to be super useful.

pR0Ps | 5 years ago | on: Flatpak: A security nightmare – two years later

> The closest I'm come to mimicking Mac style on Windows to create an installer that does not actual install but extracts the contents to user's temp directory and executes the application. Needed a simple solution so the end-user just had to download and double click to run the application since they might not have admin rights to install the application.

I create these self-extracting packages all the time too. Getting the icons and such right on the package can be a bit of a pain so I made a quick script[0] to automate the process. You may find it useful too.

[0]: https://github.com/pR0Ps/make-sfx-package

pR0Ps | 5 years ago | on: Architecture of the Nintendo DS

It's 100% possible to play with all the emulators running on the same computer. I worked my way through most of game with multiple players. There was a little bit of input lag but not too bad (and the game is pretty forgiving). If you have a couple friends who are into LoZ games I definitely recommend it.

We also just embraced screen-peeking as everything was up on the same screen for everyone to see.

https://i.imgur.com/pnhyEjS.png

It was definitely a bit of a pain to set up each time. Something like a batch script that automates setting the emulators to a known-good config, configuring the controls, opening up the emulators, and starting the game would be possible and would make it a lot easier.

pR0Ps | 5 years ago | on: Wireless Is a Trap

Ugh. I had the exact same issue with Qt and it took me forever to track it down[0].

Even though it's been fixed since 2017 I can confirm that there's still lots of network-using software out there that isn't using the most recent Qt library. Installing any of it will destroy your ability to have lag-free video chats or do any other real-time streaming.

I've always been in the "wires wherever possible" camp and it's things like this that are keeping me there. Hopefully headphone jacks don't go totally extinct anytime soon...

[0] https://cmetcalfe.ca/blog/diagnosing-periodic-high-ping-time...

pR0Ps | 6 years ago | on: A Mechanised Cryptographic Proof of the WireGuard VPN Protocol

Something you may want to look into is the client MTU setting.

When I was setting up WireGuard on macOS Mojave it would connect but I wouldn't be able to load pages. Other devices didn't have any issues so the server config was fine. Turns out the autodetected MTU was too large and the packets were getting dropped. A dead giveaway that this is happening is that pages will (mostly) load over HTTP, but get stuck negotiating a secure connection over HTTPS. I'm guessing this is because of the larger packet sizes required to do the handshake.

Try setting to something really low like 100 to see if things start working and adjust from there.

pR0Ps | 6 years ago | on: Ask HN: Personal photo library recommendations? Open source, browser-based

Seems like a lot of people have their own solution, I'll add mine to the pile: https://github.com/pR0Ps/PhotoFloat

Screenshot: https://i.imgur.com/F6w8Ixz.png (just took it now so I redacted some info)

It consists of 2 parts:

- a Python script to parse metadata from photos into json files and create thumbnails.

- A JS-based frontend that consumes the json files and thumbnails to provide a UI.

Features:

- Can be hosted completely statically making it ideal for low-power servers

- Serves up your photos in the same file structure as they are on the disk

- Works with many types of photos, including most raw files

- Parses and displays common EXIF data

- Works well on slower connections (minimal HTML+CSS+JS, small thumbnails, placeholders, preloads images as you view, etc)

pR0Ps | 7 years ago | on: USB Type-C to Become More Secure with Authentication Standard

I have this rule too. While there are a bunch of people with anecdotes saying their Switch is fine with non-Nintendo power supplies, the fact that the dock and console are both ridiculously noncompliant[0] is enough to dissuade me from ever trying it. I'd rather eat the markup cost on a Nintendo-branded power supply than risk bricking an expensive piece of tech.

[0]: https://www.reddit.com/r/NintendoSwitch/comments/87vmud/the_...

pR0Ps | 7 years ago | on: TorrentFreak Is Blocked as a Pirate Site and Hacking Resource

I'm unfortunately familiar with similar systems. What has probably happened is that a crowdsourced process has (incorrectly) categorized the website as 2 things: "Criminal skills/Hacking", and "News". The hotel has subscribed to this categorization service and configured their settings to block any pages in the "Criminal skills/Hacking" section because it sounds scary.

Same goes for the "Piracy and Copyright infringement".

There's no conspiracy here, just the normal incompetence. Calling the number listed on the page will probably allow you to petition to reclassify the site properly, making less likely to be blocked.

Of course, filtering in general sucks, but it's not like this is an ISP, it's a hotel.

pR0Ps | 11 years ago | on: SMSSecure – SMS Encryption for Android

Yes, anyone who analyzes the messages you send can assume that you are using SMSSecure.

However, compared to the amount of metadata that's already being leaked over SMS[1], adding the fact that you could[2] be using a specific SMS client that has the ability to encrypt messages doesn't seem too bad.

There was an option in a previous version of TextSecure to disable this tagging, but it was deemed unused and axed[3]. For the same reason, I'm loathe to add it back in, but having the option shoved under the "Advanced" menu may not be too bad.

[1] This is something that TextSecure does much better with. SMS messages (even encrypted) still leak metadata on who you're messaging and when.

[2] There's some element of deniability with whitespace tags (granted, not a lot). On the other hand, if you're registered with TextSecure (which can be checked simply by adding a user your contacts and opening the app), there's only one reason you would be there.

[3] See https://github.com/WhisperSystems/TextSecure/commit/40eca5e0...

pR0Ps | 11 years ago | on: SMSSecure – SMS Encryption for Android

Key distribution isn't really something we're doing. Each user just keeps their own list of verified identities.

We're using the same system we inherited from TextSecure for encrypted SMS: Trust keys implicitly on first use, while encouraging users to verify them out of band.

The verification is handled by providing a screen that has your identity and what you think the recipient's identity is. If the recipient's identity matches what your app says and vice-versa, then you know you're talking to the right person.

Ideally, the verification would be done in-person or via another secure means of communication. Currently you can verify identities by just reading them out, or via QR code.

page 1
more