really nicely written. inrespect this is maybe known / unneeded comment, but why bother with basic auth at all, especially when there is no TLS?
i understand other auth schemes are more complicated, and maybe theres no desire to pull in big libraries. just that if theres no TLS or proper auth, you can also just skip basic auth. its only use would be to trick someone who's not familiar (unlikely with such a repo but not impossible) into a false sense of security.
ofc, not really an issue with the code, and its an excellent base to look into how this stuff works and if you want since its pretty clean and easy to ready, expand upon it. well done! love ppl churning out good ol C projects. respect!
It's fairly common to use something like nginx as a forward proxy and do TLS there. IPv4 and NAT makes this essentially mandatory if you want to host multiple services due to eSNI. You wouldn't necessarily have protection inside the server network (which isn't great) but you at least get protection everywhere else.
> why bother with basic auth at all, especially when there is no TLS?
Maybe to have some "basic" auth for an embedded device web interface or something like that? I suppose it's better than nothing. I've devices which prompt for username and password with no TLS either.
the only solution is not yo consume things that operate on the model. the difficulty there is that the model is generally adopted. so a massive amount of users will go from 1 to another system only to get rug pulled out from under them again and again.
this can be a business model, economic circumstance, mgmt change. a lot can trigger such a shift in services up to then just fine to use.
most companies did not start out on these premises, and its really hard to tell what service will turn next.
i hope maybe ISPs could handle it and offer it as a service. like an ad free internet. but then they will just more deeply embed the ads and it will still get past. changes in designs of the apps will lead to blocking being ineffective.
so really then all that is left is not to use anything that has potential to identify you and your use of it. thats not a lot of things currently. most are frowned upon if you use it in a lot of regions.
a last point would be that another problem is that the apps feed into ad networks. so using 1 is already an issue, mostly the same as using all of them. maybe less data but they can get a lot from little anyway.
guessing tokens (or something similar) i think humans grasp at more than 1 type of straw.
Edit: no ok i get u. ensemble learning is a thing ofc. maybe me n other poster reasoned too much from AI == model..but ofc you combine em these days. which is more humanlike guesser levels. (not nearly enough models now ofc)
not a bad find, its not unknown that most disassemblers dont do all the things correct. fun when u find one that breaks the further disass tho.
intel xed is pretty accurate usually but it also doesnt disassemble all possible opcodes.
if you do a jump over some UD but the jmp target is taken from reg value u can also get disassembly to break etc.
its kinda the problem of static analysis. it's not easy to see if someone inserted 1 byte of data, or if it was an unknown opcode u dont handle etc.
definitely fun, will throw off automated tools for analysis especially if you can make the invalid disassembly just call exit or do something valid but short/benign..
Yes, but in most cases there is no such large-scale problem, plus we broke even all the popular debuggers here. The jump trick can probably only break Ghydra? But anything can break it(
wanna say you are right. maybe the impact is different on neurodivergent, thats hard to have hard data on. HRs job is litterally to use a certain budget to fit all the ppl in, thats why they never give a raise if you dont ask, unless they need to give it to cover other risks (retention).
best lesson for me was an HR manager explaining it to me, after finally after 3 years i asked pretty please to give a lil raise, i was still trainee after all that time.
he smiled and said he thought id never ask. made me senior on the department matching my input. and told me this exact fact. He said, why should i give you a raise if you seem happy where ur at? never complain, never ask, never get.
its harsh but its good to understand certain hashness. Then you can work around it, step over that bridge, and be more active in tracking your input, their expectations, and showing them the mismatch deservant of a raise or promotion.
its often peoples shyness or false expectations that get them in such a situation where they feel very under valued. they are because they under value themselves or dont know how to translate/express their value to another persons perspective. another harsh truth. Especially if you are neurodivergent, the way you see things and another is further apart, so your words need to do more to reconcile that difference to generate mutual understanding.
in an ideal world this would not happen or be needed, ofcourse. but we dont live in an ideal world, and there is no switch to flip to make it an ideal world.
and - i made similar comment with a bit more elaboration. it's important to realise this is how to make an OS from scratch in the 90s without any idea of what the OS is going to do or what hardware you want to run it on, etc. etc. - there are many things missing which will surely bite you, hard, if you want to roll an actual usable OS.
it's a lot of fun to do these things, but it's good not to be convinced it's actually how modern OSes work, or modern hardware for that matter.
