• 0 Posts
  • 16 Comments
Joined 1 year ago
Cake day: June 23rd, 2023
  • 520@kbin.socialtoProgrammer Humor@lemmy.mlcodeStyle
    12·
    9 months ago

    So this looks like it’s based in Java code.

    A public class means that any bit of Java code, including that injected by an attacker, can see and mess with the contents of that class.

    A private class, in contrast, means that other bits of Java code are restricted to running the class’s predefined functions.

    In theory it is supposed to help with the security of the data. In practice if an attacker gets to this point, you’ve got much bigger issues.

  • 520@kbin.socialtoOpen Source@lemmy.mlWitchcraft | A Minecraft server written in bash
    23·
    10 months ago

    One of the things about Java is that it is stupidly easy to decompile back into java source code.

    Obfuscation can make it harder to do but not impossible. There are also performance and licensing implications too.

    What it would REALLY hinder is mod development, which is where a huge amount of it’s diehard fanbase is, not to mention advertising via let’s plays comes from. There’s only so much material you can make out of simply building blocks, and the mod scene helps keep Minecraft relevant in Let’s Plays and streaming.

    The mod scene has been incredibly instrumental in keeping Minecraft as a whole relevant. Most footage and screenshots you tend to see today usually has a mod applied that you can see in the footage. Ever seen Minecraft with realistic lighting? That’s a mod. Seen those weird survival challenges? Also done by mods.

    If that dies off, Minecraft’s word of mouth and relevancy dies with it. And from that, so do the console versions.

  • 520@kbin.socialtoSelfhosted@lemmy.worldShould I move to Docker?
    10·
    1 year ago

    It’s very, very useful.

    For one thing, its a ridiculously easy way to get cross-distro support working for whatever it is you’re doing, no matter the distro-specific dependency hell you have to crawl through in order to get it set up.

    For another, rather related reason, it’s an easy way to build for specific distros and distro versions, especially in an automated fashion. Don’t have to fuck around with dual booting or VMs, just use a Docker command to fire up the needed image and do what you gotta do.

    Cleanup is also ridiculously easy too. Complete uninstallation of a service running in Docker simply involves removal of the image and any containers attached to it.

    A couple of security rules you should bear in mind:

    1. expose only what you need to. If what you’re doing doesn’t need a network port, don’t provide one. The same is true for files on your host OS, RAM, CPU allocation, etc.
    2. never use privileged mode. Ever. If you need privileged mode, you are doing something wrong. Privileged mode exposes everything and leaves your machine ripe for being compromised, as root if you are using Docker.
    3. consider podman over docker. The former does not run as root.
  • 520@kbin.socialtoProgrammer Humor@lemmy.mlSPAs were a mistake
    61·
    1 year ago

    Basically it means that the API calls won’t work in a browser and would only realistically work in things like Python scripts.

    If API calls are being handled by JavaScript in the browser, they’re going to run into issues, because the HttpOnly flag means the JavaScript code can’t read the auth token.

    Things like Python scripts have no such limitations though, so this can be used in cases where you aren’t expecting an actual browser.

  • 520@kbin.socialtoOpen Source@lemmy.mlHow to bypass GPL (easy tutorial)
    15·
    1 year ago

    Context:

    GitHub CoPilot is a code-writing AI that had been trained on the projects hosted on GitHub.

    The code CoPilot has written is derived from open source projects including GPL ones, however it does not require users to abide by these licenses, thus opening up potential for litigation as it technically infringes on GPL license of the code CoPilot was trained on.