Best I can do is
"\ude41🙂".split("").reverse().join("")
returns "\ude42🙁"
Best I can do is
"\ude41🙂".split("").reverse().join("")
returns "\ude42🙁"
Oof yeah, some programs really love to touch a lot of stuff making strace kind of annoying to use. I usually end up chaining more grep -v
pipes on the end as I find files I’m not interested in seeing e.g.
strace okular | grep openat | grep -v breeze-dark | grep -v icon
Might help to first save it to a file so you don’t have to keep relaunching okular as you add more inverse greps
strace okular | tee some-file
^C
cat some-file | grep -v ...
I would probably try running
strace okular | grep openat
to see all the files it’s trying to read and see if any aren’t managed by your package manager and move those.
But the latest reply by felixernst in the kde discuss also looks helpful.
Yeah good point. I suppose the problem is this function that operates on numbers allows numeric strings to be passed in in the first place. The only place where I would really expect numeric strings to exist is captured directly from user input which is where the parsing into a numeric data type should happen, not randomly in a library function.
On my machine at least man openssl
shows that -k
is for specifying the password you want to derive the key from, so in that case I think you are literally using the string /etc/ssl/private/etcBackup.key
as the password. I think the flag you want is -kfile
.
You can verify this by running the command in strace
and seeing that there is no openat
call for the file passed to -k
.
Edit: [email protected] beat me to it while I was writing out my answer :)
It’s kind of insane how bad this whole is-number
thing is. It’s designed to tell you if a string is numeric, but I would argue if you’re ever using that you have a fundamental design problem. I hate dynamic typing as much as anyone else, but if forced to use it I would at least try to have some resemblance of sanity by just normalizing it to an actual number first.
Just fucking do this…
const toRegexRange = (minStr, maxStr, options) => {
const min = parseInt(minStr, 10);
const max = parseInt(maxStr, 10);
if (isNaN(min) || isNaN(max)) throw Error("bad input or whatever");
// ...
Because of the insanity of keeping them strings and only attempting to validate them (poorly) up front you open yourself up to a suite of bugs. For example, it took me all of 5 minutes to find this bug:
toRegexRange('+1', '+2')
// returns "(?:+1|+2)" which is not valid regexp
Ah yeah I don’t know how I would do that easily on a phone. Do those in my example above render for you? You should probably be able to just copy/paste them on a phone if they do.
I can’t find a keyboard with them, or a copy/pastable line where they’ve been typed
Maybe use combining diacritical marks?
I’m using 0x326 (Combining Comma Below), but you may need the CGJ in there to render correctly in all contexts
e.g.
Foo!̦ Bar?̦
Edit: Combining grapheme joiner, not zero width joiner
Wait, is he serious? I thought for sure this sign was satire…
I hate that Google is exerting even more control on the internet with their TLD, but I don’t really think this attack is made all that much worse with .zip TLD. I can already bury a .com
in a long URL and end it in .zip just fine like so:
https://github.com∕foo∕bar∕[email protected]/foo/bar/baz.zip
Or even use a subdomain to remove the @:
https://github.com∕foo∕bar∕baz.example.com/foo/bar/baz.zip
The truth is most people don’t look much at URLs outside of a domain to verify its authenticity, at which point the .zip
TLD does not do much more harm than existing domains do.
For mitigation, Firefox already doesn’t display the username portion of the URL on hover of a link and URL-encodes it if copy-pasted into the url bar. It also displays the punycode representation when hovering or navigating to the second example.
Edit: looks like lemmy now replaces 0x2215
which is a character that looks like forward slash with an actual forward slash, so my comment is a bit more confusing. For clarity, the slashes before example.com
in the above urls were 0x2215
and not “/”.
It is likely not worth your effort as whatever you come up with will likely result in discord deactivating your account for breaking their ToS, or them breaking their API forcing you to constantly play catch-up.
This is why open communication protocols are so important. Email is still as ubiquitous as it is because it’s a protocol, not an API.
I personally think it would be less overall effort to get your friends to switch to an open protocol like matrix, or XMPP than it would playing cat and mouse with proprietary APIs. But you do you, I wish you the best of luck!