Yo Leijurv this is so sick! As a fellow game hacker this sort of stuff is super inspiring.
My girlfriend and I watch all the fitmc videos even though neither of us play minecraft, and love the ones detailing your insane tooling the most.
Ever since we watched the nocom one I’ve wondered what you do professionally - are you in the infosec space?
With the amount of math and computer science knowledge you put into your work I would guess more in algorithmic trading or something like that. No worries if you don’t want to answer, just curious!
This vulnerability was patched before I wrote the post - I disclosed it to MTG.
In terms of viewing your history, you should check out https://untapped.gg/en. I have talked to them a bit and they essentially do what you want. They take most of their info from MTG's debug log, which you can find in MTGA's application directory, so you could also make your own tracker as well if you want. They talk about it on their site: https://help.hearthsim.net/en/articles/3620440-how-do-i-supp...
What is the Twitter post for? I'm assuming this was not you "disclosing" it to them, but it's basically some kind of advertisement for yourself? You did contact them via a proper, private channel to disclose and make sure they fixed it before the Twitter post, correct?
They didn't respond to my email so I tried twitter. That got a prompter response! No details about how to actually perform the insta-win are visible in the video so I wasn't too pressed about someone replicating it from the tweet
What was the process like disclosing the bug to them? One part of your post that you left out and I was curious on. Was it friendly/straightforward? Were they surprised at all that this was possible?
Pretty nondescript. I just sent them the code and explained how to replicate it. They said they'd patch it and then they did haha. They offered me some in-game currency as a reward (20,000 gems, which I think is equivalent ~115 bucks).
The name of this is a reference to the incredibly useful godbolt compiler explorer. If you are interested in this you will likely enjoy the other as well:
Sculpty terracotta would be a fitting choice. It's pretty easy to sculpt when kneaded, bakes in a traditional oven, keeps it's details. Perfect for silicone mold making.
It's never been called anything but either "GCC Explorer" or "Compiler Explorer", by me, anyway... The URL it's accessible for is an accident of the one I had hanging around :) (it's now available at compiler-explorer.com too, but...the name other people use has stuck so I'll never be able to reclaim my own domain...)
I think you _could_ reclaim your own domain if you wanted. You'd want to have a banner at the top with a clear note directing people to the new domain for the compiler explorer, so that people realize immediately that you're not domain squatting. A few people might put up a stink, but I'm pretty confident that most people wouldn't mind, especially since the tool itself is so useful. The name, for those who don't know it as your last name, is fun, but it isn't the reason people use the tool. Eventually, over enough time, people would start remembering the new URL, and you could shrink or remove the banner (and/or put a note elsewhere on the page).
Honestly "godbolt" is so memorable I can find it instantly even though I rarely use it; but "compiler-explorer" sounds like some generic SEO spam site that I'd probably never click on.
Even then the internet (and even books) are full of "godbolt" links, to the tool itself, to specific code samples. Till all those became irrelevant will take quite some time.
Links to specific examples are less of a problem as he could redirect those to compiler-explorer.com and just keep that redirect up forever. Really the only URL that would need to be "reclaimed" is https://godbolt.org/ and having a prominent link to compiler-explorer.com thee would solve that issue.
OTOH the godbolt domain is at least not actively used for a number of other TLDs getting one of those might be an easier option.
It’s such a memorable name for a tool like that. Other than losing your domain name to the topic, how do you feel about the de facto name?
To a far far lesser degree, I’ve experienced many examples of “you named it X but everyone at work calls it Y and now you have to live with that.” It used to really irk me for some reason.
It is fantastic name of an otherwise fantastic tool. The day I found it was your last name made me chuckle and liked it even more. And since I am here, thank you very much for it!
I always call it the compiler explorer but the url, as a sibling comment says, is memorable.
Could be misremembering, but IIRC it was called Compiler Explorer and used to live only on a subdomain of godbolt.org. But, it was so useful that it became presumably vastly higher traffic than the personal homepage part and people often referred to it as just "Godbolt" probably because it sounds cooler and is shorter than saying "Compiler Explorer" (and it may not be obvious the domain name is a last name rather than just a cool name for something.)
To be fair it's an amazing last name and it feels like there probably is a story, it just has to do with this guy's ancestors rather than the assembler tool we all know and love.
It makes for a nice parallel, since the original version of godbolt was just a split tmux session with vim running on one side, and "watch 'gcc -S -o /dev/stdout'" on the other. The main advantage of putting it online is not needing all of the compilers locally.
It might also be a bit of a portmanteau with a second reference to dogpile.com which was a pre-Google "search engine" that compiled search results from multiple search engines. Back in the day you often had to separately search altavista.com, lycos.com, askjeeves.com, yahoo.com, etc. because some of them would work for your query but others would not and it was difficult to predict the performance of any particular search engine, but usually at least one of them would have the result you wanted/needed.
Dogpile was an automated way to search all of the search engines at the same time with one query.
Ublock is without a doubt the most valuabe chrome extension. Most people underutilize it as a way of filtering “legitimate portions” of websites as well.
For example, I used it to filer out all recommended content from youtube, as well as comments. My youtube is merely a search bar and the video I wanted to watch, nothing more.
I’m often amazed at how people I know, full internet “power users”, don’t use it and complain about ads. I have never seen an ad in years, not on YouTube or wherever. How do people who build web stuff daily not know about adblocks? It’s so weird to me.
> how do people who build web stuff daily not know..
I'll stop it right there. You'd be surprised how many people who build web stuff daily know surprisingly little about how the web actually works or any details aside from that.
A surprisingly massive portion of people in tech have learned just enough through bootcamps and youtube videos to accomplish just enough for the specific job they are doing without realizing how it works or anything deeper than simple what to type to fix a problem.
For example: I'm shocked at the number of even senior web developers that I work with who don't know the difference between an A record and a CNAME record in DNS or even the basics of how DNS works. It is surprising how many people don't understand basic port mapping or even how a compiler works at a high level.
There is a whole generation of tech workers that only understand how to swing a hammer, and rely strictly on these tools without knowing anything larger in scope than the hammer and nails in front of them. The world of tech has turned into white collar factory workers for the vast majority of its' participants.
It's funny how I agree with your post, still switched from "full stack" to frontend, have studied at university and still there's a disconnect.
I've never dived into DNS and it's mostly a black spot in my knowlesge about weg technology basics.
OTOH, I agree with your point in that I've often been very disappointed with the lack of basic knowledge about HTTP and request/response lifecycles with BE as well as FE developer colleagues in the past.
I still would advise against mashing all of this together. Knowledge needs practise.
E.g., I learned about IPv4 CIDR at some point but just never really utilized the knowledge, so it's mostly gone.
Being a generalist is hard.
Of course this is no excuse for lacking basic knowledge (e.g., what code runs where)
As a front-end specialist you really don't need to know about anything about DNS though, unless you're doing front-end for a domain registrar, openDNS, or a cloud provider with DNS services.
I'm perplexed that there are full stack seniors who wouldn't know about this though.
As a web user who relies on controlling DNS in order to "block" ads and telemetry, among other things, and having done so since before "ad blockers" existed, I have long theorised this is why DNS is continually effective for me in successfully avoiding web developer shenanigans. Generally, DNS is a blind spot for web developers. And it appears likely to remain so for the forseeable future.
I’m cherry picking but A vs CNAME is incredibly simple, just not something most keep in their mind since you usually set it and forget it. As an aside, my guess is the recall rate would be a lot higher amongst people if the record types had better names instead of “A” and “CNAME”. Something like “Name-to-ip” and “Name-to-name” seem to be far better (I’m sure I’m missing nuance, like what do we call ALIAS, etc. but you get the point).
I guess to your core point I’m ok with there being different levels of engineers. Like any field once it becomes large enough there are opportunities for the deeply technical polymaths, the superficial tradesmen, and everyone in between. It’s just important that whoever’s hiring identify which level they want and hire accordingly. I’ve met plenty of people of both varieties so it’s not like the true “masters” of tech are dying out.
When people say "they don't know the difference between an A and a CNAME" they're not just talking about the basic definition of these concepts, which I agree with you is trivial.
But can you remember _which is which_? For instance, can a host have two A records? Can a host have two CNAMES? one of these might mess with mail delivery but the other is pretty common. Do you remember which is which?
DNS is an onion. At first it makes tons of sense. Then you learn a little bit and it makes less sense. Then you learn some more and it makes more sense. It is a bit tricky like that in a way that trips up lots of people. This speaks a little bit to your "levels of engineers," I think.
It’s not even those professionals, I’m talking people who are highly skilled and trained (CS/Engineering degrees). Like they could tell you off the top of their head HOW to build an adblocker, but they don’t use one themselves. That type of disconnect that is weird to me. People who don’t know any better I can understand.
Not to mention ads incite to consume more, attempt to creep inside your daily thoughts and lie about the qualities of the product using all the tricks in the books.
Add on top of this it gives more power to the big players with more money and create terrible incentive for the medias and you have one of the easiest moral decision in the world.
The whole industry lost me way back in the 90's when I saw the first popover/under ads for X10 cameras. No, the industry is entirely exploitative of technology with little to no real redeeming qualities and are so invasive, pervasive and dishonest that you generally can't even trust the top search results for product class reviews either.
> 2.12 People should be able to render web content as they want
> People must be able to change web pages according to their needs. For example, people should be able to install style sheets, assistive browser extensions, and blockers of unwanted content or scripts or auto-played videos. We will build features and write specifications that respect peoples' agency, and will create user agents to represent those preferences on the web user's behalf.
I was definitely late to the game when it came to ad-blockers at least compared to a lot of HN. In general my position is that sites have to make money somehow, and too many users are never going to purchase their way past your paywall, not matter how cheap it is. Even having the friction of making someone sign up for an account is often too much.
There just finally came a breaking point where too much of the web was essentially unusable without it. It's a shame this ends up punishing sites who do the reasonable thing and just have for example a static add off to the side of the content, but I don't know what else to do at this point. This is why we can't have nice things.
Maybe they just don't want to. I don't use an adblocker because I'm not bothered by ads. I just don't care enough. The only place where it's actually annoying is YouTube and that's solved by paying for Premium.
I grew up with ads and learned to not pay attention to them.
I still use an ad-blocker on all of my own systems, and on my current company laptop.
But a few years back at a different company I didn’t have any ad blocker installed. This was an office job with a desk and coworkers walking past me all the time.
So at that job I’m having the browser open reading something and one of the older guys is walking past me. He stops dead in his tracks and says jokingly “are you looking at women on company time” and he laughs.
I look at him, confused. Then I look at my screen. Whoops! Next to the content I am reading is a huge ad that is pretty much a soft core porn ad.
Embarrassed I say I didn’t even notice the lady. My coworker chuckles and says “sure”.
But really, I had developed built in blinds in my mind that prevented me from consciously paying attention to ads.
That experience reminded me to always make sure to have adblockers installed.
And of course video ads are annoying no matter what, so having an ad blocker is nice for that as well.
Plus who knows, even if I don’t consiously notice ads my subconscious is probably registering it. So having an ad blocker is nice for this reason as well!
Marketing is a branch that employs hundred of thousands of people to devise the best images to manipulate you. Billions are spent on research in this domain.
thinking oneself impervious to ads, let alone blind, is in my view a bit presomptuous. I am convinced you are influenced by ads, you just don't notice it (and that's the point of ads, you shouldn't notice)
I can't find it in a quick 2 minute search, but I seem to recall a study that concluded that people who thought they were unaffected by advertising were actually MORE susceptible. Which makes a sort of intuitive sense. If someone is aware they can be manipulated they can make a conscious effort to counteract it. Someone who assumes they are immune won't.
> I am convinced you are influenced by ads, you just don't notice it (and that's the point of ads, you shouldn't notice)
Yeah that’s why I explicitly mentioned the difference between what I consciously notice and my subconscious and why I mentioned this as another reason to have an adblocker :I
Video ads are an exception — especially when your country pushes their disgusting propaganda through it. I could honestly throw my phone at a wall when I hear that ad, and it is constantly everywhere — I don’t even understand how come I can’t report it or make it not appear to me in google?!
The frontend dev experience in particular is so heavily abstracted these days that it’s no surprise that the rest of the stack is ‘out of sight, out of mind’. You spend most of your time in the browser and deployment is just a fire-and-forget CI integration (like with Vercel).
I’d expect more from backend and full-stack engineers since it becomes much more relevant then.
I work for an IT provider - I don't think I've spoken to a single web developer who actually understands DNS and doesn't need their hand holding to get us the correct records to update. Most of them just ask us/the client to change the NS to wordpress.com or w/e, breaking their e-mail and a load of other stuff
I've been in the field for seven years, primarily working for startups, and though I'm primarily FE I've dabbled in some backend stuff, and I've deployed many apps. I couldn't tell you off the top of my head what the difference between CNAME or A record is. All I know is when it comes time for deployment, I go to Google cloud DNS or AWS's equivalent and follow the instructions on how to deploy. If things don't work, I Google it.
I understand your higher level point (these boot camp guys don't understand even the basics) but where do you draw the line between basics and not basics? Many people couldn't employé Dijkstra's algorithm, or A*, or an efficient sorting algorithm. Many people couldn't tell you how memory works outside of "don't try to load 1million things from a database."
But if they're hired as a FE/BE engineer, and can perform the tasks provided to them 99% of the time (and googling / enriching themselves that 1%) what's the concern here?
I think it's fair to expect people know the basics of how DNS works at a high level. For specific terminology, I think it's hard to remember without having some practical use for the knowledge, at least occasionally, so it's not that surprising that someone couldn't recall.
> A surprisingly massive portion of people in tech have learned just enough through bootcamps and youtube videos to accomplish just enough for the specific job they are doing without realizing how it works or anything deeper than simple what to type to fix a problem.
If this is true across the board, it may be a data point that software engineering requires a set of specific mentality and skills, so much so that we software engineers can still enjoy imbalanced supply and demand of tech talent for years to come. On the other hand, it can well be my wishful thinking. EE has always been more hardcore to master and was once a booming career, but the market for EE talent shrank a lot from its hay days.
Back many decades ago when I started, the field wasn't so broad and you could learn how so many more things worked, compilers, DNS, IP, distributed systems, hardware implementation, blah blah blah.
Those all sound like things for a network engineer to know. I’d rather a web developer spend their time mastering the intricacies of CSS than learning someone else’s specialty.
DNS records are usually set once and forget. You read the documentation once when you’re doing it, and then you basically never have to touch it again. I had to look up the difference between a CNAME and an A record, even though I’ve set them numerous times before. Not useful in day-to-day.
DNS servers: going to assume you query a DNS server that has a map of domain names to IP addresses, with basic routing via DNS records, which then resolve to a final address which is sent back. Again, never going to have to know this unless I’m a network admin.
Port-mapping: what is there to understand? I have literally never had to map ports unless I’m port-forwarding a game server I’m running on my local machine, that’s using a router to be exposed to the outside network. Literally, every cloud provider will give you an endpoint address that does not require port-mapping. If you’re setting up a company network you have to port-map, but not if you’re deploying a simple server/app. Ergo, network admin’s job.
Compilers: lol. There’s tons of languages, and tons of different compilers for each language. Then there’s distinguishing compilers, interpreters, compiler-interpreters, and transpilers. At the end of the day they take text (usually) and transform it into another form. I’ve built a compiler before (toy AST & recursive descent), but I have never needed to know about it in a CRUD context.
I'd like to take the opportunity to throw some shade at network admins because out of all companies I worked at, they have consistently been the slowest to respond when their stack is usually the most reactive to changes.
The more people that offload their knowledge to the category that should be handled by networking experts, the higher the backlog for the networking experts. Which kind of supports OP's point.
It depends what you mean by 'deploy', because that could cover everything from spinning up a new box in a cluster to creating a kubernetes deployment to simply dragging and dropping files in an FTP application or using scp.
I’ve been working professionally in the field for 25+ years. I just turn it over to the network and devops teams when it’s time to deploy. There is no reason a web developer should know those things.
Think how wide the web is now and what it was 30 years ago. The scope of work of those young people will get wider, maybe only a fraction of what happened to the web, and they'll know the overall picture because they grew with it. Younger people will know only a very specific subject and will be frowned upon.
I encountered it kinda the other way around. In a previous job I had developed a deployment system for developers. Some users on one specific team only where complaining their deployment would not show up in the tool. Though they where properly deployed after the pressed the button. Many debug sessions later I sat down with one developer and found the issue. Their team “advertising” had the team name in the deployments. So the request to get deploy status would be blocked because all of them ran adblockers themselves.
>... most users will not see them as they use adblocks plugins.
Forgive my ignorance, but is there data around what percentage of browsers has an adblocker installed? I am inclined to assume that a tech-focused forum such as HN is going to use them at a much more disproportionate rate relative to the average, non-tech-savvy joe, and therefore further assume that they're not as widely adopted as we might think.
I could totally be wrong, though.
Edit: 42.7% globally, but it varies by country. The US, for instance, only sees 38.8% adoption.[1] Hardly what I would call "most".
42.7% is unbelievably huge. Can the tech economy even survive if half the people are taking free rides? For the longest time it was no more than 10% since only the technical class used the things. Nowadays corporate and government policymakers are requiring adblockers be installed on normy computers.
I see ad blockers as good filters for them. Someone that feels annoyed by ads to the extent of making the effort to install ad blockers is not a good target for ads too. Less tech-savvy and caring users are perfect targets for ads.
It seems for example for Cost-per-mille (CPM) advertising if a user has an ad-blocker, they will not see the ad, but it would still count towards the number of impressions if the ad request is made?
There's some adblockers focused on disrupting tracking and those will both intentionally load ads and automatically click on every one of them for you.
I think it's sort of a vicious cycle too- because the number of impressions goes down from all the adblocking, the users not running adblock get even more ads to the point of absurdity (see: local news sites) as tech companies try to make up the difference.
IME you learn which sites and services can balance ads vs user needs. So it's only hell if insist on consuming from those who don't care enough about you.
Of course if ad blocking gets too be too mainstream all that will be left are 'native' ads and directly paid content.
I don't use "sites", I use the internet. I don't know, beforehand, which page I'll land on.
Some sites I do use out of necessity, because I follow the "content"/"community", and it happens to be there: YouTube, Facebook. It saddens me to no end a lot of groups of niche interests are only on Facebook, but if I don't want to end up talking to myself, I'm forced to use it.
I used to watch YouTube daily. I’m now done to once a week and more often than not it’s a terrible experience. If there are others like me, that seems like a death spiral. The more leave, the more ads must be shown, the worse the platform gets, the more people leave…
Years ago as YouTube’s ads really started ramping up, I realized paying the measly $12 a month or whatever for Red, now Premium, was an obvious good decision for me. I get no ads besides actual sponsorships that are part of the video, which are the kind of ads people who hate modern advertising say they want — not “targeted at me” but rather “alongside content that is related to the ad.”
If you just aren’t into “short form” video (or what used to pass for short until TikTok came around, lol) I can see how it would be unappealing to pay for a site you don’t use much, but YouTube premium is my ideal way for media to work.
I assume YTM is far inferior to what you had? That's bundled with my premium, but I don't use it much on account of Apple Music's integration with my own longtime music library (which, ironically, I remember GM being also strong with letting you upload your own collection)
You can get a addon called 'SponsorBlock' that fixes in-video sponsored segments. It allows anybody to submit timestamps for sponsored segments, and tag them in various ways. Its on Chrome too I think.
> The donations sought by the individual behind ublock.org ("to keeps uBlock development possible", a misrepresentation) are not benefiting any of those who contributed most to create uBO (developers, translators, and all those who put efforts in opening specific issues). ...
When reading, I often scroll up and down, and those annoying banners that appear only when you scroll up drive me mad. I hit em with the 'ol uBlock zap and they go away. So much nicer.
I briefly tried to go without blocking anything through uBlock. I was willing to give sites a chance because I felt if they needed ads to survive, I'd put up with them. They're insufferable. Pop-ups, changing the layout after the page has already "loaded", interrupting content and forcing me to scroll over it, making it difficult to recognize what's an ad or what's just an embedded video related to the article, etc. Then there's Youtube, who'll insert 30s ads in the beginning and in the middle. Even if I just want to browse videos and I haven't committed a watching a specific one all the way through.
I've been using uBlock for a long time but I really don't think I've scratched its surface; do you (or anyone) have a good write-up on advanced uses of UBlock? That would be super helpful!
Oh god yes. It filters out ~50% of my youtube. I'm at the point where I can't view websites on my phone anymore because I can't stand all the ads, three popup videos all autoplaying and talking over each other ... ublock origin provides such a stark contrast.
Maybe you already know it: you can filter ads by DNS on phones (manually configured or with pseudo VPN apps), and if you don't mind using other mobile browsers, on Android Firefox supports ad blockers and Brave (Android and IOS) has an integrated one.
Only on Android, not iOS. I have an iphone now after android my whole life. The biggest feature it's missing is the ability to block ads. It means I refuse to use the browser on my phone, which is a pretty big feature to lack.
Without VPN, iOS doesn't have an ad blocker for in-app ads, like YouTube. And blockers for browsers is extremely poor, routinely failing to block ads. Then there are sites which detect ad blockers and flag them, prevent the site from being used without disabling the ad blocker on Safari/WebView.
First install in a new computer. I'm shocked everytime I must use a browser that doesn't use an ad blocker. Internet experience for standard users suck.
> My youtube is merely a search bar and the video I wanted to watch, nothing more.
Next up. Pipe the yt url to mpv which uses ytdl to show the video in standard video player in your favorite resolution and codec so your laptop won’t even spin the fan
play.bat breaking back passed parameter to url (720p version is still one h264+ogg mp4 file so no need for ytdl) and title and passing that to smplayer
YouTube recommended has been great for me. Showing me relevant channels and videos to my interests -- woodworking, chemistry, engineering. Hasn't tried to sneak in any annoying viral videos, just good content I want to watch. I hope it stays that way -- I was always annoyed when I looked at "trending" and it's full of pop music and "we're pregnant!" videos.
