My Viewers DDoSed my Go App
Vložit
- čas přidán 29. 06. 2024
- More Episodes: • Multiuser Chat (4at)
Chapters:
- 00:00:00 - Announcement & Intro
- 00:04:30 - Name
- 00:06:34 - Hello World in Go
- 00:07:28 - TCP Server in Go
- 00:25:08 - Safe Mode
- 00:28:36 - Deploying
- 00:30:25 - DDoS #1
- 00:31:05 - Chat Server in Go - First Iteration
- 00:50:45 - Chat Server in Go - Second Iteration
- 01:22:36 - Deploying
- 01:24:09 - DDoS #2
- 01:25:03 - Self-Reflection
- 01:26:12 - Why Browser People didn't actually leak their Cookies
- 01:26:56 - Message Rate Limit
- 01:44:09 - Auto-banning
- 02:14:35 - Deploying
- 02:15:45 - Segfault in Production
- 02:16:26 - Fixing Segfault
- 02:21:01 - Deploying
- 02:21:32 - DDoS #3
- 02:22:49 - Text Filtering
- 02:26:22 - Deploying
- 02:27:00 - DDoS #4
- 02:27:59 - Self-Reflection
- 02:29:45 - Git Repo
- 02:33:17 - Outro
References:
- Source Code: github.com/tsoding/4at
Support:
- BTC: bc1qj820dmeazpeq5pjn89mlh9lhws7ghs9v34x9v9
- Servers: zap-hosting.com/en/shop/donat... - Věda a technologie
i love violating european onion laws
One man's DDoS is another man's stress test
lol
i was heartbroken after you banned escape characters. i was trying to draw booba. you're so authoritorian!
literally fascism
1984
". you're so authoritorian!" - He is Russian!
@TsodingDaily ( don't ban me 😅🤣🤣🤣🤣)
LOVE FROM SERBIA!
He should've banned grammar mistakes as well then
@@whannabi why
So, from what I gather, go and rust compiler have similar compile times, but only during the first compile, after that go is faster, because it is done sending telemetry Kappa
Not to mention uhhh Go is faster to write thus making it faster overall 🤓👆
it was fun watching you write go, kind of shocked you instinctively nested everything instead of continuing around the select loop
6:02 extremely subtle.
💀😭
This was very informative! Thanks
Such an interesting topic. I very like the stream 👍
I'm sad that i couldn't present at the live (i have some problems with twitch, it banned me or whatever).
I have long time wanted to write a simple chat, but I thought it was too simple and boring. This video proves the opposite. I hope that I will find some free time and implement something similar myself.
Thank you for fun and inspiration! ❤
what did you do to get banned lol
that was a fun stream!!
1:08:10 "really weird technical decisions" like formatting dates and times in Go
> The layout parameter describes the format of a time value. It should be the magical reference date
> Mon Jan 2 15:04:05 MST 2006
Great video - thanks
that's the best title ever 😂 it was a great stream😊
Спасибо за контент)
20:02 yeah, that european onion makes me feel bad tbh.
Very fun strem indeed
i like this stream 🤠
instead of banning escape sequences, you could print the format removal escape sequence at the end of each message, so that users can choose to write messages with escape sequences if they wish to do so, without affecting everyone else. Or add it as a flag on the server so that you can enable and disable the support for escape sequences.
ohh btw, i just realised something very important, you might want to actually filter some escape sequences or make a whitelist, because there are terminals that support the escape sequences to change the cursor position, so that is something you WILL want to block no matter the situation. You don't want everyone's chat to start printing in the wrong place so yeah, that's yet another thing to look out for.
imagine violating EU laws by 1 line of code
imagine not violating EU laws
@@TimeTravelingFetus🪑
Timestamp?
Wait when?
19:36
1:08:27 you're indeed right. In everytime i make programming my most common mistakes is that i don't know and predict the behaviors of functions, it kinda scares me. Especially in javascript and php predicting that behaviors could be a nightmare.
I wouldn't filter all escape chars, the colors are fun... Just need to reset the color after the user's message lol
Agreed, just attach a \e[0m to the end of each user's message and done.
бро легенда
mir gefallen deine professionellen deutsch Kenntnisse ngl
I am german btw.
Geile Videos mach Sie fertig
Horny videos will finish me off?
@@lolcat69 I guess it's some sort of an old German wisdom or something.
hat would be a better name than 4at ^^ and it keeps the spirit of the cyrilic h imitation
don't pretend you didn't know we were going to do that :)
Satobashi kon likes that stuff
its just a hashtable with a mutex over a tcp connection xD maybe another video idea.. implement redis!
European Onion :D
sensitive data leakage yayy
You are funny af
I'm one day late and your code rusted. How weird. Good thing you use Git or I wouldn't be able to look at both versions. I'm curious about who was posting the script for Shrek. I'm probably old enough that I shouldn't recognize that, but whatever. I was reading a chat a few months back that some of the Go developers had around a decade ago discussing whether to allow different bracing patterns and it amazes me how full of shit they were, the ones that defended the inferior K&R style bracing. The limp-dick argument basically amounted to "it would cause undue processing time when compiling". Funny thing is, you can add a superfluous brace at the start of the next line and just use two braces at the end of whatever scope you're bracing. It only makes their argument more insane when you see how many places where they don't require braces, parentheses or brackets to be K&R style. As if keeping a few extra characters of back context would be too onerous for the compiler when they use operator combinations like
I know exactly what you are referring to, I've been writing Go for nearly a decade. You are absolutely correct.
@@benisrood But do you prefer K&R style bracing or do you just endure it?
> the inferior K&R style bracing
What inferior K&R style bracing? I only know of superior K&R style bracing :)
> The limp-dick argument basically amounted to "it would cause undue processing time when compiling" [...] As if keeping a few extra characters of back context would be too onerous for the compiler when they use operator combinations like I don't have any fellow programmers to talk to anymore.
That may be because of your preference in coding style :)
@@angelcaru Go isn't a whitespace sensitive language. The only reason they enforce that braindead rule is because they have some dipshit notion that enforcing a singular style on all programmers leads to better code. It does not. And it's not because of my coding style that I don't have fellow programmers to talk to, it's because most are as dumb as the Go developers.
@@angelcaru In case you don't have e-mail notifications turned on, sort by newest to see my response since CZcams is trying to hide it.
Check how your ssh logs looks like on the server. There's probably a lot of people who trying to login with users like 'urmom', 'root', 'lmao', 'gru', 'fbi' and other funny letters of the alphabet.
Also in your place I'd consider to setup some firewall, some basic iptables or nftables rules, to be completly sure nothing funny happens.
@@Mitakbacktrack people could connect to 6969, so there is no firewall on that at least. Unless Tsoding specifically prepared for that and openned it.
@@Mitakbacktrack oh, I missread your message. Tsoding most likely have dynamic IP that geoip-ies to Syberia (kinda). If you need first to login with a browser to VPS provider and then you can connect to machine from that IP - that sucks, because SSH can be used as basic authorization and encryption channel for different stuff, not only to rm -fr entire server.
>'s probably a lot of people who trying to login with users like 'urmom', 'root', 'lmao', 'gru', 'fbi' and other funny letters of the alphabet.
And that was you, wasn't it?
19:56 GDPR, article 2.2.c: "This Regulation does not apply to the processing of personal data: [...] a natural person in the course of a purely personal or household activity;"
tho I wonder if streaming, especially for-profit, would be considered a "purely personal activity".
No jokes about socat at the end. 1984.
Hallo, meine Freunde.
Hallo Welt
If you want to learn go, watch this!
9:07 lol, i am using port 6969 in all my projects xdd
Imagine admin connecting to see the logs and some MF just constantly sending bell-character to the chat.
when I opened the source code link today for some reason go code have become rust code 🤔
Damn, that "Rewrite it in Rust" meme went too far...
learnt a little russia today
chat in persian is two letters: چت
😀
Yooo! Even more efficient!
Still four bytes
@@eyadfareh9340Don't ruin it! They're having a good time...
chat in persian be like:
:3
Why are you so authoritarian, Tsoding? I came here to learn about programming. I don't want to have to deal with getting banned if I make a suggestion that turns out to be wrong.
You forgot where he is from? lol
dont suggest something you dont know about, that fixes this issue
prob u already have learnt that, - you can log IPs of clients as grinding logger machine with no breaking GDPR, till you not using these IPs to track real people identities. Client is not a person, so logging IP of a client is a lawful practice. And you don't have to notify people that you log their IPs.
And some more, these days IP addresses used by people almost always not associated with these certain people, so even if you are a kaker and wanna track everyone by IP - it would be pretty damn difficult task in most cases.
2:00:00 Instead of [redacted[ why didn't you just use a hash on the ip string? That way it still allows tracking and printing without showing the IP address? and you can still use it for data tracking. unless you did it in the last 30 min.
There aren't that many IP (v4) addresses in the world, so the hash could be easily brute forced. Unless he used some secret salt
FYI that is not GDPR compliant either, hashing personally identifyable information doesnt make it less identifyable as per EU
Why is this video not available on Twitch? Videos older than this are still available, wish I could see the Twitch chat in YT!
I guess something happened at 2:27:40 with viewer interaction and Twitch doesn't allow to simply cut out / blur portion of stream
Does anybody knows what happened on that part of the video?@@niter43
2:21:42 xD
i cpp when ip
@@TsodingDaily The great Zozin has answered my comment. I feel honored. Thanks for making all the interesting and funny content, learning a lot on the way and recreating it in my way. Keep up the great stuff ♥
I think tsoding just wants some random seed and does not bother to move mouse around.
Onion
Can you give the person who boosted your discord server (Which he just did) permission to write messages?
rule ЗЧ 🤔
It seems like single really slow reading client would break everything. How would you beat this kind of attack?
Right, I'm surprised nobody actually tried that on the stream :D
I guess we could try to maybe set some sort of deadline for writes and if the clients are too slow strike them the way we do for spamming and stuff.
I'll think about this more. Thank you for reminding me about the Slowloris!
slow loris is a great attack
@@TsodingDaily what if that would be not one, but several slow clients? Waiting for a deadline for some count of them would be really devastating for every other chat user. For example, setting timeout for 1s (which is small enough to be legit lag) with few dozens of slow clients could lead to about a minute long delay per message. But using async write to clients will produce some unpredictable results and result in higher resources consumption
@@TsodingDaily this is a popular TCP attack called slow-loris. Even a tiny cell phone can crash a whole site by opening a bunch of requests that never respond to the TCP handshake.
@@x1expert1x I’m talking about application vulnerability, not a tcp level attack
Maybe the real difference between noob programmers and the so-called expert programmers is that the noob expects his noob code to just work, while the expert is always second-guessing himself.
"Works on my machine"
What even happens when you try to open it in the browser lol?
What a nice fcking stream
nahh what did I just see on the bottom details tab😭😭😭😭😭
Please tutor vim and setup vim
20:50 , I'm sorry, but is it even possible that not all the bytes of the message will reach the client if he uses the TCP protocol, which guarantees the integrity of the data delivered?🥧?🥧?🥧?
Oh, and also, I’m quite sure that if not all bytes are written, the conn.Write returns an error. So, “if n
how well will rust handle this ?
bro you do you use any kind of lsp ?
no he doesn't
i understand nothing what you do, are you trying to launch soyuz into orbit?
Try being DDoSed using Elixir :v
How could they do this to this video thumbnail ??!!! Those bastards!!! 😃
A is also represented as 4, and t as 7, so 447?👀
445
which distro are you using :)?
I could be mistaken but I think he is using an old version of Debian with i3wm
uwuntu - it's based on ubuntu but for animefags
no,just no! dont make it simple at first, make it overcomplicate with all solid and clean code bullshit that way people give yyou applause
now write it in the C programming language, I don't think it will be that hard actually.
Didn't you say you weren't going to use GO again because of telemetry?
Ah, shit, I forgot! Rewriting in Rust on the next stream!
@@TsodingDaily 7:04 When it was compiling really "slowly" at the start, warming up the cache sort to speak, something in the depths of my confused brain was like. Wait a minute, didn't I hear some dude on the internet complain about some compiler sending telemetry? LOL That delay felt just the right length for some (bloated) network traffic :P
@@TsodingDaily You can opt out of it I believe
28:56 lol the vps name
wait till someone backdoors urmom xD
how about p2p, serverless, nat hole punching chat
rule 34
Should have used Rust.
Your emacs config
Bros German?
Any Steins;Gate fans out there who find it hilarious that he called his project 4@ (channel)?
Late reply but I love Steins;Gate!
I also thought of @channel when I saw the name lol
Golang mentioned
Cool name! 4at -> four at -> forat (hole in Catalan)
Interesting!