My Viewers DDoSed my Go App
Ғылым және технология
More Episodes: • Multiuser Chat (4at)
Chapters:
- 00:00:00 - Announcement & Intro
- 00:04:30 - Name
- 00:06:34 - Hello World in Go
- 00:07:28 - TCP Server in Go
- 00:25:08 - Safe Mode
- 00:28:36 - Deploying
- 00:30:25 - DDoS #1
- 00:31:05 - Chat Server in Go - First Iteration
- 00:50:45 - Chat Server in Go - Second Iteration
- 01:22:36 - Deploying
- 01:24:09 - DDoS #2
- 01:25:03 - Self-Reflection
- 01:26:12 - Why Browser People didn't actually leak their Cookies
- 01:26:56 - Message Rate Limit
- 01:44:09 - Auto-banning
- 02:14:35 - Deploying
- 02:15:45 - Segfault in Production
- 02:16:26 - Fixing Segfault
- 02:21:01 - Deploying
- 02:21:32 - DDoS #3
- 02:22:49 - Text Filtering
- 02:26:22 - Deploying
- 02:27:00 - DDoS #4
- 02:27:59 - Self-Reflection
- 02:29:45 - Git Repo
- 02:33:17 - Outro
References:
- Source Code: github.com/tsoding/4at
Support:
- BTC: bc1qj820dmeazpeq5pjn89mlh9lhws7ghs9v34x9v9
- Servers: zap-hosting.com/en/shop/donat...
Пікірлер: 155
i love violating european onion laws
So, from what I gather, go and rust compiler have similar compile times, but only during the first compile, after that go is faster, because it is done sending telemetry Kappa
@iCrimzon
7 ай бұрын
Not to mention uhhh Go is faster to write thus making it faster overall 🤓👆
i was heartbroken after you banned escape characters. i was trying to draw booba. you're so authoritorian!
@cobbcoding
7 ай бұрын
literally fascism
@aspectreishauntingeurope
7 ай бұрын
1984
@dusanmalusev9530
7 ай бұрын
". you're so authoritorian!" - He is Russian! @TsodingDaily ( don't ban me 😅🤣🤣🤣🤣) LOVE FROM SERBIA!
@whannabi
7 ай бұрын
He should've banned grammar mistakes as well then
@shallex5744
7 ай бұрын
@@whannabi why
One man's DDoS is another man's stress test
@AndrieMC
4 ай бұрын
lol
it was fun watching you write go, kind of shocked you instinctively nested everything instead of continuing around the select loop
6:02 extremely subtle.
@AndrieMC
2 ай бұрын
💀😭
imagine violating EU laws by 1 line of code
@TimeTravelingFetus
7 ай бұрын
imagine not violating EU laws
@cslearn3044
7 ай бұрын
@@TimeTravelingFetus🪑
@greyshopleskin2315
7 ай бұрын
Timestamp?
@brxnni
7 ай бұрын
Wait when?
@lame_lexem
7 ай бұрын
19:36
20:02 yeah, that european onion makes me feel bad tbh.
This was very informative! Thanks
1:08:10 "really weird technical decisions" like formatting dates and times in Go > The layout parameter describes the format of a time value. It should be the magical reference date > Mon Jan 2 15:04:05 MST 2006
Such an interesting topic. I very like the stream 👍 I'm sad that i couldn't present at the live (i have some problems with twitch, it banned me or whatever). I have long time wanted to write a simple chat, but I thought it was too simple and boring. This video proves the opposite. I hope that I will find some free time and implement something similar myself. Thank you for fun and inspiration! ❤
@dixztube
7 күн бұрын
what did you do to get banned lol
that's the best title ever 😂 it was a great stream😊
that was a fun stream!!
instead of banning escape sequences, you could print the format removal escape sequence at the end of each message, so that users can choose to write messages with escape sequences if they wish to do so, without affecting everyone else. Or add it as a flag on the server so that you can enable and disable the support for escape sequences.
@tiranito2834
7 ай бұрын
ohh btw, i just realised something very important, you might want to actually filter some escape sequences or make a whitelist, because there are terminals that support the escape sequences to change the cursor position, so that is something you WILL want to block no matter the situation. You don't want everyone's chat to start printing in the wrong place so yeah, that's yet another thing to look out for.
I wouldn't filter all escape chars, the colors are fun... Just need to reset the color after the user's message lol
@anon_y_mousse
7 ай бұрын
Agreed, just attach a \e[0m to the end of each user's message and done.
Great video - thanks
1:08:27 you're indeed right. In everytime i make programming my most common mistakes is that i don't know and predict the behaviors of functions, it kinda scares me. Especially in javascript and php predicting that behaviors could be a nightmare.
Спасибо за контент)
Very fun strem indeed
don't pretend you didn't know we were going to do that :)
i like this stream 🤠
hat would be a better name than 4at ^^ and it keeps the spirit of the cyrilic h imitation
when I opened the source code link today for some reason go code have become rust code 🤔
@TsodingDaily
7 ай бұрын
Damn, that "Rewrite it in Rust" meme went too far...
бро легенда
19:56 GDPR, article 2.2.c: "This Regulation does not apply to the processing of personal data: [...] a natural person in the course of a purely personal or household activity;" tho I wonder if streaming, especially for-profit, would be considered a "purely personal activity".
Check how your ssh logs looks like on the server. There's probably a lot of people who trying to login with users like 'urmom', 'root', 'lmao', 'gru', 'fbi' and other funny letters of the alphabet.
@rogo7330
7 ай бұрын
Also in your place I'd consider to setup some firewall, some basic iptables or nftables rules, to be completly sure nothing funny happens.
@rogo7330
7 ай бұрын
@@Mitakbacktrack people could connect to 6969, so there is no firewall on that at least. Unless Tsoding specifically prepared for that and openned it.
@rogo7330
7 ай бұрын
@@Mitakbacktrack oh, I missread your message. Tsoding most likely have dynamic IP that geoip-ies to Syberia (kinda). If you need first to login with a browser to VPS provider and then you can connect to machine from that IP - that sucks, because SSH can be used as basic authorization and encryption channel for different stuff, not only to rm -fr entire server.
@c4llv07e
7 ай бұрын
>'s probably a lot of people who trying to login with users like 'urmom', 'root', 'lmao', 'gru', 'fbi' and other funny letters of the alphabet. And that was you, wasn't it?
It seems like single really slow reading client would break everything. How would you beat this kind of attack?
@TsodingDaily
7 ай бұрын
Right, I'm surprised nobody actually tried that on the stream :D I guess we could try to maybe set some sort of deadline for writes and if the clients are too slow strike them the way we do for spamming and stuff. I'll think about this more. Thank you for reminding me about the Slowloris!
@bertrodgers2420
7 ай бұрын
slow loris is a great attack
@ERazzor
7 ай бұрын
@@TsodingDaily what if that would be not one, but several slow clients? Waiting for a deadline for some count of them would be really devastating for every other chat user. For example, setting timeout for 1s (which is small enough to be legit lag) with few dozens of slow clients could lead to about a minute long delay per message. But using async write to clients will produce some unpredictable results and result in higher resources consumption
@x1expert1x
7 ай бұрын
@@TsodingDaily this is a popular TCP attack called slow-loris. Even a tiny cell phone can crash a whole site by opening a bunch of requests that never respond to the TCP handshake.
@ERazzor
7 ай бұрын
@@x1expert1x I’m talking about application vulnerability, not a tcp level attack
its just a hashtable with a mutex over a tcp connection xD maybe another video idea.. implement redis!
I'm one day late and your code rusted. How weird. Good thing you use Git or I wouldn't be able to look at both versions. I'm curious about who was posting the script for Shrek. I'm probably old enough that I shouldn't recognize that, but whatever. I was reading a chat a few months back that some of the Go developers had around a decade ago discussing whether to allow different bracing patterns and it amazes me how full of shit they were, the ones that defended the inferior K&R style bracing. The limp-dick argument basically amounted to "it would cause undue processing time when compiling". Funny thing is, you can add a superfluous brace at the start of the next line and just use two braces at the end of whatever scope you're bracing. It only makes their argument more insane when you see how many places where they don't require braces, parentheses or brackets to be K&R style. As if keeping a few extra characters of back context would be too onerous for the compiler when they use operator combinations like
@benisrood
7 ай бұрын
I know exactly what you are referring to, I've been writing Go for nearly a decade. You are absolutely correct.
@anon_y_mousse
7 ай бұрын
@@benisrood But do you prefer K&R style bracing or do you just endure it?
@angelcaru
29 күн бұрын
> the inferior K&R style bracing What inferior K&R style bracing? I only know of superior K&R style bracing :) > The limp-dick argument basically amounted to "it would cause undue processing time when compiling" [...] As if keeping a few extra characters of back context would be too onerous for the compiler when they use operator combinations like I don't have any fellow programmers to talk to anymore. That may be because of your preference in coding style :)
@anon_y_mousse
29 күн бұрын
@@angelcaru Go isn't a whitespace sensitive language. The only reason they enforce that braindead rule is because they have some dipshit notion that enforcing a singular style on all programmers leads to better code. It does not. And it's not because of my coding style that I don't have fellow programmers to talk to, it's because most are as dumb as the Go developers.
@anon_y_mousse
29 күн бұрын
@@angelcaru In case you don't have e-mail notifications turned on, sort by newest to see my response since KZread is trying to hide it.
Why is this video not available on Twitch? Videos older than this are still available, wish I could see the Twitch chat in YT!
@niter43
7 ай бұрын
I guess something happened at 2:27:40 with viewer interaction and Twitch doesn't allow to simply cut out / blur portion of stream
@LeandroSQ01
7 ай бұрын
Does anybody knows what happened on that part of the video?@@niter43
Satobashi kon likes that stuff
Imagine admin connecting to see the logs and some MF just constantly sending bell-character to the chat.
mir gefallen deine professionellen deutsch Kenntnisse ngl I am german btw. Geile Videos mach Sie fertig
@lolcat69
7 ай бұрын
Horny videos will finish me off?
@TsodingDaily
7 ай бұрын
@@lolcat69 I guess it's some sort of an old German wisdom or something.
Can you give the person who boosted your discord server (Which he just did) permission to write messages?
European Onion :D
sensitive data leakage yayy
how well will rust handle this ?
2:00:00 Instead of [redacted[ why didn't you just use a hash on the ip string? That way it still allows tracking and printing without showing the IP address? and you can still use it for data tracking. unless you did it in the last 30 min.
@classawarrior
7 ай бұрын
There aren't that many IP (v4) addresses in the world, so the hash could be easily brute forced. Unless he used some secret salt
@lionkor98
6 ай бұрын
FYI that is not GDPR compliant either, hashing personally identifyable information doesnt make it less identifyable as per EU
What even happens when you try to open it in the browser lol?
No jokes about socat at the end. 1984.
bro you do you use any kind of lsp ?
@angelcaru
29 күн бұрын
no he doesn't
You are funny af
If you want to learn go, watch this!
9:07 lol, i am using port 6969 in all my projects xdd
which distro are you using :)?
@bradstrange1374
7 ай бұрын
I could be mistaken but I think he is using an old version of Debian with i3wm
@henriquemarques6196
7 ай бұрын
uwuntu - it's based on ubuntu but for animefags
Hallo, meine Freunde.
@mrcrafter_y
7 ай бұрын
Hallo Welt
i understand nothing what you do, are you trying to launch soyuz into orbit?
I think tsoding just wants some random seed and does not bother to move mouse around.
Please tutor vim and setup vim
nahh what did I just see on the bottom details tab😭😭😭😭😭
chat in persian is two letters: چت 😀
@TsodingDaily
7 ай бұрын
Yooo! Even more efficient!
@eyadfareh9340
7 ай бұрын
Still four bytes
@whannabi
7 ай бұрын
@@eyadfareh9340Don't ruin it! They're having a good time...
@rogo7330
7 ай бұрын
chat in persian be like: :3
learnt a little russia today
A is also represented as 4, and t as 7, so 447?👀
@rogo7330
7 ай бұрын
445
Onion
What a nice fcking stream
Didn't you say you weren't going to use GO again because of telemetry?
@TsodingDaily
7 ай бұрын
Ah, shit, I forgot! Rewriting in Rust on the next stream!
@lievenpetersen
7 ай бұрын
@@TsodingDaily 7:04 When it was compiling really "slowly" at the start, warming up the cache sort to speak, something in the depths of my confused brain was like. Wait a minute, didn't I hear some dude on the internet complain about some compiler sending telemetry? LOL That delay felt just the right length for some (bloated) network traffic :P
@muhammadmustafa3158
7 ай бұрын
@@TsodingDaily You can opt out of it I believe
prob u already have learnt that, - you can log IPs of clients as grinding logger machine with no breaking GDPR, till you not using these IPs to track real people identities. Client is not a person, so logging IP of a client is a lawful practice. And you don't have to notify people that you log their IPs. And some more, these days IP addresses used by people almost always not associated with these certain people, so even if you are a kaker and wanna track everyone by IP - it would be pretty damn difficult task in most cases.
20:50 , I'm sorry, but is it even possible that not all the bytes of the message will reach the client if he uses the TCP protocol, which guarantees the integrity of the data delivered?🥧?🥧?🥧?
@vladg1252
Ай бұрын
Oh, and also, I’m quite sure that if not all bytes are written, the conn.Write returns an error. So, “if n
2:21:42 xD
@TsodingDaily
7 ай бұрын
i cpp when ip
@arcxm
7 ай бұрын
@@TsodingDaily The great Zozin has answered my comment. I feel honored. Thanks for making all the interesting and funny content, learning a lot on the way and recreating it in my way. Keep up the great stuff ♥
Maybe the real difference between noob programmers and the so-called expert programmers is that the noob expects his noob code to just work, while the expert is always second-guessing himself.
@SemiDoge
7 ай бұрын
"Works on my machine"
rule ЗЧ 🤔
Why are you so authoritarian, Tsoding? I came here to learn about programming. I don't want to have to deal with getting banned if I make a suggestion that turns out to be wrong.
@themiddlelayer
7 ай бұрын
You forgot where he is from? lol
@lionkor98
6 ай бұрын
dont suggest something you dont know about, that fixes this issue
Kmp
How could they do this to this video thumbnail ??!!! Those bastards!!! 😃
how about p2p, serverless, nat hole punching chat
Try being DDoSed using Elixir :v
now write it in the C programming language, I don't think it will be that hard actually.
no,just no! dont make it simple at first, make it overcomplicate with all solid and clean code bullshit that way people give yyou applause
Bros German?
rule 34
28:56 lol the vps name
@lievenpetersen
7 ай бұрын
wait till someone backdoors urmom xD
Your emacs config
Should have used Rust.
Any Steins;Gate fans out there who find it hilarious that he called his project 4@ (channel)?
@revenevan11
2 ай бұрын
Late reply but I love Steins;Gate! I also thought of @channel when I saw the name lol
Golang mentioned
Cool name! 4at -> four at -> forat (hole in Catalan)
@TsodingDaily
7 ай бұрын
Interesting!