Cryptocurrency is often touted as the next monetary replacement, but we have a ways to go until the technology is fully ready or stable. Here’s the bitcoin bug that could have upset the entire market.
A few weeks ago, Coinbase.com awarded their largest ever bug bounty to “Tree of Alpha” (Twitter) for finding a huge exploit that would have allowed a malicious user to sell BTC or ANY other coin without even owning the asset.
At first, our friend ‘Tree’ was poking around the advanced order platform to see how the order API worked. He sent a normal request from the web ui, then captured the data that was sent. Notice the parameters “product_id”, “source_account_id”, and “target_account_id” near the bottom half of the image below.
‘baseSize’ also shows the designated order price
This is the information sent to the server informing it which cryptocurrencies it should place an order for, and for tracking accounts. In the image above he had sent a test order of selling 0.02433012 Ethereum for a limit price of $3,000.
In the first step of testing, you want to break an application. Seeing where an application’s limits and boundaries are is a great way to see how to expand them.
Tree decided to change the ‘product_id’ to ‘BTC-USD’, a pair he did not own. However, he left the ‘source_account_id’ and ‘target_account_id’ the same.
He sends the modified the payload, and… it went through?
Tree was able to sell 0.02433012 Bitcoin with the same amount of ethereum without even owning any Bitcoin. Checking the live order fills and hoping it was a visual bug, his tests were confirmed. The fills corresponded with live, open orders.
Time for the last test. He listed 50 BTC in exchange for 9M SHIBA and asked if other users online saw it as well. They confirmed, and he contacted coinbase.
If this exploit had been abused in the wild, there’s no telling the damage it could have caused to the market. Coinbase is so influential, even prices off the site would have been affected. Additionally, many other public facing APIs use crypto prices from Coinbase. It could have caused a chain reaction sell off, but there’s no telling for sure as it was fixed before any harm was caused.
What does this tell us? Well, that crypto is nowhere near as stable as some make it out to be. Blockchain is an amazing technology (how the heck does it work exactly though?), but it’s not being utilized to the fullest yet.
I’m not saying don’t invest in Bitcoin, I’m saying don’t throw your life savings in there when someone with Firefox 97 is all that’s standing between total market collapse.
With this script, you can automate the removal of a massive quantity of discord messages (everything back to a channel’s origin, if wanted), including in personal channels. I used it personally to delete a conversation with over a year of messages. There were no problems after the proper modifications.
You will need Tampermonkey. This is an extension for your favorite browser that will allow you to run custom JavaScript.
Next, visit the delete discord messages repository. You will need to click the ‘userscript.js‘ file listed upon visiting the url. Copy everything (CTRL + A / CTRL + C) and install it. The script obviously does nothing malicious but you can also take this opportunity to verify for yourself.
To use, click the trash can icon in the channel or DM you want to delete and press “START”.
You can also add a ‘before message id’ or ‘after message id’ to control how much you delete.
The script will try to respect Discord’s limits as much as possible, backing off as necessary when Discord errors. I cannot promise you will not be banned for selfbotting or something, but I have used it many times and my account is fine. Just to be safe you shouldn’t be doing anything else on your account while the script is deleting (it will also slow down and cause problems anyway). AFAIK this doesn’t violate anything in terms of service but use at your own risk, as always.
Simply download whichever option flavor you prefer and run it. You may need to restart explorer to see your changes. The files are zipped up .reg files.
You should always verify any files you download/run from strangers on the internet.
Since .reg files are basically .txt files containing paths of where to insert registry entries, you can easily open any of the downloaded files in a text editor and verify the contents are benign for yourself.
Methods of downloading YouTube videos have changed over the years. Here are two of my preferred methods for doing so in 2022.
tl;dr: easy:
Use a Youtube-Mp3 converter site, if you know how to Google then you’ve probably found one of these already.
tl;dr: is asked to fix printers:
Get the latest ‘youtube-dl’ fork like yt-dlp. Use ffmpeg to convert.
Easy
Yeah there’s really nothing else you need here
The Other Method
Get yt-dlp. Put it in a folder somewhere in C:\ like ‘youtubedownload’. Rename the .exe file to yt.exe.
Get ffmpeg. Put it in the same folder. You could rename this .exe file if you want as well, the names will be the commands used in the future.
Press the WINDOWS key, and type ‘path’. (INCOMING WALL OF PICTURES)
Choose ‘Enviroment Variables’
Then,
You can then add a new entry for the ‘path’ environment variable. The system uses this to allow the executing directory to be in any directory listed in the path. Meaning, when you run a command in CMD, the system will always check any directories in the ‘path’.
Click OK on all open windows after adding the directory the exes are in to the ‘path’.
Right click on your Desktop > ‘Open Command Window Here’. If you don’t have this option in the context menu, you can download these registry edits to add it.
Next type the name of the yt-dlp .exe followed by a space and the url. So if you renamed it ‘yt’ like stated previously, it would look like so: yt https://www.youtube.com/watch?v=dIMdcJWOEFM Hitting enter will start downloading that video to the desktop directory you just launched the CMD window in. (Hint! If you want to use a Soundcloud URL like we have below, that will work too! Isn’t technology great?)
If you want to convert the resulting video to a proper audio file like .mp3, you have two options. You can use the quick solution right from yt-dl:
You can ignore missing (“unavailable in your country”, or removed) videos with an -i flag. If your playlist isn’t working and the URL contains v=<ID>, remove it so just the ?list= item is in the query string.
Or, since ffmpeg is useful for other tasks (and you should have it anyway), you can use it directly. A simple syntax of an ffmpeg command that would convert to an mp3 would look like ffmpeg -i [input file name] [output file name].[output file extension]. But wait, we don’t want to type that long, ugly file name in that yt-dlp just spit out onto our desktop… luckily we have a trick for that.
Run ‘dir /x‘ in the open CMD window. This is an extremely helpful windows command that will show ‘short’ filenames for files, making working with longer file names a breeze. Windows is telling us in the screenshot above that we can refer to the video we just downloaded as ‘moving~3.web’. Now assuming no renaming of the ffmpeg .exe took place in the setup step, our command simply becomes:
ffmpeg -i moving~3.web output.mp3
And you’re done! You now have ‘output.mp3’ on your desktop saved as the song we were just playing on YouTube. I’ve combined this process with scripted metadata adding/titling for an offline library. And, with the right yt-dlp commands it can even become an efficient way to export entire playlists of music.
Now I don’t hate Windows by any means, and I use it as a daily driver myself, and that being said, I want what’s best for its development and future. It can only get better through criticism imo.
I keep seeing articles about Windows 11, so I collected some thoughts here for consideration.
In my last post about Windows 11, I pointed out that Windows 10 should have been iterated upon instead of Windows 11 being released. That post includes a few reasons I won’t mention again here including the taskbar button being moved to the center and destroying a key UX design feature that Windows themselves must have forgotten they implemented so long ago.
Let’s talk instead about more bad things about the OS that have come to light.
Duh
As usual, the new release of Microsoft’s major operating system has lots of bugs.
Did anyone not expect this?
This is why I still recommend waiting for a while after release to upgrade, even if you like the new look of Windows 11.
When asked about the performance issues of the OS, Microsoft had this to say:
tl;dr: we know it’s slow – we’re working on it
While they are aware Windows 11 is slow – this is a key reason I’m choosing to stay on Windows 10 for now. It took a long time for Windows 10 to get to a reasonably stable version, and I’m expecting the same for Windows 11. Give it a year or two and then see where it is.
Default apps settings
Surprise again, Microsoft is making it harder to change your web browser away from Edge. In Windows 11, you must change every file protocol related to html documents, links, and other web related entries as opposed to having a simple “Web Browser” option like in Windows 10. This is anti-consumer and doesn’t make using the OS easier at all.
Context menus
Context menu options that before were one click away are now hidden for “ease of use”. This may or may not be preferred by some though, I can see users who don’t typically need the extra context menu options being more encouraged to right click and use the simplified menu.
Personally I don’t find the widgets they have interesting or useful in the slightest, and the widget pull out goes halfway across the screen, so it’s almost useless for multitasking. There are no community or custom widgets, so you are stuck with what Microsoft decides to develop. If I know them, they may release one or two more before forgetting about the feature entirely or disbanding the division of developers that work on it.
As always Windows team takes a good step forward (New Design, store, settings, etc) with Windows 11 and then takes two steps back. Here are some of the lost features from Windows 10
No option to choose different App Icon sizes and end less customization options available in tiles grid
No App Folders
No option for Named Groups
No way to resize start menu
No option for full screen start menu
No show more apps option (Current view displays only 18 apps without scrolling)
Ability to remove pinned apps and show all apps view only
Usability – Not mouse friendly, lot of mouse travel for every action. No way to remove recommended section, app and all apps buttons are far away from reach. Also you need additional click to reach All Apps. Even for touch users it is very difficult to reach new start menu or apps in two handed mode.
No refresh option in context menu, there are many instance where explorer fails to auto refresh.
Context menu is missing many options like shortcut, send to, share with, restore previous version and 3rd party customizations (Windows has poor history of developers embracing new platform features, so not sure when Devs will add these to new menu)
Quick access toolbar has been removed. So no option to pin my favorite commands like copy path
When “Turn off the store application” and “Disable all apps from Microsoft store” group policies are configured, basic windows apps like notepad, mspaint, etc will not work. This also blocks users from launching cmd or powershell from Windows + X menu
To sum things up, Windows 11 is having some issues, as is expected of a needless full OS upgrade for feature removing UX and UI changes. ¯\_(ツ)_/¯
Starcheat is a player save editor for Starbound that gives you greater control over characters, mainly their inventories. You can add and modify items easily, along with accessing the raw item JSON of each individual slot in a file. Other internal information and stats are displayed as well. This simplifies complex item modifications.
The character parsing and asset loading have been fixed and updated so it’s much faster than previous versions (a large character that would take 5 minutes before now takes a couple seconds), and it’s been fully stabilized to work with the latest Starbound version flawlessly. There are a couple other neat tools included but you’ll have to test it yourself and see. No serious issues exist with this release that would break your character but you should always back up your storage/player folder before and when modding for safety.
This game and the community have had a wonderful place in my heart since I joined it 8 years ago. This is my gift back to the community. Since it doesn’t seem like there are going to be many more Starbound updates, especially to the player file structure or foundational changes of that nature, this will probably be one of the last Starcheat versions needed.
Starcheat will never request funds for its use or development. Make sure you only ever download from Starcheat.net. There are plenty of malicious versions out there.
