New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Who uses a lol domain? Yeah not going to take you serious!
Oh wow, you know you can block any site you like? The new magic technology
And not so blocked it seems.
https://check-host.net/check-http?host=https://disk.lol/
https://dig.ping.pe/disk.lol:A:8.8.8.8
https://dig.ping.pe/disk.lol:A:1.1.1.1
https://ping.sx/dig?t=disk.lol
https://web.archive.org/web/*/https://disk.lol
https://archive.ph/SowJ0
Hi.
Correct.
I missed one message, not multiple messages as you are trying to imply.
I missed the one message where such a direct statement was made, and looking at it again even that wasn't a direct accusation. “You wouldn't be the first person to slip malware into an opensource stuff” does not accuse you of intending to, only says you wouldn't be the first if you did, and it is past incidents of that sort of thing that make people wary of the things we are warning you we will be wary about. So even the message that I missed, that you got so het up about, is a message that you are unreasonable in getting so het up about… Congratulations: by mentioning it again you have highlighted that your take is even less reasonable than I originally thought.
I note once more, as I see you have failed to acknowledge it again: you were getting shouty and insulting before what you claim are direct accusations (which actually aren't such really).
You are the only one claiming no one else can read, while apparently failing to comprehend anything that everyone else is writing…
I haven't blocked it, that is not what I'm saying at all. It is blocked by at least one popular DNS filtering service, the one my employer uses, and most likely more.
Those tests do not disprove what I'm saying, even the check against CF's public DNS server (1.1.1.1). Their public DNS lookup service is not the same as the DNS filtering service that many companies and other facilities use, the former is a simple recursive lookup service that filters very little (just that which local laws demand), the other is explicitly an attack surface management tool.
You come off as a bit of a dick.
So it is not blocked
And yes i have dick, you pussy.
Apart from the services that do filter it…
None of the tests you performed are against services that would be expected to block anything much.
Still blocked?
https://tools.pingdom.com/#604e853da9000000
https://gtmetrix.com/reports/disk.lol/svNif45C/
https://www.webpagetest.org/result/220606_BiDcVB_BQ0/
https://pagespeed.web.dev/report?url=https://disk.lol/&form_factor=desktop
https://www.dotcom-tools.com/website-speed-test?type=summary-report&id=acf4f04eea264c7285e4234ca70e87e4
Doubtful, but you keep telling yourself all that :-)
Ok calm down now people.
Hi @dIsK, with all due respect, kudos to you and your team of "IT students" for developing such a tool; I'm sure there are people who would find it useful and appreciate its existence.
Having gone through this entire thread, based on the responses/feedback I've seen, this is the sort of feedback you should've anticipated, especially when you've created a tool for the public and sharing it by joining forums with new accounts, putting it on a fresh new domain (let's just ignore the TLD for now), a newly created GitHub and at the same time, maintaining your anonymity.
I know you've been trying to defend your work and doing what you can to ensure that it's "safe" but please don't get all touchy if members of this community, and/or others, have doubts, trust issues and are paranoid - people have their reasons.
As of now, you and your tool does not break any of our current rules so I hope it stays that way.
Cheers ✌️
Our intention was never to bring malware/virus, just pure clean code.
We never cared about domain extension much (disk.lol was short one enaugh with privacy enabled), if you have any idea, well.
From now on, i will just ignore everyone who have/had trust problems (we have hash checks, we have virustotal) - don´t trust, verify
Again, they are not testing what I am talking about. For instance, why would end-user DNS filtering affect a speed test service at all?
You have entirely missed the points some (not just myself) were making, but there is little reason to try clarify them because you seem oddly determined not to understand.
Have fun.
I show you my disks, you show me boobas.
Are you talking about in RAID mode or JBOD only mode?
Oh shit, plot twist. Didn't see that coming.
I was talking about hardware raid cards where /dev/sda is no longer a representation of a physical disk. With smartctl you need to passthrough the physical device too (which the script now is doing, wasnt initially but that feature was added now
Little optimized our main site for speed load.
Re-worked readme on github https://github.com/0xDiSk/NVMe-SSD-HDD-S.M.A.R.T-Monitoring/blob/main/README.md
Finally made the wanted change: Don´t send serial number.
From now on, when you send S.M.A.R.T data to our api, the serial number is removed, means we do not get the serial number in any possible way.
https://github.com/0xDiSk/NVMe-SSD-HDD-S.M.A.R.T-Monitoring/commit/aa21a77d5b1013714736fbc955007fbcb41ba782
Got a second domain:
https://diskcheck.co/
Scripts updates will follow. We will keep disk.lol too, its too short to not keep.
Everybody, drop your pants and trust the OP. It's a respected extension now.
I am capable of reading scripts, however it's still time-consuming to do and I'd only do it if I was reasonably confident that there was some upside to it for me.
So far, you haven't given us any information on why your product and/or service is any better than "smartctl -a /dev/sda |grep -i error" as a cronjob.
Hey... they don't have a funny sounding domain any more. So there's that.
@ralf because:
We also thinking about special "battle page":
First "battle page" done
https://diskcheck.co/battle-power_on_hours
I'm not going to trust scripts from some rando, but you can add this datapoint:
@ralf you don´t ned to trust, everything has been verified
I can not add your "datapoint", when you send data to api only then it get the s.m.a.r.t data.
Yeah, no. Thanks.
Sure, next time you visit some page, you run some script, be sure you personally know who coded it, and you trust the person (because when you trust, the hack can not happen right?).
Must be sad life be so paranoid
So glad antiviruses and antimalwares exists
But paranoids don´t trust antiviruses and antimalwares right.
As you are one from category paranoid -> I will just ignore you (we have hash checks, we have virustotal) - don´t trust, verify
Btw "Battle page" now show NVMe too.
You STILL don't get it do you. The threat that we perceive isn't that by some accident a virus has infected this somehow. The threat we perceive is that we don't trust scripts written by total strangers, because we don't trust YOU, a total stranger.
On the one hand, you tell us we can read the script to be sure it's safe, however to do a proper security audit takes time, longer than it would take to write a script to do such a simple task myself, and you've yet to offer any compelling reason that makes it worth my time to do so.
The main advantage seems to be for people who can't figure out how to write a script to do this themselves, and those people are in no position to assess it from a security perspective.
Moreover the fact that you are so desperate for people to run your script makes it look all the more suspicious, and the fact that you think just hashing a file proves that it's completely safe shows that you either know nothing about security threat models, or you're just playing dumb. Neither option makes me want to be your test case.
You don´t need to run it.
All i was saying is that you don´t need to trust in person to run a script.
Because you can inpect it.
Because you can verify it.
Because you can virus test it.
Because you can malware test it.
You would need then hack our site and also our github to get the hashes changed and when the hashes changes the verify-and-run.sh would not run smart.sh because you downloaded it when the hashes was the same aka not "hacked"
https://github.com/0xDiSk/NVMe-SSD-HDD-S.M.A.R.T-Monitoring/blob/main/verify-and-run.sh#L32
not the one who is dumb, look at you
You know you can download the script only once and not updating it? running the same version from your server until you update it with wget,curl or manually copy->paste?
@dIsK
Why maintain so much secrecy / anonymity? If you are coming out do so with some more credible info about yourself, your so called team and such. Will help gain some more trust in the community.
Else be ready to be a laughing stock