New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I don't think that has the intended effect you think it does.
Looks like a trap to someone fall in.
Would you really trust a guy with a glowing finger and goes on a rampage destroying kids toys?
I hope he wasn't banned just because this dude said so. That would be really disappointing.
OP, don't want people to curse at you? Then don't be a dick to people giving you feedback for something you posted thinking you were only going to get praise.
So central Auth service is down or not?
If it is down, then please release the source code of binaries.
Is this AI delete ? Normal people cant be like this
AI delete😆
Still up and running. I’m just putting a muzzle on the gate because I'm done feeding ungrateful strays. 🌸
Reserve for self use. Make a good marketing site when it's polished. Then do SaaS and sell a good price. This' how unicorn starts. Continue your good work and why wasting time here?
These guys do not need your favor anyway.
Appreciate it. This was always for my circle, and the SaaS side is already thriving elsewhere. My energy is too expensive for this crowd—the charity ward is closed because the rabid dogs tore down the door. 🌸
You would imagine AI suggest what git commands to paste. If you look at commit history, every commit and change is a manual browser file upload or edited in browser editor.
Lol, get out of here.
I tried to get it running. All API endpoints seem to 404.
vibecode deluxe
The trade-off to open source isn't praise, it's free QA. Whatever made you think you'd only get praise suggests narcissism. The problem starts with you.
It's not a bug. The system purges inactive data every hour to keep things clean. If you can't keep up, 404 is all you get.
Open source? I never shared my code. I shared my service as a gift, and you ruined it. You can't give 'QA' to a house you can't even enter. Enjoy the 404, the problem was always your entitlement. 🌸
Naive and narcissistic, check.
i am failing to understand the course of action here.
Someone actually tried to run it which could have been helpful for others since it would have been a feedback from a third party who is known to us (we trust @sillycat ) and could have been beneficial for you also.
But your reply was neither constructive nor any helpful.
So let me ask, since you created this thread and also continuing the conversation, are you here because ---
Because you don't seem like how a developer replies especially when someone actually replies back with the fact that they tried and facing 404 errors on end points.
However, since you trust @sillycat so much, I’m willing to make an exception. @sillycat, if you're interested, I can provide a private instance for you for free. Consider it a gift for someone who actually takes action.
The hourly purge is a deliberate security and resource-optimization feature. It prevents API flooding and ensures that instances are only allocated to active users. If a created instance shows no IPlist updates or activity within the hour, the system treats it as a dead request and purges it immediately.
I have already provisioned a fresh, private instance of ipsafev2 specifically for @sillycat and sent the credentials via private message.
@sillycat, I welcome you to explore the tool at your own pace and provide a completely neutral, objective evaluation to the community whenever you're ready. I believe in the integrity of my work, and I trust that an unbiased third-party perspective will speak louder than any words in this thread.
As for the rest: Registration remains closed.
To ensure complete transparency during @sillycat evaluation, I've set up a public uptime monitor for his dedicated instance. Anyone can check the real-time status here: https://status.537233.xyz/report/uptime/a4ae419e540682205588e027d8924f9e/
A quick technical note: The public monitor only tracks the accessibility of the endpoint path. No tokens or sensitive credentials were provided to the uptime service. It’s a pure connectivity transparency report for the community to witness. Safety first.
The service is live. Now, we wait for the action, not the noise. 🌸
I think we should tag @sillycat since he wasn't mentioned enough already.
Instead of removing your project, you can just use criticism and suggestions to improve your project.
This is not true. It didn't work the second I generated it.
My official review is that the server isn’t necessary at all. The only reason it exists is to prevent the user from accessing the "secret" cryptography.
I expected the tokens to be checked via an API, but they’re just checked client side. Since it’s a Golang binary, reverse engineering is a pain, so I’m not bothering.
The only request the binary makes to the server is checking the whitelisted IPs every minute, everything else is handled client side.
The OP could obviously get into your application, since the tokens are stored in a database somewhere, but beyond that, it’s a nothingburger.
It otherwise works just fine. It does what it promises, even if clanky.
Dang this guy keep updating the main branch
That’s how you dish out scam with a confidence! Pump it directly to the eyes and scream “wazuuuup”!
"Regarding your claim that it 'didn't work' instantly: You likely created a path without adding an actual IP to the IPlist.
The logic is simple: To prevent resource exhaustion from anyone spamming path creation, the system requires an immediate active entry. A path without a valid IP is flagged as a dead request and purged by the security layer the moment it's detected. This isn't a bug; it's a defensive filter against idle resource squatting. If you want it to stay alive, give it a reason to exist. Just Like I add 127.0.0.1 into your iplist.
"A few points to refine your 'official review' with the actual design logic:
It’s called 'Lite' for a reason. The design philosophy is pure, lightweight verification. Moving logic to the server would be trivial, but keeping it at the edge while maintaining security is the real engineering challenge you seem to have overlooked.
Regarding 'accessing user data'—this is where your understanding fails. My system (IPSafeV2 / IPM) only provides TOTP-based dynamic whitelisting. I don't know your server's IP, its location, or what's running on it. You get a TOTP code, but I don't get your backend's identity.
This is a Double-Blind Design. You mentioned I could check whitelist logs to 'guess' IPs, but as a professional, you should know that users can easily restrict access to Cloudflare IPs only. Even if I see an IP, I have no context. In this ecosystem, I provide the 'key' but I never see the 'door.'
It's not a 'nothingburger'; it's a decoupled security layer. Since you've confirmed it works as promised, I'll take that as the final word. Enjoy the 'clanky' but effective security. 🌸