New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Still more of a
dd if=/dev/zero of=/dev/sda bs=128Ksort of person.It is one line to spawn a second shell that runs unlogged commands outside of web terminal. Your AI investigation is both invalid and useless
Please make sure you setup a public demo again whenever you have finished prompting claude for these changes, I'm interested to see the next YABs
I prefer hooking the dynamic linker so every loaded library has an 0.1% chance to be temporarily replaced with an identical copy in memory but with a single, random instruction replaced with NOPs. But only on some days.
Have fun debugging that.
@ovexro Hey!
what happened to this project?
He shutdown the home server.
He realised that he can not make a few quick bucks riding on AI alone and it will be more of a stress than anything beneficial without proper knowledge.
Did he, though? Or did he just rage quit because we're a bunch of buzz-killing Luddites who don't realize that garbage vibe coding is The Future(tm) and that understanding programming, debugging, and security is irrelevant?
https://claudelab.dev/
In his defense he did release it completely free, no editions or anything "enterprise", so I cant see how he could possibly make a quick buck from it.
I'm not defending vibe coding per se, but this seemed to be a guy just wanting to make a fun project, not money. Showing it to let probably took the fun out of it too.
Nope, financial incentive always in background. “Free” is just a way to explore market and gain some user base.
If that was true we would have no free software at all. There are lots of people that actually runs projects not for financial gain but because they enjoy it.
This is not clearly the case. Enthusiasts respect the craft, they don't slop and try to fix slop with more slop. That is disrespect to coding. Prompt vomit should be avoided as it does not promote innovation or satiate curiosity. It just feeds our ego.
OP spent tokens to generate something. For that, I guess, I can say thank you.
https://github.com/ovexro/dockpanel
repo is not found
To clarify my earlier post — I oversimplified what happened.
The actual vulnerability was a command injection: the site creation flow allowed arbitrary commands in a field that got interpolated into a systemd ExecStart directive running as root. The attacker used this to create a backdoor sudo user, escalated to root, deleted WordPress files, and /root/. No data was exfiltrated — I confirmed this through forensic analysis of systemd journal, auth.log, sysstat/sar, and raw disk scanning.
Again, the root cause was the unsanitized ExecStart injection, not the terminal itself. Without that injection, the terminal would have only given him a www-data shell with no escalation path.
The AI-assisted pentest I mentioned before was naive — a model reviewing its own code misses what real attackers find. Lesson learned.
I appreciate the people who reported issues responsibly. The project is still alive and will be public again once I'm confident in the security posture.
You know how you commented on one of my things showing me the "MJJ's" 0.37 cents, that I didn't know about but now understand thanks to you and I couldn't believe it existed.
THIS one I do get.. and he is so rightfully represented, the man, the legend..Mr.Carmack (had no idea he was this jacked though)... oh and some random weirdos on the left
a few moments later
Good luck! You'll need it
When using an AI agent, we need to ask it to research what hackers and attackers do so that Claude Code can view a project from a hacker's perspective. That research is crucial; without it, the AI won't know how to address issues from all possible angles. There is a large database with hacking methods that any AI agent can access and research.
I agree that pure "prompt vomit" should be avoided and frown upon, absolutely.
I do not agree that it can not promote innovation or curiosity. Using AI as a tool to simplify tasks is perfectly ok as long as you know what you are doing, and as a junior developer it could be a good way to experiment, learn and evolve.
Using it to create commercial or critical software without the needed skills to actually know what you are doing is not ok, with that I totally agree.
Here is an example of a proper audit: https://pastebin.com/shCfK3Vq
Did he run the services on host/root nstead of container/unprivileged user ?
cool project but imma stick to dokploy.
As a developer, this entire AI trend has been catastrophic. it's one of the most useful and powerful tools, when used by a developer (For code)
When you have even the least core understanding of frameworks, functions, and version control you can truly offload 90% of your work, without a sweat.
What upsets me a little, is that i've had countless clients this year come to me to have AI "vibe-coded" work re-done, or even worse i've lost jobs to AI vibe coders undercutting me and then giving them bad code. (Most customers don't even know until it's too late)
People in here joke, but it's a genuine issue i've seen more vulnerabilities deployed to the open web this year, than i've seen in my lifetime i've often worked on freelancer sites think UpWork, Freelancer (Not these exact but you get the point) and the amount of AI slop is beyond comprehension.
If you rely on AI to build your code structure, you are not going to succeed.
If you rely on AI to refractor your code, you will not succeed.
If you rely on AI to build, you will not succeed.
If you rely on AI to bughunt, you will not succeed.
I've seen most of community agree to that logic more or less, so my question is to the OP as I rarely get to speak to those directly creating "apps" without any other experience using AI what makes you think you will have a fully finished project? If you cant instruct AI to even use a safe package, as you don't know packages or languages why do you expect a product people will use?
Yes, He's quite jacked for someone of his age
I'm maybe overthinking this, but that weirdos are generalization of weirdo who can't code well, or rather part of cargo cult . But, other weirdos who code well overwhelmingly use mainstream languages. And these weirdos has sizeable representation in tech as well. So, be aware that landmines/taboos exist. For example, if you rushed certain weirdo in the wrong way, they would try convince your upstream providers (including T1s) to cut off you.
More security done for DockPanel: https://pastebin.com/uy72kLwe
Highly valuable information for people who love securing VPS, Docker containers, and ultimately, server panels that are vulnerable to attacks and hackers.
The AI Agent can do comprehensive security research before you tell it to investigate for vulnerabilities, but only if you ask for it.
Stop with the dogsh*t AI vibecoded trash, please, for the love of all that is holy.
Or at least keep this garbage to yourself.
Did you forget to take your pills?
no need to be that aggressive
I am also using a private GitHub repo to verify the AI's output. After running multiple audits and end-to-end testing, I got a green light (the green badge check mkar) on GitHub. They are valid, and there are no error logs in the console. I'm not fooling myself. Read the Pastebin. You'll be surprised.
GitHub is the final end. It checks if your work is valid.
Relaunch soon?