Mastic Stream Thread

Screenshot from 2024-10-20 04-34-13

nvm, they’re back! :partying_face:

2 Likes

troomast
@Mastic_Warrior @Trooper_ish

5 Likes

Under 5 hours, but barely :partying_face:. And we still do not know if Mastic sanitizes inputs.

Sorry mate, but you should do that on the internet. No harm intended.

1 Like

whats that?

No worries. Obviously, I need to do a little work on the Regex and test to see if it is all website URL. But yes, in general, my inputs are sanitized. I should handle any regex that you put in the chat so that it does not escape. Unfortunately, I did not create it to handle everyone’s typing style. But this is why I make the mistakes, so you don’t have to.

Edit: Maybe I will do a Regex update stream and see if you all can break the TTS string.

2 Likes

There’s nothing quite like the feeling of crafting a regex which does almost exactly what you want.

1 Like

nvm, i’ll quack…

Sorry Bee, I was away working a lot this week. I’ll give it a try, this is going to be a little technical, bear with me. First hint here is that string in programming is similar to the meaning of text. A string usually can be any kind of combination of letters from the alphabet, numbers and symbols.

Software in general takes some form of input and converts them to some kind of outputs. Inputs and outputs could both be text, or numbers, or data in a database, or even sound and video. When you for example input a prompt into a search engine the websever of the search engine, the one that runs the website, will take you text input and start a series of commands in the background. Most likely it would start searches for different keywords on, who knows how many, different services that run in the background on other servers of the search engine provider.

What I talked about is input sanitization. What you would want is that the webserver that takes your query and all subsequent systems involved would only take you input as key words and the text they should search for, nothing else.

For example if you were to search for where are the cookies stored? the webserver might run a series of commands like this written in pseude-code (not an actual programming language but looks like one):

variable query = get_query_from_user("where are the cookies stored?");
forward_to_cookie_backend(query);
generate_ai_answer(query);

So here we would have an imaginary command get_query_from_user that receives the query you entered in the text field on the website and safes it in a variable with the name query. This works basically like a mathemathical function. The term on the right with you input gets evaluated and stored in the variable on the left. The text you entered is limited in beginning and end with parentheses. The end of each command is denoted by a semicolon. The first command stores the query in a variable and the second and third command forward the content of the variable, containing your query, to different servers running somewhere else. The first one would redirect your query to a server providing all cookie related answers and the third command would be redirecting you query to a server that generates an answer using a LLM, because that is the current hype technology. These three commands would be run on the webserver of the search engine.

Now an evil Hive comes and places the following string of words and symbols in the search field no cookies"); rm -rf /; get_query_from_user("no cookies. Without proper string sanitization that might look something like the following on the webserver.

variable query = get_query_from_user("no cookies"); rm -rf /; get_query_from_user("no cookies");
forward_to_cookie_backend(query);
generate_ai_answer(query);

Here is is important to note that this is what the server might see, if the programmer did not pay attention. It stores a search for no cookies in the variable and then the command would be over as denoted by the semicolon. I basically placed the exact symbols the webserver would expect to see at the end of the command in the search field. The text I entered into the search field did not only contain the symbols needed to end the command but also another command that deletes all files on the filesystem of a Linux server (rm -rf /). And then again the beginning of the first command again so the program executed correctly and does not send any warning to the administrator.

Basically without string sanitization I might have been able to delete the contents of the webserver or run any command I wanted on it by inputting the right sequence of text and symbols into the search field. When you follow the practice of string sanitization you make sure, in this example, this does not happen and that the text and numbers and symbols uses on the internet could enter into the text field, no matter how creative they get, would never result in anything except a search for these words and symbols.

I have no idea if that is understandable. If not I am sorry Bee, I tried my best.

2 Likes

like COBOL, which is simple (roomie explained to me a bit, and a neighbor too) i like things that are simple and relatively easy to understand…some coding looks like hieroglyphs, and no where near as pretty :stuck_out_tongue:

so similar to how DNS translates www.beeisbestbee.com into an IP address heh (not an actual site) but involving more things happening of course…

What I talked about is input sanitization. What you would want is that the webserver that takes your query and all subsequent systems involved would only take you input as key words and the text they should search for, nothing else.

so almost like a filter of sorts… but a filter that redirects a task to an action which, has the potential to be messed with a bit and cause undesired operations if not adequately protected against

yes it is thank you, even if i hadn’t pre-quacked. But… my interpretation of understanding might bee wrong so a gold star for yes and a sad face for no plz :innocent:

(i did quack this heavily before reading your response, but its still appreciated, thank you)

2 Likes

You sound tired on stream

1 Like

We making brownies, I think.

I’m live on Twitch, come hang out! Twitch

1 Like

Simrig for mastic

This kit

4 Likes

Sorry about Saturday.
I started watching, but then some people came in so I couldn’t keep watching.
Did you made some lovely brownies?

2 Likes

I did .ake the brownies. And I am glad that people finally came in.



5 Likes

NL wants me to do a slaw challenge.
I’m live on Twitch, come hang out! Twitch

2 Likes