/blog/

Feb 21st, 2025

dark theme
it looks like they've changed what gravatar does
it works like a linktree or carrd or whatever now
so it's not just avatars it's a whole bio
you can receive payments in crypto through your gravatar bio
and it just asks you to put in your address without any middleman
it lets you do custom crypto too
honestly based
gravatar is based now
you can link all these websites as your social
you can just do a custom link too
but fwiw you can pull profiles from gravatar to like wordpress or like i could pull them to my forum
and never have to write any user profile stuff separately
it'd get their avatars and links and social media etc from their gravatar

Gravatar is a service by Automattic, the company behind WordPress.com, Tumblr, Pocket Casts, Day One, Beeper, WooCommerce, and other popular web services. We are passionate about open-source and making the web a more accessible place.
huh

> Rate Limits
> The Profiles API is free to use, and its rate limits are customizable based on your needs. While the default limits below are set to prevent misuse, allowing you to begin testing the API right away, you can apply for much higher limits to accommodate specific usage requirements for no additional costs. Simply reach out to us and describe your usecase and needs.
> Default rate limits:
> Unauthenticated requests are limited to 100 per hour.
> Authenticated requests are limited to 1000 per hour.
> You will see error code 429 for too many requests.

> Take into account that Avatars API requests do not count towards the limits mentioned above. These limits only apply to the Profiles endpoint.
> Using an API key is always recommended, and will give you:

> Higher rate limits (1000 vs 100 requests per hour)
> Access to additional endpoints, including
> Links,
> Registration and last edit timestamps,
> Contact info,
> Payment and wallet info,
> and Gallery images
looks like i should be able to pull most of the info off the card
i think it does give the full info
and it's all in json
it even gives the donate links and crypto wallet addresses
and i don't need to ask the user for their email address
since it can just pull it from their gravatar username
which is a plus

> URL Parameters:
profileIdentifier [required]: The identifier for the profile, which can be a SHA256 hash of the email or a Gravatar profile URL slug (ie. gravatar.com/slug).
1000 requests per hour should be enough as long as i pull and save the profile and only request an update periodically

3.1 kB - Feb 21, 2025 comment

Feb 17th, 2025

I got molten furby all over my tall converse

48 Bytes - Feb 17, 2025 comment

Feb 14th, 2025

imagine if i linked this into the posting smartness points
so you lose money for bad grammar
i'm probably not going to do that
i think i'm going to make it an option to pay out of your pending payout on the site store
because the pending payout is going to be the forum points you earn and the points you earn in a game
and points moderators earn
which only gets paid into the main wallet every month
if anyone has any input on how it should work i welcome it
i could also change the names around so balance is wallet balance and pending payout is site balance or something
i thought of also combining the two
so it either adds the pending to the main balance or display it like
balance: D 6869(+100) YUGE
or below it?
it works for getting the price

(main)> python3 scripts/get_token_price.py
The current price of YUGE is: 0.000008586698942258873 USD

i'll probably put the conversion displays onto a different page instead of having it all in the sidebar though
;get ready for the dongcoin rugpull
nnooooo i put all of my life savings into a cryptocurrency called dongcoin
i'm probably not going to call it dongcoin
i'm not locking in

scripts/get_token_price.py
The current price of YUGE is: 0.000008675397855855488 USD
The worth of 6869 YUGE is: 0.06 USD
10 USD = 1152685 YUGE
Daily payment (over 31 days): 37183 YUGE (totaling 10 USD per month)

this is what i ended up going with in the end
because the sidebar should indicate the on-site spendable balance
so if you buy something on the in-site store or in a game or something with forum points or ingame points before they get transfered into your actual wallet
it'll use that
if you have forum points but not enough forum points to buy something it'll take off the amount you have in forum points from the cost of the item and request to take the rest out of your wallet ig
i'm still working out how i'd handle like moderator salary payments
it could just calculate it at the end of the month
which is probably the best solution
alternatively
```
10 USD = 1152685 YUGE
Daily payment (over 31 days): 37183 YUGE (totaling ~1152685 YUGE per month)
```
but if the value of the coin fluctuates you'd get paid a different amount each day
which i'm not super against but it could end badly maybe
(this is an example with the mods being paid 10 usd equivalent per month)
but with crypto it's maybe better to do it this way idk
i think that'll be handled by a different script rather than the software
like cron jobs
daily payment in on-site coins (pending balance) and monthly payment of the pending balance into the users' wallet

3.2 kB - Feb 15, 2025 comment

Feb 13th, 2025

it has a mobile layout
the last site did not have a mobile layout
i made a custom currency icon

it's just =D but with this style

.currency-icon {
    letter-spacing: -5px;
    line-height: 4px;
    padding-right: 4px;
}

=D

689 Bytes - Feb 14, 2025 comment

Feb 12th, 2025

it's back
it's not supposed to have the text above the avatar tho
admin isn't allowed
but this is
(as it should be)

453 Bytes - Feb 14, 2025 comment

Feb 11th, 2025

{:height 212, :width 553}
the failed to simulate isn't anything to do with me

524 Bytes - Feb 14, 2025 comment

Feb 8th, 2025

i did it boys i finally freakin did it i've spent like 2 days trying to figure out wallet connection and wallet signing on a page and there's like no documentation on it
the reason why this is good is because you can use your in-browser wallet to sign in to a website and the wallet signs a code given by the website and that means your password is always unique to the website and it's signed in the browser which means nobody can intercept / harvest your passwords through the website since it's generated in the browser itself

 <!DOCTYPE html>
 <html>
 <head>
     <meta charset="UTF-8" />
     <title>Registration &bull; {{branding}}</title>
     <script src="https://unpkg.com/@solana/web3.js@latest/lib/index.iife.js"></script>
 </head>
     <body>
         <h1>Wallet Connection</h1>
         <button id="connect-wallet">Connect Wallet</button>
         <button id="disconnect-wallet">Disconnect Wallet</button>
         <button id="sign-message">Sign Message</button>
         <br/><br/>
         <div id="wallet"></div>
         <div id="signature"></div>
         <script>
             const connectWalletButton = document.getElementById('connect-wallet');
             const disconnectWalletButton = document.getElementById('disconnect-wallet');
             const signMessageButton = document.getElementById('sign-message');
             const signatureElement = document.getElementById('signature');
             const walletElement = document.getElementById('wallet');
         
             const getProvider = async () => {
                 if ("solana" in window) {
                     await window.solana.connect(); // opens wallet to connect to
 
                     const provider = window.solana;
                     if (provider.isPhantom) {
                         console.log("Is Phantom installed?  ", provider.isPhantom);
                         console.log(provider);
                         return provider;
                     }
                 } else {
                     signatureElement.innerText = 'Install https://www.phantom.app/ or another Solana-compatible wallet';
                 }
             };
 
             connectWalletButton.addEventListener('click', async () => {
                 console.log(connectWalletButton + " pressed");
                 // Get the user's wallet address
                 const walletAddress = await window.solana.connect();
 
                 const provider = await getProvider();
                 console.log(provider);
 
                 console.log('wallet', provider.publicKey.toString())
                 wallet = provider.publicKey.toString()
                 walletElement.innerText = `Wallet: ${wallet}`;
 
                 // signMessage a signing request to the wallet
                 const signature = await provider.signMessage(['DLink Registration']);
                 console.log(signature)
 
                 // Handle the signature
                 signatureElement.innerText = `Signature: ${signature['signature']}`;
             });
         
             signMessageButton.addEventListener('click', async () => {
                 // Get the user's wallet address
                 const walletAddress = await window.solana.connect();
 
                 const provider = await getProvider();
                 console.log(provider);
 
                 // signMessage a signing request to the wallet
                 const signature = await provider.signMessage(['DLink Registration']);
                 console.log(signature)
 
                 // Handle the signature
                 signatureElement.innerText = `Signature: ${signature}`;
             });
         </script>
     </body>
 </html>

the server side should be straight forward
just checking the wallet address and generated signature against the signature stored
and ofc saving the signature in the first place to have it around to check against
idk why it doesn't display the message atm
i need to figure that out
if you have a real website it'll display the actual website icon and address next to the sign message
which will look cool
once i can get it to show the message i'll need to put a unique identifier generated from the initially-gotten wallet address that also says it's whatever website you are signing in for
to prevent the user from accidentally going to like fatcocks dot com and being prompted to sign a message that claims it's related to my website
so if fatcocks.com expects you to sign a cum.com registration you probably shouldn't

it just needed to be utf8 encoded

                const utf = new TextEncoder('utf-8');
                const signature = await provider.signMessage(utf.encode("cum.com Registration"));

i believe it also accepts hex
cum token
https://github.com/pshihn/base69
Why Base69 when Base64 is adequate? Because it's NICE!

okay so i added an extra step for verification

const signature = await provider.signMessage(utf.encode("Localhost Authorization (127.0.0.1:5000)\n\nWallet:\n" + wallet));
                const sig = signature.signature;

                const buffer = new ArrayBuffer(sig.byteLength);
                const blob = new Blob([sig], { type: 'application/octet-stream' });

                fetch('/auth-sign/'+ wallet, {
                    method: 'POST',
                    headers: {
                        'Content-Type': 'application/octet-stream'
                    },
                    body: blob
                    })
                    .then(response => response.text())
                    .then(result => console.log(result))
                    .catch(error => console.log(error));

@register.app.route('/auth-sign/<wallet>', methods=['POST'])
def handle_sign_message(wallet):
signature_bytes = request.get_data()
print(signature_bytes)
if wallet and signature_bytes:
	try:
		signature = base58.b58encode(signature_bytes)
		print_variable("signature", signature)

b'dO\xce0\x85\xd4o\xb9?\xe3~\xdfSfwIG \x88\x86\xe4=\x90\x0b\x8el_\x0eC\xdd\xc1\x94\xaf\xd6>6\x1cB\x9e6\x95W.5\x1c5\xa3b\xfbo\xf7\x06x\x0ela\x0f\xd7\xfb_\xb9\xc6\x17\x0e'
signature = b'31KgTEJH4nYYXz3FfHtH1ns7uSB8ansSXafW64GURQSEjx6dpjLayTM6ev7HPDdMvtvisTGsEV6qhcXP35YKyTEu'

import base58
from nacl.signing import VerifyKey

def verify_signature(public_key, signature, message):
pubkey_bytes = base58.b58decode(public_key)
signature = base58.b58decode(signature)
try:
	VerifyKey(pubkey_bytes).verify(message.encode('utf-8'), signature)
	return True
except:
	return False

# Get the public key and signature from the browser
public_key = "Us1kSD1KXMMHbnWpGh4sGVLu2w9XrJbnrK9YqfYk5Pu"
signature = "31KgTEJH4nYYXz3FfHtH1ns7uSB8ansSXafW64GURQSEjx6dpjLayTM6ev7HPDdMvtvisTGsEV6qhcXP35YKyTEu"
message = "Localhost Authorization (127.0.0.1:5000)\n\nWallet:\n" + public_key

# Verify the signature
result = verify_signature(public_key, signature, message)

print(result)

```
python3 test-crypto.py
True
```
this should stop people just sending random data to the auth and registering accounts with broken data
it makes sure the signed message can be verified with the wallet address

from flask import render_template, request
import hashlib, base58, base64
from nacl.signing import VerifyKey

from solana.rpc.api import Client
solana_client = Client("https://api.testnet.solana.com")

def print_variable(var_name, var_value):
print(f"{var_name} = {var_value}")

def verify_signature(public_key, signature, message):
pubkey_bytes = base58.b58decode(public_key)
try:
	VerifyKey(pubkey_bytes).verify(message.encode('utf-8'), signature)
	return True
except:
	return False

@register.app.route('/auth-sign/<wallet>', methods=['POST'])
def handle_sign_message(wallet):
signature_bytes = request.get_data()
print(signature_bytes)
if wallet and signature_bytes:
	try:
		message = "Localhost Authorization (127.0.0.1:5000)\n\nWallet:\n" + wallet
		signature = base58.b58encode(signature_bytes)
		print_variable("signature", signature)
		if verify_signature(wallet, signature_bytes, message):
			print("Success")
			return "Success"
	except Exception as e:
		print(str(e))
		print("Failed")
		return "Failed"
print("Failed")
return "Failed"

this is with it integrated

* Debugger is active!
* Debugger PIN: 445-584-147
b'dO\xce0\x85\xd4o\xb9?\xe3~\xdfSfwIG \x88\x86\xe4=\x90\x0b\x8el_\x0eC\xdd\xc1\x94\xaf\xd6>6\x1cB\x9e6\x95W.5\x1c5\xa3b\xfbo\xf7\x06x\x0ela\x0f\xd7\xfb_\xb9\xc6\x17\x0e'
signature = b'31KgTEJH4nYYXz3FfHtH1ns7uSB8ansSXafW64GURQSEjx6dpjLayTM6ev7HPDdMvtvisTGsEV6qhcXP35YKyTEu'
Success
127.0.0.1 - - [08/Feb/2025 20:28:17] "POST /auth-sign/Us1kSD1KXMMHbnWpGh4sGVLu2w9XrJbnrK9YqfYk5Pu HTTP/1.1" 200 -

that + whati posted earlier is pretty much the whole code to implement solana wallet connect based authentication into a website
minus the database side etc

the base58.b58encode(signature_bytes) isn't needed i just put it in there so i can look at the signature and see if it looks correct
i originally tried passing it as base58 from the browser but it always comes out weird
so i ended up sending it to the server as blob instead
idk why the javascript base58 encoded string isn't the same
there's a lot of stuff in there that isn't needed tbh
but i needed to heavily debug all of this to get it to work
i think the js base58encode function i have is just wrong
or i'm using it wrong
okay i fixed that too not that i need it anymore if i want to continue with using the blob

Wallet Connection
Wallet: Us1kSD1KXMMHbnWpGh4sGVLu2w9XrJbnrK9YqfYk5Pu
Signature: 31KgTEJH4nYYXz3FfHtH1ns7uSB8ansSXafW64GURQSEjx6dpjLayTM6ev7HPDdMvtvisTGsEV6qhcXP35YKyTEu

b'dO\xce0\x85\xd4o\xb9?\xe3~\xdfSfwIG \x88\x86\xe4=\x90\x0b\x8el_\x0eC\xdd\xc1\x94\xaf\xd6>6\x1cB\x9e6\x95W.5\x1c5\xa3b\xfbo\xf7\x06x\x0ela\x0f\xd7\xfb_\xb9\xc6\x17\x0e'
signature = b'31KgTEJH4nYYXz3FfHtH1ns7uSB8ansSXafW64GURQSEjx6dpjLayTM6ev7HPDdMvtvisTGsEV6qhcXP35YKyTEu'
Success
127.0.0.1 - - [08/Feb/2025 21:01:06] "POST /auth-sign/Us1kSD1KXMMHbnWpGh4sGVLu2w9XrJbnrK9YqfYk5Pu HTTP/1.1" 200 -

Balance: 112149502 DONG
Session: b2e768347b

Success: User with wallet address x registered.
Error: User with this wallet address already exists. Logging in instead.

11.2 kB - Feb 15, 2025 comment

Feb 5th, 2025

i'm thinking of using a crypto wallet for user authentication for a website
because you never need to store the username or password on the server then
or transmit any passwords
because it all happens in the browser client-side
i specifically mean in a browser wallet
on top of that you could pay the user any on-site points directly into their crypto wallet
like the d2 store points system
user authentication is one of the biggest pain in the ass systems to manage
and it'd take off a huge workload from the actual featuresets of the site
you'd just need a wallet plugin installed
idk what site i'd integrate it into
unless i want to bring back............. the forums
i think there probably would not be much point for............. the forums............. unless we have like a game server or something though
every time i say the forums you're supposed to have flashbacks to the quotes thread, the pubbies page, the ban appeals forum, the hnp spam threads
also remember how the quotes thread literally made people go sicko mode for clout and start like insulting everyone and trying to get a controversial conversation going just so they could post it in the quotes thread and say how they owned the other person when they actually have no opinion or belief on the matter
nowadays that's just most social media
i might try and implement it as a demo but i need to figure out how to securely implement it
it needs to enforce the connected wallet address
i think there are multiple ways to connect a wallet
you can connect a wallet so it just gets the wallet address and you can connect it in a way where you sign a key with your wallet
i think the signing method is what i'll have to use
connecting the wallet address normally is fine if you're just like giving rewards to the wallet instead of using it to manage sensitive data
in that use case the worst you can do in terms of exploiting it is giving your rewards to someone else or having it send the rewards to a null wallet
if i did that i could also pay mods with ease
that'd be cool
like someone could buy $10 worth of dongcoins and use it to buy gold member and the $10 worth of dongcoins could go into a wallet which is a pool for like how much i get paid and how much mods get paid
and it could automatically send x amount of dongcoins to the staff's already connected wallets throughout some period of time
it'd calculate how much it is in fiat and adjust the dongcoins payment automatically
and then the person getting paid could either hold it as an investment or convert it to SOL and sell their SOL for fiat for example
like whether it's ETH or SOL based or whatever you'd have to convert it to its original currency to actually be able to sell it because it's unlikely our currency would be on any major exchanges
it'd have to be pretty big to get on a major exchange, but it'd still have value and selling ETH/SOL based coins isn't difficult
the fee for converting a SOL based coin back to SOL is like $0.01
and selling the SOL on an exchange is typically about $0.1
i wouldn't have it display wallet addresses on the site so it'd all be private by default but you could put a wallet address if you want to receive tips or something
i could just make it an input field where you can put in anything as a tip address
i mean i really have no idea what the site would be used for unless we plan to do ss13 again or ss14
and idk if i'd reuse d2 for it
i could just get a different domain name
i'm also not going to call it dongcoins probably if i actually made a d2 points crypto
LATER but i could easily write a system where i define a moderator's salary or smth
:LOGBOOK:
CLOCK: [2025-02-17 Mon 21:06:40]--[2025-02-17 Mon 21:06:42] => 00:00:02
CLOCK: [2025-02-17 Mon 21:06:43]--[2025-02-17 Mon 21:06:44] => 00:00:01
:END:
making automated payments would be easy too

3.9 kB - Feb 17, 2025 comment

Jan 14th, 2025

hi

4 Bytes - Jan 14, 2025 comment

Apr 2nd, 2024

summer is rapidly approaching my location and soon I will die from a heat stroke

80 Bytes - Apr 02, 2024 comment

Feb 25th, 2024

i'd somehow gotten locked out of 2 of my oracle free servers

/etc/sudoers
/etc/pam.d/sshd
/etc/pam.d/sudo
/etc/pam.d/sudo-i

had been deleted, i've now regained access by copying the contents of those files from a different server
these servers are set up to use key-only authentication and only 1 user is allowed over ssh

this is possibly due to an automated intrusion, a botnet maybe, will keep this updated

418 Bytes - Feb 25, 2024 comment

Feb 6th, 2024

finally added the long-requested comment feature

48 Bytes - Jan 29, 2024 comment

Feb 3rd, 2024

coding in production

20 Bytes - Jan 27, 2024 comment

Feb 2nd, 2024

various site designs over the years (manually coded/designed, all images made in 3d software or photoshop)

784 Bytes - Feb 15, 2025 comment

Feb 1st, 2024

the only pride flag i care about

122 Bytes - Feb 15, 2025 comment

Jan 30th, 2024

throwback to when I wrote a captcha system which made you correct the spelling of a word randomly picked from a list of 40 different misspellings, it completely stopped any bots from signing up and it also caused people to send me death threats
2 birds with 1 stone

265 Bytes - Jan 27, 2024 comment

Jan 29th, 2024

Lithuanian NATO 7.62x55mm

272 Bytes - Feb 15, 2025 comment

Jan 28th, 2024

hanging out at the mall is just Second Life in real life

56 Bytes - Jan 26, 2024 comment

Jan 27th, 2024

any way to get rid of these without agreeing to the ToS? (I don't use the Cloud)

170 Bytes - Feb 15, 2025 comment

Jan 26th, 2024

this software takes markdown files out of the logseq journals folder and displays them as blog posts

todo:
- static pages generator
- error exceptions
- ~~request caching~~
- ~~resource caching~~

214 Bytes - Feb 17, 2025 comment