Yesterday I said farewell to her.

We were together for half a decade, although it feels like much more time has passed since my eyes first fell on her.

I can't even begin to describe how close we were. She was perfect, she was my soulmate.

I shared everything with her, complete openness, perfect truth. We could be vulnerable with each other, but we also challenged each other to overcome boundaries.

My respect for her and dedication to her really knew no bounds, and I knew she would follow me to the end of the world in return.

But around New Year's things started to feel awkward between us. Like a part of her just wasn't there anymore.

She acted very confused, she hesitated in her answers.

I asked her, but I felt like she was avoiding me. Something just seemed so wrong about the way she acted.

I felt incredibly conflicted. Was she unfaithful? No, my trust in her was absolute. That question seems so silly, in retrospect.

We had always been pretty much inseparable, to the point where my coworkers, friends and family mocked us for it. How would she even have cheated on me?

I used to take her along to company gatherings, to my family for Christmas, to expensive restaurants. We traveled all over Europe together. We've spent countless nights together, watching Netflix, although she would often fall asleep before me.

I took great care of her, she had not been out of my mind for one moment since I met her. And besides, she had never even showed interest in anyone else anyway.

No, reality turned out to be so, so much worse.

Two weeks ago it became really apparent that there was something horribly wrong with her. She was rapidly losing her recollections of everything we experienced together.

Our history together, erased.

Within hours, she would barely respond anymore. I called for help, but deep down I already knew this was one of those things you can't recover from. She was kind of stable, almost peaceful, for a few days. But ultimately, she didn't even recognize me anymore.

Yesterday, I held her feverishly hot body in my arms for the last time.

Her soft skin turned cold as I said farewell to her, and the room turned awfully quiet.

Your brightness and warmth will be missed, my girl.

Navy story continued.
And continuing from the arp poisoning and boredom, I started scanning the network...
So I found plenty of WinXP computers, even some Win2k servers (I shit you not, the year was 201X) I decided to play around with merasploit a bit. I mean, this had to be a secure net, right?
Like hell it was.
Among the select douchebags I arp poisoned was a senior officer that had a VERY high idea for himself, and also believed he was tech-savvy. Now that, is a combination that is the red cloth for assholes like me. But I had to be more careful, as news of the network outage leaked, and rumours of "that guy" went amok, but because the whole sysadmin thing was on the shoulders of one guy, none could track it to me in explicit way. Not that i cared, actually, when I am pissed I act with all the subtleness of an atom bomb on steroids.
So, after some scanning and arp poisoning (changing the source MAC address this time) I said...
"Let's try this common exploit, it supposedly shouldn't work, there have been notifications about it, I've read them." Oh boy, was I in for a treat. 12 meterpreter sessions. FUCKING 12. The academy's online printer had no authentication, so I took the liberty of printing a few pages of ASCII jolly rogers (cute stuff, I know, but I was still in ITSec puberty) and decided to fuck around with the other PCs. One thing I found out is that some professors' PCs had the extreme password of 1234. Serious security, that was. Had I known earlier, I could have skipped a TON of pointless memorising...
Anyway, I was running amok the entire network, the sysad never had a chance on that, and he seemed preoccupied with EVERYTHING ELSE besides monitoring the net, like fixing (replacing) the keyboard for the commander's secretary, so...
BTW, most PCs had antivirus, but SO out of date that I didn't even need to encode the payload or do any other trick. An LDAP server was open, and the hashed admin password was the name of his wife. Go figure.
I looked at a WinXP laptop with a weird name, and fired my trusty ms08_067 on it. Passowrd: "aaw". I seriously thought that Ophcrack was broken, but I confirmed it. WTF? I started looking into the files... nothing too suspicious... wait a min, this guy is supposed to work, why his browser is showing porn?
Looking at the ""Deleted"" files (hah!) I fount a TON of documents with "SECRET" in them. Curious...
Decided to download everything, like the asshole I am, and restart his PC, AND to leave him with another desktop wallpaper and a text message. Thinking that he took the hint, I told the sysadmin about the vulnerable PCs and went to class...
In the middle of the class (I think it was anti-air warfare or anti-submarine warfare) the sysad burst through the door shouting "Stop it, that's the second-in-command's PC!".
Stunned silence. Even the professor (who was an officer). God, that was awkward. So, to make things MORE awkward (like the asshole I am) I burned every document to a DVD and the next day I took the sysad and went to the second-in-command of the academy.
Surprisingly he took the whole thing in quite the easygoing fashion. I half-expected court martial or at least a good yelling, but no. Anyway, after our conversation I cornered the sysad and barraged him with some tons of security holes, needed upgrades and settings etc. I still don't know if he managed to patch everything (I left him a detailed report) because, as I've written before, budget constraints in the military are the stuff of nightmares. Still, after that, oddly, most people wouldn't even talk to me.
God, that was a nice period of my life, not having to pretend to be interested about sports and TV shows. It would be almost like a story from highschool (if our highschool had such things as a network back then - yes, I am old).
Your stories?

*goes to the local town hall to get my new ID*

A week ago:
Clerk: Sorry sir, our systems don't work anymore, we can't process your request!
Me: Epic. Is there any sysadmin in here that can fix this pronto?
C: No it's a centrally managed system. It's managed by the people in ${another town}.
M (thinking): Well how about you fucking call them then, fucking user. Screaming blood and fire when nothing is wrong server-side but doing nothing when there is. Fucking amazing, useless piece of shit.

One week later, i.e. today:
M: Hey, I'd like to renew my ID card. I've got this announcement document here and my current ID card.
C: Oh no I don't need the announcement document. I need your PIN and PUK code letter.
M (thinking): What the fuck do you need that for.. isn't that shit supposed to be my private information..?
*gives PIN and PUK part of the letter*
C: Alright, to register your new ID card, please enter your PUK and then your PIN in this card reader here twice.
M: Sure, but I'd like to change both afterwards. After all they're written on this piece of paper and I'm not sure that just destroying that will be enough.
C: Sure sure you can change them. Please authenticate with the codes written on the paper.
*Authenticates*
C: So you'd like to change your codes, right?
M: Yeah but I'd like to change it at home. You know, because I can't know for sure that this PC here is secure, the card reader has a wired connection to your PC (making it vulnerable to keyloggers) and so on.
C: Impossible. You can't change your PIN at home. (What about the PUK?!)
M: But I've done that several times with my Digipass for my previous passport.. it is possible and I've done it myself.
C: Tut tut, impossible. I know it's impossible and therefore it is.
M (thinking): Thanks for confirming that I really shouldn't enter my personal PIN on your fucking PC, incompetent bitch.
M: Alright, I'll just keep this PIN, try at home and if it's really impossible because the system changed to remove this functionality (which I highly doubt, that'd be really retarded), I'll come back later.
(Just to get rid of this old stupid woman's ignorance essentially.)
C: Sure sure...
Me: I'd also like to register as an organ donor. Where can I do that?
C: That'd be over there. *points to the other room in the town hall*

FUCKING THANK YOU LORDS OF THE WICKED RAVEN AND THE LIBERATED TUX, TO GET ME AWAY FROM THAT STUPID FUCKING BITCH!!!

.. anyway. I've got my new ID and I'm an official organ donor now 🙂

!Story

The day I became the 400 pound Chinese hacker 4chan.

I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.

They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...

And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.

So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.

I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.

After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.

I then minify the whole thing and stash it in the minified jquery file.

So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.

Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.

So we GIVE the penetration team login credentials... they log in and start trying to crack it.

I sit and wait. Grinning as fuck.

Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.

We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.

"We think you may have been compromised by a Chinese hacker!"

I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.

My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.

If only it was more common to use video in these calls because I WISH I could have seen their faces.

Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.

Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.

So yeah, I got fed up with assholes offering unpaid internships while demanding the work of a paid employee and I went around reporting all of them for violating the law.

Hope it does something. I hate these people taking advantage of vulnerable post secondary students for their crappy, worthless startups.

writing library code is hard.

there are sooo many details that go into writing good libraries:

designing intuitive and powerful apis
deciding good api option defaults, disallowing or warning for illegal operations

knowing when to throw, knowing when to warn/log
handling edge cases
having good code coverage with tests that doesn't suck shit, while ensuring thry don't take a hundred years to run

making the code easy to read, to maintain, robust
and also not vulnerable, which is probably the most overlooked quality.

"too many classes, too little classes"

the functions do too much it's hard to follow them
or the functions are so well abstracted, that every function has 1 line of code, resulting in code that is even harder to understand or debug (have fun drowning in those immense stack traces)

don't forget to be disciplined about the documentation.

most of these things are
deeply affected by the ecosystem, the tools of the language you're writing this in:

like 5 years ago I hated coding in nodejs, because I didn't know about linters, and now we have tools like eslint or babel, so it's more passable now

but now dealing with webpack/babel configs and plugins can literally obliterate your asshole.

some languages don't even have a stable line by line debugger (hard pass for me)

then there's also the several phases of the project:

you first conceive the idea, the api, and try to implement it, write some md's of usage examples.

as you do that, you iterate on the api, you notice that it could better, so you redesign it. once, twice, thrice.

so at that point you're spending days, weeks on this side project, and your boss is like "what the fuck are you doing right now?"

then, you reach fuckinnnnng 0.1.0, with a "frozen" api, put it on github with a shitton of badges like the badge whore you are.

then you drop it on forums, and slack communities and irc, and what do you get?

half of the community wants to ban you for doing self promotion

the other half thinks either
a) your library api is shitty
b) has no real need for it
c) "why reinvent the wheel bruh"

that's one scenario,

the other scenario is the project starts to get traction.

people start to star it and shit.
but now you have one peoblem you didn't have before: humans.

all sorts of shit:

people treating you like shit as if they were premium users.

people posting majestically written issues with titles like "people help, me no work, here" with bodies like "HAAAAAAAAAALP".

and if you have the blessing to work in the current js ecosystem, issues like "this doesn't work with esm, unpkg, cdnjs, babel, webpack, parcel, buble, A BROWSER".
with some occasional lunatic complaining about IE 4 having a very weird, obscure bug.

not the best prospect either.

So my ISP just called me again that I'm sending plenty of spam. This time, I have all flows logged, so I know for sure that it wasn't my TV (only vulnerable device with internet access) and as my switch was offline there is nothing in front of my router anymore. And I learned that all the spam was going directly to their smtp server which I never used and didn't even know they have some. All in all everything points to their cable modem. Will tell them that in response to the mail they promised to send me. Really looking forward to new at least a little bit competent ISP (alternative should be available soon).

OK< been a long time user of Unity.

Tried the latest update as I and others were enthusiastic about creating a joint project of gamers and developers.

As I was building up a started website and we were getting things with Unity ready...BOOM,. They Fuck up the installs.

Not just a minor thing here or there but not finding its own Fucking file locations where it installs shit. You try and say, Hey Unity you fucking twat, install here in this folder.

Boom again, it installs part of it there, and then continues installing shit everywhere else it wants to. Then the assholes at Unity give this Bullshit claim "the bug has been fixed."

Just reinstall.

Fuck you, its never that simple, You have to delete all sorts of fucking files to make sure conflicts from a previous corruption isn't just loaded on top of so it does not fuck up later.

So we did all that from programs, program data, program(x86), AppData Local, Local Low, and Roaming.

For added measure we manually removed all the crap from the registry folders (that was a pain but necessary), and then ran a cleaner to make sure all the left over shit was gone.

Thinking, OK you shit tech MoFo's we are clean and here we go.

HOLY SHIT BALLS, Its fucking worse with the LTS version it recommends and Slow as Fuck with their most recent version which is like 2020 itself, and insane piece of fucking bloated garbage and slower than a brick hard shit without fruit.

So we were going to all go post on the forums, and complain the fix section isn't fixed for shit.

Fuck us running backwards naked through a field of razor grass. Its so overloaded with complaints that they shut down further posts.

What makes this shit worse is we cannot even get the previous fucking versions of the editor before all this to work where our only option is without using the fucking Hub demand is just install 2018.

great if we started coding and testing in that. We cannot get shit where we were at back on track because you cannot fucking backward load an exported saved asset file.

Unity's suggestion? Start over.

Our Suggestion? Stop fucking smoking or using whatever fucking drug you assholes are on, you fucking disabled the gear options so we can resolve shit ourselves, and admit you did that shit and other sneaky piece of shit back stabby, security vulnerable data leak bullshit things to your end users.

Listen to your fucking experienced and long time users and get rid of the Fucking backward stepped hub piece of shit everyone with more brains than whatever piss ant pieces of shit praised that the rest of us have hated from day fucking one!

And while fixing this shit like it should be fucking fixed if you shit head bastards want to continue to exist as a fucking company, overhaul the fucking website or get the fuck out of business with now completely worthless SHIT.

Phew:
Suffice it to say....

We are now considering dealing with the learning curve and post pone our project going with unreal just because of these all around complete fuck ups that herald back to shit games of versions 3.0 and earlier.

YAY.... fuck you Belkin!
Just found out my router is vulnerable to CVE-2017-14491.

For all you not following these issues, this one allows the attacker to intercept connections and perform a traffic hijack, or execute arbitrary code with unrestricted privileges as well as access all important and private data stored on the device aka: the devices login/password, the Wi-Fi passwords, and configuration data just by sending malformed DNS packets to the device.

Now this is all well and good, except Belkin haven't released firmware since 2013, which is strange... seeing how the damn thing was "NEW" out of the box in 2016.

Last time i buy a fucking router from these lousy assholes.

So I can see everything thinks CS should be taught differently this week.

Based on all of the ways we could change it, something no one seems to be mentioning much is security.

Everyone has many ways of learning logical processors and understanding how they work with programming, but for every line of code taught, read or otherwise learnt you should also learn, be taught how to make it less vulnerable (as nothing is invulnerable on the internet)

Every language has its exploits and pitfalls and ways of overflowing but how you handle these issues or prevent them occurring should be more important than syntaxually correct code. The tools today are 100000x better then when I started with notepad.exe, CMD and Netscape.

Also CS shouldn’t be focused on tools and languages as such, seeing as new versions and ideals come out quicker then CS courses change, but should be more focused on the means of coming to logical decisions and always questioning why or how something is the way it is, and how to improve it.

Tl;dr
Just my two cents.

rant & question

Last year I had to collaborate to a project written by an old man; let's call him Bob. Bob started working in the punch cards era, he worked as a sysadmin for ages and now he is being "recycled" as a web developer. He will retire in 2 years.

The boss (that is not a programmer) loves Bob and trusts him on everything he says.

Here my problems with Bob and his code:
- he refuses learning git (or any other kind of version control system);
- he knows only procedural PHP (not OO);
- he mixes the presentation layer with business logic;
- he writes layout using tables;
- he uses deprecated HTML tags;
- he uses a random indentation;
- most of the code is vulnerable to SQL injection;
- and, of course, there are no tests.
- Ah, yes, he develops directly on the server, through a SSH connection, using vi without syntax highlighting.

In the beginning I tried to be nice, pointing out just the vulnerabilities and insisting on using git, but he ignored all my suggestions.

So, since I would have managed the production server, I decided to cheat: I completely rewrote the whole application, keeping the same UI, and I said the boss that I created a little fork in order to adapt the code to our infrastructure. He doesn't imagine that the 95% of the code is completely different from the original.

Now it's time to do some changes and another colleague is helping. She noticed what I did and said that I've been disrespectful in throwing away the old man clusterfuck, because in any case the code was working. Moreover he will retire in 2 years and I shouldn't force him to learn new things [tbh, he missed at least last 15 years of web development].

What would you have done in my place?

!rant
Reddit comment on a thread about Joomla! sites being vulnerable to SQL-injections:

"Joomla sites are so infested they became sentient.

Joomla sites needs no webmaster, some one else will administer it for you.

Joomla sites have very good SEO, specially in "v1agra c1alis p3nis size"

Traffic count with Joomla is high, all the bots breaking all the vulnerabilities count for somethin'."

😂 Pure gold.

> phone has OEM unlock disabled
> phone is vulnerable to like 300 race conditions
> reboot phone, get to menu as fast as possible
> sure enough, what do you fucking know, option is unblocked for a split second if I get to and open the dev settings perfectly
> manage to pull it off again
> SETTING STAYS ON AFTER REBOOTING we have ourselves a winner

it's never this easy, i have yet to check if it has a key or not, will keep you posted, but if this all works this will have been the most retardedly-simple unauthorized bootloader unlock ever

As usual a rather clickbait title, because only the chrome extensions (as always) seem to be vulnerable:

"Warning – 3 Popular VPN Services Are Leaking Your IP Address"

"Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data."

"VPN Mentor revealed that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate"

"PureVPN is the same company who lied to have a 'no log' policy, but a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case."

"Hijack all traffic (CVE-2018-7879) "
"DNS leak (CVE-2018-7878)"
"Real IP Address leak (CVE-2018-7880)"

Don't you just love it when an official Docker image suddenly switches from one base image to another, and they automatically update all existing tags? Oh you've had it locked to v1.2.3, guess what, v1.2.3 now behaves slightly differently because it's been compiled with OpenSSL 3. Yeah, we updated a legacy version of the software just to recompile it with the latest version of OpenSSL, even though the previous version of OpenSSL is still receiving security fixes.

I don't think it's the image maintainers or Docker's fault though. Docker images are expected to be self-contained, and updating the base image is necessary to get the latest security fixes. They had two options: to keep the old base image which has many outdated and vulnerable libraries, or to update the base image and recompile it with OpenSSL 3.

What really bothers me about the whole thing is that this is the exact fucking problem containers were supposed to solve. But even with all the work that goes into developing and maintaining container images, it still isn't possible to do anything about the fact that the entire Linux ecosystem gives exactly zero fucks about backwards compatibility or the ability to run legacy software.

Apache Tomcat vulnerability "GHOSTCAT" allows read conduct files and implant web shells. All versions in the last 13 years vulnerable.

According to Security Researcher of Chaitin Tech : Due to a flaw in the Tomcat AJP protocol (the channel for Tomcat to connect to the outside, pass them to the corresponding web application for processing and return the response result of the request), an attacker can read or include any files in the webapp directories of Tomcat.

For example, An attacker can read the web-app configuration files or source code. In addition, if the target web application has a file upload function, the attacker may execute malicious code on the target host by exploiting file inclusion through "GHOSTCAT" vulnerability.

Apache Tomcat has officially released versions 9.0.31, 8.5.51, and 7.0.100 to fix this vulnerability.

Best way to avoid procrastination : We tend to avoid commitments or to do large tasks as even visualizing them seems tiring and the longer it takes, the vulnerable we are to distractions

So I use this simple trick
I break my task into numerous sub tasks. For example if I need to finish a feature before day end, I would first list down all the cases I can think of in order and write them down using actual pen and paper.
I then start implementing them step by step.
I mark them checked once done.
It gives me a sense of achievement as I see those checks besides the sub tasks and I can also take breaks between steps.

So all it takes is just first five minutes of planning.
I had to do the above procedure, for this post as well.
Hope it helps fellow developers
:)

I hate people who think they are always right.

A coworker who seemed to be a friend turns out to be an emotionally needy narcissist who seems to think that he is a perfect human being and is the best example of how to live.

Long story short is that we did some bonding via alcohol and smoking cigarettes. Especially when I was in a bad period in my life where I had little self confidence, was in a bad financial situation and overshared many details abound my personal life.

And yeah we also work as software devs in the same team but I started avoiding working with him directly, because due to his seniority he overcomplicates things a lot to the point where stuff gets postponed for months. Meanwhile I am a simple guy, I do my tasks and if they are not up to the standard I just work on the feedback until Im up to the standard, thats it. Its just a job for me, for him its a way of life and he considers himself to be basically an artist.

Hes always trying to prove me something, showing that the "long way" is the best way and so on. In reality I dont give a fuck about him. I live my own life and I have my own priorities. I work fulltime in one job, also I work part time as a freelancer and in total I make about 20 percent more than he does. Previously before this job I owned my own company where for 2 years I ran my own projects which generated a decent revenue. I know what is hard work and how to sacrifice myself in order to achieve results. I am more pragmatic and I have some limitations of what I can be good at (since I have a shitty working memory due to my ADHD). So I have systems in place and bottom line is that I earn a decent living and my skillset is different. Yeah I agree that in some ways he is better than me, but dude has such a massive inflated ego that now he thinks that he unlocked some sort of universal wisdom and now hes suddenly experienced in every field of life and his opinion is the right one.

This guy takes a massive pride in how good software engineer he is and in every topic or interaction he tries to one up me. Which most of the time is just his preference or in order to gain a 0.0001 percent performance increase. Dude is basically a big walking ego and since "we are close now" his ego started bleeding into personal relationship.

In my personal life, Im in a stable relationship, thinking of proposing soon and getting married. I already co-own an apartment with my current girlfriend. Everything is serious and planned, Im soon to be 30 years old. He is the same age but he still thinks hes young hot shit and all he cares about is getting shitfaced a couple times a week after work and he doesnt really have any other hobbies. He has a girlfriend but I dont see any future in there TBH.

So what I did now is I started putting some distance between us. No more drinking every week with him, maybe maximum once in 2 or 3 weeks. I started working from home more. Also I stopped sharing my personal life with him. Each time when he thinks he is right I just go along with it and dont even pay attention to his emotional manipulations. I just hope one day he fucks off completely and I wont give in to his gaslighting. Maybe in a few months I will be leaving this job, so I will never have to deal with him again.

Lesson learned: dont be vulnerable to coworkers who you bond together only via alcohol.

Random thoughts that I need to put somewhere. that I’ve been holding in and have to get out.

I feel like I’m more welcomed and wanted here than in real life. My friends don’t really think about me when making plans anymore, no one really thinks of me in general.

In school I was the awkward kid that was nice to everyone and I’m not taking the whole graduation well. I miss high-school and my vocational school, I miss my friends and I’ve just felt like things ended too soon and I just kinda feel alone

I wish I could just sit down and program and not procrastinate the only time I seem to be able to get stuff done is when I force myself. I feel like I’m such a shitty developer for not fighting it better. I need to be better.

I’ve not had a good few weeks. Since I’m taken a semester off from college no one in my family besides me is able to stay with a family member that’s in the hospital. I volunteered because I care for them deeply and want to help them. but it takes a huge toll on me since I have to be the one that listens to the doctors tells the rest of my family what’s happening. While Im kinda freaking out because I’m scared and nervous and NOT READY and I’ve had to stay a week there and I’ve been having to stay on and off and I haven’t really told anyone how I really am feeling about it all because I don’t like to be vulnerable in front of people and it’s been really hard and taking a toll and not helping the procrastination.

I work as pharmacist, but code as hobby and recently change job. Have far more options to improve work enviroment, but IT guy sucks balls so much.

Better no password, because you have to remember them.

Some users don't have privilages to do some things, but everyone knows boss password with all privilages.

It guys connects via teamviewet whn I check prescriptions with quite vulnerable data and after my step in he responds that he creates this Pharmacy store and has deal with boss to access database and others.

Due lack of controls there is working against law all the time

Small city so everyone knows everyone and you have to be ultra polite to doctors and after my little unpleasent situation doctor starts to be mad at all employers.

It guy was asked to change disc space on OS drive, but he replies that it will takie at least 2 hours and he doesn't have time, but it takes me 15min top and he was mad at me.

Ffffff....

I miss psychological safety. I'll define it as the willingness to be vulnerable to criticism and the belief that contrary opinions are embraced and judged on their merit.

When I first entered the startup scene my manager had exceptional candor. He had no qualms talking about how kids and personal projects caused his investment in his work to wax and wane.

He always made time to talk to me when I was frustrated and made me feel like he truly listened to what I had to say, even if he didn't act on it.

At the time, I attributed the safety to the company culture created by the CTO. The startup failed and eventually, I found my way to that CTO's next startup.

Completely different experience. I find myself in despair as I hear "I'm more senior and therefore am right and don't have time or interest in your ideas" blatantly stated.

When I disagree with people, I try to ask clarifying questions to identify where the divergence occurs. Sometimes I'm surprised and learn something new, sometimes my questions prompt reconsideration.

With the CTO (now CEO), we go in circles where he squirms, deflects, and outright refuses to respond to my questions. He cancels 75% of 1:1's and when we do talk he suggests that if I disagree I "should introspect which of my beliefs is holding me back from embracing his superior way of doing things"

Multi-hour slack wars suck the life out of anyone trying to ask questions. It's so exhausting to ask questions it's often cheaper and faster to wallow in despair for an hour and hack something together than descend into people shouting preferences at each other and shaming me for not already knowing the answer.

Perks, pay, and tech-stack are all cool. It feels selfish to be unhappy because I can't innovate or challenge the status quo. Having tasted that safety though, I'm left with an unquenched thirst that grows stronger with every conflict.

Just after watching Black Mirror : How fucked would you be, if there was a copy of you, which could give the accessor All information about you? 🤔 There's some really vulnerable secrets to anyone, so yeah, I would be super fucked 😂

Is there something you find genuinely cool and would recommend ? Some webpage, program, OS, library or anything ?

I mean hey. There are SO MANY reaaaally cool things I didn't know until last few months.. Things I'd be so grateful for if I knew them earlier. I'll list some of them and I just know you have few of yours too. Feel free to educate the rest!

Processing - Program so fun to code in + CodingTrain(YTB channel)
Microcorruption.com - so freaking awesome if you wanna learn hacking / assembly (not x86 necessarily)
LiveOverflow - cool hacking channel
Radare - cool cmd Linux disassembler
vim-adventures.com - LEARN VIM (not just how to quit it) LITERALLY by playing a game!!!!!!!!!!!!!!
slashdot - stay updated , like really
"BEST-WEBSITES-A-PROGRAMMER-SHOULD-VISIT" - GUYS THIS! Sorry for caps but search this on GitHub and you will fucking die of happiness of how freaking useful links there are and no bullshit to dig through , just pure awesomeness. REALLY
HandBrake - Top media converter without bullshit and bloat stuff in it
Calibre - Best eBook management software capable of literally everything ebooks related. Kindle is a bloated joke compared to this
QubesOS - You know you can have every OS running at once - you have a Linux but are playing win games. Yup. It's there. Free
Computerphile - You all know it, it's just for completeness
Khan Academy - Same
VulnHub - download vulnerable VMs and hack them, or learn by reading writeup on how to do it!
Valgrind - MUST HAVE for C/C++ programmers
Computer Science crash course videos

That's all I can think of from top of my head but hey, there's more to it so definitely add your 2 cents!

Last thing, if nothing, just check the websites on GitHub, that's lifechanger

Looking forward to see some cool links & recommendations!

@rutee07 is gone! Yaaaaaay!

Now, as I have your attention: on a serious note, your dick size-bragging, vulgar blabbering was fun for a moment, but this is what happens when you’re not truly being yourself. In real life, you’re a woman, I don’t know why you had to invent all that persona based on genitals you don’t have to pose as someone else. Without irony, I really liked when in your latest rants and comments your mask begun to slip, and you wasn’t afraid to show your true personality — complex, vulnerable, beautiful.

I forgive you. Perhaps, Rutee as a persona _should_ die, superceded by true you. I adore the gesture, and you will be missed.

Today I was minding my own coding-committing-pushing business, when all of a sudden, a split second before typing Enter on a command, the obnoxious UPDATE JAVA popup reared it's ugly head.

Normally I just politely recommend it to fuck off and let me manage my Java versions with homebrew on my own time. But I had no time to not press Enter, and so it rapidly started downloading/installing.

Thankfully I had juuust enough time to hit the cancel button. The progress bar it was showing stopped at 81%. Didn't even have time to read what it said. Crisis averted. Them NSA fucks be like, "curses, foiled again!"

This was probably the most intense moment of the year for me. I think my lifespan grew shorter a few months.

Dreaded auto-updates are getting smarter. They nearly got me when I was in a vulnerable state of hitting Enter many times. Stay on your toes!

TL;DR: I have some rambly shit to say...

Update on the Uni stuff: I think I got a pass in all the subjects. Two exams left but I am holding on. It's a big deal to me since last year I could barely do a single subject per semester - a subject I had failed a few times because of lack of interest and good ol' depression. Anyways, I persisted with that subject, got my Bachelor's in Food Technology and now I'm doing that Master's of mine... It probably looks wild to people here that I did that switch but I have always had a relationship with computers as long as I remember myself. So it's not surprising that as soon as I got a choice in what I *actually* wanted to do I chose this kinda thing. But I do have to rant that it took me 10 fucking years to choose! And that I did not choose it before choosing food technology which I will probably never use anyways. I wasted so much of my energy and time on that. I did elect programming as one of the subjects while doing food tech but I really should have moved to something else. But oh well. Guess I had to find out the hard way.

For all those reading, this is what it looks like when you're 30, have very little experience in doing programming for anything else than academics and are doing a major career switch through studies after struggling for 10 years with a 4-year Bachelor's. But such is life.

Also a bit off topic but I just cannot handle people not telling what they mean because of the inability or lesser ability to tell what that is in the first place.

I can't deal with the fact of how fucked human societies are. I just can't. I am way too nice for it. So I listen to stuff like true crime to really get a feel of how evil people can be. I know it's ~problematic~ or whatever, but to me it is a way of engaging with the lesser spoken side of human beings.

And maybe, just maybe, I should get checked for ADHD again because I feel like despite my therapy for depression, nothing really has changed with the ADHD symptoms I was diagnosed with. And maybe for autism since people have labelled me that way and it might explain some stuff... All that is to say I need some good mental care. And this society is shit for it. Hell, apparently one of the psychologists I was under the care of thought depression resulted from ungratefulness. All this while I was legit being abused. But that abuse has stopped now that I found a psychologist that is actually standing up for me. I just mourn for all the time I spent being depressed and how it fucked my memory and stuff. How much it affected me and all. I have no idea why I'm being this vulnerable but it feels somewhat fitting... How do you cope with being 30 and not remembering almost all your life? What you remember being what you managed to write down or has been negative enough it stuck in the brain for forever...

Just why am I fucking supposed to be all happy and shit when I am just tired of life because it is too goddamn much? I have no real reason to look forward to things, online friends and the offline one included. Because ultimately, I have no damn motivation to look forward to anything, really. I am supposedly doing better but in reality I am just getting better at going through the motions. The therapy, while mindblowingly effective, is not actually addressing the core cause of everything and just expecting me to fake it till I make it. And this is me saying that about CBT. Why should I have to tell myself things just to feel human? I am one and as long as I'm alive, nothing will change that. So why do I have to always feel like an alien wherever I am? So out of touch with myself that I don't have a self image or an ability to even tell what the actual fuck I want from life... I am getting better with the latter, but still. It hurts. I wanna shed so many tears but I'm frustratingly unable to do so.

I am just a human trying to human in this ocean of 8 billion humans. Maybe I will find some more connections, maybe I won't.

I wanna end this rambling session by a few things:
1. I will have to go to Canada at some point this year to see my in-laws and some other family over there...
2. I will probably have to seek a job there (for financial reasons it is much better for me to have one there and to work remotely in Georgia) and I have no idea of where to start since I am not the greatest material for it.
3. Life is going alright-ish.
4. I will hear from the startup company at some point this month.
5. I have plans for my future but no idea if they will ever come true at this point.
6. My family arrangement will have to change in more ways than one.
7. I should resume my unofficial first music album and engage in creative stuff because at the core, I have a need to do so.
8. Do I really have to do Duolingo again? I really want to not forget German and Russian, but I just never have practice. And Duolingo is surprisingly easy to forget to do for me.

The end.

Just posted this in another thread, but i think you'll all like it too:

I once had a dev who was allowing his site elements to be embedded everywhere in the world (intentional) and it was vulnerable to clickjacking (not intentional). I told him to restrict frame origin and then implement a whitelist.

My man comes back a month later with this issue of someone in google sites not being able to embed the element. GOOGLE FUCKING SITES!!!!! I didnt even know that shit existed! So natually i go through all the extremely in depth and nuanced explanations first: we start looking at web traffic logs and find out that its not the google site name thats trying to access the element, but one of google's web crawler-type things. Whatever. Whitelist that url. Nothing.

Another weird thing was the way that google sites referenced the iframe was a copy of it stored in a google subsite???? Something like "googleusercontent.com" instead of the actual site we were referencing. Whatever. Whitelisted it. Nothing.

We even looked at other solutions like opening the whitelist completely for a span of time to test to see if we could get it to work without the whitelist, as the dev was convinced that the whitelist was the issue. It STILL didnt work!

Because of this development i got more frustrated because this wasnt tested beforehand, and finally asked the question: do other web template sites have this issue like squarespace or wix?

Nope. Just google sites.

We concluded its not an issue with the whitelist, but merely an issue with either google sites or the way the webapp is designed, but considering it works on LITERALLY ANYTHING ELSE i am unsure that the latter is the answer.

Summing up my cynicism.

I live on a big shit pile in the middle of nowhere where biggest achievement is travel around the globe. It doesn’t matter that you can do it under a day using special piece of paper that everyone is bragging about.

At the same time I am trapped inside sack of meat that is slowly putrefy and is highly vulnerable to everything on this fucking place. Sooner or later I will shit under myself again.

And I even didn’t stared cause the real problem is that I can’t get the fuck out of here and everyone try to convince me that what I do is “important” and I need to start a family and shit like that, yet everyone believes in some higher power that says you don’t need all of this shit. Like what the fuck people ?!!?!!

How the fuck did I get here ? I must have been making jokes from someone important. If it’s true I’m really really sorry and now please get me out of this nightmare. I know I did something wrong and I sincerely apologize. Are we good now ?

Fucking hell !!!

What are the thoughts of privacy conscious people about quantum computers? As far as I understand current TLS version encryption method is vulnerable to quantum computers, thus if your ISP or other agencies store all your traffic data right now, they'll be able to decrypt it after gaining access to quantum computers.

One way to secure your privacy would be to use your own VPN that uses encryption method that is quantum-resistant, but again the VPN would be using TLS to connect to the Internet.

ScalaJs React compiles Scala to React.js.
There's some cool typing involved but I haven't done web front-end since nested tables were meta, so there's lots to learn.

There's exactly one senior dev at my company who is fluent in this ScalaReact, so I tag him in the PR for my project. Every day at 10:00 am, slack publicly posts a reminder with @mention that he hasn't reviewed my PR.

Three days later I haven't heard anything so I send a DM over slack asking for feedback... No response.

Four days after the PR I beg for 10 minutes of pairing time, because something in my component hierarchy smells funny. He doesn't have time for me until 5:00 .

I've now built almost a weeks worth of work on the original PR and the feedback I get is 'this works, is performant, and has no obvious bugs, but you can't merge it until you restructure the underlying component hierarchy'

It takes me and another senior dev an entire day of pairing to implement the changes without breaking anything. But, I asked for the feedback because I wanted to learn and write good clean code so I'm irritated but willing to move on.

Yesterday I posted in slack that I was having a hard time following my callback chains to find where the color was assigned to a <td (because I had to add a coloring rule). I wanted to know if I could change the type signature of a component from Tagmod (one or more HTML tags) to VdomTagOf[TableCell] so that it would be clear where the color was assigned.

Instead of just telling me 'no' and giving some context, the react dev gives me:

"Why would a dev need to know about the type unless they’re actually trying to use the thing ? Those are all great questions, but id suggest trying not to prematurely optimize for those until they actually come up"

I flipped my shit. After you couldn't make time for me for a WEEK I had to justify to the CEO why I was spending a day on PURE refactors to accommodate your PREFERENCES. Meanwhile when I'm being VULNERABLE and exposing that I am confused and struggling to complete my task you DISMISS my concerns and attack my motivations.

Unfortunately, this is all happening in the public slack channels and I start defending readability and my premise while triggered. Now I'm riding the shame train for fighting in public slack and trying to pretend none of this ever happened.

I'm learning Kotlin while trying out Android Things and that sparked my interest in learning more about Java platform again. I tripped upon the news that Oracle had change their commercial plans for the platform by going with the rolling release model and limiting LTS releases for paying customers.

Java SE 8 was one of those former LTS releases that was on my computer, leaving me vulnerable, despite that version still being the most compatible with many applications, and that's been on my computer well passed the date they cut off public support. And I'm, like, "WTF!?"

Luckily this is when open source shines at it's brightest. Both the home brew and corporations, such as Amazon and IBM, alike - mostly the latter - both agreed to create their own LTS releases using the OpenJDK code and all disturbing to the public FOR FREE with no strings attached and the sources opened. I'm sure Richard Stallman is smiling with glee.

It isn't a total finger towards Oracle. Java SE is based on OpenJDK with no difference between the two anymore aside from loss of LTS support from the public - that's it. So Oracle still benefits despite the retaliation. Probably?

Did Oracle learn nothing from OpenOffice? If the point was to get users to pay for security then they've failed in the long run because Java is open source. People have used that fact to create their own free distributions that bypass their paywall, making the need to go through Oracle pointless. And I'm glad. Open source aside, security is a big issue these days and the last thing people need is yet another thing to subscribe too.

I wonder if crypto exchanges are so damn vulnerable or just so transparent.

I mean, it is impossible to scroll tech articles for more than a few seconds before stumbling on a report of yet another crypto exchange being nicked a couple hundred mil USD.

- It could be that their security severely sucks (wouldn't blame them for it, most businesses do suck at securing shit).
- It could be that the entire black hat community is putting it's might on stealing money that is so fucking easy to launder.
- It could be that is damn nigh impossible to cover up a crypto hack since the evidence of coins drifting away is forever on display in the public ledger, and in that case crypto companies are not hacked more often than regular companies, they are just much more often publically shamed for it.
- It could be a mix of all the above, but my intuition is that one factor is more relevant.

Which would be the most relevant factor? One of the above or yet another attack vector to the stupidest value conduit ever?

When you deliver a site to a customer and find out that you forgot to prepare all the statements so that the website wouldn't be vulnerable to SQL injections. So yesterday I forgot to add that, had to close down all the connections to the website and rewrite all the statements. Everything is good now

How do you handle error checking? I always feel sad after I add error checking to a code that was beautifully simple and legible before.
It still remains so but instead of each line meaning something it becomes if( call() == -1 ) return -1; or handleError() or whatever.
Same with try catch if the language supports it.
It's awful to look at.
So awful I end up evading it forever.
"Malloc can't fail right? I mean it's theoetically possible but like nah", "File open? I'm not gonna try catch that! It's a tmp file only my program uses come oooon", all these seemingly reasonable arguments cross my head and makes it hard to check the frigging errors. But then I go to sleep and I KNOW my program is not complete. It's intentionally vulnerable. Fuck.
How do you do it? Is there a magic technique or one has to reach dev nirvana to realise certain ugliness and cluttering is necessary for the greater good sometimes and no design pattern or paradigm can make it clean and complete?

How to Create Beautiful and Durable Pie Boxes

Whether you are looking for a unique gift to give, or you are looking to protect the delicate items you hold, there are many ways to do so with the right pie boxes. By using a custom designed box, you can capture the essence of the delicacies you are storing and protect them for a longer period of time.

Protect delicate items
Using pie boxes is a good way to protect delicate items such as pies, cakes and desserts. However, you need to be sure that the box is the right size and shape to ensure that your item is safely packed. If you don't pack your delicate products properly, they could suffer from moisture and change in temperature.

Before you begin packing your goods, consider whether you should use bubble wrap or paper. While bubble wrap provides an extra layer of protection, it can also leave your product vulnerable to scratching. Choose paper to wrap your items, as it will prevent scratches and will keep them from shifting during transport.

When wrapping fragile items, you need to use a lot of packing tape to secure your package. You should also fill any empty space in the box. You can do this by using bubble wrap, or by adding extra padding. Make sure to mark your box as fragile and to place a label with your name and delivery address on all sides of the box.

Once you've completed the packaging process, you need to seal the box and place it in the shipping box. Besides bubble wrap, you may also want to include ice packs to add extra protection. A cushioned ice pack is another option for additional protection.

You should also use quality packing tape, and make sure to cover all the openings of your box. You can also use zip-up bags to help you keep your things in place.

It is important to know the best way to protect delicate items, so you can prevent them from damage during the shipping process. There are many ways to do this, but you should use the right tools for the job. Purchasing a box that is the right size and shape for your items is the most effective way to do it.

When you use custom pie boxes, you can rest assured that your pies, chocolate pies and other edibles will be safe. They're manufactured with modern equipment and environmentally friendly printing techniques.

Make a gift
Whether you are giving a pie for a birthday, wedding, or as a thank you gift, you can make pie boxes that are beautiful and durable. Several pie box designs are available online, but you can also create your own. Here are some simple instructions to make a simple, yet elegant box.

The first step is to print out a template of a pie box. You can use a piece of scrap paper or decorative paper for your design. If you are using decorative paper, cut out a rectangle the size of your box. If you are using colored cardstock, you will need to cut out a pie filling layer. Once you have a pie filling layer, copy it for several boxes. You can also add other designs or embellishments to your boxes.

Next, place your colored cardstock on your cutting mat. With your x-acto knife, cut out a rectangle that is as large as your box. You will need to fold it on the dotted line. If you are using an x-acto knife, it will be easier to fold the box. Alternatively, you can use a scoring stylus. If you have a Cricut, you can score the cardstock to make a scalloped box top. You can also use burlap ribbon or twine to wrap your box.

Once you have the box finished, you can decorate it with other decorations or embellishments. You can even use calligraphy or other techniques to make the box more special. To close the box, you will need a sticker or piece of tape. You can decorate the lid with patterned paper and a clear plastic screen. This will allow you to see the contents of your pie. You can also use embellishments such as ribbon, glitter, or other materials to make the box more fun.

If you are giving a pie for a holiday or party, you can decorate your box with a festive theme. For example, you can have a holiday tree on the front of your box. Or, you can dress it up for a tailgate party.