Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "attack"
Some 'wk306' highlights from different people:
Walk around the office in his underwear, because he forgot he left his trousers in the bathroom
Run a red light outside the office due to not wearing his required glasses. When questioned by co-workers, replied "I don't follow those facist rules"
Asking if we work less will we get paid more, because the project will take longer to do (while in a startup with no funding trying to secure some)
Tell a senior dev to stop testing in his spare time, as we won't be able to release on time if he keeps finding critical security bugs
Telling me "your timezone is not my concern", when asking for help with new tooling so we don't have to be online at the same time
Blaming my team for requesting too much help, leading to his team missing deadlines, in a meeting with very senior managers. When the reason we were requesting help was the handover doc we were given was filled with lies about features being finished and "ready to ship" and lacking any unit tests
Being accused of bullying and harassment to the CEO, because someone asked "did you follow up with X about the partnership they emailed us about". The person who was responsible, forgot 4 times, and saw it as an "attack" to mention it in team meetings
Telling an entire office/building mid November they've secured funding for at least the next year, then announcing in January after the Christmas break that its cheaper to move to India, so they are closing the office in 30 days3
Worst hack/attack I had to deal with?
Worst, or funniest. A partnership with a Canadian company got turned upside down and our company decided to 'part ways' by simply not returning his phone calls/emails, etc. A big 'jerk move' IMO, but all I was responsible for was a web portal into our system (submitting orders, inventory, etc).
After the separation, I removed the login permissions, but the ex-partner system was set up to 'ping' our site for various updates and we were logging the failed login attempts, maybe 5 a day or so. Our network admin got tired of seeing that error in his logs and reached out to the VP (responsible for the 'break up') and requested he tell the partner their system is still trying to login and stop it. Couple of days later, we were getting random 300, 500, 1000 failed login attempts (causing automated emails to notify that there was a problem). The partner knew that we were likely getting alerted, and kept up the barage. When alerts get high enough, they are sent to the IT-VP, which gets a whole bunch of people involved.
VP-Marketing: "Why are you allowing them into our system?! Cut them off, NOW!"
Me: "I'm not letting them in, I'm stopping them, hence the login error."
VP-Marketing: "That jackass said he will keep trying to get into our system unless we pay him $10,000. Just turn those machines off!"
VP-IT : "We can't. They serve our other international partners."
<slams hand on table>
VP-Marketing: "I don't fucking believe this! How the fuck did you let this happen!?"
VP-IT: "Yes, you shouldn't have allowed the partner into our system to begin with. What are you going to do to fix this situation?"
Me: "Um, we've been testing for months already went live some time ago. I didn't know you defaulted on the contract until last week. 'Jake' is likely running a script. He'll get bored of doing that and in a couple of weeks, he'll stop. I say lets ignore him. This really a network problem, not a coding problem."
IT-MGR: "Now..now...lets not make excuses and point fingers. It's time to fix your code."
IT-VP: "I agree. We're not going to let anyone blackmail us. Make it happen."
So I figure out the partner's IP address, and hard-code the value in my service so it doesn't log the login failure (if IP = '10.50.etc and so on' major hack job). That worked for a couple of days, then (I suspect) the ISP re-assigned a new IP and the errors started up again.
After a few angry emails from the 'powers-that-be', our network admin stops by my desk.
D: "Dude, I'm sorry, I've been so busy. I just heard and I wished they had told me what was going on. I'm going to block his entire domain and send a request to the ISP to shut him down. This was my problem to fix, you should have never been involved."
After 'D' worked his mojo, the errors stopped.
Month later, 'D' gave me an update. He was still logging the traffic from the partner's system (the ISP wanted extensive logs to prove the customer was abusing their service) and like magic one day, it all stopped. ~2 weeks after the 'break up'.8
Well, well, well, my new year's gift:
Someone is jamming thousands of requests per second, and NO firewall. JWT tokens that expires in 3 HOURS.
Now MORE THAN 40K stolen.
But, where did it come from? https://devrant.com/rants/4961285/...16
My level of frustration with Microsoft is growing to a point that I'm unable to contain it.
They buy Github, it was a great tool for developers because is FUCKING WORKED! New features were never beta tested on users unless they requested it.
Why in the absolute fuck am I getting all these new experimental bullshit features that literally make it harder for me to do my god damned job?
They provide me NOTHING but grief and sleepless weekends while I fix the god damned pipeline that's worked perfectly fine for YEARS.
Your business model is bad and your products are SHIT.
Fuck you Microsoft, I cannot even stress it enough. If I had a time machine that could go back 5 years and my options were: Tell the world about Covid, make sure Trump never became president, or stop the Github purchse. I would hunt down and brutally attack the team of executives that decided to buy Microsoft.
Words cannot adequately describe how much I want Microsoft to fuck off. If the company was a person and they died in a house fire it wouldn't be enough.
I just want a VCS that does what it's supposed to do. I don't need pipelines, I don't need image repos, I don't need static code analysis.
I JUST NEED A FUCKING VCS THAT CONTROLS VERSIONS OF SOFTWARE YOU IGNORANT FUCKS.20
Had a panic attack during a coding assignment and now every time I think about that problem I just start spacing. Noice.
Also dear companies: if you wanna ask your interviewees about trying to deduce a theorem out of nowhere, maybe do it in the first test and not in the last one. Cause that’s a shot in the dark to someone who’s not a mathematician and id feel waaay less frustrated if I didn’t give you 6 hours of my life just to end up with an arbitrary task like this.5
Our team really needs some workflow arrangement, and this time it was me who screwed up.
So we have to push an update to the Play Store and the App Store the Friday, the app is well tested on test environment then production environment, we got the ok so I uploaded a build, the app management team then continued the process of publishing..
During the weekend the app was approved and live to almost 500k user that can receive the update.
I got a phone call from the Project Manager at almost midnight, the time was really suspicious so I answered.
- Me: Hello.
- PM: Hi, sorry to call you now but the app is live and we have a problem.
- Me: what kind of problem? Let me check.
So I updated the app on my phone and opened it while I am on call.. I almost had heart attack!! WE PUBLISHED A VERSION POINTING TO THE TEST ENVIRONMENT. Holly shit
- Me: shit call the app management team NOW.
Eventually we removed the app from sale (unpublished it) and we submitted a new version immediately, once it was approved the next day we made the app available again (so for those who didn’t update yet, there will be no update to a faulted version, and no new users landing to a version with test data), I received one or two calls from friends telling me why the app is not on the store (our app is used nationally, so it’s really important).
Thank God there was no big show on twitter or other social media.. but it’s really a good lesson to learn.
I understand this is totally my fault, thankfully I didn’t get fired 😅4
Probably developing a complex food ordering website and client just stole the website and didn’t pay as it turns out our PM didn’t let the client sign a contract. Can’t sue as we have no legal binding documents.
We did managed to get access to the database and decided to change our passwords manually, but like I don’t get paid much for this2
Follow up to: https://devrant.com/rants/5047721/....
1- The attacker just copy pasted its JWT session token and jammed requests on the buy gift cards route
2- The endpoint returns the gift card to continue the payment process, but the gift card is already valid
3- Clients wants only to force passwords to have strong combinations
4- Talk about a FIREWALL? Only next month
5- Reduce the token expiration from 3 HOURS to 10 minutes? Implement strong passwords first
6- And then start using refresh tokens
BONUS: Clearly someone from inside that worked for them, the API and database password are the same for years. And the route isn't used directly by the application, although it exists and has rules that the attacker kows. And multiple accounts from legit users are being used, so the person clearly has access to some internal shit7
I was skimming a FedEx page to track a shipment when out of the corner of my eye I see “Watch list” and almost had a merry little panic attack because I apparently did not get the requisite amount of sleep for rational thought.
FedEx, our ideas of watch list are very different.17
This girl calls me everyday for 6 weeks after we had a one night stand, saying she loves me, then dump me two days before my trip to see her (literally a thousand miles away) as soon as she found somebody else.
Not gonna lie, I seem to be experiencing some sort of crap attack.1
My mans literally just wrote "Our company was under a hack attack" in an email.
What a time to be alive.9
If you have a new Alienware, I highly recommend not to try installing Ubuntu on it. I can't even describe how many levels of hell I went through to get stuff working, and how every Ubuntu base update gives me a panic attack.
From Ubuntu not installing with RAID settings, then not being able to boot in GUI mode because Nvidia drivers, to built-in keyboard, speaker and mic not working.
Praise the Ubuntu lord, now everything is working, but I still can't adjust the rgb keyboard colors :(25
Brazilian health ministry got a ransomware attack this night.
Why? Not because every city is demanding you to show you're vaccinated in order to go somewhere. Because you have to show it using a 20+ year old system.
Don't get me wrong the UI is nice.
But the servers...
Well, at least I have a document where my shots are registered.
And good luck to us living in this country, where we're known for gorgeous cities (people too) but also for a government that earns 200k+ while working 2 days a week and can employee 40+ people for sitting there and do no fucking shit.
No wonder if you get bad news from here every now and then, it's all true.
The ministries are dumb.
The president is dumb.
And worst. People too.
People don't care. Because they don't know they are part of 94% of more than 200 MILLION that earns minimum wage and strive to live bc the country BUYS things that we ALREADY PRODUCE and have to put a tax to every product to compensate them paying 5x times more to buy in dollars.
At least I'm not depending on this sucker of government, never cared about it.
You guys deserve to collapse and become poor again6
So, update on the ransomware attack on the health ministry in Brazil: wasn't a ransomware.
They just rerouted the DNS.
Apparently they've been trying to issue a vaccination passport, and the federal government has been pissy about it. And now everyone appears as unvaccinated. What a fuckin coincidence huh5
There are two weeks left until the PhD application results are published. But I'm having such awful nervous breakdowns. I don't even know, if it's anxiety or if I'm literally dying inside from something else. From an almost-heart-attack today when I got a trivial and unrelated bad-news email, to keep having weird dreams about things like end of the world and post-apocalyptic life, or being jumpy all the time.
... And it's not like it's life or death, I know that. I know that I can do other things if this doesn't stick. I know things will workout the way they should; I know all of those. But there's just something destroying my physical and mental health right now, and I don't even know if it's just the anxiety for the next big step in my career, or something else, or how I should deal with it.
... Anyways, amannoyed.7
Wasn’t an intended attack but our virus software had an update that meant it quarantined one on the windows startup files. Cue every user being unable to start up their pcs. That was a fun day!4
After all the rants I've written on this topic, no, no, fuck no. I ain't answering jackshit. The trauma is very real. I'm trying to not have a panic attack just remembering few of the times I've lost work, personal data, side projects, accounts, you name it.
Oh dear God it's hard to breathe...5
That might seem a bit random, but I started off this year with a nightmare (a literal dream) where I've fallen victim to remote code execution, because I cloned someone's git repo.
Is such a thing even possible? The closest thing I've found was this blog
(and the info on it was already worrying enough), but that shouldn't have affected my dream computer.
Some details I more or less remember:
* The execution happened right after git clone
* The uri to the repo was a custom domain (no github, gitlab or anything)
* no submodules
I just had a ptsd (not real ptsd) attack cause I remembered in one of my first jobs we had gulp, grunt AND webpack to build our angularjs project.
Did I fix that mess? Sure!
Will the memory of it stalk me until new year? Absolutely.1
Anyone ever stay on a set of projects they knew were going to fail? I got pulled off of 3 major projects to help another team that was failing at their very high visibility project. I got that back on track, but then they needed to keep me on for stabilization work and to onboard some folks. Then they still kept me on and my projects all suffered. I was very vocal to management about my concerns. Finally, management recognized that my projects weren’t getting done so now I’m back on them. The thing is, now it’s probably too late and I’m pretty sure I’m going to fail to meet deadlines on all three (plus there’s scope creep of course). I want to just walk away from this hell hole, but I’ve made some promises to folks that helped me get the job that I wouldn’t be a job hopper (been here 4 years, and each year is worse than the last). I think I’m just going to do the best I can and see what happens - and try not to have a heart attack in the process.1
i swear to god, my year end journey is taking the best kick out of me.
its less than 48 hours left now and shits that have happened since now are :
1. my mom cancelled our home to destination tickets once out of fear of omicron and then i had to rebook. that's INR 15000 down the drain with 0 returns and additional INR 6000 of re booking ( the ticket had 5 of my relatives and my mom's ticket. they are now reaching the place by train only)
2. just yesterday i found out that the bag that we are supposed to take had its zips rusted and i got to get it replaced. i also bought an additional trolley bag and kinda showed mg miser mindset and bought a 2 wheel large trolley instead of 4 or 8 wheeler and now the second trolley is a bitch to be carried on.
3.on friday , i ran a little extra , got exhausted , didn't had much food since diet, then ran some more in evening , then umm.., <exercised> some more in night . guess what ? the night was the chilliest in india , and my body caught cold, my sinus kicked in and i was on the verge of catching a fever which any stupid airport staff would directly declare as "omicron-coivd positive" . i didn't though, but this all could still happen , since i have not fully recovered from a runny nose.
4. its 48 hours left and i have just now caught this worst hiccups because i had to eat rice while watching standup comedies on a bed in a shitty posture .
this period of shitty happenings is not coming to an end. i just want a break for damn's sake. just yesterday i was on the verge of a heart attack when our dear old santa claus pm came on the television and started announcing .that guy has been known to fuck the whole country in his sudden announcements but thankfully he or omicron hasn't affected my journey plans........ yet
Anyone ever consider hanging up the office gig and pursuing a career in teaching Tech/IT? I’ve been part of a mentorship program at work for university kids, and it’s probably the most rewarding work I’ve done in a long time. I know the pay would be much less, but maybe I wouldn’t die of a heart attack at 50 like I’m heading for now?2
Few days off cause the month was like an motor race on drugs while having an heart attack.
I slept two days sitting either on the couch drooling or actually sleeping.
Yesterday I managed to wash and hang up a full cellar room of clothing... And cooked enough for a 5 head family with 3 teenagers.
Today parents drove over, brought even more food.
I started an telephone chain and now roughly 3-4 friends come over tomorrow to take the food and distribute it among their parents.
It's ... Irritating... How I need to have stress to reduce my stress level and feel more relaxed.
I'm glad I'm having a few more days off... I think I'm now in a near coma state due to eating.
Maybe I should go shopping tomorrow.... 🤔😆
I took this picture after a terrorist attack happened in my city. RIP https://en.wikipedia.org/wiki/...4
I'm not involved in the policy management, but my office uses Google account management. I also have to free trial one of the services I use, because my account got pwned in an attack long ago.
Turns out, my office gives us 6 different emails to choose from. Two different usernames (old, from 8 years ago, and the new one) as well as three website names (.net, .com, and another website).
Literal gold for 30-day trials.