Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "attacks"
1995: Viruses create funny VGA effect
2000: Viruses send SPAM e-mails
2010: Viruses steal credentials
2016: Viruses launch DDoS attacks
2017: Viruses demand ransom
2018: Viruses mine crypto coins12
Welcome back to practiseSafeHex's most incompetent co-worker!
*sitcom audience cheers*
Thank you, thank you. Ok so far we've had a developer from hell and a CEO who shot to fame for being the first rectum to receive a passport and be given a job.
2 pretty strong entrants if you ask me. But its time to slow it down and make sure everyone gets a fair chance. Its not all just about the psychopaths and assholes, what about the general weirdo's and the stoners who just made life awkward?
So here we go, Most incompetent co-worker, candidate 3, "A".
"A" was a bit of an unusual developer, despite having a few years experience in his home country, he applied for an unpaid internship to come work with us ... probably should have rang alarm bells but hey we were all young and dumb back then.
I had to say I felt very bad for A, as he suffered from 2 very serious, and job crippling personal conditions / problems
- Email induced panic attacks
- Extreme multifaceted attachment disorder (also known in layman terms as "get the fuck away from me, and do your job" syndrome)
While he never openly discussed these conditions, it was clear from working with him, that he had gone undiagnosed for years. Every time an email would come in no matter how simple ... even the services team asking to confirm his staff ID, would send him into a panic causing him to drop everything he was doing and like a homing missile find me anywhere in the building and ask me what to do.
Actually "A" also suffered from a debilitating literacy issue too, leaving him completely unable to read our internal wiki's himself. Every week we had to follow a set of steps to upgrade something and every week to mask his issue, he'd ask me what to do instead ... no matter how many times I sat with him previously ... must have been truly embarrassing for him.
But "A"'s finest moment in the company, by far, was the day where out of the blue, at the top of his voice (as if wearing headphones ... without wearing headphones) he asked
"DO YOU KNOW ANYONE WHO SELLS POT?"
... why no, manager of the entire department standing behind you, I do not
... why no, tech lead talking to manager, I do not
... why hello 50% of my team staring at me ... no "A", I do not!
Needless to say all our team meetings were a little awkward for the next few weeks after that but hey who doesn't like being thought of as a stoner / drug dealer by their team mates huh?
Will A make it to the top of the list of most incompetent? Well he has some truly logic defining competition yet to be announced.
Tune in later for more practiceSafeHex's most incompetent co-worker!!!16
So someone is constantly ddos'ing the privacy/security blog.
Just wondering if they really think that 500 hits a second will bring the site down?!
500 h/s consumes about 0.1 percent CPU and 1mb/s.
At least give me a challenge 😥53
TL;DR: Got a really horrible supervisor temporarily fired, maybe permanently fired, got a laptop, and realized that senior devs are amazing when they stand up for the little guys
Omg... I love my coworkers!!! So like, I'm an incredibly shy dev, like, I only managed to get my internship purely because of my familiarity with c#, Android/UWP app development (although never apple, which you can read about in my last rant lol), and the API Management framework that they were using, so, long stories short, I'm insanely shy and I get anxious quite quickly in social situations, that'll be important in a bit. Anyways, so, in my previous rant (my first one actually, it was "that" bad...) I had a run-in with a rather unfair supervisor situation where he expected me to work on an iOS app without a Mac machine.
So, this is currently a little bit before my shift end, where I'm anxiously trying to get a MacOS VM up and running to be able to copy paste some psudo-code so as not to get in trouble, which is when the senior dev of the team walks by and sees me tearing hair out of my head and being really sad. So what does this god amongst men do?
He comes over and asks me what I'm doing.
Now, I didn't actually notice him, so when he asked me, I was insanely jumpy and scared that my supervisor would appear and be mad at me for not having things done, so I kind of half scream half yelp when he says something, so now he knows somethings up and he acts kind of like I'm an injured deer and slowly asks what's going on.
So, of course I tell him everything that had happened and how the supervisor got really mad about me not being able to develop iOS apps due to not having a Mac, and his expectation of me to get it magically working and getting to work on my module, and the selenium portal automatization, and after a couple seconds of me rapid fire nervous squirrel-like explanation, he holds up a hand and says "He what?!!!!? God dammit, how the hell are you supposed to do that? Jesus, you were supposed to get a company laptop when you got here, where's that??? And if you don't have that then how the hell were you working on the cross platform portion? You need a Mac machine for that, so let me get this straight... You've been frantically trying to find a workaround so that AS (let's call him AS for asshat supervisor (missing an s)) doesn't get mad at you... Who the hell... And this fuckers in charge of the interns??"
He was incredibly pissed off at this point, like, REALLY pissed off... But-
This man had just spoken miracles to me.
So I do what any self respecting intern would do, I start cry laughing and hug said BSD for a quick second (badass senior developer), and I say yep, pretty much ;-;.
And queue AS walking into my workspace and saying
AS- "are you done with the iOS a..."
BSD- "You've got to be kidding me, shut up for a second and sit down"
AS- "?" *Sits*
Me- *hides in corner and cinches up hoodie*
BSD- "Excuse me, but what did you ask benlion to do?"
AS- "Um, I simply told him to start working on the Xamarin app"
BSD- "Yes, but according to benlion, you angrily told him to start working on the Mac portion... Let me ask you something first, why would you do that? It's rude and inappropriate to be hostile to anyone at the workplace, in fact, if he wants to pursue to matter, you can get demoted, actually, if he wants to pursue it, you're fired, and there's no way I'm letting you get a management job again"
AS -"Wow, did benlion really say that? He's obviously lying due to his dislike for me, BSD, it's rather unfair to take his word over his superv..."
BSD-"Oh you did NOT just go there. That's it, stay here. And benlion, come with me." *Points at me*
Me- *Terrified out of my mind, almost to the point of a nervous breakdown because of the argument that I had started* "O-okay o_O"
Long stories short, we come back with his supervisor and he is now relieved of his duties temporarily while this whole thing gets settled...
Oh, and I get my Apple Laptop tomorrow ^-^ so I'm really happy, albeit kind of sad that its my fault that AS doesn't have a job right now ;-;, but he did yell at me and expect incredibly impossible things of me, so, not as bad as I might feel.25
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜
Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.
First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.
Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.
Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.
Dealing with attacks and getting hacked.
Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.
linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)
How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!
One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)
Dealing with different kinds of attacks:
Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.
So yah, hereby :P38
How to secure yourself from flash 0-day attacks:
1. Uninstall flash
2. Don't reinstall flash
3. Seriously, you don't need flash8
No, not in any relation to windows this time.
Dear Microsoft, why on earth did you put us on your spam blacklist? There haven't been any spam attacks from our side, our servers have nearly the highest 'reputation' that email servers can get, we comply to all security standards and yet you're blacklisting us.
If for some reason you think something is wrong at our side anyways, we've tried to contact you and we either get ignored or get a very late response saying that we'll get delisted again within a day/week or whatsoever.
Microsoft, please go fuck yourself.25
One week, and it turned out to be worse than that.
I was put on a project for a COVID-19 program in America (The CARES Act). The financial team came to us on Monday morning and said they need to give away a couple thousand dollars.
No big deal. All they wanted was a single form that people could submit with some critical info. Didn't need a login/ registration flow or anything. You could have basically used Google Forms for this project.
The project landed in my lap just before lunch on Monday morning. I was a junior in a team with a senior and another junior on standby. It was going to go live the next Monday.
The scope of the project made it seem like the one week deadline wasn't too awful. We just had to send some high priority emails to get some prod servers and app keys and we were fine.
Now is the time where I pause the rant to express to you just how fine we were decidedly **not**: we were not fine.
Tuesday rolls around and what a bad Tuesday it was. It was the first of many requirement changes. There was going to need to be a review process. Instead of the team just reading submissions from the site, they needed accept and reject buttons. They needed a way to deny people for specific reasons. Meaning the employee dashboard just got a little more complicated.
Wednesday came around and yeah, we need a registration and login flow. Yikes.
Thursday came and the couple-thousand dollars turned into a tens of millions. The amount of users we expected just blew up.
Friday, and they needed a way for users to edit their submissions and re-submit if they were rejected. And we needed to send out emails for the status of their applications.
Every day, a new meeting. Every meeting, new requirements that were devastating given our timeframe.
We put in overtime. Came in on the weekend. And by Monday, we had a form that users could submit and a registration/ login flow. No reviewer dashboard. We figured we could take in user input on time and then finish the dashboard later.
Well, financial team has some qualms. They wanted a more complicated review process. They wanted roles; managers assign to assistants. Assistants review assigned items.
The deadline that we worked so hard on whizzed by without so much as a thought, much less the funeral it deserved.
Then, they wanted multiple people to review an application before it was final. Then, they needed different landing pages for a few more departments to be able to review different steps of the applications.
Ended up going live on Friday, close to a month after that faithful Monday which disrupted everything else I was working on, effective immediately.
I don't know why, but we always go live on a Friday for some reason. It must be some sort of conspiracy to force overtime out of our managers. I'm baffled.
But I worked support after the launch.
And there's a funny story about support too: we were asked to create a "submit an issue" form. Me and the other junior worked on it on a wednesday three weeks into the project. Finished it. And the next day it was scrapped and moved to another service we already had running. Poor management like that plagued the project and worked in tandem with the dynamic and ridiculous requirements to make this project hell.
Back to support.
Phone calls give me bad anxiety. But Friday, just before lunch, I was put on the support team. Sure, we have a department that makes calls and deal with users. But they can't be trained on this program: it didn't exist just a month ago, and three days ago it worked differently (the slippery requirements never stopped).
So all of Friday and then all of Saturday and all of Monday (...) I had extended panic attacks calling hundreds of people. And the team that was calling people was only two people. We had over 400 tickets in the first two days.
And fuck me, stupid me, for doing a good job. Because I was put on the call team for **another** COVID project afterwards. I knew nothing about this project. I have hated my job recently. But I'm a junior. What am I gonna say, no?8
So, i tried to demonstrate my roommate how many people push their credentials to github by searching for "password remove" commits.
I decided to show him the file and noticed something interesting. A public IP, and mysql credentials.
I visit the IP and what do i see there, a directory listening with a python script, with injects the database into a webpage (???) and a log of all http requests. Lots of failed attacks aiming at the PHP CGI. Still wondering how they failed on a python server 🤔🤔🤔
Edit phpmyadmin to connect to the mysql database. Success.
Inserted a row telling him the his password is on github. Maybe i should also have told him how to actually remove it. 😅
Yes, root can login from %
This is how far i can get with my current abilities.
Scary how insecure this world is.4
This rant is a confession I had to make, for all of you out there having a bad time (or year), this story is for you.
Last year, I joined devRant and after a month, I was hired at a local company as an IT god (just joking but not far from what they expected from me), developer, web admin, printer configurator (of course) and all that in my country it's just called "the tech guy", as some of you may know.
I wasn't in immediate need for a full-time job, I had already started to work as a freelancer then and I was doing pretty good. But, you know how it goes, you can always aim for more and that's what I did.
The workspace was the usual, two rooms, one for us employees and one for the bosses (there were two bosses).
Let me tell you right now. I don't hate people, even if I get mad or irritated, I never feel hatred inside me or the need to think bad of someone. But, one of the two bosses made me discover that feeling of hate.
He had a snake-shaped face (I don't think that was random), and he always laughed at his jokes. He was always shouting at me because he was a nervous person, more than normal. He had a tone in his voice like he knew everything. Early on, after being yelled for no reason a dozen of times, I decided that this was not a place for me.
After just two months of doing everything, from tech support to Photoshop and to building websites with WordPress, I gave my one month's notice, or so I thought. I was confronted by the bosses, one of which was a cousin of mine and he was really ok with me leaving and said that I just had to find a person to replace me which was an easy task. Now, the other boss, the evil one, looked me on the eye and said "you're not going anywhere".
I was frozen like, "I can't stay here". He smiled like a snake he was and said "come on, you got this we are counting on you and we are really satisfied with how you are performing till now". I couldn't shake him, I was already sweating. He was rolling his eyes constantly like saying "ok, you are wasting my time now" and left to go to some basketball practice or something.
So, I was stuck there, I could have caused a scene but as I told you, one of the bosses was a cousin of mine, I couldn't do anything crazy. So, I went along with it. Until the next downfall.
I decided to focus on the job and not mind for the bad boss situation but things went really wrong. After a month, I realised that the previous "tech guy" had left me with around 20 ancient Joomla - version 1.0 websites, bursting with security holes and infested with malware like a swamp. I had never seen anything like it. Everyday the websites would become defaced or the server (VPN) would start sending tons of spam cause of the malware, and going offline at the end. I was feeling hopeless.
And then the personal destruction began. I couldn't sleep, I couldn't eat. I was having panick attacks at the office's bathroom. My girlfriend almost broke up with me because I was acting like an asshole due to my anxiety issues (but in the end she was the one to "bring me back"(man, she is a keeper)) and I hadn't put a smile on my face for months. I was on the brink of depression, if not already there. Everyday I would anxiously check if the server is running because I would be the one to blame, even though I was trying to talk to the boss (the bad one was in charge of the IT department) and tell him about the problem.
And then I snapped. I finally realised that I had hit rock bottom. I said "I can't let this happen to me" and I took a deep breath. I still remember that morning, it was a life-changing moment for me. I decided to bite the bullet and stay for one more month, dealing with the stupid old server and the low intelligence business environment. So, I woke up, kissed my girlfriend (now wife), took the bus and went straight to work, and I went into the boss's office. I lied that I had found another job on another city and I had one month in order to be there on time. He was like, "so you are leaving? Is it that good a job the one you found? And when are you going? And are you sure?", and with no hesitation I just said "yup". He didn't expect it and just said "ok then", just find your replacement and you're good to go. I found the guy that would replace me, informing him of every little detail of what's going on (and I recently found out, that he is currently working for some big company nowadays, I'm really glad for him!).
I was surprised that it went so smoothly, one month later I felt the taste of freedom again, away from all the bullshit. Totally one of the best feelings out there.
I don't want to be cliche, but do believe in yourself people! Things are not what the seem.
With all that said, I want to give my special thanks to devRant for making this platform. I was inactive for some time but I was reading rants and jokes. It helped me to get through all that. I'm back now! Bless you devRant!
I'm glad that I shared this story with all of you, have an awesome day!16
Me: *works all day and night to finish project before deadline*
Me: *has constant anxiety attacks. I'm gonna fail*
Me: *gets home and takes a 4 hour nap*
Everyone: OMG! I never see you doing any work. All you do is sleep and stare at your computer screen ALL DAY AND ALL NIGHT! You need to get a job and do something with your time instead of being a lazy shit!
And people wonder why I have no fucking motivation to do these things. You are not helping my anxiety, woman!12
Example #1 of ??? Explaining why I dislike my coworkers.
VP: VP of Engineering; my boss’s boss. Founded the company, picked the CEO, etc.
LD: Lead dev; literally wrote the first line of code at the company, and has been here ever since.
CISO: Chief Information Security Officer — my boss when I’m doing security work.
Three weeks ago (private zoom call):
> VP to me: I want you to know that anything you say, while wearing your security hat, goes. You can even override me. If you need to hold a release for whatever reason, you have that power. If I happen to disagree with a security issue you bring up, that’s okay. You are in charge of release security. I won’t be mad or hold it against you. I just want you to do your job well.
Last week (engineering-wide meeting):
> CISO: From now on we should only use external IDs in urls to prevent a malicious actor from scraping data or automating attacks.
> LD: That’s great, and we should only use normal IDs in logging so they differ. Sounds more secure, right?
> CISO: Absolutely. That way they’re orthogonal.
> VP: Good idea, I think we should do this going forward.
Last weekend (in the security channel):
> LD: We should ONLY use external IDs in urls, and ONLY normal IDs in logging — in other words, orthogonal.
> VP: I agree. It’s better in every way.
Today (in the same security channel):
> Me: I found an instance of using a plain ID in a url that cancels a payment. A malicious user with or who gained access to <user_role> could very easily abuse this to cause substantial damage. Please change this instance and others to using external IDs.
> LD: Whoa, that goes way beyond <user_role>
> VP: You can’t make that decision, that’s engineering-wide!
Not only is this sane security practice, you literally. just. agreed. with this on three separate occasions in the past week, and your own head of security also posed this before I brought it up! And need I remind you that it is still standard security practice!?
But nooo, I’m overstepping my boundaries by doing my job.
Fucking hell I hate dealing with these people.14
This fucker has some balls (I'm being completely ignorant), the day his website goes live guess who is going to flood it with Dados attacks.27
Multiple weird ones but one specifically where I fixed a bug over and over again and the second I pushed and deployed, the fix was gone both locally and remote.
I kept going more and more crazy and had rage attacks and such.
"Wait what, I changed and fixed this.. Let's try again"
"Huh, I definitely changed this..."
"Oh no, I fucking changed you"
"Go fuck yourself, I fixed this and pushed already, you can't just fucking disappear on me!"
"Oh yeah no of course, disappeared again, totally fucking logical. GET BACK HERE"
"I FIXED YOU A GAZILLION TIMES ALREADY, DON'T YOU DISAPPEAR ON ME AGAIN"
*NO. NO. NO. NO. NO. I. FUCKING. FIXED. YOU"
It went worse and worse for a while and then I woke up with a "....ahh" feeling 😅2
Just looked at the anonymous analytics I collect on the security/privacy blog.
No SQL Injection attacks yet (would be useless anyways as I don't use MySQL/MariaDB for the databasing.
Directory Traversal attacks. Really? 🤣
Nice try, guys.39
So, continuing with the story, I decided to quit today.
I'm not even a month there, and I'm running out of there in flames.
I've got 2 panic attacks in one week, I'm not sacrificing my mental health for some idiot's scam.9
Am I the only here who get so much PUSSY when encountering bugs in code?
P - panic attacks
U - uncontrollable anxiety
S - suicidal fantasies
S - sadness
Y - yearning to death12
Idea: Emoji passwords
Bdixbsufhdbe HEAR ME OUT
I know, I know, emojis belong with teenage girls on Snapchat but there are some theoretical benefits to emoji passwords.
Brute Force attacks are useless! With such a wide range of characters and so many different combinations, they just wouldn't be viable.
Dictionary attacks are less useful! Because those require...words.
They can be easier to remember. Tell a story with your emojis. Images are easier to commit to memory than combinations of letters and numbers.
Users would adopt the feature! For whatever reason, the general population fucking loves these things. So emoji passwords probably won't take very long to see use.
I don't know much about this last one, so I saved it for last, but I would imagine that decryption would be more difficult if the available values is quite vast. I dunno how rainbow tables and hash defucking works so I'll just put this here as a "maybe"
I went for an interview for a position stated as "web developer" . They questioned me on Pen testing and writing scripts for detecting attacks. This is how the interview went. Fucking get your shit together .Fucking waste of time3
FLOYD IS HERE 😎
Gather around kids, it's story time.
So my first breakup left me so damaged and I was in darkest phase of my life. I was alone. Physically, mentally, and emotionally. I went for therapy and spearheaded into success and grew in life soooo fucking much.
31st December 2016, I first joined dR and since the first day this place felt home. Met some of brightest mind and most amazing souls here (sadly many left the place).
I used to shit post and rant a lot. But I loved everyone here. But then I don't quite remember, but I decided to quit this place as community started to grow. Many others left as well.
I came back here in 2019 IIRC and started all over again. Got along well with new members and started having fun.
I used to crib and cry about being underpaid. Lost a kickass Europe job due to pandemic.
I will skip what all happened between me and @Scout but she is a sweetheart, though very rough and brutal with me at times (actually very often), but she is so selfish for me and cares for me that I couldn't resist but listen to her always. A lifelong friend for sure :)
I used to rant about my dumb office colleagues. Definitely not the sharpest minds but good people at heart (which I did not realise).
So in October 2020, I earned a new job and my company retained me with a 100% raise and a promotion making me lead of product innovation and UX.
November end I met a girl in professional context on LinkedIn who was conducting a workshop. Being hungry for learning, meeting new people and kill my lockdown boredom, I singed up.
Now I went for December break and my colleagues sent me a gift hamper when they came to know I got a promotion. I felt bad that I ranted about them so I deleted my account and also wanted a social detox.
Post the workshop, I started conversing casually with the girl I met. She was married. But things hit off. Eventually in February end I confessed that I had feelings for her and in next few days she reciprocated. I told her I was aware of her marital status and it's okay if nothing happens between us. Then she started to open up of how she was with one guy for 17 years and was abused in everyway and wanted to separate but never had the courage and all.
She decided to file for paperwork and then be with me. Things got messy when her family got involved thinking I was causing all of it.
She went back to her partner and I realised I had some emotional and mental issues of a person's past that bothered me. But we were overcoming it. Soon the honeymoon period started phasing out.
Her family started giving me death threats. We went underground even further. More arguments and fights between us.
@Scout kept telling me I was stupid and I disregarded her. I feel like an idiot for not listening to her.
That girl kept gaslighting me, hurting me intentionally, scratching the surface made me realise how broken and damaged she was. She lied to me and created fake persona of herself to make me fall for her. Everything was lie. Literally.
I felt horrible for trusting her. My trauma relapsed and I started having crazy panic attacks leading to self harm and being suicidal. That girl was drugged all the time with psychological medicines and very poor character & personality in general (I don't want to judge anyone but just stating the facts).
Eventually she just disappeared and I was like fuck this. Earlier, after every fight, she used to show fake affection and I used to melt but not this time.
I was like fuck this shit. I have some super amazing friends like @kiki who helped me overcome this. I started going for therapy and realised what all areas I need to improve. My therapist is soooo brilliant, she understands the root cause instantly and also knows how to fix it. And the same day I and both my parents were COVID-19 positive. Last few weeks were dark and haunting.
Further more, the girl comes back after a week and then acts as a 'nice girl'.
Initially fake affection, then drama, followed by making me guilt trip, then threats, and now blaming me.
I kept ignoring her calls (50 to 70 calls in a day), emails, left her unread on Telegram, and everything I could do to ignore her without blocking her. I started gaining my happiness back.
During this mess, I lost 5+ KG of weight. She has no friends in her mid 30s. Knows no life or survival skills. Her family hates her, no career, no emotional or mental maturity, literally nothing. Insanely dumb and toxic manipulative person who is not even worth being called an ex. As per her everyone around her is an asshole except her. Every time something happened, she used to blame and bad mouth the other person. Now she is doing with me. In all her life situations, either she was a hero or a victim. One upped me all the time. Now that I see it, I hate myself for allowing it all of it and now having enough self worth to walk out of it earlier.
Continued in comments...66
Client reads about MomgoDB ransomware attacks online.
Him: I heard that the MongoDB is not secure, we should use something else in our system.
Me: Those databases got attacked because security features were turned off. If you want you can have an external security team to test the system when it's done.
Him: I don't wana take any risk, so I we should use something else.
We have been working on this system for almost a year and the final stage was supposed to be delivered in a month.
He wants me to replace it with MySQL11
Remember that company that first brought me to devRant last 2018? The one I ranted about almost every day like it's the only reason I exist? They lost their client, it's the only project they have, and it's a pretty big one based in the US. Now they're in big trouble and the enemies they made from being a big bundle of cunts launched their own start-up.
A few days ago, a previous colleague texted me asking if we have available positions in the company I'm currently working for. He said "the client suddenly vanished". I asked, "What do you mean? They just vanished? Aren't there other projects?" Of course, he didn't answer and instead asked where I'm working now.
The last time I talked to him in person, he was saying that they will be sent abroad for that project and that the company has new projects lined up. I rolled my eyes internally but just said, "Okay". That was when I visited the office for the last time to get my clearance which I didn't get and didn't bother getting anymore otherwise I'll be in jail for arson because god damn it, those motherfuckers really make my blood boil. During that time, more than half of their employees were gone but they were so brainwashed, they still believed it had a future.
The first thing I did was open LinkedIn and add the two developers still in that hellhole. I trained some people there and those two had the least ego and had the best performance - resourceful and not as lifeless as a fucking placenta coming out of their mothers' vaginas. Now that I think about it, placentas have more nutrients and use than the vacuum-headed cunts left in that company.
In less than five minutes, they accepted, that's how you know the situation really is dire in there. I'm friends with one of the project managers (who hate the PM from the other company) so I offered to refer them and they went with it. The situation is interesting because PM1 (friend) before she became a project manager actually planned to move to the hellhole company with me, this was years before we knew it was hell where she was insulted by PM2 (PM of the hellhole) and some bitch cunts were very rude to her during the interview. Now those same cunts can't find a job and the roles were reversed. If they dare to apply for PM1's company, I'm gonna need all the popcorn in the world.
Why can't they find a job? A combination of two traits - incompetence and arrogance. Actually, it's more than that. They bully almost every employee that joins the company. Their motto is "We don't need experienced hires" and they treat the experienced ones like shit so 90% of the employees are junior developers egos bigger than Mandingo's cock. It matters more that you can drink and gossip with them than you can do your job. People working overtime all the time are praised instead of looked into because they're inefficient. People who leave on time are judged. People's social media profiles are stalked and gossiped about. Even the company owner and manager participates in personal attacks towards their own employees and humiliating somebody (inviting audiences) while they make someone cry is their sick display of authority and fun.
System admins don't know how to fucking chmod or even grep. I had several months where my job was to sit there and answer questions 'cause I can't do a fucking thing without being distracted. Then word would spread that I'm doing nothing. One time, I was working on a critical issue and this guy asked if I could help him. I said I can't right now. He said he will tell the client that he can't finish the task because I'm not very helpful. I said, "Go ahead, the only thing that would reflect is your lack of skill." Shit like that and frequent attacks had me drinking coke and vodka in the office. Eventually, I got depressed and the HR didn't leave me alone. They kept pressuring me to present a medical certificate on when I can come back. My psychiatrist refused because "depression doesn't work like that". I found out after I submitted my resignation that they planned to give me an ultimatum that if I can't provide a certificate within 30 days, they will fire me. Oh well, thank you.
It was fucking North Korea, I said it before and I'll say it now. They have no clue what's really outside their own bubble. They stayed in that shit hole thinking they're a bunch of Steve Jobs or that they own the world because their peers (who are retarded themselves) praise them. I looked forward to this day and it finally happened. They are forced to go outside and now they can all see what they're really worth - nothing.
Good luck finding a job, you fuckers. This year's gonna be great. Ah, the sweet smell of other people's misery in the evening. :)8
My IT team installed Antivirus on my 5 year old Mac Mini due to company security policy after the recent Ransomware attacks.
Now my Mac is slow as fuck. They are not even providing me new Mac, due to budget constraints. Totally fucked.
Fuck Ransomware. Fuck security policies. Fuck my company. Fuck everyone. Fuck everything. 😤13
Just got a new TV, 4K... it’s one of those smart ones, by Samsung.
Anyone want to explain what the fuck “McAfee Security for TV” is, and why the fuck it is necessary!?
What kind, of absolute waster madman goes “I know what I’ma do today, write a virus for a tv”!?
Take that shit elsewhere McAfee.
Now accepting any links to known Smart TV 0-days and attacks...
And I had to sign in to 5 different fucking accounts to get to the fucking tv.
The world is broke as fuck. Roll on the apocalypse.35
About 2 months ago. My job fired half the dev staff including the only other web developer. I am a junior, and now the sole web developer. I have been yelled at for not working fast enough and not knowing the code base well enough. (I did a lot of Rails, and this is a Spring shop). I have daily panic attacks about coming to work and having to be here for 8 hours. I have never felt more abused. I'm constantly stressed, and drinking more than I should. All advice given to me has been "just stay there til you find something else or they fire you." but it feels like no one really knows how unhealthy this is for me. My one hope is that I didn't bomb this interview at a university. I fucking hate my job.16
I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...
#1 - Most expensive lesson learned
Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.
This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...
After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.
Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.
#2 - Hardest to find
This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.
Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.
#3 - Most elegant fix
Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.
My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.
So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.1
Work at a media company that reports political news. The government tries to block, launch DDoS attacks, and send a group of thugs to protest outside the office. How to migrate to Canada again?14
We got DDoS attacked by some spam bot crawler thing.
Higher ups called a meeting so that one of our seniors could present ways to mitigate these attacks.
- If a custom, "obscure" header is missing (from api endpoints), send back a basic HTTP challenge. Deny all credentials.
- Some basic implementation of rate limiting on the web server
We can't implement DDoS protection at the network level because "we don't even have the new load balancer yet and we've been waiting on that for what... Two years now?" (See: spineless managers don't make the lazy network guys do anything)
So now we implement security through obscurity and DDoS protection... Using the very same machines that are supposed to be protected from DDoS attacks.20
Not to get political, but apparently the political climate in the world leads to the following situation.
"I'm being a fucking evil lying asshole. But I'm actually a good guy, because I'm doing it as pseudo-scientific research to show how easy it is to be evil and dishonest"
("Researchers" with an anti-FOSS motive attempting software supply chain attacks on Linux kernel)
What's next? "Scientists" killing puppies to show that, if someone was inclined to be that evil, puppies are weak and their necks snap easily?16
This is going to be a rant, but personally, I'm pleased with the outcome of my life now.
I was part of a community for a few years and decided to help them out with my knowledge of programming Lua nearly 2 years ago since they lacked developers for the project itself.
Since it was sort of a custom language that they modified how Lua worked on it, it took me a bit to adapt, but within a few weeks, I was pretty fluent in this so-called custom language they had. Began working on some major updates, additions, removals, and just optimizing this code base. It was a pretty old code base and needed a good chunk of love.
A few months later, I've implemented loads of features, optimized the base whenever I could, and then things start taking a turn for the worse. We get new 'developers' who haven't ever coded the language, and worse they couldn't afford to provide them development servers thus they ended up breaking my servers. I helped them and they learned, they were decent, but now the Seniors and CEO's of the project began to take a toll on me.
I was told that this community had a reputation of driving out developers, ruining their reputations, and that is what started happening. I started getting questioned if I was loyal to helping them, that I've become lazy, even though they were explained I've had mental health issues for a few years and have been hospitalized multiple times.
These sort of attacks kept happening for months, and then they finally pushed my buttons, where I was talking to another Senior of how we should redo the base since it's just so massive and a few tiny updates to the base take a few days to implement across the entire code. What instead happened was that I went to sleep, and this Senior told the CEO I was going to steal the code base and go sell it...
I woke up to messages of how the CEO is all pissed off, and that this what the Senior said. At this point, I started responding with, fuck it. I was so sick and fucking tired of their bullshit. I was the only fucking competent developer, and I did more work in the few months I was there then some people did in 2 or 3 years.
A few hours later I decided to go chat with the CEO and explained what was truly brought up, and he just brushed it off like I was lying. At that point, I lost it. I told him why the code base was horrible since he hired stupid ass developers. He didn't know how to code. People wanted certain items, and he wouldn't be able to add them for fucking months and players sit there making fun of it. Some people state the only differences they see within the code is the code I've done. Basically, he was an incompetent fuck that said he knew what he was doing, and had all these big plans for the future yet couldn't listen to the only competent developer and fucking claimed bullshit.
Now a few months have gone by, I'm looking at their community and it's basically dead with no proper updates except for copy and paste updates claiming to be custom coded. While I'm working on my real life businesses (Which are currently being a headache, but within the year should resolve its issues), starting University for my Computer Science degree here soon, and even considering building my own game here.
Basically, karma is a bitch and that's why when you get loyal people in your life, keep them. (Writing this at 3 am after a few drinks, hopefully, it made sense, I think it does.)
Anyways, goodnight everyone.5
So my previous alma mater's IT servers are really hacked easily. They run mostly in Microsoft Windows Server and Active Directory and only the gateway runs in Linux. When I checked the stationed IT's computer he was having problems which I think was another intrusion.
I asked the guy if I can get root access on the Gateway server. He was hesitant at first but I told him I worked with a local Linux server before. He jested, sent me to the server room with his supervision. He gave me the credentials and told me "10 minutes".
What I did?
I just installed fail2ban, iptables, and basically blocked those IP ranges used by the attacker. The attack quickly subsided.
Later we found out it was a local attack and the attacker was brute forcing the SSH port. We triaged it to one kid in the lobby who was doing the brute forcing connected in the lobby WiFi. Turns out he was a script kiddie and has no knowledge I was tracking his attacks via fail2ban logs.
Moral of lesson: make sure your IT secures everything in place.1
So my boss is staring a new security oriented product and he asked one of my colleagues to prepare a presentation about the possible attacks on the product.
During the presentation there was a section on DoS attacks. The boss didn't know what DoS was and after a brief explanation, he interrupted the presentation and said DDoS is not a threat because there is no data stolen. This is a webapp.7
SuperCell is hiring.. Here is their job description:
We need a new Builder. Are you an independent and passionate maker? Do you love spending 24 hours a day turning wood and gold into walls and defensive buildings? Do you answer the call to build even if that call comes at 4:00 a.m. and you haven’t had a day off in literally five years? If the answer to these questions is “Yes! Yes! A million times yes!” then we have a hammer with your name on it!
The focus of the Builder is to, uh, build.
You will be responsible for taking instructions from the player and building whenever and wherever they see fit. They say build and you say...well, you don’t say anything, you just build.
The world of Clash of Clans can get intense. Our Builder is expected to build quickly and expertly at all times, even while under great amounts of stress and/or attacks from Barbarians, Archers, Goblins, Giants, Wall Breakers, Wizards, and P.E.K.K.A.s.
Equally as important as building is rebuilding. All of the things you build will inevitably be destroyed, if not immediately, then soon after you just finished building or rebuilding everything. You can’t let it get you down. You must maintain your resolve and rebuild. Fast!
Must be willing to relocate to the World of Clash
Must build and maintain a wide-range of buildings, statues, and war machines.
Must be on call 24 hours a day, 7 days a week, 365 days a year
Must have up-to-date Level 9 Tesla Tower maintenance certification
Must have proficiency with building materials both common (wood, stone, etc.) and uncommon (lightning, lava, etc.)
Must provide own leather helmet
Must possess a passion for building
Must be comfortable working hands-on with molten lava.
Must adhere to strict dress code (orange sleeveless shirt, brown canvas pants, and boots).
Must speak fluent Barbarian
How to Apply
Send us your qualifications via e-mail to firstname.lastname@example.org or write out your qualifications and send them to us via Baby Dragon. Either format is accepted.4
So, packing up and leaving this hell hole.
In the end I just said that I had 2 panic attacks in the last week, and that I am leaving for medical reasons.7
Who has a DDOS attack story they want to share ? Dyn put up the good fight today... DDOS attacks can be incredibly difficult to deal with ... Internet of Things devices makes this an even more complicated situation. Outside of calling Prolexic, any vets have some good stories ?6
I wrote an app (took all morning until now) that tells me which shows and movies Amazon removed from Prime...
I forget why I wanted this... was it just to screw with Amazon because they rejected me....
The app is also going to tell me what movies/shows were added because they can't fucking sort them in chronological order by release date. I don't want movies from pre-1990s that were recently added...
Yes I could search for them manually but it's too fuckin tedious, gotta turn on like 10 filtering options...
And maybe I just want to run mini-DDOS attacks on their servers...13
So... did I mention I sometimes hate banks?
But I'll start at the beginning.
In the beginning, the big bang created the universe and evolution created humans, penguins, polar bea... oh well, fuck it, a couple million years fast forward...
Your trusted, local flightless bird walks into a bank to open an account. This, on its own, was a mistake, but opening an online bank account as a minor (which I was before I turned 18, because that was how things worked) was not that easy at the time.
So, yours truly of course signs a contract, binding me to follow the BSI Grundschutz (A basic security standard in Germany, it's not a law, but part of some contracts. It contains basic security advice like "don't run unknown software, install antivirus/firewall, use strong passwords", so it's just a basic prototype for a security policy).
The copy provided with my contract states a minimum password length of 8 (somewhat reasonable if you don't limit yourself to alphanumeric, include the entire UTF 8 standard and so on).
The bank's online banking password length is limited to 5 characters. So... fuck the contract, huh?
Calling support, they claimed that it is a "technical neccessity" (I never state my job when calling a support line. The more skilled people on the other hand notice it sooner or later, the others - why bother telling them) and that it is "stored encrypted". Why they use a nonstandard way of storing and encrypting it and making it that easy to brute-force it... no idea.
However, after three login attempts, the account is blocked, so a brute force attack turns into a DOS attack.
And since the only way to unblock it is to physically appear in a branch, you just would need to hit a couple thousand accounts in a neighbourhood (not a lot if you use bots and know a thing or two about the syntax of IBAN numbers) and fill up all the branches with lots of potential hostages for your planned heist or terrorist attack. Quite useful.
So, after getting nowhere with the support - After suggesting to change my username to something cryptic and insisting that their homegrown, 2FA would prevent attacks. Unless someone would login (which worked without 2FA because the 2FA only is used when moving money), report the card missing, request a new one to a different address and log in with that. Which, you know, is quite likely to happen and be blamed on the customer.
So... I went to cancel my account there - seeing as I could not fulfill my contract as a customer. I've signed to use a minimum password length of 8. I can only use a password length of 5.
Contract void. Sometimes, I love dealing with idiots.
And these people are in charge of billions of money, stock and assets. I think I'll move to... idk, Antarctica?4
We were going over man in the middle attacks today and I honestly just could not stop thinking about that SpongeBob episode where Squidward keeps intercepting the bubble messages between SpongeBob and Patrick and it was so dumb that I could not stop smiling.3
I setup an email server a couple of months ago.
The amount of port scans and brute force attacks I've received this month alone is awful.
JUST SOD OFF ALREADY, PLEASE.20
Sort of !dev
I can't do school anymore. I get so many panic attacks. I was shaking the entire time I was writing my essay today. It's hard to focus when your brain is fucking freaking out. I'm missing deadlines, failing tests left and right.
Real talk, I'm not dumb. This was never a problem. My University fucked me up and now I can't even look at an assignment without an electric feeling and I don't know what to do.
I had a panic attack during the opening crawl of Star Wars. I had to leave the theater. My anxiety is going to give me a heart attack one of these times. I'm 18, why am I experiencing health issues like this?
School isn't done right. How could this be the intended effect?9
Damn hackers! Within the course of a week, the internet of my country has been DDOS-attacked three times! Last week the attacks came from Russia or China". Yesterday they came from Russia and Ukraina. Is this a part of the Russian military exercises Zapad 17? Well, when an important part of the infrastructure is down and thousands of civilians are affected, it's for real and not an exercise.31
So today i went to another town for a car service, and by accident i met a very old man looking at the cars in the saloon, he was very calm person, in conversation he said he was system analyst and a COBOL developer in a big industry... but what got me the most he said he survided FOUR heart attacks... i don't know if that was a common practice for COBOL developers but i do php most of the time... so... i just wanted to say hello guys... and delete my browser history if i'm not around for some time :)6
Woo crunch time! The 3 panic attacks a day, no sleep, massive guilt complex, caffiene addiction, lack of seeing my wife, phone breaking(calling doesn't work), lawn needing mowing, upper management bothering all of my team, more guilt, more panic, inferiority complex, theory that coworkers think I am slacking, and technology just not working because the machine spirit decided I pissed it off is starting to get to me a little.3
Unnamed hacking game - "terminal" graphics
-Multiplayer. Last man standing.
-Like a tower-defence game but technical
You work for a company that has outsourced their technical department to Bykazistan, a country with good internet and bad laws. On one hand, labor is very cheap! There are no pesky laws protecting workers, so you don't need to pay them what they're worth. Phew. However, there are also no laws against cyber crime. But for a start-up like you, the risk is worth the reward!
...which would be great! If you were the only company with that idea. As it turns out, you aren't. All of your competitors also recently outsourced to Bykazistan, and that could be an issue.
You would be afraid, but you are a hardened businessman. You are familiar with the cut-throat nature of the business world and where others see risk, you see opportunity. Let the games begin.
Your mission is to protect your ciritical assets at all costs, eliminate your opponents, and make ciritical financial decisions - all while maintaining your uptime!
Build a botnet and attack your competition to decrease their uptime and disable their attacks. Port scan your opponents to learn more about their network, but beware of honeypots! Initiate devastating social engineering attacks - and train your employees against them! Brute-force their credentials, and strengthen your own.
Make sure to keep your software patched...6
This was a long time ago, when I was working part time in my uni helpdesk. as part of the uni IT service, they offered ISP services at the dorms. It was cheap, and fast. This essentially allowed students living in the dorms to connect thier personal computers to the uni LAN. Then one day...
An ARP poison malware infected some of those computers. An arp poison attack is simple (look at ettercap) - it redirects network traffic via the affected computer, and adds malware to webtraffic to infect more computers. One of these on a network is bad enough, but when there more then one... traffic was redirected a lot. this caused the Dorm switches to collapse under the load. Fun times to work at the helpdesk...
The IT guys came up with a solution for this: they blocked the arp poision attacks at the firewall, and then disabled the switch port for the infected computer for 24 hours. so, when someone called with 'I have no internet!', we told them to bring us the computer, and installed an AV on it.
3-4 month the problem was cleared.1
MASSIVE UPGRADE ROUND 2:
We took it by steps, the DBA did his portion and I did mine, we had waited for the entire thing to be finalized today on Sunday since our users are probably jerking off to their waifus (as they should) and today was my part. MA BOE the DBA was with me the entire time and the whole process took us about 4 hours of both of us getting multiple heart attacks here and there and praying to the elder gods of Asgard for their devine protection as we venture into the calamity of fire and juten ass mfkers that are our fucking servers for this particular process.
Man I really hope for the pandemic to be over and take my dude out for a nice beer, some wings and some relaxation time.
Best DB/Dev team I have ever been with.8
I’m fairly new to maintaining my own webservers. For the past week the servers (two of them) kept crashing constantly.
After some investigation I figured it was due to someone running a script trying to get ssh access.
I learned about fail2ban, DOS and DDOS attacks and had quite a fight configuring it all since I had 20 seconds on average between the server shutdowns and had to use those 20 second windows to configure fail2ban bit by bit.
Finally after a few hours it was up and running on both servers and recognized 380 individual IPs spamming random e-mail / password combos.
I fet relieved seeing that it all stopped right after fail2ban installation and thought I was safe now and went to sleep.
I wake up this morning to another e-mail stating that pinging my server failed once again.
I go back to the logs, worried that the attack became more sophisticated or whatever only to see that the 06:25 cronjob is causing another fucking crash. I can’t figure out why.
Fuck this shit. I’m setting another cronjob to restart this son of a bitch at 06:30.
When i started my work I encoubtered this db(one of 4): more than 20 tables, some with 200 columns literally... EVERYTHING is a varchar 😓.
I'm slowly designing some normalized tables with real fk on new features and projects and people are like: how the fuck did you implement this feature so fast? the other guy spent 3 months designing this form (and I'm just speechless):
The form was some sort of crazyness shit passing input names as "name-of-property" and a file only to check if(name="string") then store a number value to an array and save it as a "number" (actually varchar) on the db. literally more than 50 if statements to do this.
Everything on a single table that made no sense at all.
Just wtf... At least my boss let me start if from scratch cause he we were always having panick attacks every time he needed to do something with it. 😂😂6
Game for coders or really anyone interested in programming where you have simulated network on which you can perform attacks11
So, these guys came to me at work, asking if I knew how the "Low Orbit Scanner" worked...
I said: "no, what's that?"
They said: "It's that tool used for DDoS attacks"
So I replied: "Oh you mean Low Orbit Ion Cannon"
them: "yea that, you know how it works?"
me: "ye, but what do you want to use it for?"
them: "just want to learn how it works"
me: "you download it, run it then fill out the things?"
them: "but I tried it and it doesn't take out the server I tried"
me: "Means your PC is to much of a filthy casual, buy a new one"
them: "can't you help us getting it more effective"
me: "yes, but I rather not end up in jail... I have a job and a clean document..."
The looks of their faces, love to see that disappointment of my colleagues when I say (or atleast hint): "go figure it out yourself"3
You know you're passionate about computers when your completely immune to scams and phishing attacks but the mention of laptop stickers makes you type a rant about it. ~(￣▽￣)~
So I enventually spent 2 years working for that company with a strong b2b market. Everything from the checkouts in their 6 b2c stores to the softwares used by the 30-people sales team was dependant on the main ERP shit home-built with this monstruosity we call Windev here in France. If you don't know it just google and have some laugh : this is a proprieteray FRENCH language. Not french like made by french people, well that too, but mostly french like the fucking language is un fucking french ! Instructions are on french, everything. Hey that's my natural language okay, but for code, really ?
The php website was using the ERP database too, even all the software/hardware of the massive logistic installation they had (like a tiny Amazon depot), and of course the emails of all employees. Everything was just handled by this unique shitty and so sloooooow fucking app. When there was to many clients on the website or even too many salespeople connected to the ERP at the same time, every-fuckin-piece of the company was slowing down, and even worse facing critical bugs. So they installed a monitor in the corner of a desk constantly showing the live report page of Google analytics and they started panic attacks everytime it was counting more than 30 sessions on the website. That was at the time fun and sad to observe.
The whole shit was created 12 years ago and is since maintened locally by one unique old-fashion-microsoft dev who also have to maintain all the hardware of all the fucking 150+ people business. You know, when the keyboard of anyone is "broken" cause it's unplugged... That's his job too. The poor guy was totally overstressed on a daily basis and his tech knowledge just saddly losts themeselves somewhere in the way. He was my n+1 in a tech team of 3 people : him, a young and inexperimented so-called "php developer" who was in charge of the website (btw full of security holes I discovered and dealed with when I first arrive at the job), and myself.
The database was a hell of 100+ tables of business and marketing data with a ton of specific logic added on-the-go during years. No consistent data model or naming. No utf8. Fucked up relations that ends with queries long enough to fill books. And that's not all, all the customers passwords was just stored there uncrypted. Several very big companies and administrations were some of these clients. I was insisting on the passwords point litterally all the time, that was an easy security fix and a good start... But no, in two years of discussions on the subject I never achieved to have them focusing on other considerations than "our customers like that we can remind them their password by a simple phone call if they lost it". What. The. Fuck. WHATTHEFUCK!
Eventually I ran myself out of this nightmare. I had a few bad jobs already, and worked on shitty software already. But that one really blows my mind (and motivation for a time too). Happy it's over.1
Conversation yesterday (senior dev and the mgr)..
SeniorDev: "Yea, I told Ken when using the service, pass the JSON string and serialize to their object. JSON eliminates the data contract mismatch errors they keep running into."
Mgr: "That sounds really familiar. Didn't we do this before?"
SeniorDev: "Hmmm...no. I doubt anyone has done this before."
Me: "Yea, our business tier processor handled transactions via XML. It allowed the client and server to process business objects regardless of platform. Partners using Perl,
clients using Delphi, website using .aspx, and our SQLServer broker even used it."
Mgr: "Oh yea...why did we stop using it?"
Me: "WCF. Remember, the new dev manager at the time and his team broke up the business processor into individual WCF services."
Mgr: "Boy, that was a crap fest. We're still fighting bugs from the mobile devices. Can't wait until we migrate everything to REST."
SeniorDev: "Yea, that was such a -bleep-ing joke."
Me: "You were on Jake's team at the time. You were the primary developer in the re-write process saying passing strings around wasn't the way true object-oriented developers write code.
So it's OK now because the string is in JSON format or because using a JSON string your idea?"
SeniorDev turns around in his desk and puts his headphones back on.
That's right you lying SOB...I remember exactly the level of personal attacks you spewed on me and other developers behind our backs for using XML as the message format.
Keep your fat ass in your seat and shut the hell up.3
I went to uni for CompSci with knowing no prior knowledge.
In my first year of uni I created a DigitalOcean droplet to host an SQL server. I didn't change the root password or disable password login out of convenience and as I didn't think anyone would be able to find the IP address to be able to hack it.
Within 3 hours DigitalOcean had locked my account for using my droplet to send DDoS attacks. Support contacted me to ask what was going on. I knew nothing at the time so I was a bit 🤷♂️.
And that's when I learned the importance of changing your root password.
I worked for a company that was in entertainment news. Specifically rock music.
On the terrible night of the Battaclan (spelling?) terror attacks in Paris. Few years ago our site was one of the first to run the story (the main attack happened at a rock concert). Anyway the tech debt that we’d been complaining about for months reared it’s head. The site got so much traffic that it was just fucked all night. Literally couldn’t get the databases back up for about 7 straight hours.
What do you do when your redirect doesn’t go where you tell it?
Clearly I’m missing something.
I stepped through the code, following the failure path of Sheogorath’s Recaptcha. It fails as expected, and hits this redirect before doing anything else:
`return redirect_to new_user_session_path`
I verified that this redirects to the “/users/sign_in” path, and it returns so the server doesn’t even try to authenticate the user. It just nopes out as it should to prevent timing attacks.
But somehow instead of doing that and redirecting as it should, it signs the user in and redirects somewhere else entirely: the role select page, which only happens after authenticating an admin user. It never even hits my breakpoint after the recaptcha check! It never authenticates!
I think what I’m missing is my old reality where things made sense.5
First rant! I hate being OnCall. I'm just out of college, give me some time to ramp up without these panic attacks.3
I don't know what you guys think but I freaking love programming my own Minecraft client. It sounds childish but I love to see server owners rage when they see their Servers dying because of my exploits. It's a good feeling.
But I got 3 DOS attacks afterwards so there is a high risk to make lifetime enemy's.
Let us all post our dark side of knowledge and the shit we have done to amuse ourselves!11
With the recent attacks by governments and corporations on our freedom, I feel like this is more relevant than ever.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." (Benjamin Franklin)3
I fucking hate this low level programming shit. The fucking buffer overflow attacks and the whole understanding of the system architecture just goes over my mind. Can anyone who has found relatively useful resources be kind enough to refer them to me so my stupid mind can understand that better?15
When you're panic attacks stop Midway as you realise you don't have the time to deal with that shit you know you need a break1
Old unused military satellite to make international calls free. Local tv station to leak episodes. 4500 hosts zombie net with autoreplicant bots that scans for vulnerability to populate the net to do distributed denial of service attacks. Jumper on the neighborhood cabin to redirect the school's call for being absent, an older friend pretended to be my father.
The more I'm on here the more I remember all the shit I have had to deal with in the past.
Anyway, lets rant! I just moved cities after college to be closer to my family, I didnt have any work lined up at that stage but started job hunting the moment I was settled in, I did some freelance for smaller companies to stay afloat.
Eventually I got a job at this agency startup where "SEO" was there main focus, still very inexperienced they put me on frontend and data capturing but will teach me how to code using their systems in due time. At this stage I was getting paid minimum wage, but I was doing minimum work and it wasnt that bad.
A new investor bought 49% of the company and immediately moved into the office space to focus more on marketing (He was one of those scaly marketing guys that will sell you babies if he could get his hands on enough to make a profit).
This is where everything starts going to shit. He hires a bunch of "SEO Gurus", fills up the small office with people like sardines squished together. Development was still our main money maker at this stage, so there where 3 new more senior developers at this stage and I started learning a lot really fast.
Here are some of the issues we had to deal with:
1. Incentives - Great more money, haha! No, No, you where 5 minutes late so you only get half of the promised amount.
2. For every minute you are late we will deduct it from you paycheck (Did I mention I was getting paid minimum wage).
3. If you take a smoke break we will dock it from your pay.
4. Free gym membership to the gym downstairs, but you can only go once a week during your lunch.
5. No pay raises if you cant prove your worth on paper.
He on purposely made up shitty rules and regulations to keep us down and make as much profit as he could.
Here are some shitty stuff he has done:
1. We arent getting a 13th check this year because the company didnt make a big profit - while standing next to his brand new BMW.
2. Made changes over FTP on clients work because we where too slow to get to it, than blames me for it because its broken the next day and wants to give me a written warning for not resolving the issue Immediately. They went as far as wanting to fire me for this, gave me 1 day notice for meeting and that I can bring a lawyer to represent me (1 day notice is illegal, you need 5 days where I am from), so I brought a lawyer since my mom was a lawyer. They freaked the fuck out and started harassing me about this a week later.
3. Would have meetings all the time about how much money the company is making, but wont be raising our pay since no one has proven they are worth it yet.
4. Would full on yell at employees infront of the entire office if they accidentally made an mistake on a clients project.
One one occasion I took a week off for holiday, my coworker contacted me to ask a question and I answered that I will handle it when I am back the following week. Withing 2 hours my other boss phones me in a rage, "he is coming to fetch the company laptop from my house in 5 minutes, he will let me know when he arrives. Gives me no time to talk at all and hangs up - I have figured out what has happened by now so when he showed up he has this long speech about abandonment, and trust and loyalty to the company. So I pass him my laptop once he shut up and said: "You do know I am on holiday leave which you approved, right?", he goes even more silent and passes me back my laptop without saying anything, and drives off.
While the above was happening Douche manager back at the office has a rage as well and calls the whole office (25 people) to a meeting talking about how I abandoned the company and how disgraceful that is.
Those are the shitty experiences I can remember, there where many more like this. All of the above eventually led to me going into a deep depression and having panic attacks weekly, from being overworked or scared to step out of line. Its also the reason I almost stopped coding forever at that stage. I worked there for 2.5 years with the abuse.
I left 2 weeks after the last shit show, I am ok now and have my anxiety and depression well under control if not almost gone completely.
Ran into Douche Manager a few months ago after 9 years, the company got bought out and the first person they fired was him. LOL! He now has his own agency and is looking for Developers (They are hard to find he says), little does he know I spread his name far and wide to all and every Dev I knew and didnt know to avoid working for him at all costs. Seems like word of mouth still works in this digital age.
Thanks for reading this far!5
A new YouTube (AI) tool by google for battling misinformation failed in a highly public way on Monday, wrongly linking video of the flaming collapse of the spire at Notre Dame Cathedral in Paris to the Sept. 11, 2001, terrorist attacks.1
I dunno if you gents remember the Nickelodeon show known as Drake and Josh.
It was pretty big in Mexico and the U.S.
Well, one of the characters from that show is the singer/actor Drake Bell.
For a while, Drake Bell would **constantly** tweet about how much Justin Bieber sucks.
I aint denying that Justin Bieber sucks, i don't like his music at all.
But the constant attacks came out as jealousy, at least to me.
What does this has to do with development or even computers? Well this is EXACTLY how I feel about Louis Rossman CONSTANTLY making videos about apple products.
We get it man we really do, sadly for a lot of us the only way to get ios development done is through a fucking Mac
EVEN if his whiny ass is right about the hardware not being top notch and all that shit I AM still not able to explain a 2013(early...as in january) macbook pro still working with literally NO fucking problems. Before that the other macbook was just changed because we wanted the 2013 model. The thing worked, the one before did so too and the 2017 model that I have works, amazingly so i will add.
Still, the army of dell,hp and lenovo laptops that I've had before just died or are not functioning properly. Either it is my shit luck or Apple's "shitty hardware" got something really fucking right.
I think its retarded really. If you don't like them then fine, you don't have to, personally I fucking love all computers and os, but I don't get fanboys hating for the sake of hate.
the fuck you care if I spend 2500 on a computer? I would the same shit for your mom and the computer would last me longer.
Does owning multiple macs make me better than you? No
Does this mean that you are piss poor and can't afford shit and that is why you are hating? No
Will I call you <insert number of insults> gor your choice of pc or os? No
What is retarded is this: you all are DEVELOPERS(at least a good chunk) and your ass better fucking know that some people USE a certain tool because IT IS THE RIGHT ONE FOR THE JOB.
It is a damn fine operating system, a really good computing experience. It ain't your taste? Fine, das cool, but for fucks sake it does not mean that the other people are idiots or whatever.
Grow the fuck up and get yourself an opinion.20
I need guidance about my current situation.
I am perfectionist believing in OOP, preventing memory leak in advance, following clean code, best practices, constantly learning about new libraries to reduce custom implementation & improve efficiency.
So even a single bad variable name can trigger my nerves.
I am currently working in a half billion $ IT service company on a maintenance project of 8 year old Android app of security domain product of 1 of the top enterprise company of the world, which sold it to the many leading companies in the world in Govt service, banking, insurance sectors.
It's code quality is such a bad that I get panic attacks & nightmares daily.
Issues are like
- No apk obfuscation, source's everything is openbook, anybody can just unzip apk & open it in Android Studio to see the source.
- logs everywhere about method name invoked,
- static IV & salt for encryption.
- thousands of line code in God classes.
- Irrelevant method names compared to it's functionality.
- Even single item having list takes 2-3 seconds to load
- Lag in navigation between different features' screens.
- For even single thing like different dimension values for different density whole 100+ lines separate layout files for 6 types of densities are written.
- No modularized packages, every class is in single package & there are around 100+ classes.
Owner of the code, my team lead, is too terrified to change even single thing as he don't have coding maturity & no understanding of memory leak, clean code, OOP, in short typical IT 'service' company mentality.
Client is ill-informed or cost-cutting centric so no code review done by them in 8 years.
Feeling much frustrated as I can see it's like a bomb is waiting to blast anytime when some blackhat cracker will take advantage of this.
Need suggestions about this to tackle the situation.10
The most powerful weapon an engineer can ever have, is his mind.
What happens when someone attacks the mind and their mind is the system with most power?
When you attack the central system with most power of any person, they become extremely vulnerable and defenseless.
What happens when the mental state of an engineer has been attacked and damaged?
How to focus with a damaged mind?
I paid $55 for a therapy app on the ios store with binaural waves sound programming and mind healing sounds.
It helps. But temporarily. When the attacker gets in sight, the mind becomes vulnerable again.
How to develop a strong mind that can not be disturbed by external real world triggers or attackers?9
I know this is selfish, but this whole COVID-19 thing is driving me insane. The virus and quarantine I don't mind too much. What gets me is the number of people I see every single day having legit panic attacks because they can't buy "x" right now and it's the end of the world. I can't stand people who are literally in tears because they have to take an extra day off of work each week because of the state of the economy. I've been virtually unemployed for two years (not for lack of trying) and borderline homeless for six months. Grow up. You have a Lexus, a Range Rover, and a four bedroom house for you and your partner.22
On a previous job, my coworkers were jealous because I started going out for lunch some days of the week instead of staying with them at the office kitchen. So every time I went out, I came back to find some kind of small prank, and also a sign reading "Lunch Break Maffia Attacks Again". Once they made garlands by glueing/taping together a lot of sauce packets (mayonnaise, ketchup, and so on) in different patterns and decorated my whole box with them.
A new system developed at CSAIL was shown to have stronger security guarantees than Intel's existing approach for preventing so-called "timing attacks" like Meltdown and Spectre, made possible by hardware vulnerabilities.
Image courtesy of Graz University of Technology7
Many ATMs here in India are planning to upgrade from Windows XP due to the wannacry ransomware attacks.
I literally want wannacry to seize my data so that i can go ahead and pay them 600$ to do something that even the FUCKING GOVERNMENT wont do.7
Hmm.. I kinda want to add a terminal type feature to my portfolio project that let's you type commands to navigate the site or change some options. I could still keep the standard navigation elements for the people who get mini heart attacks when they even see a terminal xD
Is it a good idea to hack the website of my previous condescending and irrational boss? and do social media attacks on their online pages as well?9
Analogy: Assume a JVM is a kingdom, Object is a king of the kingdom, and GC is an attacker of the kingdom who tries to kill the king(object).
When King is Strong, GC can not kill him.
When King is Soft, GC attacks him but King rule the kingdom with protection until resource are available.
When King is Weak, GC attacks him but rule the kingdom without protection.
When king is Phantom, GC already killed him but king is available via his soul.
So Phantom ref is basically GC saying "Omaewa mo shindheru" and the object saying "Nani???"1
This post may contain spoilers to Doom 2016
Doom 2016 is so underwhelming and left such an empty void inside me ugh
I played through the whole game in about 7 hours, got all secrets and everything, like a 100% completion.
The music is fantastic, it fits the gameplay, and in combination with the good sound design it's a great experience.
The graphics are good as well, there are some hiccups like the Hell Guards' force field which looked like a kid mapped a sphere with a 240p texture in like 2005.
The story was OK, it's not really present there, because it's a game about slaying demons.
They had a minimal story, but they still messed it up somehow.
The ending of the game is an absolute wreck. After three bossfights stacked back to back, each of which took me like 20 minutes first try, which is less time than I spend on some levels even, I faced the Spider Mastermind, where Olivia dies for some reason, very undramatically, she just plops on the ground. Then the Mastermind appears, whose attacks are childish, and health is lower than the Cyberdemon. I got done with him in about 20 minutes as well. He also dies very undramatically.
Then, the cherry on top. Hayden just leaves you. That's all. Nothing else is told to us. What happened to the Hellslayer next? Did he go back to hell? What will he do there if there is nobody there anymore? Why did Samuel decide on sending him back to hell and not in his tomb? Why did the Slayer even get a backup of VEGA if he's not planning on restoring it???
All of these questions are left unanswered and this is absolutely killing me rn
Such a game leaves the player at such an anticlimactic ending with so many cliffhangers. They better be working on the next Doom where this is elaborated.15
Started testing brutforce and dictionary attacks on md5 hashes just to see how really insecure it is. So I moved on to phppass hashes (for wordpress passes and what not), put in a set of rules and wordlists. Went from processing Mhz on the gpu with previous settings to Khz with current setting, either this is some heavy shit or something is very wrong with my gpu 😅 (used hashcat for this fyi)
First time programming for work... Man in the middle student password changes. Yep that's right I'm being asked to write a program that will change students passwords on their Google accounts and local domain while also keeping a decryptable format password in a database. Granted it's much better than not letting students change their passwords at all. Plus were doing it because it will let us fix their issues while their out of school so...8
Novice computer enthusiasts argue that an application is safe because it's end-to-end encrypted.. but they don't realize this doesn't guarantee safety because of MITM attacks on possibly exploitable midpoints.
A good example of this is mail servers using TLS 1.2 but one or two of them not verifying certificate autorities.6
What are you guys doing against brute force attacks on your login webpages? I don't want anybody to access my porn ( ͡° ͜ʖ ͡°). But I don't want to block the useraccount because that would be annoying because you could simple lock a user out of his account :/ any suggestions? What are you doing on your sites?11
Avoided IoT(IoS - InternetOfShit) for a long time now, due to the security concerns with retail products.
Now I looked into 433 Transceiver + Arduino solutions.. to build something myself, just for the lolz.
Smallest Arduino I found has 32 KByte of programmable memory, a tiny tiny crypto library could take around 4 KBytes...
Set a symetric crypto key for each homebrewn device / sensor / etc, send the info and commands (with time of day as salt for example) encrypted between Server <-> IoT gadget, ciphertext would have checksum appended, magic and ciphertext length prepended.
Be safe from possible drive-by attacks, still have a somewhat reliable communication?!
Ofc passionate hackers would be still able to crack it, no doubt.
Question: Am I thinking too simple? Am I describing just the standard here?14
Headsup: if you're making a game, or want to, a good starting point is to ask a single question.
How do I want this game to feel?
A lot of people who make games get into it because they play and they say I wish this or that feature were different. Or they imagine new mechanics, or new story, or new aesthetics. These are all interesting approaches to explore.
If you're familiar with a lot of games, and why and how their designs work, starting with game
feel is great. It gives you a palette of ideas to riff on, without knowing exactly why it works, using your gut as you go. In fact a lot of designers who made great games used this approach, creating the basic form, and basically flew-blind, using the testing process to 'find the fun'.
But what if, instead of focusing on what emotions a game or mechanic evokes, we ask:
How does this system or mechanic alter the
*players behaviors*? What behaviors
*invoke* a given emotion?
And from there you can start to see the thread that connects emotion, and behavior.
In *Alien: Isolation*, the alien 'hunts' for the player, and is invulnerable. Besides its menacing look, and the dense atmosphere, its invincibility
has a powerful effect on the player. The player is prone to fear and running.
By looking at behavior first, w/ just this one game, and listing the emotions and behaviors
in pairs "Fear: Running", for example, you can start to work backwards to the systems and *conditions* that created that emotion.
In fact, by breaking designs down in this manner, it becomes easy to find parallels, and create
these emotions in games that are typically outside the given genre.
For example, if you wanted to make a game about vietnam (hold the overuse of 'fortunate son') how might we approach this?
One description might be: Play as a soldier or an insurgent during the harsh jungle warfare of vietnam. Set ambushes, scout through dense and snake infested underbrush. Identify enemy armaments to outfit your raids, and take the fight to them.
Mechanics might include
1. crawl through underbrush paths, with events to stab poisonous snacks, brush away spiders or centipedes, like the spiders in metro, hold your breathe as armed enemy units march by, etc.
2. learn to use enfilade and time your attacks.
3. run and gun chases. An ambush happens catching you off guard, you are immediately tossed behind cover, and an NPC says "we can stay and fight but we're out numbered, we should run." and the system plots out how the NPCs hem you in to direct you toward a series of
retreats and nearest cover (because its not supposed to be a battle, but a chase, so we want the player to run). Maybe it uses these NPC ambushes to occasionally push the player to interesting map objectives/locations, who knows.
4. The scouting system from State of Decay. you get a certain amount of time before you risk being 'spotted', and have to climb to the top of say, a building, or a tower, and prioritize which objects in the enemy camp to identity: trucks, anti-air, heavy guns, rockets, troop formations, carriers, comms stations, etc. And that determines what is available to 'call in' as support on the mission.
And all of this, b/c you're focusing on the player behaviors that you want, leads to the *emotions* or feelings you want the player to experience.
Point is, when you focus on the activities you want the player to *do* its a more reliable way of determining what the player will *feel*, the 'role' they'll take on, which is exactly what any good designer should want.
If we return back to Alien: Isolation, even though its a survival horror game, can we find parallels outside that genre? Well The Last of Us for one.
How so? Well TLOU is a survival third-person shooter, not a horror game, and it shows. Theres
not the omnipresent feeling of being overpowered. The player does use stealth, but mostly it's because it serves the player's main role: a hardened survivor whos a capable killer, struggling through a crapsack world. The similarity though comes in with the boss battles against the infected.
The enemy in these fights is almost unstoppable, they're a tank, and the devs have the player running from them just to survive. Many players cant help but feel a little panic as they run for their lives, especially with the superbly designed custom death scenes for joel. The point is, mechanics are more of a means to an end, and if games are paintings, and mechanics are the brushes, player behavior is the individual strokes and player emotion is the color. And by examining TLOU in this way, it becomes obvious that while its a third person survival shooter, the boss fights are *overtones* of Alien: Isolation.
And we can draw that comparison because like bach, who was deaf, and focused on the keys and not the sound, we're focused on player behavior and not strictly emotions.2
Doing a talk on 'Security in PHP' and live demo on web attacks and safeguard tips this Saturday. Any tips fellow Ranters...?13
So easy to make typographic attacks on image recognition models.
Depending on your implementation, you may need to change your entire model.
Well after working a normal office job for a while I'm kinda starting to think I thrive on isolation.
All of the people, the noise, the distractions, the lights, it's all so overwhelming. I have constant anxiety attacks.
Idk does anyone relate with this? We're they ever able to overcome? Cope? Bend their employer to the will of their isolationism by working at home more often and still producing results despite the Beck and call to "please stay in the office and fit in our prescribed work time box, you robot."3
At Rackspace there are lights on the walls that go off for things like ddos attacks, fire alarm, etc. The being a code rainbow. Meaning "evacuate the building".
Every time we deployed to prod I always joked one day that it would fail so spectacularly that it would cause a code rainbow.4
Hey guys, I'll be starting my oscp/pwk course soon, any suggestions as to what should I study beforehand or types of attacks I should practice?
My plan was to potato today.
... But given anxiety, might as well have a minor heart attack and a few panic attacks on the side.
Plus, second day of no proper food seems to be helping that cause greatly too.
At this rate, I'll die of dehydration first. Lol. My greatest regret is missing out on the robot's uprising. Ain't got nobody I love deeply, so at least I don't feel regrets for people I leave behind. Tiz a short meh life I've lived.
Aight. Ms NoRegrets is out.
In case you're stupid, let me clarify: I was being a drama queen. Shall fetch water... soon, hopefully.2
Kazakhstan Government issues certificates for MITM attacks on the public. WTF !!!
WTF kind of bullshit software is sonar.
I can't deploy my application because sonar is telling me that there is a vulnerability. So I look at it. IT'S A FUCKING DEV DEPENDENCY. Are you fucking serious sonar? I can't deploy because a dev dependency has a vulnerability that allows DOS attacks. What the fuck do you think will happen?! I'm going to DOS my own fucking application whilst coding or what? Who the fuck would even care?!
I fucking hate our Pipeline, all the tools behind it operate like shit. the only thing positive about it, is that I am able to deploy applications myself without having to call someone and wait a week. Because putting a file in a directory is hard ._.3
I didn't know that working with React will destroy my confidence like this, I know that coding is hard but being tasked to build a front end for a large project with React and use React Boilerplate (which is not for beginners) just a month after starting my first job as a front end developer is nowhere to be the perfect start to one's career.
the quarantine did not help, it made it worse, I have so much fear that I can't even see my code, I even wanted to write some simple side project to retake some confidence but I can't, I want to tell my boss that I can't continue but he's very nice that I don't want to worry him, and here I am having panic attacks and fear, not a fear of being fired, because I am prepared and I deserve it, but fear that I can't code any more, I am not a good developer, but it's the only thing I know.
I had low confidence before but not as much as this time, this time I feel like it's the end of everything, I keep staring at the screen for hours and I can't think straight.
I am lost and I don't know how to handle this, I became a bad father and a bad husband, I don't talk to anyone, not even my kids ...
as always thanks for reading me, I only have this community that understand me.4
Google researchers have exposed details of multiple security flaws in Safari web browser that allowed user's browsing behavior to be tracked.
According to a report : The flaws which were found in an anti-tracking feature known as Intelligent Tracking Prevention, were first disclosed by Google to Apple in August last year. In a published paper, researchers in Google's cloud team have identified five different types of attacks that could have resulted from the vulnerabilities, allowing third parties to obtain "sensitive private information about the user's browsing habits."
Apple rolled out Intelligent Tracking Prevention in 2017, with the specific aim of protecting Safari browser users from being tracked around the web by advertisers and other third-party cookies.2
Remember kids, passwd is a readable file! You can have a very bad day trying to figure out a user's shell from side-channel attacks and getting nowhere, or you could remember that it LITERALLY SAYS WHAT IT IS PUBLICLY IF YOU DON'T FORGET THAT IT'S THERE.
On the plus side, I learned a ton about what you can do with ssh arguments and debugging logs. Shit's pretty cool.5
BT "We'll give you BT Virus Protect, which protects against viruses, phishing and other online attacks."
Or... For a start, let your users provide a good secure password when signing up? More than 8 characters is a bit ambiguous. 20 minutes later and several attempts to find out it can't be longer than 20 characters, only upper and lower case letter and numbers aaaand must start with a letter is a bit s**t. Not to mention LatPass doesn't like it as you can't copy and paste.1
I can't believe companies fucking do this! If your users PIIs gets fucking leaked or the security is breached in any god-damned way it's YOUR FUCKING JOB to let the affected users know! 57 million users got affected! What the fucking fuck? I think they should pass proper laws where companies have to tell the victims about breaches, especially when it's at a such a huge scale. I get it that it's wasn't under Uber but some third party; but even so Uber should have talked about the level of security in their SLAs and maybe performed regular audits.
This is ridiculous!
I currently have to finish some intermediate report for a big international research project which my CEO forced us into because of the incentives. But he doesn't care for any of the research and just want to get the money.
Due to my inexperience I promised some things for this project, which now prove to be untenable. And now I realize all this and I get to deal with small anxiety attacks (especially today).
I just want to say "fuck you all" and go, but this no real option for me. That makes me totally exhausted, especially because it feels like a personal failure. :/2
My first public website... Please don't say how it is bad because I know believe me :) There is probably XSS and SQL innection attacks so feel free to play with it. Also it is on serbian but you will figure your way in and out (if you even open the website)6
I've been wondering about renting a new VPS to get all my websites sorted out again. I am tired of shared hosting and I am able to manage it as I've been in the past.
With so many great people here, I was trying to put together some of the best practices and resources on how to handle the setup and configuration of a new machine, and I hope this post may help someone while trying to gather the best know-how in the comments. Don't be scared by the lengthy post, please.
The following tips are mainly from @Condor, @Noob, @Linuxxx and some other were gathered in the webz. Thanks for @Linux for recommending me Vultr VPS. I would appreciate further feedback from the community on how to improve this and/or change anything that may seem incorrect or should be done in better way.
1. Clean install CentOS 7 or Ubuntu (I am used to both, do you recommend more? Why?)
2. Install existing updates
3. Disable root login
4. Disable password for ssh
5. RSA key login with strong passwords/passphrases
6. Set correct locale and correct timezone (if different from default)
7. Close all ports
8. Disable and delete unneeded services
9. Install CSF
10. Install knockd (is it worth it at all? Isn't it security through obscurity?)
11. Install Fail2Ban (worth to install side by side with CSF? If not, why?)
12. Install ufw firewall (or keep with CSF/Fail2Ban? Why?)
13. Install rkhunter
14. Install anti-rootkit software (side by side with rkhunter?) (SELinux or AppArmor? Why?)
15. Enable Nginx/CSF rate limiting against SYN attacks
16. For a server to be public, is an IDS / IPS recommended? If so, which and why?
17. Log Injection Attacks in Application Layer - I should keep an eye on them. Is there any tool to help scanning?
If I want to have a server that serves multiple websites, would you add/change anything to the following?
18. Install Docker and manage separate instances with a Dockerfile powered base image with the following? Or should I keep all the servers in one main installation?
19. Install Nginx
20. Install PHP-FPM
21. Install PHP7
22. Install Memcached
23. Install MariaDB
24. Install phpMyAdmin (On specific port? Any recommendations here?)
I am sorry if this is somewhat lengthy, but I hope it may get better and be a good starting guide for a new server setup (eventually become a repo). Feel free to contribute in the comments.22
I just saw this video on slow loris attacks (https://youtu.be/XiFkyR35v2Y).
So my question is: why even bother with creating a botnet for a ddos attack?3
So, following up my last rant.
I quit on Friday, this is what I said to my bosses.
"In the last week I had, 2 panic attacks, and I have 2 theories for this, one is that I have underlying psychological problems, the other theory is that we are under an impossible task, I choose to say now that I have to quit because I have psychological issues, but if you are willing to hear my other theory, that involves saying that meeting the deadline is not viable, then I can tell you that, so do want to listen that part?.
Bosses: No, we heard enough, we are going to have your contract terminated in order, and we will let you know when you can come and pick your paycheck."
So, that's them. Now about me and how I re-discovered GTD, or more precisely how I organized my whole weekend using taskwarrior with GTD, and why I think is going to be useful as a freelancer.
Before I feel good about telling you about my weekend I have to tell you a few things about myself.
I am a very impulsive person, I have a lot of energy in short surges, so I have to be able to maximize my activity when I'm in a surge, and I have to maximize my rest when I am not.
That's hard to do, it requires a balanced lifestyle, I am also very prone to being neurotic, and overwhelmed by the amount of stuff that I want to do.
And on top of that, when I am resting, I have surges of things that I want to have, do, or implement, it could be software related, as "Doing an app that will be the Uber of home services", to house improvements like, "I have to fix that leaking roof", and all the sort of stuff that happens in between hardware and software. That surge of consciousness doesn't allow me to have the proper rest that I need before I engage with activities again.
Because of this I have a very cyclic rhythm, with whole weeks burning my energy into doing stuff, and weeks resting doing very little and thinking too much.
Now about my weekend. Friday night I was browsing the web, and a thought came to my head. "The way you use your terminal, says a lot about your personality", and I got curious, so I searched for, "Show me your terminal", and found a post in dev.to to see all kind of nice terminal setups, from the very minimalist to very feature rich oh-my-zsh themes with plugins for git, aws and what not. One of these pictures really got my attention, a guy had set up his terminal to show him, how many task has he done in the day, and how many cups of coffee has he had.
So by investigating how he set up his terminal to show in the prompt the number of successfully completed tasks in the day, I found out that he was using taskwarrior, he was also kind enough to share the source code of his prompt setup, which I bookmarked to later incorporate that into my oh-my-zsh config.
After reading about taskwarrior, I also got a reference to GTD, I don't remember if this was one of those thoughts that I have and follow immediately, or if I read something that led me to a YouTube video summarizing GTD.
In the end, after watching that GTD video, I decided to give it a try to organize my life, and help me find a remote job, keep my house in order, plan my social activities as "hang out with friends", "visit mom and dad", and give the proper amount of attention to my GF, with whom I am deeply in love, and willing to spend the remaining of my years with her.
So my fist task was.
task add Ask for GF's parents blessing.
Which of course I have no intention of doing right now, but is one of the things that I will eventually have to do.
Then it started, I started adding tasks, and things to do, and go through the whole Capture phase of GTD.
Now it is a good time to write a small summary of what I think GTD is.
GTD is a life habit of organizing your life in todo-lists. And it was a very specific core method, that in the video summary that I watched was called CPR.
Capture, Process and Review.
When you capture you just add your tasks to a bucket list.
So I took a notebook and started writing down everything that I wanted to have done. I also started to capture ideas as they came up to me, I did this by writing a telegram saved message in my phone, or directly adding it as a task in TW.
I read my telegram messages and put them into my task warrior list, then I started to organize my tasks into projects, breaking down every task that was not an atomic unit.
* And different projects started to emerge from this. One of them was project:Housekeeping.
And here's my screenshot of what I did this weekend, also the number of projects that I have, and all the things that I have to do in order to have what I think would be a very balanced, fun, and productive life.
You'll be able to see in the screenshot, that there's a blocked task, yes, tw allows you to organize dependencies too, so one task is delegated, and blocked by the delegation task.1
So, I have never been a big fan of Oracle, for many reasons.
I did not think I would see their executive meeting with Donald Trump to try to take advantage of his comments about their competitors. Comments and attacks which the leader of the country is using to distract from himself.
Business is business, so more power to you. Be as greasy as you want Oracle, but man that's...
So in the past 3 days I've almost had 6 heart attacks, I've been giving public speeches for random classes at my school as a practise.
Today I'm going to some capital city finals shit whatever you call it and I have to give a public speech to fuc knows how many people.
I wrote a speech about lies in 700 words, speech has to be 5 minutes, oh yeah, in English. It's not my native...
Man, I am not ok at all Xd, they had to choose the one who has anxiety dosorders.2
I just saw a marketer announcing a new partnership between their entertainment service and Facebook. Mouthbarfed a little. Then two posts below was an actual ad marketing for Facebook.
The comments were filled with cynical disgust and personal attacks on Mark Zuckerberg. This is probably the best moment I've ever experienced on LinkedIn. Let's hope his new partnership goes great.2
Last night the Russians stroke again. It's become obvious that these Ddos attacks are not performed by just some casual hackers, but are part of cyber warfare - just as I suspected in one of my rants a couple of weeks ago6
I want to know if there is possibility to find a vulnerability on a .jar file.
I tried to install Kali on VM (for now) and tried to use metasploit but I found that it attacks the inter system on a indicated ip address.
There are many application or video (and so on) for my problem?
This .jar file is an application and I want to do pentesting...
Sorry for my poor english but it isn't my native language.
I'm new in pentesting wolrd 🤣8
I am still at the office, and I have come to the the conclusion it is alive. I am a parasite that works in it, but by doing so I give it value so it is maintained. It's name is Smarlethotep...
This shithead continuously wasted 2 lectures of CNS(Cryptography and Network Security) on debating: in a link to link encrytion if encryption and decryption takes place on every node, what if attacker attacks the node while the data is decrypted.
Though I couldn't care less about the lecture but this guy brings the same issue in every lecture
Do anyone have any idea about the link to link encryption?
I know already it encrypts the whole packet with header and on each hop the data is decrypted and the destination ip address is fetched and encrypted again, but i don't know if it's possible to perform an attack on the decrypted data.3
March's Khyber Weather was out of ordinary
Phishing and CEO-scams continued in March with even more activity.
SUPO told in their annual letter that focused attacks are day-to-day deal against Finland and Finnish companies. Positive things being that functionality of communicational services was better than average and there were new guidelines published about IoT-products' minimal requirements in the Great Britain.
Finnish Communication Regulatory Authority
Is anyone around experienced with SDR, especially the HackRF?
I am trying to send OOK data at a certain frequency but it doesn't work. I am basically recording the wave, then using ooktools to decode the wave to binary and the hackrf_ook to send the binary. It doesn't work...
Using GNURadio for replay attacks works great, since I am not testing it on a rolling code device.
Has anyone managed to transmit binary (or hex) with the HackRF or any other SDR as a matter of fact? I cant use rfcat with the HackRF.
Going to a business summit tomorrow and I get to see a live hack and learn about cyber attacks.
Shit better be good.2
Is it just me or does anyone else wince when someone says the word "cyber" when referencing something on the internet ....like the current series of attacks ..... oh god ... i winced just typing that !
I hate the word, its an irrational hate i know still !1
Difference between security threat and programming bug ?
Found a cool paper about format string attacks which mentioned buffer Overflow is a security threat while format string is a programming bug.
Had no idea what that really meant.
Has anyone maybe a link to HTTP security topics in general?
I find often breadcrumbs, like in several different attack possibilities, but nothing comprehensive.
Mostly regarding HTTP 1.1 / HTTP 2 (h2c) and proxying.
I'm currently unclogging an whole ecosystem of proxies, endpoints, edge nodes and so on...
My knowledge is limited and it's frustrating to Google cause seemingly I get always just pieces of the puzzles but not a collection -.-
(Looking for specific information, e.g. regarding attacks like H2C Smuggling, HPACK attacks, stuff regarding Cookies / Headers / Encoding... But please not spread over several dozen pages where it becomes frustrating to read the same shit over and over again without learning something new :( )3
The NPC has stated that the personal data of atleast 2000 people was leaked after the attacks on the websites of the philippinian goverment on april 1, the data contains; names,adresses,passwords and school data.
Over 7 administrators of schools, universities and other goverment structures have been called out for not reporting on the leakage of personal info on public facebook groups and violaton of the NPC in under 72 hours.
The representatives of the next structures stood before the comission on the 23 and 24 of april
- Taguig City University
- Department of Education offices in Bacoor City and Calamba City
- the Province of Bulacan
- Philippine Carabao Center
- Republic Central Colleges in Angeles City
- Laguna State Polytechnic University
The agency has reported that none of the organisations had notified about the personal info leakage yet.
This is a good reminder that you should inform about security/personal info breaches everyone that might be related to it as soon as possible, even if it seems unecessary.
I handed in my notice last week, now I have to be held prisoner for 6 weeks in a company that hits all my Asperger triggers, and causes me daily panic attacks. But then... I get a big pay jump, remote working, more holiday.. and a much more fun project1
I have anxiety attacks and i wanted to get my mind of things. I took 2 internships at once so that my mind would stay focused. Turned out that was really the worst idea i ever came up with.
I was fretting a lot. People calling me from different time zones at 1-2 am midnight asking me about updates. Things went completely messed up faught with my friends.
So i messaged my boss. I told him i have some problems in life i need time to sort it. And believe me he said take a month off.
He is really the coolest boss i know (out of the 4 i ever worked dor 😅)
Guys a lesson don't overdo the things you love. You want to make it a good experience. But making it unbearable to yourself can make you hate your love for coding.7
So, for about two days ago I got hit with a crazy anxiety attack. My chest started to tighten and things seemed dark at the time.
I'm a CS freshmen this year and I find myself struggling with some subjects. I felt like I've dissapointed a lot of people that I really cared. Anxiety attacks have been happening recently. Do you guys have any advice for dealing with anxiety attacks ?
*sorry for the bad english4
I signed up to a website, and my password contained & symbol, got an error that password cannot contain that symbol, I thought we are way beyond vulnerability of SQL injection?
Or that symbol can be used for some other attacks?5
What is your opinion of having a LinkedIn profile with such details? Will it help or will it hurt? For me, I think it's too much.
Please remain civil and no troll attacks.3
Are there any sysadmins here who know how to deal with ddos attacks properly? I can even offer pay. Situation is that I launched my java app (gameserver) on linux debian and configured iptables to allow only specific ips. Basically I made only 1 port open for loginserver and if player logins into loginserver it adds his ip to iptables so hes able to proceed to gamesever. However I am still receiving massive up to 900MB/s attacks for example: http://prntscr.com/q3dwe8
It appears that even if I left only one port open, I still can't defend against ddos attacks. I made some captures with tcpdump and analyzed them on wireshark but to be honest I cant really tell what I'm looking at.
I am using OVH which is supposed to be ddos protected but maybe I messed up during iptables configuration, I'm not sure.
Can anyone help?15
I hate so much RStudio that it gives me anxiety attacks whenever I try to debug something with it. What a fucking nightmare1
Need advice about protecting ddos via iptables and whitelisting. Currently I launched my gameserver and am fighting against a massive attack of botnets. Problem was solved by closing all ports on my gameserver linux machine and shipping game.exe with injected c++ socket client. So basically only gamers who launch my game exe are being added to firewall iptables via the socket client that is provided in the game exe. If some ddosers still manage to get inside and ddos then my protection is good enough to handle attacks from whitelisted ips from inside. Now I have another problem. Lots of players have problems and for some reason shipped c++ client fails to connect to my socketserver. Currently my solution was to provide support in all contact channels (facebook,skype,email) and add those peoples ips to whitelist manually. My best solution would be to make a button in website which you can click and your ip is whitelisted auromatically. However if it will be so easy then botnets can whitelist themselves as well. Can you advice me how I could handle whitelisting my players through web or some other exe in a way that it cant be replicated by botnets?1