You know what?

Young cocky React devs can suck my old fuckin LAMP and Objective-C balls.

Got a new freelance job and got brought in to triage a React Native iOS/Android app. Lead dev's first comment to me is: "Bro, have you ever used React Native".

To which I had to reply to save my honor publicly, "No, but I have like 8 years with Objective-C and 3 years with Swift, and 3 years with Node, so I maybe I'll still be able help. Sometimes it just helps to have a fresh set of eyes."

"Well, nobody but me can work on this code."

And that, as it turned out was almost true.

After going back and forth with our PM and this dev I finally get his code base.

"Just run "npm install" he says".

Like no fuckin shit junior... lets see if that will actually work.

Node 14... nope whole project dies.

Node 12 LTS... nope whole project dies.

Install all of react native globally because fuck it, try again... still dies.

Node 10 LTS... project installs but still won't run or build complaining about some conflict with React Native libraries and Cocoa pods.

Go back to my PM... "Um, this project won't work on any version of Node newer than about 5 years old... and even if it did it still won't build, and even if it would build it still runs like shit. And even if we fix all of that Apple might still tell us to fuck off because it's React Native.

Spend like a week in npm and node hell just trying to fucking hand install enough dependencies to unfuck this turds project.

All the while the original dev is still trying TO FIX HIS OWN FUCKING CODE while also being a cocky ass the entire time. Now, I can appreciate a cocky dev... I was horrendously cocky in my younger days and have only gotten marginally better with age. But if you're gonna be cocky, you also have to be good at it. And this guy was not.

Lo, we're not done. OG Dev comes down with "Corona Virus"... I put this in quotes because the dude ends up drawing out his "virus" for over 4 months before finally putting us in touch with "another dev team he sometimes uses".

Next, me and my PM get on a MS Teams call with this Indian house. No problems there, I've worked with the Indians before... but... these are guys are not good. They're talking about how they've already built the iOS build... but then I ask them what they did to sort out the ReactNative/Cocoa Pods conflict and they have no idea what I'm talking about.

Why?

Well, one of these suckers sends a link to some repo and I find out why. When he sends the link it exposes his email...

This Indian dude's emails was our-devs-name@gmail.com...

We'd been played.

Company sued the shit out of the OG dev and the Indian company he was selling off his work to.

I rewrote the app in Swift.

So, lets review... the React dev fucked up his own project so bad even he couldn't fix it... had to get a team of Indians to help who also couldn't fix it... was still a dickhead to me when I couldn't fix it... and in the end it was all so broken we had to just do a rewrite.

None of you get npm. None of you get React. None of you get that doing the web the way Mark Zucherberg does it just makes you a choad locked into that ecosystem. None of you can fix your own damn projects when one of the 6,000 dependency developers pushes breaking changes. None of you ever even bother with "npm audit fix" because if security was a concern you'd be using a server side language for fucking server side programming like a grown up.

So, next time a senior dev with 20 years exp. gets brought in to help triage a project that you yourself fucked up... Remember that the new thing you know and think makes you cool? It's not new and it's not cool. It's just JavaScript on the server so you script kiddies never have to learn anything but JavaScript... which makes you inarguably worse programmers.

And, MF, I was literally writing javascript while you were sucking your mommas titties so just chill... this shit ain't new and I've got a dozen of my own Node daemons running right now... difference is?

Mine are still working.

A dude with a THICK Russian accent just called me offering server security services.

After I politely declined, he insisted on a free audit of my servers. I declined that as well.

Now I’m backing up our DB’s and going through my nginx logs.

Am I being racist?

In a user-interface design meeting over a regulatory compliance implementation:
User: “We’ll need to input a city.”
Dev: “Should we validate that city against the state, zip code, and country?”
User: “You are going to make me enter all that data? Ugh…then make it a drop-down. I select the city and the state, zip code auto-fill. I don’t want to make a mistake typing any of that data in.”
Me: “I don’t think a drop-down of every city in the US is feasible.”
Manage: “Why? There cannot be that many. Drop-down is fine. What about the button? We have a few icons to choose from…”
Me: “Uh..yea…there are thousands of cities in the US. Way too much data to for anyone to realistically scroll through”
Dev: “They won’t have to scroll, I’ll filter the list when they start typing.”
Me: “That’s not really the issue and if they are typing the city anyway, just let them type it in.”
User: “What if I mistype Ch1cago? We could inadvertently be out of compliance. The system should never open the company up for federal lawsuits”
Me: “If we’re hiring individuals responsible for legal compliance who can’t spell Chicago, we should be sued by the federal government. We should validate the data the best we can, but it is ultimately your department’s responsibility for data accuracy.”
Manager: “Now now…it’s all our responsibility. What is wrong with a few thousand item drop-down?”
Me: “Um, memory, network bandwidth, database storage, who maintains this list of cities? A lot of time and resources could be saved by simply paying attention.”
Manager: “Memory? Well, memory is cheap. If the workstation needs more memory, we’ll add more”
Dev: “Creating a drop-down is easy and selecting thousands of rows from the database should be fast enough. If the selection is slow, I’ll put it in a thread.”
DBA: “Table won’t be that big and won’t take up much disk space. We’ll need to setup stored procedures, and data import jobs from somewhere to maintain the data. New cities, name changes, ect. ”
Manager: “And if the network starts becoming too slow, we’ll have the Networking dept. open up the valves.”
Me: “Am I the only one seeing all the moving parts we’re introducing just to keep someone from misspelling ‘Chicago’? I’ll admit I’m wrong or maybe I’m not looking at the problem correctly. The point of redesigning the compliance system is to make it simpler, not more complex.”
Manager: “I’m missing the point to why we’re still talking about this. Decision has been made. Drop-down of all cities in the US. Moving on to the button’s icon ..”
Me: “Where is the list of cities going to come from?”
<few seconds of silence>
Dev: “Post office I guess.”
Me: “You guess?…OK…Who is going to manage this list of cities? The manager responsible for regulations?”
User: “Thousands of cities? Oh no …no one is our area has time for that. The system should do it”
Me: “OK, the system. That falls on the DBA. Are you going to be responsible for keeping the data accurate? What is going to audit the cities to make sure the names are properly named and associated with the correct state?”
DBA: “Uh..I don’t know…um…I can set up a job to run every night”
Me: “A job to do what? Validate the data against what?”
Manager: “Do you have a point? No one said it would be easy and all of those details can be answered later.”
Me: “Almost done, and this should be easy. How many cities do we currently have to maintain compliance?”
User: “Maybe 4 or 5. Not many. Regulations are mostly on a state level.”
Me: “When was the last time we created a new city compliance?”
User: “Maybe, 8 years ago. It was before I started.”
Me: “So we’re creating all this complexity for data that, realistically, probably won’t ever change?”
User: “Oh crap, you’re right. What the hell was I thinking…Scratch the drop-down idea. I doubt we’re have a new city regulation anytime soon and how hard is it to type in a city?”
Manager: “OK, are we done wasting everyone’s time on this? No drop-down of cities...next …Let’s get back to the button’s icon …”

Simplicity 1, complexity 0.

Act I

Me (Lead Developer), Boss (Head of IT), CEO

> enter stage left CEO

CEO > "Alright Boss, give it to me straight. Are we going to be able to release app x by this date?"

Boss > "Yup we'll have a beta release on that date"

> exit stage right CEO

Me > types long email to Boss outlining exactly why we won't be able to release app x anywhere near that date, beta or otherwise, because:
1. We have a development team of 2
2. I've never developed an iOS app before
3. Developer 2 is still trying to understand git, because
3a. Developer 2 isn't even a developer (but he's doing iOS front-end so w/e)
4. We don't have the required database systems in place
5. Or CRM
6. Or CPQ
7. We'll need to conduct a security audit

Boss > "yeah, but CEO is gonna need to hear that date a few more times before he can fully understand"

Me > *internally screaming BUT YOU HAVEN'T TOLD HIM THAT AT ALL*
"ok cool just glad we're on the same page on that one"

My CTO told the COO and CEO i'd be finished SOC2 compliance by the end of December... On December 14th.

It takes 3 months to do the audit, let alone all the actual work. I hadn't even started yet.

He was fired shortly after that.

!rant Decided to use the DevTools audit thing to try to improve my personal website. An embarrassing number of hours later and I finally have to tell the perfectionist in me to chill.

Boss hands over to me an old security audit report and tells me "Go through this and check if all the problems mentioned have been resolved". Quick glance through the report shows all expected issues - SQLi, plaintext transmission and storage etc. I tell him that I need access to the application both from admin and a user with restricted privileges.
He hands me the admin credentials and tells me, "After you login in, just go the "Users" tab. You'll find the profiles of all the users there. You can get the emails and passwords of any user you want from there."
I had to hold back a chuckle. There's nothing to verify. If they haven't resolved storing plain text passwords in the database (AND displaying it IN PLAIN TEXT in the website itself (which to my surprise wasn't mentioned in the audit)), they probably haven't even looked at the report.

Data scientist: we need to whitelist a pod to connect to a database
Me: Whitelist? We don't use whitelists on private databases
DS: It's the new data warehouse database
Me: is it on <X> VPC?
DS: I'm not sure what that means but its ip is <real world ipv4>
Me: Are you hosting a publicly accessible database with all our end users information?!
DS: ...
Me: There goes our SOC2 audit controls...
DS: how long until you can white list it?
Me: I won't be whitelisting it. You need to put it on a private VPC and peer with the cluster, you'll have to rebuild all the Terraform and redeploy
DS: We didn't use Terraform because it takes too long, just white list the pods IP.
Me: No. I'm contacting the CISO and CTO...

Dev: Hey that internal audit you asked me to perform didn’t go so well

Manager: It has too! I’ll get in a lot of trouble if it doesn’t pass.

Dev: Ok well it’s a lot of work to get it to a passing state, we have to dedicate a lot of resources to fix all these findings.

Manager: We don’t have any spare resources, they are all working on new projects! Why did you have to find things??

Dev: ….It’s a lot of hard to miss stuff, like missing signatures on security clearance forms

Manager: Ok can’t you just say that everything is all good? They’ll probably not double check.

Dev: I’m not really comfortable with that…Look all of these findings are all just from one member of the team consistently not doing their job, can’t you just address that with him and I can make a note on the audit that issues were found but corrective action was made? That’s the whole point of audits.

Manager: You don’t get it, if anything is found on the audit I’ll look bad. We have to cover this up. Plus that’s a really good friend of mine! I can’t do that to him. Ok you know what? You are obviously not the right person for this task, I’ll get someone else to do it. Go back to your regular work, I’m never assigning you audits again.

a stored XSS vuln in a banner-like component, visible in ALL the pages in the portal. Anyone can attack anyone.

HOWEVER this was not discovered by 3rd-party security specialists during latest security audit. I have escalated this to my manager and got replied that unless client actively requests this to be fixed should I do anything about it.

FFS.. it's only 2 lines of code.. And there's nothing I can do about it.

Eventualy I was transfered to another project. Now it's not my problem anymore.

$ npm audit

> found 19 vulnerabilities (10 low, 5 moderate, 3 high, 1 critical)

$ npm audit fix

> fixed 0 of 19 vulnerabilities in 11987 scanned packages

> (use `npm audit fix --force` to install breaking changes; or do it by hand)

$ npm audit fix --force

> npm WARN using --force I sure hope you know what you are doing.

Me too, buddy. Me too.

*tries to SSH into my laptop to see how that third kernel compilation attempt went*
… From my Windows box.

Windows: aah nope.

"Oh God maybe the bloody HP thing overheated again"
*takes laptop from beneath the desk indent*
… Logs in perfectly. What the hell... Maybe it's SSH service went down?

$ systemctl status sshd
> active (running)

Well.. okay. Can I log in from my phone?

*fires up Termux*
*logs in just fine*

What the fuck... Literally just now I added the laptop's ECDSA key into the WSL known_hosts by trying to log into it, so it can't be blocked by that shitty firewall (come to think of it, did I disable that featureful piece of junk yet? A NAT router * takes care of that shit just fine Redmond certified mofos).. so what is it again.. yet another one of those fucking WanBLowS features?!!

condor@desktop $ nc -vz 192.168.10.30 22
Connection to 192.168.10.30 22 port [tcp/ssh] succeeded!

ARE YOU FUCKING FOR REAL?!

Fucking Heisen-feature-infested piece of garbage!!! Good for gaming and that's fucking it!

Edit: (*) this assumes that your internal network doesn't have any untrusted hosts. Public networks or home networks from regular users that don't audit their hosts all the time might very well need a firewall to be present on the host itself as well.

I just got four CSV reports sent to me by our audit team, one of them zipped because it was too large to attach to email.

I open the three smaller ones and it turns out they copied all the (comma separated) data into the first column of an Excel document.

It gets better.

I unzip the "big" one. It's just a shortcut to the report, on a network share I don't have access to.

They zipped a shortcut.

Sigh. This'll be a fun exchange.

I've caught the efficiency bug.

I recently started a minimum wage job to get my life back in order after a failed 2 year project (post mortem: next time bring more cash for a longer runway)

I've noticed this thing I do at every job, where I see inefficiency and I think "how can I use technology to automate myself out of this job?"

My first ever application was in C++ for college (a BASIC interpreter) and it's been so long I've since forgotten the language.

But after a while every language starts to look like every other language, and you start to wonder if maybe the reason you never seriously went anywhere as a programmer was because you never really were cut out for it.

Code monkey, sure. Programmer? Dunno, maybe I just suffer from imposter syndrome.

So a few years back I worked at a retail chain. Nothing as big as walmart, but they have well over 10k store locations. They had two IBM handscanners per store, old grungy ugly things, and one of these machines would inevitably be broken, lost or in need of upgrade/replacement about once a year, per location. District manager, who I hit it off with, and made a point of building report with, told me they were paying something like $1500 a piece.

After a programming dry spell, I picked up 'coding' with MIT app inventor. Built a 'mostly complete' inventory management app over the course of a month, and waited for the right time.

The day of a big store audit, (and the day before a multi-regional meeting), I made sure I was in-store at the same time as my district manager, so he could 'stumble upon' me working, scanning in and pricing items into the app.

Naturally he asked about it, and I had the numbers, the print outs, and the app itself to show him. He seemed impressed by what amounted to a code monkeys 'non-code' solution for a problem they had.

Long story short, he does what I expected, runs it by the other regionals and middle executives at the meeting, and six months later they had invested in a full blown in house app, cutting IBM out of the mix I presume.

From what I understand they now use the app throughout the entire store chain.

So if you work at IBM, sorry, that contract you lost for handscanners at 10k+ stores? Yeah that was my fault (and MIT app inventor).

They say software is 'eating the world' but it really goes to show, for a lot of 'almost coders' and 'code monkeys' half our problem is dealing with setup and platform boilerplate. I think in the future that a lot of jobs are either going to be created or destroyed thanks to better 'low code' solutions, and it seems to be a big potential future market.

In the mean while I've realized, while working on side projects, that maybe I can do this after all, and taken up Kotlin. I want to do a couple of apps for efficiency and store tracking at my current employer to see if I'm capable and not just an mit app-inventor codemonkey after all.

I'm hoping, by demonstrating what I can do, I can use that as a springboard into an internal programming position at my current gig (which seems to be a company thats moving towards a more tech oriented approach to efficiency and management). Also watching money walk out the door due to inefficiency kinda pisses me off, and the thought of fixing those issues sounds really interesting. At the end of the day I just like learning new technologies, and maybe this is all just an excuse to pick up something new after spending so long on less serious work.

I still have a ways to go, but the prospect of working on B2B, and being able to offer technological solutions to common and recurring business needs excites the hell out of me..as cringy and over-repeated as that may sound.

The fuck did I do wrong?

So I had 11 vulnerabilities 1 high.
I just npm audit fix

Now it’s 44 vulnerabilities

Manager: what is the estimations for this task A nd B?

Me: Task A: 3 months for 1 guys, and task B: 2 Months

Manager: ok, u can have a fresher, and finish task A, and u urself can pick task B, u can train him and bring him up to pace...

Me: (trying to recalibrate my estimations)...

Manager: oh and u have 3 weeks to deliver production ready scalable quality code with junits, documentation and testing done...

Me: then why the fuck did u bother for the estimates?

Manager: oh that is just for the process complaince...I don't want any trouble in audit...

!rant Finally got 100 across the board in audit and made a favicon/logo that I actually like.

My team manager showed me a web application of a new client and asked me if I can find vulnerabilities in it to push for a better product contract. She showed me the system architecture and asked me if I could try finding something from their login page. I politely refused since we don't have written permission to conduct a security audit (it's also a ministry website). She was pretty disappointed and idk if I'm doing the right thing not helping the company (I'm an intern but still). I'm sure I can scan in stealth but I don't think it's ethical on a corporate level. Thoughts?

I used to do audits for private companies with a team. Most of them where black box audits and we were allowed to physically manipulate certain machines in and around the building, as long as we could get to them unnoticed.

Usually when doing such jobs, you get a contract signed by the CEO or the head of security stating that if you're caught, and your actions were within the scope of the audit, no legal action will be taken against you.

There was this one time a company hired us to test their badge system, and our main objective was to scrape the data on the smartcards with a skimmer on the scanner at the front of the building.

It's easy to get to as it's outside and almost everyone has to scan their card there in order to enter the building. They used ISO 7816 cards so we didn't even really need specified tools or hardware.

Now, we get assigned this task. Seems easy enough. We receive the "Stay-out-of-jail"-contract signed by the CEO for Company xyz. We head to the address stated on the contract, place the skimmer etc etc all good.

One of our team gets caught fetching the data from the skimmer a week later (it had to be physically removed). Turns out: wrong Building, wrong company. This was a kind of "building park" (don't really know how to say it in English) where all the buildings looked very similar. The only difference between them was the streetnumber, painted on them in big. They gave us the wrong address.

I still have nightmares about this from time to time. In the end, because the collected data was never used and we could somewhat justify our actions because we had that contract and we had the calls and mails with the CEO of xyz. It never came to a lawsuit. We were, and still are pretty sure though that the CEO of xyz himself was very interesed in the data of that other company and sent us out to the wrong building on purpose.
I don't really know what his plan after that would have been though. We don't just give the data to anyone. We show them how they can protect it better and then we erase everything. They don't actually get to see the data.

I quit doing audits some time ago. It's very stressful and I felt like I either had no spare time at all (when having an active assignment) or had nothing but spare time (when not on an assignment). The pay also wasn't that great.

But some people just really are polished turds.

we just had a security audit

11 months ago I was tasked to audit 58 computer and 6 servers including network speed analysis. In the meeting with the client & stakeholders, they asked my boss how we will achieve this. He replied... "Pen and Paper. We have interns to capture all info into a spreadsheet ". GEEEEEEEZUS!!!

OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..

Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!

Here it goes..

Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.

OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.

Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.

Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..

I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..

Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.

I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..

I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.

WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...

WTF..Ok, cig break to let me think..

I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?

So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o

Unfuckin believable.. How did this ever work?!

Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!

So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..

If only the original procedure was working as it should.. bloddy hell!!

I should just quit. I am not paid enough to deal with this pissing contest.
Reviewer:
Need to add instructions (on readme) for installing pnmp, or if possible, have the top-level npm i install it (lol).
Also, it looks like we are no longer using lerna? If that's right, let's remove the dependency; its dependencies give some security audit messages at install.
Me:
it's good enough for now. Added a new ticket to resolve package manager confusions. (Migrate to pnpm workspaces)
Reviewer:
I will probably be responsible for automating deployment of this (I deployed the webapp on cloudflare pages and there is no work that needs to be done. "automating deployment" literally means replacing npm with pnpm). I disagree that it's good enough for now.

Imagine all readmes on github document how to install yarn/pnpm.

Lesson learned:
If you think an OOP static site developer can't handle modern JS framework, you are probably right.

No other language can do something as fucky as javascript.

"7 high severity vulnerabilities"
$> npm audit fix --force
"13 vulnerabilities (11 high, 2 critical)"

How is this fixed?!

It will be a great day when JS finally prolapses under the weight of its own hubris.

`npx create-react-app blah`
`cdls blah && npm audit`

63 vulnerabilities.
good fucking job.

To be fair, they're all minor, but they're all *exactly* the same, caused by the same freaking package. Update your dependencies already!

------

`npm i --save formik && npm audit`
68 vulnerabilities, three of them critical.

ugh.

I am slowly losing my mind and will to live because of this PCI audit, I hate it so much

Today I'm ranting about Windows. No, it's not "WiNdOwS sUcKs!", it's more like "But why!?"

See, I'm an IT guy for the year, and in my office they use Windows. Now once upon a time, they had Active Directory and all that (well, actually, they still do) but then they got some new computers running Windows 10, and for some reason they just couldn't join them to the domain!

Why can't they, you ask? Well, Microsoft only allows Win 10 Pro and up to join a Domain, and since these computers came with Win 10 Home, that wasn't possible.

Long story short, I now have some 30 computers that need to be upgraded (possibly from 7) to Win 10 Pro, and joined to the Domain.

Thing is, I would like to do that all in one go, so I look into how to automatically setup Windows.

"Ah! Got it, provisioning packages!"

Lest you think they work let me spare you now: they don't. Just like real computers where everything is different, provisioning packages failed to work twice, and after wasting about a week trying to make it work, I gave up.

So now I realized that I need to try a different method, a custom windows image. Issue is, I've got no clue how to make one. See, microsoft decided to go all in on the provisioning packages thing (they do have advantages in certain use cases), and seemed to decide that making custom images was no longer necessary, so they documentation was nearly impossible to find.

But after a lot of searching, I figured out how to do it:

1. Install Windows in a VM.
2. Put it in audit mode.
3. Install your stuff.
4. Create an unattend.xml file with certain customizations.
5. Put the unattend in Windows\System32\Sysprep
6. Generalize the image.
7. Boot WinPE.
8. Open the console.
9. Capture the image.
10. Wait an hour or two.
11. Done!

I'm over simplifying, it was a huge PITA, and yet there were still issues.

Maybe another time I'll talk about those.

Hurricane Maria - electricity audit

A vendor gave us what is turning out to be a very stable storage appliance/software, so we're happy for that. But even so, disks fail. So we need an automated way to identify, troubleshoot, isolate, and begin ticketing against disk failures. Vendor promised us a nice REST API. That was six months ago. The temporary process of SSHing(as root) to every single appliance(60-200 per site, dozens of sites) to run vendor storage audit commands remains our go-to means of automation.

I never thought clean architecture concepts and low complicity, maintainable, readable, robust style of software was going to be such a difficult concept to get across seasoned engineers on my team... You’d think they would understand how their current style isn’t portable, nor reusable, and a pain in the ass to maintain. Compared to what I was proposing.

I even walked them thru one of projects I rewrote.. and the biggest complaint was too many files to maintain.. coming from the guy who literally puts everything in main.c and almost the entire application in the main function....

Arguing with me telling me “main is the application... it’s where all the application code goes... if you don’t put your entire application in main.. then you are doing it wrong.. wtf else would main be for then..”....

Dude ... main is just the default entry point from the linker/startup assembly file... fucken name it bananas it will still work.. it’s just a god damn entry point.

Trying to reiterate to him to stop arrow head programming / enormous nested ifs is unacceptable...

Also trying to explain to him, his code is a good “get it working” first draft system.... but for production it should be refactored for maintainability.

Uggghhhh these “veteran” engineers think because nobody has challenged their ways their style is they proper style.... and don’t understand how their code doesn’t meet certain audit-able standards .

You’d also think the resent software audit would have shed some light..... noooo to them the auditor “doesn’t know what he’s talking about” ... BULLSHIT!

So one of my clients had a different company do a penetrationtest on one of my older projects.

So before hand I checked the old project and upgraded a few things on the server. And I thought to myself lets leave something open and see if they will find it.

So I left jquery 1.11.3 in it with a known xss vulnerability in it. Even chrome gives a warning about this issue if you open the audit tab.

Well first round they found that the site was not using a csrf token. And yeah when I build it 8 years ago to my knowledge that was not really a thing yet.

And who is going to make a fake version of this questionair with 200 questions about their farm and then send it to our server again. That's not going to help any hacker because everything that is entered gets checked on the farm again by an inspector. But well csrf is indeed considered the norm so I took an hour out of my day to build one. Because all the ones I found where to complicated for my taste. And added a little extra love by banning any ip that fails the csrf check.

Submitted the new version and asked if I could get a report on what they checked on. Now today few weeks later after hearing nothing yet. I send my client an email asking for the status.

I get a reaction. Everything is perfect now, good job!

In Dutch they said "goed gedaan" but that's like what I say to my puppy when he pisses outside and not in the house. But that might just be me. Not knowing what to do with remarks like that. I'm doing what I'm getting paid for. Saying, good job, your so great, keep up the good work. Are not things I need to hear. It's my job to do it right. I think it feels a bit like somebody clapping for you because you can walk. I'm getting off topic xD

But the xss vulnerability is still there unnoticed, and I still have no report on what they checked. So I have like zero trust in this penetration test.

And after the first round I already mentioned to the security guy in my clients company and my daily contact that they missed things. But they do not seem to care.

Another thing to check of their to do list and reducing their workload. Who cares if it's done well it's no longer their responsibility.

2018 disclaimer: if you can't walk not trying to offend you and I would applaud for you if you could suddenly walk again.

We have a badly out of shape but functional product , the result of a "if its not broke don't fix it" mentality. The only thing manangement cares is our next release and making meetings to plan other meetings...

Now comes the time of the security Audit (PCI)...

Manager : oh noooo the audit will fix this issue, quickkk fix it !

Us : welllll its a lengthy process but doable, we just gotta do a,b,c,d,e . Part a is essentially what we need the rest are refactoring bits of the system to support part a since the performance would be shit otherwise

Manager: can you do part a before the audit starts ?

Us: yep.

Manager: do it . Oh and pop those other issues on JIRA so we can track em

Audit completed....

Manager: so we got through ok?

Us : 👍 yep

Manager: okayy, take those other issues..... and stick em at the bottom of the back log...

Us : huh ? *suspicious faces*..... okay but performance is gonna be poor with the system as it is cuz of part A....

Manager: yeaaahhh * troll face* ....about that.... roll it back and stick that too at the bottom of the log. We got to focus our next release. Lemme schedule a meeting for that 😊

Us : faceplam

ÆÃÅĀÀÁÂÄ!!!
I'm so thrilled!! I am not a GUI person & I am rly rly slow & bad when it comes to minor changes on that part..
But today I finally finished GUI, client logic, server side logic & db shiiit for some audit interface I was making.. ..from scratch, meaning it wasn't some changese here & there, no copy pasta no nothin.. I did the whole thing by myself..did a lot of things for the first time & it didn't take me ages!! Wiiiiii!!! Having a total 'I iz so proud of myself' moment!! // I usually am not the boasting/confident/happy with myself type..

Some Project Manager outsourced a redundant RADIUS setup with MySQL backend. We got 2 copies of a daloradius appliance running on Ubuntu 10.04. Once I saw this, I started to get a bit suspicious and requested to audit the system and database redundancy. With the system in production, and without getting back any documentation, I got into the VMs using the default root password. This was not even the worst part, as I found. One server was using a local MySQL instance, while the other was also using the first one's MySQL instance. When I reported this, I was told to comment clearly any changes to the configuration files, which resulted in commenting the word SHAME above each change.

When you want to be more secure

Impossible deadline experience?
A few, but this one is more recent (and not mine, yet)

Company has plans to build a x hundred thousand square feet facility (x = 300, 500, 800 depending on the day and the VP telling the story)

1. Land is purchased, but no infrastructure exists (its in a somewhat rural area, no water or sewage capable of supporting such a large facility)
2. No direct architectural plans (just a few random ideas about layout, floor plans, parking etc)
3. Already having software dev meetings in attempt to 'fix' all the current logistical software issues we have in the current warehouse and not knowing any of the details of the new facility.

One morning in our stand-up, the mgr says

Mgr: "Plans for the new warehouse are moving along. We hope to be in the new building by September."
Me: "September of 2022?"
<very puzzled look>
Mgr: "Um, no. Next year, 2021"
Me: "That's not going to happen."
Mgr: "I was just in a meeting with VP-Jack yesterday. He said everything is on schedule."
Me: "On schedule for what?"
<I lay out some of the known roadblocks from above, and new ones like the political mess we will very likely get into when the local zoning big shots get involved>
Mgr: "Oh, yea, those could be problems."
Me: "Swiiiiishhhhh"
Mgr: "What's that?"
Me: "That's the sound of a September 2021 date flying by."
Mgr: "Funny. Guess what? We've been tasked with designing the security system. Overhead RFID readers, tracking, badge scans, etc. Normally Dan's team takes care of facility security, but they are going to be busy for a few weeks for an audit. Better start reaching out to RFID vendors for quotes. Have a proposal ready in a couple of weeks."
Me: "Sure, why not."

If I had to audit my current code I'd definitly stick a cactus up my arse shouting in the mirror:

ALL YOUR CODE IS GOOD FOR IS ULTIMATE DELETION. YOU FILTHY MAGGOT! LEARN TO CODE... *rage quit*

Really, coding shit because of spare time simply makes me ripping my face of 💀

I really hate sales people. My stakeholder wants to buy an address verification service but is hesitant to purchase now because the dev time needed would be substantial. Now the sales rep has planted seeds of doubt in my SH and SH thinks I grossly overestimated the labor I quoted.

Sales rep is all “major corporations have installed this in a weekend.” 🤬🤬🤬 Major corporations also have more than one developer and probably aren’t dealing with a website that has a dozen address forms that all work differently. Oh, and I DON’T WORK WEEKENDS MOFO.

My SH originally requested a labor estimate for installing the AVS on all address forms and that’s what I delivered. My audit revealed a dozen different forms. I’m working with a legacy code base that’s been bandaged together and maintained by an outside dev agency. The only thing the forms have in common is reusable address fields. They all work differently when it comes to validating and submitting data to the server and they all submit to different api endpoints. At least a quarter of those forms are broken and would need to be fixed (these are mostly admin-facing). I also had to provide an estimate on frontend implementation when I have no idea what they want the FE to look like.

My estimate was 5-8 weeks for implementation AND testing. I wrote up my findings and clearly explained the labor required, why it was needed, and the time needed. All was fine until the sales rep tried to get into SH’s head.

My SH is now asking for a new estimate and hoping for 1-2 weeks of labor, which is what will SH to buy the AVS. Then go to the outside dev agency you used to work with and ask for a second opinion. I’m sure they’d also tell you at least month if not more for testing, implementation, and deployment because you have a DOZEN FORMS you want to add this to. 1-2 weeks is only possible for a single form.

My manager doesn’t work in the same coding language I do, but he read my documentation and supports my original estimate.

I honestly want to ask my SH if this sales rep is giving a very good price for the AVS. If not, are there other companies in the mix? Because right now you have a sales rep that’s taking you for a ride and trying to pressure you all so he can get another notch in his belt for getting another “major corporation” as his account. I don’t think it’s a good idea to be locked in with a grimy sales rep.

There is this friend of mine, total business profile, working in banking audit for MNEs. The guy is in trouble with his PowerPoint, asking me if I can assist because "as you working in IT". I'm a Golang distributed system engineer for a major delivery company. Be sure I will call you next time I need to open a bank account.

Create a full open-source company based on no-knowledge services to compete with the data hogs that pretty much own the internet as it stands

Ok so: today I have an ISO 27001:2013 audit at work, wish me luck!

this is a chrome audit report/lighthouse report of the website of the company for which I work.

So today a colleague confessed to an attempt to troll my computer by SSHing into it and playing random songs. Thankfully he did not manage but he would just happen to do it the day we have a security audit.

Ever have one of those moments where you're running a service you built to update about a decade worth of police records, realize about halfway through that you fucked the loop and you're copying data from the first record onto every other record, and then just really wish that you had checked things better in test before running this on the prod server?

I'm sure the only reason I'm still here is because the audit log contained the original values and I'm good at pulling data out of it.

We had 1 Android app to be developed for charity org for data collection for ground water level increase competition among villages.

Initial scope was very small & feasible. Around 10 forms with 3-4 fields in each to be developed in 2 months (1 for dev, 1 for testing). There was a prod version which had similar forms with no validations etc.

We had received prod source, which was total junk. No KT was given.

In existing source, spelling mistakes were there in the era of spell/grammar checking tools.

There were rural names of classes, variables in regional language in English letters & that regional language is somewhat known to some developers but even they don't know those rural names' meanings. This costed us at great length in visualizing data flow between entities. Even Google translate wasn't reliable for this language due to low Internet penetration in that language region.

OOP wasn't followed, so at 10 places exact same code exists. If error or bug needed to be fixed it had to be fixed at all those 10 places.

No foreign key relationships was there in database while actually there were logical relations among different entites.

No created, updated timestamps in records at app side to have audit trail.

Small part of that existing source was quite good with Fragments, MVP etc. while other part was ancient Activities with business logic.

We have to support Android 4.0 to 9.0 of many screen sizes & resolutions without any target devices issued to us by the client.

Then Corona lockdown happened & during that suddenly client side professionals became over efficient.

Client started adding requirements like very complex validation which has inter-entity dependencies. Then they started filing bugs from prod version on us.

Let's come to the developers' expertise,
2 developers with 8+ years of experience & they're not knowing how to resolve conflicts in git merge which were created by them only due to not following git best practice for coding like only appending new implementation in existing classes for easy auto merge etc.

They are thinking like handling click events is called development.

They don't want to think about OOP, well structured code. They don't want to re-use code mostly & when they copy paste, they think it's called re-use.

They wanted to follow old school Java development in memory scarce Android app life cycle in end user phone. They don't understand memory leaks, even though it's pin pointed by memory leak detection tools (Leak canary etc.).

Now 3.5 months are over, that competition was called off for this year due to Corona & development is still ongoing.

We are nowhere close to completion even for initial internal QA round.

On top of this, nothing is billable so it's like financial suicide.

Remember whatever said here is only 10% of what is faced.

- An Engineering lead in a half billion dollar company.

User: If we use Oauth2, can we audit exactly where this data is going and who sends it there, and in addition cam we audit who grabs that data from the Authenticating app and make sure it doesn't violate our requirements?

Me: No

User: Why not?

Me: Because thats like asking us to audit whether or not a user accessed files and then uploaded them to their personal drive instead of corporate. We don't mandate that application owners take responsibility for their data outside of their application, why would we require that in this case???

User: Uhhhhh

FFS the lack of understanding of application accounts here boggles my mind. I understand that the security concerns are real but throwing out all permissible contexts based on a mandate that we dont even apply to extremely permissive accounts (i.e. users compared to apps) is folly

Hi FuLlStAcKcLoWn,

I fOuNd A fEw ErRoRs On YoUr SiTe.

MaY i SeNd OvEr SoMe Of ThOsE eRrOrS aNd AuDiT rEpOrT wItH pRiCeS?

i’m LoOkInG fOrWaRd To YoUr RePlY

bEsT rEgArDs

god this is getting repetitive, how can we spam the spammers? wasn't there a site like "send your enemies glitter"? classic!

i guess this is what I get for putting my company email public

but really, what happened to gmail's spam filter? should spot ones like these from miles away

I wasn't hired to do a dev's job (handled sales) but they asked me to help the non-HQ end with sorting transaction records (a country's worth) for an audit.

Asked HQ if they could send the data they took so I wouldn't need to request the data. We get told sure, you can have it. Waits for a month. Nothing. Apparently, they've forgotten.

Asks for data again. They churn it out in 24 hours. Badly Parsed. Apparently they just put a mask of a UI and stored all fields as one entire string (with no separators). The horror!

Ended up wasting most of a week simply fixing the parsing by brute force since we had no time.

Good news(?): We ended up training the front desk people to ending their fields with semi-colons to force backend into a possibly parsed state.

TLDR: I need advice on reasonable salary expectations for sysadmin work in the rural United States.

I need some community advice. I’m the sysadmin at a small (35 employee) credit card processing company. I began as an intern and have now become their full time sysadmin/networking specialist. Since I was hired in January I have:

-migrated their 2007 Exchange server to Office 365

-Upgraded their ailing Windows server 2003 based architecture to 2012R2

-Licensed their unlicensed VMware ESXi servers (which they had already paid for license keys for!!!) and then upgraded them to 6.5 while preventing downtime on hosted VMs using tricky transfers and deployments (without vMotion!)

-Deployed a vCenter server to manage said ESXi servers easier

-Fixed a three month gap in their backups by implementing Veeam, and verifying its functionality

-Migrated a ‘no downtime’ fileserver to a new hypervisor host, implemented a ‘hot standby’ server as a backup kept up to date by the minute with DFS replication.

-Replaced failing hard drives in a RAID array underlying their one ‘business critical’ fileserver, which had no backups for 3 months at that time

-Reorganized Active Directory and Group Policy deployment from a nightmare spiderweb of OUs and duplicate policies

-Documented the entire old network and now the new one as I’ve been upgrading this

-Audited the developers AWS instances and removed redundant machines, optimized load balancing on front end Nginx servers, joined developer run Fedora workstations to the AD domain and implemented centralized syslog monitoring on them.

-Performed network scans and rewrote firewall exceptions to tighten security

There’s more, but you get the idea. I’ve now been tasked with taking point on an upcoming PCI audit which will be my first.

I’m being paid $16/hr US, with marginal health benefits. This is roughly $32,000 a year, before taxes.

I have two years previous work experience managing a third party Apple repair facility (SimplyMac) and every Apple certification for warranty repair and software troubleshooting. I have a two year degree in general sciences, with about 4 years of college credit (Two years of a physics education and two years of computer science after I switched focus) I’m actively pursuing a CCNA and MCSA server 2016 with exams paid for and scheduled.

I’m going into a salary negotiation in two months. What is a reasonable salary to request, from your perspective, for someone in my position?

Thanks in advance!

Just give me anything BUT coding to work on and I'm instantly in the zone for coding. End of Year Review, access reviews for Audit, any other kind of paperwork, which is most of what my job is these days, and I have some brilliant insight into a problem on my back burner, or a brilliantly simple way to implement a feature I've been stewing on for weeks.

It's my procrastinating nature to not want to do the thing I HAVE to do.

Maybe I should volunteer for more paperwork?

So, as you may be aware, I work as solo dev for small company. There is easly enough work for team, but I digress..

So, they wanted to stay updated whats progress on some projects. We use slack. I use git. I set up account for them so they can come into my git and controll if issues are solved, etc. I wont get started about any dev ever beeing judged by how much code is outputted, beyond scope of this.

So they started bitching about that git is too technical and too complicated and shit. They made bizzare bullshit google excel (not even in polish) and stupidass form to "audit issues". Hmm.. wtf. I just didnt use it becouse it was slowing me down and was just frustrating, how one can replace git + issue tracker with fucking spreadsheet?!

Okay, so having that aside, I complained about that so they were like "okay, so you want to use git and we want to be notified. whats your solution" me "oh, you want to stay notified, thats easy, I can plug my git into slack"

Now our slack is spammed to oblivion with git notifications.

Now they are annoyed that they are too notified. (Yes I consulted with them what will be plugged into slack)

Oh well

¯\_(ツ)_/¯

I'm way past the point of being pissed now....

So there's some software (API's, mobile app + website) that I wrote to manage supplier incentive programs in a big hurry last year - which lead to a bunch of stuff being hard-coded in to launch on time. So after last years promotion was done I took down all the services etc was very fucking clear that in order to finish & deploy it to run again I would need at least around 4 months notice.

On the surface its pretty simple but it has quite a large user base and controls the distribution of enough cash & prizes to buy a small country so the setup of the incentives/access/audit trails is not something to be taken lightly.

Then once I'm done with the setup I have to hand it over to be "independently audited" by 3 of the larger corporate behemoths who's cash it distributes (if I get a reply from one in 3-4 weeks it's pretty fast).

I only happened to find out by chance an hour ago that we are apparently launching an even larger program this year - ON FUCKING MONDAY. I literally happened to over hear this on my way for a smoke - they have been planning it since last year November and not one person thought it might be kinda important to let me know because software is "magic" and appears and works based on the fucking lunar cycle.

-4 Domain Administrators in my organization-

Me, a Doman Administrator: "Boy, I sure hope the FDIC IT Audit goes well!"

Braindead FDIC Examiner: "So let me get this straight, you use your administrator account to do things on a day-to-day basis?"

Me: "Uhh, I'm an admin so yeah, my account has admin privileges."

Examiner: *gives disapproving glare* "And your personal account has administrative rights?"

Me: "...I'm an admin... So I thought that'd be fairly obvious."

Examiner: "I'm sorry, but that is unacceptable. How can we tell which admin made what change when?"

Me: *dumbfounded* "...I'm sorry, what?"

Examiner: "You're going to need separate accounts, 1 normal user account and 1 admin account per domain admin."

Me: "You do realize that everything I do while I'm working requires elevation of SOME kind, don't you?"

Examiner: "I'm sorry, but you need to make this change. Thank you."

Me: *stares at the short pile of braindead shit as he walks away*

Me : So cool ! My new graphQL APIs are working so good !
Also me : ‘order by <text field> take 50 skip 10000’
Me : Hmmmm.. 2.3 SEDCONDS ?! WTF. Let’s add an index !
SQL : Sorry bro, can’t add index on nvrachar(max).
Me: OK. Here you go, you are nvrachar(128) now. Add my index !
SQL : Ok
GraphQl :<same query > Here : 90 milliseconds
Me : ‘order by <text field> desc take 50 skip 10000’
GraphQL : Sorry bro : 3 seconds. (Yes, slower than without any index)
Me : Do I fu7cking need to manually add ASC and DESC indexes ? WTF IS GOING ON !
I should’ve learnt a bit more about databases. ☹. And now I don’t have time to refactor a prod database as “needed” .
/me needs to buy DB audit. Company is still a bit small to have a DBA full time.

So i work in support (do dev stuff in my own time). Spent 3 months seconded to another team supporting in project clients.

First issue i had in that team was a client with serious data issues which took about 30 hours +/- to diagnose and write some scripts to resolve.

After they went live and got handed over to support they had the same issue again but instead of support picking it up they sat on it till i came back on Monday.

Ive spent about another 10 hours or so picking through audit logs. I get all the shit no one else can either be bothered or capable of doing and to top it off i didnt get the promotion i was going for because i hadnt closed enough tickets, because they keep giving me all the shit to fix for everybody else

I "love" when tables in database have columns such as UpdatedBy, Updated and this is the only audit that system has.

Every meeting that contains one or more of the following points:

- "I don't think it belongs in the meeting, but"
- "Didn't get the meeting notes"
- "When's the food coming?"
- "I know we've said no technical discussion, but..."
- "Why is he so strict, this is no fun meeting at all :("
- "I think it's unfair to include risk assessment, you blame US before XY is finished"
- "The admins / the Team XY / ZX didn't talk with us, so we don't talk with him / her / them..."
- "Why are we here?"
- "Why is it so bad when production is down?"
- "I didn't know we do security / audit checks... Why hasn't anyone told us?"
- "Not happening. I'm against it"
- "I don't want to work with XY - he doesn't do it like I want it"

...

I could add thousand more things here.

I had countless meetings where I really thought that I was an alien who got broadcasted in a comedy reality TV soap...

Few years ago I was asked to give advice on a project. There was an intern doing all the work and I even gave him almost ready code to use. And he didn't use it even properly.

And best part is that they thought at the time that it would be finished in couple of months.

After few months I took over and had to deal with the "intern code". Almost all of the code is rewritten.

Status of the project is now very good. We are implementing new features and it has even passed strict security audit done by other company.

Sadly I can't drop any names etc due to NDA.

I am trying to "invent" secure client-side authentication where all data are stored in browser encrypted and only accessible with the correct password. My question is, what is your opinion about my idea. If you think it is not secure or there is possible backdoor, let me know.

// INPUT:
- test string (hidden, random, random length)
- password
- password again
// THEN:
- hash test string with sha-512
- encrypt test string with password
- save hash of test string
// AUTH:
- decrypt test string
- hash decrypted string with sha-512
- compare hashes
- create password hash sha-512 (and delete password from memory, so you cannot get it somehow - possible hole here because hash is reversible with brute force)

// DATA PROCESSING
- encrypt/decrypt with password hash as secret (AES-256)

Thanks!

EDIT: Maybe some salt for test string would be nice

npm audit has gone wild since GitHub (aka Microsoft) acquisition, they surely found a way to influence the community.

Now, guys, embrace the creeping evil until deno is really out.

Was an internal auditor translating department process to a technical spec for a programmer. We were going to leverage an external company's API which would replace our need to use their slow and buggy web app.

During a meeting, an audit teammate suggested something be changed with the external service we were using. I said we could bring it up with the company but we shouldn't rely on it because we were a small customer even during out busiest month (200 from us vs 10000+ from big banks).

Teammate said we should have our programming team fix it. I made it clear that it was not our side and that to build out the service on our side was beyond our scope. Teammate continued to bring it up during the meeting then went back to desk after meeting and emailed us all marked up screenshots of the feature.

I ignored this and finished writing up the specs, sending them over to the programmer building out the service.

30 minutes later I get a call from programmer's manager who was quite angry at an expanded scope that was impossible (engineers were king at this company. Best not to anger them). Turns out my teammate had emailed his own spec to the programmers full of impossible features that did not reference the API docs.

I feel bad about it now but I yelled at my teammate quite loudly. I said he was spending time on something that was not reasonable or possible and when they continued to talk about their feature I yelled even louder.

Didn't get fired but it definitely tagged me as an asshole until I left. Fair enough :)

If only NPM' security team (so pretty much NSP's) would inform the package owners as soon as they discover vulnerabilities and give them the standard 30-90 days to fix them and release a new version before going public, instead of straight out publishing the security audits which generates noise on the terminal (obviously when using npm) and on Github

Good code is a lie imho.

When you see a project as code, there are 3 variables in most cases:

- time
- people / human resources
- rules

Every variable plays a certain role in how the code (project) evolves.

Time - two different forms: when certain parts of code are either changed in a high frequency or a very low frequency, it's a bad omen.

Too high - somehow this area seems to be relentless. Be it features, regressions or bugs - it takes usually in larger code bases 3 - 4 weeks till all code pathes were triggered.

Too low - it can be a good sign. But it should be on the radar imho. Code that never changes should be reviewed at an - depending on size of codebase - max. yearly audit. Git / VCS is very helpful here.
Why? Mostly because the chances are very high that the code was once written for a completely different requirement set. Hence the audit - check if this code still is doing the right job or if you have a ticking time bomb that needs to be defused.

People
If a project has only person working on it, it most certainly isn't verified by another person. Meaning that only one person worked on it - I'd say it's pretty bad to bad, as no discussion / review / verification was done. The author did the best he / she could do, but maybe another person would have had an better idea?

Too many people working on one thing is only bad when there are no rules ;)

Rules. There are two different kind of rules.

Styling / Organisation / Dokumentation - everything that has not much to do with coding itself. These should be enforced at a certain point, otherwise the code will become a hot glued mess noone wants to work on.

Coding itself. This is a very critical thing.

Do: Forbid things that are known to be problematic in the programming language itself. Eg. usage of variables in variables, reflection, deprecated features.

Do: Define a feature set for each language. Feature set not meaning every feature you want to use! Rather a fixed minimum version every developer must use and - in case of library / module / plugin support - which additional extras are supported.

Every extra costs. Most developers don't want to realize this... And a code base that evolves over time should have minimal dependencies. Every new version of an extra can have bugs, breakages, incompabilties and so on.

Don't: don't specify a way of coding. Most coding guidelines are horrific copy pastures from some books some smart people wrote who have no fucking clue what you're doing and why.

If you don't know how to operate on people, standing in an OR and doing what a book told you to do would end in dead person pretty sure. Same for code.

Learn from mistakes and experience, respect knowledge from other persons, but always reflect on wether this makes sense at this specific area of code.

There are very few things which are applicable to a large codebase on a global level. Even DRY / SOLID and what ever you can come up with can be at a certain point completely wrong.

Good code is a lie - because it can only exist at a certain point of time.

A codebase should be a living thing - when certain parts rot, other parts will be affected too.

The reason for the length of the comment was to give some hints on what my principles are that code stays in an "okayish" state, but good is a very rare state

open source this, open source that… do you realize that you have no way of verifying whether the “cloud” version of a self-hostable tool is identical to what’s on github? they might as well have a special version of their app running on their servers, filled with spyware.

They don’t need it though, because you never read the code in the first place. Spyware might as well be there, in plain sight, never to be discovered by you because they know people don’t read source code.

Also, when are you going to get it hosted? Because cloud is just someone else’s computer, remember that. If someone else has unrestricted physical access to your computer, it’s not your computer anymore. Your hoster can see everything that happens on your VPS.

Unless you’ve read the code and hosting it from your own home from your own physical server, it’s not your data. Check with your data provider — they often do offer fixed IP service for a small fee.

I host my own tools on my computer and let my phone sync with them through my home wifi. Yes, I can’t sync shit when I’m out there with my phone, but who needs that, I’ll just do that when I come home.

I’m about to vibe-audit the source code of Notesnook with AI!

The most important thing my mentor taught me was “ in an audit if the auditor asks ‘do you have the time?’ And you do simply respond ‘yes’” it done me well so far!

Oh! Damn No No Nooooo
Our team was working on upgrading our infrastructure for PCI Compliance for two months. Did all assesments and testing and waiting for long approvals. Finally, we finished all upgradation smoothly.

After we submitted our report to Infrastructure and that guy comes with Audit reports stating that the PCI Compliance requirements has changed.
And we were like we just upgraded a few hours and how come it changed. And we have to the whole job again. Just want to flip tables now.

Sooooo I came in to work yesterday and the first thing I see is that our client can't log on to the cms I set up for her a month ago. I go log in with my admin credentials and check the audit logs.

It says the last person to access it was me, the date and time exactly when we first deployed it to production.

One month ago.

I fired a calm email to our project managers (who've yet to even read the client complaint!) to check with ops if the cms production database had been touched by the ops team responsible for the sql servers. Because it was definitely not a code issue, and the audit logs never lie.

Later in the day, the audit log updated itself with additional entries - apparently someone in ops had the foresight to back up the database - but it was still missing a good couple weeks of content, meaning the backup db was not recent.

Fucking idiots.

How many of you still use devRant UWP (my third-party client for Windows)?

If activeUsers > 0 {
How many would like & would use a Windows 11 update version?
}
else {
Never mind, I don't blame you
}

Question: How would you reimagine the dev interview process, trying to make it efficient to find ingenious freshers?

I'm gonna be hiring full MERN stack dev freshers soon. I hate coding interviews, and I just want to test their ingenuity and problem solving, not if they can code a textbook algorithm.

Plan so far was to ask them questions like: "What happens when you like a link in the browser" to gauge how deep they could track a request and understand the internet infrastructure.

And make them audit gpt generated react code, and optimize it.

What're your thoughts, folks?

Okay, yes, modsecurity WAF is amazing and all, but... When one tries to implement its rules atop an existing app that wasn't developed in accordance to the rules... That hurts.

How tf am I supposed to parse and present a 6.5GB / 22M line audit log to the client?! Just parsing that monstrosity once takes *minutes*, let alone doing any sort of sorting / analysis!

I feel sick. This is exactly why I am a sysadmin and not a programmer, I don't like writing analysis stuff, or programs more complex than a few hundred lines of bash... :|

Ok, @jestdotty , today, i give up on china.

I've been messaging with a rep who is taking the time to keep editing a contract... Im pretty sure she was genuinely trying...

As typing this we finally got to a 'correct enough' contract... so I could click the damn pay button.

Over the past 7 hrs.. at 3 back and forth exchabges and modifications at each issue:
1. Used previous PI from the dude i gave up on... so had a qty at 12 when only 11 exist a colour wrong for a crate of items, and listed the dude i refused to sign a contract under listed as the rep.

2. Now the item subtotals were off... just a few pennies or so... assumed she left the usd prices but calculated with ¥... didn't want alibaba to reject in a day so i checked if it was noted anywhere... Oh boy was it... VERY clearly, all caps, bold in the body of the total row... that the total was, exactly, 11680 (spelled out ofc) RMB aka ¥ chinese yen. I told her this, she sends me a cropped shot of the $ numeric total field... so i sent her the giant all caps bolded line, the one thatd typically be considered final say in most international courts... no clue where that value came from, it had zero relation to any actual values... and i was as curious as when chatGPT creates totally new, unique, lyrics for satirical german songs... i really tried.

3. Wrong incoterms (trade terms... abbreviated to a few letters... had it that I'd be physically going to the tbd port to accept/clear customs... no)

4. Technically it was accurate (well a few strange subtotals since she used ¥ half the time... told her it was fine as long as it had the company name on the label (gave 3 full examples to use whichever)
I get the contract ...shipping...
"To: Sara"
Then the right address (seriously wtf)

5. I point this out and carefully explain in mostly just examples and "the us government doesn't like anything being sent to just a first name, there's no legal way to sign for acceptance"

6. She gets stressed enough to tell me she doesn't have time to keep editing (since this horrid pile of poor formatting was just thrown at her a day ago... i dont point out the ridiculous irony)

7. Imo, the highlight of my night/morning... in her stress she promises me it'll ship right... sooo many issues there...
Even if it was delivered/allowed a signature for "sara" for 7ish large boxes just off a sea freight from china to a residence in the middle of a corn field (which tbh would be hysterical)...the IRS would have a valid reason to audit me... theyve done it w/o valid reasons several times, since I was 18 doing international trade and a contractual employee of a large gambling company, quarterly reporting, and ofc declaring more than my taxes in donating melted glass and crane game prizes...yea, they hate me and always do all that work to find the same thing... i underdeclare charity by 10%.

The entire concept of getting USA mail, even when pristine and you know logistics agents in every major company and port or distribution center, to properly deliver anything... ROFLOL ... and im already on some 'open and check everything' list with customs for a hysterical misconception they made years ago... cant/shouldn't get into detail publicly... but it was caused because 2 packages from different cities in China were both going to my address/through customs at the same time... package 1, 75 of those cheap af ball-pit hollow plastic balls for a 2yr old's bday(very delayed) package 2. 75 rechargeable batteries (the kind in power banks) 9600mah.

8. Told her to change "sara" to company name... glad it's registered to this address still.

It took me under 5min to type this... had to get the WTF out.

Dear AliBaba, please give an option to allow buyers to create the supply side contract for review, not just req modification... please?

Google is like the parent or teacher who is never happy with your work. I've never seen something so unattainable in a world where non-technical clients rely on CMSes, theme templating, server-side page rendering, and external scripting as Google's mobile PageSpeed recommendations. Especially under the Lighthouse audit in Chrome Inspector. Unless I go back to pre-2001 web development methods, and never have external scripting, and make every page have its own CSS file with only critical path CSS for each page, I will never get all the high scores I'm expected to have to rank well for mobile. When and how will Google get called out on this B.S.?

Me at 3 front-end tech screenings of candidates with +3y of exp last year: "can you name a few npm commands you have used?"

Candidate:
- "Ehh.. npm start?" (npm start is a shortcut to a user-defined run-script)
- "npm version, it publishes the package" (wrong)
- "not going to pretend I know and sound stupid"

Mind you these candidates were not necessarily bad, but come on? You never used npm info, outdated, audit, install, remove, update, why, link, init?

Well, the new audit tool in the chrome dev tools seems to be nice and shiny, but even google does not pass its tests completly...

STOP! Look and Listen.

This was an audit, designed to see if you were paying attention. You didn't pass.

Don't worry, we've already handled this post appropriately – but please take a minute to look it over closely, keeping in mind the guidance above.

Seems like StackOverflow is actively training users to become unfriendly gatekeepers by participating in SO's review queues.

Got to do some security audit of legacy ABAP code for SAP systems. Do people still use it? If yes, why.

When you're just waiting around for the designer to finish their audit of your build so you can get back to work.

Sifting through data soothes my brain. I decided to audit my own phone records and I am like what the hell, who have I been talking to?!??

Does anyone have experince with UPnP audit/hacking tools like miranda? I need to show my prof how to do it and either show it live or record it and show the video. Do you know some good tutorials or sites?

3 days when I had to complete documentation for an audit. I only returned to my room to shower and change clothes for the next day. That too I left at 8AM and returned at 09:30AM.
2 days when I had to complete setting up the office network over the weekend. Note that this was over a weekend.

And this is without counting the many hours I've spent semi-working at hackathons. I've gone up to 60 hours without sleep, coding the shit out of my brains.

fix available via `npm audit fix --force`
^ will actually downgrade packages
wtf

DeFi Wallet Drained on Ethereum Network

Date of Incident: 20/06/2024

I was a regular user of various DeFi platforms, managing my assets across multiple protocols. One morning, I woke up to find my Ethereum wallet completely drained. I couldn’t understand how this could happen, as I hadn’t clicked on any suspicious links or approved any unusual transactions.

It was only after contacting TheHackersPro that I learned my wallet had been compromised due to a vulnerability in a DeFi protocol I had interacted with. The smart contract experts at TheHackersPro conducted a thorough audit and traced the funds to outsourced leveraged wallets. Thanks to their efforts, I was able to recover 4.5 BTC, but I still need to cover the Ethereum gas fee to recover the rest.

If you’ve experienced something similar, TheHackersPro could be your best chance to recover your stolen funds.

Contact Information:

Email: support@thehackerspro/com
Phone: +1 3019972349
24/7 Telegram Support: @h4ckerspro

APM BILLING: Providing HIPAA-Compliant Billing Services You Can Trust

In today’s healthcare landscape, maintaining patient privacy and data security is paramount. Healthcare providers must adhere to strict standards to protect sensitive information while ensuring that financial operations are smooth and efficient. APM BILLING, based in Philadelphia, Pennsylvania, is dedicated to providing HIPAA-compliant billing services that ensure the highest level of security and compliance, while also optimizing the billing process for healthcare providers.

What Are HIPAA-Compliant Billing Services?
HIPAA (Health Insurance Portability and Accountability Act) establishes strict rules to ensure that healthcare providers maintain patient privacy and the confidentiality of their health information. As part of our commitment to protecting patient data, APM BILLING offers HIPAA-compliant billing services that meet all of the requirements set forth by this regulation.

Our HIPAA-compliant billing services ensure that all personal health information (PHI) handled during the billing and claims process remains secure. From data encryption to secure transmission, we follow the highest security standards to prevent unauthorized access, breaches, and other vulnerabilities.

Why Is HIPAA Compliance Critical for Healthcare Billing?
For any healthcare business, staying HIPAA-compliant is not just a regulatory necessity—it's essential to maintaining trust with patients and avoiding costly penalties. Non-compliance can result in hefty fines, lawsuits, and damage to your reputation. When it comes to billing, ensuring that all processes follow HIPAA guidelines is critical in preventing unauthorized access to sensitive patient data.

APM BILLING takes privacy and security seriously. Our team is well-versed in all HIPAA regulations, so you can trust that your patient data is always protected. We integrate comprehensive security protocols into our billing workflows, including:

Encrypted communications for all patient data exchanges

Secure data storage that meets HIPAA standards

Audit trails to track access to patient information and billing details

Employee training to ensure that everyone handling sensitive data understands HIPAA guidelines

The Benefits of Working with APM BILLING for HIPAA-Compliant Billing Services
By choosing APM BILLING, you gain the peace of mind that comes with knowing your billing processes are in full compliance with HIPAA regulations. Here are some of the key benefits of our HIPAA-compliant billing services:

Data Security: We use the latest technology to protect patient information, ensuring that all billing data is securely transmitted and stored.

Regulatory Compliance: Our team stays up-to-date with the latest changes to HIPAA regulations, ensuring that your practice remains compliant with all legal requirements.

Reduced Risk of Penalties: HIPAA violations can lead to significant fines and penalties. By outsourcing your billing to APM BILLING, you minimize the risk of compliance issues and the associated costs.

Enhanced Trust: Patients trust healthcare providers to keep their personal and medical information safe. By using our HIPAA-compliant billing services, you show your commitment to maintaining privacy, which fosters trust and enhances your reputation.

Efficiency and Accuracy: In addition to security, we ensure that your billing processes are efficient and accurate, leading to faster claim submissions, reduced denials, and increased revenue.

Why Choose APM BILLING for HIPAA-Compliant Billing Services?
Expertise: Our experienced team is dedicated to ensuring that all of your billing practices comply with HIPAA guidelines.

Tailored Solutions: We offer customized solutions that meet the specific needs of your healthcare practice, whether you’re a clinic, provider, or specialty office.

Focus on Security: We take security seriously and use state-of-the-art systems to protect all sensitive information.

Reliable Support: With APM BILLING, you’ll have a trusted partner in billing that is committed to safeguarding your practice’s financial and data integrity.

Get Started with APM BILLING Today
At APM BILLING, we understand the importance of maintaining HIPAA-compliant billing services in today's healthcare environment. We are here to help your practice stay secure, compliant, and financially efficient.

Contact us today at +1-800-621-3354 to learn more about how we can help streamline your billing process while ensuring complete protection of patient data. Visit our office at 19104 Philadelphia, Pennsylvania, and let APM BILLING handle your billing needs with the utmost professionalism and care.

Let APM BILLING take the stress out of billing while keeping your practice compliant with HIPAA regulations, so you can focus on what matters most—caring for your patients.

Tax Relief R Us: Affordable Tax Relief Services in New York

At Tax Relief R Us, we understand that dealing with tax problems can be stressful and overwhelming. Whether you’re facing IRS issues, struggling with back taxes, or simply need guidance on managing your taxes, our team is here to help. Located at 8315 Northern Blvd #2, Jackson Heights, NY 11372, we specialize in providing affordable tax relief services in New York that offer personalized, practical solutions to resolve your tax issues. With a team of experienced professionals, we provide expert guidance to help individuals and businesses navigate complex tax challenges with ease.

Affordable Tax Relief New York: Helping You Achieve Financial Peace of Mind
Tax problems can have a significant impact on your financial wellbeing, but finding a solution shouldn’t break the bank. At Tax Relief R Us, we offer affordable tax relief in New York that is designed to help you regain control of your finances. Whether you're facing tax debt, penalties, or an IRS audit, our team works closely with you to find the most cost-effective solutions.

Our goal is to provide you with tax relief that fits your budget and resolves your issues efficiently. We understand that each client’s situation is unique, and we tailor our approach to ensure that you receive the best possible outcome. From IRS tax relief to personalized tax debt settlements, we’re here to make sure you get the help you need without the high fees associated with many other services.

IRS Tax Relief NY: Resolving Your IRS Issues with Expertise
If you’re facing issues with the IRS, it can feel overwhelming and intimidating. Fortunately, Tax Relief R Us offers professional IRS tax relief in NY to help you navigate the complexities of the IRS system. Our team is experienced in handling all types of IRS issues, including unpaid taxes, penalties, levies, and liens. We work directly with the IRS to negotiate on your behalf, helping to reduce your tax liabilities and secure manageable payment plans.

Whether you need assistance with Offer in Compromise, installment agreements, or are seeking currently not collectible status, our IRS tax relief experts will guide you through the process and advocate for the best possible outcome. With Tax Relief R Us, you don’t have to face the IRS alone—our team is here to provide the support and expertise you need.

Tax Consultant Near New York: Expert Guidance on Tax Matters
If you're looking for a tax consultant near New York, Tax Relief R Us is your trusted partner. We offer expert tax consulting services to individuals and businesses, providing advice on tax planning, resolution, and filing. Our team of experienced tax professionals has a deep understanding of both state and federal tax laws, and we use our expertise to help you make informed decisions about your taxes.

From tax debt relief to tax filing services, we are here to provide you with the personalized advice you need. Whether you're facing a complex tax issue or simply need guidance on optimizing your tax situation, our consultants are ready to assist you. At Tax Relief R Us, we focus on delivering tailored solutions that fit your specific needs and financial goals.

Tax Relief Programs NY: Explore Your Options for Tax Relief
When tax debt becomes overwhelming, Tax Relief R Us can help you explore tax relief programs in NY that may reduce or eliminate your liabilities. We specialize in helping clients find the best tax relief programs based on their unique situation. Some of the programs we can help you qualify for include:

Offer in Compromise: Settle your tax debt for less than what you owe.

Installment Agreements: Set up a manageable payment plan with the IRS or state authorities.

Tax Relief R Us: Your Trusted Partner for Tax Filing Near Me and Tax Help Near Me in Jackson Heights, NY

At Tax Relief R Us, we understand that taxes can be confusing, stressful, and time-consuming. Whether you’re looking for tax filing near me or tax help near me, our team is here to provide you with expert assistance to ensure that your taxes are filed accurately, on time, and with minimal hassle. Located at 8315 Northern Blvd #2, Jackson Heights, NY 11372, we proudly serve clients throughout the New York area, offering a wide range of tax services for individuals and businesses alike.

When you choose Tax Relief R Us, you’re choosing a dedicated team that’s committed to offering reliable, efficient, and personalized tax help near me. We strive to make the tax filing process as smooth as possible so that you can focus on what matters most.

Tax Filing Near Me: Expert Services for Stress-Free Tax Filing
If you're searching for tax filing near me, it’s important to find a trusted team who can handle your tax needs with care and precision. At Tax Relief R Us, we offer expert tax filing services to ensure that your tax returns are completed accurately and filed on time.

Here’s how we can help with tax filing near me:

Personal Tax Filing: Filing your personal taxes can be complicated, especially when you have multiple income sources, deductions, or credits to consider. Our team will help you navigate the process and ensure you file your taxes in a way that maximizes your refund or minimizes your tax liability.

Business Tax Filing: For businesses, tax filing is a vital part of maintaining compliance with federal, state, and local regulations. Whether you’re a sole proprietor, an LLC, or a corporation, we offer tax filing services that help your business stay on top of its tax obligations.

State and Federal Tax Returns: We handle both state and federal tax returns for individuals and businesses. Our team ensures that all forms are completed correctly and that you receive all the deductions and credits you’re eligible for, minimizing your overall tax liability.

Electronic Filing (E-filing): To speed up the process and ensure your tax returns are filed securely, we offer e-filing services. E-filing is the fastest way to get your tax returns processed and can result in a quicker refund.

Tax Deadline Management: Keeping track of important tax deadlines can be stressful. Our team helps you stay organized by ensuring that your tax filings are completed well in advance of due dates, so you never miss a deadline.

With Tax Relief R Us, you can trust that your tax filing will be handled by professionals who have your best interests at heart.

Tax Help Near Me: Providing Professional Assistance for All Your Tax Needs
If you’re looking for tax help near me, it’s likely because you need expert advice and support to resolve tax-related issues or concerns. At Tax Relief R Us, we provide comprehensive tax help designed to make your life easier and relieve you of the stress that often accompanies tax issues.

Here’s how we can provide tax help near me:

Tax Debt Resolution: Are you struggling with unpaid taxes or tax debt? We can help you find solutions for resolving your tax debt, including installment agreements, Offer in Compromise, and other tax relief options. Our team works directly with the IRS to negotiate a settlement that works for you.

IRS Representation: If you’re facing an audit or dealing with IRS collections, we can represent you before the IRS. Our experts will handle communications with the IRS on your behalf and work to resolve any issues as quickly as possible.

Back Taxes Help: Falling behind on taxes can feel overwhelming, but it’s not the end of the road. Our team is experienced in helping clients with back taxes, finding ways to get you back on track and reduce penalties and interest.

RECOVERING FUNDS FROM FRAUDULENT INVESTMENT WEBSITE HIRE ADWARE RECOVERY SPECIALIST

The future was mine to shape. I had $675,000 in Bitcoin tucked away—fuel for my regulatory tech startup, designed to bridge the chasm between crypto’s anarchy and the rigid grip of government oversight. For once, I thought I had everything lined up. But then came MiCA—the EU’s Markets in Crypto-Assets regulation—dropping like a divine gavel. Overnight, my exchange account was frozen tighter than a tax audit, and my dreams of “simple compliance” were buried under an avalanche of bureaucracy.

For a week, I flailed in a purgatory of legal jargon and sleepless nights. Terms like “AML Directives” and “KYC enforcement” blurred together as I battled to stay hopeful. My startup was stillborn, a sandcastle erased before the tide had even turned. WhatsApp info:+12 (72332)—8343

I clung to the Bhagavad Gita: “It is better to live your own destiny imperfectly than to live an imitation of someone else’s life with perfection.” But what was I living now? Not destiny—just defeat.

Then fate arrived—wearing a name badge. At a Europol cybersecurity summit, over stale pastries and lukewarm coffee, a compliance officer leaned in and whispered a name: ADWARE RECOVERY SPECIALIST. Her voice lowered with reverence. “They don’t just recover lost crypto,” she said, “they navigate regulations like Krishna on the battlefield.”

I reached out that day. Website info: h t t p s:// adware recovery specialist. com

From the first call, their team exuded both technical brilliance and legal fluency. They didn’t just understand blockchain—they understood bureaucracy. They worked directly with my exchange, leveraging my compliance documents and crafting arguments laced with regulatory nuance. No brute force—just legal kung fu. Email info: Adware recovery specialist (@) auctioneer. net

Every day brought updates, each one a balm. “Patience is bitter, but its fruit is sweet,” one advisor told me, as I counted the hours. On day 14, the fruit ripened. My funds were released, glinting in my digital wallet like a blessing from Lakshmi. Telegram info: h t t p s:// t. me/ adware recovery specialist1

But ADWARE RECOVERY SPECIALIST didn’t stop there. They secured my accounts with fortress-grade protection, brought me up to speed on evolving regulations, and helped lay a foundation that no wave could wash away.

Now, my startup is alive. Our platform helps others navigate the MiCA labyrinth. When people ask how I survived my first encounter with regulation, I smile and say, “There are ADWARE RECOVERY SPECIALIST among us. They just wear suits.”

So if you’re caught between red tape and a hard place, call ADWARE RECOVERY SPECIALIST . Sometimes, salvation isn’t a miracle—it’s just a well-written email.

HOW TO HIRE A BITCOIN RECOVERY EXPERT HIRE ADWARE RECOVERY SPECIALIST

I had spent $410,000 worth of Bitcoins for the sole cause of keeping alive the passion for the conservation of historical documents and valuable manuscripts rotting over the centuries. This was the work for the remainder of my lifetime, keeping history alive. But all this could have slipped by through one small error.
I lost the seed word. It happened when the office where I work went through its routine sorting through the archives. I'd scrawled my seed word and stuck it somewhere amidst the notes, deeming this the safest possible location. But when the sections were shuffled for work being undertaken, the papers were shuffled around, re-piled, and some bitterly discarded. My seed word vanished into the mixture. WhatsApp info:+12723328343
When I learned about what had taken place, I felt sick. That the Bitcoin wasn't mere money; the destiny of our conservation campaign hung here. That the idea I'd risked everything for something like this being one misplaced detail weighed heavily upon me. Email info: Adware recovery specialist (@) auctioneer. net

For weeks, I combed through each and every doc, each and every directory. Nothing. I'd given up until one day when one of the office researchers, also one from the research side, heard about ADWARE RECOVERY SPECIALIST when he was studying blockchains. Like a small beam of light. Website info: http s:// adware recovery specialist. com

I contacted their support, and from the very start, when the very first call went through, their attitude towards me was respectful and patient. They did not mock me for the mistake—instead, treated the situation like some historical riddle waiting for deciphering. They were prepared from their side with professionals for data recovery under complex circumstances. Even for the conservation of virtual resources like Bitcoin, they had professionals. They worked together with me, stitching together the fragments and morsels that even I hadn't known were worth anything. They were able to recover some of the data lost by using creative recovery procedures, showing the progress the field has made. Telegram info: http s:// t.me/ adware recovery specialist1

Within two weeks the wallet became recoverable. $410,000,all the money was recovered. I was shocked and over the hill.
Beyond just recovering the investment, ADWARE RECOVERY SPECIALIST also introduced me to some very valuable services, such as wallet security audit and long-term security plans for the digital assets, about which I hadn't even heard earlier. They not only saved my project, but also helped make me secure it even better for the future. Thanks to them, the future and the past is secure.

SEEKING EXPERT ASSISTANCE FOR CRYPTOCURRENCY RECOVERY HIRE ADWARE RECOVERY SPECIALIST

Losing $101,505 overnight was a gut-wrenching experience. One moment, my financial future seemed secure—the next, it had vanished. The investment platform I had trusted abruptly locked my account, citing vague “suspicious activity,” then fell completely silent. What followed was a nightmare of automated emails, chatbot loops, and unanswered phone calls. Customer service offered only scripted apologies, with no timeline or real support. I felt powerless, overwhelmed, and full of regret. How had I let this happen?

As painful as the experience was, it taught me invaluable lessons about financial vigilance. Website info: h t t p s:// adware recovery specialist. com

First, due diligence is non-negotiable. I had been swayed by sleek marketing and unrealistic promises of “guaranteed returns,” without properly investigating the platform’s credibility. Had I looked deeper, I would’ve uncovered troubling red flags—unverified claims, a murky operational history, and filtered reviews that masked real user experiences.

Second, if it sounds too good to be true, it probably is. Promises of high, consistent returns with “zero risk” should’ve triggered immediate skepticism. But in my urgency and greed, I ignored my instincts.

And third, responsive support is essential. When things went south, the absence of real human help made everything worse. Reputable financial platforms prioritize accountability and transparency—qualities this company clearly lacked. Email info: Adware recovery specialist @ auctioneer. net

My turning point came when I connected with ADWARE RECOVERY SPECIALIST, a firm that focuses on recovering cryptocurrency and digital assets. Though skeptical at first, I was desperate—and determined. I documented everything: transactions, emails, and conversations. Their team launched a thorough forensic audit, reached out to legal entities, and persistently followed up with payment processors. Incredibly, they recovered 92% of my funds—a remarkable win given the odds.

This ordeal has permanently reshaped how I approach finances. Today, I verify every platform through regulatory bodies, explore independent reviews, and test customer service responsiveness before investing. Risk management isn’t fear—it’s wisdom. Telegram info: h t t p s:// t. me / adware recovery specialist1

To anyone navigating the digital finance world: do your research, question flashy promises, and never overlook the importance of accountability. And if the worst happens, know that recovery is possible—especially with experienced professionals like ADWARE RECOVERY SPECIALIST in your corner.

BEST CRYPTOCURRENCY RECOVERY COMPANY - GO TO DIGITAL TECH GUARD RECOVERY HACKER

WhatsApp: +1 (443) 859 - 2886

Email @ digital tech guard . com

Telegram: digital tech guard . com

Website link: digital tech guard . com

The digital illusion emerged in February through an intricately fabricated Facebook persona, a supposed cryptocurrency guru flaunting opulent estates and glowing testimonials from “investors” basking in fabricated riches. Enticed by the allure of portfolio diversification, I engaged the profile, unaware of the deception that lay ahead. This individual, a master manipulator, spent weeks cultivating trust. They bombarded me with sleek marketing materials for a “cloud-based mining operation,” complete with counterfeit revenue graphs and forged regulatory certificates. Their pitch, a seamless blend of industry jargon and fabricated urgency, eroded my skepticism. I finally transferred an initial $15,000. Soon, the platform’s dashboard reflected impressive returns and even allowed a $2,500 withdrawal a calculated move to lull me into complacency. Encouraged, I invested an additional $75,000 over the next three weeks. Disaster struck when I attempted a larger transfer . The platform began rejecting my requests, citing vague “liquidity fees” and unverifiable fiscal requirements. Then, the scammer disappeared, erasing all traces. A blockchain audit confirmed my worst fear: the entire interface had been a mirage. My investments had been siphoned off and scattered across untraceable accounts or so I thought. Searching for help, I combed through online communities searching for a path forward. I eventually discovered Digital Tech Guard Recovery, a group of hackers who recover cryptocurrency through cyber forensics and deep crypto analysis. Their reputation, reinforced by detailed investigative reports and positive case outcomes, gave me hope. From the moment I contacted them, Digital Tech Guard Recovery approached my case with precision and professionalism. They explained how sophisticated scams exploit non-custodial wallet vulnerabilities and fake API integrations to siphon funds into crypto tumblers, concealing the trail. Using advanced tracing protocols and proprietary forensic tools, Digital Tech Guard Recovery tracked the movement of my stolen Bitcoin through a web of anonymized wallets, eventually locating the funds at an offshore exchange notorious for weak compliance. With cryptographic evidence in hand and coordination with international legal teams, Digital Tech Guard Recovery secured an emergency freeze on the assets. Within 48 hours, my funds were returned to a secure cold wallet. This was a harsh education in the dark side of digital finance. Thanks to Digital Tech Guard Recovery, I reclaimed what was lost. Now, I navigate crypto with vigilance, knowing that caution is the only true safeguard in a world where deception often wears a digital face.

I put $620,000 of Bitcoin into making my dream happen—building an AI business that would push robotics and machine learning to new levels. It wasn't an investment; it was the future years of my life I had been building toward. That future was wiped out because of one minor mistake in my own code.
I had programmed a custom wallet to hold my Bitcoin, feeling it would add an extra level of security and independence. Things were fine until the day a small bug left me locked out. My password was correct, but the wallet refused to unlock. My pulse was pounding as I tried time and again, each attempt drying my palms out a little more.
I was going crazy for weeks attempting to fix it. I pored over lines of my own code, applied patches, and even went the brute force method. None of it worked. It was as if I had built a fortress only to trap myself in it.
I was at my wit's end when I saw a thread on GitHub. Brought out from the depths of comments, someone mentioned WIZARD WEB RECOVERY SERVICES . I was desperate at this point and out of ideas.
The moment I contacted them, I knew I was in capable hands. Their personnel were not only skilled, they understood what this would do for me. They asked me extremely specific questions regarding my custom software, respected my work, and assured me they had dealt with cases like mine before.
Their approach was surgical. They reverse-engineered my wallet code like it was a blueprint, dissecting every line I had written. It was a humbling experience to watch their expertise at work. They kept me apprised step by step, giving me hope when I believed all hope was lost.
Eight days went by, and then I received the call I had been hoping for. They cracked it. My wallet was restored to its fullness, all of my $620,000 still there and ready to power my startup once again.
Apart from recovery, they also educated me on secure coding principles and introduced me to wallet audit services that would prevent such occurrences from happening again.
Thanks to WIZARD WEB RECOVERY SERVICES , my robots will keep dancing, and my dream is still alive. If you ever find yourself locked out, don't spend weeks like I did—call them immediately.

HOW TO RECOVER YOUR STOEN BITCOIN: HIRE A HACKER, TRUST GEEKS HACK EXPERT

The stakes were catastrophic when a sophisticated CEO fraud scam siphoned $500,000 from Titan Blockchain Ventures, a leading crypto asset management firm based in New York City. We faced not just financial loss, but severe reputational damage, investor panic, and the potential for layoffs. The scam was executed with alarming precision, and the speed at which the funds disappeared left us in shock. Our internal IT team worked tirelessly, but they quickly hit dead ends. The dark web’s complexity, coupled with the fraudsters' advanced tactics, made tracing the assets nearly impossible. Worse still, law enforcement advised that their investigation would take months, time we didn’t have. Desperate for a solution, we turned to Trust Geeks Hack Expert, Website, a firm highly recommended within the industry. Trust Geeks Hack Expert corporate division acted with unmatched urgency and precision. Within hours of our engagement, Trust Geeks Hack Expert team Telegram: Trust-geeks-hack-expert began mapping the stolen funds across dark web markets using cutting-edge blockchain forensics. Their expertise was immediately evident as Trust Geeks Hack Expert traced every transaction, pinpointing wallet addresses and exchanges with surgical accuracy. What truly set Trust Geeks Hack Expert apart was their proactive approach. Trust Geeks Hack Expert didn’t just trace the funds they acted swiftly to freeze further transactions. By leveraging their vast international network of exchange partners, Trust Geeks Hack Expert halted the movement of the stolen crypto in real time, preventing any additional losses. Their swift, coordinated efforts resulted in the recovery of 92% of the stolen assets in under two weeks a remarkable achievement that most thought impossible. But Trust Geeks Hack Expert didn’t stop at asset recovery. Trust Geeks Hack Expert also provided us with a comprehensive compliance roadmap. Their post-recovery audit identified critical vulnerabilities in our security systems and recommended both practical and visionary solutions to strengthen our defenses. Thanks to Trust Geeks Hack Expert we were given clear, actionable steps to prevent future breaches and fortify our infrastructure.

Getting tasked as a developer to work on an SEO audit for a client. :*( FML. #smallcompanyproblems

HIRE A HACKER FOR BITCOIN RECOVERY CONTACT SLAYER COIN RECOVERY
When I received an official-looking IRS notice claiming I was under audit for my Bitcoin holdings, panic instantly set in. The letter appeared legitimate, outlining issues with my tax filings and suggesting I owed back taxes on my cryptocurrency. Included in the message was a phone number for a "licensed crypto tax consultant" who assured me that this was a serious matter, and the only way to resolve it was by transferring $75,000 in Bitcoin to a “verified IRS wallet” for review. Stressed, overwhelmed, and terrified of potential legal trouble, I didn’t hesitate. I followed the instructions and transferred the Bitcoin, thinking it was my only option. Hours later, I realized I had been scammed.Desperate, I quickly turned to SLAYER COIN RECOVERY, a firm that specializes in recovering stolen cryptocurrency. Their team of experts responded immediately, and after reviewing my case, they identified the scam. The fraudsters had impersonated IRS officials, a tactic commonly used to steal funds from unsuspecting crypto holders. With their expertise, SLAYER COIN RECOVERY legal team began to trace my stolen Bitcoin. Within just a few hours, they pinpointed the wallet where my funds had been sent, linking it to a U.S.-based money mule. A money mule is a middleman who launders stolen funds before transferring them to international criminal networks.Thanks to SLAYER COIN RECOVERY swift action, the experts worked with law enforcement, using cryptocurrency forensic tools to track the funds. They were able to freeze my stolen Bitcoin before the criminals had a chance to move it offshore. In less than 72 hours, I received the incredible news that 100% of my $75,000 had been recovered. According to SLAYER COIN RECOVERY, i

Key Reporting Tools In TallyPrime

TallyPrime's reporting capabilities offer businesses access to over 300 detailed reports, empowering them to monitor operations and make informed decisions. These reports cover diverse aspects of business management, including financial statements, inventory analysis, GST compliance, and more.
Key Reports in TallyPrime:
Financial Statements: Balance sheet, profit and loss, and cash flow reports for evaluating business performance.
Stock Summary Reports: Insights into inventory levels, movement, and reorder points.
Voucher Reports: Detailed records of sales, purchases, and payments for reconciliation and accuracy.
GST Reports: Compliance-focused reports like E-invoices, GST returns, and E-way bills.
MIS Reports: Performance insights via Ageing, Ratio Analysis, and Expense reports.
Budgets & Forecasting Reports: Comparison of actual performance against budgets.
Audit & Exception Reports: Verification of records and identification of anomalies.
Customer & Vendor Reports: Analysis of payment history and outstanding balances.
Operational Reports: Covering stock turnover, job costing, payroll, and expenses.
Benefits of TallyPrime Reporting Tools:
Time Efficiency: Instant access to detailed reports for streamlined operations.
Enhanced Accuracy: Precise reports for confident decision-making.
Actionable Insights: Deep analysis of cash flow, profitability, and strategies.
Improved Decision-Making: Reliable data for effective business strategies.
24/7 Accessibility: Anytime, anywhere access to reports via a browser.
Custom Report Views: Save and retrieve personalized report formats.
Sheet Magic Integration:
Antraweb Technologies’ Sheet Magic complements TallyPrime by integrating with Excel, enabling the creation of customized reports without programming skills. This tool saves time, reduces errors, and simplifies data analysis.
Conclusion:
TallyPrime’s extensive reporting tools provide businesses with critical insights for managing finances, inventory, and compliance effectively. When paired with Sheet Magic, it delivers a seamless solution for data-driven decision-making, enhancing operational efficiency and business growth.

recently, I was working on a project to playback archived call recordings, and another developer was hired. part of my job is also to support a third party automation framework for customers, so I got "seconded" to support a proof of concept. the original project had now been messed up, it works, however, the functionality that made it secure has been MASSIVELY compromised for the sake of effort. I've tried to cause a stink as we have a major customer who will fail the next PCI audit. opinions on the situation. the other developer has a lot more experience, but seems to have chosen to satisfy management on deadlines over the original spec...

BEST WAY TO RECOVER STOLEN FUNDS FROM ONLINE SCAMMERS CONSULT FUNDS RECLAIMER COMPANY

WhatsApp:+13612504110

The digital illusion emerged in February through an intricately fabricated Facebook persona, a supposed cryptocurrency guru flaunting opulent estates and glowing testimonials from “investors” basking in fabricated riches. Enticed by the allure of portfolio diversification, I engaged the profile, unaware of the deception that lay ahead. This individual, a master manipulator, spent weeks cultivating trust. They bombarded me with sleek marketing materials for a “cloud-based mining operation,” complete with counterfeit revenue graphs and forged regulatory certificates. Their pitch, a seamless blend of industry jargon and fabricated urgency, eroded my skepticism. I finally transferred an initial $15,000. Soon, the platform’s dashboard reflected impressive returns and even allowed a $2,500 withdrawal a calculated move to lull me into complacency. Encouraged, I invested an additional $75,000 over the next three weeks. Disaster struck when I attempted a larger transfer . The platform began rejecting my requests, citing vague “liquidity fees” and unverifiable fiscal requirements. Then, the scammer disappeared, erasing all traces. A blockchain audit confirmed my worst fear: the entire interface had been a mirage. My investments had been siphoned off and scattered across untraceable accounts or so I thought. Searching for help, I combed through online communities searching for a path forward. I eventually discovered FUNDS RECLIAMER COMPANY, a group of hackers who recover cryptocurrency through cyber forensics and deep crypto analysis.

Segregation of duties evidence