Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "backdoors"
-
Fucking awesome. The 'encryption backdoor law' in Australia went through!
Now, whenever served with such warrants, companies which are active in Australia will have to pay hefty fines if they don't give encrypted messages to law enforcement in readable form. No matter whether this means just decrypting it with the keys they have or pushing backdoors/inject code into the messaging apps/services in order to extract the contents.
Now let's see how much the big companies really care about their users! (I'd expect them to pull out of Australia but the chance that this'll happen is as tiny as about nothing)34 -
For the Dutch people on here, the new surveillance law in short:
- dragnet surveillance, data retention of normal data is a maximum of 3 years, encrypted data up to 6 years.
- secret DNA database, data retention up to 30(!!) years.
- use of 0days without having to report them to the vendors.
- third parties may be hacked to get to main targets; if my neighbor is suspected they may legally hack me in order to get to him/her.
Cleaning up (removing backdoors etc) afterwards is not required.
- sharing unfiltered (raw) data gathered through dragnet surveillance with foreign intelligence agencies is permitted, even if it's to a country which doesn't have as much 'democracy' as this country does.
Decide for yourself if you're voting (at all) against or in favor of this law, I'm voting against :)
We do need a new/reformed law, this one is just too intrusive imo.34 -
So, as everyone knows on here by now (or, a lot of ranters), I am a fervid privacy person.
Appearantly a new surveillance law in my country is about to extend mass surveillance/hacking a lot. So here a rundown of what they are about to be allowed to do (stuff that is not okay imo and this is the reason I am so pro-privacy):
- Mass Data Gathering: The intelligence agency over here (lets call it IA from now) can pretty much record everything send through the country.
- Extra Protection: If they want to conduct surveillance on journalists/lawyers, they have to go through extra channels first at least.
- Data/survaillance sharing: The IA is allowed to share their raw/filtered data with foreign intelligence agencies without limits. Also, they're allowed to conduct surveillance based on foreign requests.
- Secret DNA database: A secret DNA database will be created which can store the DNA profiles of any person who has commited any kind of crime. These profiles are allowed to be stored for a maximum of 30 years. This database is allowed to be shared with any foreign intelligence agency.
- Hacking: Unlimited power to hack any device deemed neccesary to hack in relation to crime. From computers to smartphones and so on. Also, it's allowed to use zero-days without reporting them to the vendor (we have seen what can go wrong with that through the ShadowBrokers scandal).
- Automatic Database Collection: They are allowed to directly tap into any database they see required (banks, healthcare, messaging services and so on). Practically this can lead to backdoors being build in because if you don't cooperate, you can go to prison. (mother of god I am not using anything closed source anymore if possible).
So yeah, this is pretty much the reason why I am so privacy consious. This country is fucked.57 -
Notice :
We strongly advise people to use Windows as their primary operating system as it provides a totally free and a great tool or a utility known as Backdoors.
Here's a simple explanation of a backdoor for the people who don't know what a great tool it is :
Just as most of the citizens have a secondary door to their home through the yard, similarly a backdoor is a secondary access to your Computer which you (not us) can use it in cases of emergencies when you forget the passwords.
Please cooperate
Have a great day :)29 -
Well, here's the OS rant I promised. Also apologies for no blog posts the past few weeks, working on one but I want to have all the information correct and time isn't my best friend right now :/
Anyways, let's talk about operating systems. They serve a purpose which is the goal which the user has.
So, as everyone says (or, loads of people), every system is good for a purpose and you can't call the mainstream systems shit because they all have their use.
Last part is true (that they all have their use) but defining a good system is up to an individual. So, a system which I'd be able to call good, had at least the following 'features':
- it gives the user freedom. If someone just wants to use it for emailing and webbrowsing, fair enough. If someone wants to produce music on it, fair enough. If someone wants to rebuild the entire system to suit their needs, fair enough. If someone wants to check the source code to see what's actually running on their hardware, fair enough. It should be up to the user to decide what they want to/can do and not up to the maker of that system.
- it tries it's best to keep the security/privacy of its users protected. Meaning, by default, no calling home, no integrating users within mass surveillance programs and no unnecessary data collection.
- Open. Especially in an age of mass surveillance, it's very important that one has the option to check the underlying code for vulnerabilities/backdoors. Can everyone do that, nope. But that doesn't mean that the option shouldn't be there because it's also about transparency so you don't HAVE to trust a software vendor on their blue eyes.
- stability. A system should be stable enough for home users to use. For people who like to tweak around? Also, but tweaking *can* lead to instability and crashes, that's not the systems' responsibility.
Especially the security and privacy AND open parts are why I wouldn't ever voluntarily (if my job would depend on it, sure, I kinda need money to stay alive so I'll take that) use windows or macos. Sure, apple seems to care about user privacy way more than other vendors but as long as nobody can verify that through source code, no offense, I won't believe a thing they say about that because no one can technically verify it anyways.
Some people have told me that Linux is hard to use for new/(highly) a-technical people but looking at my own family and friends who adapted fast as hell and don't want to go back to windows now (and mac, for that matter), I highly doubt that. Sure, they'll have to learn something new. But that was also the case when they started to use any other system for the first time. Possibly try a different distro if one doesn't fit?
Problems - sometimes hard to solve on Linux, no doubt about that. But, at least its open. Meaning that someone can dive in as deep as possible/necessary to solve the problem. That's something which is very difficult with closed systems.
The best example in this case for me (don't remember how I did it by the way) was when I mounted a network drive at boot on windows and Linux (two systems using the same webDav drive). I changed the authentication and both systems weren't in for booting anymore. Hours of searching how to unfuck this on windows - I ended up reinstalling it because I just couldn't find a solution.
On linux, i found some article quite quickly telling to remove the entry for the webdav thingy from fstab. Booted into a root recovery shell, chrooted to the harddrive, removed the entry in fstab and rebooted. BAM. Everything worked again.
So yeah, that's my view on this, I guess ;P31 -
"secure" messaging apps which aren't open source.
Isn't it common sense that, when you can't check an app for anything because it's closed source (backdoors, vulnerabilities etc), you technically can't be sure whether it's actually secure or not?
And no, I'm not going to trust an app dev on his/her blue fucking eyes on this one.28 -
Actual rant time. And oh boy, is it pissy.
If you've read my posts, you've caught glimpses of this struggle. And it's come to quite a head.
First off, let it be known that WINDOWS Boot Manager ate GRUB, not the other way around. Windows was the instigator here. And when I reinstalled GRUB, Windows threw a tantrum and won't boot anymore. I went through every obvious fix, everything tech support would ever think of, before I called them. I just got this laptop this week, so it must be in warranty, right? Wrong. The reseller only accepts it unopened, and the manufacturer only covers hardware issues. I found this after screaming past a pretty idiotic 'customer representative' ("Thank you for answering basic questions. Thank you for your patience. Thank you for repeating obvious information I didn't catch the first three times you said it. Thank you for letting me follow my script." For real. Are you tech support, or emotional support? You sound like a middle school counselor.) to an xkcd-shibboleth type 'advanced support'. All of this only to be told, "No, you can't fix it yourself, because we won't give you the license key YOU already bought with the computer." And we already know there's no way Microsoft is going to swoop in and save the day. It's their product that's so faulty in the first place. (Debian is perfectly fine.)
So I found a hidden partition with a single file called 'Image' and I'm currently researching how to reverse-engineer WIM and SWM files to basically replicate Dell's manufacturing process because they won't take it back even to do a simple factory reset and send it right back.
What the fuck, Dell.
As for you, Microsoft, you're going to make it so difficult to use your shit product that I have to choose between an arduous, dangerous, and likely illegal process to reclaim what I ALREADY BOUGHT, or just _not use_ a license key? (Which, there's no penalty for that.) Why am I going so far out of my way to legitimize myself to you, when you're probably selling backdoors and private data of mine anyway? Why do I owe you anything?
Oh, right. Because I couldn't get Fallout 3 to run in Wine. Because the game industry follows money, not common sense. Because you marketed upon idiocy and cheapness and won a global share.
Fuck you. Fuck everything. Gah.
VS Code is pretty good, though.20 -
“Don’t learn multiple languages at the same time”
Ignored that. Suddently I understood why he said that. Mixed both languages. In holiday rechecked it and it was ok.
Sometimes mistakes can lead to good things. After relearning I understood it much better.
“Don’t learn things by head” was another one. Because that’s useless. If you want to learn a language, try to understand it.
I fully agree with that. I started that way too learning what x did what y did, ... But after a few I found out this was inutile. Since then, I only have problems with Git
Another one. At release of Swift, my code was written in Obj-C. But I would like to adopt Swift. This was in my first year of iOS development, if I can even call it development. I used these things called “Converters”. But 3/4 was wrong and caused bugs. But the Issues in swift could handle that for me. After some time one told me “Stop doing that. Try to write it yourself.”
One of the last ones: “Try to contribute to open source software, instead of creating your own version of it. You won’t reinvent the wheel right? This could also be usefull for other users.”
Next: “If something doesn’t work the first time, don’t give up. Create Backups” As I did that multiple times and simply deleted the source files. By once I had a problem no iOS project worked. Didn’t found why. I was about to delete my Mac. Because of Apple’s WWDR certificate. Since then I started Git. Git is a new way of living.
Reaching the end: “We are developers. Not designers. We can’t do both. If a client asks for another design because they don’t like the current one tell them to hire one” - Remebers me one of my previous rants about the PDF “design”
Last one: “Clients suck. They will always complain. They need a new function. They don’t need that... And after that they wont bill ya for that. Because they think it’s no work.”
Sorry, forgot this one: “Always add backdoors. Many times clients wont pay and resell it or reuse it. With backdoors you can prohibit that.”
I think these are all things I loved they said to me. Probably forgot some. -
One of the main reasons I completely left windows and osx for Linux is the fact that Linux is open source. In an era of mass surveillance, secret court orders ordering companies to build in backdoors into their products, companies building in tracking into their software and so on, I find it irresponsible to use closed source software.
Only my personal opinion though.8 -
I think we're going two sides:
For one, more and more technology is being developed/engineered which is even more and more and more intrusive as for personal privacy, I'm genuinely worried how this'll go as privacy isn't just a about not exposing certain things like passwords/bank account details and so on, it's also about being an individual who has their own thoughts, opinions and so on. If we keep taking that away more and more often, society will change and go towards the Orwell scenario (we're on our way there right now). We can change this as software/design/server engineers but that's up to us and I sadly don't see that happening quickly, also due to the 'nothing to hide' bullshit.
Second one is that were going more and more towards open source.
This is a good thing as this:
- gives freedom to devs around the world to improve software and/or modify it to suit their needs.
- gives people the opportunity to look through the source code of softwares in order to verify it as for backdoors and find security vulnerabilities which otherwise can remain hidden for the general public while spying agencies have way more resources to go vulnerability hunting.
For the people who think this isn't a good idea (even more open source), without it we'd be completely fucked as for moving forward/security/privacy. (I can give examples if wanted).3 -
I couldn't sleep. I was staring at the blinking cursor. A slow, comforting blinking. Like everyone else, I had become a slave to the JavaScript ecosystem. If I saw something like a new build system, or a new framework, I had to have it.
My client changed the requirements again. I'm in pain.
- "You want to see pain?" my colleague said. Go read Apple support forums. That's pain.
I became addicted. Every time I died and every time I was born again. Resurrected.
During the night, I was crying in the Apple forums for an official answer that would never come. During the day, I was surfing StackOverflow to fix my problems. You get "single-serving" friends there. They help you, you help them, and then you never see them again.
- "Then you install Stack and boom, you're done. It's that easy to go functional."
That's how I met him.
- "You know why they make so many javascript frameworks?"
- "No, why?"
- "So that they can distract you while they put backdoors in them. So that you don't have time to check all of their code".
- "You are by far the most interesting "single-serving" friend I've ever met"
Then, my hard disk died. Of course, I didn't have backups: nobody has enough space for all those node_modules folders. All my addictions, lost.
Then I wrote him. If you asked me now, I couldn't tell you why I wrote him. We chatted a lot.
- "It's late, I should really go search another hdd on ebay"
- "Ebay? You called me so you could have my old hard disk."
- "No, I..."
- "Come on."
He sent me his old hard disk. It was a 256MB hard disk, but it was fine for running Arch. Then he asked me to rant about my problems in front of him.
- "I want you to rant as hard as you can"
- "Are you serious?"
We ranted all night about our bosses and clients and their fucked up requests. We kept in touch, and after a while more people were ranting with us. Every week, he gave the rules that he and I decided.
- "The first rule of devRant is -- you don't talk about devRant. The second rule of devRant is -- you don't talk about devRant."
I like to think this is how devRant started. This might also be the reason why we never see @trogus, only @dfox. A lot of shit still needs to happen.8 -
Why does the FBI even bother asking Apple to put a back door into their devices when it already comes with backdoors?15
-
"The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia", said Australian Prime Minister Malcolm Turnbull today.
Now what the fuck is this? Why would you propose a blanket ban on end-to-end encryption or force companies to build "secure" backdoors? At this rate retarded politicians would make our lives too difficult.
https://eff.org/deeplinks/2017/...3 -
Why is it so hard to just build machines that work without all this ideological bullshit? Code doesn't care if politics==true. The world is scary enough without you assholes making modern life a data minefield for even the most educated experts, and taking advantage of the ignorance of everyone else. Fuck you.
I just wanna <look at web pages> without having to consider, counteract, or silently assist some fucking regime. Why is EVERYTHING this way? Everything is a back door or a data mine or a political statement? This isn't a fucking art piece! It's not your espionage tool, fucking codes in invisible ink and tiny cameras and shit everywhere! It's a <web browser>, and if it does ANYTHING besides <browse the web> that I didn't explicitly tell it to do, you better better not be the one who made it. Because if you did, you are what's wrong with the world.6 -
This piece of shit backend developer who our company fired sometimes back, cause he was spreading fake things about the company.
He was tasked to develop the admin panel for the websites we were working on..
Now, turns out, he had put multiple backdoors in his piece of shitty code.. He happened to designed the front end of the admin panel as well, which contained more than 3k js files..wtf!! And he did all that even after getting paid enough for that shitty code.
The projects where that shit was used are now under attack.. And my already hectic life has gotten even more hectic..
Fuck you dumb fuck.. You piece of shit developer...
I'm never gonna let him take another job.. I'll mail out official complaints and character reports, along with his history to each and every fucking company that he starts working in.. I'm gonna be his worst nightmare..I swear.2 -
I feel like I've ranted this before. many times. but here we go again because Australia.
why do people think you can just ban math? like really?! that's what crypto laws do. they require companies to use shitty math. and what prevents me from using the good math? nothing! oh I mean... I won't use it? scouts honor.
you can't ban math.
literally billions of internet users don't fall in your jurisdiction.
no single jurisdiction can cover more than a subset of the internet.
I will use whatever maths I damn well please.
fuck off. please stop making us less safe.
/discussion5 -
Well, fuck this. It seems that politicians are trying their best to validate conspiracy theorists.
https://fm4.orf.at/stories/3002708/...
This is a German article about the EU Council of Ministers discussing the implementation of backdoors into services in the same way the US and Australia do.
The link will automatically place you at a slideshow, containing images of the proposal's pages. If you can't view it, use Inspect Element to open the JPEGs individually.13 -
If you think your legacy code is bad - this is what I came across in a system I'm refactoring this morning... and this isn't even the bug I was looking for.1
-
Hacking is awesome and looks easy!!! And seems like even pentagon might have toooons of exploits and backdoors, and qwerty passwords !!
After watching Mr. Robot...4 -
Mother hugging systemd... Nobody asked tou to be born in a first place. Nobody asked you to solve problems we didn't have. And nobody asked you to open hugging backdoors in our systems!
https://thehackernews.com/2018/12/...3 -
In these dark times, it's inspiring to see that a country as insignificant as Australia can demonstrate to us how things can always get worse.
By passing a law mandating that encryption must be broken, in secret (like the US's National Security Letters), at the demand of the Government, the two biggest parties have colluded to destroy Australia's tech sector.
This is the same government that has been whining endlessly about using Huawei LTE equipment in Australian infrastructure "because it might be secretly compromised". Now the same is true of Australian equipment, by law.
My favourite part of all this is how there will be firmware updates for devices sold in Australia, in order to comply with the new law. How well do you think those backdoors will be secured? How thoroughly do you expect them to be tested, given Australia's population of only 25 million?
How can any Australian company expect customers to trust them now?3 -
I finally got the refurbished laptop I ordered and..
wrong CPU, wrong number of cores
wrong GPU
only 1 USB port, I bought 3
battery is DOA
fuck aaa_pcs at ebay. they better replace this with what I bought or imma call Karen to talk to their manager
maybe I should check for spyware/backdoors/etc while I'm at it just because I'm pissed.
any suggestions? nothing is too petty if it doesn't void warranty6 -
Yet three other flaws...
Now it's pretty clear that Intel, either kept their backdoors pretty much knowingly and patch them when they find a better way to access data(yes I see you the functioning of ME) or it's like in the race of faster clock, took the safety of the data for granted.
Anyways, one word, Assholes. The management of Intel -
Hey fellow devRanters,
I'm sure some of you have read about the newest vulnerabilities in Intels Management Engine (ME). I feel like ME and similar "features" are unacceptable backdoors into our systems. Unfortunately Intel and AMD do not offer their customers the option to acquire CPUs that lack these backdoors and make disabling them rather impossible 😒
Thus my question: Do you guys know of any 64-bit "open-source" CPU on the market that is production-ready and suitable for high-traffic web applications? Please note that I don't consider FPGAs to be viable options, since I don't trust Xilinx and Altera either.15 -
Have you read about this yet ?
https://itnews.com.au/news/...
I don't live in a FVEY country , but it still terrifies me.7 -
Give me your legacy, your undocumented,
Your huddled classss yearning to be bug free,
The wretched security holes of your multiple backdoors.
Send these, the testless, spaghetti-code to me,
I lift my keyboard beside the golden door! -
I've finally read "Reflections on trusting trust". I'd probably do it earlier if I knew it's this short. It's also terrifying. 10/10.
https://cs.cmu.edu/~rdriley/487/...3 -
When your cybersecurity departement gets back your hacked servers but then the whole network is DDoSed!3
-
Do you trust github/gitlab/bitbucket? If you self-host, do you trust your hosting? do you trust gitea? if you don't use gitea, do you trust git? do you trust the way you got your copy of git? do you trust your os, as it might have tampered with your git? did you read the code? do you trust your internet connection that might have changed some packets? do you trust your https implementation? did you examine the traffic? do you trust your traffic sniffing tool? if you use your own hardware, do you trust it? do you trust its CPU/bios? if it's risk-v, do you trust chinese vendors of your cpu? they might have put some backdoors there. do you trust your other hardware? okay, you have the money to make your own cpus. do you trust your employees? do you trust your silicon? do you trust the measuring equipment you used to check if your cpu is safe? do you trust the literature in the field? but did you verify it though? did you?
it's always who you trust. if you want to bake an apple pie from scratch, you must first create the universe.8 -
TIL indians live on the "satisfaction" plane hence saying yes to things they can't do to satisfy you, but also dissatisfy people as a form of attritional warfare, which is their specialty.
I was watching the trump v Kamala debate and was reminded of a bunch of tactics I've had used against me by an Indian lead dev, who I ignored the behaviour of and didn't think she was actually hostile to me until it was too late. but it made me feel so bad for him and I got an epiphany. it seems like the tactics are the same, so I got curious if there was an Indian art of war
Interestingly the AI said yes but directed me to the wrong book. I did find the right book eventually. it exists. the Chinese stole ideas from it to write their sun tzu art of war, but it's basically a Machiavellian manual before Machiavelli was alive. very cool
also turns out China is behind everything. I remember ages ago I got in a fight with a schizoid programmer friend of mine because he knew China was taking over everything and he wanted them to win, and I was rooting for team India because they were far less miserable than the Chinese. don't make a deal with the Chinese. guy was stupid. they treat people like irrelevant meat
China seems to be connected to everything that's going on right now.
- they're infiltrating Canadian politics, get international students to change Canadian election outcomes (200k/30m people who weren't citizens but got bussed to voting centers and just used proof of address to vote. they changed outcomes of 4 elected officials in one province, and local Chinese people are saying they get threats about their family back in China if they don't do what China tells them to -- but our elected government just keeps quiet on it and then goes to China for new orders during "climate conferences" and uselessly gives them a bunch of our fucking money)
- there was issues with the Chinese buying up real estate in Canada and just leaving them empty. it's probably still happening even though Canada eventually imposed a tax on leaving empty real estate around that you're not renting out. they're still buying up properties, and we have an increasing housing shortage as a result. one of my old apartments a white guy, who was suspicious and shifty, bought the unit and forced us to move out citing code violations (you can't kick someone out otherwise here because of very strong renter's protections). they never introduced who bought the place, but they did have 7 ALL CHINESE SPEAKING IN CHINESE people come in and measure everything at the apartment. so they're definitely still buying up real estate
- are behind the green agenda (our politicians seem to take orders from them under this guise)
- seem to strangely have had camps where they let migrants pass through the South Americas to get into united states, were very closed off and hostile to anyone snooping so it was up in the air what they were doing there. after people came to snoop the camps up and disappeared
- are who USA is competing with in the AI race, the whole AI narrative is literally a fight between the west and China
and there's a super smart systems guy who thinks they were behind the world economic forum and I'm increasingly starting to believe it
all electronics coming from China should be a concern. it isn't
there's tons of Chinese trying to enter open source software to install backdoors. they're nearly successful or successful often. same with that DDoS on DNS years ago
there's rumours they've been running Canada since the 80s, via infiltrating Canadian tech companies to steal their software and are the gatekeepers for a lot of underground stuff
I'm starting to believe even the COVID virus was on purpose. I didn't before. there was a number of labs that had that virus, a lab leak happened around Ukraine 6 months prior to the "Olympics outbreak" (seriously that was PERFECT timing for a lab leak if you wanted to do a bioweapon on purpose -- you would hit every country at once!), but there was also a lab in Canada that had it and some reporters were upset about it because the lab didn't seem to care about our national security and was letting suspicious Chinese nationals work at it, and for some reason there's been discovered a BUNCH of illegal makeshift Chinese labs in California with super vile stuff in them
and what the fuck was that Chinese spy balloon fiasco anyway. you can't shoot it down? I think that was a test to see how fast and readily the west would defend itself. or maybe they wanted to see the response procedures
and then on top of it many people think the opioid epidemic is all china. china makes the drugs. it would also fit perfectly, because in the 1800s or whatever the British empire had entirely decimated china for decades by getting them addicted to the opioid trade. eventually the British empire merged with USA and now USA is basically the head of the new British empire
I think we're at war with China and literally don't fucking know it13 -
This is not a gaming related community but the chat on this video from 6:09 definately belongs here...
Some people!
https://youtu.be/73Oi0-Pe6GM?t=3691