Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Funny story about the first time two of my servers got hacked. The fun part is how I noticed it.
So I purchased two new vps's for proxy server goals and thought like 'I can setup fail2ban tomorrow, I'll be fine.'

Next day I wanted to install NginX so I ran the command and it said that port 80 was already in use!

I was sitting there like no that's not possible I didn't install any server software yet. So I thought 'this can't be possible' but I ran 'pidof apache2' just to confirm. It actually returned a PID! It was a barebones Debian install so I was sure it was not installed yet by ME. Checked the auth logs and noticed that an IP address had done a huge brute force attack and managed to gain root access. Simply reinstalled debian and I put fail2ban on it RIGHT AWAY.

Checked about two seconds later if anyone tried to login again (iptables -L and keep in mind that fail2ban's default config needs six failed attempts within I think five minutes to ban an ip) and I already saw that around 8-10 addresses were banned.

Was pretty shaken up but damn I learned my lesson!

So I've been looking for a Linux sysadmin job for a while now. I get a lot of rejections daily and I don't mind that because they can give me feedback as for what I am doing wrong. But do you know what really FUCKING grinds my FUCKING gears?

BEING REJECTED BASED ON LEVEL OF EDUCATION/NOT HAVING CERTIFICATIONS FOR CERTAIN STUFF. Yes, I get that you can't blindly hire anyone and that you have to filter people out but at least LOOK AT THEIR FUCKING SKILLSET.

I did MBO level (the highest sub level though) as study which is considered to be the lowest education level in my country. lowest education level meaning that it's mostly focused on learning through doing things rather than just learning theory.

Why the actual FUCK is that, for some fucking reason, supposed to be a 'lower level' than HBO or Uni? (low to high in my country: MBO, HBO, Uni). Just because I learn better by doing shit instead of solely focusing on the theory and not doing much else does NOT FUCKING MEAN THAT I AM DUMBER OR LESS EDUCATED ON A SUBJECT.

So in the last couple of months, I've literally had rejections with reasons like
- 'Sorry but we require HBO level as people with this level can analyze stuff better in general which is required for this job.'. - Well then go fuck yourself. Just because I have a lower level of education doesn't FUCKING mean that I can't analyze shit at a 'lower level' than people who've done HBO.

- 'You don't seem to have a certificate for linux server management so it's a no go, sorry!' - Kindly go FUCK yourself. Give me a couple of barebones Debian servers and let me install a whole setup including load balancers, proxies if fucking neccesary, firewalls, web servers, FUCKING Samba servers, YOU FUCKING NAME IT. YES, I CAN DO THAT BUT SOLELY BECAUSE I DON'T HAVE THAT FUCKING CERTIFICATE APPEARANTLY MEANS THAT I AM TOO INCOMPETENT TO DO THAT?! Yes. I get that you have to filter shit but GUESS WHAT. IT'S RIGHT THERE IN MY FUCKING RESUME.

- 'Sorry but due to this role being related to cyber security, we can't hire anyone lower than HBO.' - OH SO YOUR LEVEL OF EDUCATION DEFINES HOW GOOD YOU ARE/CAN BE AT CYBER SECURITY RELATED STUFF? ARE YOU MOTHERFUCKING RETARDED? I HAVE BEEN DOING SHIT RELATED TO CYBER SECURITY SINCE I WAS 14-15 FUCKiNG YEARS OLD. I AM FAMILIAR WITH LOADS OF TOOLS/HACKING TECHNIQUES/PENTESTING/DEFENSIVE/OFFENSIVE SECURITY AND SO ON AND YOU ARE TELLING ME THAT I NEED A HIGHER LEVEL OF FUCKING EDUCATION?!?!? GO FUCKING FUCK YOURSELF.

And I can go on like this for a while. I wish some companies I come across would actually look at skills instead of (only) study levels and certifications. Those other companies can go FUCK THEMSELVES.

My own text mmorpg and it's selfmade Chat system! <3

Yeah it's barebones and has some flaws, but its the first project I set an worked through with a very pleasing result ^^

It's a CLI-Style interface with a command and chat mode, multiple rooms, user descriptions etc.

Some day I want to improve it even further, bring much more functionality in the mix, but first I would have to reinforce the base/core of the program ^^

I could bitch about XSLT again, as that was certainly painful, but that’s less about learning a skill and more about understanding someone else’s mental diarrhea, so let me pick something else.

My most painful learning experience was probably pointers, but not pointers in the usual sense of `char *ptr` in C and how they’re totally confusing at first. I mean, it was that too, but in addition it was how I had absolutely none of the background needed to understand them, not having any learning material (nor guidance), nor even a typical compiler to tell me what i was doing wrong — and on top of all of that, only being able to run code on a device that would crash/halt/freak out whenever i made a mistake. It was an absolute nightmare.

Here’s the story:

Someone gave me the game RACE for my TI-83 calculator, but it turned out to be an unlocked version, which means I could edit it and see the code. I discovered this later on by accident while trying to play it during class, and when I looked at it, all I saw was incomprehensible garbage. I closed it, and the game no longer worked. Looking back I must have changed something, but then I thought it was just magic. It took me a long time to get curious enough to look at it again.

But in the meantime, I ended up played with these “programs” a little, and made some really simple ones, and later some somewhat complex ones. So the next time I opened RACE again I kind of understood what it was doing.

Moving on, I spent a year learning TI-Basic, and eventually reached the limit of what it could do. Along the way, I learned that all of the really amazing games/utilities that were incredibly fast, had greyscale graphics, lowercase text, no runtime indicator, etc. were written in “Assembly,” so naturally I wanted to use that, too.

I had no idea what it was, but it was the obvious next step for me, so I started teaching myself. It was z80 Assembly, and there was practically no documents, resources, nothing helpful online.

I found the specs, and a few terrible docs and other sources, but with only one year of programming experience, I didn’t really understand what they were telling me. This was before stackoverflow, etc., too, so what little help I found was mostly from forum posts, IRC (mostly got ignored or made fun of), and reading other people’s source when I could find it. And usually that was less than clear.

And here’s where we dive into the specifics. Starting with so little experience, and in TI-Basic of all things, meant I had zero understanding of pointers, memory and addresses, the stack, heap, data structures, interrupts, clocks, etc. I had mastered everything TI-Basic offered, which astoundingly included arrays and matrices (six of each), but it hid everything else except basic logic and flow control. (No, there weren’t even functions; it has labels and goto.) It has 27 numeric variables (A-Z and theta, can store either float or complex numbers), 8 Lists (numeric arrays), 6 matricies (2d numeric arrays), 10 strings, and a few other things like “equations” and literal bitmap pictures.

Soo… I went from knowing only that to learning pointers. And pointer math. And data structures. And pointers to pointers, and the stack, and function calls, and all that goodness. And remember, I was learning and writing all of this in plain Assembly, in notepad (or on paper at school), not in C or C++ with a teacher, a textbook, SO, and an intelligent compiler with its incredibly helpful type checking and warnings. Just raw trial and error. I learned what I could from whatever cryptic sources I could find (and understand) online, and applied it.

But actually using what I learned? If a pointer was wrong, it resulted in unexpected behavior, memory corruption, freezes, etc. I didn’t have a debugger, an emulator, etc. I had notepad, the barebones compiler, and my calculator.

Also, iterating meant changing my code, recompiling, factory resetting my calculator (removing the battery for 30+ sec) because bugs usually froze it or corrupted something, then transferring the new program over, and finally running it. It was soo slowwwww. But I made steady progress.

Painful learning experience? Check.
Pointer hell? Absolutely.

I’ve been trying to use Debian without a graphical UI, at least for the most part. I use X window to run firefox since I feel that is the best way to browse. But simply using the terminal for almost everything feels so refreshing somehow.

I start to find these gems such as a music player for the terminal that works really well, my HOME area feels so clutter free and I feel like I finally can finely control and tune my system to a much larger extent. I’m coming from an extensively cluttered windows system so just seeing a few things makes me feel like I can finally focus.

For me it feels like I’ll have an easier time managing my projects by setting up github in a good way in HOME. I’ve been putting more time into my vimrc to make it better for my different workflows and general productivity (and for the sake of minimalism trying to keep it mostly to hand written stuff). I’ve also been looking into Lutris to be able to fire up games or use wine for other necessary tools that I might need during cowork with others.

Generally I believe that if this test works out I’ll truly consider to make this my main OS. The clutterlessness keeps me much more distraction free. The terminal environment make me read about and learn of new ways to do things. And most of the tools I use can either be used from command line, multiple ones with a multiplexer and in the case I truly need to use GUI or want to play a game I can just fire it up on demand.

*happy*

Do you guys have any distraction free OS or setups that you want to share? Anyone with a similar experience of revelation?

Something as barebones as Postman, should not take 600MB of RAM :v
//and then hang and crash ffs

Holy heavens! I'm gonna work with a js framework at my day job.

After installing nodejs I'm immediately greeted by a warning that something is somehow broken. Installing the packages for the barebones repo leads to hundreds of dependencies and vulnerability warnings. I don't even know anything beyond document.getElementById().

On a scale of 1 to Squidward Tentacles, how much am I gonna hate my job?

I am working on a webservice that some other consultants upstairs are set to consume.

Last week, monday, the consultants send multiple emails and one of them comes downstairs to find out why the service isn't working correcrly. My manager tells them in email that it is still being developed and won't be ready for ten business days.

However in the meantime the service has some barebones functionality that they can try out.

And wouldn't you know it, I get emails and visits every other day along the way asking why the service is down or doesn't function.

When is the service going to be down? Why isn't this working? Hey you need to fix this

IT'S NOT DONE YET

Does your team also tend to get stuck in the MVP Trap?

You ship a barebones version of a feature. Zero polish. That’ll be done later if it’s successful.

When the stats roll in it seems the feature got a lukewarm reception. A few users liked it, but it wasn’t a hit.

Next sprint starts and everyone asks if we should spend more time on it

The PM argues ”Why would we spend time polishing something no one uses?”

The designer argues ”Well of course no one used it, it looks like shit, we gotta spend some time polishing it!”

It becomes a chicken or the egg scenario.

Your product ends up with a bunch of half assed features. not bad enough to remove, not good enough to spend more time on.

My sister's laptop ate shit the other day and she ordered a new one. She got me thinking about my five year old rig, and how it was starting to show its age, so started half-heartedly pricing the stats I would want in a new machine on newegg and Amazon for fully assembled machines, and was always getting gouged or having to make some kind of sacrifice for another feature.

So after my wife responded to me trying to sound offhanded about buying a new computer by only rolling her eyes, but not actually raising any actual objection, I committed to the idea and started searching in earnest.

I realized that a fully assembled machine would always cost more, be underpowered for its price, be basically impossible to upgrade, be made of shitty parts, and always require some kind of compromise on my part.

Normally in the past, i would go to the barebones section on Pricewatch, order the basic stats I wanted, and fill it in myself after that. But it appears that Pricewatch might be dead. So, for the first time since probably 2002 or so, I'm building a computer in its entirety.

I'm really excited. Everything should be here by the middle of next week.

Trying to switch my job. Applied for a well known company. Gave an interview today. I don't fucking get the obsession of these developer recruiters so fixated on data structures and algorithms. I know it's a massive part of computer science but guess there is no fucking room left to innovate in there. There are legitimate researcher teams working for implementation of these barebones inside system foundations. No general software developer gives a fuck about this piece of shit discipline of study. You wanna know why they propagate this as the panacea to test people because it's fucking easy. Give a project to somebody as interview procedure, it'll take time to bring out an interesting problem and an interesting solution to that. Sorry to say but all these data structure enthusiasts are nothing better than board game enthusiasts.

Also why can't you refer existing solutions to create your solution. I've seen some good problems which actually require you to think. But again those are heavy and can't be tested so you're left with reversing a fucking linked list with O(1) auxillary space. Fuck me ig.

Moreover, what the fuck is wrong with the moral policing internet crowd. Its so sad. I've hardly seen anybody rant about this piece of shit system put in place to push the absolute dead-end nutcases up the ladder. Every other search for it returns a Quora link with some Indian guy complaining about his interviews and in the comments you have the same scholars sitting in their data structure throne imparting knowledge about how data structure holds the fabric of reality together.

I don't hate data structures and algorithms as a subject. It is cool and quite extensive but once you try to make that as a metric of all the knowledge in the world, you've lost my drift. Maybe I'm just angry with the state of things. Maybe I'm just angry with token Quora crowd.

1. Get an idea
2. Plan the structure to use overengineered solutions
3. $ git init
4. Setup the barebones
5. $ git commit -am "initial commit"
6. Forget the project for the next several months, until another idea pops out and you visit your github to setup a repo for the new project and rediscovers this miserable project's repo
7. Back to 1, repeat

Hello Everyone,

I was wondering could any VS Code users submit links to their setups and recommended extensions.

Thanks in advance.

I'm posting mine as well. Though it's pretty barebones

An anti-rant: I just made some code and out of nowhere it suddenly had an awesome feature that I didn't even program. No, not a euphemism for "bug", an actual feature.

Here's the story: A few months ago I made a shortcut for "System.out.println(…)" called "print(…)". Then I developed it further to also print arrays as "[1,2,3]", lists as "{1,2,3}", work with nested arrays and lists and accept multiple arguments.
Today I wanted to expand the list printing feature, which previously only worked for ArrayLists, to all types of List. That caused a few problems, but eventually I got it to work. Then I also wanted to expand it to all instances of Collection. As a first step, I replaced the two references to "List" with "Collection" and magically, no error message. So I tested it with this code:

HashMap<Integer, String> map = new HashMap<>();
map.put(1, "1");
map.put(2, "");
map.put(3, "a");
print(map);

And magic happened! The output was:

{1=1, 2=, 3=a}

That's awesome! I didn't even think yet about how I wanted to display key-value pairs, but Java already gave me the perfect solution. Now the next puzzle is where the space after the comma comes from, because I didn't program that in either.

I feel a bit like a character in "The subtle knife", who writes a barebones program to communicate with sentient elementary particles (believe me, it makes sense in context) and suddenly there's text alignment on the left and right, without that character having programmed any alignment.

It's so frustrating when libraries just give you a hello world example and you have to figure out what the fuck it does. No comments, no nothing. Then you go read the documentation, and find out they have topics for everything, but nothing explaining how it all comes together. They give you a hello world and then you have to figure out how the damn thing works.
Now I have to watch YouTube tutorials which will probably all use fucking Spring Boot and extra libraries. I just wanted a barebones example, is that too fucking hard?

EDIT: maybe I should take a break from this thing

Are there any tools, points of reference, barebones templates, bits of advice, etc. that anyone can share or direct me to that could potentially a programmer with ADD stay organised and keep projects/code structured?

Just a bit of background:

I am 29 years old and have battled with severe Attention Deficit Disorder since early childhood. No hyperactivity, just a mind that is constantly running at light speed. I have a tendency to lose focus on the main goal in my projects and I fall victim to feature creep more than I'd like to admit—to the extent that on countless occasions, I've ended up just starting projects over from scratch because they became too convoluted and hectic.

I've spent the past 2~3 months working on a sort of companion app for players of the game Warframe using Dart/Flutter. The main purpose of the app is to provide players with an accessible and customisable agenda to help with keeping in-game goals organised (oh, the irony). I have made a decent amount of progress, but I consistently find myself working on various bits and pieces of code (usually) without finishing each of them before moving on to something else. What I end up with is a tangled yarn ball of code and I get lost and overwhelmed in the chaos.

Any feedback or advice is much appreciated.

I've been told by the client today to turn their application's barebones support messaging into, and quote "WhatsApp".
By Friday.

Got VS running, SDL up and running and outputting, and angelscript included. Only getting linker errors on angel at the moment, not on inclusion, but on calling engine initialization.
Who knows what it is. Devs recommended precompiling but I wanted to compile with the project rather than as a dll (maybe I'm doing something stupid though, too new to know).

Goal is to do for sdl, cpp, and angelscript, what LOVE2d did for lua. Maybe half baked, and more just an experiment to learn and see if I can.

Would be cool to script in cpp without having to fuck with compilers and IDEs.

As simple as 1. write c++, 2. script is compiled on load, 3. have immediate access to sdl in the same language that the documentation and core bindings are written for.

Maybe make something a little more batteries-included than what lua and love offer out of the box, barebones editors and tooling and the like, but thats off in the near future and just a notion rather than a solid plan.

Needed to take a break from coding my game and here I am..experimenting with more code.

Something is wrong with me.

FUCK NEXTJS

The STUPID STUPID STUPID Server components force me to create 123953298341923 files just to add a FUCKING "use client" and the top that basically turns this fucking mess into basic barebones React

WOW. Let's have 34 million libraries in our project and then let's not use them with one fucking keyword that forces me to write my 10 components project as a 300 million files project

Then, I LOVE that all my FUCKING FILES ARE NAMED PAGE

That makes things easy

NextJS can fuck itself

How often do you write code in a raw text editor, without any tools whatsoever (no IDE, no colors, no syntax highlighting,..)? :P

I'm doing that now.

!rant
TL;DR: New(-ish) dev looking for advice to improve workflow and new languages. Hopefully worth a read though :)

Newbie developer here, I took a web applications development class this year since I could take that at another campus rather than do general education courses at my home school, and I have learned and earned a CIW Certification for HTML5, CSS3, and JavaScript, though I know the certificates do squat if I can't apply myself to them, and I have learned PHP and MySQL.

I want to learn more, technically-applicable languages.

My setup is barebones (to a Linux diehard's eyes), with a gaming laptop that I do a lot of workstation stuff on, an RPi 3 B that I do some Linux-y stuff on, and a less-powerful Development Laptop (that I call a devtop) that I occasionally do work away from home on.

I'm sure most will cringe and weep at my workflow, as I use Windows 10 on both systems and the standard NOOBS software on the pi, and I use Brackets as my text editor, as well as the XAMPP AMP stack for testing.

My biggest questions are what could I do to improve my workflow, and what languages should I learn/apply myself to for real-world application (such as Node.js for live-updating server-side applications or C# for Windows applications)?

Thank you for taking the time to read this, any feedback is helpful! I'm just a high school student with a lot of enthusiasm for development!

I think it would be nice to see less contracts with those companies which only have in mind barebones training and profit. That kind of relationship between institutions drops the standards and it's expensive af. Those who sells cheap computers and bad software and charges more than ten time their value, those with enough power and influence to bend every single rule...

That kind of companies shapes the industry according to their needs, and will never give a shit about anything but the next semester. They teach you to be just a bit more than a user, they charge you like if they were really teaching science.
You end up full of debt, self taught on the technologies that matters, and accepting jobs on projects as outdated and mediocre as the "educational plans" you paid thousands for. And all that just to get a piece of paper signed by a stranger who doesn't care about you, and enjoyed by a corporation which wouldn't even consider to hire you because they know what they sold to the education department.
Fuck this, today I hate it all.

Why does it feel like they don't teach anything useful in university every time I interact with an intern. Barebones understanding of how HTT works, but not quite enough to work on a rest API on their own and an absolute lack of inspecting inputs/outputs. Especially nice today when the intern mixes browser requests and app requests to make it seem like he properly configured the test endpoint correctly and leaving me to guess wtf is going on in the logs

I made a reminder application, with different sounds for different hours, but it's super primitive, as I'd never figured out how to use android intents that we'll, and the logic was barebones. I'd like to polish it up so it's a little more user friendly and intuitive.

Most of the web stuff I have done in the past have been PHP, Wordpress, cgi, etc. I read about nginx and was very impressed by what it accomplished in the last 20 years. Now I have a desire to play with this tech for fun.

What I want to do:
- create, manage, and launch minecraft servers
- provide a web interface for managing servers (I would like to learn how to make the server use the infrastructure of nginx to be managed like its other services)
- make this packaged so others can use this (probably on github)

I don't know anything about nginx other than it is really really cool, can serve massive amounts of web pages, and can do a whole lot more than that.

Question:
Is nginx suitable for this? Is this a big learning curve? Will I have fun doing this?

I am currently running a multi-instance minecraft server being managed by a piece of software called Crafty Controller. It is really neat. However, I am finding it buggy. I also see that the next version of this software will be behind a patreon. This is really disappointing. So this is spurring me to consider building something fun for myself, and if useful, for others.

I will most likely do very barebones and inflexible web interface that just gets the job done. I know enough to get by. So I assume I have a large learning curve ahead to do this.

Any advice? Is this going to turn into a large time sink?

>opens up one of my four editors
>opens up with the barebones of a project
>no identifying information, just the start of a project
>file name is generic

What the hell was I even doing?!