And here comes the last part of my story so far.
After deploying the domain, configuring PCs, configuring the server, configuring the switch, installing software, checking that the correct settings have been applied, configuring MS Outlook (don't ask) and giving each and every user a d e t a i l e d tutorial on using the PC like a modern human and not as a Homo Erectus, I had to lock my door, put down my phone and disconnect the ship's announcement system's speaker in my room. The reasons?
- No one could use USB storage media, or any storage media. As per security policy I emailed and told them about.
- No one could use the ship's computers to connect to the internet. Again, as per policy.
- No one had any games on their Windows 10 Pro machines. As per policy.
- Everyone had to use a 10-character password, valid for 3 months, with certain restrictions. As per policy.
For reasons mentioned above, I had to (almost) blackmail the CO to draft an order enforcing those policies in writing (I know it's standard procedure for you, but for the military where I am it was a truly alien experience). Also, because I never trusted the users to actually backup their data locally, I had UrBackup clone their entire home folder, and a scheduled task execute a script storing them to the old online drive. Soon it became apparent why: (for every sysadmin this is routine, but this was my first experience)
- People kept deleting their files, whining to me to restore them
- People kept getting locked out because they kept entering their password WRONG for FIVE times IN a ROW because THEY had FORGOTTEN the CAPS lock KEY on. Had to enter three or four times during weekend for that.
- People kept whining about the no-USB policy, despite offering e-mail and shared folders.
The final straw was the updates. The CO insisted that I set the updates to manual because some PCs must not restart on their own. The problem is, some users barely ever checked. One particular user, when I asked him to check and do the updates, claimed he did that yesterday. Meanwhile, on the WSUS console: PC inactive for over 90 days.
I blocked the ship's phone when I got reassigned.
Phiew, finally I got all those off my chest! Thanks, guys. All of the rants so far remind me of one quote from Dave Barry:

RememberMe's relatives' guide to raising a kid:
1. Enroll kid in school IT course - Java/SQL.
2. Let kid be useless on Facebook all day. Kid doesn't write a line of code unless it's for exams.
3. Realize that kid need to do a project for 12th grade (final year in school).
4. Complain loudly to everyone in the vicinity.
5. Let kid choose a project waaay above her skill level.
6. Have some other relative mention that RememberMe is a "computer waala" (computer person).
7. Ask poor RememberMe to do the kid's project.
8. Use typical family blackmail ("oh you can't have that much work, do something for your family for once").

Yeah, nope. Get lost. I don't mind teaching, but I'm not doing your work for you.

Worst hack/attack I had to deal with?

Worst, or funniest. A partnership with a Canadian company got turned upside down and our company decided to 'part ways' by simply not returning his phone calls/emails, etc. A big 'jerk move' IMO, but all I was responsible for was a web portal into our system (submitting orders, inventory, etc).

After the separation, I removed the login permissions, but the ex-partner system was set up to 'ping' our site for various updates and we were logging the failed login attempts, maybe 5 a day or so. Our network admin got tired of seeing that error in his logs and reached out to the VP (responsible for the 'break up') and requested he tell the partner their system is still trying to login and stop it. Couple of days later, we were getting random 300, 500, 1000 failed login attempts (causing automated emails to notify that there was a problem). The partner knew that we were likely getting alerted, and kept up the barage. When alerts get high enough, they are sent to the IT-VP, which gets a whole bunch of people involved.
VP-Marketing: "Why are you allowing them into our system?! Cut them off, NOW!"
Me: "I'm not letting them in, I'm stopping them, hence the login error."
VP-Marketing: "That jackass said he will keep trying to get into our system unless we pay him $10,000. Just turn those machines off!"
VP-IT : "We can't. They serve our other international partners."
<slams hand on table>
VP-Marketing: "I don't fucking believe this! How the fuck did you let this happen!?"
VP-IT: "Yes, you shouldn't have allowed the partner into our system to begin with. What are you going to do to fix this situation?"
Me: "Um, we've been testing for months already went live some time ago. I didn't know you defaulted on the contract until last week. 'Jake' is likely running a script. He'll get bored of doing that and in a couple of weeks, he'll stop. I say lets ignore him. This really a network problem, not a coding problem."
IT-MGR: "Now..now...lets not make excuses and point fingers. It's time to fix your code."
IT-VP: "I agree. We're not going to let anyone blackmail us. Make it happen."

So I figure out the partner's IP address, and hard-code the value in my service so it doesn't log the login failure (if IP = '10.50.etc and so on' major hack job). That worked for a couple of days, then (I suspect) the ISP re-assigned a new IP and the errors started up again.

After a few angry emails from the 'powers-that-be', our network admin stops by my desk.
D: "Dude, I'm sorry, I've been so busy. I just heard and I wished they had told me what was going on. I'm going to block his entire domain and send a request to the ISP to shut him down. This was my problem to fix, you should have never been involved."

After 'D' worked his mojo, the errors stopped.

Month later, 'D' gave me an update. He was still logging the traffic from the partner's system (the ISP wanted extensive logs to prove the customer was abusing their service) and like magic one day, it all stopped. ~2 weeks after the 'break up'.

A chick asked how much I earn, and I politely declined to answer.

She seemed annoyed and insisted, nudging me by saying how much she earns.

Again I told her I'd rather not say.

She got mad, started trying to emotionally blackmail me into telling her my salary...

This must be a red flag cuz I don't give two fucks about how much money people I date earn/have and expect them to either respect or share my view

I need advice.

So let's say, hypothetically, I found a site with a user data leak.

Would it be illegal if I only told them where the leak was for a bounty?

I am NOT going to distribute the user data. I just don't want to work for free, you know?

Again: NOT DISTRIBUTING USERDATA. No blackmail. Just information that their QA should have caught.

I'm seriously burned out "CTO" (small company 20 people, 4 developers).
Should I tell my CEO/CFO exactly that?
Should I tell them, I can't take it anymore, please help me.

Next month we'll have a fund raising opportunity.
I'm afraid it will sound like a blackmail.
I'm afraid they will think, ok, he's burned out, let find somebody else.

On the other side, if I take the risk myself, without telling anyone, I could explode and I'll be on my own.

What do you think it's the best approach?

"Hi X,
Y stepped down from organizing meetup Z.

You are one of the top members of this Meetup, so I think you have what it takes to be a great organizer. Stepping up would help ensure that this community continues to survive past [date in the near future]."

Third time I get a message like this from meetup. Usually followed up by threatening to delete all group data forever if no one "steps up" (e.g. pays their bills). F***ing vendor lock-in! They have been colleting and publishing data for years only to blackmail people to continue using their services.

Some meetups (at least in my region) have switched to LinkedIn, so we will surely receive messages like above from LinkedIn in a couple of years.

So I got a scam email... well I hope it’s a scam email
Saying that they know my email and password, stating the email and password (I think it was the correct password or maybe older version), have installed whatever on my OS and want blackmail me w/ my info for money or else they’ll release it in 48 hrs and ugh
I have exams, honestly can’t be fucked dealing with this.

It is a scam right???

#concerned
#dumbass

Hi who knows a tool for reverse image search on Facebook? Someone blackmail my gf by posting her picture and tagging her as a "call me for sex" hooker...

I believe there is a sizable community suffering the current situation of TypeORM, a blackmailing author without introducing new members.

Why isn't there a succeeding fork yet? We have Sequal Ace now, people can do it!