Me: so, ifconfig, what is my gateway?

ifconfig: [ip address]

Me: nmap, what is this IP address?

nmap: it's a network switch with an open telnet port.

Me: what happens if I connect to it?

switch: WHAT IS THE PASSWORD?!?!

Me: is it blank?

switch: correct. what do you want to do?

Me: can I look at all the IP and MAC addresses on the network?

switch: WHAT IS THE ADMIN PASSWORD?!?!

Me: is it... admin?

switch: correct. Here's everyone that's connected to the network: [400+ IPs and MACs]

Me: ok python, would you filter through these and tell me what manufacturer each one belongs to?

python: sure.
[~50 manufacturer lookups later]
python: there's a bunch of apple product, a bunch of miscellaneous laptop and printer manufacturers, and some raspberry pis.

Me: raspberry pis?

python: yep. about 20 of them.

Me: What happens if I connect to one?

rpi: WHAT IS THE PASSWORD?!?!

Me: raspberry?

rpi: correct. what do you want to do?

Me: can I make you do my bidding in the background when you aren't being used?

rpi: sure, sounds fine.

I love ignorant sysadmins.

Best part about the covid19 manufactured crisis?
Liquor stores deliver. Worst part about liquor stores delivering? Needing to use their shoddy websites.

I've been using a particular store (Total Wines) since they're cheaper than the rest and have better selection; it's quite literally a large warehouse made to look like a store.

Their website tries really hard to look professional, too, but it's just not. It took me two days to order, and not just from lack of time -- though from working 14 hour days, that's a factor.

Signing up was difficult. Your username is an email address, but you can't use comments because the server 500s, making the ajax call produce a wonderfully ambiguous error message. It also fades the page out like it's waiting on something, but that fade is on top of the error modal too. Similar error with the password field, though I don't remember how I triggered it.

Signing up also requires agreeing to subscribe to their newsletter. it's technically an opt-in, but not opting-in doesn't allow you to proceed. Same with opting-in to receiving a text notification when your order is ready for pickup -- you also opt-in to reciving SMS spam.

Another issue: After signing up, you start to navigate through the paginated product list. Every page change scrolls you to the exact middle of the next page. Not deliberatly; the UI loads first, and the browser gets as close as it can to your previous position -- which was below that as the pagination is at the bottom -- and then the products populate after. But regardless of why, there is no worse place to start because now you must scroll in both directions to view the products. If it stayed at the very bottom, it would at least mean you only need to scroll upwards to look at everything on the page. Minor, but increasingly irritating.

Also, they have like 198 pages of spirits alone because each size is unique entry. A 50ml, 350ml, 500ml, 750ml, 1000ml, and 1750ml bottle of e.g. Tito's vodka isn't one product, it's six. and they're sorted seemingly randomly. I think it's by available stock, looking back.

If you fancy a product, you can click on it for a detail page. Said detail page lists the various sizes in a dropdown, but they're not sorted correctly either, and changing sizes triggers a page reload, which leads to another problem:

if you navigate to more than a few pages within a 10 or so second window, the site accuses you of using browser automation. No captcha here, just a "click me for five seconds" button. However, it (usually) also triggers the check on every other tab you have open after its next nagivation.

That product page also randomly doesn't work. I haven't narrowed it down, but it will randomly decide to start failing, and won't stop failing for hours. It renders the page just fine, then immediately replaces it with a blank page. When it's failing, the only way to interact with the page is a perfectly-timed [esc], which can (and usually does) break all other page functionality, too. Absolutely great when you need to re-add everything from a stale copy of your signed-out cart living in another tab. More on that later. And don't forget to slow down to bypass the "browser automation" check, too!

Oh, and if you're using container tabs, make sure to open new tabs in the SAME container, as any request from the same IP without the login cookie will usually trigger that "browser automation" response, too.

The site also randomly signs you out, but allows you to continue amassing your cart. You'd think this is a good thing until you choose to sign in again... which empties your cart. It's like they don't want to make a sale at all.

The site also randomly forgets your name, replacing it with "null." My screen currently says "Hello, null". Hello, cruft!

It took me two days to order.
Mostly from lack of time, as i've been pulling 14 hour shifts lately trying to get everything done. but the sheer number of bugs certainly wasted most of what little time i had left. Now I definitely need a drink.

But maybe putting up with all of this is worthwhile because of their loyalty program? Apparently if you spend $500, you can take $5 off your next purchase! Yay! 1%! And your points expire! There are three levels; maybe it gets better. Level zero is for everyone; $0 requirement. There are also levels at $500 and $2500. That last one is seriously 5x more than the first paid level. and what does it earn you? A 'free' magazine subscription, 'free' classes (they're usually like $20-$50 iirc), and a 'free' grab bag (a $2.99 value!) twice per month. All for spending $2500. What a steal. It reminds me of Candy Crush's 3-star system where the first two stars are trivial, and the third is usually a difficult stretch goal. But here it's just thinly-veiled manipulation with no benefit.

I can tell they're employing some "smarketing" people with big ideas (read: stolen mistakes), but it's just such a fail.

The whole thing is a fail.

Auth Endpoint:

user name and password correct:
- response 200: with session key and profile info
user name and password incorrect:
- response 200: blank

smh

tl;dr:
The Debian 10 live disc and installer say: Heavens me, just look at the time! I’m late for my <segmentation fault

—————

tl:
The Debian 10 live cd and its new “calamares” installer are both complete crap. I’ve never had any issues with installing Debian prior to this, save with getting WiFi to work (as expected). But this version? Ugh. Here are the things I’ve run into:

Unknown root password; easy enough to get around as there is no user password; still annoying after the 10th time.

Also, the login screen doesn’t work off-disc because it won’t accept a blank password, so don’t idle or you’ll get locked out.

The lock screen is overzealous and hard-locks the computer after awhile; not even the magic kernel keys work!

The live disc doesn’t have many standard utilities, or a graphical partition editor. Thankfully I’m comfortable with fdisk.

The graphical installer (calamares) randomly segfaults, even from innocuous things like clicking [change partition] when you don’t have a partition selected. Derp.

It also randomly segfaults while writing partitions to disk — usually on the second partition.

It strangely seems less likely to segfault if the partitions are already there, even if it needs to “reformat” (recreate) them.

It also defaults to using MBR instead of GPT for the partition table, despite the tooltip telling you that MBR is deprecated and limited, and that GPT is recommended for new systems. You cannot change this without doing the partitions manually.

If you do the partitions manually and it can’t figure out where to install things, it just crashes. This is great because you can’t tell it where to install things, and specifying mount points like /boot, /, and /home don’t seem to be enough.

It also tries installing 32bit grub instead of 64bit, causing the grub installer to fail.

If you tell it to install grub on /boot, it complains when that partition isn’t encrypted — fair — but if you tell it to encrypt /boot like it wants you to, it then tries installing grub on the encrypted partition it just created, apparently without decrypting it, so that obviously fails — specific error: cannot read file system.

On the rare chance that everything else goes correctly, the install process can still segfault.

The log does include entries for errors, but doesn’t include an error message. Literally: “ERROR: Installation failed:” and the log ends. Helpful!

If the installer doesn’t segfault and the install process manages to complete, the resulting install might not even boot, even when installed without any drive encryption. Why? My guess is it never bothered to install Grub, or put it in the wrong place, or didn’t mark it as bootable, or who knows what.

Even when using the live disc that includes non-free firmware (including Ath9k) it still cannot detect my wlan card (that uses Ath9k).

I’ve attempted to install thirty plus times now, and only managed to get a working install once — where I neglected to include the Ath9k firmware.

I’m now trying the cli-only installer option instead of the live session; it seems to behave at least. I’m just terrified that the resulting install will be just as unstable as the live session.

All of this to copy the contents of my encrypted disks over so I can use them on a different system. =/

I haven’t decided which I’m going with next, but likely Arch, Void, or Gentoo. I’d go with Qubes if I had more time to experiment.

But in all seriousness, the Debian devs need some serious help. I would be embarrassed if I released this quality of hot garbage.

(This same system ran both Debian 8 and 9 flawlessly for years)

Earlier this year I had to deploy an "emergency" fix to production for (luckily) an internal facing, but customer impacting, web application.

It was only the login page they were changing. I backed up the original, copied the new file into place, and marked my task complete.

Then I went and read the details on the incident. Someone discovered that if you supply ANY valid username and leave the password blank, you're in! Put the wrong password and you're blocked, of course. But blank? You must be legit!

Curious, I looked at the timestamp on the original file I had backed up to see how long it had been like this.

4 years.

Before going home, decided to do an upgrade from ubuntu 16.04 to 18.04...

Leave it to do its charm.

*a morning later*
See laptop on off state, "hmm..."
Turning in on, *press power buton*
Booting... Purple-ish screen appear.. Nothing happened for 20 minutes.

"fck."

Hard reboot, going to grub menu,
1. Ubuntu*
2. Advance option

Choose ubuntu.
Booting...
"root mount not found, bla bla bla
Kernel panic..."

"fck."

15 chrome tabs later (on mobile),
Do something on shit...

Finally proceed to login screen.
Insert password, enter.

Loading... Blank... 3 seconds later, tadaaa.. Going back to login screen.
Do it trice, I'm stuck at login screen.

"fck."

20 chrome tabs later,

Finally got in. Have a "what's new" screen.

Ok, feels different... But its slow af. Hmm maybe reboot will do something.

Rebooting...

Login screen, insert password, enter..
3 seconds later..
Bam. Going back to login screen...

"fck."

Another chrome tabs later... Resolved the issue.

And finally I can take a breath, but still has a headache because of little thing likes:
1. Right click not working
2. Workspace not work as expected likes in 16.04
3. Screenshot behavior
4. No animation When moving a window to another workspace.

When almost anything is solved and I'm ready to do my works, I just realised something..

I just wasted 4 hours of my workday.

"fck."

TLDR; Default admin login on WEP encrypted WLAN router for getting free stuff at my hair stylist studio.

Free WLAN in my hair stylist studio: They had their WEP key laying around in the waiting area. Well, I am not very happy with WEP, thought that they never heard of security. Found the default GW address, typed it into my browser and pressed Enter, logged in with admin/1234 and voila, I was root on their ADSL router 😌 Even more annoyed now from such stupidity I decided to tell the manager. All I told him was: You use a default login on your router, you give the WiFi password for free, WEP is very very insecure and can be hacked in seconds, and do you know what criminals will do with your internet access? He really was shocked about that last question, blank horror, got very pale in just one sec. I felt a little bit sorry for my harsh statement, but I think he got the point 😉 Next problem was: he had no clue how to do a proper configuration (he even didn't knew the used ISP username or such things). Telled me that 'his brother' has installed it, and that he will call him as soon as possible. Told him about everything he should reconfigure now, and saw him writing down the stuff on a little post-it.

Well, he then asked me what he can pay me? Told him that I don't want anything, because I would be happy when he changes the security settings and that is pay enough. He still insisted for giving me something, so I agreed on one of a very good and expensive hairwax. Didn't used it once 😁

Some weeks later when I was coming back for another hair cut: Free WLAN, logged in with admin/1234, got access and repeated all I did the last time once more 😎

HOW CAN YOU NOT LEARN FROM FAILS??

It was the last year of high school.

We had to submit our final CS homework, so it gets reviewed by someone from the ministry of education and grade it. (think of it as GPA or whatever that is in your country).

Now being me, I really didn’t do much during the whole year, All I did was learning more about C#, more about SQL, and learn from the OGs like thenewboston, derek banas, and of course kudvenkat. (Plus more)

The homework was a C# webform website of whatever theme you like (mostly a web store) that uses MS Access as DB and a C# web service in SOAP. (Don’t ask.)

Part 1/2:

Months have passed, and only had 2 days left to deadline, with nothing on my hand but website sketches, sample projects for ideas, and table schematics.

I went ahead and started to work on it, for 48 hours STRAIGHT.

No breaks, barely ate, family visited and I barely noticed, I was just disconnected from reality.

48 hours passed and finished the project, I was quite satisfied with my it, I followed the right standards from encrypting passwords to verifying emails to implementing SQL queries without the risk of SQL injection, while everyone else followed foot as the teacher taught with plain text passwords and… do I need to continue? You know what I mean here.

Anyway, I went ahead and was like, Ok, lets do one last test run, And proceeded into deleting an Item from my webstore (it was something similar to shopify).

I refreshed. Nothing. Blank page. Just nothing. Nothing is working, at all.

Went ahead to debug almost everywhere, nothing, I’ve gone mad, like REALLY mad and almost lose it, then an hour later of failed debugging attempts I decided to rewrite the whole project from scratch from rebuilding the db, to rewriting the client/backend code and ui, and whatever works just go with it.

Then I noticed a loop block that was going infinite.

NEVER WAIT FOR A DATABASE TO HAVE MINIMUM NUMBER OF ROWS, ALWAYS ASSUME THAT IT HAS NO VALUES. (and if your CPU is 100%, its an infinite loop, a hard lesson learned)

The issue was that I requested 4 or more items from a table, and if it was less it would just loop.

So I went ahead, fixed that and went to sleep.

Part 2/2:

The day has come, the guy from the ministry came in and started reviewing each one of the students homeworks, and of course, some of the projects crashed last minute and straight up stopped working, it's like watching people burning alive.

My turn was up, he came and sat next to me and was like:

Him: Alright make me an account with an email of asd@123.com with a password 123456

Me: … that won't work, got a real email?

Him: What do you mean?

Me: I implemented an email verification system.

Him: … ok … just show me the website.

Me: Alright as you can see here first of all I used mailgun service on a .tk domain in order to send verification emails you know like every single website does, encrypted passwords etc… As you can see this website allows you to sign up as a customer or as a merc…

Him: Good job.

He stood up and moved on.

YOU MOTHERFUCKER.

I WENT THROUGH HELL IN THE PAST 48 HOURS.

AND YOU JUST SAT THERE FOR A MINUTE AND GAVE UP ON REVIEWING MY ENTIRE MASTERPIECE? GO SWIM IN A POOL FULL OF BURNING OIL YOU COUNTLESS PIECE OF SHIT

I got 100/100 in the end, and I kinda feel like shit for going thought all that trouble for just one minute of project review, but hey at least it helped me practice common standards.

When a banks mobile app, shows the exact number of characters required to login.
Not a blank space, or similar.
Even if the allowed password is within a range, it still shows the exact number of characters.

Correct me if i am wrong but this shouldn't be like this?

I can't sign in to my wifi router on my phone because of a stupid JS bug. When you tap on the password box it uses JS to check if the username field is blank. If it is, it auto focuses on that instead. The problem is that it doesn't it think the username field has any content even when it does. So I can't enter my password! I tried blocking JS, then it doesn't render anything. It has no accessibility at all. Thanks a lot TP-Link.

I hate hate hate Windows. I'm forced to use it and the amount of problems is too damn high. I was able to cope with the shit but now it must be the top of the mountain. When I boot that tiny piece of sh** I get to the page where *normally* the login is.. but I just don't get a Username + Password box . The page stays blank with the default wallpaper. Why is stuff like that even happening? Not a single *solution* I found on the internet worked. FML.. going to reset that thing now