Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API

From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "credit card"
-
- Hello! Gordon's pizza?
- No sir it's Google's pizza.
- So it's a wrong number?
- No sir, Google bought it.
- OK. Take my order please ..
- Well sir, you want the usual?
- The usual? You know me?
- According to our caller ID, in the last 12 times, you ordered pizza with cheeses, sausage, thick crust
- OK! This is it
- May I suggest to you this time ricotta, arugula with dry tomato?
- No, I hate vegetables
- But your cholesterol is not good
- How do you know?
- Through the subscribers guide. We have the result of your blood tests for the last 7 years
- Okay, but I do not want this pizza, I already take medicine
- You have not taken the medicine regularly, 4 months ago, you only purchased a box with 30 tablets at Drugsale Network
- I bought more from another drugstore
- It's not showing on your credit card
- I paid in cash
- But you did not withdraw that much cash according to your bank statement
- I have other source of cash
- This is not showing as per you last Tax form unless you got it from undeclared income source
-WHAT THE HELL? Enough! I'm sick of Google, Facebook, twitter, WhatsApp. I'm going to an Island without internet,where there is no cell phone line and no one to spy on me
- I understand sir, but you need to renew your passport as it has expired 5 weeks ago..41 -
*i am a teenager*
*i don't have credit card*
*can't buy anything*
*sees unixstickers is $1*
*pulls out a dollar from physical wallet*
*throws in the air*
*cries*55 -
Boss: I need to demo our product but it looks smaller on my laptop.
Me: That is because you have a 1920x1080 monitor and your laptop is 1280x800
Boss: Is that something you can fix?
Me: No you will need a new laptop, but the company has a sales laptop with that resolution.
Boss: No just get the company credit card and buy me one today!
*Bosses son hears*
Bosses Son: Here take the sales laptop
Boss: Will that be quick enough
Bosses Son: It has a 8 core i7 Processor, 16GB ram and a dedicated GPU
Boss: *looks at me confused*
Me: Your demoing a web browser, that will be more then ok. But were using chrome so 16GB of ram will be pushing it.
*me and bosses son laughs*
Boss: Can we upgrade it?17 -
This happened few hours ago.
Client: I received an email which says that I won 1 million dollars. They gave me a link in the email, when I entered my credit card details nothing happened.
Me: Wait what? You entered your credit card details.
Client: Yes
Me: That was a scam, you didn’t win anything. They stole your credit details. Contact your bank ASAP and let them know about this.
Client: You guys are handling our email servers, why can’t you guys keep it safe. What type of security do you guys provide.
Me: Wait what? We host your website application not email.
Client: Damn it. My son said the same thing, but I didn’t listen to him. Anyways Cheers.11 -
The worst career choice I ever made was walking away from a six figure salary software development job with benefits to focus on the small startup I co-founded just a few years earlier. My wife and I had two small children at the time and my wife was also nearly 8 months pregnant with our third. It resulted in an approximate 70% reduction in income, prematurely cashed out 401k and loss of existing health insurance.
To be fair, it was also simultaneously the best career choice I ever made. Three years later I make more now than I originally walked away from. The raw roads of stress, anger, fear and complete uncertainty have aged both me and my wife at an accelerated rate but we have grown closer to each other than we would otherwise be. We have relied on each other, and she has been unbelievably supportive with all the late nights and required traveling. We discovered what we are capable of. In one day it will be October. In one day it will be the month that we finally pay off our last batch of credit card debt that resulted from that career choice.
I cannot recommend following in our footsteps as from where I’m sitting there are much better, more calculated ways of going about it. Logically, what we did was beyond stupid. Luckily for us, we were still young enough to not grasp the full magnitude of stupidity and we also refused to fail. It’s also crucial to have stellar business partners who are just as crazy and just as determined. We have all labored tremendously and we have each played critical roles in our success. The hard times of fear and uncertainty aren’t over. I don’t think they will ever be, to be honest. But, it sure has been one hell of a ride. I wouldn’t change a thing.17 -
A HUGE FUCK YOU TO EVERY GODDAMN ONLINE STORE WHO NEEDS A CREDIT CARD NUMBER TO OBTAIN SOMETHING FREE.
(the following is a big fuck you)
______
| ___|
| |_
| _|
| |
\_|
_ _
| | | |
| | | |
| | | |
| |_| |
\___/
_____
/ __ \
| / \/
| |
| \__/\
\____/
_ __
| | / /
| |/ /
| \
| |\ \
\_| \_/
__ __
\ \ / /
\ V /
\ /
| |
\_/
_____
| _ |
| | | |
| | | |
\ \_/ /
\___/
_ _
| | | |
| | | |
| | | |
| |_| |
\___/10 -
Hello! Is this Gordon’s Pizza?
No sir, it’s Google’s Pizza.
Did I dial the wrong number?
No sir, Google bought the pizza store.
Oh, alright - then I’d like to place an order please.
Okay sir, do you want the usual?
The usual? You know what my usual is?
According to the caller ID, the last 15 times you’ve ordered a 12-slice with double-cheese, sausage, and thick crust.
Okay - that’s what I want this time too.
May I suggest that this time you order an 8-slice with ricotta, arugula, and tomato instead?
No, I hate vegetables.
But your cholesterol is not good.
How do you know?
Through the subscribers guide. We have the results of your blood tests for the last 7 years.
Maybe so, but I don’t want the pizza you suggest – I already take medicine for high cholesterol.
But you haven’t taken the medicine regularly. 4 months ago you purchased from Drugsale Network a box of only 30 tablets.
I bought more from another drugstore.
It’s not showing on your credit card sir.
I paid in cash.
But according to your bank statement you did not withdraw that much cash.
I have another source of cash.
This is not showing on your last tax form, unless you got it from an undeclared income source.
WHAT THE HELL? ENOUGH! I’m sick of Google, Facebook, Twitter, and WhatsApp. I’m going to an island without internet, where there’s no cellphone line, and no one to spy on me …
I understand sir, but you’ll need to renew your passport … it expired 5 weeks ago.16 -
Web developers - if you can write code to tell me that my phone number or credit card number shouldn't have spaces in it, just remove the #$!@$!* spaces for me FFS! You know very well people are going to put the spaces in there...15
-
My sister lending me her credit card to buy something online.
S: "But don't store the number!"
me: "I would never."
S: "I know you can hack it, please don't!!"
me: "Haha okay.."
*cries inside... just because I make websites and 3D design*
me: "Thanks a lot, sis <3"12 -
"You are unable to download FREE apps on the app store because you have insufficient funds in your credit card."
- Apple1 -
That moment when your too busy and concentrated programming and your wife asks you for the credit card and you give it to her .... to later realize she never cam back with that glass of juice and you remember today is black Friday..... ohh shit!! 😲1
-
The craziest shit in my life just happened.
I left my laptop(basically my whole life) and my handbag at my dinner table and went to the the toilet for 4 minutes. I live in a ground-house in a rural area, and the front door wasn't locked.
After I exited the bathroom I noticed eevrything was gone. My laptop, my bags, my wallet. Everything. I panicked.
I quickly informed the local security authority while canceling my credit card and resetting all of my credentials, they with the help of the police they tracked the theives in 10 minutes in a neighboring town, with what it seems all of my stuff intact, which I am supposed to get tommorow.
This is both insane and a miracle. I am speechless and thankful to G-d. This is divine providence. I can't explain it in any other explanation
Watch over your stuff like your life depends on them. Don't ever leave your laptop even for a few minutes.8 -
*signs up for Skillshare*
> Sorry, your password is longer than our database's glory hole can handle.
> Please shorten your password cumload to only 64 characters at most, otherwise our database will be unhappy.
Motherf-...
Well, I've got a separate email address from my domain and a unique password for them. So shortening it and risking getting that account stolen by plaintext shit won't really matter, especially since I'm not adding payment details or anything.
*continues through the sign-up process for premium courses, with "no attachments, cancel anytime"*
> You need to provide a credit card to continue with our "free" premium trial.
Yeah fuck you too. I don't even have a credit card. It's quite uncommon in Europe, you know? We don't have magstripe shit that can go below 0 on ya.. well the former we still do but only for compatibility reasons. We mainly use chip technology (which leverages asymmetric cryptography, awesome!) that usually can't go much below 0 here nowadays. Debit cards, not credit cards.
Well, guess it's time to delete that account as well. So much for acquiring fucking knowledge from "experts". Guess I'll have to stick to reading wikis and doing my ducking-fu to select reliable sources, test them and acquire skills of my own. That's how I've done it for years, and that's how it's been working pretty fucking well for me. Unlike this deceptive security clusterfuck!14 -
Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”
Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”8 -
I wonder why banks are always so terribly insecure, given how much money there's for grabs in there for hackers.
Just a while ago I got a new prepaid credit card from bpost, our local postal service that for some reason also does banking. The reason for that being that - thank you 'Murica! - a lot of websites out there don't accept anything but credit cards and PayPal. Because who in their right mind wouldn't use credit cards, right?! As it turns out, it's pretty much every European I've spoken to so far.
That aside, I got that card, all fine and dandy, it's part of the Mastercard network so at least I can get my purchases from those shitty American sites that don't accept anything else now. Looked into the manual of it because bpost's FAQ isn't very clear about what my login data for their online customer area now actually is. Not that their instruction manual was either.
I noticed in that manual that apparently the PIN code can't be changed (for "security reasons", totally not the alternative that probably they didn't want to implement it), and that requesting a forgotten PIN code can be done with as little as calling them up, and they'll then send the password - not a reset form, the password itself! IN THE FUCKING MAIL.
Because that's apparently how financial institutions manage their passwords. The fact that they know your password means that they're storing it in plain text, probably in a database with all the card numbers and CVC's next to it. Wouldn't that be a treasure trove for cybercriminals, I wonder? But YOU the customer can't change your password, because obviously YOU wouldn't be able to maintain a secure password, yet THEY are obviously the ones with all the security and should be the ones to take out of YOUR hands the responsibility to maintain YOUR OWN password.
Banking logic. I fucking love it.
As for their database.. I reckon that that's probably written in COBOL too. Because why wouldn't you.23 -
Free trials where you have to provide your credit card details beforehand are not really free trials.5
-
Manager: Alright, we've decided we're gonna just going to accept PayPal and also credit card checkout through PayPal in the next two days!
Dev: ...
Manager: We can achieve this timeline, right?
Dev: ...
Manager: Alright, awesome to see your motivation! Let's do it!
Dev: YOU ANSWER PHONE CALLS, TALK TO PEOPLE AND 'STRATEGIZE' ALL DAY. YOU DON'T HAVE TO RELY ON THOUSANDS OF PEOPLE USING THE APP WITHOUT ERROR. THAT'S ON ME, NOT YOU, SO JUST SHUT THE FUCK UP!!!
Manager: ...
Dev: ...rant i love it everyone loves it great startup we are awesome we love it features without error clueless8 -
Do you want this 14 day ABSOLUTELY COMPLETELY **FREE** TRIAL course?? just enter your credit card information below!12
-
Straight from a marketing analyst (we didn't have a PM) I once had the displeasure of working with:
"Can you write a JavaScript that will scan a user's hard drive for credit card numbers and autofill the checkout form on our client's web site? I think it will increase their conversion rate."
The guy didn't believe me when I told him it was impossible (barring exploits that would break the browser's sandbox), unethical, and probably illegal. I had to escalate all the way to the CEO to get him to drop it.6 -
Dude
The client has a giant database with all credit and debit cards
ALL INFOS IN FUCKING PLAINTEXT
THE CARD NUMBER
THE CVV
THE EXPIRY DATE
I'M SHAKING AF38 -
Less rant, more story.
Tl;Dr: Disney uses "Magic Bands" to track every action of every person within their parks.
So I took my family to Disney World this past summer and we got these "nifty" little things called Magic Bands. These things are little wrist devices that basically handle everything for you in the parks. It unlocks your resort room, it gets you into the parks, you pay for meals and souvenirs with it by connecting a credit card and/or your meal plan. It makes things real simple as it's like putting on your watch each day.
At first I kinda enjoyed how easy it made everything on the trip, but then as we were exiting a ride the couple in front of us noticed the digital signs had their names on them, I looked around and noticed mine too, a sign that said "have a good day $myName." It suddenly clicked. These "Magic Bands" are people trackers. Suddenly everything about the park that I had been enjoying, was part of the system they had in place using these bands as human cattle tags. The ride wait time estimations were perfect, not because of a good algorithm and estimations, but because they had actual real data telling them when a person entered the line and got off the ride.
Using a BLE scanner app I was able to see that they have hundreds of APs throughout the parks tracking every single band on every single person withing their compound. I started to think about all of the data they're collecting and the thought of it was overwhelming. The amount of assumptions they can make about people based on their actions within their parks and what that data would be worth to additional advertisers. By the end of the trip I was cynically pointing out everything to my family about the cattle tags and how much I hated wearing it and yet it was required in order to do anything.22 -
so i guess ill use my code.org teacher for this:
"credit card information is encrypted with the public keys"
"lists and arrays are the same thing"
"javascript is a powerful, fast, programming language" (bhahahaha)
"javascript is [only] used in web browsers"
"java and javascript are *extremely similar* but not the same"12 -
So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)
Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.
Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.
Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.
It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.
I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.
So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.
I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.
Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.
An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:
"please reenter card number to validate."
Bupkiss. Dead end.
OR SO YOU WOULD THINK.
One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:
"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"
One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:
With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.
So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.13 -
Gets an email from office facilities.
Email - A package has been received under your name, please collect it at the mail room in the 5th floor.
Me (excited as hell) - Yay! My devRant stickers are finally here!!!!
Gets to the mail room as fast as she could only to find that the stupid package was a stupid promotional offer from a stupid bank sending me a stupid credit card that I never even asked for. That entire day was a disappointment :-(
When am I getting my stickers! It's been ages!8 -
Pure evil and geniusness, this is a must read for JavaScript developers and security enthusiasts !
https://hackernoon.com/im-harvestin...9 -
I fucking hate subscription services that start with a free month but still require you to input your credit card information.
"It's just so we can bill you for the following month! You can still cancel the subscription before the following date to not be billed anything."
No, there's no reason why you can't offer a free month WITHOUT having my credit card information. The REAL reason is because you're hoping I'll forget to cancel. Fucking predatory bullshit.12 -
The time when I've felt like a badass, was when I was bored at a Birthday party at restaurant.
I didn't want to use my mobile data, so I tried to use the wifi of the restaurant. I didn't want to ask the password of the wifi, so I tried to get access by guessing. At first try I got it by entering "nameOfRestaurantCurrentYear".
Then I was browsing Play Store and there was a recommendation of an app (forgot the name) that analyses which the device is connected to wifi. So that got me interested that I installed on my phone.
So I played a little with and discover several Samsungs and iPhones connected to it (Some of the them had their real name next to the brand. It would be funny to yell their name out loud and they would be looking around.)
But there was one device that I didn't recognized. I searched on the web but found nothing. So later as I go to pay my part, I noticed that the credit card device had a wifi icon on it. So I looked over to the cash register and saw the name of the brand. It was the brand I didn't know of.
So basically they were using transfer payments over a public wifi.11 -
Among my fellow developers at work, there is one guy who stands out because he actually strives to write modular, reusable and readable code. He literally saved me weeks of development by making his code modular enough that I can simply use it almost like a mixin where I only need to provide an alternative template. Note that the feature I'm talking about is for a pretty much sophisticated business process related to handling credit card data. Others in my workplace would just couple their logic tightly with their feature/scope's views.
I really wanna hug him and be his BFF now. #nohomo tho.9 -
**Web Host Rant**
I can't believe how saturated the market is. I also can't believe how many Web hosts do not know a thing about development. You would think you'd want to read up on development practices before going into the business since developers are your customers.
Not to mention that a lot of hosting services are resellers of resellers of resellers. It's to the point where a 15 year old with their mom's credit card can start doing Web hosting. The problem is... they don't know how to answer actually development questions... they won't be in a conference call with you while you do deployments.
It infuriated me to the point where I've started my own hosting company. Completely managed and using the most advanced technologies aimed towards developers. Not only that but an advanced managment package that will teach proper deployment procedures and be there to hold your hand when you do deploy.
Oh and did I mention git will be available to even shared hosting? Oh and did I also mention that we are currently setting up put own git server?37 -
- Hello! Gordon's pizza?
- No sir it's Google's pizza.
- So it's a wrong number?
- No sir, Google bought it.
- OK. Take my order please ..
- Well sir, you want the usual?
- The usual? You know me?
- According to our caller ID, in the last 12 times, you ordered pizza with cheeses, sausage, thick crust
- OK! This is it
- May I suggest to you this time ricotta, arugula with dry tomato?
- No, I hate vegetables
- But your cholesterol is not good
- How do you know?
- Through the subscribers guide. We have the result of your blood tests for the last 7 years
- Okay, but I do not want this pizza, I already take medicine
- You have not taken the medicine regularly, 4 months ago, you only purchased a box with 30 tablets at Drugsale Network
- I bought more from another drugstore
- It's not showing on your credit card
- I paid in cash
- But you did not withdraw that much cash according to your bank statement
- I have other source of cash
- This is not showing as per you last Tax form unless you got it from undeclared income source
-WHAT THE HELL? Enough! I'm sick of Google, Facebook, twitter, WhatsApp. I'm going to an Island without internet,where there is no cell phone line and no one to spy on me
- I understand sir, but you need to renew your passport as it has expired 5 weeks ago..11 -
I programmed a random credit card generator at school and saved it to my :F drive which is the private drive for students to save stuff to. That night I tried accessing my account and it had notified me that it had been locked. I went into school the next day and was called into the office, the principal and Tech Administrator were there waiting for me and asked what the file was. The Tech Administrator tried to describe to me what he found
"This gen.html file seems to be malicious and puts our school at risk. It seems to be some sort of malware and stuff like that is prohibited at school."
Now me sitting in the chair listening to this, laughing in my head just said "okay" and nodded my head because he is the type of person to argue forever. They came to the conclusion to unlock my account by the end of the semester.
Just goes to show that it doesn't take much to get a Tech Admin position at a school.15 -
Hello again, everyone. I've been busy with all the paperwork at my ship (will make a post about it later) but for now, I'll bore you with another story (not navy one, fortunately) to justify my slacking off.
And this story... is the story on how I got into ITSec. And it is pretty damn embarrassing. It all began when I was 16. I was hooked on battleknight.gameforge.com, a browser game. My father had just had ADSL installed at our home, and the new opportunities before me were endless. Well...
After I've had my fill with the porn torrents and them opportunities dwindled to just a few dozens, I began searching for free games, and I stumbled on that game. I played a lot, but as a free-to-play game, it was also pay-to-win. I didn't have a credit card, so I paid for a few gems with SMS messages. Fast forward a couple of years, I got into the Naval Academy. A guy came in to advertise something (I think it was an encyclopaedia or something - yes, wikipedia wasn't a thing back then) and to pay for it, we could apply for a credit card. So I applied. And I resisted the temptation for a year.
Note: prepaid wasn't that known where I live, so using credit cards was the only way for online transactions.
So I made 1 transaction. Just one. After a couple of months my monthly report from the bank came, showing a 2.5$ (I think) transaction on Paypal. I paid no mind, thinking that it was some hidden fee. Oh boy, I shit you not, I was THAT much of an idiot. Six months later, BOOM!
600$ transaction to ebay via paypal. You can imagine all those nice things that came to my mind. In any case, the bank accepted my protest that I filed at their central offices and cancelled the transaction. I promptly cancelled my card, destroyed it right there for good measure, and got to thinking... what the fuck just happened?
As many people here, I am afflicted with a deadly virus, called curiosity. I started researching the matter, trying to figure out how. And, because I didn't like black boxes and "it is just like it is" explanations, I tumbled down the rabbit hole of ITSec. I soon found out that, not only it was possible, but also it was sometimes EXTREMELY easy to steal credit card info. There are sites, to this very day, that store user info (along with credit cards info) IN FUCKING CLEARTEXT. Sometimes your personal, financial and even medical info are just an SQLi away.
So, I got very disillusioned on many things. But I never regretted it. It may cause me to age prematurely and will kill me of stroke or heart attack one day, but as I still tumble down the ITSec rabbit hole, I can say with confidence that
I REGRET NOTHING
Plus, my 600$ were returned, so look on the bright side :)1 -
I was developing a project that also featured automatic payment to specific sites. I asked for a dummy credit card and he insisted I use the company's credit card. Who would ever want to give a developer actual credit card credentials for development!? I was a junior dev back then. Of course, I failed once. I got told off because I wasted money. My team leader defended me and said this is the risk of having projects with payments. I got proof I asked for a possible sandbox for payment or whatever that will work for development. Almost got fired. Because of that incident, I'm not comfortable working with projects dealing with payment that doesn't have sandboxes.
-
...ANnnnd that kids, is how I made a federal watch list, researching how to use credit card swiping systems and making thermite.3
-
Damn, credit cards are so fucking secure these days that you hardly can BUY shit with them!
I need some special electronics that I only can get from a vendor in the US, which is overseas. Click click, buy, done. Well no, credit card refused. WTF? Click retry link. No, still refused. FUCK.
Called up the 24/7 hotline of my CC company. Oh yeah, that got blocked by the security system, somehow. We disable that for 20 minutes, just retry. Clicked retry link at the vendor. No failure mail. Hmmm, too good to be true?! Called up the electronics vendor. Yeah should work, stuff is in the warehouse stage. 40 minutes later: credit card declined. FUCK.
Called up the CC company again. Ok, disable blocker for one hour. Nice advice from them, tell the vendor it's only 45 minutes so that there's some buffer. Clicked retry link at the vendor and called them up to make sure that they retry before the time runs out.
LO AND BEHOLD, I could finally pay the shit!!8 -
I finished two projects. Both of them need to connect to each other. However, the tool to do that is not currently licensed to achieve my desired outcome. I email my boss to check the status of the license key I need, that they promised, and the only thing I get back is "Correct." Seriously? 😠 The person who has the company credit card and authority to buy, also the same one that gives me a deadline to turn this shit in, can't give me the time of day to respond to an email? Their response wasn't even relevant. I've been trying to move beyond this roadblock for a week now! I'm a pretty independent guy, but I'm not going to buy the license myself for a tool that I didn't even want to use. So when someone comes to my cube and I'm raging on Steam, ✋ I don't want to hear anything about company time, because mine isn't being respected either. 👊👊
-
I hate GoDaddy, we all hate GoDaddy. We know this. I had VPS running a single site that was there for 8 years and only hanging on there for a few business reasons. It was to move this past May to another server, then June, then July ... continually waiting for the final phase to pass so I can move it. Backups running nightly to a separate GoDaddy FTP server ... for 8 years. All good for 8 years. Our company gets a new credit card ... I'm away and forget to update it with GoDaddy ... billing fails 3 times and they delete EVERTHING. No care about being a good customer for 8 years (14 total with other servers), no phone call, no nothing. Poof, gone. Now, I know I should have transferred backups locally or, at the very least, somewhere else. I just never expected this type of treatment. FUCK GODADDY!12
-
The gym I go to has an app for user's to scan a QR code when they arrive and it has multiple HUGE issues.
This app shows the credit card info used for the direct debit without anything being redacted.
When the gym is signing up someone they give them a password so they can login, not too bad except the password is always the person's first name with the first letter capitalised.
This gets worse when you figure out that their is no way to change the password given to you AT ALL.
And just to top it all off, when you click the "Forgot Password" link on the login screen, the app just sends you an email with your password (your first name) in plain text.
The app also doesn't log you out or notify you if your login is used on a different device.
So I have tested this with 2 of my friends that go to the same gym and, with only knowing their email and first name (which I could have gotten from their email if I didn't know them), I can get into their app and see their credit card info without them being any the wiser.9 -
Was looking for virtual credit card for testing out AWS. Came across this wallet and while signup...5
-
Does anyone know a free hosting that support .net core web api without credit card? It’s just for a school project. IBM Bluemix only supports normal web app and azure needs credit card4
-
Raise your hand up! *clapping intensifies*
Thanks @C0D4
Continued from the famous " i am a teen, no credit card " rant : https://devrant.com/rants/1592122/...6 -
A fitness guy was walking and dropped his credit card.
I grabbed it and ran up to him to give it back.
He jumped like a scared rabbit and said rudely, "you scared the shit out of me", took the card back and walked off without even a thank you.
So much for Canadian politeness.5 -
How do you become broken in less than a month?
Signup for free trial from Amazon AWS using your credit card!!!4 -
Someone I work with transfered 7 credit card numbers including cvv and month/year using..... pastebin.
He was not signed in.3 -
Website: do you want to buy our premium features or try it out for free?
Me: free
Website: Ok here u go for free
Me: *clicks download for free*
Website: aight so heres a page to enter your credit card info we're only gunna bill u monthly or every 2 days if thats fine wichu3 -
I have one! Once upon a time (about a year ago) my mom went online shopping on her own. Her husband was out of town and so she had no assistance. At about 10.30 pm she called me, freaking the fuck out that she entered her credit card details on a sketchy site and they charged her for more than she ordered. She was in hysterics, didn't know what to do. Superwoman to the rescue, I tell her to go and deactivate her card and jump on a train back home (she was crying on the phone she was so scared, couldn't just leave it until morning) fast forward an hour, I'm in my hometown, she picks me up and we head home to check out the situation, and... She had just received the email invoice twice. They hadn't charged her twice, just some email mishap made the email appear twice and she never thought to check her bank account before summoning me home 🙄😂 we laughed for a while and I got a home cooked meal so it's all good but Jesus christ mom. What would you honestly do without dad?1
-
The company I work for is requiring customers to submit credit card info in an online form which then gets stored into our "secure database". Which employees then pull and charge the card later on. They're also telling customers that the form is "encrypted". This is all because they're too fucking lazy and not patient enough to wait for someone to integrate a payment gateway. This is a lawsuit waiting to happen.5
-
Security rant ahead, you have been warned!
As part of a scholarship application, our government requires a scan/copy of the applicant's credit card. Since the IBAN is now on the back, you have to send both sides.
The back is also where the CVC (security code) is. Any bank will strictly tell you NOT TO EVER SHARE IT - not even with them!
To make things even more fun, you now have the option to send this over email which is, of course, NOT ENCRYPTED!!!!!
I'm basically sending all the info needed to steal all my money over an unencrypted connection to an underpaid secretary, who will print it out and leave it on their desk for anyone with decent binoculars to see.
These people are fucking insane!!!!9 -
after an all nighter, I walked in at about 10:30am and unloaded a small bag of groceries on my desk I got to restock the community fridge. Boss walks up, "WTF?!? NO BEER?!?" Slams his credit card on my desk and walks away...1
-
Found an article on medium, which does make one think about the security of fetching things from npm and somebody "checking" the source on github.
“I’m harvesting credit card numbers and passwords from your site. Here’s how.” @D__Gilbertson https://hackernoon.com/im-harvestin...3 -
I swear, if I ever were to develop a support ticket system, I'd require credit card credentials for P1 tickets - "for covering potential costs to get the developer to the computer at this point in time". Let's see how many of your fucking tickets are Business critical after all!6
-
I researched a bunch of really beefy computer parts yesterday and the total for the PC came out to be just $2,500 INCLUDING $500 in monitors (HD 144HZ 27')
I genuinely thought this build would be upwards of $4,000
Time to max out the old credit card11 -
After working for this company for only a couple years, I was tasked with designing and implementing the entire system for credit card encryption and storage and token management. I got it done, got it working, spent all day Sunday updating our system and updating the encryption on our existing data, then released it.
It wasn't long into Monday before we started getting calls from our clients not being able to void or credit payments once they had processed. Looking through the logs, I found the problem was tokens were getting crossed between companies, resulting in the wrong companies getting the wrong tokens. I was terrified. Fortunately I had including safe guards tying each token to a specific company, so they were not able to process the wrong cards. We fixed it that night.1 -
TLDR: crappy api + idiot ex client combo rant // devam si duška
I saw a lot of people bitching about APIs that don't return proper response codes and other stuff..
Well let me tell you a story. I used to work on a project where we had to do something like booking, but better..crossbreed with the Off&Away bidding site (which btw we had to rip off the .js stuff and reverse engineer the whole timer thingy), using free versions of everything..even though money wasn't an issue (what our client said). Same client decided to go with transhotel because it was sooooo gooood... OK? Why did noone heard of them then?
Anyhow, the api was xml based.. we had to send some xml that was validated against a schema, we received another that was supposed to be validated againts another schema.. and so on and so on..
...
...
supposed..
The API docs were nonexistent.. What was there, was broken English or Spanish.. Even had some comments like Add This & that to chapter xy.. Of course that chapter didn't even exist yet. :( And the last documentation they had, was really really old..more than a year, with visible gaps, we got the validation schemas not even listed in the docs, let alone described properly.
Yaaay! And that was not everything.. besides wrong and missing data, the API itself caused the 500 server error whenever you were no longer authenticated.
Of course it didn't tell you that your session was dead.. Just pooof! Unhandled crap everywhere!
And the best part?! We handled that login after inspecting what the hell happened, but sent the notification to the company anyways.. We had a conf call, and sent numerous emails explaining to them what a 'try catch' is and how they should handle the not authenticated error <= BTW they should have had a handled xml response for that, we got the schema for it! But they didn't. Anyhow, after two agonizing days talking back and forth they at least set up the server to be available again after the horrified 500 error. Before, it even stopped responding until reset (don't ask me how they managed to do that).
Oh yeah, did I mention this was a worldwide renown company?! Where everybody spoke/wrote English?! Yup, they have more than 700 people there, of course they speak English! <= another one of my ex clients fabulous statements... making me wanna strangle him with his tie.. I told him I am not talking to them because no-one there understood/spoke English and it would be a waste of my time.. Guess who spent almost 3 hours to talk to someone who sounded like a stereotypical Indian support tech guy with a flue speaking Italian?! // no offence please for the referenced parties!!
So yeah, sadly I don't have SS of the fucked up documentation..and I cannot post more details (not sure if the NDA still holds even though they canceled the project).. Not that I care really.. not after I saw how the client would treat his customers..
Anywayz I found on the interwebz some proof that this shitty api existed..
picture + link: https://programmableweb.com/api/...
SubRant: the client was an idiot! Probably still is, but no longer my client..
Wanted to store the credit card info + cvc and owner info etc.. in our database.. for easier second payment, like on paypal (which he wanted me to totally customize the payment page of paypal, and if that wasn't possible to collect user data on our personalized payment page and then just send it over to paypal api, if possible in plaintext, he just didn't care as long as he got his personalized payment page) or sth.... I told the company owner that they are fucking retards if they think they can pull this off & that they will lose all their (potential) clients if they figure that out.. or god forbid someone hacked us and stole the data.. I think this shit is also against the law..
I think it goes without saying what happened next.. called him ignorant stupid fucktard to his face and told him I ain't doing that since our company didn't even had a certificate to store the last 4 numbers.. They heard my voice over the whole firm.. we had fish-tank like offices, so they could all see me yelling at the director..
Guess who got laid off due to not being needed anymore the next day?! It was the best day of my life..so far!! Never have I been happier to lose my job!!
P.S. all that crap + test + the whole backand for analysis, the whole crm + campaign emails etc.. the client wanted done in 6 months.. O.o
P.P.S. almost shat my pants when devRant notified my I cannot post and wanted to copy the message and then everything disappeard.. thank god I have written this in the n++ xDundefined venting big time issues no documentation idiot xml security api privacy ashole crappy client rant11 -
fuck code.org.
here are a few things that my teacher said last class.
"public keys are used because they are computationally hard to crack"
"when you connect to a website, your credit card number is encrypted with the public key"
"digital certificates contain all the keys"
"imagine you have a clock with x numbers on it. now, wrap a rope with the length of y around the clock until you run out of rope. where the rope runs out is x mod y"
bonus:
"crack the code" is a legitimate vocabulary words
we had to learn modulus in an extremely weird way before she told the class that is was just the remainder, but more importantly, we werent even told why we were learning mod. the only explanation is that "its used in cryptography"
i honestly doubt she knows what aes is.
to sum it up:
she thinks everything we send to a server is encrypted via the public key.
she thinks *every* public key is inherently hard to crack.
she doesnt know https uses symmetric encryption.
i think that she doesnt know that the authenticity of certificates must be checked.7 -
The CEO of my last workplace asked an employee for his credit card; withdraw significant amount of money as a debt and never paid back. He already owes 2+ months of salary to that employee.
(He owed me money too but I never gave my Macbook back. 🖕)16 -
TLDR; Go to bottom of post.
Around this time two years ago was the start of my group project in University. The project was to write an app in android and have a web side to it too. The group was to be overseen by a member of staff. The first meeting was introductions and to look at the spec, during the second we were to decide a group leader (PM) and other positions.
A person I shall call BD and I volunteered for PM. I didn't have experience with leadership but wanted some, and was the only one with confidence in android, the biggest part of the system. I got four of the votes.
BD, with his scouts experience, not being afraid to breathe down people's necks and bash some heads together, and having been PM last year, with his group receiving 69% (he failed the year and was resitting), earned 5. One guy was missing.
When it came to sorting out roles and responsibilities, BD confessed to not being a strong coder but that he'd help here and there. His role was planning our deadlines, doing our Gantt chart for deliverables, and was supposed to write a really detailed spec. He didn't have it at the meeting of the next week, as it was still in the works, and never messaged anyone. Next week he turned up with a Gantt chart of 1A4 page that only included the deadlines and deliverables in the spec, with three colours. One for android team, one for DB guy, and one for web team.
The guy who didn't turn up for voting got a girlfriend, a job at mcdonalds and did barely a thing. One guy in the web team did everything, carrying his friend who wouldn't do work (and also got swept out to see in a rubber boat with one of his bros lol (he was rescued)), and even though I'd done android dev I wasn't as quick a learner as two others in the team. Out of 10 people, 6 did real work.
The web guys stopped coming to meetings as they were taken over by android talk, and as we were quite behind, BG tried yellow carding them. They turned around with the website pretty much done, this one guy doing more than the 4 of us on android had. Yellow card lifted. We'd already complained about BD and his lack of everything (except screen brightness as he sat at the front of the lecture theatres with his wide brimmed hat looking at 9gag and videos (remembering he said he was resitting that year)) but grew a stronger dislike. Found out that he spent most of his time with his gf at our secretary/fellow android dev's house. Come coding week, he disappears entirely, only to attend meetings. He gave us a shell of the android code used for his previous year's project (along with documentation, complete with names and dates of updates, most of them (including the planning ones BD was supposed to do) bearing either one of two names. It was behind where we were at the time and had a lot of differences to our spec, and if we had used it BD may have used that to pull us down with him if things went wrong. He resurfaced at the end with the final documentation of how we'd all done, including reports on how each member had performed, which we were supposed to have reviewed. Our main, most proficient dev he accused of being irritable and brash, and a bad communicator. He was Norwegian, his voice was just a bit gruff, and he was driven and didn't waste time. He bashed the web team for not turning up, and had already been rude and unhelpful to everyone who voted for him in the first place.
In our own reports we all devoted paragraphs to delicately describing his contributions, excluding his suggestion that we use the code he gave us. Before we had our results and our work was completed, he individually kicked us from our group's facebook group and unfriended us.
Our 43% mark at the end, coupled with his -40% penalty from the red card we had him on, felt good, but not as good as a better result would have, especially as the fool that was BD would be inflicted on a group a third time. He changed to some other course after that year finished, so he must have failed his resit of second year.
During third year, a friend of mine who was PM for a group that passed well passed other things with too slim a margin to be happy, so chose to resit the year. He didn't have to do the group project again, and had that time free. But BD had to resit. His group had 69%. A yellow card with a 20% deduction wouldn't do it, so he MUST have had a red card as PM his previous year. Well that didn't come up when he claimed credit for his team's 69% during elections... My housemate's compsci boyfriend 2 years up overheard me talking about him, he was in 1st year with BD. BD failed and resat 1st year too. 4 years and he couldn't make anything stick. I feel bad for him through understanding the pains lack of work and internet distraction bring, and unfortunately I can't wish bad things on him because he brings them on himself. I wish I never see his face again though.
TLDR; Guy in group project lies and is dishonest from start to finish, getting PM pos by 1 vote. Gets what he earns.2 -
so today at supermarket I was asked if my credit card has wifi ... apparently she meant if it's contactless8
-
Ordering a Pizza in 2022.
CALLER: Is this PizzaHut?
GOOGLE:No sir, it's Google Pizza
CALLER: Sorry, I have dialled wrong number.
GOOGLE: No sir, Google bought Pizza Hut last month.
CALLER:Ok, I would like to order a pizza.
Google:Do you want your usual, sir?
CALLER: My usual? You know me?
GOOGLE: your last 12 orders shows, extra-large pizza with cheeses, sausage on a thick crust
CALLER: Awesome! That's what I'll have.
GOOGLE: sir, we suggest you try our Gluten free veg pizza?
CALLER: What? I don't want a veg pizza.
GOOGLE: Your cholesterol is not good, sir
CALLER: How the hell do you know that?
GOOGLE: Well, we cross-referenced your home phone no. with your medical records
CALLER: Ok, but I don't want your rotten veg pizza! I have taken medication for my cholesterol.
GOOGLE: But your medication wasn't regular. you just bought 30 cholesterol tablets once,4 months ago from Loyd pharmacy.
CALLER: I bought more from another pharmacy.
GOOGLE: That doesn't show on your credit card statement.
CALLER: I paid in cash.
GOOGLE: But you did not withdraw enough cash according to your bank statement.
CALLER: WTH man! I'm going on island to live without internet & social media.
GOOGLE: I understand sir, but you need to renew your passport. It expired 6 weeks ago.3 -
Who am I?
Some of you, because of the hyperbolic, outrageous, trollish, and often self-satirical nature of my posts, might doubt me. Thats completely relatable.
Heres the truth:
I was diagnosed in childhood with ADHD, fucking everyone, every male, these days is diagnosed with that. I was diagnosed bipolar. Hell anyone reading my posts could see that from a mile away. I was diagnosed on the borderline personality spectrum. Yeah, I could see that.
I was tested. They said I was in the 98th percentile for clerical ability, not extraordinary but pretty good, mathematical ability a little higher than that. My SAT was 1491. Not yale material, but I coulda been someone.
Over the years I studied a LOT of politics and read a metric fuckton of books. (40+ books over the course of three years).
I predicted every single presidential election since bush juniors second election. Three supreme court picks. Senatorial elections. Congresional elections. More than that.
I have a better analysis track record than some of the multidecade analysts sitting in the fucking NSA.
No I am not shitting you. No I am not exaggerating.
It's about the only claim to fame I get to legitimately make.
People ask me, "then why aren't you famous?"
How do you know I'm not.
Look I'm gonna tell you my actual name.
My real name is Lawrence B. Lindsey
Okay, I'm bullshitting for fun. But words I have written on alt twitter accounts have legitimately come out of presidential hopeful's mouths. No, this I am *not* bullshitting you about.
Imagine that. A guy who lived in his parents attic for five years, writing words that came out of presidential candidates mouths.
At one time I was about as popular and influential as that fuckboy catturd.
yes, really. No I am not fucking joking.
Under normal conditions I wouldn't talk about this or reveal it, because who the fuck cares? I'm just some dude on the internet, drunk, both on alcohol, and the pseudo-anonymous equivalent of bragging rights.
You know how many women I turned down because I could? You know how fucking drunk I am? They say a drunk man's words are a sober man's thoughts. Well, I'm not usually honest like this because the internet is full of false braggarts, and you tell people the truth and they don't fucking believe you.
I swear, it seems like I made some faustian bargain at some time, and can achieve no fame or lasting wealth in my life--to save my life.
Shit, I was talking to a chinese women who ran a bank in china (yes, really), who advised me to buy into bitcoin early on. Didn't have the money to. Woulda been a fucking millionaire if I did.
*Non-obvious* Ideas that major corporations are now persuing? Yeah those were sitting in my card index since the early 2000s.
I helped two people build and sell businesses. One for me tens of thousands. Another for millions. Yes, really. Got zero, and I mean, *zero* credit for it.
Point is, doesn't matter how famous you are, or coulda been, Doesn't matter the ideas you have, or had.
The world doesn't promote runners-up, or hasbeens, or wannabes, or could-bes.
What matters is execution.
If you're wandering through life, wondering when you're lucky break will be, stop. You have to realize, you make your own luck. Recognize the difference between what you can control, and what you can, and work on promoting your own ideas or business or values, instead of other people's dreams.
And for those wondering, yes I am drunk, and no, I ain't fucking kidding you in anything I wrote here.
The most important lesson I learned is this:
First work on your own success, before you work on the success of others.
p.s.
I give surprisingly good advice for someone who doesn't benchmark well on traditional measures of success. I know, even I was shocked when I looked at the statistics.47 -
So I started getting email notifications telling me about transactions made using my credit card. But I DON'T have a credit card in the first place.
Instead of trying to call customer care and pressing an endless array of buttons, I drive to the bank. I tell them the situation and they check every database they have but they couldn't find any trace of a card connected to my account. Turns out their database somehow had cross-links in their database.
How does the one of the biggest banks in the country possibly have such an issue. Worst part is that it's been a day and they still haven't fixed it -_-7 -
Sent my coworker a LMGTFY link sarcastically, and he legitimately thought it was a great tool for showing people how you search for stuff on the internet.
This same client had never in his 50+ years on this Earth, used a debit or credit card to pay for a meal at a restaurant. Needless to say, we made him use his company card for every meal on the rest of the trip.
He also wears a black trench coat... Everyday. -
I’m LOLing at the audacity of one of our vendors.
We contract with a vendor to build and maintain a website. Our network security team noticed there was a security breach of the vendor’s website. Our team saw that malicious users gained access to our Google Search console by completing a challenge that was issued to the vendor’s site.
At first, the vendor tried to convince us that their site wasn’t comprised and it was the Google search Console that was compromised. Nah dude. Our Search Console got compromised via the website you maintain for us. Luckily our network team was able to remove the malicious users from our search console.
That vendor site accepts credit card payments and displays the user’s contact info like address, email, and phone. The vendor uses keys that are tied to our payment gateway. So now my employer is demanding a full incident report from the vendor because their dropping the ball could have compromised our users’ data and we might be responsible for PCI issues.
And the vendor tried to shit on us even more. The vendor also generates vanity urls for our users. My employer decided to temporarily redirect users to our main site (non vendor) because users already received those links and in order to not lose revenue. The vendor’s solution is to build a service that will redirect their vanity urls to our main site. And they wanted to charge us $5000 usd for this. We already pay them $1000 a month already.
WTAF we are not stupid. Our network service team said we could make the argument that they do this without extra charge because it falls in the scope of our contract with them. Our network team also said that we could terminate the contract because the security breach means they didn’t render the service they were contracted to do. Guess it’s time for us to get our lawyer’s take on this.
So now it looks like my stakeholders want me to rebuild all of this in house. I already have a lot on my plate, but I’m going to be open to their requests because we are still in the debrief phase.2 -
So I just decided I'd hotspot my phone to my laptop (as I have no WiFi) and stream a film I've wanted to watch for a while.
Turns out my shite ass mobile provider wants credit card details to prove I'm over 18.
I'm sorry, what?
ARE YOU FUCKING KIDDING ME? YOU NOSY OVER CONTROLLING SHIT STAINS! THAT IS A PARENT'S JOB, NOT YOURS.
fucking hell. What is wrong with this fucking race?
Oh, and I can't torrent it because that's blocked too.7 -
Security lifehacks 101
Why pay for password managers? Just use one secure password for every service you use! Password managers are really designed for fools who don’t know that you can just use one password for every service and who are ready to pay for that shit.
The best practice is to use your name starting with a capital letter + your main credit card number + CVC code from the back of that card as your go-to password. It’s long and hard to bruteforce and you can remember everything that way! You just need to remember that one password and you’ll always remember your payment info! No need for apple’s bad Apple Pay which is not so secure after all like everything else that Apple offers.19 -
Talk about data protection, I am fucking furious!! A hotel i stayed in recently has sent an email with a scan of my passport and credit card. Do I have any legal rights to fuck them up the arse? The hotel is in france.1
-
TL;DR: Why does that online shop NOT support paypal?
I'm a LITTLE pissed.
I wanted to buy some stuff online (since my gf birthday comes closer and I have no city, no car nearby to go shopping) - and this website doesn't support paypal. You know why? Because they had to high fees.
Why on earth don't they do it like any other online shop?! - the user can pay with paypal for a little more % or €.
I don't have an actual credit card but the thing you can get <18yo. Paypal works with it but I can't use any other payment option.13 -
Just went to book something online. About to click the "Pay" button and noticed the page wasn't secure. Who the hell, in 2017, captures credit card details via insecure 'http'??? And 'https' worked on the home page but not the payment page!! Backed out of that, messaged them and we'll see if anything comes of it.3
-
Me and my developer friend worked with my ex-colleague with this fitness directory website because he promised to give us {{ thisAmount }} upon the {{ completionDate }}.
He was my friend and I trusted him.
It took me weeks of sleepless nights building the project. I had a full-time job that time, and I worked on the project during evenings. All went well, and as we reach the {{ completionDate }}, the demo site is already up and running.
A week before the {{ completionDate }}, he hired his new wife as the COO of the startup. It was cool, she keep noticing things on the site which shouldn't be there, and keeps on suggesting sections that has to be there. I was okay with it, until I realized that we are already a month late with the deadline.
Every single hour, I get a message from them like, "it's not working", "when can you finish this feature?", blah blah blah.. and so on.
I got frustrated.
"I want my fucking life back", I told them. No one cared about the {{ completionDate }}, the sleepless zombies they are working with and our payment. They keep on coming up with this "amazing" ass features, and now they are not paying because they said "it's not complete".
Idiot enough to trust a friend. I was unprotected, there was no legal-binding document that states their obligation to pay.
My dev friend and I handed over the project to this web development company which they prefer, and kept a backdoor on the application.
I kind of moved on with the payment issue after a month. But without their knowledge, I kept an eye on the progress and made sure that I still have the access to their server, DNS, etc..
BUT when they announced the official launch on social media, I realized that I was on the wrong train the whole time.
They switched to a different server.
They thanked all the people involved with the project via social media, EXCEPT me and my coding partner who originally built the site from ground up. A little "thank you" note from them will make us feel a little better. But, never happened.
I checked up the site and it was rewritten from originally Laravel 5 to CodeIgniter 1. That is like shifting from a luxury yacht where you can bang some hot chicks, to a row boat where your left hand is holding the paddle whilst your right hand is wanking yourself.
I almost ran out of bullets.
Luckily, CodeIgniter 1 was prone to SQLi by default.
I was able to get the administrator password in plain text and fucked with their data. But that didn't make me feel better because other people's info are involved.
So, I looked for something else to screw with. What I found? A message with the credit card details.
Finally, a chance to do something good for humanity. I just donated a few thousand dollars to different charity websites.3 -
*places an order on OnePlus' website for that OP6T*
Alright, payment.. with my bpaid card that I ranted about earlier, because apparently the fuckers accept only credit cards. External payment portal, card's got a chip.. well that's gotta be the same payment process as the usual Bancontact purchases then, right? Where you plug your card into your Digipass card reader, get a start code from the website, type that in, amount to be paid, PIN code, and then it spits out another code that you give to the payment portal.
Except it isn't. That CVC thing is apparently the only thing that stands between you using your card and someone else doing the same with your card information. Not even the card itself! Why the FUCK do we even have PIN codes then?! This is even worse than the magstripe and the skimming issues related to it (the magstripe essentially just blurts out your card information to whatever wants to have it, so demagnetize it and don't use the payment terminals who refuse your card on grounds of not being able to read the magstripe afterwards. Your chip should be responsible for that.. but I digress). Credit cards with chips in it that aren't even used. That's what you Americans use? Seriously?!
At this rate, you can keep your fucking credit cards.10 -
I received this message this morning. Please house What do I reply these newbie scammer? Am laughing here.9
-
My partner got her credit card transactioned with about USD 500 from another continent.
On a card that had been shut down ten (10!) years ago.
The banks first statement :
Your account hadn't been closed down properly.
You're liable because it's your account.
="D
The cheek they have.
.
Referring to @iSwimInTheC s rant
https://devrant.com/rants/5977066/...5 -
A team at school spent 3-4months on an eStore web app, for selling items. The title was "Securing your eStore".
When they were done with their presentation, the examinator asked: "But... You haven't said a thing about the security part."
"Oh, sure we did, as we showed you, we added validation on the email address and credit card text fields etc. If you press the Pay button here, you will get an alert()-dialog telling you which fields are invalid..."2 -
Most painful code error you've made?
More than I probably care to count.
One in particular where I was asked to integrate our code and converted the wrong value..ex
The correct code was supposed to be ...
var serviceBusMessage = new Message() {ID = dto.InvoiceId ...}
but I wrote ..
var serviceBusMessage = new Message() {ID = dto.OrderId ...}
At the time of the message bus event, the dto.OrderId is zero (it's set after a successful credit card transaction in another process)
Because of a 'true up' job that occurs at EOD, the issue went unnoticed for weeks. One day the credit card system went down and thousands of invoices needed to be re-processed, but seemed to be 'stuck', and 'John' was tasked to investigate, found the issue, and traced back to the code changes.
John: "There is a bug in the event bus, looks like you used the wrong key and all the keys are zero."
Me: "Oh crap, I made that change weeks ago. No one noticed?"
John: "Nah, its not a big deal. The true-up job cleans up anything we missed and in the rare event the credit card system goes down, like now. No worries, I can fix the data and the code."
<about an hour later I'm called into a meeting>
Mgr1: "We're following up on the credit card outage earlier. You made the code changes that prevented the cards from reprocessing?"
Me: "Yes, it was my screw up."
Mgr1: "Why wasn't there a code review? It should have caught this mistake."
Mgr2: "All code that is deployed is reviewed. 'Tom' performed the review."
Mgr1: "Tom, why didn't you catch that mistake."
Tom: "I don't know, that code is over 5 years old written by someone else. I assumed it was correct."
Mgr1: "Aren't there unit tests? Integration tests?"
Tom: "Oh yea, and passed them all. In the scenario, the original developers probably never thought the wrong ID would be passed."
Mgr1: "What are you going to do so this never happens again?"
Tom: "Its an easy addition to the tests. Should only take 5 minutes."
Mgr1: "No, what are *you* going to do so this never happens again?"
Me: "It was my mistake, I need to do a better job in paying attention. I knew what value was supposed to passed, but I screwed up."
Mgr2: "No harm no foul. We didn't lose any money and no customer was negativity affected. Credit card system may go down once, or twice a year? Nothing to lose sleep over. Thanks guys."
A week later Mgr1 fires Tom.
I feel/felt like a total d-bag.
Talking to 'John' later about it, turns out Tom's attention to detail and 'passion' was lacking in other areas. Understandable since he has 2 kids + one with special-needs, and in the middle of a divorce, taking most/all of his vacation+sick time (which 'Mgr1' dislikes people taking more than a few days off, that's another story) and 'Mgr1' didn't like Tom's lack of work ethic (felt he needed to leave his problems at home). The outage and the 'lack of due diligence' was the last straw.1 -
#include <rant>
Using angry standard;
Int main()
{
cout << "So my mom recently started "exploring the web". I'm sure you already know where this is going; she ended up signing up for a free trail of some diet pills with her credit card on some sketchy website. The website never sent any product but attempted to charge her card over $300 multiple times. My mom's bank noticed and froze the account. She has now opened an investigation with the banks fraud department and is awaiting response. I took the liberty of running a whois look up and found the companies website is held by GoDaddy and is hiding behind Domains by Proxy (GoDaddy's sysadmin hider). I'm angry that she's in this situation but I have no idea of how to uncover the real company behind the diet pills site." << endl;
Return 0;
}3 -
I am such a fucking idiot i cannot believe how many stupid things i have done in the past hour because i was horny and bored. I cant believe i saw none of the signs its so fucking glaringly obvious and now my life is essentially over. I dont know how im going to show my face to anyone I know its so fucked up. Met a person on chat roulette, then skype, started cybering on cam then she told me i would show her my credit card and give her money unless she would send the video to everyone on my facebook list. I dont even know why i added her on facebook, just a false account to get my friends list and now every one i Know is going to see my dick. I didnt give her my card because im not that dumb and eternal humiliation is better than having my bank account cleaned but I dont know what im going to do.
End rant
TLDR my life is over17 -
The other day those of us in the codrTalk telegram group we're joking around and, long story short, I now own the domain http://emotionoverflow.com
This is why I shouldn't have access to a credit card.
Telegram group link: https://t.me/codrTalk11 -
My grandfather is at age 72 & don't know much about technology. He forward me this message on whatsapp bcz I'm a software engineer. He made my day...
What is the difference between http and https ?
Time to know this with 32 lakh debit cards compromised in India.
Many of you may be aware of this difference, but it is
worth sharing for any that are not.....
The main difference between http:// and https:// is all
about keeping you secure
HTTP stands for Hyper Text Transfer Protocol
The S (big surprise) stands for "Secure".. If you visit a
Website or web page, and look at the address in the web browser, it is likely begin with the following: http:///.
This means that the website is talking to your browser using
the regular unsecured language. In other words, it is possible for someone to "eavesdrop" on your computer's conversation with the Website. If you fill out a form on the website, someone might see the information you send to that site.
This is why you never ever enter your credit card number in an
Http website! But if the web address begins with https://, that means your computer is talking to the website in a
Secure code that no one can eavesdrop on.
You understand why this is so important, right?
If a website ever asks you to enter your Credit/Debit card
Information, you should automatically look to see if the web
address begins with https://.
If it doesn't, You should NEVER enter sensitive
Information....such as a credit/debit card number.
PASS IT ON (You may save someone a lot of grief).
GK:
While checking the name of any website, first look for the domain extension (.com or .org, .co.in, .net etc). The name just before this is the domain name of the website. Eg, in the above example, http://amazon.diwali-festivals.com, the word before .com is "diwali-festivals" (and NOT "amazon"). So, this webpage does not belong to amazon.com but belongs to "diwali-festivals.com", which we all haven't heard before.
You can similarly check for bank frauds.
Before your ebanking logins, make sure that the name just before ".com" is the name of your bank. "Something.icicibank.com" belongs to icici, but icicibank.some1else.com belongs to "some1else".
👆 *Simple but good knowledge to have at times like these* 👆3 -
Possibly the start of a very bad adventure: I'm helping my brother-in-law set up a website for a business he'd beginning with his wife. I'll be needing to provide him a simple cms & shopping cart that he can manage. No payments as we want to just use PayPal so as to avoid having to actually manage user data & credit card information.
Wish me well....
Also advices appreciated cause otherwise, I'm gonna use a simple Drupal or WordPress site with like 1 theme and 0 plug ins.4 -
Attention: incomming resentful boiled up for months rant.
Hands down G2APAY is the worst because:
Merchant account aproval takes fcking months. It starts with unreasonable delays in documents approval. I mean insane nitpicking. They want to see merchants name surname and address on every god damn document that you submit even if for example bank statement doesnt include these details. I had to manually edit pdf’s just so that they would fck off and approve the merchant application. Insane requirements for document check also combined with their email only support answering only once a week you will have to wait one month just to get your account approved.
Then you get to the fun part, approval proccess for vendor gateway and webhook integration. They are nitpicking everything you can imagine: about website not having https, website forum missing some icons, merchants phone number being from another country then he is, and bunch of other hundreds of problems imagined only by them. Again combined with their one email reply per week policy you will waste atleast one month to finish up your integration.
Now finally you are their client and you think you can chill and go back to focusing on your business? Nope bro. Prepare for threatening emails. Last time I got a request to install https or my merchant application will be shut down. I was given 3 days notice on a fcking friday and had to do it.
Then g2a backend is crashing quite often. Combined with their one email per week policy you are fcked in the ass if your users were not able to pay through g2a and you will get no compensation.
Their backend documentation is shiet. Not clear how to integrate everything and after you integrate they make changes without publishing any changesets. Your integration is working? Good luck if it will still be working tomorrow.
And the very worst part is that they stopped proccessing credit cards like month ago with zero notice. Its been weeks and still zero news about bringing card proccessing back. They sad that they were acquired by some other company so shitty support got even shittier now while they are in a proccess of handover.
So yeah thats the worst vendor I have ever seen in my life. For example integrating paypal took me 30 minutes. Integrating stripe and getting all documents reviewed took me one business day. Same with paymentwall integration and document approval took 1 business day. Support is amazing and even have a phone number that I can reach if urgent problems arise. Thats how it should be. Thats why I can pay percentage of my transactions with a smile for them.
Sorry for the typos since im typing on my shiet phone while driving.
Eat a bag of dicks g2apay. I hope you go bankrupt and shutdown.21 -
We are going to start accepting credit cards again. Old boss wants to store the tokens in plain text work the last 4 digits of the credit card...5
-
I hate subscription-based payments.
Oh, you want to charge my credit card 90$ if I forget to remove it from your shitty website? Oh, well. -
I had a wonderful run-in with corporate security at a credit card processing company last year (I won't name them this time).
I was asked design an application that allowed users in a secure room to receive instructions for putting gift cards into envelopes, print labels and send the envelopes to the post. There were all sorts of rules about what combinations of cards could go in which envelopes etc etc, but that wasn't the hard part.
These folks had a dedicated label printer for printing the address labels, in their secure room.
The address data was in a database in the server room.
On separate networks.
And there was absolutely no way that the corporate security folks would let an application that had access to a printer that was on a different network also have access to the address data.
So I took a look at the legacy application to see what they did, to hopefully use as a precedent.
They had an unsecured web page (no, not an API, a web page) that listed the addresses to be printed. And a Windows application running on the users' PC that was quietly scraping that page to print the labels.
Luckily, it ceased to be an issue for me, as the whole IT department suddenly got outsourced to India, so it became some Indian's problem to solve.2 -
rant = Rant.STORY_TIME
<<<Story
This is still something funny me and my friends often remember.
There was once upon a time we were young and stupid, playing on the internet with fake credit card numbers, sometimes we had luck and the orders passed.
We were on the living room, checking who could put an order for a coffee machine, while another friend of mine was talking about the deep web and what he found there.
Suddenly, someone knocks really hard on the door... We went silent...
Me: "Who's there?"
Voice: Federal Police, open up!
Me: *shiiiit*
I went blank, close my laptop as fast as possible, I thought of throwing it away through the window. My friends panicked, I had my laptop upside down, opening the lid to remove the HDD.
One of my friends stood up and went to the door, looked through the eyehole.
Friend: *whispering* The eyehole's covered!
We quickly stood up and looked at each other, like we were acknowledging our wrong doing and getting ready to face the consequences.
I took a deep breath and put the key in the door to open it. Sudden heavy knock again. I jumped and yelled "I'm on it, wait a minute!".
Slowly I opened the door... And there they were, another two of my friends.
F1: hey...what, what happened? Why are you so scared.
They stepped in while we told them what we were doing and they laughed their asses off.
We were shit scared, and those two were laughing.
Story;
So, nowadays, I don't even think about doing that kind of stuff again and I'm hoping to make a Master's degree in security...or electronics, whatever happens first. -
I can't begin to know where to start. I once worked with a lady that was annoyed by me for stretching and began to start nagging at me for it. I promptly explained to her that hearing her complaints annoyed me as well and that I stretched and yawned because my work made me sleepy due to the fact that I had to listen to her relentless and incessant nagging.
I currently work with a "graphic designer" of 25 years experience who had no idea that color picker tools were an actual thing in real life. He's been eyeballing our brand colors for years. SMH... We collectively refer to him as Captain Colorpicker now.
This same guy had never used a credit or debit card in his entire life to purchase a meal at a restaurant.
I worked with a micromanager that constantly reminded me daily of the hierarchy for decision making in the company and where you stood firmly under her thumb. That is until she conveniently wanted shy away from a tough decision. Then it was all on me.
She was the marketing director and every single one of these stupid titles:
http://memeburn.com/2013/05/...
I am in a company as a shareholder with a partner who threatened to take away my shares on several occasions when I don't agree with him. At the time our company was in debt, capital accounts were low, and we were hemorrhaging money to keep afloat. The dumbass tried to offer me $200 per share to "buy me out." The company was $5,000 in the hole and my shares were worth around -$11 each. He never had that much money. -
So I started to hear a noise on my headphones which I didn't know where it was coming from. It wasn't much of a noise but a regular sequence of "beeps", seemed like 8bit sfx. So I started moving my cable around and it turns out that if I put the headphone's cable under my phone at a specific spot I can hear the noise. Seems like some kind of interference, so the first thing that I thought of is the NFC sensor. So I remembered that an app would detect my credit card (which has NFC) if it was close to the back of my phone, so I put on my headphones and put the cable between the phone and the credit card and voila, the sound changes. It only works if the headphones are be plugged in though.
Idk why but it think this is really cool. Just wanted to share :)2 -
2nd year programming professionally I designed, coded, and released a PCI compliant credit card encryption system, including updating all 7 million records (at the time) in our existing database to utilize the new system. By some miracle, it worked with only one small hiccup (see previous rant).
-
Wow! This is a truly terrifying, yet fictional scenario. Malware by npm: https://hackernoon.com/im-harvestin...7
-
F*** u apple. From time to time I develop Apps for Android and iOS and boy is the whole iOS app distribution workflow bad.
I try for hours to upload a update for my app.
First I needed the readd my credit card then there were internal server errors and after that I needed to regenerate provisioning profiles.
Everytime I use something from apple, then I experience such a bad user experience. "It just works" not anymore friendo...4 -
Some hacker went through a lot of trouble to get around a minimum order amount on our site. And they’re still hitting us after Cloudflare issued a bunch of blocks. Well, there are some back doors I have to finish closing. I guess I’m lucky I’m just inheriting this site and I’m not the one who built it. But I’m still unlucky because I have to fix this mess. But damn hacker, why’d you go though all this trouble to get around existing validation. Go find another site to charge $1 amounts and test your stolen credit card info. Pretty please 🥺
-
New work place (changed the PC bellow (so now I have just a little more room.
And the stuff that arrived in 10 days.
Only arround 90 packages to arrive, all arduino or eletrónics related...
Must up my credit card limit
... Reached maximum this month.
No I only need that energy I had before the brake down.. Maby forcing me to finish the projects I already have in mind.
After all, I need a cnc to make my projects, so I must make one3 -
Fuck you Steam, just fuck you and your price politics.
I have a Swiss and one Russian Steam account. I have on my Swiss account over 450 Games and on the russian one around 4.
I have a friend in Russia and to play some games with him, I need a russian account.
Guess what? Since the last change to Steam Shop I cant use my Swiss Credit Card anymore to buy games in Russia.
Now when I want to test a game first on the russian account and when it's good to buy it after on my main Account, I can't.
Why should I pay for a game in Early Access the full price, when the game is bad and will be abadoned in a half year?
Sure they are some good early access games, which I payd the full price for (Switzerland has the highest Steam Game prices). As example ARK or Battlegrounds. I love these games and like to support the Devs.
But I get really angry when I have to pay for a Game which is worth 5 $ and sold in my Country for 20 $ and will be unsupported after a year.
Really fuck you Valve and Steam 🖕🏻🖕🏻😡
Atleast refund the people the money, when the game is abadoned! But sure, you're just in for a Cash Grab...4 -
I work for a cryptocurrency exchange as a senior developer - I'm pretty much one of the key people keeping the lights on in terms of backend and operational functions.
Yet I'm sitting in the bank trying to extend my credit card limit, just to makes ends meet.8 -
rant, !dev...
NEVER BUY ANYTHING THAT COST MORE THEN $5 FROM ALIEXPRESS....
I CANCELLED AN ORDER LIKE 1HR AFTER I PLACED IT, 3 DAYS AGO... I JUST GOT NOTIFIED THE ORDER IS NOW SHIPPED....
ALSO SEEMS MOST THINGS ON THERE A CHINESE RIPOFFS... BEING MARKETED AS QUALITY GOODS....
Oh and their customer support is really sketchy... they said they'll try to get me a refund... But as I was taking to her, I also placed a dispute on my credit card "just in case"6 -
TLDR: I need advice on reasonable salary expectations for sysadmin work in the rural United States.
I need some community advice. I’m the sysadmin at a small (35 employee) credit card processing company. I began as an intern and have now become their full time sysadmin/networking specialist. Since I was hired in January I have:
-migrated their 2007 Exchange server to Office 365
-Upgraded their ailing Windows server 2003 based architecture to 2012R2
-Licensed their unlicensed VMware ESXi servers (which they had already paid for license keys for!!!) and then upgraded them to 6.5 while preventing downtime on hosted VMs using tricky transfers and deployments (without vMotion!)
-Deployed a vCenter server to manage said ESXi servers easier
-Fixed a three month gap in their backups by implementing Veeam, and verifying its functionality
-Migrated a ‘no downtime’ fileserver to a new hypervisor host, implemented a ‘hot standby’ server as a backup kept up to date by the minute with DFS replication.
-Replaced failing hard drives in a RAID array underlying their one ‘business critical’ fileserver, which had no backups for 3 months at that time
-Reorganized Active Directory and Group Policy deployment from a nightmare spiderweb of OUs and duplicate policies
-Documented the entire old network and now the new one as I’ve been upgrading this
-Audited the developers AWS instances and removed redundant machines, optimized load balancing on front end Nginx servers, joined developer run Fedora workstations to the AD domain and implemented centralized syslog monitoring on them.
-Performed network scans and rewrote firewall exceptions to tighten security
There’s more, but you get the idea. I’ve now been tasked with taking point on an upcoming PCI audit which will be my first.
I’m being paid $16/hr US, with marginal health benefits. This is roughly $32,000 a year, before taxes.
I have two years previous work experience managing a third party Apple repair facility (SimplyMac) and every Apple certification for warranty repair and software troubleshooting. I have a two year degree in general sciences, with about 4 years of college credit (Two years of a physics education and two years of computer science after I switched focus) I’m actively pursuing a CCNA and MCSA server 2016 with exams paid for and scheduled.
I’m going into a salary negotiation in two months. What is a reasonable salary to request, from your perspective, for someone in my position?
Thanks in advance!6 -
Oh my dear internet,
FUCK THIS FUCKING SHIT
I AM SICK AND TIRED OF IT, WHO BUILT THIS HACKED TOGETHER ORWELLIAN SWAMP PIT?
Fuck the same fucking Envato template on every content page with 70 layers of sidebars, inline ads, popups, cookies and content shifting as if I was playing CATCH UP WITH YOUR FUCKING CONTENT.
FUCK the same fucking annual upselling 'plans' on every 7-day trial overengineered scam app that requires me to sign up for 1 fucking, falsely advertised task where my fucking password generator doesn't even recognize the input as a password field so I have to cmd+, to my FUCKING BABYLONIAN PASSWORD ARCHIVES PROMPTING ME FOR THE MASTER PASSWORD.
Thank god I can at least CREATE A BURNER CREDIT CARD THAT FREEZES ITSELF BECAUSE I CANNOT BE BOTHERED TO UNSUBSCRIBE FROM YOUR FUCKING STEAMING CRAP.
FUCK every fucking step I take being recorded by our CYBERPUNK OVERLORDS REQUIRING ME to sign up for 5 different fucking privacy protection tools' annual plan or duct tape some open source shit onto my browser just for some BASIC PRIVACY WHILE TRYING TO NAVIGATE ALL THE OTHER 5000 annuals plan naval mines like A FUCKING FRENCH SUBMARINE IN 1940 GERMAN WATERS.
FUCK my walled garden scam ecosystem not being compatible with your walled garden scam ecosystem prompting me to reactivate my old SATANIC GOOGLE DON'T BE EVIL ACCOUNT from 2012 sending me on a DANTE ALIGHIERI STYLE ODYSSEY THROUGH THE 9 LAYERS OF PASSWORD RESET QUESTIONS, UNEXPECTED ERROR, 2FA MY PHONE DIED HELL to come out on the other side as a broken man.
Thank GOD I have your useless SUPPORT PAGE to aid with my signup problems that is actually just an FAQ with a hidden EASTER EGG HUNT for your support form CRISP AI BOT THAT IS ALSO 'currently experiencing high demand due to COVID' which is peculiar since that has been 3 years ago, but fortunately for you enabled you to fire ALL YOUR SUPPORT STAFF AND REPLACE IT WITH THIS BANNER.
I might as well just SCRAPE your fucking content, it'd be faster.
And although it is quite funny, FUCK THIS PAGE TOO for having me create another of 10.000 accounts to write this shit, where my browser firmly placed a newly created burner email into the PASSWORD FIELD.
I do not know how we managed to create something that is even more unwieldy than 56k DIAL-UPS, but I know that if this shit continues I'll have to train my own AGI to proudly interact with of all this STUPID SHIT on my behalf or I'll have to move into THE FUCKING MOUNTAINS AND LIVE WITH THE DEER.2 -
Working at a local seo sweat-shop as "whatever the lead dev does't feel like doing" guy.
Inherit their linux "server".
- Over 500 security updates
- Everything in /var/www is chmod to 777
- Everything in /var/www is owned by a random user that isn't apache
- Every single database is owned by root sql user
- Password for sudo user and mysql root user same as wifi password given to everyone at company.
- Custom spaghetti code dashboard with over 400 files in one directory, db/ api logins spread throughout these files, passwords in plain text.
- Dashboard doesn't have passwords, just usernames to login
- Dashboard database has all customer information including credit card stored in plain text
- Company wifi is shared by other businesses in the area
I suggest that I should try to fix some of these things.
Lead Developer / Tech Director : We're an SEO company, not a security company . . .7 -
This isn't something I've dealt with personally, but recently heard the story on the podcast and was pretty astounded:
"A company who makes add-ons for Flight Simulator X included malware in one of their downloadable jets, players have alleged. The malicious file is called ‘test.exe’ and it is designed to extract passwords from the Chrome web browser."
Now that's some extreme DRM. "Pirate our downloadable jet? We leak your credit card information and Social Security Number to the darknet."
Original story: https://rockpapershotgun.com/2018/...3 -
No, I'm not interested in your credit card offer 😬
I need a spam filter for my mailbox like my email 👻 -
So on top of my Windows update frustrations, I just found out that Microsoft has been scamming me out of money for two years!
I bought an android tablet in 2016 which came with a free 1 year subscription to Office365. They demanded credit card info, so I made sure to pre-cancel it to avoid getting charged when the year was up.
Today I find a line on my bank statement that just says 'MICROSOFT', and I think to myself: 'What the hell is that?!?'
It takes some digging for the email adress I used and trying to navigate various MS sites until I realize that those bastards have auto-renewed the subscription twice now!
I missed it last year, but luckily since I caught the latest one within 30 days I can get a full refund.
Will contact their support tomorrow to get the rest of it back. Too tired right now to deal with their support jungle of circular links and virtual assistants...2 -
Client wants some CMS text to be automatically translated. So I checked and Google seems to have a solution for that. I thought to to be as simpel as doing a request and parsing the response. That's how API's work, right?
No. First I must create an account, that account must have a credit card, then I need to setup credentials, the default ones working with path variables, an API key... etc etc etc.
I feel so stupid for just not understanding their docs. I'm just a dude that installs a CMS and makes pretty CSS for it. I've worked with REST APIs before (Mollie, Carerix) but none of them ever demanded the level of knowledge and setup the Google Translate API demands.
Am I just a bad developer or is this shit just too complex for your average web developer?9 -
After playing et and wow a few year it all started when I hosted my own ts2 server with npo license. Rented a server for 90 bucks as a highschool student (13) with no job. (Who the fuck rented to me? I had my own bank account and lied about my age. Had a credit card at 14 but that's another story)
*Shit is expensive*
How does one get some value out of a server? Oh right, let's host Webspace and ftp accounts.
That got me into server administration and bash.
After dropping wow in bc i started playing on private servers.
*Shit is buggy*
How do you fix wow server? Let's learn c++ and push patches to arcemu. Why is this part crashing on this one server? Let's look at the binary. Wtf is this? Oh assembler?!? Ok let's try to read this. Ok I get it now. Let's fix the code.
Ok let's host my own wow private server. We need a website for account creation.
Let's learn php. Wait php is easy compared to mastering c++? I need an app for my first smartphone (iPhone 3g) to manage the server on the go. Let's learn how to do that. Why is this so easy? Switching to Android: wait java is even easier?
And that's how I learned that if you start with the hard part and grasp the concept, everything more abstract is significantly easier. If you start to read code to learn any language it's easier then following books (for me at least). If you get an error, track it down, you might learn amazing things in the way.
And if you want to get into reverse engineering, start by being passionate for the thing you want the reverse. It will be hard before it gets easier and you will need all the willpower you can muster not the just stop.
Programming for me is not a job but my passion. It's like I'm on vacation every day of the year (expect meetings, fuck meetings)2 -
Yesterday I had to register my new credit card with a national payment app (MobilePay) and it kept giving me error 32, which says "a technical error happened please try again"... Real fucking useful u peace of shit app 😠
Turns out, after a bit of research, that it will sometime crash if you language is not set to a european language. Guess what? I had mine set to English... English (US)... 😧
Like, what the fuck is that? Why would you check if a person might be from EU, be checking the language setting?
Get your shit together 😑3 -
I am trying to apply for a student credit card. Should be relatively simple, but guess what: it isn't. First there was a question on your income. I didn't know if you had to include your student loan by issued by the goverment and after calling the bank, the answer seemed to be no. And the form didn't succeed because your income should be higher than 1 euro. So I've contacted the bank again and it seems that you could just fill in your student loan as income. Okay, so that should fix the problem. So I came very close to completing the form, gave the website me an error in the last step!1
-
What makes free ssl "Unsuitable for e-commerce websites", Please read to end to see my view point.
From Namecheap:
Free Certificates are domain validation only which means they don't certify the identity of the website owner, they simply ensure a secure connection. Customers can't be sure of the integrity and trustworthiness of the website owner. If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer. It's important your customers trust your business is safe enough to hand over these details. To gain this trust, you need a certification of your authenticity, which you can only get with a (paid) Business Validation or Extended Validation SSL Certificates.
https://namecheap.com/security/...
* "To gain this trust, you need a certification of your authenticity"
~ But isn't that just Domain Verification and other Extras, What justifies somebody or business's authenticity? Tax Id, Valid Address, Nobody is going to study the ssl cert to make sure that amazon.com is a valid business and has a tax Id.
* "domain validation only which means they don't certify the identity of the website owner,"
~ Wouldn't this just be the domain validation test that is required when using services like LetsEncrypt using Certbot etc, or are we referencing back to this idea that they look for a Valid Tax Id sort of thing?
* "If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer"
~ Why is the paid version going to do double encryption, is the CA going to run a monitoring tool to scan for intrusions like a IDS or IPS? (disregard the use of DNS Validation being in the picture)
Am I missing something, this just seems like well crafted text to get people to buy a cert, I could understand if the encryption was handled differently, Maybe if they checked the site for HSTS or HTTPs Redirect or even, They blocked wildcard SSL before and now with the paid its included, but overall it doesn't sound like anything special. Now I'm not just picking on namecheap because domain.com does the same.14 -
So finally I just got my first credit card!
Now on, I don't need to worry about carrying cash when traveling abroad, enjoy free lounge access, buy things in installments and what not.
It's almost impossible to get credit card here without a typical 9to5 job. The best thing is I didn't have to work for it at all. It just happened. So that's something.4 -
I think credit card comanies should pay me for using cards not vice versa.. or don't do shit like this when I am paying for it...
https://bloomberg.com/news/...2 -
I installed sendgrid on my server today for the first time. Now I have several questions to you more experienced programmers.
1. Is there anything I should know about using sendgrid for server generated mails?
2. Can I still use my own configured Mail-Server (eg. for sending emails with Thunderbird?
3. How does sendgrid work?
4. Are there probably better alternatives? (I first wanted to use mailgun, but those fuckers want me to have a credit card for registration)2 -
not dev.
A follow up on my HSBC credit increase rejection rant from last month. So they ended up saying "we chose not to give you an increase even though your account is very good. Feel free to try again in 3-6 months but I can't guarantee your request will be approved."
I let it be.
Today I got an email saying that following a recent review of my account, they'd like to offer me an increase. The same increase I asked for last month and got rejected, and then had my credit score ruined over. Bitch what.
I am petty af, tomorrow I'll call them and tell them that "after having reviewed their services, I choose not to give them consent to increase my credit limit. I understand this isn't the outcome they were hoping for, but that is my decision. Feel free to reach out again in 3-6 months but I can't guarantee that I'll change my mind. "
Yes I know the rep on the other end of the line wouldn't give a f*ck, I just want that recorded. I don't really need the increase, just wanted to lower my utilisation. They can suck it.2 -
Go assign a super simple ticket to your "product owner" or "manager" or whoever the hell claims they "work so hard" and "have the vision" or whatever blah blah blah when in reality YOU'RE the one working 12 hour days, completing the features used by THOUSANDS.
Just try it. They'll never complete it. I guarantee it. Here I am looking at one that is three weeks old asking to update the f&*(@#$ credit card credentials for a simple log service to be reactivated.
So sick of this backward world where us devs never get any credit.
Who wants to start a software union with me?2 -
Trying to implement a dynamic data masking solution for our databases, to filter out sensitive data.
This seems like a problem which should've been solved decades ago. But it isn't. All DDMs, proxies, seeders, maskers... they all suck balls.
Which makes me wonder, how many devs walk around with MacBooks with half a million credit card numbers on them... -
The thing that I hate more is when I want to pay something but I can't, because of system or technical problems. Do you imagine how much money are you losing? It's your interest, you should make everything possible to earn money, I can't flip out only to make you happy. Come on bro. I wanted to buy a thing, the website has a mobile version but in the mobile website I can't use credit card. And if I set the desktop version, the website identify the resolution of screen and it redirects me in the mobile version as well. Are you kidding me?1
-
Sus!
yesterday I bought a cool domain in namecheap, I was very lucky to find short and good one for my case.
Today (at weekends!!!!) I receive a letter:
>Hello **redacted name**,
>
>We are contacting you from the Namecheap Risk Management Team regarding your '**redacted name account**' account.
>
>Unfortunately, your Namecheap account was flagged by our fraud screening system as requiring verification and was locked.
>
>Please follow the instructions below to get your account verified:
>
>- take a color photo of the credit card used for the payment at **redacted link**
>
>Please make sure all of the edges of the credit card are visible, and that we can clearly see the card holder's name, expiration, and last four digits of the card number. The screenshots or images of the card cannot be accepted for verification. >If the submission does not meet these requirements, we can either request to submit the details again or permanently suspend your account.
>
>- provide a valid phone number and the best time to call you (within normal business hours, US Pacific time).
>
>If we do not hear back from you within 24 hours, we will be forced to cancel your orders.
>
>We apologize for any inconvenience that may result from this process. This extra verification is done for your security and to ensure that orders are legitimate. This industry, unfortunately, has a high rate of fraudulent orders, and this sort of >verification helps us drastically reduce fraud and ensure our customers remain secure. Such documents are used for verification only and are not provided to third parties in any way. Account verification is a one-time procedure, after your account >is verified, you will never face this issue again.
>
>Looking forward to your reply.
>
>---------------
>Dmitriy K.
>Risk Management
> Namecheap, Inc.
what if I did not notice it in 24 hours? It is the weekend for god's sake! People usually rest until monday.
They would what, cancel order and scalpel it to super high price?!
I have some doubts if the request is trully having anti fraudulent origins.
What if I used digital visa card? How was I supposed to photo it?
And the service they provided for photoing accepts only photos from web camera. I was lucky that I bought recently web camera with high enough amount of pixel power and manual focus. What if I did not?
That's all really SUS!
The person can not notice the letter within 24 hours time frame until the morning, when it would be already too late.10 -
Apparently, a lot of people here are complaining about the fact cs classes (and I'm talking about uni here) are way too much theory and far too less teaching practical things. And don't get me wrong, I don't like viewing cs only from a theoretic point of view either, BUT I think cs education is made to teach you how solve complex cs problems by yourself and give you the tools on how to learn about these things in the future. And this is very much theory.
CS is the science part, so don't wonder if there's a lot of theory in it. If you only want to learn how to program, maybe you should take programming courses instead.
In school though, cs education should be less theory and more doing practical (funny) things, programming, "how does the internet work", "why I should not give my credit card details to random strangers on the internet", things like that.2 -
Have I told you all lately how much I hate your stupid 'free trial' bullshit that requires me to enter a credit card ? Have I ?
Hmm.
Maybe I have.3 -
Why does the point of sale machine open the cash drawer for a credit card sale ? Seems like a vulnerability to me.2
-
Do you think my credit card company has a big bounty? String formatting really isn't that difficult.1
-
Notification overload.
My credit card company emails me saying that they have emailed me the statement! -
Here's another company hiccup: Get an email from a big online payment company that my account has been suspended due to dubious credit card activity.
Plot twist: I haven't got a credit card! -
Legal Question regarding E-Commerce / Credit Card Payments.
The User sends his Credit Card Information (number/expiration Date/Safety Number) over email to vendor. Vendor types this info from the email into a Credit Card Terminal.
Is this even legal? I thought when listing Credit Card Payment you have to use a PSP (Payment Service Provider) that conforms to the security regulations etc.7 -
!dev
Fucking hell, my phone (Nexus 5X) just died: I was browsing the web in Chrome, it suddenly hung, after a few seconds it turned off, and will not turn on at all now, it's just completely dead. FUCK!
I was going to pick up a used printer this afternoon, now I may not be able to because I can't contact the person to get their address. And if I could, I don't have Maps to find the way. FUCK!
On top of that, yesterday I got a call from the bank that my credit card was used in a fraudulent transaction so they had to cancel it, and send out a new one, which I will not have until Friday or Monday next. FUCK!6 -
My biggest personal challenge as a dev is getting help. Sometimes I feel so deserted.
Now and then I have to do things that are not my expertise and I feel out of my depth. I think if I had an expert come in for a day they would be able to save me weeks of slow progress. There are dev things like updating frameworks, etc which I am fine to struggle through or read the docs, etc but things like setting up servers, enabling single sign on, database administration, integration with other systems. These are not really software development tasks but they need to be done. It seems every time I try to get help it is so much effort then the help I get turns out not to be helpful.
In my current role I have no budget or company credit card, etc. To make any sort of purchase I need to get my manager to write a business case to get approved by his manager signed in triplicate, buried in soft peat, etc. Even if I went through this process there are so many companies out there who want to get paid to do nothing and say they are experts in all things. It is almost impossible to know if we would get competent help or if I end up just wasting time explaining issues to people in phone meetings who are no help. -
I just got a project that is already developed by a team. It is already in the production and guess what!! They are storing customer’s credit card details in the database 🥸🥸12
-
I hate it when companies got 5 payment options while 4 of them basically lead to a credit card payment.
I'm renting some servers from Vultr and they recently changed something in their payment protocol. Now you need a credit card, even while paying with PayPal, and I don't have a credit card. Using their BTC option doesn't work either since my wallet tells me they are using an incompatible payment protocol (error reason, address & amount) . There is not even a wallet address shown through their BTC checkout to which I could directly send the amount to. You need to open the website on the device your wallet is stored on and then make the payment (so no address is required from their side). Account management is taking a look at it now, I got very quick replies back from their support but this is the first time I'm having such an issue with them.
Oh well, hope they won't take down my servers in the meantime.2 -
fucking "premium subscription" is just a reboot of the "bundling" bullshit from the cable companies.
no i dont really wanna pay 4 bucks to rent a shitty halloween flick for 48 hours that i randomly got nostalgia for, nor do i want to pay an additional 8 bucks a month for your streaming service that i hardly use to begin with to include Starz or whatever.
oh a free 7 day trial will get me access you say? oh but of course you need my credit card first just to verify that im real and then conveniently charge me when i forgot i signed up and keep my money after i cancel.
too lazy to torrent. movie wasnt that great either, so not really worth the effort.7 -
not dev.
HSBC rejected my request to have my credit card limit increased. I call to ask why and after 38 minutes of holding she comes back and says the system automatically rejected your request because of "poor account conduct" and "unusual activity.".....
w h a t t h e F U C K does that mean???
She was unhelpful in explaining what that meant, and I'm honestly baffled. I've always paid my cc balance in full every month, never went over my limit (in fact, utilisation was almost always below 30%), always had enough balance in my account to cover any Direct Debits, Standing Orders and other purchases (I don't even have overdraft), and my credit score is practically excellent.
Then she proceeds to say that I can try applying again in 3-6 months but she can't guarantee approval. HAH as if. They can suck it.
I moved away from Lloyd's bank because they were shit, and now this. Are all banks this shit?
I sent them a complaint and they said they'd get back to me in 5 working days... let's see.12 -
Someone has a cloud VM running automated attempts to sign up at our website, which is causing the payment processor to block us because of all the suspicious credit card creation attempts, so we get no new signups... I suppose implementing recaptcha is a potential solution/mitigation for this? Do you guys have any other suggestions?14
-
!dev
I need to stop buying things...
I just bought a Keurig and some coffee because it was on sale for Cyber Monday...
And well I've been buying other discretionary things like crazy for the last few months... including lots of cakes and chocolates...
Which prolly adds up to over $500 in 3 months...
Damn should've gotten a new credit card... All that spending would've gotten me $150 back... -
Symfony's book tutorials starts out way too invasive. For example:
Their CLI has a specific command for you to clone the book project's repository. This command won't run unless you have all their dependencies installed (including docker and yarn). In the end a good old fashioned git clone does the trick.
Next, before even writing a single loc, the book urges you to create a symfonycloud account and give them your credit card number.
Seriously what the hell.
Should I mail you a drop of my blood as well so you can check out my ancestry while I'm at it?3 -
Report comes in that there is "no purchase confirmation screen" in the app.
Well, yes the hell there is, so I use the test credit card to make a purchase. Sure enough, it works fine on my testing account. Just to be sure, I try a couple other test accounts. Flawless.
"No, try it on *this* account"
I try again on their stupid account. Works fine.
"Well I just tried it in Chrome and it worked, it doesn't work in Firefox"
I was already testing in Firefox...
Wasting my time over a corrupted browser profile.. GTFO, why are you even a tester? -
So I’ve asked my Unis infrastructure guys via mail, why we don’t use the digital id with our phone additional to our RFID Badge.
One of those (maybe a moron, I don’t judge yet, see question below) replies, that they would need to replace all readers “as current ones rely on RFID scanning chips” and they are not sure how US Unis implemented it.
Thing is, that when I hold my iPhone SE 2020 next to the reader, my phone shows my credit card to use for Apple Pay.
Doesn’t that mean, that they use compatible RFID frequencies ?
I’m not an iOS dev, so maybe someone can help me out. Any info appreciated!11 -
just think you are a developer living in a country where you can't get a real credit card, yes it's exist, why tech for, why internet for,8
-
Over the last few months, I have now told my client multiple times that they cannot store credit card information on their non PCI compliant server. It's difficult refusing to do something they have set their mind on (especially when it's just me and 3 of their execs in the meeting). Funnily enough, each time they ask me and I refuse, I think they respect me more for it!
-
Need $2000 by the end of November.
Oh, I forgot about car insurance. +$200
Oh, I forgot I'm changing apartments. +$2000.
Oh, I forgot about my credit card. +$100
Oh, I forgot about food. +$200 -
just read about that DRAGONBRIDGE takedown.
Apparently it was some system set up to disseminate pro-China anti-USA propaganda in multiple channels.
Now, I totally can believe something like this would exist - too easy a jab to a fantastically big payout if it actually works. However, isn't it easy to call *anything* contrary to *anything* a propaganda plot?
That is why I believe in NOTHING that is on the internet. NOTHING. The internet says I have "credit card" "outstanding debt" to "pay" "ASAP".
Yeah, right. Half of those aren't even real words (I mean, "card"?! come on). You won't get me, opposing view propaganda machine!1 -
Imagine being so rich that you're too lazy to implement payment methods for countries where you product is popular. Microsoft (one drive) and Android (play) was like that for years. I want to pay for openai but it doesn't support ideal/paypal which is the payment method in the Netherlands. Credit card only. Credit cards is so unsafe, I don't understand it's the standard. I won't get one. Is there an api for generating content besides openai?7
-
cbc vs gcm vs ... for my app?
currently ive get ecb 256 bit already implemented and working well, but i want an extra layer of privacy. if you had to send your ssn or credit card number over a vulnerable network, would you be more comfortable encrypting it with cbc or gcm?9 -
Is bunq netherlands only then or is it just full of NL fanboys? I find it pretty funny considering NL doesn't like foreign cards, debit or credit. Oh you want to pay for your stroopwaffels with a Visa card ? no... want to buy your la trappe with your mastercard? no. ING or Rabbobank only.... Netherlands needs to join the 21st century...11
-
So I wrote these E2E tests to test my credit card expiration notification emails. So I wrote my code, and tested it. Tests failed. I spent the next 6 hours (spanning 2 days) debugging my tests. Come to find out that the tests were fine all along. The issue was my code.
Apparently everything has dates starting at 1 (day starts at 1, year starts at 1). But MONTHS. Months start at 0 -
Looking for a credit card billing option another than PayPal.
Searched “React e commerce” and found
Snipcart...
I’m more familiar with node.js, React toolset, but only never managed eshop beside Wordpress wooCommerce.
Have any one used it before? Pro or cons?Or any alternatives?
Really appreciate your opinion 🙏4 -
The only thing worse than client QA is client vendor QA.
I do QA for a company that does custom implementations of a major e-commerce platform. On one of my current projects, the customer has elected to outsource their UAT, and isn't willing to wait for the site (or even individual features) to be complete before starting testing, so I've been triaging a lot of silly tickets. But today took the cake.
This system allows users to save their credit card info. The vendor QA guy filed a ticket "reporting" that if he saved a cc with a given number, then created a new cc record with the same number but a different expiration date, the original record was overwritten, rather than a new record being created.
I just stared at the thing for like five minutes, gathering the mental strength to reply with something other than "you're an idiot."3 -
TLDR: FUCKING AMAZON SCREWING SHIT UP
Alright here we go:
So I bought a SmartWatch on Amazon yesterday and I chose overnight delivery so it should have been delivered today. I was all excited and then I went to sleep. When I woke up I checked if they shipped my order and guess what... Amazon fucking told me to choose another payment option and I was only able to choose a credit card... I dont even fucking have a credit card and why the fuck didnt you tell me right away when I selected my usual payment method? A big FUCK YOU to Amazon. I bought the watch on ebay now and it will arrive on saturday and Im so mad about it...2 -
Just fucking hate how expensive and hard to find a cheap SMS gateway
And as in cheap, I mean cheap as send email
I found Cheap Global SMS and it doesn't have a professional website nor a good API but it is way more cheap
Downside? I must pay with a payment gateway made by the same company (coincidence?)
And NO WAY I'm sending my id to a payment gateway that no one uses
I'll try sending some random image to see if they accept it
But, still, no confidence to put my credit card in there2 -
Got fed up with my bank. Scheduled five daily payments to transfer $0.01 from my transaction account to my credit card every day each. Is it considered spamming their DBs?7
-
!Rant, story
That one time my brother received a call from some Indian dude that "worked" for Microsoft, who was alerting him about a "virus".
My brother (who was in his mid teens at the time) downloaded a program that the guy linked him to, and consciously installed it to allow the dude to take over his computer. Then, with full power over the computer, guy started doing shady stuff and offered him a one year protection for $99.
Thank God mom knew what was up when he asked for her credit card info...
*facepalm*9 -
Laracasts is no longer accepting debit card payments ☹️ time to use my mom's credit card and just pay her lol 😂
Is shipping docker course - Chris Fidao course, accepting debit card payments? Thanks! -
Hello everyone!
Since this is such a cool community with so many app devs, I though it would be cool to share with you all a project the company I work with its currently developing.
The name is appcoins, and it's a blockchain project that aims to solve 3 big problems that devs, users, Appstores and oems face everyday in the current apps ecosystem:
- the advertising: create a trustworthy advertise system for your apps, where you can actually invest money that will be spent on users that will use your apps; currently is a system where everyone is trying to fool everyone.
- Malware and Adware detection: create a system powered by the community to rank dev's apps, using a reputation system, and dispute by bidding. currently it's an unscalable system, with many detection flaws.
- In app billing (aka IAB): offer a new and easy way for users to buy cool things in your app, even if they don't have access to a credit card or other payment methods. Users will be rewarded by trying out your cool apps. Also opens the door for payments with crypto currencies in AppStores.
This is just a quick overall idea of the all project. If you're interested, checkout the website https://appcoins.io/
If you've any question or suggestion, let me know and I'll try to answer as best as I can, or redirect to my devRant coworkers.
Any feedback you may have, feel free to share it! This system is designed for us all devs, so your input is really appreciated.
Thank you all, and sorry for the long post. -
!rant
This is fucking how you do it!
Ticketmaster UK had a "data security incident" where they don't really know if any data was actually leaked/stolen/"accessed by an unknown third-party" — their response:
1. Disable the compromised service across their platforms
2. Send a mail to any customer that may have been affected (I got one in Danish because I had only interacted with them through a Danish subsidiary)
2b. All notified customers have their passwords reset and must go through the "Forgot password" process; the _temporary_ password they sent me was even pretty nicely random looking: ";~e&+oVX1RQOA`BNe4"
3. Do forensics and security reviews to understand how the data was compromised
3b. Take contact to relevant authorities, credit card companies, and banks
4. Establish a dedicated website (https://security.ticketmaster.co.uk/...) to explain the incident and answer customer questions
5. "We are offering impacted customers a free 12 month identity monitoring service with a leading provider. To request this service please visit [this page]"
EDIT: As mentioned and sourced in the first comment, the breach was apparently noticed by a banking provider and reported to Ticketmaster on the 12th of April and later to Mastercard on the 19th of April.
Ticketmaster's internal investigation found no evidence of breach (which makes sense, as it wasn't an internal breach), but when Mastercard issued an alert to banks about it on the 21st of June, Ticketmaster followed up by finding the actual breach and disabling the breached third party service on the 23rd of June.
I still think they did the right thing in the right way...2 -
Am I in developer hell already? A shitty project is about to come to an end (hopefully), or should I rather say: It needs to come to an end. But I am still quite lost in how to deal with it, hence procrastinating on it - making the deadline come closer and with it the realization that I'll probably have to rewrite almost everything. I'm not sure how, but I do know that the current code is a dumpster fire.
Basically what I need to do is dealing with the APIs of different payment providers/gateways (like PayPal, AmazonPay). For most cases I'll get a payment ID from the shop and need to act on it later, e.g. capture the authorized money in the case of a credit card transaction or do refunds (without user interaction, unless there is an error). Now at first I put something together where I try to abstract the payment information into two tables:
orders{1}<->{0..n}payments
payments{1}<->{1..n}paymentDetails
Unfortunately trying to abstract the different payment methods and to squeeze them (and their different possible stati and functions) in these tables was not very successful, it's a total mess with magic numbers, half-broken behavior and without any consideration for partial payments/captures or unfinished requests (i.e. if there is an exception before the response is dealt with, there is no indication that anything has ever been sent). Also the current amount is calculated through the history of the paymentDetails table, which basically works differently for each payment type.
How to fix this mess in a way that I'll still have a job by next week?
I'm trying to improve the db schema first, as I think my biggest problems are lying there. Through some research I've come across a recommendation for making payment type specific subtables (with a magic number/string in the main table to prevent having to look up all subtables). That way I can record what I send and receive without having to abstract it too much, so I'll have an acceptable transaction log. The paymentDetails table can be removed (necessary fields go to the payments table). The payments table gets multiple fields for the amount (differentiating between open, authorized, captured, processing and refunded values) and always reflects the current status.
Tables:
payments
paymentRequestsPaypal
paymentRequestsAmazonpay
paymentRequestsXyz
I think I'm going in the right direction here. hm. Maybe there's some light at the end of this long, dark tunnel. Or a train. I'll have two days to find out.question kill me already send help thank you for being my rubber duck payment gateways deadline approaching rant/question burnout6 -
Screw our credit card processor so hard. The powers that be decided to sign with them because their rates were better. That's it. Never mind the fact that they don't make/work with mobile readers, which we need. Never mind the fact that their app is trash and is lacking basic features. Never mind the fact that their support is non-existent. Never mind the fact that when I request a new POS machine, I don't hear back for 6 months, and have to follow up again only to find they forgot about it. Never mind the fact that their POS machines can't handle 2 merchants like our ancient, "out-dated" one could, and so we need to spend double the money and have 2 POS machines sitting on the counter. Never mind the fact that their website is trash and lacks basic functionality. Never mind the fact that I cannot manage our user list (which changes CONSTANTLY), or even VIEW IT. I need to email them for all of this, and they may or may not respond. Never mind the fact that I'm going to spend my entire Friday scrolling through thousands of transactions, looking for one specific one, because their website doesn't even allow me to search for a specific transaction amount. Never mind all of that. Slightly lower rates, baby!1
-
Anyone got any idea what hardware this is? Tempted to buy one and put openwrt on it as a credit card router... For that need to know what openwrt target I could flash.
Already found a USB step up converter to power it
https://s.click.aliexpress.com/e/...
(Yes, I know I could use an old Pi but I hope the power consumption is lower)18 -
These past few days were the first days in ages that I actually had time to work on a project. It is also the first time in ages that I pulled all nighters to code. Being reminded of the feeling of putting on some headphones and hacking away on this project was the best feeling I've ever had in so damn long. God I love programming.
If you wanted to know what the project is:
We got an end of year project in comp sci at school and we got a lot of freedom for what we were required to do so I got the idea of creating bank management software cause it seemed pretty simple. But then I started the project and realized how much more I could do with this. So I've been working on an entire bank management program including account creation, database creation, file encryption, payment options, and credit/debit card attaching. It is currently text based but I'd like to create a gui in the time we have left to finish. I'd also like to incorporate more features that come to mind. -
Recently I made a dumb mistake :(
I have applied for credit card online and they have call me and asked me for info and send some messages which I need to forward someone that contain codes.
After that they ask for some docs, salary slips and bank statement etc. I got stuck for some tax forms.
So one day they just called that its ok if you can't submit your tax docs , we can make verification through debit card, I thought the call was genuine and I am in cc process, I shared my pin. and wohaaaa. my balance was deducted :( Thats was indeed a scam call.7 -
In the modern world, a human is not a human. The human is only human if they have ID, passport, insurance, bank account, credit card, facebook, covid certificate. Otherwise you’re nothing3
-
WHAT THA SHIT FUCK!!!
FUCKING HEROKU
so I've got an apl running on heroku and yes its a free account
Apparently apps running on free accounts are turned off after an hour of not receiving requests
Ok that's reasonable
So I did some digging and found out there are free solutions to keep your app running
Ok thats good even on heroku there is a free add-on for that
Ok I click on add add-on
AND FUCK SHIT!!!
a huge ass red notification flashes
"//some SH
Verify your account and provide your credit card details
"
IT FUCKING SAYS {FREE}5 -
If you ever added your credit card just to test the Azure Free Trial Subscription in hopes of removing it when the trial is over. I'm sorry man, you're fucked! Like right in the ass!3
-
Obviously credit card companies, banks, etc. do not use MySQL. So what database do they use to keep data secure?7
-
The credit card autocomplete function of Google chrome issues TWO bank statements each autocomplete. 1. -1$ 2. +1$ :/
-
how bad is the collegeboard website? let's just say that after registering for an sat, firefox prompted me if i wanted to save the login credentials, with the username being my zip code and the password being my credit card cvv
like, how fucking hard is it for a national company who charges $99 per test that kids take every year to set up their fucking website properly
god damn, fuck college board
and yes, i am mad about a lot more than that one little thing
"non-profit"2 -
Thank you crappy Starbucks app requiring me to refill my Starbucks card in order to pay via the app.
I was first going to rant but this "feature" saved from buying food that actually looks like crap in the store...
Long version: I got an email about the birthday reward (free any side (Large) drink) a few days ago so redeemed it this morning via the app. I sorta felt bad so added a dessert roll so that I would pay something.
Well at the checkout it said need to pay by Store Card.... Under that, it listed my credit card and refill amount. Well WHY THE FUCK CAN'T I JUST USED MY CARD. I am not a regular customer but hey it's $6 for the drink. Anyway so I removed and now it keys me check out without a refill.
Then dragged my ass out of bed because somehow I accidentally ordered... walked to the store. Wanted to order but then saw the actual food and was like "ok let's just get my coffee..."
Picks it up at the pickup spot and quietly walks out looking at all the people in the store wondering why they like this stuff.
The coffee was just like McDonald's to me...4 -
At starting of my professional career I was part of an android project for a big credit card company. I used love the UI and colors in it. With all the tablets and phones around, people used to see me like a geek 😀
But UI guidelines and UX of that project, never got such extensive guidelines again. It used to make the development so easy. -
good afternoon, of casuality someone know some alternative for google cloud vision for free? or how to use google cloud vision without credit card?2
-
Github be like:
Want control on your files? Host your own LFS!(This goes the same even for those who are buying their storage packs for boosting their LFS storage by giving money)
FUCK THIS SHIT... I am a poor student. I also don't have a fucking credit card!! Can't you improve your system instead of asking people to host their shit themselves?
Also, why do they even have access to deleting user files??!! They literally asked me to give a sha sum of files I want to restore so they can delete the rest as one option and providing hashes of files to be deleted as another.
And the hashes are not even secret(as the files are in an open repository).
Which means, if you have a large file on a public repository and animosity with a github staff, BOOM! That file is no more!!9 -
I’m harvesting credit card numbers and passwords from your site. Here’s how.
The state of npm is just 😢
https://hackernoon.com/im-harvestin...1 -
Fuck heroku
Keep refusing to verify my credit card information.
Weird field on their form , that nobody really know what they are asking for.
Billing address line 1
Billing address line 2
State/province (I have provided my country before, so I don't know what to insert here)
Please help3 -
Someone earlier today posted a rant about a credit card security conference sending them account details with a plain text password in an email. The password appeared to be 1 use temporary password that the user would change on first login. Assuming one does not actually store plain text passwords, what is the downside to a single use password Vs a single use link to set a new password?1
-
I hate how Amazon is "randomly" selecting orders changing them so they can only be paid with a credit card :/1
-
Trying to prototype a credit card-sized handheld emulator with The RasPi Zero and a 1.5" screen. Getting real frustrated with the lack of Wifi on the Zero. 😅 Does anyone know of a good guide to share Internet between a computer and a RasPi Zero over USB?2
-
Anybody fluent in Adobe Illustrator, with 30 minutes of spare time feeling unlikely generous today?
I need a tiny, tiny, tiny and simple shape/logo to be done, but my credit card is locked until next month due to previously put (by me) limit.
I can only pay in special thanks on the projects (open source) page. -
Okay, so a bit of context. I got this AWS credit as some kind of reward for participating in some startup hackathon. Okay no big deal, Imma just redeem it on my personal AWS account and load up some EC2 instances for my bois to stage stuffs up there. No big deal
Until the fucking credit expire. Normally you guys would think AWS would be professional and send some kind of email about the about-to-be-expired credit but fuck no. They decide to be a cunt and start piling charges on my debit card instead.
Unlucky for them because I, being sensible, didn't put too much money in the debit account. The cunts at AWS tried to charge me but they failed.
Guess what motherfuckers, I've just changed my payment method and lock my cash just in case. Ban my account, I don't care, I don't really use it that much anyway, you won't get another penny from me.
Fucking capitalist pigs1 -
URGENT:
How an online supplier charge their clients with huge amount >40k monthly in an automated way ? ?
Context:
i am building a huge b2b international online service that will require clients to pay between 1000 usd to 400'000 usd per month.
The system is build on top of an e-payment api (stripe) that enable the system to work based on regular fully automated credit card authorization and capture system.
Everything works fine in dev mode. But when we will move to production, the amounts are so huge that they exceed the max limit of any-credit card, even the corporate's ones.
So that makes me wonder, how automated services (aws, gcp etc) charge huge invoices for their clients in an automated way without using credit cards...
Please help11 -
Need to make a secure app for iOS to access and store credit card information. What database should I use?1