Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "exploitation"
As a long-time iPhone user, I am really sorry to say it but I think Apple has completed their transition to being a company that is incompetent when it comes to software development and software development processes.
I’ve grown tired of hearing some developers tell me about Apple’s scale and how software development is hard and how bugs should be expected. All of those are true, but like most rules of law, incompetence and gross negligence trumps all of that.
I’m writing this because of the telugu “bug”/massive, massive security issue in iOS 11.2.5. I personally think it’s one of the worst security issues in the history of modern devices/software in terms of its ease of exploitation, vast reach, and devastating impact if used strategically. But, as a software developer, I would have been able to see past all of that, but Apple has shown their true incompetence on this issue and this isn’t about a bug.
It’s about a company that has a catastrophic bug in their desktop and mobile platforms and haven’t been able to, or cared to, patch it in the 3 or so days it’s been known about. It’s about a company, who as of a view days ago, hasn’t followed the basic software development process of removing an update (11.2.5) that was found to be flawed and broken. Bugs happen, but that kind of incompetence is cultural and isn’t a mistake and it certainly isn’t something that people should try to justify.
This has also shown Apple’s gross incompetence in terms of software QA. This isn’t the first time a non-standard character has crashed iOS. Why would a competent software company implement a step in their QA, after the previous incident(s), to specifically test for issues like this? While Android has its issues too and I know some here don’t like Google, no one can deny that Google at least has a solid and far superior QA process compared to Apple.
Why am I writing this? Because I’m fed up. Apple has completely lost its way. devRant was inaccessible to iOS users a couple of times because of this bug and I know many, many other apps and websites that feature user-generated content experienced the same thing. It’s catastrophic. Many times we get sidetracked and really into security issues, like meltdown/spectre that are exponentially harder to take advantage of than this one. This issue can be exploited by a 3 year old. I bet no one can produce a case where a security issue was this exploitable yet this ignored on a whole.
Alas, here we are, days later, and the incompetent leadership at Apple has still not patched one of the worst security bugs the world has ever seen.79
It's funny, whenever the subject of facebook vs privacy comes up (mostly I don't even initiate those convo's), people always start to defend facebook when I say that I THINK that facebook is build to get people addicted to it and get them to stay on facebook as long as possible.
Haha, one of facebook's early investers/ex facebook presidents said the following in an interview:
“It’s a social-validation feedback loop, exactly the kind of thing that a hacker like myself would come up with, because you’re exploiting a vulnerability in human psychology.”
So even an ex president of facebook is admitting this.
I also found the folloing a good one:
The underlying thought process while creating platforms like Facebook or Instagram is something like “How do we consume as much of your time and conscious attention as possible?”
Last but not least, the part I found the most scary:
“God only knows what it’s doing to our children’s brains.”
Yes, I find this scary.
Oh yeah and for the people who are going to call bullshit on this one, I've got one source and if you search engine on the title of that article then you'll find loads of websites having that story:
Dear people who think Microsoft buying GitHub is fine because Microsoft is more supportive of open source than before.
Here's the facts.
1) Microsoft is a large tech company investing in many things. That's a fact.
2) If Microsoft were to exploit GitHub, it would be a benefit to other departments in Microsoft. This is also a fact.
(For example, if tomorrow GitHub was tied to azure or some annoying shit like that.)
3) If such exploitation occurs, it will most likely be to the detriment of the free community of developers. This is a highly probable outcome.
4) The only question now is this.
"Does Microsoft care about open source enough to cut down on potential profit."
The answer of any sane, unbiased individual had to be no.
This is why people leave GitHub today. It is NOT because some childish hatred for Microsoft. In fact, I would've personally moved out of GitHub if "any" other large tech company had bought it, thereby compromising it's neutrality.
"What's new" for the latest MIUI update on my phone. I wonder how they finally managed to convince the alarm clock to work on holidays. 🤔1
Hackathons are really getting obvious in their employer fantasies...
Wired has a great article on the exploitation of hackathons:
A follow up for this rant : https://devrant.com/rants/1429631/...
its morning and i have been awoke all night, but i am so happy and feel like crying seeing you people's response. :''''') Thank-You for helping a young birdie like me from getting exploit.
In Summery, I am successfully out of this trickery, but with cowardice, a little exploited and being continuously nagged by my friend as a 'fool'.
Although i would be honest, i did took a time to take my decision and got carried away by his words.
After a few hours of creating a group, he scheduled a conference call , and asked me to submit the flow by which my junior devs will work.
At that time i was still unclear about weather to work or not and had just took a break from studies. So thought of checking the progress and after a few minutes, came up with a work-flow, dropped in the group and muted it.
At night i thought of checking my personal messages , and that guy had PMed me that team is not working, check on their progress. This got me pissed and i diverted the topic by asking when he would be mailing my letter of joining.
His fucking reply to this was :"After the project gets completed!"
(One more Example of his attempts to be manipulative coming up, but along with my cowardice ) :/
WTF? with a team like this and their leader being 'me'( who still calls him noob after 2 internships and 10 months android exp), this project would have taken at least one month and i was not even counting myself in the coding part(The Exams).
So just to clarify what would be the precise date by which he is expecting the task, to which he said "27th"(i.e, tomorrow!)
I didn't responded. And rather checked about the details of the guy( knew that the company was start-up, but start-ups does sound hopeful, if they are doing it right) .A quick social media search gave me the results that he is a fuckin 25 year old guy who just did a masters and started this company. there was no mention of investors anywhere but his company's linkedin profile showed up and with "11-50" members.
After half an hour i told him that am not in this anymore, left the group and went back to study.(He wanted to ask for reasons, but i denied by saying a change of mind ,personal problems, etc)
Well the reality is over but here comes the cowardice part:
1)Our team was working on a private repo hosted on my account and i voluntarily asked him to take back the ownership, just to come out of this safely w/o pissing him off.
2)The "test" he took of me was the wireframe given by their client and which was the actual project we 5 were working on. So, as a "test", i created 15 activities of their client's app and have willingly transferred it to them.
3) in my defence, i only did it because (i) i feared this small start-up could harm my reputation on open platforms like linkedin and (ii)the things i developed were so easy that i don't mind giving them. they were just ui, designed a lot quickly but except that, they were nothing(even a button needs a code in the backend to perform something and i had not done it) . moreover, the guys working under me had changed a lot of things, so i felt bad for them and dropped the idea of damaging it.
Right now am just out of sleep, null of thoughts and just wondering weather am a good person, a safe player or just a stupid, easily manipulated fool
But Once again My deepest regard from my heart for @RustyCookie , @geaz ,@tarstrong ,and @YouAreAPIRate for a positive advice.
My love for devrant is growing everyday <3 <3 <3 <36
Putty remote executuon vulnerability(no patch yet)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to unspecified input validation error when processing data, received from SSH server. A remote attacker can trick the victim to connect to a specially crafted SSH server and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.7
Clicks "Exploitation and Enumeration" category.
Clicks "Python (HARD)" challenge.
"What is a key that passes the code?"
Opens Python file and sees one line of nested lambda expressions spanning 1,846 characters (no spaces)
NSA is seriously hiring on SO. Even with happy YouTube video under it. Like nothing is happening.
It must be freezing in hell atm I guess
THE RAT-RACE ARC:
I get a mail 2 months into this fiasco telling me to register on their website and take up another test. I was already over with my emergency and was working my full-time default. (Fortunately I found another internship during this time which was one of the best initiatives I've worked with).
It asks me to register as a new user, take up the test and "share" my results. Not pushing it on insta/fb but legitimately share my test results link to my friends manually like a referral code. The more shares the more marks I'll get in the test. Why the test you ask. Of course to sign you up for the same Whatsapp trickery bullshit.
Luckily these nutcases didn't know they could be bypassed. I simply opened the link in incognito and logged in with my own account and that counted as a point. So I automated that shit.
Surprise surprise. The same fucking "Hello everyone" message into my mail. To my surprise I was relatively lucky to get ghosted after my attempt. This story is quite depressing in general cases. You're supposed to do this assignment shit for 2 months and then they ask for 2000 INR for a training period, past which you are paid between 1000/- and 7000/-. Though I didn't get the chance but I'm willing to bet you get 1000/- per month in a 2-MONTH INTERNSHIP. WTF.
You also have the other option of ranking first in their 3 consecutive competition that they hold. The theme is again to create chunks of their actual outsourced work.
The reason why this rant sparked is because I recently received an email with my results of the aptitude exam that I first took before the Whatsapp fiasco. I imagine they just pushed out a new update to their test thingy and forgot to set it's limit.
THE CORRECTION ARC:
I pushed this message to Internshala. They were kind enough to remove them from their website. I also shot down their Angel and Indeed listings. I sent a strongly worded email counting their con-artist operations and how I've alerted authorities (obviously a bluff but I was enjoying it). They most probably are not affected by this though. They might still be continuing their operations on their website.
I'm sharing the story here with the moral of:
Don't do jackshit if they're not compensating you for it
Always check for reviews before you start working at a place.
Be cautious of bulk messages (and the infamous HEY GUYS!! opening)
Don't do anything outside your work specification at least while doing an assignment.
You're free to question and inquire respectfully about the proceedings.
If you're good at your job you'll get good working place. No need to crush yourself with an oppressive job due to external restrictions.
And if you manage a company, please don't take advantage of helplessness.
There's no good ending to this tale as I have not received a follow-up. Though I want to see scumbags of their calibre shot down without remorse.
Good bye and thank you for listening.2
I don't really know what I should be feeling right now.
So its been 2 years at my company and im still considered a junior dev. There's a pay freeze, meaning there's no chance for me to move up the ladder.
And yet, as of today, I am being asked to head up both the design AND development of a prototype file cloud sync engine that will replace our current sync application that's been worked on for 4+ years now (yeah, its legacy). And I'm 100% on my own, at least for a while, untill someone else comes around.
I still reside under the title 'junior dev' and am paid as such. I don't mind challenges, but this just feels like a bit much. Heck, I'm sure maybe I could even do it too, but I don't feel like im being compensated or given a higher title to reflect that sort of responsibility. I've tried to tell my manager I don't feel comfortable with this, but they've insisted I head this up.
I feel kind of locked up inside, I don't even really want to start working on it because I feel angry that I would be given such a huge project to do all on my own, while being called a junior, and without anyone to fall back on.
What should I do? Do I refuse the responsibility? Do I see it as a challenge that will help me grow? Or do I see it as an exploitation?13
I have mixed feelings about Qbit research. On one hand, I want it to be open source as much as possible. But the the same time, we give "them" faster access to faster and easier manipulation and exploitation of many things than ever.
(edit: grammar, I'm drunk)
Finally ordered "Hacking: The Art of Exploitation" from Amazon :) Really looking forward to this new read!11
I read this rant on Quora. Is this true ?
“The IT industry has devolved into a gigantic ponzi scam built on exploitation and BS. Quality of solution and quality of work was replaced with a ‘Does it work now?’ approach with zero contingency.
And the fact that geeks and nerds are naive only helps the white collar crooks to exploit them as code monkeys.”12
Corporate world is changing among big tech enterprises: authority and abuse schemes are changing. Happiness as a business model is already a big thing.
Whereas small-medium sized tech enterprises are still living in the past. Rich and abussive bosses, underpaid talented employees, absurd and strict rules, absurd and unnecessary requirements, etc., are still a thing.
My guess is that human-exploitation-as-a-business-model in tech industry is going to vanish almost entirely in the next decade.10
I just got a call from Satya. He informed me that Microsoft has successfully acquired the Linux kernel and all future development will be closed sourced.
Here's a sneak peek of the official announcement:
There will be a newer version released tomorrow that will include the Windows desktop environment as well as patch a critical 0-day security flaw that was recently discovered in all versions of Linux.
To prevent exploitation, we will activate a kill switch which will disable all systems running any flavor of Linux next week.
Thus we advise you upgrade ASAP, existing users can get the latest version online for $500.8
The anti-brigade are at it again !
Experts want more than 85% of the solar system to be marked as off-limits for those looking to cash in on the galactic gold rush.
I'm sure every country in the world is going to sign up to that treaty..
MOST of the solar system must be protected from damaging space mining and industrial exploitation, top scientists have warned.
No chance this is 97% of scientists is it..
Come on guys, this is ridiculous now to the extreme.
We don't need to protect a bunch of dumb rocks !
What we need is more useful stuff, like car batteries, made from asteroids.
“Once you’ve exploited the solar system, there’s nowhere left to go.”
Except maybe, "another solar system"..
They have estimated an eighth of the solar system’s mineable resources would be used up in just 400 years.
You mean, turned into trash, that we could recycle..
And what about the rings of Saturn? They are beautiful, almost pure water ice. Is it OK to mine those so that in 100 years they are gone?
Oh yes, those are so beautiful aren't they, as I often go out on dark night and watch them from afar...
Its stupid to define reasons to be something, but even more stupid to define not to be something.
I liked to play games. So today am a dev. My friend hated games , was passionate about bio and today he's also an even better dev. Another person has a totally different story and he's a dev too. We all have our personal reasons to be or not to be something, but the important word here id 'PERSONAL' , not 'reasons'.
"You are girl so you can't code", "you hate maths so you can't code", "you can't sit in front of laptop 24 hours, so you can't code " , "you can't tolerate casual office toxicity, so you can't code" ~~ yo what the fuck ?
Its a job. Its exhaustive, demanding ,tiring thing but still a job; that you can do for next 40 years and expect a living. It demands some knowledge ,dedication and sacrifices. People would find achieving that knowledge+dedication easy or difficult but that doesn't define the profession.
Also its a job that is done by people. And people are social animals who like to work with similar natured people . And its not wrong if a person is not a 100% replica of another . Thus what's "hardwork" and "dedication" and "fast paced" for one is "exploitation" and "negetive-environment" for another and therefore they can't work together. Like a mattress, we just have to reach the job that covers us and our goals comfortably( or settle for one that doesn't)
Surely there could be reasons why a person is a good or successful dev, but there can't be reasons to not be a dev.
I was thinking of writing a small contradictory point like "apart from physical reasons like not having eyes or hands there can't be a reason not to be a dev" but i just remembered that even there the world has proven me wrong. Blind people are coding, disabled people are coding, kids are coding , oldies are coding, what could be a possible reason to not code, except our own personal reasons?
The "job" tag is something that is very difficult to achieve by some profession, but coding and tech have achieved this tag( i wish that just sleeping , eating and fucking becomes a job someday too, but well) . And that too without a dead end. So if anyone wishes to explore the world of computers, they should be welcome, provided they know what this line requires and demands (in general)4
Today my teacher said to not even touch our PC's because we can destroy them... It's not like we're already 18 and he's supposed to teach us how to use and repair them because the school subject is called "exploitation of computer technology devices". Also he said we can use books while exams so I wasted my time on learning where is every option in kmail, hopefully there was more questions about terminal and FTP... (I wanted to pass this exam with my own knowledge to learn anything and there's my 100%). This guy is so annoying :/4
If a pentester find a very critical bug and the boss is not aware of him knowing this type of exploitation (no one is expecting him to find such flaws)
Should he report it ? Or reporting will make him suspicious ?4
Hey guys, so i have been sitting this Weekend on a CTF and was wondering... Do you guys happened to do CTF's as well?
Why focus where definitely on Reversing and Misc Challenges.
I also helped with Binary Challenges since i believe i could definitely learn a lot by solving those. (I just don't know how to write actually exploits :( )
Interested in your guys stories!
I was pleased when i finished an esolang challenge! :D3
How can I efficiently learn from a book?
For example: I recently bought the books Violent Python and the art of exploitation. Just read those books, try to understand it and then pratice?4
What is the best source for learning x86 asm and binary exploitation? Got any recommendations for me? (books?) I already know godbolt.org I'd also be interested in optimisation.6