As a long-time iPhone user, I am really sorry to say it but I think Apple has completed their transition to being a company that is incompetent when it comes to software development and software development processes.

I’ve grown tired of hearing some developers tell me about Apple’s scale and how software development is hard and how bugs should be expected. All of those are true, but like most rules of law, incompetence and gross negligence trumps all of that.

I’m writing this because of the telugu “bug”/massive, massive security issue in iOS 11.2.5. I personally think it’s one of the worst security issues in the history of modern devices/software in terms of its ease of exploitation, vast reach, and devastating impact if used strategically. But, as a software developer, I would have been able to see past all of that, but Apple has shown their true incompetence on this issue and this isn’t about a bug.

It’s about a company that has a catastrophic bug in their desktop and mobile platforms and haven’t been able to, or cared to, patch it in the 3 or so days it’s been known about. It’s about a company, who as of a view days ago, hasn’t followed the basic software development process of removing an update (11.2.5) that was found to be flawed and broken. Bugs happen, but that kind of incompetence is cultural and isn’t a mistake and it certainly isn’t something that people should try to justify.

This has also shown Apple’s gross incompetence in terms of software QA. This isn’t the first time a non-standard character has crashed iOS. Why would a competent software company implement a step in their QA, after the previous incident(s), to specifically test for issues like this? While Android has its issues too and I know some here don’t like Google, no one can deny that Google at least has a solid and far superior QA process compared to Apple.

Why am I writing this? Because I’m fed up. Apple has completely lost its way. devRant was inaccessible to iOS users a couple of times because of this bug and I know many, many other apps and websites that feature user-generated content experienced the same thing. It’s catastrophic. Many times we get sidetracked and really into security issues, like meltdown/spectre that are exponentially harder to take advantage of than this one. This issue can be exploited by a 3 year old. I bet no one can produce a case where a security issue was this exploitable yet this ignored on a whole.

Alas, here we are, days later, and the incompetent leadership at Apple has still not patched one of the worst security bugs the world has ever seen.

I fucking hate toxic positivity. Every fucking corporation pushes the notion that "lifE iS aWeSomE, wE cArE abOuT pEoPle" and other such bullshit, and when you point it out, they call you a bad, toxic person.

No, you don't care about your community, let alone the whole world. You're just trying to make people believe that spyware, wage slavery and being fired by a neural network is the norm. You're making money off of those who don't have a choice.

If you account all people, not just American white rich 1%, it turns out that for the vast majority of people life is either an uphill battle or straight up nightmare. People are working in shifts and have no time or emotional resource to spend on themselves. Most of the people can't afford a house or a flat. Even those who can still suffer from mental illnesses, to the point where there are more mentally challenged people than mentally healthy ones. The word "neurotypical" meaning "mentally healthy" is wrong.

You want nothing but to sell your stuff and earn more money off of Chinese and Indian factory workers who work 16-hour shifts. Maybe your life is great, but aggressively pushing this notion is a big, wet spit in the face of humanity.

Fuck you. Fuck your space rockets. Fuck your twitter accounts. Fuck your institutionalized exploitation of the weak. Fuck your products. Fuck your "open source". Fuck your "GDPR compliance". Fuck your offshores, your hedge funds and your tax evasion. Fuck your bailouts. Fuck your ships spilling tons of crude oil, fuck your factories, fuck your slave labor, fuck your anti-suicide nets in Chinese dormitories.

One day, because of you, our planet will become unlivable. You will hop into your fancy space rocket to go to that top-1% elite Mars colony. Nice job.

But I will pray for a solar flare to hit you and turn you and your fucking rocket into radioactive ash.

Dear people who think Microsoft buying GitHub is fine because Microsoft is more supportive of open source than before.

Here's the facts.

1) Microsoft is a large tech company investing in many things. That's a fact.

2) If Microsoft were to exploit GitHub, it would be a benefit to other departments in Microsoft. This is also a fact.

(For example, if tomorrow GitHub was tied to azure or some annoying shit like that.)

3) If such exploitation occurs, it will most likely be to the detriment of the free community of developers. This is a highly probable outcome.

4) The only question now is this.

"Does Microsoft care about open source enough to cut down on potential profit."

The answer of any sane, unbiased individual had to be no.

This is why people leave GitHub today. It is NOT because some childish hatred for Microsoft. In fact, I would've personally moved out of GitHub if "any" other large tech company had bought it, thereby compromising it's neutrality.

Edit: spelling

Hackathons? No thanks, I don't participate in self exploitation tournaments.

Putty remote executuon vulnerability(no patch yet)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to unspecified input validation error when processing data, received from SSH server. A remote attacker can trick the victim to connect to a specially crafted SSH server and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Clicks "Exploitation and Enumeration" category.
Clicks "Python (HARD)" challenge.

"What is a key that passes the code?"

Opens Python file and sees one line of nested lambda expressions spanning 1,846 characters (no spaces)
*Cries*

"What's new" for the latest MIUI update on my phone. I wonder how they finally managed to convince the alarm clock to work on holidays. 🤔

Websites that show a notification dot the first time I visit with zero interaction from my end: I hope you die. This is terrible exploitation of UX, and unless I really need something, I'm leaving the site within seconds.

I have mixed feelings about Qbit research. On one hand, I want it to be open source as much as possible. But the the same time, we give "them" faster access to faster and easier manipulation and exploitation of many things than ever.

(edit: grammar, I'm drunk)

(Part 2/2?)

THE RAT-RACE ARC:

I get a mail 2 months into this fiasco telling me to register on their website and take up another test. I was already over with my emergency and was working my full-time default. (Fortunately I found another internship during this time which was one of the best initiatives I've worked with).

It asks me to register as a new user, take up the test and "share" my results. Not pushing it on insta/fb but legitimately share my test results link to my friends manually like a referral code. The more shares the more marks I'll get in the test. Why the test you ask. Of course to sign you up for the same Whatsapp trickery bullshit.

Luckily these nutcases didn't know they could be bypassed. I simply opened the link in incognito and logged in with my own account and that counted as a point. So I automated that shit.

Surprise surprise. The same fucking "Hello everyone" message into my mail. To my surprise I was relatively lucky to get ghosted after my attempt. This story is quite depressing in general cases. You're supposed to do this assignment shit for 2 months and then they ask for 2000 INR for a training period, past which you are paid between 1000/- and 7000/-. Though I didn't get the chance but I'm willing to bet you get 1000/- per month in a 2-MONTH INTERNSHIP. WTF.

You also have the other option of ranking first in their 3 consecutive competition that they hold. The theme is again to create chunks of their actual outsourced work.

WHY NOW:

The reason why this rant sparked is because I recently received an email with my results of the aptitude exam that I first took before the Whatsapp fiasco. I imagine they just pushed out a new update to their test thingy and forgot to set it's limit.

THE CORRECTION ARC:

I pushed this message to Internshala. They were kind enough to remove them from their website. I also shot down their Angel and Indeed listings. I sent a strongly worded email counting their con-artist operations and how I've alerted authorities (obviously a bluff but I was enjoying it). They most probably are not affected by this though. They might still be continuing their operations on their website.

I'm sharing the story here with the moral of:

Don't do jackshit if they're not compensating you for it

Always check for reviews before you start working at a place.

Be cautious of bulk messages (and the infamous HEY GUYS!! opening)

Don't do anything outside your work specification at least while doing an assignment.

You're free to question and inquire respectfully about the proceedings.

If you're good at your job you'll get good working place. No need to crush yourself with an oppressive job due to external restrictions.

And if you manage a company, please don't take advantage of helplessness.

There's no good ending to this tale as I have not received a follow-up. Though I want to see scumbags of their calibre shot down without remorse.

Good bye and thank you for listening.

Since graduation, I have worked in IT for 2 years, mostly in testing and implementation side. Finally I got a developer position in the field I wanted (Data Engineering). I had never thought that it would be such a soul crushing experience. My current company is very notorious for its bad management practices, but there is indeed a bigger picture to this. The IT industry in general has devolved into a gigantic ponzi scam built on exploitation and BS. Quality of solution and quality of work was replaced with a ‘Does it work now?’ approach with zero contingency. And the fact that geeks and nerds are naive only helps the white collar crooks to exploit them as code monkeys. Fuck all of this!

I don't really know what I should be feeling right now.

So its been 2 years at my company and im still considered a junior dev. There's a pay freeze, meaning there's no chance for me to move up the ladder.

And yet, as of today, I am being asked to head up both the design AND development of a prototype file cloud sync engine that will replace our current sync application that's been worked on for 4+ years now (yeah, its legacy). And I'm 100% on my own, at least for a while, untill someone else comes around.

I still reside under the title 'junior dev' and am paid as such. I don't mind challenges, but this just feels like a bit much. Heck, I'm sure maybe I could even do it too, but I don't feel like im being compensated or given a higher title to reflect that sort of responsibility. I've tried to tell my manager I don't feel comfortable with this, but they've insisted I head this up.

I feel kind of locked up inside, I don't even really want to start working on it because I feel angry that I would be given such a huge project to do all on my own, while being called a junior, and without anyone to fall back on.

What should I do? Do I refuse the responsibility? Do I see it as a challenge that will help me grow? Or do I see it as an exploitation?

Finally ordered "Hacking: The Art of Exploitation" from Amazon :) Really looking forward to this new read!

I read this rant on Quora. Is this true ?

“The IT industry has devolved into a gigantic ponzi scam built on exploitation and BS. Quality of solution and quality of work was replaced with a ‘Does it work now?’ approach with zero contingency.
And the fact that geeks and nerds are naive only helps the white collar crooks to exploit them as code monkeys.”

I just got a call from Satya. He informed me that Microsoft has successfully acquired the Linux kernel and all future development will be closed sourced.

Here's a sneak peek of the official announcement:

There will be a newer version released tomorrow that will include the Windows desktop environment as well as patch a critical 0-day security flaw that was recently discovered in all versions of Linux.

To prevent exploitation, we will activate a kill switch which will disable all systems running any flavor of Linux next week.

Thus we advise you upgrade ASAP, existing users can get the latest version online for $500.

So I’m reading this book called Hacking: The art of exploitation and I’ve got to admit. It’s one of my favourite books I’ve read. It really gets into the nitty gritty of how programs are laid out in memory and goes over how assembly works, among some other low level concepts. Highly recommend.

Today my teacher said to not even touch our PC's because we can destroy them... It's not like we're already 18 and he's supposed to teach us how to use and repair them because the school subject is called "exploitation of computer technology devices". Also he said we can use books while exams so I wasted my time on learning where is every option in kmail, hopefully there was more questions about terminal and FTP... (I wanted to pass this exam with my own knowledge to learn anything and there's my 100%). This guy is so annoying :/

If a pentester find a very critical bug and the boss is not aware of him knowing this type of exploitation (no one is expecting him to find such flaws)

Should he report it ? Or reporting will make him suspicious ?

PHP is so insecure and vulnerable that it makes me feel unsafe. It has so many features and settings that can lead to security risks, such as register_globals, magic_quotes, and allow_url_fopen. It also has so many functions that can execute arbitrary code or commands, such as eval, exec, and system.

It is like PHP was designed by a bunch of hackers who wanted to exploit every possible loophole.

How can I efficiently learn from a book?

For example: I recently bought the books Violent Python and the art of exploitation. Just read those books, try to understand it and then pratice?

just another day of developer exploitation

!dev

Personal rant, but as one shouldn't bottle up emotions, probably not so bad idea....

Started with diet and exercise in the vacation, as finally a certain thing starting with C calmed down...

Its maddening how fucked up the world is. Now as a lil private info (that might not be so unknown, shared multiple times here) - my body is a train wreck.

Lungs are fucked, muscle distrophy, some other things are fucked.

I'm the kind of thing every gym trainer dreads - the client that needs not only a lot of ass whooping, but also has a lot of problems that need to be taken care of.

Which is why I rather do exercise at home, cause... My experiences with humans in gyms are bad. Most trainers behave like fucking chimpanzees screaming commands while not listening what one tells them...

First challenge: Find a low impact cardio training.

What one mostly finds is a female chick (which is sad cause I like men more for obvious reasons), that should gain some weight, screaming at ya how great sport is while jumping around like a bunny on ecstasy.
Low impact isn't really low impact when you jump around, lil bunny... And it isn't low impact when you just let yourself fall to the floor and start doing push ups.

If an obese person like me did that, it would end in pain, frustration and an empty fridge TM.

So one has to painfully look and skip through 20 min vids of "Non low impact low impact YouTube / ... vids" to find one that is doable without wrecking the body even further... Yaaaay. That makes one totally not feel depressed :-)

The other thing that I always hate is dieting. Note that I don't have to change much - I'm basically on a diet since years, holding weight the whole time.

The jolly fun is that I can't take off with just an diet. If you never heard that such thing is possible, a lil advice: It is possible. Nothing hurts more than being told that eating less solves all problems magically - cause it doesn't.

What I usually need is added protein, as I suffer from muscle dystrophy in my left side. (hence the low impact vids).

If you go to a grocery store, you most likely find *tons* of protein stuff.

The fun thing is that roughly 80 % of that are - like all things in a supermarket - completely bullshit.

I know one could avoid using protein powder / ... - but that makes dieting a very very very hard task, as one has to not only do a lot of planning, but cooking and eating becomes a depression palooza... It just doesn't make fun when you have to scale components for every meal or force yourself to eat e.g. 250 g of low fat curd cheese to gain the necessary proteins.

Why is supermarket stuff so shitty....

Added sugar / saccharides . When one has been dieting for long for health reasons, one finds out pretty quick that most products (especially those labeled as healthy / fat reduced / "weight loss") are perfectly made to lead to a sugar crisis and binge eating.

I've found protein drinks containing up to 25 g of sugar per drink (330 ml).

A coke has 27 g of sugar per 250 ml...

:) Now isn't that jolly...

I've found my stuff of joy not so long ago (not advertising here, but depending on flavor it has only up to 3 g (!)) of sugar per drink)...

It just annoys me and pisses me off how much money is made - in my opinion deliberately - on the suffering of other people...

Most laws by the way end up being blocked by lobbyists - most nutrient scores etc are just "wrong" or better to unspecific... Making exploitation pretty easy.

It's funny how everyone has an opinion on obese people, everybody is pointing fingers and explaining how stupidly easy it is to take off... And at the same time no one gives a damn about shit like that.

That's all folks. Feeling better now.

By the way, I'm doing fine. I lost 7 kg already, though the train wreck of body was pretty pissed the last two weeks as everything hurts.

Another reason why motivational speeches are dumb in videos: Pain isn't fun. :)

Dev ranting about US foreign policy. Trigger warning!

US has a track record of funding the bloodiest regimes, funding terrorists and then using it to create problems for neighbouring regions. I'll tell you step by step how that's done.

1. Look for opposition in non-aligned/sovereign or even-allied country but opposing viewpoints. (Remember spying on German chancellor, Merkel?)
2. Covertly provide them support (providing fundings, potentially arming them).
3. Slow media propaganda, claim the country is undemocratic.
4. Opposition might stir things up.
5. Paint the current leadership in the sovereign country same as Hitler.
6. Continuous bombardment of propaganda using MSM like CNN, MSNBC, Fox, France24, or bribed insiders.
7. Once the regime is finally toppled, black out the media, and see deals can be made with the opposition (Oil, Military bases, or whatever)
8. Reality: these countries are worse now, but no media coverage because exploitation is complete and no-one gives a shit about democracy or whatever. (If you watch few videos about Iraq, Libya their own people says they shouldn't have toppled their leader.).

What is the best source for learning x86 asm and binary exploitation? Got any recommendations for me? (books?) I already know godbolt.org I'd also be interested in optimisation.