As a long-time iPhone user, I am really sorry to say it but I think Apple has completed their transition to being a company that is incompetent when it comes to software development and software development processes.

I’ve grown tired of hearing some developers tell me about Apple’s scale and how software development is hard and how bugs should be expected. All of those are true, but like most rules of law, incompetence and gross negligence trumps all of that.

I’m writing this because of the telugu “bug”/massive, massive security issue in iOS 11.2.5. I personally think it’s one of the worst security issues in the history of modern devices/software in terms of its ease of exploitation, vast reach, and devastating impact if used strategically. But, as a software developer, I would have been able to see past all of that, but Apple has shown their true incompetence on this issue and this isn’t about a bug.

It’s about a company that has a catastrophic bug in their desktop and mobile platforms and haven’t been able to, or cared to, patch it in the 3 or so days it’s been known about. It’s about a company, who as of a view days ago, hasn’t followed the basic software development process of removing an update (11.2.5) that was found to be flawed and broken. Bugs happen, but that kind of incompetence is cultural and isn’t a mistake and it certainly isn’t something that people should try to justify.

This has also shown Apple’s gross incompetence in terms of software QA. This isn’t the first time a non-standard character has crashed iOS. Why would a competent software company implement a step in their QA, after the previous incident(s), to specifically test for issues like this? While Android has its issues too and I know some here don’t like Google, no one can deny that Google at least has a solid and far superior QA process compared to Apple.

Why am I writing this? Because I’m fed up. Apple has completely lost its way. devRant was inaccessible to iOS users a couple of times because of this bug and I know many, many other apps and websites that feature user-generated content experienced the same thing. It’s catastrophic. Many times we get sidetracked and really into security issues, like meltdown/spectre that are exponentially harder to take advantage of than this one. This issue can be exploited by a 3 year old. I bet no one can produce a case where a security issue was this exploitable yet this ignored on a whole.

Alas, here we are, days later, and the incompetent leadership at Apple has still not patched one of the worst security bugs the world has ever seen.

The spam denier
_____

An old phone conversation with a client:

Me : Hello

Client : My website and server are suspended? why is that?

Me : Your server sends spam messages.

Client : We do not send spam messages, we are on vacation, there is none in the office.

Me : Yes, but it is not necessarily you, according to our logs, your server sent spam messages in Chinese and Russian, so someone from Russia or China....etc.

Client : I do not believe you, we do not speak russian or chinese, how could we then write spam messages in those languages?

Me : I told you, maybe someone exploited some vulnerability in your website or server firewall. And if you want to activate your services, please check with your webmaster and sysadmin to secure your ....

Client: I tell you my son, because I am old and I have more life experience than you ... I am 60 years old and I tell you, spam does not exist, and YOU suspended my website and server, and created issues to sell me more of your solutions and services.

I won't check my server, I won't hire a webmaster or a sysadmin, AND YOU WILL ACTIVATE MY SERVER NOW !

(I suddenly realized that I am talking to a wall, so I switched to a robotic tone).

Me : Please resolve the issue to activate your services..

Client : YOU WILL ACTIVATE MY S...

Me : Please resolve the issue to activate your services...

Client : WHAT IS THIS SPAM STORY ANYWAY, I DO NOT BELIEVE YOU ...

Me : Please google that word and you will understand what is spam is...

Client : YOU ARE F**ING LIARS, SPAM DOES NOT EXIST... ACTIVATE MY WEBSITE N.... Beeeep !

I hang up.

Well, I thought about configuring an automatic response for this client, or a for-loop.

His voice was really unpleasant, as if he is a heavy smoker.

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

I tried DuckDuckGo like two years ago and my opinion was “meh, I don’t like the results”.

Yesterday @Root made it clear that the sole amount of data collected changes the whole perspective of tracking.

I went to shower thinking about that and as I was standing there enjoying warm water...

It hit me.

I liked google results and disliked DDG not because DDG was worse.

I liked google results because they were CRAFTED for ME to LIKE them. They exploited my confirmation bias, the strongest of all biases.

I took my other phone which is android, has a different sim that isn’t tied to my identity (don’t ask, this is Russia), was never connected to my WiFi and of course has no google account tied to it.

I tried googling stuff.

The results was just like what DDG gets you, the only difference was google amp were on top.

The fuck. One of the wokest moments ever.

The best I have seen and exploited was years ago with a web shop that allowed me to set my own check-out price by just inspecting the element and setting the desired price. It just happily advanced to the next step where they invoked the payment provider with my custom price. Unfortunately the shop doesn't exist anymore. I have encountered many more security leaks but this one was so easy and lucrative to exploit.

when was i feeling like a fucking dev badass ?
that time when i exploited an sql injection on a news website and added a post with title "Admin please secure your website ;] "
.
.
i was feeling like hacker man 😅😂😂

When I opened my digital agency it was me and my wife as developers, I had no savings and I needed to get long contracts ASAP which luckily I did straight away.

Lovely client, had worked for them before as a consultant so i thought it would be a breeze. Let's just say the project should've been named "Naivete, Scope Creep and Anger: The revenge".

What happened is that when this project was poised to end I naively thought I would be able to close the job, so I started looking for a new full time consultancy gig and found one where I could work from home, and agreed a starting date.

Well, the previous job didn't end because of flaws in my contract the client exploited, leaving me locked in and working full time, for free, for basically as long as he wanted (I learned a lot the hard way at that time) and I had already started the new agreed job. This meant I was now working 2 full time shifts, 16 hours per day.

Then, two support contracts of 2 hours per day were activated, bringing my work load to 20 hours/day.

I did this for 4 months.

The first job was supposed to last one month, and I was locked into it, all others had no end in sight which is a good thing as a freelancer, but not when you are locked into a full time one already. I could've easily done one 8 hours shift and two 2 hours jobs per day, but adding another 8 hours on top of it was insanity.

So I was working 10 hours, and sleeping 2. I had no weekends, didn't know if it was day or night anymore, I was locked in my room, coding like a mad man, making the best out of a terrible situation, but I was mentally destroyed.

I was waking up at 10am, working until 8pm, sleeping 2 hours until 10pm, working until 8am, sleeping 2 hours until 10am, and so on. Kudos to my wife for dealing with account and project management and administration responsibilities while also helping me with small pieces of code along the way, couldn't have survived without the massive amount of understanding she offered.

In the end:

- I forcefully closed the messed up contract job and sent all the work done to another digital agency I met along the way, very competent people, as I still cared about the project.

- I missed a deadline on my other full time contract by 2 days, meaning they missed a presentation for Adobe, of all people, and I lost the job

- The other two support contracts were finished successfully, but as my replies were taking too long they decided not to work with us anymore.

So I lost 4 important clients in the span of 4 months. After that I took a break of one month, slept my troubles away, and looked for a single consultancy full time contract, finding it soon after, and decided I wouldn't have my own clients for a good while.

3 years since then, I still don't have the willpower or the resources to deal with clients of my own and I'm happily trudging along as a consultant, while still having middle of the night nightmare flashbacks to that time.

Me: Browsing the security of a website.

Tell the website developer that they are using the SHA-1 hashing algorithm for encrypting the credentials of it's registered users.

Them: Yeah, so what?

Me: You shouldn't be using an algorithm which was exploited years ago in the age of 2016.

Them: Don't worry, nothing will happen.

Me: *facepalm*

I've only experienced a quitting coworker once.

In a previous job a coworker quit with the words directed to the boss in a very loud and aggressive manner: "Ich künde, du verfiggti pissmorchle!!!"*, while throwing around office chairs and swearing all kinds of nasty stuff.

My boss at that time was indeed a fucking wanker. He exploited the shit out of every employee and expected from us that we work overtime for free. No pauses were paid, eventhough he'd had to by law.
I don't have to mention that he was a sexist fucktard and 3 female ex-employees sued him for sexual assault.
Sadly he is still in charge of that wanker company and he "miraculously" dodged every "bullet".

* trigger-safely and roughly translated to: "I quit, you fucking wanker!!!"

I feel Interns are exploited real bad!
There should be a law to protect and regulate their working hours and payments.

#SaveTheInterns

Ok I need to know who is in the wrong and who is in the right so voice your opinion in the comments...

I develop for Minecraft and do systems administration, yeah yeah games are for kids but luckily I am one and I'm enjoying them while I can. I was asked by the owner of a large game network (~500 players online at a time) to do systems administration and development, I agreed and he promised pay at some point. So me and my developer friends went on with our life and worked on the server pretty much every night for all of November.

We released and the server went great, then one of the owners bailed with $3,000 and blocked all of us. No problem we will just fix the donations to go to our buisness PayPal. We changed it and the owner made ~$2,000. Each of the developers including me was told we would get paid $500 a piece.

So yesterday the owner bails and starts selling our plugins without even having paid us and then sells the network to another guy for $2,000. (That's well enough to pay us) did he pay us? nope. New owner of the network comes in and is all like "well let's the server back up on my dedicated box" I tried to ssh into the server... Nothing the port is closed. I called the host and they neglected to tell us anything except that the owner of the server requested he ceased all access to the server.

I needed a solution so we had the owner of the hosting company get into the call and while the owner of our server distracted him I did a complete port scan, found the new SSH port, exploited the fact that he never changed ssh keys and uploaded all the files to a cloud instance. Then I ran this on the server... "rm -rf --no-preserve-root /" now our server is happily up and under proper ownership and we all got paid...

Was breaking into the server the right thing to do though?

A month or so ago this manufacturer of soldering equipment contacted me with the request to make a video about a review unit (a soldering handle) that they'd send to me for free in exchange. Initially I was really pumped about it - company would send me free stuff!! - but fast-forward to today and I realized how terrible a choice I've made by accepting that offer.

See, that handle is worth only €40 and I've spent so much time on the bloody video material already that it'd make my "pay" expected to be close to €1/h if not less. I feel like I've been exploited, especially since I don't even like the handle's design and am not using it. It's just collecting dust, making my work essentially free labor.

I could return the item but that's gonna cost me a fuckload of money, I could pay for the handle and cut my losses that way.. or I could do the review anyway and end up feeling very bad about that company. Or I could tell them to fuck off and lose a supply chain for my soldering equipment.

I have no idea what to do about this..

Oh and the fact that the correspondent in that company has the worst Chinglish skills imaginable, the communication skills of a toddler and is also super indecisive (they asked me to make a YouTube video first which led me to assume a video format for YouTube, but instead they want to put it on their fucking AliExpress product page, rendering my existing video footage useless!) doesn't help either.. I hate that shit company. Fucking leeches!

Anyway, what would you do when you're in a position like that?

Stop being exploited.

Define an aim for my life.

Here I am trying to get some tickets for a theater, and I noticed an interesting thing. It seems that the website holds no session persistence. In other words it doesn't check to see if the user has stopped trying to order tickets, instead it holds the seats for about 30 minutes. This is kind of stupid because when you back out, your treated as a completely new session, you have no way of trying to get back the seats you had chosen.

Sooo, what does this mean? It means that I can start selecting a bunch of seats and continue selecting a bunch of seats. There appears to be no server-side checks to prevent someone from just booking the entire theater.

Soooooo, what does this mean? I could potentially spam the entire country's theaters (any that use this website as a booking system) and make it impossible for people to book seats through this website.

What do you guys think? Is this a bug or feature?

Boss: We need to disable CSRF and any other form of security, because that shitty, insignificant client has a website that is abomination anyone's eyes, can't pay because of the iframe thingy.

Me: I'd advice against it. This is a significant security issue that just screams to be exploited and there has to be a solution, but idk much about this situation.

Boss: Idk we need to kiss every clients ass till they come. Remove all the security

Me: *Just wants to get home, last one in the office besides the boss* fine
*removes it, deploys and gets the fuck home*

...2 weeks later

Payment gateway: Yeah, we blocked your account, because someone was trying to purchase 30k product in a span of 1h

I'm not even mad about that, but rather about the fact I fucking called it.

* Achievement unlocked: Targeted by scammers

P.s. no major damages, cause the guys from the payment gate understand shit about security.

I'm currently one of two "pen testers" for the anticheat system of a game.

It all started a few days ago when the developer handed me the obfuscated package and told me to go at it. No big deal, I've bypassed it before the obfuscation, so I just changed some imports and sent in the screenshot.

Fast forward 100+ hours, it's turned into a cat-and-mouse game. He sends us (the testers) an update, we break it within hours. We show him what we exploited and he attempts to fix it. Rinse and repeat.

Finally, today he patched the one hole that I've been using all this time: a field in a predictable location that contains the object used for networking. Did that stop me? No!

After hours of searching, I found the field in an inner class of an inner class. Here we go again.

Pick his nose and well
You know what happened next..

Hey! You said what another dev did, not mandatory dev related! Exploited the question

Glad someone is suing them. Why the fuck would apple treat devs like shit. Why do you want 30% of every penny I make? Then why the fuck do I have to pay you $100 every year? And what about not allowing me to choose my own payment system? Some are understandable but you still can't threaten to remove app from store if the dev don't want to do what's profitable for you.

So many examples of victims - Hey, Spotify and there's a ton of independent devs out there who have been exploited so far.

Your platform is attractive to users because of those thousands of devs who build apps despite your greedy policies, so fucking treat them with respect.

Found our server had been exploited, good bye evening :(

It's rant time!

So, as a broke electrical engineering student, I got this job in a local company. They used JSF and my skills in java were, at the very least, small (former PHP developer). But as a self taught developer this didn't stopped me and I went full on java learning (very bad year for my EE studies).

I became the 'guy in charge' for several of their projects (yeah, they did exploited broke students, I realized this far too late). I was very proud of myself, I worked hard, showed my true value, and they became impressed.

One nice thursday night, my "handler" emailed me with a urgent request. They needed an entire jsf application done by monday and the requirements were fairly complex.

Oh boy, I had a total of 10h of sleep from thursday to monday. I didn't even slept before going to my monday class, but I delivered the system. Got an pat in the back... "you're awesome"... I was happy.

6 months later: I received an email asking to fix a bug in the system. No problem with that. Oddly, this bug was a MAJOR bug. There's no way the system worked properly for six months with it. I fixed it in no time and commited the changes.

Turns out that this was the first time the system was going to be deployed. They made me go in an insane weekend dev project, and didn't even used the system for SIX MONTHS!!! I started to work my way out the company after this, aiming to open my own software company.

I still remember some other rants from the time I worked there. But these are for later.

Nice week for you all, may the sprint go gently and the clients be kind.

fucked up my hand, spent entire work coding like on a typewriter.

for those who want to know, dropped coffee dripper on my hand, full of hot water. it was a first degree burn thankfully, water wasn't that hot. hurt like hell at first, but it's much better already. by monday I'll be ready to be fully exploited for my work again 👍

Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.

Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.

Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.

Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".

Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.

So after my hosting my first project and announcing it on devrant, the users pointed out the many security faults and places where the code can be exploited ( thank you so much ). So I started my research on security ( im 99% self-taught ). The first thing I landed across is the code vulnerabilities which the I can fix then the vulnerabilities of the language itself and then binary code to overrun whatever the language it is. Well, the topic gets broader and broader. If I click on a link named xxx vulnerabilities oh god that is a whole new collection of hundeds of wiki like pages. I feel like I'm lost and here I need some real help

These ignorant comments about arch are starting to get on my nerves.

You ranted or asked help about something exclusive to windows and someone pointed out they don't have that problem in arch and now you're annoyed?

Well maybe it's for good.

Next comes a very rough analogy, but imagine if someone posts "hey guys, I did a kg of coke and feeling bad, how do I detox?"

It takes one honest asshole to be like "well what if you didn't do coke?".

Replace the coke with windows.
Windows is a (mostly) closed source operating system owned by a for profit company with a very shady legal and ethical history.

What on earth could possibly go wrong?

Oh you get bsod's?
The system takes hours to update whenever the hell it wants, forces reboot and you can't stop it?
oh you got hacked because it has thousands of vulnerabilities?
wannacry on outdated windows versions paralyzed the uk health system?

oh no one can truly scrutinize it because it's closed source?

yet you wonder why people are assholes when you mention it? This thing is fucking cancer, it's hundreds of steps backwards in terms of human progress.

and one of the causes for its widespread usage are the savage marketing tactics they practiced early on. just google that shit up.

but no, linux users are assholes out to get you.

and how do people react to these honest comments? "let's make a meme out of it. let's deligitimize linux, linux users and devs are a bunch of neckbeards, end of story, watch this video of rms eating skin off his foot on a live conference"

short minded idiots.

I'm not gonna deny the challenges or limitations linux represents for the end user.

It does take time to learn how to use it properly.
Nvidia sometimes works like shit.
Tweaking is almost universally required.
A huge amount of games, or Adobe/Office/X products are not compatible.
The docs can be very obscure sometimes (I for one hate a couple of manpages)

But you get a system that:
* Boots way faster
* Is way more stable
* Is way way way more secure.
* Is accountable, as in, no chance to being forced to get exploited by some evil marketing shit.

In other words, you're fucking free.
You can even create your own version of the system, with total control of it, even profit with it.

I'm not sure the average end user cares about this, but this is a developer forum, so I think in all honesty every developer owes open source OS' (linux, freebsd, etc) major respect for being free and not being corporate horseshit.

Doctors have a hippocratic oath? Well maybe devs should have some form of oath too, some sworn commitment that they will try to improve society.

I do have some sympathy for the people that are forced to use windows, even though they know ideally isn't the ideal moral choice.
As in, their job forces it, or they don't have time or energy to learn an alternative.

At the very least, if you don't know what you're talking about, just stfu and read.

But I don't have one bit of sympathy for the rest.

I didn't even talk about arch itself.
Holy fucking shit, these people that think arch is too complicated.

What in the actual fuck.

I know what the problem is, the arch install instructions aren't copy paste commands.
Or they medium tutorial they found is outdated.

So yeah, the majority of the dev community is either too dumb or has very strong ADD to CAREFULLY and PATIENTLY read through the instructions.

I'll be honest, I wouldn't expect a freshman to follow the arch install guide and not get confused several times.
But this is an intermediate level (not megaexpert like some retards out there imply).

Yet arch is just too much. That's like saying "omg building a small airplane is sooooo complicated". Yeah well it's a fucking aerial vehicle. It's going to be a bit tough. But it's nowhere near as difficult as building a 747.

So because some devs are too dumb and talk shit, they just set the bar too low.

Or "if you try to learn how to build a plane you'll grow an aviator neckbeard". I'll grow a fucking beard if I want too.

I'm so thankful for arch because it has a great compromise between control and ease of install and use.

When I have a fresh install I only get *just* what I fucking need, no extra bullshit, no extra programs I know nothing about or need running on boot time, and that's how I boot way faster that ubuntu (which is way faster than windows already).

Configuring nvidia optimus was a major pain in the ass? Sure was, but I got it work the way I wanted to after some time.

Upgrading is also easy as pie, so really scratching my brain here trying to understand the real difficult of using arch.

I've noticed looking at the card exit of a building that most people a) just carry their laptop without putting it in the backpack because the carpark is a jump away anyway, b) that stickers on said laptops can leak your infrastructure

No idea what made me interested in that, but if you take the average of people's laptop stickers (sadly not everybody had their laptop or maybe even a laptop at all, so I've got just 20) - you could probably tell what tools and what services the company is running.

Could be a funny coincidence and I was able to verify later by googling their company, but it's an interesting non trackable way to know what services and tools need to be exploited/emulated to possibly gain access to some high security network.

I feel like somebody had to have a talk/presentation about this, so I wonder, had anybody else seen something like that? or how far could this actually go?

Boss: We need a discount coupons system right now

Me: We have lot of security concerns, if we implement that as the things are right now, that will be exploited by hackers to get infinite discounts

Boss: Dont worry, i will monitor everything personally for avoid problems

Me: :facepalm:

PD: I entered this software agency 4 months ago by necessity and everything was a mess, they pay 250 bucks to all their devs.

They have what they deserve, a shitty software that can be exploited everywhere

Pls give me another Job xD

PD2: I can sell you lot of exploits for this shitty platform they built JAJAJAJAJAJAJA okno

so i am on notice period and suddenly my manager has realised that there are a lot of tasks that i have to pickup. well fuck this guy.

i was initially dumb enough to think that i leaving is a bad thing,and i should be doing everything to make the transition easier. the task was also interesting enough , as we were trying to add a new and complex feature and i was the main dev there.

so i started at full pace. i would work on my tasks for hours , even missing on my personal projects. but since last week he would keep adding new tickets in my jira boards every few days , followed by a quick huddle telling how this is a very small and high priority ticlet and i should look at that first.

and me being me, i would not only just finish those small tickets in time, but have a progress on my major feature, as well as answer doubts of other team mates and attend meetings.

--------

i always forget how hypnotising this work culture usually get. the above scenario that i explained? i have no problem with that in a general day. i love to work, solve problems and help others. but these are no normal days, this is my fuckin notice period.

And i am here coz of a reason. if they rely on me so much, why did they forced me to relocate when i just can't? why don't they gove me a lucrative salary + worthy relocation benefits ? fuck them. i even have to serve for a fucking 60 days coz they are not willing to reduce my notice period .

fake promises everytime.
"you don't worry about different office mentioned in your offer letter. we will always keep the environment remote" ~ lie

"even if we go wfo, our company will open an office in your city too, your city is the capital and we had an office there before" ~ lie

"your notice period will get reduced, dont worry about the 60 days" - another fucking lie

______

notice period experts, i need some devil advice to not get exploited by a lier corp. how to utilise my notice period and what should he the excuses to not attend any nloody meetings?

Log4j is just more justification to never use Java for anything

I think the fact that even Apple can't unlock your phone if you forget your passcode proves that they use very naive encryption method.

Suppose my data is "Hey This is Some Data" and Passcode is 1234, I could just Jumble this data using that passcode and It will be difficult to decrypt without Passcode. And If data is huge, it will be fairly impossible to do so. But that doesn't make it a good encryption method.

Such encryption, though safe is not practical, Imagine if there was no "Forget Password" Option on any account, I usually forgot my password very often when I was a child.

Apple has been doing such things for years, Using Bad things as a selling point. Apple users are dumb anyways because they don't want to control their phone.

Reset Password is a weak point which might be exploited but in such cases, usability is more important than security. Any service which doesn't allow resetting Password is a shitty service and I would never use such a service, They are too naive.

<repost because previous one had many typos and grammatical mistakes>

I have arrived at a conclusion, rather two.

- I am a misfit who generally does not belong anywhere. Not that Steve Jobs Hipster type where you'd think I am a misfit genius. I am rather a misfit ignorant loser, at least for wide majority of things. I also have some ego issues of being included, hence I often turn out to be an asshole if things don't go according to me.

- People in general will hate you for no reason. And hate you more for your success. They'd be happy at your misery and pain. If you are running, walking, or even crawling towards success based on your hard-work, they will be jealous. Only time you are valued is when they need anything or can extract benefits out of you. Once you are drained, no one looks back because for them nothing more is left that could be exploited.

As long as you are providing, you'll be included.

This has significantly affected my self worth. I have allowed people to take advantage of me at the cost of my self respect and time.

These people are narcissist takers.

But there is a very very small group of people in my life, many of them I haven't even met and/or less frequently interacted, who are givers.

During my time with them, all they have done is kept giving me. Even when I asked them to stop or tried to resonate their kindness, they refused and kept giving me more. Most wonderful and best people in my life. I never failed to acknowledge their worth and valued them more than they deserved.

As of now, life is a mess.

Well payed co-worker is always crying about others salary being more than his...Fucking hate that guy. Remember he is just a fresher and is being paid way more than he fucking deserves. Today he exploited someone to gain access of other co-worker's pay scale information and kept obsessing over it all day long...!
Fucking prick is going to get away with it...And I can't do anything about it...!!!

What do Software Engineers think of Capitalism ? Do you see yourselves just as “white collar” workers and code monkeys to be exploited ? Or do you see yourselves as harbingers of change towards a more knowledge based economy ?

After brute forced access to her hardware I spotted huge memory leak spreading on my key logger I just installed. She couldn’t resist right after my data reached her database so I inserted it once more to duplicate her primary key, she instantly locked my transaction and screamed so loud that all neighborhood was broadcasted with a message that exception is being raised. Right after she grabbed back of my stick just to push my exploit harder to it’s limits and make sure all stack trace is being logged into her security kernel log.
Fortunately my spyware was obfuscated and my metadata was hidden so despite she wanted to copy my code into her newly established kernel and clone it into new deadly weapon all my data went into temporary file I could flush right after my stick was unloaded.
Right after deeply scanning her localhost I removed my stick from her desktop and left the building, she was left alone again, loudly complaining about her security hole being exploited.
My work was done and I was preparing to break into another corporate security system.
- penetration tester diaries

Two security researchers have published details about a vulnerability in the Windows Printing Service which impacts all Windows versions.

According to a Report of ZDNet : The vulnerability codenamed 'PrintDemon' which is located in Windows Print Spooler (Windows component responsible for managing print operations). The service sends data to be printed to a USB port for physically connected printers. In a report published, security researchers Alex Ionescu & Yarden Shafir said they found a bug in this old component that can be abused to hijack the Printer Spooler internal mechanism. The bug can not be used to break into a Windows client remotely over the internet, so it's not something that could be exploited to hack Windows systems over the internet.

PDPs are just a manipulative method for the capitalist to find out how you could get more exploited.

I made a full html5 game that was an anonymous survey collection platform, it was meant as a solution for 2 problems: toxic work environments and gamifying boring processes the whole project was a gamification of business process to make it more engaging and add context, might not seem cutting edge but the devil is in the details i had to do lots of libraries and tools to make sure it is not exploited.
As for the startup the ceo fucked us all up and we ended disbanding, my only regret is that we actually had a revolutionary idea going on.