Tv hacker: I'll write code to hack their security cameras

2 seconds later

Tv hacker: I'm in

Me: go fuck yourself you fucking fuck

"You should use Windows server!"

It was a high security project which needed to run very stable. Even the windows sysadmin looked at that guy like 'dude what the actual fuck'.

Internship number two.

*walks downstairs to get a coffee*
*CTO (my guider) walks in*
CTO: (dead serious face) "linuxxx (not using my first name :P), come with me please"
*walks along to his office, starting to get reallly fucking nervous*
*CTO and me walk into his office, he sits down and looks at me very serious*
*I'm slightly shaking, nervous, sweating*
CTO: "So."
*oh yes here it is its gonna come I did something wrong fuck fml 😫😥😨😩*
CTO: "So you know quite some stiff around security/privacy. Could you tell me some stuff about why I'd want to use VPN and recommend me some good providers? 😀"
😅
*nearly falls onto the ground from relief*

I explained him some stuff and sent him a list of good providers 😀

Dear self proclaimed wordpress 'developers/programmers', kindly go fuck yourself.

I'm not talking about wordpress devs/designers who don't claim to have a better skillset than they have and are actually willing to learn, those are very much fine.

I'm talking about those wordpress people who claim that they're developers, programmers or whatever kind of bullshit which they're obviously not.

"A client's site crashed, you have to fix it!!!!!" sorry, come again? It's YOUR client's site. It's hosted on our hosting platform meaning that WE are responsible for KEEPING THE SERVERS UP AND FUNCTIONING.
You call yourself a wordpress 'developer' with 'programming experience' for 10 years but the second one of your shitty sites crashes, you come to us because 'it's your responsibility!!!'.
No, it's not. Next to that fact, the fact that you have to ask US why the site is crashing while you could easily login to your control panel, go to the fucking error logs and see that one of your facebook plugins crashes with a quite English error message, shows me that you definitely don't have 10 years of programming experience. And if you can't find that fucking article which tells you exactly where the motherfucking error logs are, don't come crying to us asking to fix your own fucking bullshit.

"My clients site got hacked, you have to clean it up and get it online again ASAP!!!!" - Nah, sorry, not my responsibility. The fact that you explicitly put your wordpress installation on 'no automatic updates' also doesn't help with my urge to fucking end you right now.
Add to that that we have some quite clear articles on wordpress security which you appearantly found too difficult (really? basic shit like 'set a strong fucking password' is too difficult for you?), you're on your own.

"I'm getting an error, please explain what's going wrong as soon as you can! this is a prio 1!!!!" - Nope. You were a wordpress dev/programmer right? Please act like one.

I'm not your personal wordpress agent.

I'm not your personal hacked wordpress site cleanup guy.

I'm not even a fucking wordpress professional. No, I'd rather jump off a bridge than develop wordpress bullshit for a living.

That you chose to do this, not a problem. Just don't rely on me for fixing your shit.

I'm sick of cleaning up your bullshit.

I'm done with answering your high prio tickets about bullshit which any dev could find out with just a few minutes of searching.

Oh your wordpress site isn't showing up so high in google? Yeah sure, shoot a ticket at us blaming us for your own SEO mess. I'm a fucking sysadmin, not a SEO expert.

I'm fucking done with you.

Go die in a fucking corner.

Me wanting to board Plane,
Goes through security Check...
"Sorry sir Laptops are not allowed."
Me
"Why?"
Security
"It could be a modified bomb"
Me
"But this is a Tablet!"
Security
"No sir, it has a Keyboard and Trackpad attached to it, its also running Windows..."
Me
"Excuse me, but this is clearly a Tablet"
*Detatches Keyboard from Surface Book*
"See? Tablet."
Security,
"Sorry sir, but no. You cant board the plane with this, only Tablets and Smartphones"
Me
"WTF? you dont allow Laptops because they could be bombs but A FUCKING SMARTPHONE IS ALLOWED? AND TABLETS TOO?!"
Security
"Yes, because the Battery is not removable..."
Me
"But my Laptop Battery is also not Removable..."
Security
"I dont have anymore Time for an Argument"
Me
"So I can board the Plane?"
Security
"No, the Ticket will be refunded"

WHO THE FUCK CAME UP WITH THIS BULLSHIT? LIKE RLY? WHO!!
I MEAN WHAT THE FUCK IS ALLOWED?!

You know what?

Young cocky React devs can suck my old fuckin LAMP and Objective-C balls.

Got a new freelance job and got brought in to triage a React Native iOS/Android app. Lead dev's first comment to me is: "Bro, have you ever used React Native".

To which I had to reply to save my honor publicly, "No, but I have like 8 years with Objective-C and 3 years with Swift, and 3 years with Node, so I maybe I'll still be able help. Sometimes it just helps to have a fresh set of eyes."

"Well, nobody but me can work on this code."

And that, as it turned out was almost true.

After going back and forth with our PM and this dev I finally get his code base.

"Just run "npm install" he says".

Like no fuckin shit junior... lets see if that will actually work.

Node 14... nope whole project dies.

Node 12 LTS... nope whole project dies.

Install all of react native globally because fuck it, try again... still dies.

Node 10 LTS... project installs but still won't run or build complaining about some conflict with React Native libraries and Cocoa pods.

Go back to my PM... "Um, this project won't work on any version of Node newer than about 5 years old... and even if it did it still won't build, and even if it would build it still runs like shit. And even if we fix all of that Apple might still tell us to fuck off because it's React Native.

Spend like a week in npm and node hell just trying to fucking hand install enough dependencies to unfuck this turds project.

All the while the original dev is still trying TO FIX HIS OWN FUCKING CODE while also being a cocky ass the entire time. Now, I can appreciate a cocky dev... I was horrendously cocky in my younger days and have only gotten marginally better with age. But if you're gonna be cocky, you also have to be good at it. And this guy was not.

Lo, we're not done. OG Dev comes down with "Corona Virus"... I put this in quotes because the dude ends up drawing out his "virus" for over 4 months before finally putting us in touch with "another dev team he sometimes uses".

Next, me and my PM get on a MS Teams call with this Indian house. No problems there, I've worked with the Indians before... but... these are guys are not good. They're talking about how they've already built the iOS build... but then I ask them what they did to sort out the ReactNative/Cocoa Pods conflict and they have no idea what I'm talking about.

Why?

Well, one of these suckers sends a link to some repo and I find out why. When he sends the link it exposes his email...

This Indian dude's emails was our-devs-name@gmail.com...

We'd been played.

Company sued the shit out of the OG dev and the Indian company he was selling off his work to.

I rewrote the app in Swift.

So, lets review... the React dev fucked up his own project so bad even he couldn't fix it... had to get a team of Indians to help who also couldn't fix it... was still a dickhead to me when I couldn't fix it... and in the end it was all so broken we had to just do a rewrite.

None of you get npm. None of you get React. None of you get that doing the web the way Mark Zucherberg does it just makes you a choad locked into that ecosystem. None of you can fix your own damn projects when one of the 6,000 dependency developers pushes breaking changes. None of you ever even bother with "npm audit fix" because if security was a concern you'd be using a server side language for fucking server side programming like a grown up.

So, next time a senior dev with 20 years exp. gets brought in to help triage a project that you yourself fucked up... Remember that the new thing you know and think makes you cool? It's not new and it's not cool. It's just JavaScript on the server so you script kiddies never have to learn anything but JavaScript... which makes you inarguably worse programmers.

And, MF, I was literally writing javascript while you were sucking your mommas titties so just chill... this shit ain't new and I've got a dozen of my own Node daemons running right now... difference is?

Mine are still working.

My girlfriends mom asked whether I could fix her coworkers laptop. She claimed that it had viruses installed and laptop is laggy..

So... I got that laptop just now, got home and turned it on. It doesn't have WiFi drivers installed and I do not have any free Ethernet cable right now.

About the lags... Well you won't believe how many custom tool bars and security programs there were. McAffe, AVG, ESET and some Russian made firewall which asks for license key every 5mins.

And she asked me to reinstall windows and keep every file of hers, and she didn't bother to point which files of 300gb of photos/videos/docs are worth keeping and which are not.. HDD is 300GB :A fuck me

P. S. Since it's my first rant I can say ranting helps a lot to calm down

So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!

It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"

Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.

My parents found it very easy to work with as well so we decided to stick with it.

I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.

Then I started to experiment more and more.

After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!

From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.

Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!

I started to learn stuff like FTP, SSH and so on.

Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?

First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.

Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.

Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!

I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.

Finally made the jump to NginX and CentOS!

Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.

Started with simple, one screen linux setup with ubuntu 10.04.

Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!

It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).

At the airport.

Security: Please put all your electronics in the bin, including your watch.

Me: No problem

<goes through scanner>

Me: there was an Apple Watch in here and now it is gone.

Security: Oh, you lost your Apple Watch?

Me: No! I put my Apple Watch in the bin like you instructed and YOU lost my Apple Watch.

Security: It must be in the spinners.

Me: So my $500 Watch is in the spinners being run over by bins?

Security: you have to put the small things on the bottom.

Me: It was on the bottom and I did as you asked, this is entirely on you. Do not try to shift the blame to me again please.

Security: As I said...

Me: As I said, Do not try to shift the blame to me again. This is entirely your responsibility once you separate me from my electronics so you can perform security theatre. Have a nice day.

—————

Fuck this god damn security theatre. Fuck the dumbasses they hire. Fuck your country. Fuck your god damn feeling of insecurity. Fuck Your ineffective security theatre.

Sick my fucking dick until you choke and gag you worthless pieces of shit. Homeless people the street provide more security than you incompetent, under-educated assholes. Fuck you

And yes, I have 2 fucking laptops. I have a real fucking job where I provide actual value and for that I need a work laptop. I don’t come to work in a stupid looking outfit with a chip on my shoulder looking to inconvenience people. I come to work to provide real value to someone.

Fuck you and your worthless bullshit

Mother of god, was listening to the US govt hearing of zuckerberg about the recent scandals. The amount of very fucking simple obvious questions he 'could not' answer normally...

Govt person: Would you be willing to change Facebook's business model if this was required for the security and privacy of Facebook users' accounts?

Zuck: I don't understand your question.

Sorry, WHAT?! You don't need particular rocket science to understand what's being asked here. A combination of common sense and knowing the English language and English grammar in combination with maybe having finished some form of education should be enough to understand this ridiculously easy question.

Do you need it written on a golden plate with fucking blue letters in Facebook's font with the S letters as dollar signs while drinking 10 gallons of 'fuck every persons privacy'?!

Or maybe shoving it up your ass in the form of heated/glowing metal letters of 10+ inches in height? We could arrange that as well.

My mentor/guider at my last internship.

He was great at guiding, only 1-2 years older than me, brought criticism in a constructive way (only had a very tiny thing once in half a year though) and although they were forced to use windows in a few production environments, when it came to handling very sensitive data and they asked me for an opinion before him and I answered that closed source software wasn't a good idea and they'd all go against me, this guy quit his nice-guy mode and went straight to dead-serious backing me up.
I remember a specific occurrence:
Programmers in room (under him technically): so linuxxx, why not just use windows servers for this data storage?
Me: because it's closed source, you know why I'd say that that's bad for handling sensitive data
Programmers: oh come on not that again...
Me: no but really look at it from my si.....
Programmers: no stop it. You're only an intern, don't act like you know a lot about thi....
Mentor: no you shut the fuck up. We. Are. Not. Using. Proprietary. Bullshit. For. Storing. Sensitive. Data.
Linuxxx seems to know a lot more about security and privacy than you guys so you fucking listen to what he has to say.
Windows is out of the fucking question here, am I clear?

Yeah that felt awesome.

Also that time when a mysql db in prod went bad and they didn't really know what to do. Didn't have much experience but knew how to run a repair.
He called me in and asked me to have a look.
Me: *fixed it in a few minutes* so how many visitors does this thing get, few hundred a day?
Him: few million.
Me: 😵 I'm only an intern! Why did you let me access this?!
Him: because you're the one with the most Linux knowledge here and I trust you to fix it or give a shout when you simply can't.

Lastly he asked me to help out with iptables rules. I wasn't of much help but it was fun to sit there debugging iptables shit with two seniors 😊

He always gave good feedback, knew my qualities and put them to good use and kept my motivation high.

Awesome guy!

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Custom CSS? Who am I kidding, I'm a backend/security/server guy.

Fuck this shit, bootstrap, here I come!

I ranted about this guy before who thought he was a security expert while hardly knowing what the word is probably. Today I met him again at a party.

Holy fucking shit, this guy.

"we use the best servers of the netherlands"
"we use a separate server for each website and finetune them"
"we always put clusters under servers, that way we have a fallback mechanism"
"companies mostly use bv ssl certificates"
"you're on call for a week? I'm full-time on call. Why I'm drinking alcohol then? Because fuck the clients hahaha"

😥🔫

Fuck Microsoft.

No, not in any relation to windows this time.

Dear Microsoft, why on earth did you put us on your spam blacklist? There haven't been any spam attacks from our side, our servers have nearly the highest 'reputation' that email servers can get, we comply to all security standards and yet you're blacklisting us.

If for some reason you think something is wrong at our side anyways, we've tried to contact you and we either get ignored or get a very late response saying that we'll get delisted again within a day/week or whatsoever.

Microsoft, please go fuck yourself.

*has a 94% in information security class*
*teacher gives us study guide for final exam*
*heavily take notes in the margins and study the packet obsessively for four days*
*come in to take the final*

*exam doesn't mention a single thing on the study guide*

*makes a 78 on it*
*final class grade drops down to an 87% (a letter grade lower than before)*

"Congratulations, Miss Meowijuanas! You had the highest score on the final!"
*hands me a candy bar like I'm a child*

"Maybe it's because you gave the class an extremely poor study guide which emphasized on material that wasn't covered on our actual exam? You shouldn't be congratulating me on a 78."

*teacher says he used the study guide from another teacher and must not have looked at it thoroughly enough*

*shakes hand and thanks him for having me as a student this semester*
*kicks a trash bin outside of the university 6 or 7 times*

I'm not even mad about my grade. An 87% is nice, although I know I would've done better otherwise. It's his pure, unmasked and unashamed laziness that makes me feel so violent. It's showing students like me that an educated individual like yourself couldn't be bothered to take five minutes or so to read over a fucking document for his students to make sure they're properly prepared for a major exam.
How the fuck can you be hired as a university professor and be this obvious about not putting effort into your work.
Fuck you, sir.
And fuck you again for all of my other classmates who did poorly because they followed your inaccurate study guide.

What the actual fuck? Person (or people!) who devised this password policy, you are an idiot (or idiots - all of you). You are stupid and insane and have no idea about security or user experience.

After it was revealed that the Equifax hack was even bigger yet again, the US government said something that really made me say/think something in the trend of "WHAT the actual FUCK?!"

"This data is in the hands of cyber criminals anyways".

You run the biggest mass surveillance program in the world, sucking up more than a million terabytes every hour, then at least could you PRETEND to care/take interest when the personal data of about all your citizens appears on the Internet?!

Fucking hell.

A quite severe vulnerability was found in Skype (at least for windows, not sure about other systems) allowing anyone with system access (remote or local) to replace the update files skype downloads before updating itself with malicious versions because skype doesn't check the integrity of local files. This could allow an attacker to, once gaining access to the system, 'inject' any malicious DLL into skype by placing it in the right directory with the right file name and waiting for the user to update (except with auto updates of course).

From a company like Microsoft, taking in mind that skype has hundreds of millions of users worldwide, I'd expect them to take a very serious stance on this and work on a patch as soon as possible.

What they said about this: they won't be fixing it anytime soon as it would require a quite big rewrite of skype.

This kinda shit makes me so fucking angry, especially when it comes from big ass companies 😡. Take your fucking responsibility, Microsoft.

Lads, I will be real with you: some of you show absolute contempt to the actual academic study of the field.

In a previous rant from another ranter it was thrown up and about the question for finding a binary search implementation.

Asking a senior in the field of software engineering and computer science such question should be a simple answer, specifically depending on the type of job application in question. Specially if you are applying as a SENIOR.

I am tired of this strange self-learner mentality that those that have a degree or a deep grasp of these fundamental concepts are somewhat beneath you because you learned to push out a website using the New Boston tutorials on youtube. FOR every field THAT MATTERS a license or degree is hold in high regards.
"Oh I didn't go to school, shit is for suckers, but I learned how to chop people up and kinda fix it from some tutorials on youtube" <---- try that for a medical position.

"Nah it's cool, I can fix your breaks, learned how to do it by reading blogs on the internet" <--- maintenance shop

"Sure can write the controller processing code for that boing plane! Just got done with a low level tutorial on some websites! what can go wrong!"

(The same goes for military devices which in the past have actually killed mfkers in the U.S)

Just recently a series of people were sent to jail because of a bug in software. Industries NEED to make sure a mfker has aaaall of the bells and whistles needed for running and creating software.

During my masters degree, it fucking FASCINATED me how many mfkers were absolutely completely NEW to the concept of testing code, some of them with years in the field.

And I know what you are thinking "fuck you, I am fucking awesome" <--- I AM SURE YOU BLOODY WELL ARE but we live in a planet with billions of people and millions of them have fallen through the cracks into software related positions as well as complete degrees, the degree at LEAST has a SPECTACULAR barrier of entry during that intro to Algos and DS that a lot of bitches fail.

NOTE: NOT knowing the ABSTRACTIONS over the tools that we use WILL eventually bite you in the ASS because you do not fucking KNOW how these are implemented internally.

Why do you think compiler designers, kernel designers and embedded developers make the BANK they made? Because they don't know memory efficient ways of deploying a product with minimal overhead without proper data structures and algorithmic thinking? NOT EVERYTHING IS SHITTY WEB DEVELOPMENT

SO, if a mfker talks shit about a so called SENIOR for not knowing that the first mamase mamasa bloody simple as shit algorithm THROWN at you in the first 10 pages of an algo and ds book, then y'all should be offended at the mkfer saying that he is a SENIOR, because these SENIORS are the same mfkers that try to at one point in time teach other people.
These SENIORS are the same mfkers that left me a FUCKING HORRIBLE AND USELESS MESS OF SPAGHETTI CODE

Specially to most PHP developers (my main area) y'all would have been well motherfucking served in learning how not to forLoop the fuck out of tables consisting of over 50k interconnected records, WHAT THE FUCK

"LeaRniNG tHiS iS noT neeDed!!" yes IT fucking IS

being able to code a binary search (in that example) from scratch lets me know fucking EXACTLY how well your thought process is when facing a hard challenge, knowing the basemotherfucking case of a LinkedList will damn well make you understand WHAT is going on with your abstractions as to not fucking violate memory constraints, this-shit-is-important.

So, will your royal majesties at least for the sake of completeness look into a couple of very well made youtube or book tutorials concerning the topic?

You can code an entire website, fine as shit, you will get tested by my ass in terms of security and best practices, run these questions now, and it very motherfucking well be as efficient as I think it should be(I HIRE, NOT YOU, or your fucking blog posts concerning how much MY degree was not needed, oh and btw, MY degree is what made sure I was able to make SUCH decissions)

This will make a loooooooot of mfkers salty, don't worry, I will still accept you as an interview candidate, but if you think you are good enough without a degree, or better than me (has happened, told that to my face by a candidate) then get fucking ready to receive a question concerning: BASIC FUCKING COMPUTER SCIENCE TOPICS

* gays away into the night

Me: *enters password on phone (long PIN)*
Person next to me is looking at my phone WHILE I enter my password, and as I look at him, he doesn't even turn away and even has the nerve to say:
"Wow, why do you have such a long password!"
Μy answer: "Because of security reasons."
What I actually wanted to say:
"Because of pieces of SHIT like you who can't keep their eyes to themselves, even when PASSWORDS are involved, you FUCK! Guess why everytime I enter a password in public, I have to dim my screen and turn my screen sideways? Because of fuckheads like you, not knowing shit about privacy and security! Fuck you!"

This was at my first internship (ranted about this before but hey fuck it).

- discovered several high critical vulnerabilities in their product. Wrote them down and kindly gave them to my boss/manager (they were the same person). He looked at me like 'the fuck' but I just went home at the end of the day. Next day, I got called into his office. I was a fucker, cancer guy who knew nothing about security, who would never reach anything and I shouldn't criticize their product (I had no right to because I was an intern).

- Bossman went to a meeting with a coworker to present their product. They came back to the office and it very clearly had gone pretty wrong. (we had nothing to do with anything related to the project including the meeting) he called us all bad things he could think of and it was all our fault and so on.

- I do have a transpiration problem but I can partly contain that when it's not too hot and the stress levels are okay. I was only allowed to sit in front of the window. YES IT WAS A MOTHERFUCKING HUGE WINDOW, 35-40 DEGREES FEELING TEMPERATURE AND NO MOTHERFUCKING AIRCONDITIONING. (okay gotta admit that one of the installation guys fell off the roof during the installation BUT THEN AT LEAST GET FANS OR SOMETHING).
Got called into his office multiple times because I smelled and 'couldnt take care of my hygiene'. I was literally sweating my ass off full-time so what the fuck could I do in those temperatures?!?

- my only project there: Google translating their whole CRM. Took us five weeks and the bossman kept pressure on us at all times which didn't FUCKING help.

Was fired after 5 weeks for hygiene reasons and because I didn't do my work well appearantly (still fuck translating all day).

One of the worst things? He pretended everything to go well until the first review came with my mentor (mentor == awesome guy). Then he talked shit about me like it was no-one's business.

I literally cried when I walked home after being fired.

Navy story time again. Grab that coffee and fire up Kali, the theme is security.
So, when I got promoted to Lieutenant Jr. I had to attend a 1-year school inside my nostalgic Naval Academy... BUT! I was wiser, I was older... and I was bored. Like, really bored. What could go wrong? Well, all my fellow officers were bored too, so they started downloading/streaming/torrenting like crazy, and I had to wait for hours for the Kali updates to download, so...
mdk3 wlan0mon -d
I had this external wifi atheros card with two antennae and kicked all of them off the wifi. Some slightly smarter ones plugged cables on the net, and kept going, enjoying much faster speeds. I had to go to the bathroom, and once I returned they had unplugged the card. That kind of pissed me off, since they also thought it would be funny to hide it, along with the mouse.
But, oh boy, they had no idea what supreme asshole I can be when I am irked.
So, arpspoof it is. Turns out, there were no subnetworks, and the broadcast domain was ALL of the academy. That means I shut EVERYONE off, except me. Hardware was returned in 1 minute with the requested apologies, but fuck it, I kept the whole academy off the net for 6 hours. The sysadmin ran around like crazy, because nothing was working. Not even the servers.
I finally took pity on the guy (he had gotten the duties of sysadmin when the previous sysad died, so think about that) and he almost assaulted me when I told him. As it turned out, the guy never had any training or knowledge on security, so I had to show him a few things, and point him to where he could study about the rest. But still, some selective arp poison on select douchebags was in order...
Needless to say, people were VERY polite to me after that. And the net speed was up again, so I got bored. Again. So I started scanning the net.
To be continued...

I hate this attitude of my study (when i studied):

"it might be a good idea to teach the students how to program securely by default?"

"oh no but we just want to teach them the basics"

"so why not the secure basics by default?!"

"nah we just want them to get started and understand it, that's all. We'll get to the secure way later on"

Well, fuck you.

So I had my exams recently and I thought I'd post some of the most hacky shit I've done there over here. One thing to keep in mind, I'm a backender so I always have to hack my way around frontend!

- Had a user level authentication library which fucked up for some reason so I literally made an array with all pages and user levels allowed so I pretty much had a hardcoded user level authentication feature/function. Hey, it worked!

- CSS. Gave every page a hight of 110 percent because that made sure that you couldn't see part of the white background under the 'background' picture. Used !important about everywhere but it worked :P.

- Completey forgot (stress, time pressure etc) to make the user ID's auto incremented. 'Fixed' that by randomly generating a user id and really hoping during every registration that that user ID did not exist in the database already. Was dirty as fuck but hey it worked!

- My 'client' insisted on using Windows server.Although I wouldn't even mind using it for once, I'd never worked with it before so that would have been fucked for me. Next to that fact, you could hear swearing from about everyone who had to use Windows server in that room, even the die hard windows users rather had linux servers. So, I just told a lot of stuff about security, stability etc and actually making half of all that shit up and my client was like 'good idea, let's go for linux server then!'. Saved myself there big time.

- CHMOD'd everything 777. It just worked that way and I was in too much time pressure to spend time on that!

- Had to use VMWare instead of VirtulBox which always fucks up for me and this time it did again. Windows 10 enjoyed corrupting the virtual network adapters after every reboot of my host so I had to re-create the whole adapter about 20 times again (and removing it again) in order to get it to work. Even the administrator had no fucking clue why that was happening.

- Used project_1.0.zip etc for version control :P.

Yup, fun times!

This happened at my last internship. There was this other intern and he was a TO THE FUCKING MAX windows fanboy and whenever someone said something bad about windows he'd go full rage. Also, he'd sometimes spend half an hour at my desk explaining why windows was the best and Linux sucked.

This one time, I read about a newly discovered windows vulnerability and told the employees so they'd update quickly and they were like ' thanks for the notification mate!' And then that guy came up to me telling that 'Linux also has severe vulnerabilities sometimes'. YES I FUCKING KNOW THAT I'M JUST TRYING TO GET PEOPLE TO UPDATE FOR THEIR SECURITY YOU FUCKING ASSHAT. I got really mad. Still, fuck that guy.

Navy story continued.
And continuing from the arp poisoning and boredom, I started scanning the network...
So I found plenty of WinXP computers, even some Win2k servers (I shit you not, the year was 201X) I decided to play around with merasploit a bit. I mean, this had to be a secure net, right?
Like hell it was.
Among the select douchebags I arp poisoned was a senior officer that had a VERY high idea for himself, and also believed he was tech-savvy. Now that, is a combination that is the red cloth for assholes like me. But I had to be more careful, as news of the network outage leaked, and rumours of "that guy" went amok, but because the whole sysadmin thing was on the shoulders of one guy, none could track it to me in explicit way. Not that i cared, actually, when I am pissed I act with all the subtleness of an atom bomb on steroids.
So, after some scanning and arp poisoning (changing the source MAC address this time) I said...
"Let's try this common exploit, it supposedly shouldn't work, there have been notifications about it, I've read them." Oh boy, was I in for a treat. 12 meterpreter sessions. FUCKING 12. The academy's online printer had no authentication, so I took the liberty of printing a few pages of ASCII jolly rogers (cute stuff, I know, but I was still in ITSec puberty) and decided to fuck around with the other PCs. One thing I found out is that some professors' PCs had the extreme password of 1234. Serious security, that was. Had I known earlier, I could have skipped a TON of pointless memorising...
Anyway, I was running amok the entire network, the sysad never had a chance on that, and he seemed preoccupied with EVERYTHING ELSE besides monitoring the net, like fixing (replacing) the keyboard for the commander's secretary, so...
BTW, most PCs had antivirus, but SO out of date that I didn't even need to encode the payload or do any other trick. An LDAP server was open, and the hashed admin password was the name of his wife. Go figure.
I looked at a WinXP laptop with a weird name, and fired my trusty ms08_067 on it. Passowrd: "aaw". I seriously thought that Ophcrack was broken, but I confirmed it. WTF? I started looking into the files... nothing too suspicious... wait a min, this guy is supposed to work, why his browser is showing porn?
Looking at the ""Deleted"" files (hah!) I fount a TON of documents with "SECRET" in them. Curious...
Decided to download everything, like the asshole I am, and restart his PC, AND to leave him with another desktop wallpaper and a text message. Thinking that he took the hint, I told the sysadmin about the vulnerable PCs and went to class...
In the middle of the class (I think it was anti-air warfare or anti-submarine warfare) the sysad burst through the door shouting "Stop it, that's the second-in-command's PC!".
Stunned silence. Even the professor (who was an officer). God, that was awkward. So, to make things MORE awkward (like the asshole I am) I burned every document to a DVD and the next day I took the sysad and went to the second-in-command of the academy.
Surprisingly he took the whole thing in quite the easygoing fashion. I half-expected court martial or at least a good yelling, but no. Anyway, after our conversation I cornered the sysad and barraged him with some tons of security holes, needed upgrades and settings etc. I still don't know if he managed to patch everything (I left him a detailed report) because, as I've written before, budget constraints in the military are the stuff of nightmares. Still, after that, oddly, most people wouldn't even talk to me.
God, that was a nice period of my life, not having to pretend to be interested about sports and TV shows. It would be almost like a story from highschool (if our highschool had such things as a network back then - yes, I am old).
Your stories?

Fuck the memes.

Fuck the framework battles.

Fuck the language battles.

Fuck the titles.

Anybody who has been in this field long enough knows that it doesn't matter if your linus fucking torvalds, there is no human who has lived or ever will live that simultaneously understands, knows, and remembers how to implement, in multiple languages, the following:

- jest mocks for complex React components (partial mocks, full mocks, no mocks at all!)
- token cancellation for asynchronous Tasks in C#
- fullstack CRUD, REST, and websocket communication (throw in gRPC for bonus points)
- database query optimization, seeding, and design
- nginx routing, https redirection
- build automation with full test coverage and environment consideration
- docker container versioning, restoration, and cleanup
- internationalization on both the front AND backends
- secret storage, security audits
- package management, maintenence, and deprecation reviews
- integrating with dozens of APIs
- fucking how to center a div

and that's a _comically_ incomplete list; barely scratches the surface of the full range of what a dev can encounter in a given day of writing software

have many of us probably done one or even all of these at different times? surely.

but does that mean we are supposed to draw that up at a moment's notice some cookie-cutter solution like a fucking robot and spit out an answer on a fax sheet?

recruiters, if you read this site (perhaps only the good ones do anyway so its wasted oxygen), just know that whoever you hire its literally the luck of the draw of how well they perform during the interview. sure, perhaps some perform better, but you can never know how good someone is until they literally start working at your org, so... have fun with that.

Oh and I almost forgot, again for you recruiters, on top of that list which you probably won't ever understand for the entirety of your lives, you can also add writing documentation, backup scripts, and orchestrating / administrating fucking JIRA or actually any somewhat technical dashboard like a CMS or website, because once again, the devs are the only truly competent ones - and i don't even mean in a technical sense, i mean in a HUMAN sense of GETTING SHIT DONE IN GENERAL.

There's literally 2 types of people in the world: those who sit around drawing flow charts and talking on the phone all day, and those WHO LITERALLY FUCKING BUILD THE WORLD

why don't i just run the whole fucking company at this point? you guys are "celebrating" that you made literally $5 dollars from a single customer and i'm just sitting here coding 12 hours a day like all is fine and well

i'm so ANGRY its always the same no matter where i go, non-technical people have just no clue, even when you implore them how long things take, they just nod and smile and say "we'll do it the MVP way". sure, fine, you can do that like 2 or 3 times, but not for 6 fucking months until you have a stack of "MVPs" that come toppling down like the garbage they are.

How do expect to keep the "momentum" of your customers and sales (I hope you can hear the hatred of each of these market words as I type them) if the entire system is glued together with ducktape because YOU wanted to expedite the feature by doing it the EASY way instead of the RIGHT way. god, just forget it, nobody is going to listen anyway, its like the 5th time a row in my life

we NEED tests!
we NEED to know our code coverage!
we NEED to design our system to handle large amounts of traffic!
we NEED detailed logging!
we NEED to start building an exception database!

BILBO BAGGINS! I'm not trying to hurt you! I'm trying to help you!

Don't really know what this rant was, I'm just raging and all over the place at the universe. I'm going to bed.

This was at my first internship (was fired later for other bs reasons).

They got me as a programming intern but very soon I felt very conflicted with multiple things:

1. Got to google translate their internal CRM into five languages. After two weeks (the estimate I gave them) I discovered that I overlooked the second half, apologized and got a whole shitstorm at my face.
2. Was only allowed to use Internet Explorer for everything *cry face*.
3. Saw multiple security flaws in their main product, told my boss (also my internship manager) about it because hey, I'm security oriented and it might help them. Next day he called me into his office and I got a huge speech about who the fuck I am to criticize their product and that I was a security wannabee who doesn't know shit.
4. Boss came home after a product presentation went sideways. The interns didn't have anything to do with that but he called (or, yelled big time) us every dirty word he could think of and blamed us.

Luckily I was fired after like five weeks. I literally cried of happiness when I walked home. I was too shy to stand up for myself by that time (even only 2-3 years ago)

I have been a mobile developer working with Android for about 6 years now. In that time, I have endured countless annoyances in the Android development space. I will endure them no more.
My complaints are:

1. Ridiculous build times. In what universe is it acceptable for us to wait 30 seconds for a build to complete. Yes, I've done all the optimisations mentioned on this page and then some. Don't even mention hot reload as it doesn't work fast enough or just does not work at all. Also, buying better hardware should not be a requirement to build a simple Android app, Xcode builds in 2 seconds with a 8GB Macbook Air. A Macbook Air!

2. IDE. Android Studio is a memory hog even if you throw 32GB of RAM at it. The visual editors are janky as hell. If you use Eclipse, you may as well just chop off your fingers right now because you will have no use for them after you try and build an app from afresh. I mean, just look at some of the posts in this subreddit where the common response is to invalidate caches and restart. That should only be used as a last resort, but it's thrown about like as if it solves everything. Truth be told, it's Gradle's fault. Gradle is so annoying I've dedicated the next point to it.

3. Gradle. I am convinced that Gradle causes 50% of an Android developer's pain. From the build times to the integration into various IDEs to its insane package management system. Why do I need to manually exclude dependencies from other dependencies, the build tool should just handle it for me. C'mon it's 2019. Gradle is so bad that it requires approx 54GB of RAM to work out that I have removed a dependency from the list of dependencies. Also I cannot work out what properties I need to put in what block.
4. API. Android API is over-bloated and hellish. How do I schedule a recurring notification? Oh use an AlarmManager. Yes you heard right, an AlarmManager... Not a NotificationManager because that would be too easy. Also has anyone ever tried running a long running task? Or done an asynchronous task? Or dealt with closing/opening a keyboard? Or handling clicks from a RecyclerView? Yes, I know Android Jetpack aims to solve these issues but over the years I have become so jaded by things that have meant to solve other broken things, that there isn't much hope for Jetpack in my mind 😤

5. API 2. A non-insignificant number of Android users are still on Jelly Bean or KitKat! That means we, as developers, have to support some of your shitty API decisions (Fragments, Activities, ListView) from all the way back then!

6. Not reactive enough. Android has support for Databinding recently but this kind of stuff should have been introduced from the very start. Look at React or Flutter as to how easy it is to make shit happen without any effort.

7. Layouts. What the actual hell is going on here. MDPI, XHDPI, XXHDPI, mipmap, drawable. Fuck it, just chuck it all in the drawable folder. Seriously, Android should handle this for me. If I am designing for a larger screen then it should be responsive. I don't want to deal with 50 different layouts spread over 6 different folders.

8. Permission system. Why was this not included from the very start? Rogue apps have abused this and abused your user's privacy and security. Yet you ban us and not them from the Play Store. What's going on? We need answers.

9. In Android, building an app took me 3 months and I had a lot of work left to do but I got so sick of Android dev I dropped it in favour of Flutter. I built the same app in Flutter and it took me around a month and I completed it all.
10. XML.

If you're a new dev, for the love of all that is good in this world, do NOT get into Android development. Start with Flutter or even iOS. On Flutter and build times are insanely fast and the hot reload is under 500ms constantly. It's a breath of fresh air and will save you a lot of headaches AND it builds for iOS flawlessly.

To the people who build Android, advocate it and work on it, sorry to swear, but fuck you! You have created a mess that we have to work with on a day-to-day basis only for us to get banned from the app store! You have sold us a lie that Android development is amazing with all the sweet treat names and conferences that look bubbly and fun. You have allowed to get it so bad that we can't target an API higher than 18 because some Android users are still using devices that support that!

End this misery. End our pain. End our suffering. Throw this abomination away like you do with some of your other projects and migrate your efforts over to Flutter. Please!

#NoToGoogleIO #AndroidSummitBoycott #FlutterDev #ReactNative

Got a call from a recruiter today. (Keep in mind that using WhatsApp is about a requirement over here.)

R: so can I app you (I hate that word to the fucking point) with further details?
Me: *oh fuck this is gonna get me fucked again* uhm I don't use it so yah...
R: ohhh okay, security reasons?
Me: *slight relief* yes indeed, sir
R: oh fair enough, you can always just text and call me!

*very relieved feeling*

It's for either a cyber security or linux job by the way.

So I've been looking for a Linux sysadmin job for a while now. I get a lot of rejections daily and I don't mind that because they can give me feedback as for what I am doing wrong. But do you know what really FUCKING grinds my FUCKING gears?

BEING REJECTED BASED ON LEVEL OF EDUCATION/NOT HAVING CERTIFICATIONS FOR CERTAIN STUFF. Yes, I get that you can't blindly hire anyone and that you have to filter people out but at least LOOK AT THEIR FUCKING SKILLSET.

I did MBO level (the highest sub level though) as study which is considered to be the lowest education level in my country. lowest education level meaning that it's mostly focused on learning through doing things rather than just learning theory.

Why the actual FUCK is that, for some fucking reason, supposed to be a 'lower level' than HBO or Uni? (low to high in my country: MBO, HBO, Uni). Just because I learn better by doing shit instead of solely focusing on the theory and not doing much else does NOT FUCKING MEAN THAT I AM DUMBER OR LESS EDUCATED ON A SUBJECT.

So in the last couple of months, I've literally had rejections with reasons like
- 'Sorry but we require HBO level as people with this level can analyze stuff better in general which is required for this job.'. - Well then go fuck yourself. Just because I have a lower level of education doesn't FUCKING mean that I can't analyze shit at a 'lower level' than people who've done HBO.

- 'You don't seem to have a certificate for linux server management so it's a no go, sorry!' - Kindly go FUCK yourself. Give me a couple of barebones Debian servers and let me install a whole setup including load balancers, proxies if fucking neccesary, firewalls, web servers, FUCKING Samba servers, YOU FUCKING NAME IT. YES, I CAN DO THAT BUT SOLELY BECAUSE I DON'T HAVE THAT FUCKING CERTIFICATE APPEARANTLY MEANS THAT I AM TOO INCOMPETENT TO DO THAT?! Yes. I get that you have to filter shit but GUESS WHAT. IT'S RIGHT THERE IN MY FUCKING RESUME.

- 'Sorry but due to this role being related to cyber security, we can't hire anyone lower than HBO.' - OH SO YOUR LEVEL OF EDUCATION DEFINES HOW GOOD YOU ARE/CAN BE AT CYBER SECURITY RELATED STUFF? ARE YOU MOTHERFUCKING RETARDED? I HAVE BEEN DOING SHIT RELATED TO CYBER SECURITY SINCE I WAS 14-15 FUCKiNG YEARS OLD. I AM FAMILIAR WITH LOADS OF TOOLS/HACKING TECHNIQUES/PENTESTING/DEFENSIVE/OFFENSIVE SECURITY AND SO ON AND YOU ARE TELLING ME THAT I NEED A HIGHER LEVEL OF FUCKING EDUCATION?!?!? GO FUCKING FUCK YOURSELF.

And I can go on like this for a while. I wish some companies I come across would actually look at skills instead of (only) study levels and certifications. Those other companies can go FUCK THEMSELVES.

!(short rant)

Look I understand online privacy is a concern and we should really be very much aware about what data we are giving to whom. But when does it turn from being aware to just being paranoid and a maniac about it.? I mean okay, I know facebook has access to your data including your whatsapp chat (presumably), google listens to your conversations and snoops on your mail and shit, amazon advertises that you must have their spy system (read alexa) install in your homes and numerous other cases. But in the end it really boils down to "everyone wants your data but who do you trust your data with?"

For me, facebook and the so-called social media sites are a strict no-no but I use whatsapp as my primary chating application. I like to use google for my searches because yaa it gives me more accurate search results as compared to ddg because it has my search history. I use gmail as my primary as well as work email because it is convinient and an adv here and there doesnt bother me. Their spam filters, the easy accessibility options, the storage they offer everything is much more convinient for me. I use linux for my work related stuff (obviously) but I play my games on windows. Alexa and such type of products are again a big no-no for me but I regularly shop from amazon and unless I am searching for some weird ass shit (which if you want to, do it in some incognito mode) I am fine with coming across some advs about things I searched for. Sometimes it reminds me of things I need to buy which I might have put off and later on forgot. I have an amazon prime account because prime video has some good shows in there. My primary web browser is chrome because I simply love its developer tools and I now have gotten used to it. So unless chrome is very much hogging on my ram, in which case I switch over to firefox for some of my tabs, I am okay with using chrome. I have a motorola phone with stock android which means all google apps pre-installed. I use hangouts, google keep, google map(cannot live without it now), heck even google photos, but I also deny certain accesses to apps which I find fishy like if you are a game, you should not have access to my gps. I live in India where we have aadhar cards(like the social securtiy number in the USA) where the government has our fingerprints and all our data because every damn thing now needs to be linked with your aadhar otherwise your service will be terminated. Like your mobile number, your investment policies, your income tax, heck even your marraige certificates need to be linked with your aadhar card. Here, I dont have any option but to give in because somehow "its in the interest of the nation". Not surprisingly, this thing recently came to light where you can get your hands on anyone's aadhar details including their fingerprints for just ₹50($1). Fuck that shit.

tl;dr
There are and should be always exceptions when it comes to privacy because when you give the other person your data, it sometimes makes your life much easier. On the other hand, people/services asking for your data with the sole purpose of infilterating into your private life and not providing any usefulness should just be boycotted. It all boils down to till what extent you wish to share your data(ranging from literally installing a spying device in your house to them knowing that I want to understand how spring security works) and how much do you trust the service with your data. Example being, I just shared most of my private data in this rant with a group of unknown people and I am okay with it, because I know I can trust dev rant with my posts(unlike facebook).

*signs up for Skillshare*
> Sorry, your password is longer than our database's glory hole can handle.
> Please shorten your password cumload to only 64 characters at most, otherwise our database will be unhappy.

Motherf-...

Well, I've got a separate email address from my domain and a unique password for them. So shortening it and risking getting that account stolen by plaintext shit won't really matter, especially since I'm not adding payment details or anything.

*continues through the sign-up process for premium courses, with "no attachments, cancel anytime"*
> You need to provide a credit card to continue with our "free" premium trial.

Yeah fuck you too. I don't even have a credit card. It's quite uncommon in Europe, you know? We don't have magstripe shit that can go below 0 on ya.. well the former we still do but only for compatibility reasons. We mainly use chip technology (which leverages asymmetric cryptography, awesome!) that usually can't go much below 0 here nowadays. Debit cards, not credit cards.

Well, guess it's time to delete that account as well. So much for acquiring fucking knowledge from "experts". Guess I'll have to stick to reading wikis and doing my ducking-fu to select reliable sources, test them and acquire skills of my own. That's how I've done it for years, and that's how it's been working pretty fucking well for me. Unlike this deceptive security clusterfuck!

Seriously fuck mandatory security questions, these are my options:

What year did you meet your spouse?
I'm single.
What is your favorite book as a child?
I didn't have a favorite book. (and still, don't)
In which city did you meet your spouse?
I'm single
What is the first name of the first person you went to prom with?
Didn't go to prom.
Which state did you first visit (outside of your birth state)?
I've been to about 43 states and can't remember when I started traveling, how the fuck am I supposed to know?
In which city was your spouse born?
Again I'm single.
In which city did your oldest sibling get married?
I don't have any siblings.

C'mon, at least let me create my own question because right now I have no choice but to make up random shit and write it down in LastPass as a note.

Privacy & security violations piss me off. Not to the point that I'll write on devRant about it, but to the point that coworkers get afraid from the bloodthirsty look in my eyes.

I know all startups proclaim this, but the one I work at is kind of industry-disrupting. Think Uber vs taxi drivers... so we have real, malicious enemies.

Yet there's still this mindset of "it won't happen to us" when it comes to data leaks or corporate spying.

Me: "I noticed we are tracking our end users without their consent, and store not just the color of their balls, but also their favorite soup flavor and how often they've cheated on their partner, as plain text in the system for every employee to read"

Various C-randomletter-Os: "Oh wow indubitably most serious indeed! Let's put 2 scrumbag masters on the issue, we will tackle this in a most agile manner! We shall use AI blockchains in the elastic cloud to encrypt those ball-colors!"

NO WHAT I MEANT WAS WHY THE FUCK DO WE EVEN STORE THAT INFORMATION. IT DOES IN NO WAY RELATE TO OUR BUSINESS!

"No reason, just future requirements for our data scientists"

I'M GRABBING A HARDDRIVE SHREDDER, THE DB SERVER GOES FIRST AND YOUR PENIS RIGHT AFTER THAT!

(if it's unclear, ball color was an optimistic euphemism for what boiled down to an analytics value which might as well have been "nigger: yes/no")

Sooooo me and the lead dev got placed in the wrong job classification at work.

Without sounding too mean, we are placed under the same descriptor and pay scale reserved for secretaries, janitors and the people that do maintenance at work(we work for a college as developers) whilst our cowormer who manages the cms got the correct classification.

The manager went apeshit because the guidelines state that:

Making software products
Administration of dbs
Server maintenance and troubleshooting
Security (network)

And a lot of shit is covered on the exemption list and it is things that we do by a wide fucking margin. The classification would technically prohibit us from developing software and the whole it dptmnt went apeshit over it since he(lead developer) refuses (rightfully so) to touch anything and do basically nothing other than generate reports.

Its a fun situation. While we both got a substantial raise in salary(go figure) we also got demoted at the same time.

There is a department in IT which deals with the databases for other major applications, their title is "programmers" yet for some reason me and the lead end up writing all the sql code that they ever need. They make waaaaay more money than me and the lead do, even in the correct classification.

Resolution: manager is working with the head of the department to correct this blasphemy WHILE asking for a higher pay than even the "programmers"

I love this woman. She has balls man. When the president of the school paraded around the office asking for an update on a high priority app she said that I am being gracious enough to work on it even though i am not supposed to. The fucking prick asked if i could speed it up to where she said that most of my work I do it on my off time, which by law is now something that I cannot do for the school and that she does not expect any of her devs to do jack shit unless shit gets fixed quick. With the correct pay.

Naturally, the president did not like such predicament and thus urged the HR department(which is globally hated now since they fucked up everyone's classification) to fix it.

Dunno if I will get above the pay that she requested. But seeing that royal ammount of LADY BALLS really means something to me. Which is why i would not trade that woman for a job at any of my dream workplaces.

Meanwhile, the level of stress placed my 12 years of service diabetic lead dev at the hospital. Fuck the hr department for real, fuck the vps of the school that fucked this up royally and fuck people in this city in general. I really care for my team, and the lead dev is one of my best friends and a good developer, this shit will not fucking go unnoticed and the HR department is now in low priority level for the software that we build for them

Still. I am amazed to have a manager that actually looks out for us instead of putting a nice face for the pricks that screwed us over.

I have been working since I was 16, went through the Army, am 27 now and it is the first time that I have seen such manager.

She can't read this, but she knows how much I appreciate her.

Designer: Need to file a bug, I'm not getting an option to login with FaceID

Me: Oh weird bug. Is it setup on the phone you are testing with?

Designer: yes, use it in all other apps

Me: Did you get an error during onboarding on the FaceID screen?

Designer: nope no error

Me: ..... hhhmm, can you show me your settings?

Me: ... eh, says you have FaceID disabled for this app ... did you click "No" to FaceID during onboarding?

Designer: Yes, to test edge cases

Me: ................ ok ........ if you setup the app and told it to not allow FaceID to login ......... you won't get the ability to use FaceID to login .......... like .... by design .... on purpose ...... cause .... you told it to do that

Designer: No no, it needs to have a setting on the login screen to allow me to turn that back on incase I forget my passcode

Me: the fuck it does. Yeah we can't have anything on the login page that says, without authorization, change my settings

*Deep breath*

Me: Remember we had this conversation previously, where you didn't want the user to create a passcode during onboarding as it was too much friction, and wanted to do FaceID only. With your backup plan being to allow the user to create a NEW passcode on the login screen if FaceID failed .... remember that discussion we had about security? ... and how its important? ... and that we like having any? Ok so its the same reason as that, just with a different setting this time

Designer: ... hhmm i'm not sure I like this

Me: ... tough luck then, not happening

Me: oh and btw, remember we had that other talk about reproduction steps for bugs? Like when the app crashed and you told me it was because its in light mode, and nothing else at all? So disabling FaceID, is very relevant info to the problem of "I can't login with FaceID", please tell me these things first

Fuck me, big fucking security flaw with a UK internet service provider, my head has gone through my desk and hit the floor it’s that bad.

Root rents an office.

Among very few other things, the company I'm renting an office from (Regus) provides wifi, but it isn't even bloody secured. There's a captive portal with a lovely (not.) privacy policy saying they're free to monitor your traffic, but they didn't even bother using WEP, which ofc means everyone else out to the fucking parking lot four floors down can monitor my traffic, too.

Good thing I don't work for a company that handles sensitive data! /s But at least I don't have access to it, or any creds that matter.

So, I've been running my phone's connection through a tor vpn and sharing that with my lappy. It works, provides a little bit of security, but it's slow as crap. GET YOUR SHIT TOGETHER, REGUS.

AND WHILE YOU'RE AT IT, CLEAN THE SHIT OUT OF THE FUCKING BATHROOM FFS.

Ugh. $12/day to work in a freaking wind tunnel (thanks, a/c; you're loud as fuck and barely work), hear other people's phone conversations through two freaking walls, pee in a bathroom that perpetually smells like diarrhea, and allow anyone and everyone within a 50+ meter radius to listen to everything my computer says.

Oh, they also 'forgot' to furnish my office, like they promised. Three freaking times. At least I have a table and chair. 🙄

Desk? What desk?
Fucking hell.

I can't believe this company.

They want to stop using Certificates because it bothers the customer.

I had to use https because we were using service workers for a PWA.

I tried explaining we need them for the product to work, and also it's a basic security measure.

They were removing the certificates without my knowledge.

I found out because a colleague wanted a way to disable the service worker and asked me for help.

The manager said your not the boss of the company, it's not your company to make decisions.

Just do what they say, he tried to justify the decision from above, I said ok when was the last time you installed a certificate? he said never.
Ok, then what the fuck are you talking about, its 10 minutes to get a certificate letscrypt HELLO.

This company is very hierarchical 1900 style, I'm the person who does innovation in the organization, that's the most fucked up part, they say no to everything.
OMG, I'm going to quit.

There just asking to get hacked, this is just the tip of the iceberg.

Is this common or are they morons?

- I'm forced to do dev on Windows with no admin because security
- We receive patches to critical systems from outside company on FTP secured with password "asd123" and install them without reading because fuck security

Wow... this is the perfect week for this topic.

Thursday, is the most fucked off I’ve ever been at work.

I’ll preface this story by saying that I won’t name names in the public domain to avoid anyone having something to use against me in court. But, I’m all for the freedom of information so please DM if you want to know who I’m talking about.

Yesterday I handed in my resignation, to the company that looked after me for my first 5 years out of university.

Thursday was my breaking point but to understand why I resigned you need a little back story.

I’m a developer for a corporate in a team of 10 or so.

The company that I work for is systemically incompetent and have shown me this without fail over the last 6 months.

For the last year we’ve had a brilliant contracted, AWS Certified developer who writes clean as hell hybrid mobile apps in Ion3, node, couch and a tonne of other up to the minute technologies. Shout out to Morpheus you legend, I know you’re here.

At its core my job as a developer is to develop and get a product into the end users hands.

Morpheus was taking some shit, and coming back to his desk angry as fuck over the last few months... as one of the more experienced devs and someone who gives a fuck I asked him what was up.

He told me, company want their mobile app that he’s developed on internal infrastructure... and that that wasn’t going to work.

Que a week of me validating his opinion, looking through his work and bringing myself up to speed.

I came to the conclusion that he’d done exactly what he was asked to, brilliant Work, clean code, great consideration to performance and UX in his design. He did really well. Crucially, the infrastructure proposed was self-contradicting, it wouldn’t work and if they tried to fudge it in it would barely fucking run.

So I told everyone I had the same opinion as him.

4 months of fucking arguing with internal PMs, managers and the project team go by... me and morpheus are told we’re not on the project.

The breaking point for me came last Wednesday, given no knowledge of the tech, some project fannies said Morpheus should be removed and his contract terminated.

I was up in fucking arms. He’d done everything really well, to see a fellow developer take shit for doing his job better than anyone else in [company] could was soul destroying.

That was the straw on the camels back. We don’t come to work to take shit for doing a good job. We don’t allow our superiors to give people shit in our team when they’re doing nothing but a good job. And you know what: the opinion of the person that knows what they’re talking about is worth 10 times that of the fools who don’t.

My manager told me to hold off, the person supposed to be supporting us told me to stand down. I told him I was going to get the app to the business lead because he fucking loves it and can tell us if there’s anything to change whilst architecture sorts out their outdated fucking ideas.

Stand down James. Do nothing. Don’t do your job. Don’t back Morpheus with his skills and abilities well beyond any of ours. Do nothing.

That was the deciding point for me, I said if Morpheus goes... I go... but then they continued their nonsense, so I’m going anyway.

I made the decision Thursday, and Friday had recruiters chomping at the bit to put the proper “senior” back in my title, and pay me what I’m worth.

The other issues that caused me to see this company in it’s true form:
- I raised a key security issue, documented it, and passed it over to the security team.
- they understood, and told the business users “we cannot use ArcGIS’ mobile apps, they don’t even pretend to be secure”
- the business users are still using the apps going into the GDPR because they don’t understand the ramifications of the decisions they’re making.

I noticed recently that [company] is completely unable to finish a project to time or budget... and that it’s always the developers put to blame.

I also noticed that middle management is in a constant state of flux with reorganisations because in truth the upper managers know they need to sack them.

For me though, it was that developers in [company], the people that know what they’re talking about; are never listened to.

Fuck being resigned to doing a shit job.

Fuck this company. On to one that can do it right.

Morpheus you beautiful bastard I know you’ll be off soon too but I also feel I’ve made a friend for life. “Private cloud” my arse.

Since making the decision Thursday I feel a lot more free, I have open job offers at places that do this well. I have a position of power in the company to demand what I need and get it. And I have the CEO and CTO’s ears perking up because their department is absolutely shocking.

Freedom is a wonderful feeling.

I now know another person's password without even wanting to.

He was sitting in the row in front of me, logging into our course page and then *brrrrraaaaapppp* - ran his index finger along the top number row and hit enter.

1234567890

I don't even know what to say.

So this shit happened today...

We were asked to implement a functionality on the device that allows it to go to standby mode to save battery power. Once the device enters that state, it can only be woken up by actual bus-network activity, and usually that means connecting a shit-ton of wiring harness and network emulation devices... Before implementing and releasing the device software that does this, we told that fucktard customer how difficult it would be for him to connect to the device without such a setup. He seemed to be fine with it and said rather arrogantly that we should implement the requirement as asked...

Well okay you cock-sucking motherfucker, you'll get exactly what you asked for... We implement the functionality and deliver the software...

Now this pile of shit comes back running his mouth on how the device tears down all its interfaces (to reduce power consumption) and he can't connect to the device anymore.... Well what else were you expecting you dickhead.
To make things worse for me apparently he runs to the manager describing his apparent problem. Both of them come to my desk.. With that fucking Bastard hiding his smugly mug behind the manager's back... He thought he was going to have the upper hand... Well guess what fucked piece of shit, I came prepared... I showed the manager how this was a part of the requirements by throwing that JIRA ID in their faces... The manager seems to understand but this relentless fuck wanted me to implement a "workaround" that would allow him to connect to the device easily... The manager almost had me implement that workaround, when I expose a huge security flaw in doing so. Guess what, now the entire team comes to my desk and start supporting my statement... To make it better they also tell how doing so will violate other requirements...

I've never felt so happy in my entire fucking career, when the entire team stood by me and watched that asshole drag his sorry ass back to his place

Following a conversation with a fellow devRanter this came to my mind ago, happened a year or two ago I think.

Was searching for an online note taking app which also provided open source end to end encryption.

After searching for a while I found something that looked alright (do not remember the URL/site too badly). They used pretty good open source JS crypto libraries so it seemed very good!

Then I noticed that the site itself did NOT ran SSL (putting the https:// in front of the site name resulted in site not found or something similar).

Went to the Q/A section because that's really weird.

Saw the answer to that question:

"Since the notes are end to end encrypted client side anyways, we don't see the point in adding SSL. It's secure enough this way".

😵

I emailed them right away explaing that any party inbetween their server(s) and the browser could do anything with the request (includingt the cryptographic JS code) so they should start going onto SSL very very fast.

Too badly I never received a reply.

People, if you ever work with client side crypto, ALWAYS use SSL. Also with valid certs!

The NSA for example has this thing known as the 'Quantum Insert' attack which they can deploy worldwide which basically is an attack where they detect requests being made to servers and reply quickly with their own version of that code which is very probably backdoored.

This attack cannot be performed if you use SSL! (of course only if they don't have your private keys but lets assume that for now)
Luckily Fox-IT (formerly Dutch cyber security company) wrote a Snort (Intrustion Detection System) module for detecting this attack.

Anyways, Always use SSL if you do anything at all with crypto/sensitive data! Actually, always use it but at the very LEAST really do it when you process the mentioned above!

A CMS raping WordPress so hard up the ass till there is no tomorrow. I hate that bastardized piece of fuck. “Hey I want you to fix my page and its wordpress. I pay 20 bucks.“ Well fuck you too sir. Wordpress is no cms you wanna be coders. Get back to your fucking photoshop and design something original! Every fucking wp page looks the same. Every “nice feature“ is some kind of monkeypatched workarround. No problem i set preview pictures for every post just to enable some weird slider to function.

I also love those buttfucked files with just a “require foo“ which also just requires “bar“. Drop that fuck. Implement autoloading. Nobody uses php4 anymore step into the future. “easy to learn“ fuck me and fuck you untill you vomit jizz! Clusterfucked spaghetticode thats easy, easy to put another rotten load of clusterfuck on top. Also those security features. I put an empty index.php to prevent directory traversal. N I C E! Stop using wordpress as CMS, its a blog engine. Nothing great has every been written on top of wordpress and never will. I dare you to deny everything related to it and if you are one of those designer guyd, you can gargle my jizz you fucknut!

Starting 2017 i will start a counter and rape every 10th Wordpress which gets abused as cms i encounter into oblivion on their 0,99$ webhosting shit.

Fuck this I'm so mad about that crap

Fucking crunchyroll hardcodes their access tokens in a Constants Class in their APK, technically that is a security issue.

What the actual fuck Crunchyroll!? No fucking wonder you got DNS Hijacked so quick, security is literally your second priority you dumbed down twats, get some real devs and some real QAs for fucking god sakes, you're tearing down your own system by inviting exploits.

A colleague and I spent a month building a Shopify app that allows merchants to give customers store credit.

Since Shopify's API is so limited, we were forced to augment it's functionality with a Chrome extension.

Now before you go throwing full wine bottles at your screen because of how wrong and disgusting that is, note that Shopify's official documentation recommends 5 different extensions to augment functionality in their admin panel, so as gross as it is, it seems to be the Shopify way...

Today we got a reply from their review team. They won't accept the app because it requires a Chrome extension to work properly and that is a security risk.

Are you fucking kidding me? So I guess Shopify is exempt from their own security standards. Good to know.

Not to mention the plethora of published apps that require a staff account's username and password to be provided in plain text upon setup so it can spoof a login and subsequent requests to undocumented endpoints.

Fuck you and your "security standard" Shopify!

I thought this launch (security/privacy blog) would go smooth:
- analytics fell, except for one thing, apart for yet unknown reasons
- MySQL came with a very weird error which took me like half an hour of research before I hacked my way past it.
- the firewall started to fuck around for no reason, works now though.

Nginx worked without issues though, as well as NetData 😅

Yeah, didn't go as planned :P

@JoshBent suggested that I'd make a blog about security.

Nice idea, fair enough!

*registers domain at provider with discounts at the moment*
*tries to find whois protection option*

"You can add WHOIS protection to your account as an upgrade"

*requests authorization token*

*logs into usual domain name provider account*

*transfers domain name*

*anonymizes WHOIS details within two seconds*

I could've stayed and ask them about the cost etc but the fact that they even HAVE a price for protecting WHOIS data is a no-go for me.

Fuck domain name resellers which ask money for protecting ones WHOIS information (where possible).

I downloaded an API. Said API requires Java. Said Java version is 1.6... you can no longer download 1.7 or earlier versions..

RIP.

I've recently red a blog post stating 'Google leaves x Million Android devices vulnerable to a new Exploit'
I don't really sympathize with Google, but it's simply the wrong message... It should be more like FUCK VENDORS, WHO WON'T SUPPLY UPDATES TO DEVICES OLDER THAN 1.5 YEARS
Seriously, it's them who make you stuck on outdated OS versions... Just imagine you could only install Windows Vista on your 2014 Lenovo ThinkPad, because it's considered outdated...
FUCK VENDORS (again, just in case)

A Developer is desperate: his java application servers are unresponsive, thousand of dead zombie threads are sucking all cpus, memory is leaking everywhere, garbage collector has gone crazy, the cluster sessions are fucked....

The Developer goes to the closest bridge, ties a stone to his neck and gets ready to jump.

Suddenly a bearded old man with a fiery look runs toward him, yelling:
- stop stop!!!! Your application is not scaling and misconfigured, your servers are melting, cpu usage is not sustainable anymore, but don't despair

The Developer, puzzled, looks at him:
-I've never seen you...how do you know...
- Hey, man, I'm the Devil. I know everything. All your problems are solved. I'll give you magic functions. They are called Lambda.
You'll never have to worry about your servers, scalability, security, configuration and shit.

The Developer seems astonished but relieved:
- Ok, sounds great! let's try it - suddenly suspicion creeps in - hmmmm but you are the Devil....so...you want something back, don't you?
(the Devil nods lightly with a diabolic smile)
- ...and...you want my soul, I guess...
- your soul??? come on!!! - the Devil burst in a laugh - we are in 2019. I don't care about your soul. I want your ass.
- What!???!!!?
- yes, I want to fuck your ass

The Developer, evaluates quickly the situation.
Few moments of pain or slight discomfort (?) in exchange for magic lambda. It could be worth. He accepts.

After a while of rough anal fucking, the devil asks
- Hey, how old are you anyway?
- 45, why?
- Oh jeeez...45!!!??? and you still believe in the devil?

"fuck security, no one will hack us"

Brace yourself, organs are going on the black market for the iPhone X.

I haven’t seen the keynote yet, but $2,000 for a phone, seriously this fucker better be making me coffee in the morning, if I have to sell my fucking kidneys and right leg to buy this one.

Ooh it offers a Face ID, cool so now I can stick a photo up at the camera and unlock my phone - security!!

It’s got a wireless charger***, sort of, still needs a useless ugly fucking charging pad .

And they’re even nice enough to put those shitty ear pods in the box.

Fuck you apple, I think it’s time I jumped off this over priced band wagon.

Forgive me father, for I have sinned.  Alot actually, but I'm here for technical sins.  Okay, a particular series of technical sins.  Sit your ass back down padre, you signed up for this shit.  Where was I?  Right, it has been 11429 days since my last confession.  May this serve as equal parts rant, confession, and record for the poor SOB who comes after me.

Ended up in a job where everything was done manually or controlled by rickety Access "apps".  Many manhours were wasted on sitting and waiting for the main system to spit out a query download so it could be parsed by hand or loaded into one of the aforementioned apps that had a nasty habit of locking up the aged hardware that we were allowed.  Updates to the system were done through and awful utility that tended to cut out silently, fail loudly and randomly, or post data horrifically wrong.

Fuck that noise.  Floated the idea of automating downloads and uploads to bossman.  This is where I learned that the main system had no SQL socket by default, but the vendor managing the system could provide one for an obscene amount of money.  There was no buy in from above, not worth the price.

Automated it anyway.  Main system had a free form entry field, ostensibly for handwriting SELECT queries.  Using Python, AutoHotkey, and glorified copy-pasting, it worked after a fashion.  Showed the time saved by not having to do downloads manually.  Got us the buy in we needed, bigwigs get negotiating with the vendor, told to start developing something based on some docs from the vendor.  Keep the hacky solution running as team loves not having to waste time on downloads.

Found SQLi vulnerability in the above free form query system, brought it up to bossman to bring up the chain.  Vulnerability still there months later.  Test using it for automated updates.  Works and is magnitudes more stable than update utility.  Bring it up again and show the time we can save exploiting it.  Decision made to use it while it exists, saves more time.  Team happier, able to actual develop solutions uninterrupted now.  Using Python, AutoHotkey, glorified copy-pasting, and SQLi in the course of day to day business critical work.  Ugliest hacky thing I've ever caused to exist.

Flash forward 6 years.  Automation system now in heavy use acrossed two companies.  Handles all automatic downloads for several departments, 1 million+ discrete updates daily with alot of room for expansion, stuff runs 24/7 on schedule, most former Access apps now gone and written sanely and managed by the automation system.  Its on real hardware with real databases and security behind it.

It is still using AutoHotkey, copy-paste, and SQLi to interface with the main system.  There never was and never will be a SQL socket.  Keep this hellbeast I've spawned chugging along.

I've pointed out how many ways this can all go pearshaped.  I've pointed out that one day the vendor will get their shit together they'll come in post system update and nothing will work anymore.  I've pointed out the danger in continuing to use the system with such a glaring SQLi vulnerability.

Noone cares.  Won't be my problem soon enough.

In no particular order:
Fuck management for not fighting for a good system interface
Fuck the vendor for A) not having a SQL socket and B) leaving the SQLi vulnerability there this long
Fuck me for bringing this thing into existence

It's enough. I have to quit my job.

December last year I've started working for a company doing finance. Since it was a serious-sounding field, I tought I'd be better off than with my previous employer. Which was kinda the family-agency where you can do pretty much anything you want without any real concequences, nor structures. I liked it, but the professionalism was missing.

Turns out, they do operate more professionally, but the intern mood and commitment is awful. They all pretty much bash on eachother. And the root cause of this and why it will stay like this is simply the Project Lead.

The plan was that I was positioned as glue between Design/UX and Backend to then make the best Frontend for the situation. Since that is somewhat new and has the most potential to get better. Beside, this is what the customer sees everyday.

After just two months, an retrospective and a hell lot of communication with co-workers, I've decided that there is no other way other than to leave.

I had a weekly productivity of 60h+ (work and private, sometimes up to 80h). I had no problems with that, I was happy to work, but since working in this company, my weekly productivity dropped to 25~30h. Not only can I not work for a whole proper work-week, this time still includes private projects. So in hindsight, I efficiently work less than 20h for my actual job.

The Product lead just wants feature on top of feature, our customers don't want to pay concepts, but also won't give us exact specifications on what they want.
Refactoring is forbidden since we get to many issues/bugs on a daily basis so we won't get time.
An re-design is forbidden because that would mean that all Screens have to be re-designed.
The product should be responsive, but none of the components feel finished on Desktop - don't talk about mobile, it doesn't exist.
The Designer next to me has to make 200+ Screens for Desktop and Mobile JUST so we can change the primary colors for an potential new customer, nothing more. Remember that we don't have responsiveness? Guess what, that should be purposely included on the Designs (and it looks awful).
I may hate PHP, but I can still work with it. But not here, this is worse then any ecommerce. I have to fix legacy backend code that has no test coverage. But I haven't touched php for 4 years, letalone wrote sql (I hate it). There should be no reason whatsoever to let me do this kind of work, as FRONTEND ARCHITECT.

After an (short) analysis of the Frontend, I conclude that it is required to be rewritten to 90%. There have been no performance checks for the Client/UI, therefor not only the components behave badly, but the whole system is slow as FUCK! Back in my days I wrote jQuery, but even that shit was faster than the architecuture of this React Multi-instance app. Nothing is shared, most of the AppState correlate to other instances.

The Backend. Oh boy. Not only do we use an shitty outated open-source project with tons of XSS possibillities as base, no we clone that shit and COPY OUR SOURCES ON TOP. But since these people also don't want to write SQL, they tought using Symfony as base on top of the base would be an good idea.
Generally speaking (and done right), this is true. but not then there will be no time and not properly checked. As I said I'm working on Legacy code. And the more I look into it, the more Bugs I find. Nothing too bad, but it's still a bad sign why the webservices are buggy in general. And therefor, the buggyness has to travel into the frontend.

And now the last goodies:
- Composer itself is commited to the repo (the fucking .phar!)
- Deployments never work and every release is done manually
- We commit an "_TRASH" folder
- There is an secret ongoing refactoring in the root of the Project called "_REFACTORING" (right, no branches)
- I cannot test locally, nor have just the Frontend locally connected to the Staging webservices
- I am required to upload my sources I write to an in-house server that get's shared with the other coworkers
- This is the only Linux server here and all of the permissions are fucked up
- We don't have versions, nor builds, we use the current Date as build number, but nothing simple to read, nonono. It's has to be an german Date, with only numbers and has always to end with "00"
- They take security "super serious" but disable the abillity to unlock your device with your fingerprint sensor ON PURPOSE

My brain hurts, maybe I'll post more on this shit fucking cuntfuck company. Sorry to be rude, but this triggers me sooo much!

ARGH. I wrote a long rant containing a bunch of gems from the codebase at @work, and lost it.

I'll summarize the few I remember.

First, the cliche:
if (x == true) { return true; } else { return false; };
Seriously written (more than once) by the "legendary" devs themselves.

Then, lots of typos in constants (and methods, and comments, and ...) like:
SMD_AGENT_SHCEDULE_XYZ = '5-year-old-typo'

and gems like:

def hot_garbage
magic = [nil, '']
magic = [0, nil] if something_something
success = other_method_that_returns_nothing(magic)
if success == true
return true # signal success
end
end

^ That one is from our glorious self-proclaimed leader / "engineering director" / the junior dev thundercunt on a power trip. Good stuff.

Next up are a few of my personal favorites:

Report.run_every 4.hours # Every 6 hours
Daemon.run_at_hour 6 # Daily at 8am

LANG_ENGLISH = :en
LANG_SPANISH = :sp # because fuck standards, right?

And for design decisions...

The code was supposed to support multiple currencies, but just disregards them and sets a hardcoded 'usd' instead -- and the system stores that string on literally hundreds of millions of records, often multiple times too (e.g. for payment, display fees, etc). and! AND! IT'S ALWAYS A FUCKING VARCHAR(255)! So a single payment record uses 768 bytes to store 'usd' 'usd' 'usd'

I'd mention the design decisions that led to the 35 second minimum pay API response time (often 55 sec), but i don't remember the details well enough.

Also:
The senior devs can get pretty much anything through code review. So can the dev accountants. and ... well, pretty much everyone else. Seriously, i have absolutely no idea how all of this shit managed to get published.

But speaking of code reviews: Some security holes are allowed through because (and i quote) "they already exist elsewhere in the codebase." You can't make this up.

Oh, and another!
In a feature that merges two user objects and all their data, there's a method to generate a unique ID. It concatenates 12 random numbers (one at a time, ofc) then checks the database to see if that id already exists. It tries this 20 times, and uses the first unique one... or falls through and uses its last attempt. This ofc leads to collisions, and those collisions are messy and require a db rollback to fix. gg. This was written by the "legendary" dev himself, replete with his signature single-letter variable names. I brought it up and he laughed it off, saying the collisions have been rare enough it doesn't really matter so he won't fix it.

Yep, it's garbage all the way down.

Customer: «We want all the users belonging to this organization share the same username and password»
[Editor's note: we are talking about 500 users, more or less half of the total in the system]
Customer, after some minutes: «It's very important for us having the web interface using HTTPS, because we care security a lot».
So, please, go fuck yourself. And die.

The tech stack at my current gig is the worst shit I’ve ever dealt with...

I can’t fucking stand programs, especially browser based programs, to open new windows. New tab, okay sure, ideally I just want the current tab I’m on to update when I click on a link.

Ticketing system: Autotask
Fucking opens up with a crappy piss poor sorting method and no proper filtering for ticket views. Nope you have to go create a fucking dashboard to parse/filter the shit you want to see. So I either have to go create a metric-arse tonne of custom ticket views and switch between them or just use the default turdburger view. Add to that that when I click on a ticket, it opens another fucking window with the ticket information. If I want to do time entry, it just feels some primal need to open another fucking window!!! Then even if I mark the ticket complete it just minimizes the goddamn second ticket window. So my jankbox-supreme PC that my company provided gets to strugglepuff along trying to keep 10 million chrome windows open. Yeah, sure 6GB of ram is great for IT work, especially when using hot steaming piles of trashjuice software!

I have to manually close these windows regularly throughout the day or the system just shits the bed and halts.

RMM tool: Continuum
This fucker takes the goddamn soggy waffle award for being utterly fucking useless. Same problem with the windows as autotask except this special snowflake likes to open a login prompt as a full-fuck-mothering-new window when we need to open a LMI rescue session!!! I need to enter a username and a password. That’s it! I don’t need a full screen window to enter credentials! FUCK!!! Btw the LMI tools only work like 70% of the time and drag ass compared to literally every other remote support tool I’ve ever used. I’ve found that it’s sometimes just faster to walk someone through enabling RDP on their system then remoting in from another system where LMI didn’t decide to be fully suicidal and just kill itself.

Our fucking chief asshat and sergeant fucknuts mcdoogal can’t fucking setup anything so the antivirus software is pushed to all client systems but everything is just set to the default site settings. Absolutely zero care or thought or effort was put forth and these gorilla spunk drinking, rimjob jockey motherfuckers sell this as a managed AntiVirus.

We use a shitty password manager than no one besides I use because there is a fully unencrypted oneNote notebook that everyone uses because fuck security right? “Sometimes it’s just faster to have the passwords at the ready without having to log into the password manager.” Chief Asshat in my first week on the job.

Not to mention that windows server is unlicensed in almost every client environment, the domain admin password is same across multiple client sites, is the same password to log into firewalls, and office 365 environments!!!

I’ve brought up tons of ways to fix these problems, but they have their heads so far up their own asses getting high on undeserved smugness since “they have been in business for almost ten years”. Like, Whoop Dee MotherFucking Doo! You have only been lucky to skate by with this dumpster fire you call a software stack, you could probably fill 10 olympic sized swimming pools to the brim with the logarrhea that flows from your gullets not only to us but also to your customers, and you won’t implement anything that is good for you, your company, or your poor clients because you take ten minutes to try and understand something new.

I’m fucking livid because I’m stuck in a position where I can’t just quit and work on my business full time. I’m married and have a 6m old baby. Between both my wife and I working we barely make ends meet and there’s absolutely zero reason that I couldn’t be providing better service to customers without having to lie through my teeth to them and I could easily support my family and be about 264826290461% happier!

But because we make so little, I can’t scrap together enough money to get Terranimbus (my startup) bootstrapped. We have zero expendable/savable income each month and it’s killing my soul. It’s so fucking frustrating knowing that a little time and some capital is all that stands between a better life for my family and I and being able to provide a better overall service out there over these kinds of shady as fuck knob gobblers.

I'm fixing a security exploit, and it's a goddamn mountain of fuckups.

First, some idiot (read: the legendary dev himself) decided to use a gem to do some basic fucking searching instead of writing a simple fucking query.

Second, security ... didn't just drop the ball, they shit on it and flushed it down the toilet. The gem in question allows users to search by FUCKING EVERYTHING on EVERY FUCKING TABLE IN THE DB using really nice tools, actually, that let you do fancy things like traverse all the internal associations to find the users table, then list all users whose password reset hashes begin with "a" then "ab" then "abc" ... Want to steal an account? Hell, want to automate stealing all accounts? Only takes a few hundred requests apiece! Oooh, there's CC data, too, and its encryption keys!

Third, the gem does actually allow whitelisting associations, methods, etc. but ... well, the documentation actually recommends against it for whatever fucking reason, and that whitelisting is about as fine-grained as a club. You wanna restrict it to accessing the "name" column, but it needs to access both the "site" and "user" tables? Cool, users can now access site.name AND user.name... which is PII and totally leads to hefty fines. Thanks!

Fourth. If the gem can't access something thanks to the whitelist, it doesn't catch the exception and give you a useful error message or anything, no way. It just throws NoMethodErrors because fuck you. Good luck figuring out what they mean, especially if you have no idea you're even using the fucking thing.

Fifth. Thanks to the follower mentality prevalent in this hellhole, this shit is now used in a lot of places (and all indirectly!) so there's no searching for uses. Once I banhammer everything... well, loads of shit is going to break, and I won't have a fucking clue where because very few of these brainless sheep write decent test coverage (or even fucking write view tests), so I'll be doing tons of manual fucking testing. Oh, and I only have a week to finish everything, because fucking of course.

So, in summary. The stupid and lazy (and legendary!) dev fucked up. The stupid gem's author fucked up, and kept fucking up. The stupid devs followed the first fuckup's lead and repeated his fuck up, and fucked up on their own some more. It's fuckups all the fucking way down.

My IT team installed Antivirus on my 5 year old Mac Mini due to company security policy after the recent Ransomware attacks.
Now my Mac is slow as fuck. They are not even providing me new Mac, due to budget constraints. Totally fucked.
Fuck Ransomware. Fuck security policies. Fuck my company. Fuck everyone. Fuck everything. 😤

Someone should write a really infectious virus for Linux to make all the fanboys shut the fuck up about security.

DevOps required skillset:

* Frontend engineering
* Backend services
* Database administrator
* Security consultant
* Project management
* 3rd party contract negotiator
* Build system monitor
* Build system hostage negotiator
* Paging, alerting, monitoring
* Search server admin
* Old search server admin
* Old-old-new search server admin
* Redis, ElasticSearch, MySQL, PostGres, owner
* Agile coach
* No you shouldn't do that coach
* Oh, you did that anyway coach
* DNS: (Optional) It'll replicate when it wants, and how it wants to to anyway
* Multi-Cloud deployment strategist
* Must be able to translate Klingon to YAML, and YAML to MySQL
* Cost analyzer, reducer, and justifier
* Complex documentation generation in markdown that we should have done years ago anyway
* Marketing's email went to spam analyzer
* Wordpress is broke fixer
* Where the fuck does Wordpress run anyway?
* Ability to fix MySql running Wordpress on marketing's dusty laptop

Getting real fucking sick of shitty websites excessive security measures!

1. Username
2. Password
3. Captcha
4. Mandatory 2FA

We don't recognize your IP, please log into your email, click the link, get redirected and complete steps 1-4 again! Also the site will time out in 10 minutes if you aren't actively using it. Have a nice day!

Go fuck yourself.

Just got a new TV, 4K... it’s one of those smart ones, by Samsung.

Anyone want to explain what the fuck “McAfee Security for TV” is, and why the fuck it is necessary!?

What kind, of absolute waster madman goes “I know what I’ma do today, write a virus for a tv”!?

Take that shit elsewhere McAfee.

Now accepting any links to known Smart TV 0-days and attacks...

And I had to sign in to 5 different fucking accounts to get to the fucking tv.

The world is broke as fuck. Roll on the apocalypse.

Damn, credit cards are so fucking secure these days that you hardly can BUY shit with them!
I need some special electronics that I only can get from a vendor in the US, which is overseas. Click click, buy, done. Well no, credit card refused. WTF? Click retry link. No, still refused. FUCK.
Called up the 24/7 hotline of my CC company. Oh yeah, that got blocked by the security system, somehow. We disable that for 20 minutes, just retry. Clicked retry link at the vendor. No failure mail. Hmmm, too good to be true?! Called up the electronics vendor. Yeah should work, stuff is in the warehouse stage. 40 minutes later: credit card declined. FUCK.
Called up the CC company again. Ok, disable blocker for one hour. Nice advice from them, tell the vendor it's only 45 minutes so that there's some buffer. Clicked retry link at the vendor and called them up to make sure that they retry before the time runs out.
LO AND BEHOLD, I could finally pay the shit!!

While writing up this quarter's performance review, I re-read last quarter's goals, and found one my boss edited and added a minimum to: "Release more features that customers want and enjoy using, prioritized by product; minimum 4 product feature/bug tickets this quarter."

... they then proceeded to give me, not four+ product tickets, but: three security tickets (two of which are big projects), a frontend ticket that should have been assigned to the designer, and a slow query performance ticket -- on top of my existing security tickets from Q3.

How the fuck was I supposed to meet this requirement if I wasn't given any product tickets? What, finish the monster tickets in a week instead of a month or more each and beg for new product tickets from the product manager who refuses to even talk to me?

Fuck these people, seriously.

TIL that TI has no goddamn chill

Texas Instruments released the TI-83+ calculator model in 1996. The Z80 was not at all stock and has the following features:

- 3 access levels (priveleged kernel, kernel, user)
- Locking Flash (R/O when locked for most pages, some pages protected and unreadable as well, only unlockable from protected Flash pages by reading a certain order of bits then setting a port)
- Locking hardware ports (lock state always the same as flash)
- Customizable execution whitelist range (via locked ports)
- Configurable hardware (Flash/RAM size changeable in software via locked ports, max RAM is 8MB which is fucking mental compared to the 64k in the thing)
- Userland virtualization (always-on)
- Reset on violation of security model
- Multithreading
- Software-overclockable CPU
- Hardware MD5 and cert handling

TI made a calculator in 1996 with security features PCs wouldn't see until like 2010 what the *actual* fuck

When you get a system update and think it's Oreo, but it's just a security update. Fuck you Lenovo

So... Some fake accounts on Twitter claimed to be Elon Musk and to give shitloads of Bitcoin to those who sent a little amount first. They stole... Wait for it... 180 grand.

That's basically your everyday 419 scam. Existing since before the internet, done with the names of Gates, Buffet, Bush, Obama...

They say "the big bad evil criminals and the poor little innocent victims" I say natural selection. Sorry, in those lion vs gazelle scenarios I always thought that it was fair, no matter how it went.

Just when did humanity get so brainless? Have we always been, is the internet just a catalyst for stupidity?

Just why the fuck must I be an infosec sheepdog instead of a wolf? Man, I could live the life, drink beer and smoke herb while working... Get up at 12, don't give a shit, no boss, no taxes, no social security payments that I don't see jack shit from, and the pay would be better to.

Damn.

!!oracle

I'm trying to install a minecraft modpack to play with a friend, and I'm super psyced about it. According to the modpack instructions, the first step is to download the java8 jre. Not sure if I actually need it or not, but it can download while I'm doing everything else, so I dutifully go to the download page and find the appropriate version. The download link does point to the file, but redirects to a login page instead. Apparently I need an oracle account to download anything on their site. stupid.

So I make an account. It requires my life story, or at least full name and address and phone number. stupid. So my name is now "fuck off" and I live in Hell, Michigan. My email is also "gofuckyourself" because I'm feeling spiteful. Also, for some reason every character takes about 3/4ths of a second to type, so it's very slow going. Passwords also cannot contain spaces, which makes me think they're doing some stupid "security" shenanigans like custom reversible encryption with some 5th grade math. or they're just stupid. Whatever, I make the stupid account.

Afterwards, I try to log in, but apparently my browser-saved credentials are wrong? I try a few more times, try enabling all of the javascripts, etc. No beans. Okay, maybe I can't use it until I verify the email? That actually makes some sense. Fine, I go check the throwaway inbox. No verification email. It's been like five minutes, but it's oracle so they probably just failed at it like everything else, so I try to have them resend the email. I find the resend link, and try it. Every time I enter my email address, though, it either gives me a validation error or a server error. I try a few mores times, and give up. I try to log in again; no dice. Giving up, I go do something else for awhile.

On a whim later, I check for the verification email again. Apparently it just takes bloody forever, but it did show up. Except instead of the first name "Fuck" I entered, I'm now "Andrew", apparently. okay.... whatever. I click the verify button anyway, and to my surprise it actually works, and says that I'm now allowed to use my account. Yay!

So, I go back to the login page (from the download link) and enter my credentials. A new error appears! I cannot use redirects, apparently, and "must type in the page address I want to visit manually." huh? okay, i go to the page directly, and see the same bloody error because of course i do because oracle fucking sucks. So I close the page, go back to the download list, click the link, wait for the login page redirect (which is so totally not allowed, apparently, except it works and manual navigation does not. yay backwards!), and try to log in.

Instead of being presented with an error because of the redirect, it lets me (try to) log in. But despite using prefilled creds (and also copy/pasting), it tells me they're invalid. I open a new tab container, clear the cache (just to be thorough), and repeat the above steps. This time it redirects me to a single signon server page (their concept of oauth), and presents me with a system error telling me to contact "the Administrator." -.- Any second attempts, refreshes, etc. just display the same error.

Further attempts to log in from the download page fail with the same invalid credentials error as before.

Fucking oracle and their reverse Midas touch.

Can someone explain to me why the fuck I should even care about the fact, that some companies collect, use and sell my data? I'm not famous, I'm not a politician and I'm not a criminal, I think most of us aren't and won't ever be. We aren't important. So what is this whole bullshittery all about? I seriously don't get it and I find it somewhat weird that especially tech guys and IT "experts" in the media constantly just make up these overly creepy scenarios about big unsafe data collecting companies "stealing" your "private" information. Welcome to the internet, now get the fuck over it or just don't be online. It's your choice, not their's.

I honestly think, some of these "security" companies and "experts" are just making this whole thing bigger than it actually is, because it's a damn good selling point. You can tell people that your app is safe and they'll believe you and buy your shit app because they don't understand and don't care what "safe" or "unsafe" means in this context. They just want to be secure against these "evil monster" companies. The same companies, which you portrayed them as "evil" and "unfair" and "mean" and "unrepentant" for over a decade now.

Just stop it now. All your crappy new "secure" messenger apps have failed awesomely. Delete your life now, please. This isn't about net neutrality or safety on the internet. This is all about you, permanently exaggerating about security and permanently training people to be introverted paranoid egoistic shit people so that they buy your elitist bullshit software.

Sorry for my low english skills, but please stop to exist, thank you.

Company email sent around last night that 'for security' we need to use the latest software, fine. But we are also told only to develop in Edge as it's the newest and most secure browser, therefore is the only one we can use. There no way I'm using Edge to develop.

Fuck you, Mr Consultant, you've taken the company for a ride.

devRant_swear_count++;

I arrived at 8am sharp today, SHARP, I usually arrive 2-3min earlier, so I can start with my actual work at 8am sharp, but traffic was rough and my scooter wouldn't turn on, so I wasn't able to.
Suddenly my boss calls me into his office, being all like "you are late everyday, you won't start work until 5 after 8 yadayada". Wtf?? You know I have a clock on my desk and I always check the clock when I'm arriving at work? (He has security cameras everywhere, so he can actually see me check the clock every morning). This morning I arrived at 8am sharp and the only reason why I started with work late is because he thought it's necessary to remind me to be at work in time. Now he expects me to start with work 5min early everyday, fuck off!

First company I worked for, built around 40 websites with Drupal 7...in only a year (don't know if it's a lot for today's standards, but I was one guy doing everything). Of course I didn't have the time to keep updating everything and I continually insisted to the boss that we need more people if we are going to expand. Of course he kept telling me to keep working harder and that I "got this". Well, after a year a couple of websites got defaced, you know the usual stuff if you've been around for some time. Felt pretty bad at the time, it was a similar feeling to having your car stolen or something.

Anyways, fast forward about 2 years, started working on another company, and well...this one was on another level. They had a total of around 40 websites, with about 10 of them being Joomla 1.5 installations (Dear Lord have mercy on my soul(the security vulnerabilities from these websites only, were greater than Spiderman's responsibilities)) and the others where WordPress websites, all that ON A SINGLE VPS, I mean, come on... Websites being defaced on the daily, pharma-hacks everywhere, server exploding from malware queing about 90k of spam emails on the outbox, server downtime for maintenance happening almost weekly, hosting company mailing me on the daily about the next malware detection adventure etc. Other than that, the guy that I was replacing, was not giving a single fuck. He was like, "dude it's all good here, everything works just fine and all you have to do is keep the clients happy and shit". Sometimes, I hate myself for being too caring and responsible back then.

I'm still having nightmares of that place. Both that office and that VPS.

I've been away, lurking at the shadows (aka too lazy to actually log in) but a post from a new member intrigued me; this is dedicated to @devAstated . It is erratic, and VERY boring.
When I resigned from the Navy, I got a flood of questions from EVERY direction, from the lower rank personnel and the higher ups (for some reason, the higher-ups were very interested on what the resignation procedure was...). A very common question was, of course, why I resigned. This requires a bit of explaining (I'll be quick, I promise):
In my country, being in the Navy (or any public sector) means you have a VERY stable job position; you can't be fired unless you do a colossal fuck-up. Reduced to non-existent productivity? No problem. This was one of the reasons for my resignation, actually.
However, this is also used as a deterrent to keep you in, this fear of lack of stability and certainty. And this is the reason why so many asked me why I left, and what was I going to do, how was I going to be sure about my job security.
I have a simple system. It can be abused, but if you are careful, it may do you and your sanity good.
It all begins with your worth, as an employee (I assume you want to go this way, for now). Your worth is determined by the supply of your produced work, versus the demand for it. I work as a network and security engineer. While network engineers are somewhat more common, security engineers are kind of a rarity, and the "network AND security engineer" thing combined those two paths. This makes the supply of my work (network and security work from the same employee) quite limited, but the demand, to my surprise, is actually high.
Of course, this is not something easy to achieve, to be in the superior bargaining position - usually it requires great effort and many, many sleepless nights. Anyway....
Finding a field that has more demand than there is supply is just one part of the equation. You must also keep up with everything (especially with the tech industry, that changes with every second). The same rules apply when deciding on how to develop your skills: develop skills that are in short supply, but high demand. Usually, such skills tend to be very difficult to learn and master, hence the short supply.
You probably got asleep by now.... WAKE UP THIS IS IMPORTANT!
Now, to job security: if you produce, say, 1000$ of work, then know this:
YOU WILL BE PAID LESS THAN THAT. That is how the company makes profit. However, to maximize YOUR profit, and to have a measure of job security, you have to make sure that the value of your produced work is high. This is done by:
- Producing more work by working harder (hard method)
- Producing more work by working smarter (smart method)
- Making your work more valuable by acquiring high demand - low supply skills (economics method)
The hard method is the simplest, but also the most precarious - I'd advise the other two. Now, if you manage to produce, say, 3000$ worth of work, you can demand for 2000$ (numbers are random).
And here is the thing: any serious company wants employees that produce much more than they cost. The company will strive to pay them with as low a salary as it can get away with - after all, a company seeks to maximize its profit. However, if you have high demand - low supply skills, which means that you are more expensive to be replaced than you are to be paid, then guess what? You have unlocked god mode: the company needs you more than you need the company. Don't get me wrong: this is not an excuse to be unprofessional or unreasonable. However, you can look your boss in the eye. Believe me, most people out there can't.
Even if your company fails, an employee with valuable skills that brings profit tends to be snatched very quickly. If a company fires profitable employees, unless it hires more profitable employees to replace them, it has entered the spiral of death and will go bankrupt with mathematical certainty. Also, said fired employees tend to be absorbed quickly; after all, they bring profit, and companies are all about making the most profit.
It was a long post, and somewhat incoherent - the coffee buzz is almost gone, and the coffee crash is almost upon me. I'd like to hear the insight of the veterans; I estimate that it will be beneficial for the people that start out in this industry.

My school just tried to hinder my revision for finals now. They've denied me access just today of SSHing into my home computer. Vim & a filesystem is soo much better than pen and paper.

So I went up to the sysadmin about this. His response: "We're not allowing it any more". That's it - no reason. Now let's just hope that the sysadmin was dumb enough to only block port 22, not my IP address, so I can just pick another port to expose at home. To be honest, I was surprised that he even knew what SSH was. I mean, sure, they're hired as sysadmins, so they should probably know that stuff, but the sysadmins in my school are fucking brain dead.

For one, they used to block Google, and every other HTTPS site on their WiFi network because of an invalid certificate. Now it's even more difficult to access google as you need to know the proxy settings.

They switched over to forcing me to remote desktop to access my files at home, instead of the old, faster, better shared web folder (Windows server 2012 please help).

But the worst of it includes apparently having no password on their SQL server, STORING FUCKING PASSWORDS IN PLAIN TEXT allowing someone to hijack my session, and just leaving a file unprotected with a shit load of people's names, parents, and home addresses. That's some super sketchy illegal shit.

So if you sysadmins happen to be reading this on devRant, INSTEAD OF WASTING YOUR FUCKING TIME BLOCKING MORE WEBSITES THAN THEIR ARE LIVING HUMANS, HOW ABOUT TRY UPPING YOUR SECURITY, PASSWORDS LIKE "", "", and "gryph0n" ARE SHIT - MAKE IT BETTER SO US STUDENTS CAN ACTUALLY BROWSE MORE FREELY - I THINK I WANT TO PASS, NOT HAVE EVERY OTHER THING BLOCKED.

Thankfully I'm leaving this school in 3 weeks after my last exam. Sure, I could stay on with this "highly reputable" school, but I don't want to be fucking lied to about computer studies, I don't want to have to workaround your shitty methods of blocking. As far as I can tell, half of the reputation is from cheating. The students and sysadmins shouldn't have to have an arms race between circumventing restrictions and blocking those circumventions. Just make your shit work for once.

**On second thought, actually keep it like that. Most of the people I see in the school are c***s anyway - they deserve to have half of everything they try to do censored. I won't be around to care soon.**

The IT head of my Client's company : You need to explain me what exactly you are doing in the backend and how the IOT devices are connected to the server. And the security protocol too.

Me : But it's already there in the design documents.

IT Head : I know, but I need more details as I need to give a presentation.

Me : (That's the point! You want me to be your teacher!) Okay. I will try.

IT Head : You have to.

Me : (Fuck you) Well, there are four separate servers - cache, db, socket and web. Each of the servers can be configured in a distributed way. You can put some load balancers and connect multiple servers of the same type to a particular load balancer. The database and cache servers need to replicated. The socket and http servers will subscribe to the cache server's updates. The IOT devices will be connected to the socket server via SSL and will publish the updates to a particular topic. The socket server will update the cache server and the http servers which are subscribed to that channel will receive the update notification. Then http server will forward the data to the web portals via web socket. The websockets will also work on SSL to provide security. The cache server also updates the database after a fixed interval.

This is how it works.

IT Head : Can you please give the presentation?

Me : (Fuck you asshole! Now die thinking about this architecture) Nope. I am really busy.

I think I ranted about this before but fuck it.

The love/hate relation I have with security in programming is funny. I am working as a cyber security engineer currently but I do loads of programming as well. Security is the most important factor for me while programming and I'd rather ship an application with less features than with more possibly vulnerable features.

But, sometimes I find it rather annoying when I want to write a new application (a web application where 90 percent of the application is the REST API), writing security checks takes up most of the time.

I'm working on a new (quick/fun) application right now and I've been at this for.... 3 hours I think and the first very simple functionality has finally been built, which took like 10 minutes. The rest of the 3 hours has been securing the application! And yes, I'm using a framework (my own) which has already loads of security features built-in but I need more and more specific security with this API.

Well, let's continue with securing this fucker!

Oh are you fucking kidding me?
Why the fuck do you need people to add you as a person who could view all my activities?

Why the fuck would I do so?
How does this help with network security

I might be wrong. In that case please correct me

Me : I should start building user authentication system.
inner self : there are enough free and secure ones out there, just go read the documentation.
Me : fuck I'm not reading 10000 pages of documentation written in alien language.
inner self : well then you better start building
Me : **writes code
Inner self : you better add the data validation and security while coding
Me : I just want it to work !
Me after a few days trying not to suicide : the site is hacked, the code is bugged, hello darkness my friend

So here's the story about a big Fuck up by a TRAI chief in India

He posted an open challenge on twitter:
"Here's my 12 digit Aadhar card (social security no for Indians) number. Show me if you can do any harm to me. "

And Twitter obliged, a French hacker aliased @fs0c131y (Elliot Alderson) took the challenge and he started posting his phone number, email, and other personal stuff on twitter.

Still the official thinks he's safe and no harm has been done to him! He openly says, "Even if you get my bank account no what can you do?"

10 years experience in DoD C4I enterprise hardware and software.
Looks at civilian job (requires A+)
Gets A+
Looks at civilian job (requires Network+)
Gets Network+
Looks at civilian job market (requires Security+)
Gets security+
Looks at civilian job market (requires CCNA)
Getting CCNA
Looks again at job market (requires CCNP)
Fuck...

Job interview "we don't think you have a strong enough background"

Looks back at my 5 million dollar military flying robotic server FML

So I'm back from vacation! It's my first day back, and I'm feeling refreshed and chipper, and motivated to get a bunch of things done quickly so I can slack off a bit later. It's a great plan.

First up: I need to finish up tiny thing from my previous ticket -- I had overlooked it in the description before. (I couldn't test this feature [push notifications] locally so I left it to QA to test while I was gone.)

It amounted to changing how we pull a due date out of the DB; some merchants use X, a couple use Y. Instead of hardcoding them, it would use a setting that admins can update on the fly.

Several methods deep, the current due date gets pulled indirectly from another class, so it's non-trivial to update; I start working through it.

But wait, if we're displaying a due date that differs from the date we're actually using internally, that's legit bad. So I investigate if I need to update the internals, too.

After awhile, I start to make lunch. I ask my boss if it's display-only (best case) and... no response. More investigating.

I start to make a late lunch. A wild sickness appears! Rush to bathroom; lose two turns.

I come back and get distracted by more investigating. I start to make an early dinner... and end up making dinner for my monster instead.

Boss responds, tells me it's just for display (yay!) and that we should use <macro resource feature> instead.

I talk to Mr. Product about which macros I should add; he doesn't respond.

I go back to making lunch-turn-dinner for myself; monster comes back and he's still hungry (as he never asks for more), so I make him dinner.

I check Slack again; Mr. Product still hasn't responded. I go back to making dinner.

Most of the way through cooking, I get a notification! Product says he's talking it through with my boss, who will update me on it. Okay fine. I finish making dinner and go eat.

No response from boss; I start looking through my next ticket.

No response from boss. I ping him and ask for an update, and he says "What are you talking about?" Apparently product never talked to bossmang =/ I ask him about the resources, and he says there's no need to create any more as the one I need already exists! Yay!

So my feature went from a large, complex refactor all the way down to a -1+2 diff. That's freaking amazing, and it only took the entire day!

I run the related specs, which take forever, then commit and push.

Push rejected; pull first! Fair, I have been gone for two weeks. I pull, and git complains about my .gitignore and some local changes. fine, whatever. Except I forgot I had my .gitignore ignored (skipped worktree). Finally figure that out, clean up my tree, and merge.

Time to run the specs again! Gems are out of date. Okay, I go run `bundle install` and ... Ruby is no longer installed? Turns out one of the changes was an upgrade to Ruby 2.5.8.

Alright, I run `rvm use ruby-2.5.8` and.... rvm: command not found. What. I inspect the errors from before and... ah! Someone's brain fell out and they installed rbenv instead of the expected rvm on my mac. Fine, time to figure it out. `rbenv which ruby`; error. `rbenv install --list`; skyscraper-long list that contains bloody everything EXCEPT 2.5.8! Literally 2.5 through 2.5.7 and then 2.6.0-dev. asjdfklasdjf

Then I remember before I left people on Slack made a big deal about upgrading Ruby, so I go looking. Dummy me forgot about the search feature for a painful ten minutes. :( Search found the upgrade instructions right away, ofc. I follow them, and... each step takes freaking forever. Meanwhile my children are having a yelling duet in the immediate background, punctuated with screams and banging toys on furniture.

Eventually (seriously like twenty-five minutes later) I make it through the list. I cd into my project directory and... I get an error message and I'm not in the project directory? what. Oh, it's a zsh thing. k, I work around that, and try to run my specs. Fail.

I need to update my gems; k. `bundle install` and... twenty minutes later... all done.

I go to run my specs and... RubyMine reports I'm using 2.5.4 instead of 2.5.8? That can't be right. `ruby --version` reports 2.5.8; `rbenv version` reports 2.5.8? Fuck it, I've fought with this long enough. Restarting fixes everything, right? So I restart. when my mac comes back to life, I try again; same issue. After fighting for another ten minutes, I find a version toggle in RubyMine's settings, and update it to 2.5.8. It indexes for five minutes. ugh.

Also! After the restart, this company-installed surveillance "security" runs and lags my computer to hell. Highest spec MacBook Pro and it takes 2-5 seconds just to switch between desktops!

I run specs again. Hey look! Missing dependency: no execjs. I can't run the specs.

Fuck. This. I'll just push and let the CI run specs for me.

I just don't care anymore. It's now 8pm and I've spent the past 11 hours on a -1+2 diff!

What a great first day back! Everything is just the way I left it.

Saw this security blunder a while ago. Went onto some site and it showed me this username/password dialog (probably an apache's htpasswd or nginx one). Went away but returned quickly because I noticed I could see all content. Then I thought 'why the fuck not try?' so I dragged the auth popup thingy to the side of the screen and et voila... I could interact with the page as if nothing was wrong while the authentication popup was hovering above the page on the right!

I sat there giggling dramatically for a while.

Google cripples ad and tracking blockers: In January, Chromium will switch to Manifest V3 which removes an essential API in favour of an inferior one. As usually, Google is being deceitful and touts security concerns as pretext.

That hits all Chromium based browser, such as my beloved Vivaldi. The team argues with their own browser internal blocker, but that's far worse than uBlock Origin. One of Vivaldi's core promises was privacy, and that will go out of the window. The team simply doesn't react to people pointing that out. They're fucked, and they know it.

So what now? Well, going back to Firefox because that will include the crippled new API for extension compatibility, but also keep the powerful old one specifically so that ad and tracking blockers will keep working. Google has just handed Mozilla a major unique selling point, and miraculously, Mozilla didn't fuck it up.

So at work with the Macs we use, we have some guy come in after hours to service the Macs, and that means the security risk of leaving our passwords on our desks.

Not being a fan of this I tell my boss, he knows it's a risk and despite that he doesn't want this guy coming in while we're here.

Though my main problem is the Mac guy Steve is arrogant and thinks he's a know it all, and with the software I have on the Mac may end up deleting something important, I have git repo and all but I feel off just letting someone touch my computer without me being there.

I tell my boss about the software and stuff he just says contact Steve and tell him about it, to ignore the software and such, I say alright, I write up an email telling him not to touch the software listed and the folders of software documents (again it's all backed up).

No reply, I tell my boss and he says call him, I call him and he hangs up on me on the second ring!

Not sure if he's busy, but I left him a message, asking if he got my email, no reply and it's coming close to the end of the day (going to service Macs in the weekend)

I'm just not going to leave my info because if this guy can't check emails or even get back to someone why should I bother with this bullshit of risking my work.

From all the info I hear about him and my previous rants he's an arrogant prick who loves Macs.

Can't wait to leave this company, pretty sure leaving my password on my desk is a breach of our own security policy, and since 8-9 people are doing it, it's a major risk.

But he's friends with the CEO so apparently it's fuck our own security policy.

I love it when a fellow "dev" asks about some interesting security topic (full disk encryption) and I'm like "yeah I use LUKS pretty much everywhere".. and then takes an entire arm when given a hand.

Performance in LUKS? Yeah sure you can benchmark it within cryptsetup. Here's how to do it and choose a good cipher for your CPU.

D: Oh also how do I check my battery life?
M (thinking): you lazy fucking piece of shit.
M: FUCKING GOOGLE IT
D: Obviously that means that you don't know it.
M (thinking): so not only lazy but also disgustingly ungrateful, fucking twat.
M: acpi. Next time fucking Google it.
D: You know what? Never mind.

As if I'm the one that's fucking wrong now!! But you know what, never mind indeed. Because you've successfully wasted my fucking time instead of fucking googling "check battery life Linux" like a sensible dev would.

Fellow "dev", if you're on devRant I hope you read this. You can seriously go fuck yourself.

At my previous job we had to complete an online security training exercise. It shows you how to behave secure in the work place, to not open unknown links etc. The scary part was that the entire training thing was BUILT IN FUCKING FLASH. So I'm suppose to listen to some god damn virus shitting flash application on how to do online security?! Get your shit together before teaching others.

OK< been a long time user of Unity.

Tried the latest update as I and others were enthusiastic about creating a joint project of gamers and developers.

As I was building up a started website and we were getting things with Unity ready...BOOM,. They Fuck up the installs.

Not just a minor thing here or there but not finding its own Fucking file locations where it installs shit. You try and say, Hey Unity you fucking twat, install here in this folder.

Boom again, it installs part of it there, and then continues installing shit everywhere else it wants to. Then the assholes at Unity give this Bullshit claim "the bug has been fixed."

Just reinstall.

Fuck you, its never that simple, You have to delete all sorts of fucking files to make sure conflicts from a previous corruption isn't just loaded on top of so it does not fuck up later.

So we did all that from programs, program data, program(x86), AppData Local, Local Low, and Roaming.

For added measure we manually removed all the crap from the registry folders (that was a pain but necessary), and then ran a cleaner to make sure all the left over shit was gone.

Thinking, OK you shit tech MoFo's we are clean and here we go.

HOLY SHIT BALLS, Its fucking worse with the LTS version it recommends and Slow as Fuck with their most recent version which is like 2020 itself, and insane piece of fucking bloated garbage and slower than a brick hard shit without fruit.

So we were going to all go post on the forums, and complain the fix section isn't fixed for shit.

Fuck us running backwards naked through a field of razor grass. Its so overloaded with complaints that they shut down further posts.

What makes this shit worse is we cannot even get the previous fucking versions of the editor before all this to work where our only option is without using the fucking Hub demand is just install 2018.

great if we started coding and testing in that. We cannot get shit where we were at back on track because you cannot fucking backward load an exported saved asset file.

Unity's suggestion? Start over.

Our Suggestion? Stop fucking smoking or using whatever fucking drug you assholes are on, you fucking disabled the gear options so we can resolve shit ourselves, and admit you did that shit and other sneaky piece of shit back stabby, security vulnerable data leak bullshit things to your end users.

Listen to your fucking experienced and long time users and get rid of the Fucking backward stepped hub piece of shit everyone with more brains than whatever piss ant pieces of shit praised that the rest of us have hated from day fucking one!

And while fixing this shit like it should be fucking fixed if you shit head bastards want to continue to exist as a fucking company, overhaul the fucking website or get the fuck out of business with now completely worthless SHIT.

Phew:
Suffice it to say....

We are now considering dealing with the learning curve and post pone our project going with unreal just because of these all around complete fuck ups that herald back to shit games of versions 3.0 and earlier.

My company just migrated our mail servers over to office365. My boss has been excited and could barely contain himself when the migration was done he was having the best day ever after he got a good deal on some new toys...Then I ruined it.

Me (setting up) > WTF!? um...well I guess I don't have email on my phone anymore. These permissions are fucked.
Him > Oh why?
Me > They are ridiculous, I won't give away this much control just to read email.
Him (panicking) > and if buy you a company phone?
Me > Not a fuck it's still a personal device. I'll just sandbox the web version.
Him > Your over reacting, they obviously need them for security blah blah...
Me (sends him the pic) > The minimum system requirement is internet.
(...silence...)

I feel kinda bad for killing his vibe - he's a nice guy and he's only trying to do right by us but now he seems down like his toy isn't shiny anymore because he respects me. I wasn't beating on the stack or his choice (mines running on thunderbird). I just can't support this trend of GOD mode permissions for email / calculator and other single feature apps. I'll use the web app instead. You have to draw the line somewhere...

On the other hand I can't deny that I'm loving the irony that Microsoft just made my life easier and have a deep sense of satisfaction that for the first time ever I got fuck up his Friday :/

Fucking IT and their self signed corporate proxy SSL bullshit getting in the way of anything that needs to verify SSL requests,
Fuck you for making my day a slow and miserable day and having to resort to forcing rest apis and SDKs to work over HTTP instead, all in the name of “Security”.

THE FUCK WHY did the company which made the website I'm maintaining now ADD CUSTOM FACEBOOK LIKES AND TWITTER FOLLOWER WIDGETS - IN A SUBDIRECTORY OF THE THEME?

Guess what, you motherfuckers: One year after you made that damn page the Facebook API changed and your stinking widget is broken REQUIRING ME TO REWRITE MOST OF IT!

Also WHO THE FUCK LEFT HIS BRAIN ON HIS BEDSIDE TABLE the day he decided to HARDCODE ASSETS WITH AN http:// (no tls) URL? YES, browsers will block that shift if the website itself is delivered over tls, because it's a GAPING SECURITY HOLE!

People who sells websites that have user management and thus request authentication without AT LEAST OFFERING FUCKING STANDARD TLS SHOUD BE TARRED AND FEATHERED AND THEN PUT IN A PILLORY IN FRONT OF @ALEXDELARGE'S HOUSE!

Maybe I should be a bit more thankful - I mean I get payed to fix their incompetence. But what kind of doctor is thankful for the broken bones of his patient?

Every time I got a mandatory security question, I type in "go fuck yourself with a cactus". There's only one answer for all of them.

😡😡😡 Who here thinks that great software can be build in a few hours?!?! My silly ass boss does. He haven't programmed in decades and think we're supposed to be able to build software that doesn't break, has the best security, no flaws, feature rich in VERY, VERY short amount of time!! 😡😡😡 Fuck out of here!! It pisses me off to my core.

Me: Just finished the required software. In a short amount of time with new stuff I've never worked with before.

Him: Well, it took u a week to do. I heard it should've only have taken u a few hours.

Then u build the shit then!!! Fuck out of here.

The Sr. Dev and I was talking about this on Friday. U won't good product...leave us the fuck alone and let us work!!! He don't think that there will be small issues that come up. He thinks we're supposed to already know those issues are gonna exists, like really u fuck tart!?

FUUUUUUCK!!!!

A friend of mine got an account hacked on Crunchyroll. Whenever he tried to login, the website told him that no account with his email existed. As I had two accounts, I tried something real quick. I logged in to the account I'm not using and tried to change the email address to a 10 minute mail. I logged into my own email account patiently waiting for a confirmation email. After 10 minutes I still hadn't received it. So I checked the 10 minute mail, and there it was. I can't describe how furious I got with Crunchyroll at that point. Are you for real? It's that easy? Fucking idiots. I hope the guy responsible for that system dies in a fire with a thousand rubber penises up his ass!

some people are fucking idiots.

i remember one time - i made a website which ended up having a slightly major security flaw.

the big isnt the point though. this guy told me to just "write secure code."

i consequently told him, "how about you go fuck yourself?"

well, he was a painter, so i then told him "maybe you should fucking draw better," and promptly left.

well, here i present what that would be like if other people were told shit like that.

depressed person - "just be happy"

teacher - "just make your students smarter"

homosexual - "just like the opposite sex"

presidential candidate - "just win the election"

homeless person - "just get a house"

idiot - "just stop being my client" (sorry had to vent)

well you get the idea.

devs should be treated as functioning members of society.

Got asked into a meeting to give my opinions on the security about software that might be used to implement a web app.

After 20 minutes of listening to bullshit that wasn't even my concern they got into databases and I was constantly talked down, by people who know shit about tech, about the professional use of PostgreSQL and they only did shut the fuck up when I compared their "important business" to Facebook using MySQL.

Come on... Stop talking down about shit you know nothing about.

I """""accidentally"""'" found some security holes in my school's Windows public computer setup.

Every student and teacher has a personal Active Directory, obviously they should be able to only see their own right?
oh wait the directory up button in explorer shows me all of them and I have r/w access to teacher and student ADs.

That's cool.

Also, the command prompt, Run prompt ad Explorer path bar are disabled...

...but batch scripts work.

Sweet.

Surely I can't do something dumb like--- oh, regedit's blocked but not the reg command.

They use the-- WHY IS GPEDIT NOT BLOCKED

Well what the fuck.

(All of this was responsibly handled by emailing the tech department. They have an email just for this! ...got a bounceback "this person is no longer employed at XYZ School.")

Google has a password reset procedure so intense, that even if I can sign into my recovery account and give them the code from there, use 2 factor auth and give them the code from there, tell them my recovery phone(s) number(s), give them my mother's father's mother's late cousin twice removed daughter's maiden name, and whatever other security measures were set in place, I can't get a fucking password reset. Thanks Google, fuck you.

Officially starting the transition from dual boot win10 to entirely Linux. REJOICE

This isn’t gonna be a random because I do eventually get to a Tech and YouTube related topic.

YouTube is actually killing itself with all of the dumbass rules they’re implementing. Trying to child proof or limit educational content is genuinely a shit policy. The reason so many gaming channels are switching to twitch because it doesn’t try to censor you.

But now I don’t know if you’ve heard but YouTube updated their guidelines and they’re no longer allowing content that teaches people about Hacking essentially (and I hate putting it like that but I can’t remember the exact words they used Hacking just summarizes it) which is fucking ridiculous like what the fuck else, are they gonna stop allowing lock picking videos?

YouTube has always been an amazing FREE resource for people learning Programming, Cyber Security, IT related fields, and even shit like lock picking, cooking, car stuff, and all that stuff. Even sometimes when the tutorials aren’t as detailed or helpful to me they might be exactly what someone else needed. And Cyber Security can be a difficult topic to learn for free. It’s not impossible far from it, but YouTube being there was always great. And to think that a lot of those could be taken down and all of the Security based channels could either lose all revenue or just be terminated is terrifying for everyone but more so them.

A lot of people and schools rely on YouTube for education and to learn from. It’s not like YouTube is the only resource and I understand they don’t want to be liable for teaching people that use these skills for malicious purposes but script kiddies and malicious people can easily get the same knowledge. Or pay someone to give them what they want. But that’s unfair to the people that don’t use the information maliciously.

It’s the same for the channels of different topics can’t even swear and it’s ridiculous there’s so many better options than just banning it. Like FUCK kids nowadays hear swearing from their older siblings, parents, friends, and TV it’s inevitable whether someone swears or not and YouTube is not our parents, they aren’t CBS, so stop child proofing the fucking site and let us learn. Fuck.

TLDR YouTube is banning educational hacking videos and are being retarded with rules in general

Flash has made Java programs look desirable. And anyone keeping up with me knows I despise Java and C#, despite having written C# and currently working on deciphering a Java server to create documentation.

Before I begin, I want to make this clear: IT IS TWO THOUSAND AND FUCKING EIGHTEEN. 2018. WE HAVE BETTER TECH. JAVASCRIPT HAS TAKEN OVER THIS BITCH. So, firstly, FUCK FLASH. Seriously, that shit's a security liability. If you work for a company that uses it, find a new job and then fucking quit, or go mutany and get several devs to begin a JS-based implementation that has the same functionality. There is no excuse. "I'm fired?" That's not an excuse - if there is a way to stop the madness, then fucking hit the brakes on that shit or begin job hunting. Oh, and all you PMs who are reading this and have mandated or helped someone else to mandate work on an enterprise flash program, FUCK YOU. You are part of the problem.

The reason for this outburst seems unreasonable until you realize the hell I went through today. At my University, there is a basic entry-level psychology course I'm taking. Pearson, a company I already fucking hate for some of the ethically sketchy shit they pulled with PARCC as well as overreach in publishing to the point they produce state tests here in the US - has a product called "My PsychLab" and from here on out, I'm referring to it as MPL. MPL has an issue - it is entirely fucking Flash. Homework assignments, the textbook, FUCKING EVERYTHING. So, because of that, you need to waste time finding a browser that works. Now let me remind all of you that just because something SHOULD WORK does NOT mean that it actually does.

I'm sitting on my Antergos box a few days ago: Chromium and Firefox won't load Flash. I don't know why, and don't care to find out. NPAPI and whatnot are deprecated but should still run in a limited mode or some shit. No go on Antergos.

So, today I went to the lab in the desolated basement of an old building which is where it's usually empty except a student hired by the university to make sure nobody fucks things up. I decided - because y'all know I fuckin' hate this - to try Windows. No go in Chrome still - it loaded Flash but couldn't download the content. So I tried Firefox - which worked. My hopes were up, but not too long - because there was no way to input. The window had buttons and shit - but they were COMPLETELY UNRESPONSIVE.

So the homework is also Flash-based. It's all due by 1/31/18 - FOUR CHAPTERS AND THE ACCOMPANYING HOMEWORK - which I believe is Tuesday, and the University bookstore is closed both Saturday and Sunday. No way to get a physical copy of the book. And I have other classes - this isn't the only one.

Also, the copyright on the program was 2017 - so whoever modded or maintained that Flash code - FUCK YOU AND THE IRRESPONSIBLE SHIT YOUR TEAM PULLED. FUCK THE SUPERIORS MAKING DECISIONS AS WELL. Yeah, you guys have deadlines? So do the end users, and when you have to jump through hoops only to realize you're fucked? That's a failure of management and a failure of a product.

How many people are gonna hate me for this? Haters gonna hate, and I'm past the point of caring.

Manager: You want a promotion? To senior? Ha. Well, build this web app from scratch, quickly, while still doing all your other duties, and maybe someone will notice and maybe they’ll think about giving you a promotion! It’ll give you great visibility within the company.

Your first project is adding SSO using this third party. It should take you a week.

Third party implementation details: extremely verbose, and assumes that you know how it works already and have most of it set up. 👌🏻

Alternative: missing half the details, and vastly different implementation from the above

Alternative: missing 80%; a patch for an unknown version of some other implementation, also vastly different.

FFS.
Okay, I roll my own auth, but need creds and a remote account added with the redirects and such, and ask security. “I’m building a new rails app and need to set up an SSO integration to allow employees to log in. I need <details> from <service>.” etc. easy request; what could go wrong?

Security: what’s a SSO integration do you need to log in maybe you don’t remember your email I can help you with that but what’s an integration what’s a client do you mean a merchant why do merchants need this

Security: oh are you talking about an integration I got confused because you said not SSO earlier let me do that for you I’ve never done it before hang on is this a web app

Security: okay I made the SSO app here you go let me share it hang on <sends …SSL certificate authority?>

Boss: so what’s taking so long? You should be about done now that you’ve had a day and a half to work on this.

Abajdgakshdg.

Fucking room temperature IQ “enterprise security admin.”
Fucking overworked.
Fucking overstressed.

I threw my work laptop across the room and stepped on it on my way out the door.
Fuck this shit.

Boss: We need to disable CSRF and any other form of security, because that shitty, insignificant client has a website that is abomination anyone's eyes, can't pay because of the iframe thingy.

Me: I'd advice against it. This is a significant security issue that just screams to be exploited and there has to be a solution, but idk much about this situation.

Boss: Idk we need to kiss every clients ass till they come. Remove all the security

Me: *Just wants to get home, last one in the office besides the boss* fine
*removes it, deploys and gets the fuck home*

...2 weeks later

Payment gateway: Yeah, we blocked your account, because someone was trying to purchase 30k product in a span of 1h

I'm not even mad about that, but rather about the fact I fucking called it.

* Achievement unlocked: Targeted by scammers

P.s. no major damages, cause the guys from the payment gate understand shit about security.

So... did I mention I sometimes hate banks?

But I'll start at the beginning.

In the beginning, the big bang created the universe and evolution created humans, penguins, polar bea... oh well, fuck it, a couple million years fast forward...

Your trusted, local flightless bird walks into a bank to open an account. This, on its own, was a mistake, but opening an online bank account as a minor (which I was before I turned 18, because that was how things worked) was not that easy at the time.

So, yours truly of course signs a contract, binding me to follow the BSI Grundschutz (A basic security standard in Germany, it's not a law, but part of some contracts. It contains basic security advice like "don't run unknown software, install antivirus/firewall, use strong passwords", so it's just a basic prototype for a security policy).

The copy provided with my contract states a minimum password length of 8 (somewhat reasonable if you don't limit yourself to alphanumeric, include the entire UTF 8 standard and so on).

The bank's online banking password length is limited to 5 characters. So... fuck the contract, huh?

Calling support, they claimed that it is a "technical neccessity" (I never state my job when calling a support line. The more skilled people on the other hand notice it sooner or later, the others - why bother telling them) and that it is "stored encrypted". Why they use a nonstandard way of storing and encrypting it and making it that easy to brute-force it... no idea.

However, after three login attempts, the account is blocked, so a brute force attack turns into a DOS attack.

And since the only way to unblock it is to physically appear in a branch, you just would need to hit a couple thousand accounts in a neighbourhood (not a lot if you use bots and know a thing or two about the syntax of IBAN numbers) and fill up all the branches with lots of potential hostages for your planned heist or terrorist attack. Quite useful.

So, after getting nowhere with the support - After suggesting to change my username to something cryptic and insisting that their homegrown, 2FA would prevent attacks. Unless someone would login (which worked without 2FA because the 2FA only is used when moving money), report the card missing, request a new one to a different address and log in with that. Which, you know, is quite likely to happen and be blamed on the customer.

So... I went to cancel my account there - seeing as I could not fulfill my contract as a customer. I've signed to use a minimum password length of 8. I can only use a password length of 5.

Contract void. Sometimes, I love dealing with idiots.

And these people are in charge of billions of money, stock and assets. I think I'll move to... idk, Antarctica?

Fuck your clients, right...? A small town bank I’m doing some security work for; I had them create me a test account. I received an email with my password; are you fucking serious...?

The best fucking commenter ever hahahahahahahaha

my mum just sent me a picture of her and my long time no see cousin from US over WhatsApp. Short time after that, Facebook sent me a friend proposal of a girl from US I don't know - obviously it was my cousins girlfriend because she had a profile picture with him. My cousin doesn't have Facebook.

WTF?!

so what Facebook did must have been some face analysis of the picture my mum sent me over WhatsApp and compared my cousins face with profile pictures from friends of my friends to send me the proposal I got.

this is so fucking scary! I immediately thought of @linuxxx security blog and how my usage of such software affects the privacy of others besides me being transparent as fuck.

Definitely have to rethink my software choices and app/online behaviour!

Time for a REAL fucking rant.

io_uring manpages say you can set the CAP_SYS_NICE capability to allow SQPOLL to work. You can't, you still get an operation not permitted errno result.

Why? I checked, it says 5.10 mainline is required. Pretty sure I just manually downloaded and installed the Deb's myself. uname reports that I am at 5.10. So what gives?

Maintainer submitted a patch because they fucked up and made the *actual* capability check look for what's basically root permissions (CAP_SYS_ADMIN... c'mon...) and is now trying to rectify a glaring security shortcoming.

Patch hasn't been accepted or even addressed yet but they already updated the manpages with the estimated mainline kernel release as if it had made it into the release candidate. Manpages have made it into latest debs but the actual change has not.

Where the fuck is the Linus Torvalds that would ream the fuck out of shitty developers doing shitty things? The political correctness climate has discouraged such criticism now and the result... this. This fucking mess, where people are allowed to cut corners and get away with it because it would hurt their feelings when faced with pressure.

I'm not just guessing either. The maintainer has already said some of the "tone" of criticisms hurt his feelings. Yes, sorry, but when you claim 90% speedup over a typical epoll application using your new magical set of syscalls, and nobody can even get 1-2% speedup on a similar machine, people are going to be fucking skeptical. Then when you lower it to 60% because you originally omitted a bunch of SECURITY RELATED AND CORRECTNESS CHECKING CODE, we're going to call you the fuck out for fudging numbers.

Trying to maintain the equivalent of academic integrity within the computer science field is an exercise of insanity. You'd be fired and shunned from publishing in journals if you pulled that shit in ANY OTHER FUCKING FIELD, but because the CS scene is all about jerking each other off at every corner because the mean people keep saying mean things on Twitter and it hurts your feelings therefore we're all allowed to contribute subpar work and be protected from criticisms when others realize it's subpar.

These aren't mistakes anymore, it's clear you're just trying to farm clout at Facebook - maybe even FOR Facebook.

Fuck you. Do it right, the first time. Sick of shitty code being OK all of a sudden.

Me: We need to allow the team in the newly acquired subsidiary to access our docker image repositories.
Sec Guy: Why?
Me: So they can run our very expensive AI models that we have prepared onto container images.
Sec Guy: There is a ban on sharing cloud resources with the acquired companies.
Me: So how we're supposed to share artifacts?!?
Sec Guy: Can't you just email them the docker files?
Me: Those images contain expensively trained AI models. You can't rebuild it from the docker files.
Sec Guy: Can't you email the images themselves?
Me: Those are a few gigabytes each. Won't fit in an email and won't even fit the Google drive / onedrive / Dropbox single file size limit.
Sec Guy: Can't you store them in a object storage like S3/GCS/Azure storage?
Me: Sure
Proceed to do that.
Can't give access to the storage for shit.
Call the sec guy
Me: I need to share this cloud storage directory.
Sec Guy (with aparent amnesia): Why?
Me: I just told you! So they can access our AI docker images!
Sec Guy: There is a ban on sharing cloud resources with the acquired companies.
Me: Goes insane

Is there a law or something that you must attempt several alternative methods before the sec people will realize that they are the problem?!?! I mean, frankly, one can get an executable artifact by fucking email and run it but can't pull it from a private docker registry? Why the fuck would their call it "security"?

The Cloud Of Bullshit

Every day I wake, and I think of my one true mission in life. To mock and ridicule paint huffing idiots. Something recently that drew my ire, like the hemorrhoids on my ass is this idea of 'the cloud', THE CLOUD and the buzzword lingo-bingo bullshit that providers use to hype and sell it.

For example, airtable is an amazing service. I love that I can insert just about anything into a row, create any of my own row datatypes, that it's flexible as all hell.

I love it.

And I hate that I'm essentially locked in to the cloud.
I fucking hate how if my internet goes down (thanks you pie eating inbred dipshits at comcast) I have no access.
If the company is bought, they'll shut down like all the rest , to be "relaunched at a later time" (or never).
I hate that if the company doesn't make enough money, or it's investors change their mind, woopsie, service is shut down.
I hate that the cloud is synonymous with massive data leaks and IOT-levels of stupidity in security practices.

Every time someone says "but its in the cloud! Isn't it amazing!"

I always think 1. YEAH IF IM AN INVESTOR I GET TO MILK LOW BROW FINGER PAINTING FUCKWITS EVERY MONTH like Adobe sucking the blood from infants who are still in college.

2. Why? So I can get locked into their platform, have them segment off previously free features (fucking youtube and the 'subscribe so you can continue playing audio with your screen off' bullshit), and then have fees increase month over month?

3. Why, so every four years during the presidential selection, if I piss off some fuckstick braindead lemming literally sucking his girlfriends BFs cock, they can potentially shut me out from my own data completely?

The Cloud is built on shit-colored hype sold to knob gobbling idiots, controlling idiots, profiting at the expense of idiots, and later fucking them for buyout payola. The Cloud is a Cloud of Bullshit shat out by huckster messiahs straight into the lapping mouths of fanatics worshiping slavishly like toilet drinking scum at the porcelain alter of a neon god, invisible, untouchable, and like a spigot, easily shut off without anyone noticing. And when it happens, I'll be there, shouting "WHERE IS YOUR CLOUD NOW?"

Native any day. 100% native or I don't fucking want it
None of this node.js-gone-native bullshit either with notetaking apps taking up hundreds of megabytes of ram, where everything is bootstrap or react, in a browser, in a window container, because people are so fucking incompetent we have to hold their hand WHILE they give themselves a reach around.

Native or nothing.

For my favorite notetaking app, I use Microsoft OneNote. "OH god, a heathen, quick, stick his body up on a stake!"

But hear me out. I'll be the first one in a crowd to kick bill gates in the nuts (not because I particularly hate microsoft, just because I think hes kind of a cunt).

So when I say onenote is good, I really fucking mean it. Sure they did some cunty things like 'dumbed down' the interface, and cut out some options. But you know what they can't do?
Shut down the damn service (short of a system update completely removing the whole app, which, frankly, wouldn't surprise me).

It's so god damn good it waxed my balls, cured my cancer, fixed my relationship with my father, found my long lost brother, and replaced ALL my irl notebooks.

It's so good that if it was cocaine I'd be hospitalized for overusing it.

So god damn good it didn't just replace all my notebooks, it even replaced and sped up my mockup process three to five times. Want layers?

Built in. Just drag an image on to the notebook to import instantly.

Want to rearrange layers? Right click select "send forward/back/bring to front/send to back".

Everything snaps to grid by default and is easily resizeable.

I had all the elements for a UI sliced and diced. Wanted to try a bunch of layouts. Was gonna take me two damn days.

Did it in three hours with the notebook features of onenote.

After I started using onenote, me and my bodypillow finally conceived even.

Sweet marries mammaries I just fucking jizzed. Thank you onenote.

P.s. It really did speed up my UI design, allows annotated images, highlighted text. Shit, it can even do kanban.

And all I can think is "good job microsoft making an awesome product for free, being dumb as fuck for not charging for it, and then not marketing it at ALL."

It was sheer fucking luck that I discovered it while was I was looking for vendor STD bloatware to blast off my new install.

OneNote: Worth a try even for the kick-gates-in-the-nuts fan club.

The cloud can suck my balls.

I absolutely hate my math class....

But... what's this!!!? You're using an old ass website that uses a JSON API to send my lesson scores to my school's grading website?

Well damn... wouldn't it be a shame if someone were to somehow tap into that API and override the grades for each assignment?

After a few weeks of being insanely busy, I decided to log onto Steam and maybe relax with a few people and play some games. I enjoy playing a few sandbox games and do freelance development for those games (Anywhere from a simple script to a full on server setup) on the side. It just so happened that I had an 'urgent' request from one of my old staff member from an old community I use to own. This staff member decided to run his own community after I sold mine off since I didn't have the passion anymore to deal with the community on a daily basis.

O: Owner (Former staff member/friend)
D: Other Dev

O: Hey, I need urgent help man! Got a few things developed for my server, and now the server won't stay stable and crashes randomly. I really need help, my developer can't figure it out.
Me: Uhm, sure. Just remember, if it's small I'll do it for free since you're an old friend, but if it's a bigger issue or needs a full recode or whatever, you're gonna have to pay. Another option is, I tell you what's wrong and you can have your developer fix it.
O: Sounds good, I'll give you owner access to everything so you can check it out.
Me: Sounds good

*An hour passes by*

O: Sorry it took so long, had to deal with some crap. *Insert credentials, etc*
Me: Ok, give me a few minutes to do some basic tests. What was that new feature or whatever you added?
O: *Explains long feature, and where it's located*
Me: *Begins to review the files* *Internal rage wondering what fucking developer could code such trash* *Tests a few methods, and watches CPU/RAM and an internal graph for usage*
Me: Who coded this module?
O: My developer.
Me: *Calm tone, with a mix of some anger* So, you know what, I'm just gonna do some simple math for ya. You're running 33 ticks a second for the server, with an average of about 40ish players. 33x60 = 1980 cycles a minute, now lets times that by the 40 players on average, you have 79,200 cycles per minute or nearly 4.8 fucking cycles an hour (If you maxed the server at 64 players, it's going to run an amazing fucking 7.6 million cycles an hour, like holy fuck). You're also running a MySQLite query every cycle while transferring useless data to the server, you're clusterfucking the server and overloading it for no fucking reason and that's why you're crashing it. Another question, who the fuck wrote the security of this? I can literally send commands to the server with this insecure method and delete all of your files... If you actually want your fucking server stable and secure, I'm gonna have to recode this entire module to reduce your developer's clusterfuck of 4.8 million cycles to about 400 every hour... it's gonna be $50.
D: *Angered* You're wrong, this is the best way to do it, I did stress testing! *Insert other defensive comments* You're just a shitty developer (This one got me)
Me: *Calm* You're calling me a shitty developer? You're the person that doesn't understand a timer, I get that you're new to this world, but reading the wiki or even using the game's forums would've ripped this code to shreds and you to shreds. You're not even a developer, cause most of this is so disorganized it looks like you copy and pasted it. *Get's angered here and starts some light screaming* You're wasting CPU usage, the game can't use more than 1 physical core, and after a quick test, you're stupid 'amazing' module is using about 40% of the CPU. You need to fucking realize the 40ish average players, use less than this... THEY SHOULD BE MORE INTENSIVE THAN YOUR CODE, NOT THE OPPOSITE.
O: Hey don't be rude to Venom, he's an amazing coder. You're still new, you don't know as much as him. Ok, I'll pay you the money to get it recoded.
Me: Sounds good. *Angered tone* Also you developer boy, learn to listen to feedback and maybe learn to improve your shitty code. Cause you'll never go anywhere if you don't even understand who bad this garbage is, and that you can't even use the fucking wiki for this game. The only fucking way you're gonna improve is to use some of my suggestions.
D: *Leaves call without saying anything*

TL;DR: Shitty developer ran some shitty XP system code for a game nearly 4.8 million times an hour (average) or just above 7.6 million times an hour (if maxed), plus running MySQLite when it could've been done within about like 400 an hour at max. Tried calling me a shitty developer, and got sorta yelled at while I was trying to keep calm.

Still pissed he tried calling me a shitty developer...

"I found this tool that we should use because I'm a manager and its simple enough that my tiny little manager brain could set it up!"

Oh wow good for you, Mr. Manager! And what, praytell, does the tool require?

"All proprietary and cost-ineffecient products: MSSQL Server and Windows IIS! What do you mean we have to get the data out in order for it to be scalable? Look at it! I set up a website by clicking on an EXE i downloaded from github!"

Amazing, Mr. Manager. So you violated our security practices AND want to pocket even MORE of our budget?

Kindly fuck right off and start suggesting things instead of making people embarrass you into stoping your fight for your tool (has happened on more than one occassion).

Hey Citrix:

FUCK YOU.

Learn to make an accessible log in page you fucks.

Maybe instead of vague fucking "you're user name and password is wrong" say things like "your account is locked because we somehow decided we don't like your password anymore. . . . without telling you"

Fucking 2 hours of my day wasted trying to log into my company's VM because first it wouldn't take my password (that I've had for over a month and doesn't expire for another month) over and over again. I changed it, logged in. Got up to do something that'd take less than 5 minutes. And OF COURSE the people who set up the VM made them log you out if you're gone for more than 3 minutes (fuck that guy too). Come back to a log in screen and it won't accept my new password.

Change it again. Except this time it won't accept my new password because it's "like my old password." It is in that it uses the alphabet and numbers, but it's also different in that those alphanumeric characters are LITERALLY DIFFERENT IN EVERY PLACE. I finally get it to accept a new password.

I'm also loving the whole "answer these security questions that literally anyone who does minimal research on you can answer" before I get to change my password. Yeah. Because finding my mother's maiden name or the city I was born in is so fucking hard. Literally impossible to find out what my Dad's dad's name is. Shit like that isn't publically available. Nope. Why the fuck are we still using "security" questions?

I log into Citrix again. And it takes me to . . . the log in for Citrix.

There is no word in elvish, entish or the tongues of men for this stupidity.

Fuck Citrix. Fuck the people behind the password manager (Aviator or something like that), and fuck whatever administrator setting turns my computer off due to inactivity in such a stupid short amount of time. 10 minutes, 15 minutes, that'd be fine. But it's more like 3 or 5, like wtf.

This is not fucking security, it's obscurity! What the fuck is a memorable word without any context! It drives me up the fucking wall. This doesnt help anyone it just promotes people to put silly shit like password or something so they won't forget but it just makes their account weaker.

I really like my current job.

I work as an analyst developer looking after and sorting out people's old tech debt.

Once that's stable I get pretty free reign to do what I want.

It allows me to stretch from dev into graphic design, security, architecture and training on a very regular basis.

It allows me to keep an eye on tech trends, research and develop ideas using the latest shiny things.

Oh and if I say I need a thing, I can usually get it purchased.

All of the above comes with the "as long as it's for the benefit of the company" disclaimer, but when your direct managers see an IDE and think "okay he's working" the lines get a little blurry.

They keep asking me about my career goals and if I want to manage or move around. Fuck that noise, all of that noise.

Do wut I wawnt.

Fuck you Intel.
Fucking admit that you're Hardware has a problem!

"Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data"

With Meltdown one process can fucking read everything that is in memory. Every password and every other sensible bit. Of course you can't change sensible data directly. You have to use the sensible data you gathered... Big fucking difference you dumb shits.

Meltown occurs because of hardware implemented speculative execution.
The solution is to fucking separate kernel- and user-adress space.
And you're saying that your hardware works how it should.
Shame on you.

I'm not saying that I don't tolerate mistakes like this. Shit happens.
But not having the balls to admit that it is because of the hardware makes me fucking angry.

I think I want to quit.

I know it’s a bit of an inconvenient time with there being corona around but everything was okay up till January. I’m a junior even though I shouldn’t be. Since my manager told me and my team leader senior in my review “maybe you two should switch jobs” things have been going downhill. I think the team lead had it out for me and didn’t put me on a new project, I’ve been left with doing stupid basic shit like updating text on websites in a cms and doing fuck all and then there’s also another guy that was basically harassing me trying to put me in my place any time I was doing better than him and literally both of them been like that ... and now that I’m working from home it’s even worse. I don’t have any kind of assurance that everything okay and actually I think I’m being framed as welll since I found keyloggers on my work laptop and deleted cleaned shit up the past two weeks and changed my WiFi security as there were like 5 unknown devices on our network so yeah .. I’ve been framed and they made it out like I put a powershell script on one of the servers and it crashed a Porsche website for 8 h and all kinds of bullshit - this was yday. On Tuesday they logged me out of everything like changed the password for work vpn and kicked me out of slack and Microsoft teams for over 2 hours till the end of shift and two managers weren’t answering their phone and then next day my manager called and apologised that saying that he “accidentally” did that to me along with 15 people they let go from the company....

I’m seriously thinking of quitting being removed from team group for a moment , not being on a project and people literally trying to put me down after I know I’m genuinely smarter than them and if I had over 10 years experience like those on my team (I have 1) I’d be far higher up and better

They can genuinely just go fuck themseves !!!! And here I was going to work over weekend on something! No fucking way I just wanna quit or give in my notice but because of corona I’m divided

I think I finally found a reason to have a phone with 8GB of RAM.
So that when TWRP craps out on data decryption and decides not even to ask for a password, at least I can push a whole fucking ROM into RAM to unfuck the phone. Because why not?! Why on Earth would software work properly when you can just throw more hardware at it?

Long live FBE, TWRP what craps out on it, and you remember those things.. SD cards for data storage? I could've used an unencrypted SD card so fucking badly right now, you know... Long live soldered in storage that's encrypted, "for security". Except for when the person who owns said data actually wants to use the bloody data.

FUCK!

I wanna make you feel what you have brought into my house!!

I was working with security cameras once in a home automation project. One of those camera particularly stand out by offering a cgi without password request to view and change the current passwort and username.

Seriously wtf is wrong with you? I mean this thing automatically connects to an internet service offering everyone to connect to it with that passwort and username. And I know some of you might say "hey chill the cgi is only available on the wifi" - dammit no. Security is a lifestyle do it complete or get the fuck out. God knows what other mistakes there might be hidden in that thing screaming out to everyone to watch me taking a shit.

But that's not the end of it. My company arranged a call to the technical support of that camera so that I can explain the problem and a patch gets released. Those guys didn't give a shit about it and were even laughing at me. Fuck you!

So whoever is responsible - I will find you - and you will never see me coming.

I submitted a security report some days ago.

It is well written, it explains what is happening and what is the impact providing an example. I give some advice about how to handle this situation, it's about concurrency issues and it's pretty tricky to debug.

Answer from the reviewer:
"Please, can you tell me what are the implications?"

...
...

FUCK.
IT'S LITERALLY FUCKING WRITTEN,
CAN U EVEN READ IT?
THERE ARE PICTURES DESCRIBING THE ISSUE, I EVEN ATTACHED A FILE YOU CAN USE TO DEBUG.

...

This is the last time I report vulnerabilities.

I am tired of my idiot ‘friends’ asking me if I can hack Facebook Instagram etc. because some other idiot made them mad. Like fuck no. 1 it’s unethical as hell 2 it’s illegal I don’t want to go to jail. 3 I’m learning cyber security NOT hack stuff because someone hurt your useless feelings.

Ohhh and they always get pissed off when I explain everything wrong with their idiotic request

Alright lads here is the thing, have not been posting anything other than replies to things cuz I have been busy being miserable at school and dealing with work stuff.

Our manager left us back in February. Because she was leaving I decided that I wanted to try a different path and went on to become a programmer analyst for my institution, if anything I knew that it was going to be pretty boring work, but it came with nice monetary compensation and a foot in the door for other data science related jobs in the future. Thing is, the department head asked me to stay in the web technologies department because we had a lack of people there and hiring is hard as shit, we do not do remote jobs since our work usually requires a level of discretion and security. Thus I have been working in the web tech department since she left albeit with a different title since I aced the interview for the analyst position and the team there were more than happy to have me. I have done very few things for them, some reports here and there and mostly working directly with the DBA in some projects. One migration project would have costed my institution a total of 58k and we managed to save the cost by building the migration software ourselves.....honestly it was a fucking cake walk, if you had any doubts about the shaddyness of enterprise level applications regarding selling overpriced shit with different levels of complexity, keep them, enterprise is shaddy af indeed. But I digress.

I wrote the specification for the manager position along the previous manager, we had decided that the next candidate needed to be strong with development knowledge as well as other things as to properly understand and manage a software team, we made the academic requirement(fuck you, yes we did ask for academic requirements) to be either in the Computer Science/software engineering area or at least on the Business Administration side. We were willing to consider BA holders in exchange for having knowledge of the development process of different products and a complete understanding of what developers go through. NOT ONE SINGLE motherfucker was able to satisfy this, some of them were idiots that I knew from before that had ABSOLUTELY no business even considering applying to the position, the courage it took for some of these assholes to apply would have hurt their mothers, their God if they had one, and their country, they were just that fucking bad in their jobs as well as being overall shit people.

Then we had 1 candidate actually fall through the cracks enough to get an interview. My dude here was lying out of his ass through the interview process. According to him he had "lots of Laravel experience and experience managing Laravel projects" and mentioned repeatedly how it would be a technology that we should consider for our products. I was to interview him alongside the vice president of our institution due to the head of my department and the rest of the managers for I.T being on vacation leave all at the same bloody time.

Backstory before the interview:
Whilst I was going over the interview questions with the vice president literally offered me the job instead. I replied with honesty, reflecting how I did not originally wanted him but feeling that our institution was ready to settle on any candidate due to the lack of potentials. He was happy to do it since apparently both him and the HOD were expecting me to step up sooner or later. I was floored.

Regardless, out of kindness he wanted to go through the interview.
So, going back to the interview. As soon as the person in question referenced the framework I started to ask him about it, just simple questions, the first was "what are your thoughts on the Eloquent ORM? I am not too fond of it and want to know what you as a full time laravel dev think of it"
his reply: "I am sorry I am not too familiar with it, I don't know what that is" <--- I appreciated his honesty in this but thought it funny that someone would say that he was a Laravel developer whilst not knowing what an ORM was since you can't really get away from using it on the initial stages of learning about Laravel, maybe if one wanted to go through the hurdle of switching to something like doctrine...but even then, it was....odd.

So I met with the hod when he came back, he was stoked at the prospect of having me become the manager and I happily accepted the position. It will be hell, but I don't even need to hit the ground running since I have been the face of the department since ages. My team were ecstatic about it since we are all close friends and they have been following my directions without complaints(but the ocational eat a dick puto) for some time, we work well together and we are happy to finally have someone to stop the constant barrage that comes from people taking advantage of a missing manager.

Its gonna get good, its gonna get fun, and i am getting to see how shit goes.

FUCK!
After submitting a registration form I noticed the site is served over plain HTTP. Their marketing site is served encrypted, but login and register are not! What the fuck!!!

Fuck everyone who does this stupid fucking shit with disregard to basic security features! Their goddamn bullshit privacy policy is bragging about how it's top priority to protect their customers' information and shit like that. Get the fuck out, cunts!!

I contacted them so I might have a continuation to this rant if I'm not satisfied with their answers.

Goddamn it!

Anything I (am able to) build myself.
Also, things that are reasonably standardized. So you probably won't see me using a commercial NAS (needing a web browser to navigate and up-/download my files, say what?) nor would I use something like Mega, despite being encrypted. I don't like lock-in into certain clients to speak some proprietary "secure protocol". Same reason why I don't use ProtonMail or that other one.. Tutanota. As a service, use the standards that already exist, implement those well and then come offer it to me.

But yeah. Self-hosted DNS, email (modified iRedMail), Samba file server, a blog where I have unlimited editing capabilities (God I miss that feature here on devRant), ... Don't trust the machines nor the services you don't truly own, or at least make an informed decision about them. That is not to say that any compute task should be kept local such as search engines or AI or whatever that's best suited for centralized use.. but ideally, I do most of my computing locally, in a standardized way, and in a way that I completely control. Most commercial cloud services unfortunately do not offer that.

Edit: Except mail servers. Fuck mail servers. Nastiest things I've ever built, to the point where I'd argue that it was wrong to ever make email in the first place. Such a broken clusterfuck of protocols, add-ons (SPF, DKIM, DMARC etc), reputation to maintain... Fuck mail servers. Bloody soulsuckers those are. If you don't do system administration for a living, by all means do use the likes of ProtonMail and Tutanota, their security features are nonstandard but at least they (claim to) actually respect your privacy.

So, with couple of new people in senior managerial roles, pink slips started flying left and right before the holiday season. That didn't happen before in the company. It's still relatively small and when people left that was for better paid or more interesting work.

While I can understand that from the business perspective and especially for a few who might have been considered dead weight (devs and other roles), I have a serious problem with the way it was handled. It's one of those 5 minute notices. If we weren't remote, I guess escorting out by security would follow.

Most recent person to go is actually one of the most senior devs at the position that became redundant over time, as it clashed in the "pyramid" with another dev. He was involved in many aspects of the product and greatly contributed to the overall success during years of hard work, i'd say maybe more than any of us.

He didn't fuck up anything major as far as I know, his services were just not needed anymore, compared to the other guy. Saving money. I get that.

At T-1 day he prepared a demo of his project. Meetings, Slack, everything as usual. Next thing we got was a "we wish him well in future endeavours" e-mail.

What I find most disturbing is the fact his account was removed immediately, and then we were asked to get any files and anything else we might need, all over personal communication channels (private e-mail, Skype etc.) because he was locked out of all company accounts.

I seem to have have survived this year. One thing they have definitely achieved, based on some off the record chat and some public updates, tweets etc I can see, is for many of us to start networking, polishing CVs and generally stop giving many fucks about the company and the outcome.

I've myself started brushing up on some new skills (stacks) and some old ones (algorithms, etc.) I may need any day now, as it seems.

If they can basically tell "thank you and fuck off" to one person maybe most involved with the company growth, with zero dignity and respect for the person, then fuck them.

Oh boy, this is gonna be good:

TL;DR: Digital bailiffs are vulnerable as fuck

So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:

The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.

So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!

This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.

I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.

Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!

Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...

The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.

But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.

So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)

So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"

So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones

Why the fuck do people not change their router admin password!? I was at a hotel today and could access their router admin interface with the default credentials. I guess this isn't purely the fault of the hotel because not all people know a damn thing about security and only use the interface to change the SSID and password of the AP. But why allow them to leave the default password? Why isn't this a standard feature to be forced to change the password :|

Fuck Monday and SAs... Just arrived at office and logged in:

Consider changing your password:

**Ok... Enters new password**

We're sorry your password is invalid

?????

Let's I already have a lower, uppercase letter, a number

....

Adds a symbol

**works**

Difference in security though? 0.... But now I have one more thing too remember...

Holy fcuk! Can anyone here help me understand how this domain is possible?

WARNING: obviously its a spam site. Take necessary security precautions if you are going to visit.

the following domain opens a cluster fuck domain name! >> secret.ɢoogle.com

That ɢ is not what it looks like. How is such domains possible to exist? Even more surprising, how is this sub domain -ception possible?

So I enventually spent 2 years working for that company with a strong b2b market. Everything from the checkouts in their 6 b2c stores to the softwares used by the 30-people sales team was dependant on the main ERP shit home-built with this monstruosity we call Windev here in France. If you don't know it just google and have some laugh : this is a proprieteray FRENCH language. Not french like made by french people, well that too, but mostly french like the fucking language is un fucking french ! Instructions are on french, everything. Hey that's my natural language okay, but for code, really ?

The php website was using the ERP database too, even all the software/hardware of the massive logistic installation they had (like a tiny Amazon depot), and of course the emails of all employees. Everything was just handled by this unique shitty and so sloooooow fucking app. When there was to many clients on the website or even too many salespeople connected to the ERP at the same time, every-fuckin-piece of the company was slowing down, and even worse facing critical bugs. So they installed a monitor in the corner of a desk constantly showing the live report page of Google analytics and they started panic attacks everytime it was counting more than 30 sessions on the website. That was at the time fun and sad to observe.

The whole shit was created 12 years ago and is since maintened locally by one unique old-fashion-microsoft dev who also have to maintain all the hardware of all the fucking 150+ people business. You know, when the keyboard of anyone is "broken" cause it's unplugged... That's his job too. The poor guy was totally overstressed on a daily basis and his tech knowledge just saddly losts themeselves somewhere in the way. He was my n+1 in a tech team of 3 people : him, a young and inexperimented so-called "php developer" who was in charge of the website (btw full of security holes I discovered and dealed with when I first arrive at the job), and myself.

The database was a hell of 100+ tables of business and marketing data with a ton of specific logic added on-the-go during years. No consistent data model or naming. No utf8. Fucked up relations that ends with queries long enough to fill books. And that's not all, all the customers passwords was just stored there uncrypted. Several very big companies and administrations were some of these clients. I was insisting on the passwords point litterally all the time, that was an easy security fix and a good start... But no, in two years of discussions on the subject I never achieved to have them focusing on other considerations than "our customers like that we can remind them their password by a simple phone call if they lost it". What. The. Fuck. WHATTHEFUCK!

Eventually I ran myself out of this nightmare. I had a few bad jobs already, and worked on shitty software already. But that one really blows my mind (and motivation for a time too). Happy it's over.

OKAY BUT WHY THE FUCK DO PEOPLE HAVE TO ACT LIKE THEY'RE SOME KIND OF GOD WHEN THEY CAN'T EVEN PASS AN INTRO CLASS. Some background: I go to an early college in high school program which offers computer science where you take two college classes a semester starting you junior year in high school. AND THIS GIRL TALKS ABOUT THIS PROGRAM LIKE IT'S AWFUL AND SHE HATES IT AND HOW THE PROFESSORS DON'T TEACH AND SHE FAILED AN INTRO TO PROGRAMMING CLASS WHICH TEACHES JAVA BUT THEN SHE ACTS LIKE SHE'S WAY ABOVE THE OTHER KIDS IN MY CLASS BECAUSE SHE'S RETAKING IT. SHE'S ALSO A STUDENT ASSISTANT IN MY CYBER SECURITY CLASS BUT DOESN'T KNOW WHAT THE localhost IP IS. I UNDERSTAND THAT I DON'T KNOW EVERYTHING BUT AT LEAST I DON'T ACT LIKE I DO. IT'S SO INFURIATING!!!!!!

Sorry to keep whining about my stupid fucking job, but y'all, I think I'm nearing my limit.

There's some good...I am pretty much free to resolve issues any way I want to, as the only other person in the company who "codes" only knows one old ass language that doesn't apply to 90% of the rest of the tech stack at all, and some SQL - all of that to say, we may disagree, but ultimately, these matters are always deferred to me at the end of the day, insofar as the actual implementation goes (which is to say I am not micromanaged). At least as far as non-visuals are concerned, because those of course, are the most important things. Button colors and shit, woo hoo**. That's what we should focus on as we're bringing in potentially millions of dollars per month - the god damn button color and collapsible accordions based on data type over the shit ass DB performance bottleneck, the lack of redundancy or backups (aside from the one I made soon after I started -- literally saved everyone today because of that. My thanks? None, and more bullshit tasks) or the 300GB+ spaghetti code nightmare that is the literal circulatory system of the FUCKING COMPANY. Hundreds of people depend on it for their livelihoods, and those of their families, but fuck me in the face, right? I'm just a god damn nerd who has worked for the federal government, a handful of fortune 500's, a couple of fortune 100's, some startups, etc. But the fuck do I know about the lifecycle of companies?

I could continue ranting, but what's the point? I've got a nice little adage that I've started to live by, and y'all might appreciate it: "If everything is a priority/is important, nothing is". These folks just don't fucking get it. I'm torn because, on the one hand, they waste my time and kinda underpay me, in addition to forcing me to be onsite for 50 hours a week. They don't listen to me, couldn't give a flying shit about my experientially based opinions. I'm just a fucking chimp with a typewriter, there to take commands like a fucking waiter. But there's a lot of job security, assuming I don't fucking snap one day, and the job market for devs (I'm sure I don't need to tell you) is hostile atm. I'm also drinking far more than usual, and I really need to do something about that. It's only wednesday - I think...not 100% on that truth be told, and I logged my fourth trip to the liquor store this week already.

**Dear backenders - don't ever learn front end, or if you do, just lie about it to avoid being designated full stack. It's not worth it.

So our main web server got ransomware'd.

By some miracle only a shared directory was compromised and not the whole server.

The server is on an end-of-life OS (Win Server 2008r2), no antivirus solution, no WAF, no log hardening or aggregation, so basically our Security MSP told us "lol good luck finding the attack origin, nuke it and rebuild it correctly this time"

Thing is IT leadership is like "Eh, no harm done, everything is fine" and want to sweep it under the rug and not report it to senior management.

How do i go about convincing them that this is actually important and for once in their life, they should give a fuck ? (This web server is the main moneymaker, it goes tits up and heads are gonna roll).

Every single stakeholder in my company tells me that I should be working on something different, every time I talk to them. For example - we've got some issues, that I've ranted on previously. I go to my manager, and tell him that it's going to take longer than I'd hoped, because the author of this part of the codebase wasn't familiar with functional programming or OOP, didn't document anything, and just generally produced an unmaintainable, borderline indescribable mess. The next guy after him made it all so much worse, because they're both a couple of tryhard douchebags, and I hope they fucking die. For real. I hope fire ants are involved.

Anyway, getting carried away there, whew. So I tell my manager that we'd be further ahead just replacing the code, because it's only doing a couple of things, and should not be so complex. He says "cool, but what you really need to be doing is rebuilding this other thing." So I switch gears and work on that other thing until I hit a point that requires the input of another stakeholder. I go to talk to this guy, and all hell breaks loose "why are you working on that, this is higher priority", and I explain the sequence of events. Manager denies having said what he said, I look like an asshole, yet again. Then the old "this should be simple, just change this" from the dudes who don't know code, and don't want to know. I try to explain, offer to show them precisely why their "simple ask" is anything but, but they just start screaming about how they hate technology. Yeah, well me fucking too. I keep hearing about how much "job security" I have, but man I'm going to lose my mind at this rate. I have seventeen motherfucking things that are "emergencies", and as many fucking dumb ass unintuitive workflows to go through to get them changed. All on production, because this place is fucking stupid. Just let me discard this shitty legacy code and be done with it already. FUCK.

Thank fucking fuck it's friday. In about six, seven hours, my goal is to be so fucking wasted that I can't feel my face. Get drunk, play with the dog, install a new distro on the desktop, maybe play a little guitar (the guitar is normal sized. It's not a ukulele or anything). Perfect friday night.

tldr: Fuck Apple AND Microsoft...

Tried to check my "me" email today (iCloud)... and well it's apparently "locked" for god only knows what reason, and they will only let me recover it through a Hotmail account that I haven't used in >10years.. So I tried that and after one login attempt outlook.com is telling me "you've entered too many wrong password attempts, you must reset your password"... ugh OK, so I hit the button and it's asking me "my" security question.. 'where did you and your spouse meet?'.. wtf? I'm not married now nor was I @12yrs old when I made this account....

Well thanks so I guess that's fucked for forever...

My internship is about to end in two months. I was under the impression that I'll start looking for a job towards mid August and then decide what to do. I didn't expect my company to offer me a position so early before my internship ended.

Initially I had liked the place. The work was pretty relaxed and I had quite a bit of freedom. Soon enough, I proved my worth and my team started respecting my opinions and suggestions. They even consulted me on multiple occasions.

The first thing I noticed on the downside was the company, despite being resourceful enough and having a decent turnover and important clients, was quite stingy in terms of employee welfare. There was no coffee. There was machine but you had to buy the capsule for yourself. And that sucks. I know I don't need to say more but the other problems were there was no enterprise subscription (or any subscription) to PhpStorm even though our team handled so many PHP projects. I know IDEs are personal preferences but not having any professional IDEs is not something to let slide. The lead dev uses NetBeans (and not because he loved it or anything). Even though I worked on WebDev and front end, I had no option to ask for a second screen. I had one display apart from my laptop. Usually most companies in Paris provides food tickets for internships and this company did not even give me that. And worst of all, there wasn't really anyone I looked up to. As much as I enjoy responsibilities and all, I don't think I should be in an environment where I have nothing much to learn from my seniors. For some fucked sense of security and certainty, I was willing to overlook all this when they offered me a position. But I recently had my interview and the regional manager, a fuck face who still makes me wonder how he reached his position, made a proposal for some quite a small amount of salary. What infuriated more than his justifications was his attitude itself. There was absolutely no respect whatsoever. It was more like "We'll give you this, I think this is more than enough for you. Take it or do whatever you want". I asked for more and he didn't even bother negotiating. I declined the offer.

Now this would have solved all the issues. But my manager and my lead dev like me a lot. Both of them are pretty nice people. They both were bothered with the fact that I had turned down the offer. My manager even agreed that the offer was too low and had already given me tips to help me negotiate. But after I turned down the offer, she went and discussed the issue with the regional manager and he offered me a new proposal. This time it was decent but still under my expectations. I'm pretty sure I can do better elsewhere. I said I need time to think about it. I get multiple advises from people to take it atleast so that I get my visa converted to a work permit. For some reason, I want to take the risk and say no. And find something else. But today my lead dev called me aside and asked me if was going to say no. He really tried to influence me by telling me a lot of good things about me and telling me about the number of different projects we're going to start next month and all that. Even though I'm fully convinced that I don't want to work here, just the sheer act of saying no to these two people I respect is sooo fucking difficult for me that I can already imagine me working here for the next one year. The worst part is I can clearly classify their words and sentences into stuff they say to canvass me, stuff they're bullshitting about and flattery just to make me stay. Despite knowing I'm being taken advantage of, some fucked up module in my head wouldn't stop guilt tripping me. I don't know what to do. If I only I could find a really better job.

Pardon the grammatical errors if any. I'm just venting out and my thoughts branch in 500 different ways simultaneously.