Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "fucked up login"
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜
Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.
First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.
Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.
Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.
Dealing with attacks and getting hacked.
Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.
linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)
How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!
One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)
Dealing with different kinds of attacks:
Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.
So yah, hereby :P38
Its that time of the morning again where I get nothing done and moan about the past ... thats right its practiseSafeHex's most incompetent co-worker!!!
Today I'd like to tell you the story of "i". Interesting about "I" is that he was actually a colleague of yesterdays nominee "G" (and was present at the "java interface" video call, and agreed with G!): https://devrant.com/rants/1152317/...
"I" was the spearhead of a project to end all projects in that company. It was suppose to be a cross-platform thing but ended up only working for iOS. It was actually quite similar to this: https://jasonette.com/ (so similar i'm convinced G / I were part of this but I can't find their github ID's in it).
To briefly explain the above + what they built ... this is the worst piece of shit you can imagine ... and thats a pretty strong statement looking back at the rest of this series so far!
"I" thought this would solve all of our problems of having to build similar-ish apps for multiple customers by letting us re-use more code / UI across apps. His main solution, was every developers favourite part of writing code. I mean how often do you sit back and say:
"God damn I wish more of this development revolved around passing strings back and forth. Screw autocomplete, enums and typed classes / variables, I want more code / variables inside strings in this library!"
Yes thats right, the main part of this bullshittery was putting your entire app, into JSON, into a string and downloading it over http ... what could possibly go wrong!
Some of my issues were:
- Everything was a string, meaning we had no autocomplete. Every type and property had to be remembered and spelled perfectly.
- Everything was a string so we had no way to cmd + click / ctrl + click something to see somethings definition.
- Everything was a string so any business logic methods had to be remembered, all possible overloaded versions, no hints at param types no nothing.
- There was no specific tooling for any of this, it was literally open up xcode, create a json file and start writing strings.
- We couldn't use any of the native UI builders ... cause strings!
- We couldn't use any of the native UI layout constructs and we had to use these god awful custom layout managers, with a weird CSS feel to them.
What angered me a lot was their insistence that "You can download a new app over http and it will update instantly" ... except you can't because you can't download new business logic only UI. So its a new app, but must do 100% exactly the same thing as before.
His other achievements include:
- Deciding he didn't like apple's viewController and navigationBar classes and built his own, which was great when iOS 7 was released (changed the UI to allow drawing under the status bar) and we had no access to any of apples new code or methods, meaning everything had to be re-built from scratch.
- On my first week, my manager noticed he fucked up the login error handling on the app I was taking over. He noticed this as I was about to leave for the evening. I stayed so we could call him (he was in an earlier timezone). Rather than deal with his fucked up, he convinced the manager it would be a "great learning experience" for me to do it ... and stay in late ... while he goes home early.
- He once argued with me in front of the CEO, that his frankenstein cross-platform stuff was the right choice and that my way of using apples storyboards (and well thought out code) wasn't appropriate. So I challenged him to prove it, we got 2 clients who needed similar apps, we each did it our own way. He went 8 man weeks over, I came in 2 days under and his got slated in the app store for poor performance / issues. #result.
But rather than let it die he practically sucked off the CEO to let him improve the cross platform tooling instead.
... in that office you couldn't swing a cat without hitting a retard.
Having had to spend a lot more time working with him and more closely than most of the other nominees, at a minimum "I" is on the top of my list for needing a good punch in the face. Not for being an idiot (which he is), not for ruining so much (which he did), but for just being such an arrogant bastard about it all, despite constant failure.
Will "I" make it to most incompetent? Theres some pretty stiff competition so far
Tune in later for more practiceSafeHex's most incompetent co-worker!!!7
Ever had a 'why in FUCKS name would you do that?!?' moment with another programmer?
In my first study year we learned about PHP and how to write a login system. Most people would either do a 'select count(something like id) from users where username = username and password = password' or select the values based on the username/email and check if the password matches.
This guy selected everything from the table and FOREACHED the records while comparing if the username/password matched with an if within that loop.
I couldn't get him to understand how fucked up that system would become once you'd have loads and loads of users 😅21
Although this is gonna sound like bullshit, this happened to me for real. Since that moment I use even more backup services AND I regularly check EVERYTHING.
Had a backup of my important data (still used mainstream services back then) on:
- Hotmail email attachments
- Google Drive
(Both link to another email account).
- A few data backup services
- External HDD.
I wanted to copy some backup data over again:
1. Walk to my staple of HDD's, tried to grab it, somehow missed and knocked the whole fucking pile over. HDD broken.
2. Well fuck, let's go put some of my clothes in the washing machine for clean clothes at study/monday. After this shit being in the washing machine for just a few minutes, I realized my backup USB stick was in one of my pockets, in the washing machine. FUCK. Couldn't stop it so I waited till the end, tried it and well, it wasn't working at all anymore.
Fuck my fucking life slightly right now.
3. *remembers about the backup disc*. I forgot to keep it in its case, very deep scratches and so on, unreadable. FUCKING FUCK.
4. Right, I still have those online services! *tries to login to all of them (including hotmail/gdrive) but forgot the password. Well, let's login to my backup account then (hadn't used that one in years). Account was suspended for some reason.
Started to get really anxious because every online backup service was linked to that email address.
Contacted customer support. They really couldn't restore it because of some issues they weren't allow to tell me. Sorry but I couldn't retain access.
5. Well this is fucked up. Couldn't get into any of the backup/hotmail/gdrive accounts anymore.
I tried contacting their support but never got any replies.
This was the moment I realized I fucked up big fucking time because damn, this stuff at this level hardly happens to anyone.
Ah, let me open my half baked personal Android project. Maybe I'll finish it this time.
*opens Android studio*
"You have shitloads of updates. Please download and restart now"
Ok, makes sense. I haven't opened it for a month.
*runs the app*
"CoolApp has crashed"
What the fuck? It was all working before. WTF happened.
*half an hour of online research*
The google play service version is somehow fucked up. So let's fix that.
Yay! Let me login right away!
*Login via google doesn't work*
I didn't even touched the bloody code.
*another half an hour of research. Nothing works*
Fuck this shit.10
I KNOW that you don't understand what you're doing or saying, THAT'S WHY I JUST TOLD YOU A VERY SHORT, SIMPLE, AND CLEAR SENTENCE TO SAY WORD-FOR-WORD TO THE OTHER GUY WHO, IF HE'S AT LEAST HALF-COMPETENT SHOULD IMMEDIATELY UNDERSTAND AND RESPOND WITH *FOUR* *WORD* *ANSWER* and instead of that you blabber on for 5 minutes how you don't know what to say to him and how to explain what we need (FUCKIN ADMIN LOGIN YOU BOTH WINEFLY-BRAINED MORONS!), and he blabbers for 5 minutes back something something bullshit someone else and then REMOTES INTO THE COMPUTER, AND DOES A SYSTEM REINSTALL OR REMOVES DUDE'S USER ACCOUNT OR SOME SHIT LIKE THAT BECAUSE MY SKYPE CALL WITH THE DUDE DROPS AND NEXT TIME DUDE IS CALLING ME HE'S CONFUSED ABOUT SYSTEM SETUP SCREENS!!!!!!
told him sorry but call the fucker who fucked it up for you, i'm not wasting two hours of my time just because some school "IT admin" thinks the best solution for user not knowing his admin login is to remotely trigger a reinstall or someshit on the machine.5
Yesterday I stayed at home sick. Had a bad case of the EXPLOSIVE DIARRHEA FROM HELL. Was feeling ok but could not walk away from me throne.
Went in today cuz the lead was not gonna be there and shit always breaks on Freyja's day as we all know.
1 and a half hours before we clock out and go home someone calls saying that students are trying to drop from classes at the last minute and our app ain't doing it.
I "fixed" the app last week and ran a small login test. It work so I thought it was fine. Stupid me for making unprofessional and retarded assumptions.
Manager freaks out. The entire school freaks out. Coworker lols cuz he ain't got to work on it. I start mind debugging the entire bitcheridoo.
45 minutes later...and I was able to successfully go through almost 15k lines of code of php/html/js code and fucking FIXED it with tests and all for real.
Went at it hard. Babe ass manager was like 0.0 and then (͡° ͜ʖ ͡°)
Called head office and told them everything was undr control.
Dropped the phone like a mic. Mic drop.
Then I looked at manager and coworker and said "ya I fucked up, but I am still the king"
Both nodded in agreement.
Everyone got wet with my sheer awesome troubleshooting php master skills.
Got home thinking about how boss I am.
Fucking Texas af b. Can't touch this heat. The rangers still suck and so do the cowboys. The astros and the texans don't exist because there is only room for one. Go spurs.
Still have diarrhea.
Is it just me, or has @LastPass hired too many interns lately?
First: you can't login for hours before they actually go and admit they fucked up.
Now: the chrome extension has been deleted from the web store.
I'm a patient guy, but what on the unholy fuck is going on.
The LastPass extension in the Chrome Web Store was accidentally removed by us and we are working with the Google team to restore it ASAP. Thank you for your understanding and patience in the meantime.10
Well... I had in over 15 years of programming a lot of PHP / HTML projects where I asked myself: What psychopath could have written this?
(PHP haters: Just go trolling somewhere else...)
In my current project I've "inherited" a project which was running around ~ 15 years. Code Base looked solid to me... (Article system for ERP, huge company / branches system, lot of other modules for internal use... All in all: Not small.)
The original goal was to port to PHP 7 and to give it a fresh layout. Seemed doable...
The first days passed by - porting to an asset system, cleaning up the base system (login / logout / session & cookies... you know the drill).
And that was where it all went haywire.
I really have no clue how someone could have been so ignorant to not even think twice before setting cookies or doing other "header related" stuff without at least checking the result codes...
Basically the authentication / permission system was fully fucked up. It relied on redirecting the user via header modification to the login page with an error set in a GET variable...
Uh boy. That ain't funny.
Ported to session flash messages, checked if headers were sent, hard exit otherwise - redirect.
But then I got to the first layers of the whole "OOP class" related shit...
It's basically "whack a mole".
Whoever wrote this, was as dumb and as ignorant to build up a daisy chain of commands for fixing corner cases of corner cases of the regular command... If you don't understand what I mean, take the following example:
Permissions are based on group (accumulation of single permissions) and single permissions - to get all permissions from a user, you need to fetch both and build a unique array.
Well... The "names" for permissions are not unique. I'd never expected to be someone to be so stupid. Yes. You could have two permissions name "article_search" - while relying on uniqueness.
All in all all permissions are fetched once for lifetime of script and stored to a cache...
To fix this corner case… There is another function that fetches the results from the cache and returns simply "one" of the rights (getting permission array).
In case you need to get the ID of the other (yes... two identifiers used in the project for permissions - name and ID (auto increment key))...
Let's write another function on top of the function on top of the function.
My brain is seriously in deep fried mode.
Untangling this mess is basically like getting pumped up with pain killers and trying to solve logic riddles - it just doesn't work....
So... From redesigning and porting from PHP 7 I'm basically rewriting the whole base system to MVC, porting and touching every script, untangling this dumb shit of "functions" / "OOP" [or whatever you call this garbage] and then hoping everything works...
A huge thanks to AURA. http://auraphp.com/
It's incredibily useful in this case, as it has no dependencies and makes it very easy to get a solid ground without writing a whole framework by myself.
TLDR: crappy api + idiot ex client combo rant // devam si duška
I saw a lot of people bitching about APIs that don't return proper response codes and other stuff..
Well let me tell you a story. I used to work on a project where we had to do something like booking, but better..crossbreed with the Off&Away bidding site (which btw we had to rip off the .js stuff and reverse engineer the whole timer thingy), using free versions of everything..even though money wasn't an issue (what our client said). Same client decided to go with transhotel because it was sooooo gooood... OK? Why did noone heard of them then?
Anyhow, the api was xml based.. we had to send some xml that was validated against a schema, we received another that was supposed to be validated againts another schema.. and so on and so on..
The API docs were nonexistent.. What was there, was broken English or Spanish.. Even had some comments like Add This & that to chapter xy.. Of course that chapter didn't even exist yet. :( And the last documentation they had, was really really old..more than a year, with visible gaps, we got the validation schemas not even listed in the docs, let alone described properly.
Yaaay! And that was not everything.. besides wrong and missing data, the API itself caused the 500 server error whenever you were no longer authenticated.
Of course it didn't tell you that your session was dead.. Just pooof! Unhandled crap everywhere!
And the best part?! We handled that login after inspecting what the hell happened, but sent the notification to the company anyways.. We had a conf call, and sent numerous emails explaining to them what a 'try catch' is and how they should handle the not authenticated error <= BTW they should have had a handled xml response for that, we got the schema for it! But they didn't. Anyhow, after two agonizing days talking back and forth they at least set up the server to be available again after the horrified 500 error. Before, it even stopped responding until reset (don't ask me how they managed to do that).
Oh yeah, did I mention this was a worldwide renown company?! Where everybody spoke/wrote English?! Yup, they have more than 700 people there, of course they speak English! <= another one of my ex clients fabulous statements... making me wanna strangle him with his tie.. I told him I am not talking to them because no-one there understood/spoke English and it would be a waste of my time.. Guess who spent almost 3 hours to talk to someone who sounded like a stereotypical Indian support tech guy with a flue speaking Italian?! // no offence please for the referenced parties!!
So yeah, sadly I don't have SS of the fucked up documentation..and I cannot post more details (not sure if the NDA still holds even though they canceled the project).. Not that I care really.. not after I saw how the client would treat his customers..
Anywayz I found on the interwebz some proof that this shitty api existed..
picture + link: https://programmableweb.com/api/...
SubRant: the client was an idiot! Probably still is, but no longer my client..
Wanted to store the credit card info + cvc and owner info etc.. in our database.. for easier second payment, like on paypal (which he wanted me to totally customize the payment page of paypal, and if that wasn't possible to collect user data on our personalized payment page and then just send it over to paypal api, if possible in plaintext, he just didn't care as long as he got his personalized payment page) or sth.... I told the company owner that they are fucking retards if they think they can pull this off & that they will lose all their (potential) clients if they figure that out.. or god forbid someone hacked us and stole the data.. I think this shit is also against the law..
I think it goes without saying what happened next.. called him ignorant stupid fucktard to his face and told him I ain't doing that since our company didn't even had a certificate to store the last 4 numbers.. They heard my voice over the whole firm.. we had fish-tank like offices, so they could all see me yelling at the director..
Guess who got laid off due to not being needed anymore the next day?! It was the best day of my life..so far!! Never have I been happier to lose my job!!
P.S. all that crap + test + the whole backand for analysis, the whole crm + campaign emails etc.. the client wanted done in 6 months.. O.o
P.P.S. almost shat my pants when devRant notified my I cannot post and wanted to copy the message and then everything disappeard.. thank god I have written this in the n++ xD11
*decides to take another look at the Arduino Mega and LCD*
*suddenly realizes that this LCD controller that I bought has a different pinout*
"Alright, let's look at the seller's product page and they better have a pinout for this fucking thing"
*tries to log into AliExpress*
"At this point I don't even know anymore if it's China that fucked up again or whether this is another feature from the Facefucks"
"LOG ME FUCKING IN ALREADY YOU PIECE OF SHIT!!!"
And honestly, if I want to start a project, I want to work on the fucking project. I don't want to have to deal with all this shit instead!!!2
Long story short: University fucked up single sign on.
For every online service I have, I set a different password, randomly generated ~ 20 characters long. At our university we have multiple systems but they offer a single sign on service which is quite nice because it is so non-transparent which service now uses which authorization. I changed my password a while ago and around the same time they also updated our mail client. Since then I am not able to log in which is not a big deal for me because I have mail forwarding.
Yesterday however I needed another service and also got rejected with my password. I knew from a friend that the passwords are fucked up and that some services have different restrictions (only 12 chars max.), so I decided to search how to reset my password. What the fuck was wrong with these people? It takes you five different pages to get the tiniest bit of information how to reset the password. Then on one page you can login with your single sign on and change the password. On that page you can also set the single sign on password, but if you enter an invalid password (in respect of the the other services) guess what? No feedback that you just locked yourself out of half the systems. Nice job. Also the password requirements are not next to the input fields where you change the password. Noo. That would be way to easy, remember the little small one line on the wall of text three pages ago? There you go.
Ok step one done. Now it should work, shouldn't it? Ohh no not so fast. One needs to activate the seperate service. Where you ask? Perfectly fine question. On the top of page four is a fucking one line table which looks like some five year old had some fun in excel. The button which takes you to the activation page is nearly invisible because of the non existing contrast. Also it is not a button but some arrow pointer thingy. Behind set arrow you have a page listing all differnt kinds of services, the description which you find on page two btw. No padding to decipher this shit what so ever. Nearly on the bottom is your needed button. Yes finally.
Finally I want to login, no good. Try again. Still no good. Go back to the fucked up excel table look at my username and think to myself what's the difference here? The table is so small and again no margin or padding. Apparently they cut of the last character of my normal username which i have which is fucking ridiculous.
What is wrong with you people, we are a TECHNICAL UNIVERSITY, is it so hard for you to find someone decend to unify this shit?1
I get an email about an hour before I get into work: Our website is 502'ing and our company email addresses are all spammed! I login to the server, test if static files (served separately from site) works (they do). This means that my upstream proxy'd PHP-FPM process was fucked. I killed the daemon, checked the web root for sanity, and ran it again. Then, I set up rate limiting. Who knew such a site would get hit?
Some fucking script kiddie set up a proxy, ran Scrapy behind it, and crawled our site for DDoS-able URLs - even out of forms. I say script kiddie because no real hacker would hit this site (it's minor tourism in New Jersey), and the crawler was too advanced for joe shmoe to write. You're no match for well-tuned rate-limiting, asshole!1
We all hate being tech support for our family and friends, but motherfuck this is insane; my sister asks me for support and then doesn't listen to me. E.g. I tell her that the Microsoft login page is fucked up so she'll need to login again and she doesn't try again, but pesters me until I login for her... Every goddamn time...11
We are 2 people working as remote android devs for this startup in another country. 6 weeks ago a new person joined onsite to work directly in startup HQ. I'l refer to him as an newguy.
Last week we started new sprint (of 2 weeks) to work on a new feature.
Newguy was responsible for gathering all the specs and planning, so this is how our sprint is going so far:
We have 10+ tickets in jira (tickets have only titles) no one knows what to do and we don't even have specification. I started pushing everybody onsite to get their shit together. We NEED UX/UI specs, we NEED backend to be ready, or at least start working paralelly so that once wer'e done with frontend backend would be ready. I mean cmon guys this feature is already 70% done on iOS, why cant you send us the specification?
We had a meeting on Zoom and talked about missing specification and project manager promised to send us the specs. Meanwhile the idea of feature became clearer so I agreed with the newguy to start researching about best way to implement our solution.
We received the specifications. I provided my research for the feature to the newguy. Turns out the he knew about specification 4-5 days before.
Instead of sharing information with us, he decided to create his own library to do what we want to do and blatantly rejected my research input.
Now he showed his implementaton (which is shit by the way) and presents it as the only way to proceed forward. He offers for us to work paralelly with him on this (basically he wants to write library alone, and we are supposed to somehow implement and test it, but how the fuck we can implement if backend is not ready and library is just a bunch of empty interfaces at this point?)
I talked with one of the teamleads in the startup and told him that this is not the way things were being done here before and new guy is becoming a dictator.
Teamlead talked with new guy and found no issue. Basically newguy defended his sole decision by saying that he did research on his own, there are no libraries that do what we want and he knows better.
Teamlead tells me to STFU because new guy seems competent and he will be leading this feature. Basically from what I gathered teamlead doesn't give a single fuck and wants to delegate all project management to this new guy.
End of the week. New guy claims that his lib is done so we can start implementing properly. I tried implementing his lib but its fucked up and backend is still not ready.
Backend is still not ready, no one is doing anything just waiting for it to be ready.
Day 7 (Today):
Today(Backend is still not ready, no one is doing anything just waiting for it to be ready.
So what can I say? His plan was to probably prove his self worth and try to lead this feature by giving us information at last minute. At the point were we should start implementing instead of researching.
What happened? Motherfucker doesn't know shit about backend, has been notified about backend issues multiple times but his head was so deep up his ass with that new library of his that he delayed the rest of the team.
Result? 7 working days wasted. Out of 3 developers only 1 was actually working (and his fucked up code will have to be rewritten anyways). Only 50% of feature done. Motherfucker tells me that this is how we will work in the future, "paralelly". The fuck is this mate? If you would have worked on this feature alone you would have done it already now, but instead you wait until we remote devs will login and fetch you the test input and talk with backend guys for you? The fuck is wrong with you.
You fucking piece of shit, learn to plan and organize better if you want to lead the team. Now all that you are doing is wasting time, money and getting on everyboys nerves. Im tired of fucking spoon feeding you every day you needy scheming office politics playing piece of shit. Go back to your shithole country and let us work.
When I was responsible for sprint planning I figured out what to do before start of the sprint and remote devs were able to do week's work in 1-2 days and have rest of the week off. This is how it's supposed to be when you work with a remote team. Delegate them separate features, give them proper specs ahead and everyone's happy. Don't start working on frontend if you dont even fucking know when backend will be ready. It's fucking common sense.
Now I need to spoon feed this motherfucker who can't even get information while sitting on his ass onsite in HQ. Fucking hell.8
So I have a job at a client to fix their system because the last systemadmin fucked everything up. One of the things I need to do is let the boss work from home.
No problem. I set up a vpn connection to work and everything just works. Except that the home network had the same dhcp range so that had to change.
I login on the router and literally everything is fucking locked. I call them and they send me a new router same fucking problem. So we bought an asus router so I finally can fix it.
QUESS WHAT THE FUCKING GARBAGE DOESNT EVEN HAVE BRIDGE MODE. FUCK KPN AND THEIR MODEMS.1
TIFU by showing login data during presentation
I was presenting my school project when my teacher asked if I could show him the source code. I said ofc, just let me login to the FTP server. I completely forgot that it was also shown on the big screen, and a random funny student logged in and tried to replace the index file with a joke file. Of course, he didn't want to make damage, so he made a backup. But this backup caused the problem, because he connected to the FTP through Windows Explorer (wtf?), and when he made a copy of the original file, it was renamed to "Copy of xy", but in a localized version, which contains special characters. Because of these characters, some FTP clients couldn't even connect, others just couldn't interact with the file. No download, no rename, no delete, nothing. After trying out like 8-9 FTP clients, I just remembered that I could rename it in PHP. Well, it got deleted instead of being renamed, but at least it wasn't there anymore. I have spent like half more hour with searching for a backup version on my computer until I found it.
TL;DR: showed FTP credentials during presentation on big screen, random student accessed and renamed a file, special characters in name fucked up the server, luckily I found a backup.2
One day I helped another teacher with setting up his backend with the currently running Nginx reverse-proxy, peace of cake right?
Then I found out the only person with ssh access was not available, OK then just reset the root password and we're ready to go.
After going through that we vim'd into authorized_keys with the web cli, added his pub key and tried to ssh, no luck. While verifying the key we found out that the web cli had not parsed the key properly and basically fucked up the file entirely.
After some back and forth and trying everything we became grumpy, different browsers didn't help either and even caps lock was inverted for some reason. Eventually I executed plan B and vim'd into the ssh daemon's settings to enable root login and activate password authentication. After all that we could finally use ssh to setup the server.
What an adventure that was 😅4
Part 1: 2h including testing
Part 2: 2h-2days-maybe never (small changes on horrifically fucked up project noone understands with tons of tech debt)
Managed to pull off the part two in one day.. //yay me?!
Additional day to unfuckup git fuckups (including but not limited to master head not compiling because a smartass included *.cs in .gitignore file which he also pushed..don't ask, I have no clue why..) which was a huuuge deal for me as I usually use only local repo and had no idea how to tackle this.. coworker helped out.. seems I was on the right way, but git push branchy was acting up & said I had to login & ofc I had no clue what the pass was set to (first setup was more than 2yrs ago)..so new key, new pass.. all good.. yay!
Back to the original story/rant: Now I'm stuck with writing jira explanation why it was done this way & not the way customer suggested. They offered only vague description anyways which would require me to do a hacky messy thing, ew.. + it most probably would require major data modifications after deployment to even make it work..
Anyhow, this expanation is also easy peasy in english..
I must write it in my native tongue.. o.O FML! Spent almost 40mins on one paragraph..
Sooo.. if anyone will petition to ban non english in IT, I'm all for it!!2
First time linux user feedback
Linux lovers are probably gonna eat me alive but I don't give a flying fuck
Maybe its a little lenghty or boring, tell me what you think
I work for game extension company. We work with WinAPI and such. I've been using Windows since forever and I'm happy with it. But I thought to myself "hey, if I wanna be a good dev, I should give Linux and OS X a try, too"
I downloaded Linux Mint couple of months ago to start with. I was unable to boot it from live CD no matter what I tried, even in recovery mode. Apparently, Mint 18.3 was based on Ubuntu 16.04 which doesnt support UEFI
Wait, what the fuck, all modern PCs have UEFI so what, do all Mint users have 10 y/o laptops and PCs???
Anyway, when I heard about Mint 19 being released I thought to give it another try and I did. What a surprise, it booted successfully from Live CD. I saw the Linux desktop for the first time in my life, yay! I then installed it, GRUB appeared, my Windows was still there and wasn't broken so I was happy SOMETHING was working. I configured timeshift and applied dvorak layout system-wide. Realised dvorak layout is fucked up big time and applied normal layout for just desktop environment. Everything was really nice until couple reboots later Cinnamon stopped launching (kept returning to login screen). Okay, lets use timeshift
First big what-the-fuck was when I found out system restore can only be done using GUI??? This is absolutely retarded and I couldn't believe it is true. Login screen has a reachable console but I can't login there since I can't type the password. Fuck, fuck, fucking drovak layout was there.
Recovery mode - I've spent 20 minutes trying to type "timeshift --restore" having to press all keyboard buttons just to progress with one button. I've had another what-the-fuck when I saw "error: can't restore timeshift - partition already mounted"
Okay, this is too much. Why the fuck would you bundle a recovery mode if you can't restore a snapshot from there.
I have spent 3 hours now googling and trying to remove this fucking keyboard layout. No dice. I am making another copy of the live CD now. I'm gonna reinstall the whole shit now. I have the desire to create a custom Mint version without this abomination of a keyboard layout.
It's okay. Windows has taught me to be patient.
Fuck Dvorak, I dont know who the guy is but his keyboard layout can eat my dick12
Fuck you mysql and your new fucked up 8.0 login. Fuck you 100 times. Now I need to restore my computer because of you.4
!dev Nice surprise... Hopefully...
Been having a lot of teeth problems and need like 2 crowns and 1 filling now... Old fillings just suddenly fell out. My regular dentist plan is ok for cleaning but isn't so good for these expensive treatments. And it seems the dentists in network are sorta so-so... The original fillings were done by them like last year....
Well somehow it popped up into my mind that with COVID.... Given its a health crisis and the govt is bending over backwards to deal with it... it may also let me change insurance plans during the year.
Usually enrollment is once a yr until you change jobs... But when I googled I saw that apparently they did.... Though it's upto the employer and the insurance company. They have to negotiate and allow it. Not required to by law.
So anyway last week, I called up my HR asking if they allow it. The rep said they'd need to ask higher up and get back to me this Monday.
I never got a call though but today I took off to deal with all the health stuff and just take a personal day. So I called my "current" dentist insurance to ask what I needed to do to see a specialist for the root canal crown as regular dentist can't do this one.
But they couldn't find my policy because it turned out it was cancelled last week. At this point I'm likeOK WHO FUCKED UP... WHAT THE BLOODY FUCK... IM UNINSURED NOW?!!!
I login to the company benefits site to get their support #. But it also shows my current plans. Where it shows that it got switched.
I still had to call the new insurance to get my ID info...
But I'm like hm... This seems to have worked out well... Assuming everything goes as planned. Basically got 1/2 year on cheap normal coverage but now that I need it, got to switch to the more expensive coverage, which now comes out better: lower overall costs, and better drs...1