Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Doing some Christmas shopping.
Creating some throwaway accounts in various e-shops
Some e-shops send me my password via email upon registration.
I've spent the better half of a day emailing those e-shops to revise their IT security policies.
Haven't bought a single gift yet.
Time well spent!6 -
Well, well, well, my new year's gift:
Someone is jamming thousands of requests per second, and NO firewall. JWT tokens that expires in 3 HOURS.
Now MORE THAN 40K stolen.
But, where did it come from? https://devrant.com/rants/4961285/...16 -
[CMS of Doom™]
The gift that keeps on giving...
When you think you've seen it all after 7 months in legacy hell, you get another gift:
Let's say you use PHP, but your IQ is in the zero-ish range, then it is obvious to:
- use define() for constants in all your config.*.php files
- then include said config.*.php files multiple times
- and because define() doesn't overwrite the same constant, because it's - you know - a constant, you instead of including just do a file_get_contents() to read the PHP file as string and then parse the values by Regex.
The dev who wrote this was truly one of the devs ever.
11 -
Follow up to: https://devrant.com/rants/5047721/....
1- The attacker just copy pasted its JWT session token and jammed requests on the buy gift cards route
2- The endpoint returns the gift card to continue the payment process, but the gift card is already valid
3- Clients wants only to force passwords to have strong combinations
4- Talk about a FIREWALL? Only next month
5- Reduce the token expiration from 3 HOURS to 10 minutes? Implement strong passwords first
6- And then start using refresh tokens
BONUS: Clearly someone from inside that worked for them, the API and database password are the same for years. And the route isn't used directly by the application, although it exists and has rules that the attacker kows. And multiple accounts from legit users are being used, so the person clearly has access to some internal shit7 -
I haven't been here for a long while but I wanted to peek in because of the dev ducks, cause I thought they would be a great gift for someone and now I found out they're sold out - my disappointment is immeasurable and my day is ruined.
But now I decided I'm just gonna buy. a rubber duck and DIY it.1 -
I can’t remember if I shared this cringe with you all or if I was too embarrassed by it, but…
In the spirit of giving, I gift you all this cringey parody song I recorded 3 years ago. “I Program in C”. Lyrics written by Chris Frederick on amiright.com, song parodied is I Go to Extremes by Billy Joel.
https://smule.com/recording/...
Happy holidays, friends.7 -
-- Best --
> Submitted my notice of termination for my current job
> Found a new job starting next year
> Can switch from Windows to Linux/MacOS in new job
> Got more time to work on personal projects due to the pandemic
-- Worst --
> Huge amount of software restrictions (current job) almost got several projects at work canceled. Maybe its important to say that the core business of my current workplace is auditing so there are a lot of law regulations which then apply in the softwaredevelopment process.
> New managers that do not have the slightest clue of what they're doing
> Online Teambuilding events
> Absurd amount of segmentation of tools and also different coding guidelines that are used at work. E.g. one team uses jira, another trello, another github issue tracker and so on. -
The universe has taken a cactus.
It proceeded to gift the cactus with a toxin that greatly enhances the stimulus of pain.
After the universe watched it's miraculous creation it decided to shove it up so far my arse that my gag reflex turned on and I puked a lot of cactus.
Didn't sleep well, weekend hardware migration finish, today an old server got moved.
Some part, most likely the redundant PSU, had a short circuit - decided to take the switches out... Which are the only non redundant hardware...
There was only one critical system in the whole rack, that was one redundant firewall.
Guess what happened..... Naaaa?
*drum roll*
For whatever reason, the second firewall didn't kick in, so large part of internal network unreachable as VPN was on the firewall.
:thumbsup:
That's not cactus level yet.
Spontaneously a large part of the work at home crew decided to call, cause getting an email wasn't enough.
So while all the phones were ringing and we had the joyful fun to carefully take apart a whole rack to check for possible faulty wiring / electric burns / hardware damage and getting firewall up and running again...
Some dev decided to run a deployment (doable as one of the few working at the company at the moment -.-).
I work from home, but we had a conference phone call running the whole time so I could "deescalate" and keep others up-to-date. So me on headphone with conference call, regular phone for calls, while typing mails / sms for de-escalation.
Now we're reaching cactus level, cause being tortured by being annoyed out of hell by all telephone ringing, the beeping of UPS (uninterruptible power supplies), the screaming of admins from the server room and the roaring of air coolers…
Suddenly said dev must have stood in the midst of the chaos… and asked for help cause "the deployment broke, project XY is offline"...
I think it was the first time since years that I screamed at the top of my lungs.
Bad idea (health issues)… but oh boy was it a pleasure to hear my own voice echo through the conference speaker and creating an echoic sound effect.
It was definitely worth coughing out my loungs for the next hour and I think it was the best emotional outburst ever.
I feel a bit sorry for the dev, but only a tiny bit.
After the whole rack thing, the broken deployment fixing and the "my ears are bleeding and I think I will never be able to talk again" action...
We had to roll out several emergency deployments to fix CVEs (eg libexpat).
This day was a marvelous shit show.
I will now cry myself to sleep with some codein.1 -
Corporate hackathons are bullshit. I've swore them off. There is no way I'm going to be put in additional hours for so little gain ever again.
Companies have boatloads of money, and they think they can get away giving people $100 Amazon gift cards. SERIOUSLY? You pay for execs in millions of dollars for flapping their mouths.
Make it so that you pay out at least 20k+ to winners and give people something for participating - a nice 1k bonus.
You guys have enough money.5 -
My wife gave me an iPhone for Christmas. The last one I had was the 4. As soon as it connected to my computer and I answered the first call from it. I don't know, I fell in love. Mind you, I don't want the Apple Watch. I have an amazfit neo and I like it that way.6
-
My first experience…
My father bought a Commodore 64 but couldn’t figure out how to use it. A few days later I was playing games and making art. He yelled at me saying none of it was in the manual. He was mad I understood how to use it. It all came naturally to me, and I early
on realized I had a gift.
Top Tags
Weekly Rant
View