Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "goldmine"
Shame me later for piracy but I think i just found the goldmine of books and vid tuts. Has packt(books, vids) and even O'Reilly books as recent as last month. This good boye has EVERYTHING.
TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern
Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.
Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.
Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.
An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.
After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.
The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.
It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”
At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”
For two weeks I am paid 50$ an hour 6 hours a day / 5 days per week as someone called "Web deployment supervisor". The work is based on checking if the website throws an error and fixing it (devops) and staying in touc with the customer and helping him. The wevsite i wrote is just a small PHP site, well tested, almost no user input, if you dont drop whole DB it cannot basically crash. So for past week I am just copypasting documentation for the client what/how to do things. Today I already sent him same info 4 times. For me as a student and a freelance web dev it's a gold mine. I am having vacations for 14 days (thanks to damaged school water supply), getting paid 50$/hour for playing PUBG and using Ctrl+F in my Firefox, but god hell, it's so fucking psychically hard. Sometimes I have an urge to scream on that retard "I'VE SENT YOU THAT SAME SHIT 4 MINUTES AGO RETARD USE YOUR FUCKING SCROLL WHEEL IN OUR CHAT FOR FUCK SAKE".5
I've finally found a goldmine of accurate job listings that don't include Windows shit-administration... So I'm thinking of sending out applications to all of them. Problem is, as you might recall from my previous rants, I had a flash drive with my GPG keypair on it stolen from me. I still haven't fully replaced the key (I made another one and published it but I'm not using it yet), and because I'm fairly confident that this flash drive's data has never been used (so likely just plugged into Windows and formatted), it's unlikely that I'm gonna bother rotating all of the contents that were on that flash drive.
That said however, my emails now all have signatures underneath them as follows:
Met vriendelijke groet / Best regards,
- My outbound email is usually signed with my private key. If not, please don't hesitate to ask me about it through a different communication platform.
IMPORTANT: My keys have possibly been compromised. An encrypted flash drive on which this GPG keypair was stored has been stolen from me. I'm in the process of phasing out and replacing this key. Please do not use it to encrypt any emails to me anymore.
Not entirely sure whether I should remove or keep that last bit. As a potential employer, would you see this as a red flag (he's got encrypted data stolen from him, wtf that's incompetent), or as a nice thing to know that it was properly disclosed (so no secrecy around potential data breaches)? Both seem equally likely so I'm a bit confused about what I should do.10
omg omg omg. I just found out rebrickable has an all inclusive Lego pieces and sets database updated monthly FREE and under a CC license!! And their API is also available for use under CC. And I'm so excited I could pee because this just made it possible for me to jump right in on a personal project I've been wanting to start and my SO/friends just look at me and smile politely when I try to explain to them what a goldmine it is to find a library that does exactly what you need and is free too. So I needed to come somewhere and share my news and know I'd be understood. <38