Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

I. FUCKING. HATE. MOBILE. DEVELOPMENT.

I already manage the data, devops, infra, and most of the backend dev.

We had a mobile guy. He was great. I never had to think about it and kept moving quickly on my work. #SpecializationOfLaborFTW

He left. Why? Because they wouldn't give him a small raise despite being one of the best mobile engineers in the firm. WTF.

I made the mistake of picking up just enough slack on this workflow in the interim such that I'm, apparently, the fucking god-damned release manager, fixer of pipelines, fixer of build configs, fixer of anything where someone just needs to RTFM for a half-hour to not fucking break things.

Now, 8 months later...and, apparently, Fortune 500 companies are too fucking god-damned cheap to pay for someone who actually knows WTF they're doing for a very reasonable thing to have at least one dedicated set of eyes for.

I never wanted to be a mobile dev.
I never will want to be a mobile dev.
And I certainly don't want to manage your HALF-FACE-FUCKED detached expo configs.

There's a reason I never intentionally involved myself in mobile. All the way down, it's just shitty cross-compilation, transpilation, dependency-hell, brittle-as-fuck build processes so we can foot-gun and mouth-gun react-native and expo and babel and whatever the fuck else cargo-culted horseshit into the wild.

And why? What's the actual fucking root cause? The biggest white elephant that ever fucking elephant-ed? It's because Apple and Google decided to never collaborate on a truly-native cross-platform SDK--where engineers could write native code that compiles to native binaries that's simply write-once, run-everywhere. They know they could have done that, and they didn't. So what'd they get back? Expo--a too-cleverly-designed backdoor/hack--more-or-less a way to circumvent the sane release process software has usually followed: code -> executable -> deploy. Or code -> deploy (for interpreted langs). Expo's like "keep your same executable, we're just gonna to do updates by injecting new code into it whenever we want". Didn't we learn anything with web? Shit gets messy real quick? Not to mention: HEY EXPO, WE WERE ALREADY BUILDING NATIVE APPS, YOU SHORT-SIGHTED FUCKS. THANKS FOR LURING OUR CTOs INTO FORCING EXPO DOWN OUR THROATS W/ THE IMPLICIT (BUT INCORRECT) TOO-GOOD-TO-BE-TRUE PROMISE THAT WE CAN HAVE WRITE-ONCE, RUN-ANYWHERE WITHOUT ANY BUY-IN OR COOPERATION FROM THE ACTUAL TARGET PLATFORMS.

And, we just, like, accept this? We all know it's garbage engineering. The principles we learned in the classroom aren't just academic abstractions--they actually yield real-world results--and eschewing them yields real-world failures. Expo is tightly-coupled to high-heaven, with leaky abstractions six-ways-to-christmas, chock-full of foot-guns, and fails the most basic test of quality: does it, "just work?"

Expo is fucking shameful and it should fucking die. Its promises are too bold, its land-mines too many, its future-proof-ness is alway, always, always questionable as fuck and a risk to every project that uses it.

You want a rant? This is my fucking venue, 'tis not? Well, then this is a piss and vinegar rant straight from my blood-red, beating fucking heart:

EXPO FUCKING SUCKS. AND IF YOU'RE A FAN, YOU FUCKING SUCK TOO.

Back when I was in school (about 15 years old) and I played games, I had a particularly favourite game that I would play. It was a lesser known strategy game made by a single hobbyist Dev.

I was already known in the community for making some mods for the game and chatbots.

What most people didn't know was that I had made a map hack and various other cheats that made it significantly easier to win by reverse engineering the game and modifying the x86 assembly in ollydbg.
One thing in particular I had been working on at the time was a game replay editor. I had reverse engineered the saved game (replay) format and was able to replay them, edit them and generate them.

During one particular match, a person in the community particularly annoyed me and I edited the saved game to change what his moves were and the words he spoke. It made him look a bit like an idiot but IMHO was only a slight exaggeration of the truth.
I posted the game replay on the forums and everyone was in hysterics about the crazy things he did and said in the replay.
As no one knew I had this capability they all believed the replay and even the guy in the replay couldn't believe it himself and didn't understand what happened. He just kept telling everyone it didn't happen and the 'truth is in the pudding'.

Although I originally intended to tell everyone what I did, I never did and whenever the guy entered in to a game everyone would laugh about it and say 'the truth was in the pudding'.

He was no longer annoying me and it sort of made me feel like a god at the time.
So that's my wk65.

Story time. My first story ever on devRant.

To my ex-company that I bear for a long time... I joined my ex-company 3 years ago. My ex-company assigned me and one girl teammate to start working on a brand new big web project (big one - two members - really?)

My teammate quitted later, I have to work alone after then. I asked if someone can join this project, but manager said other people are busy. Yea, they are fucking busy reading MANGA shit everyday... Oops, I saw it because whenever I about to leave my damn chair, they begin chanting some hotkey magic and begin doing "poker face" like "I'm doing some serious shit right here".. FUCK MY CO-WORKERS!

My manager didn't know shit about software development, and keep barking about Agile, Waterfall and AI shit... He didn't even fucking know what this project should look like, he keep searching the internet for similar functions and gave me screenshots, or sometimes they even hold a meeting of a bunch of random non-related guys who even not working on the project, to discuss about requirements, which last for endless hours... FUCK MY MANAGER!

I was the one in charge for everything. I design the architecture, database, then I fucking implement my own designed architect myself, and I fucking test functions that I fucking implemented myself based on my fucking design. I was so tried, I don't know what the fuck I am working on. Requirement changes everyday. My beautiful architecture began to falling off. I was so tired and began use hack fixes here and there many places in the project. I knew it's bad, but I just don't have time to carefully reconsider it. My test case began becoming useless as requirements changed. My manager's boss push him to finish this project. He began to test, he start complaining about bug here and there, blaming me about why functions are broken, and why it not work as he expected (which he didn't even tell my how he expected). ... I'm not junior developer, but this one-man project is so overwhelmed for me... FUCK MY JOB!

At this time, I have already work this project for almost 2.5 years. I felt very upset. I also feel disappointed about myself, although I know that is not all my entire faults. The feeling that you was given a job, but you can not get it done, I feel like a fucking LOSER. I really wanted to quit and run away from this shithole. But on the other hand I also want to finish this project before I quit. My mind mixed. I'm a hard-worker. I keep pushing myself, but the workplace is so toxic, I can feel it eating up my motivation everyday. I start questioning myself: "Is the job I am doing important?", "If this is really important project, didn't they should assign more members?", I feel so lonely at work... MY MIND IS FUCKED UP!

Finally, after a couple months of stress. I made up my mind that no way this project is gonna end within my lifespan. I decide to quit. Although my contract pointed that I only need to tell one month in advance. I gave my manager 3 months to find new members for project. I did handle over what I know, documents, and my fucked up ultra complexity source code with many small sub-systems which I did all by myself.

Well, I am with a new employer right now. They are good company. At least, my new manager do know how to manage things. My co-workers are energy and hard-working. I am put to fight on the frontline as usual (because of my "Senior position"). But I can feel my team, they got my back. My loneliness is now gone. Job is still hard, but I know for sure that I'm doing things on purpose, I am doing something useful. And to me that is the greatest rewards and keep me motivative! From now, will be the beginning for first page of my new story...

Thanks for reading ...

To all you devs still wet behind the ears ranting about css - you have no clue just how good you have it.

Most designs used to be table based (table-ception) and to give something a border with round corners or a "drop shadow" you would literally create a table to hold you content with an border of cells containing a background image of a corner / border.

Now you use border-radius or box-shadow as a 1 liner. Stop bitching about centering things and figure out how to hack it like we did.

If you remember this whats your least missed 20th century hack?

I think this is so far one of the most priceless WTF moments I encountered at my current work:

A coworker of mine came up to me explaining the problem he had with russian characters in the filename. He explained in detail that everything works ok (the other part of the code he was fixing) if he changes the name of the file to test1.xlsx for example which doesn't use russian characters. OK great.

Then he goes on to show me how he fixed the other stuff and of course everything blows up. The file he used for demonstration was of course the original file our cusotomer provided, he just deleted the obvious russian chars and left the rest.

МТС != MTC

I cracked up: but you still have russian chars in the name.
The guy: no way, I deleted them all.
Me: but what about that МТС in the name?! Guy: what about it?
Me: did you actually typed that in or you left it there?! Those are russian chars that are fucking things up for you.
Guy: no way, it's MTC.
Me: checked the logs, you have ??? In the filename instead of МТС..don't you find that at least a little bit suspicious?!
Guy: but it looks the same. How does it (the computer) know it is in russian?!? //Why doesn't it understand?!

O.o I still can't believe it.. Is it just me & my high standards, or should it be normal for coders to know things such as character encoding & stuff?!?

I almost died of laughter, he and some other guy had problems finding customers in the software due to not being able to type the russian chars << happened more then once before, even after I told them about a quick hack on how to use google translate onboard keyboard & other stuff to make proper chars so they can get a match..

I think when they bury me, I'll still be facepalming and laughing over this incident. 🤣🤣🤣🤣🤣🤣🤣

Please. Hear me out.

I've been doing frontend for six years already. I've been a junior dev, then in was all up to the CTO. I've worked for very small companies. Also, for the very large ones. Then, for huge enterprises. And also for startups. I've been developing for IE5.5, just for fun. I've done all kinds of stuff — accessibility, responsive design (with or without breakpoints), web components, workers, PWA, I've used frameworks from Backbone to React. My favourite language is CSS, and you probably know it. The bottom line is, you name it — I did it.

And, I want to say that Safari is a very good browser.

It's very fast. Especially on M1 Macs. Yes, it lacks customization and flexibility of Firefox, but general people, not developers, like to use it. Also, Safari is very important — Apple is a huge opposing force to Google when it comes to web standards. When Google pushes their BS like banning ad blockers, Apple never moves an inch. If we lose Safari, you'll notice.

As for the Safari-specific bugs situation, well… To me, Safari serves as a very good indicator: if your website breaks in Safari, chances are you used some hacks that are no good. Safari is a good litmus test I use to find the parts of my code that could've been better.

The only Safari-specific BUG I encountered was a blurry black segment in linear gradients that go from opaque to transparent. So, instead of linear-gradient(#f00, transparent), just do linear-gradient(#f00f, #f000).

This is the ONLY bug I encountered. Every single time my website broke in Safari other than that, was for some ugly hack I used.

You don't have to love it. I don't even use it, my browser of choice is Firefox. But, I'm grateful to Safari, just because it exists. Why? Well, if Safari ceases to exist, Google will just leave both W3C and WhatWG, and declare they'll be doing things their way from now on. Obey or die.

Firefox alone is just not big enough. But, together with Safari, they oppose Google's tyranny in web standards game.

Google will declare the victory and will turn the web into an authoritarian dictatorship. No ad blockers will be allowed. You won't be able to block Google's trackers. Google already owns the internet, well, almost, and this will be their final, devastating victory.

But Safari is the atlas that keeps the web from destruction.

There was a time I made an update on one of our client's e-commerce website sign-up page. The update caused a bug that allowed new users to create an account without actually creating an account.

The code block meant to save user credentials (i.e email address and password) to the database was commented out for some reasons I still can't remember to this day. After registration new users had their session created just as normal but in reality they have no recorded account on the platform. This shit went on like this for a whole week affecting over 350 new customers before the devil sent me a DM.

I got a call from my boss on that weekend that some users who had made purchases recently can't access their account from a different device and cannot also update their password. Nobody likes duty calls on a weekend, I grudgingly and sluggishly opened up my PC to create a quick fix but when I saw what the problem was I shut down my PC immediately, I ran into the shower like I was being chased by a ghost, I kept screaming "what tha fuck! what tha fuck!!" cus I knew hell was about to break loose.

At that moment everything seemed off as if I could feel everything, I felt the water dripping down my spine, I could hear the tiniest of sound. I thought about the 350 new customers the client just lost, I imagined the raving anger on the face of my boss, I thought about how dumb my colleagues would think I was for such a stupid long running bug.

I wondered through all possible solutions that could save me from this embarrassment.
-- "If this shitty client would have just allowed us verify users email before usage things wouldn't have gotten to this extent"
-- "Should I call the customers to get their email address using their provided telephone?... No they'd think I'm a scammer"
-- "Should I tell my boss the database was hacked? Pffft hack my a**",
-- "Should I create a page for the affected users to re-verify their email address and password? No, some sessions may have expired"
-- "Or maybe this the best time to quit this f*ckn job!"
... Different thoughts from all four corners of the bathroom made it a really long bath. Finally, I decided it was best I told my boss what had happened. So I fixed the code, called my boss the next day and explained the situation on ground to him and yes he was furious. "What a silly mistake..!" he raged and raged. See me in my office by Monday.
That night felt longer than usual, I couldn't sleep properly. I felt pity for the client and I blamed it all on myself... yeah the "silly mistake", I could have been more careful.

Monday came boss wasn't at the office, Tuesday, Wednesday, Thursday, Friday not available. Next week he was around and when we both met the discussion was about a different project. I tried briefing him about last week incident, he seems not to recall and demands we focus on the current project.

However, over three hundred and fifty customers swept under the carpet courtesy of me. I still felt the guilt of that f*ck up till this day.

The PCs in our school have a software called "Dr. Kaiser" which purpose is to prevent changes to the disk. I thought it's working like DeepFreeze for OSX devices; having a copy-on-write feature or something like that. One day a friend of mine (kinda newbie in hacking) said he wanted to create a backdoor in the system so you can login as the local administrator of the device. He replaced the "sethc.exe" in the windows directory with cmd.exe on a live distro and claimed it was working perfectly. It turned out that "Dr. Kaiser" is indeed loading the default image on startup, but doesn't verify checksums for system files (and also doesn't include the files in the default image). Long story short: You now can open a cmd with System permissions on every PC in the building.

This. Is. Stupid. It should be forbidden to sell this software 😖

So... I was using my laptop one day and randomly my mouse started spazzing out, I thought maybe it's broken or something so I paused the video I was watching and waited for a couple of seconds, soon after I played the video, my mouse started moving around again, closing windows and opening up different things. I got so scared I shut my laptop down before it could open anything else.

A few minutes later I turn it back on and everything looks fine, I thought whatever that was all about is probably gone, had to double check my security settings etc. and let it be for now.

A few days later I found out that it was actually my dad, in the next room trying to hook up his Bluetooth mouse to his iMac which for some reason got connected to my laptop instead. He was moving it around trying to see whether or not it's working, thus the spazzing out of it on my screen...lmao boy I felt so relieved after that 😂

~not really a hack however it gave me a good laugh

Somebody added me in a Flat Earthers' group in facebook, and they all say the nastiest things about NASA. One of them showed this image :/ Like you could really hack NASA with HTML CSS :/

So probably about a decade ago at this point I was working for free for a friend's start-up hosting company. He had rented out a high-end server in some data center and sold out virtualized chunks to clients.

This is back when you had only a few options for running virtual servers, but the market was taking off like a bat out of hell. In our case, we used User-Mode Linux (UML).

UML is essentially a kernel hack that lets you run the kernel in user space. That alone helps keep things separate or jailed. I'm pretty sure some of you can shed more light on it, but that's as I understood it at the time and I wasn't too shabby at hacking the kernel when we'd have driver issues.

Anyway, one of the ways my friend would on-board someone was to generate a new disk image file, mount it, and then chroot to that mount path. He'd basically use a stock image to do this and then wipe it out before putting it live.

I'm not sure exactly what he was doing at the time, but I got a panicked message on New Years Day saying that he had deleted everything. By everything, he had done an rm -fr /home as root on what he had thought was the root of a drive image.

It wasn't an image. It was the host server.

In the stoke of a single command, all user data was lost. We were pretty much screwed, but I have a knack for not giving up - so I spent a ton of time investigating linux file recovery.

Fun fact about UML - since the kernel runs in user space as a regular ol' process, anything it opens is attached to that process. I had noticed that while the files were "gone", I could still see disk usage. I ended up finding the images attached to their file pointers associated with each running kernel - and thankfully all customers were running at the time.

The next part was crazy, and I still think is crazy. I don't remember the command, but I had to essentially copy the image from the referenced path into a new image file, then shutdown the kernel and power it back on from the new image. We had configs all set aside, so that was easy. When it finally worked I was floored.

Rinse and repeat, I managed to drag every last missing bit out of /proc - with the only side effect being that all MySQL databases needed to be cleaned up.

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

"four million dollars"

TL;DR. Seriously, It's way too long.

That's all the management really cares about, apparently.

It all started when there were heated, war faced discussions with a major client this weekend (coonts, I tell ye) and it was decided that a stupid, out of context customisation POC had that was hacked together by the "customisation and delivery " (they know to do neither) team needed to be merged with the product (a hot, lumpy cluster fuck, made in a technology so old that even the great creators (namely Goo-fucking-gle) decided that it was their worst mistake ever and stopped supporting it (or even considering its existence at this point)).

Today morning, I my manager calls me and announces that I'm the lucky fuck who gets to do this shit.

Now being the defacto got admin to our team (after the last lead left, I was the only one with adequate experience), I suggested to my manager "boss, here's a light bulb. Why don't we just create a new branch for the fuckers and ask them to merge their shite with our shite and then all we'll have to do it build the mixed up shite to create an even smellier pile of shite and feed it to the customer".

"I agree with you mahaDev (when haven't you said that, coont), but the thing is <insert random manger talk here> so we're the ones who'll have to do it (again, when haven't you said that, coont)"

I said fine. Send me the details. He forwarded me a mail, which contained context not amounting to half a syllable of the word "context". I pinged the guy who developed the hack. He gave me nothing but a link to his code repo. I said give me details. He simply said "I've sent the repo details, what else do you require?"

1st motherfucker.

Dafuq? Dude, gimme some spice. Dafuq you done? Dafuq libraries you used? Dafuq APIs you used? Where Dafuq did you get this old ass checkout on which you've made these changes? AND DAFUQ IS THIS TOOL SUPPOSED TO DO AND HOW DOES IT AFFECT MY PRODUCT?

Anyway, since I didn't get a lot of info, I set about trying to just merge the code blindly and fix all conflicts, assuming that no new libraries/APIs have been used and the code is compatible with our master code base.

Enter delivery head. 2nd motherfucker.

This coont neither has technical knowledge nor the common sense to ask someone who knows his shit to help out with the technical stuff.

I find out that this was the half assed moron who agreed to a 3 day timeline (and our build takes around 13 hours to complete, end to end). Because fuck testing. They validated the their tool, we've tested our product. There's no way it can fail when we make a hybrid cocktail that will make the elephants foot look like a frikkin mojito!

Anywho, he comes by every half-mother fucking-hour and asks whether the build has been triggered.

Bitch. I have no clue what is going on and your people apparently don't have the time to give a fuck. How in the world do you expect me to finish this in 5 minutes?

Anyway, after I compile for the first time after merging, I see enough compilations to last a frikkin life time. I kid you not, I scrolled for a complete minute before reaching the last one.

Again, my assumption was that there are no library or dependency changes, neither did I know the fact that the dude implemented using completely different libraries altogether in some places.

Now I know it's my fault for not checking myself, but I was already having a bad day.

I then proceeded to have a little tantrum. In the middle of the floor, because I DIDN'T HAVE A CLUE WHAT CHANGES WERE MADE AND NOBODY CARED ENOUGH TO GIVE A FUCKING FUCK ABOUT THE DAMN FUCK.

Lo and behold, everyone's at my service now. I get all things clarified, takes around an hour and a half of my time (could have been done in 20 minutes had someone given me the complete info) to find out all I need to know and proceed to remove all compilation problems.

Hurrah. In my frustration, I forgot to push some changes, and because of some weird shit in our build framework, the build failed in Jenkins. Multiple times. Even though the exact same code was working on my local setup (cliche, I know).

In any case, it was sometime during sorting out this mess did I come to know that the reason why the 2nd motherfucker accepted the 3 day deadline was because the total bill being slapped to the customer is four fucking million USD.

Greed. Wow. The fucker just sacrificed everyone's day and night (his team and the next) for 4mil. And my manager and director agreed. Four fucking million dollars. I don't get to see a penny of it, I work for peanut shells, for 15 hours, you'll get bonuses and commissions, the fucking junior Dev earns more than me, but my manager says I'm the MVP of the team, all I get is a thanks and a bad rating for this hike cycle.

4mil usd, I learnt today, is enough to make you lick the smelly, hairy balls of a Neanderthal even though the money isn't truly yours.

A few years ago I was in high school and used to have a small reputation of hacking things. I could hack, just would never hack any school networks or systems (reputation + notice that there was a breach is a bad combo since everyone would immediately suspect you).

Anyways one day the networks internet connection went down in the school district and I was the only one who used a laptop to take notes. So I quickly opened the terminal and ran Wireshark and said to the person to my right "see that button there? yeah I programmed this last night. anytime I press it I can shut down the network so the teacher can't reach her files (she famously only saved them online). *Long dramatic press* Wireshark started scanning the network so all the numbers and lines were going crazy as it viewed the packet info "Now just wait", soon the whole class knew what I had done through whispers and lo and behold a few minutes later and the teacher couldn't reach her files.

Everyone loved me for the rest of the year for saving them from the homework for the week the wifi network was out since it also ended up having to cancel two tests in the class, and a lot more homework and tests in all their other classes. Solidified my reputation and no one fucked with me from that day on.

Oh boy, finally something to rant about.

I got hired in a "small" company (not even 2000 people in it), then got "shipped" to a way bigger company. Basically, I work for this company (the french biggest internet / phone service provider) but in the name of my own. And this since last wednesday.

First off, I'm fucking stupid. After leaving the big company that I was in before, I swore to myself that from now on, I would work for smaller companies, mainly because I couldn't stand the inertia that big company have. You ask for something, you get it a month and a half after. The old company has about 6000 employees... This company has 98k people in it. Fuck. My. Life.

Now, to the rant: Orange (the company) decided that they had to move their office somewhere else. They set up a lot of things so that all we needed to do was to put things in boxes, to work somewhere else until next monday, then we could go to the new office on tuesday morning.

Keep in mind that I have been there for 8 days: I keep learning how they do their stuff. For example, if I need a specific docker image, I can't get it from the Docker Hub, the download will fail. However, if I hit an Orange subdomain's registry, I will get this image from a mirror. Because fuck logic.

When we join the company, they give us a Windows laptop ("yeaah we have useless but required Orange softwares that don't run on Linux" "Yeeaaah fuck you") that have a specific VPN allowing us to use the Orange network and, in theory, you can download docker images or clone orange repositories from that network.

In practice, you can simply just go fuck yourself. Why? Because whenever you want to curl, wget or pull anything (or even pip install), your connection keeps being shut down while it waits for the response's header.

The worst part? According to my (new) boss's evasive answers, the way to fix that works with glue, sticks and the power of the Force.

WHY THE FUCK DO YOU ENFORCE US A SHITTY OS FOR DEVELOPMENT, WHEN THE TOOLS YOU SHOVE IN IT WITH A FAKE SMILE DON'T EVEN WORK, AND WE HAVE TO HACK OUR WAY TO FUCKING WORK?

I wish my boss would stop revoking my permissions. He's always saying how these slew of things need to be accomplished, yet, everytime I go to do them I'm at a wall because, despite having permissions for a very long time he decided to revoke them entirely.

It's not like I can't be trusted with them, it's been over 2 years with them, so why the sudden revoke?

I finally sent some snot mail to him informing him I'm unable to complete my tasks without the permissions granted to me (I'm a sysadmin, sec guy, boss is vp of tech), and instead of him granting them yet again he's going to run around and try to hack around the permission requirement so he can avoid giving me them.

Seriously? This is stupid. I was the one who wrote the security design and implementation document, and put all that work in. Now I'm being locked out of the system I designed, built and implemented?

Well, time to look for a new job. If you're a manager, please don't revoke your employees permissions without notice, at random, and try to hack around well-documented security policies. It won't end well!

When I was in 11th class, my school got a new setup for the school PCs. Instead of just resetting them every time they are shut down (to a state in which it contained a virus, great) and having shared files on a network drive (where everyone could delete anything), they used iServ. Apparently many schools started using that around that time, I heard many bad things about it, not only from my school.
Since school is sh*t and I had nothing better to do in computer class (they never taught us anything new anyway), I experimented with it. My main target was the storage limit. Logins on the school PCs were made with domain accounts, which also logged you in with the iServ account, then the user folder was synchronised with the iServ server. The storage limit there was given as 200MB or something of that order. To have some dummy files, I downloaded every program from portableapps.com, that was an easy way to get a lot of data without much manual effort. Then I copied that folder, which was located on the desktop, and pasted it onto the desktop. Then I took all of that and duplicated it again. And again and again and again... I watched the amount increate, 170MB, 180, 190, 200, I got a mail saying that my storage is full, 210, 220, 230, ... It just kept filling up with absolutely zero consequences.
At some point I started using the web interface to copy the files, which had even more interesting side effects: Apparently, while the server was copying huge amounts of files to itself, nobody in the entire iServ system could log in, neither on the web interface, nor on the PCs. But I didn't notice that at first, I thought just my account was busy and of course I didn't expect it to be this badly programmed that a single copy operation could lock the entire system. I was told later, but at that point the headmaster had already called in someone from the actual police, because they thought I had hacked into whatever. He basically said "don't do again pls" and left again. In the meantime, a teacher had told me to delete the files until a certain date, but he locked my account way earlier so that I couldn't even do it.
Btw, I now own a Minecraft account of which I can never change the security questions or reset the password, because the mail address doesn't exist anymore and I have no more contact to the person who gave it to me. I got that account as a price because I made the best program in a project week about Java, which greatly showed how much the computer classes helped the students learn programming: Of the ~20 students, only one other person actually had a program at the end of the challenge and it was something like hello world. I had translated a TI Basic program for approximating fractions from decimal numbers to Java.
The big irony about sending the police to me as the 1337_h4x0r: A classmate actually tried to hack into the server. He even managed to make it send a mail from someone else's account, as far as I know. And he found a way to put a file into any account, which he shortly considered to use to put a shutdown command into autostart. But of course, I must be the great hacker.

I've spent a lot of time messing around with C, having struggled with object-oriented programming (due to not really knowing how best to structure things, not knowing when to apply certain design patterns).

When writing C code, I'd write OOP-esque code (pass around a struct to routines to do things with it) and enjoyed just making things happen without having to think too much about the overall design. But then I'd crave being able to use namespaces, and think about how the code would be tidier if I used exceptions instead of having every routine return an error code...

Working with Python and Node over the past couple of years has allowed me to easily get into OOP (no separate declaration/definition, loose typing etc.) and from that I've made some fairly good design decisions. I'd implemented a few design patterns without even realising which patterns they were - later reading up on them and thinking "hey, that's what I used earlier!"

I've also had a bit of an obsession with small executable files - using templates and other features of C++ add some bloat (on Windows at least) compared to C. There were other gripes I had with C++, mostly to do with making things modular (dynamic linking etc.) but really it's irrelevant/unreasonable.

And yes, for someone who doesn't like code bloat, working with Node is somewhat ironic... (hello, node_modules...)

So today I decided to revisit C++ and dust off my old copy of C++ in a Nutshell, and try to see if I could write some code to do things that I struggled with before. One nice thing is that this book was printed in 2003, yet all of its content is still relevant. Of course, there are newer C++ standards, but I can happily just hack away and avoid using anything that has been deprecated.

One thing I've always avoided is dynamic_cast because every time I read about it, I read that "it's slow". So I just tried to work around it when really if it's the right tool for the job, I might as well use it... It's really useful!

Anyway, now I've typed all this positivity about C++ I will probably find a little later on that I hit a wall with what I'm doing and give up again... :p

Am I a hack? Like yeah I complain about technology left right and center, this sucks, that sucks, what fucking moron wrote this?! These days I do write my own alternatives (which usually work surprisingly well). But for what? And was I really in a position to complain about those other things? Impostor syndrome, it's so annoying...

Oh and also, is it really all worth it? I like retro tech and so I do have a fair interest in the history of technology. Say between VHS and Beta, sure VHS was superior in practice and won the video cassette war, but Beta machines were seemingly better constructed. VHS won because it did just enough. Perhaps the same is true for software? Overengineering, is it poor engineering?

Anyone can build a bridge if the budget is unlimited and it can take a lifetime to construct. But part of engineering is making a bridge that'll just barely stand and be finished in a few years. I've been working on my own Linux distro since August last year and am not even close to finishing it. Chances are that it'll take several years. Perhaps I've been looking at the problem the wrong way all along?

I miss psychological safety. I'll define it as the willingness to be vulnerable to criticism and the belief that contrary opinions are embraced and judged on their merit.

When I first entered the startup scene my manager had exceptional candor. He had no qualms talking about how kids and personal projects caused his investment in his work to wax and wane.

He always made time to talk to me when I was frustrated and made me feel like he truly listened to what I had to say, even if he didn't act on it.

At the time, I attributed the safety to the company culture created by the CTO. The startup failed and eventually, I found my way to that CTO's next startup.

Completely different experience. I find myself in despair as I hear "I'm more senior and therefore am right and don't have time or interest in your ideas" blatantly stated.

When I disagree with people, I try to ask clarifying questions to identify where the divergence occurs. Sometimes I'm surprised and learn something new, sometimes my questions prompt reconsideration.

With the CTO (now CEO), we go in circles where he squirms, deflects, and outright refuses to respond to my questions. He cancels 75% of 1:1's and when we do talk he suggests that if I disagree I "should introspect which of my beliefs is holding me back from embracing his superior way of doing things"

Multi-hour slack wars suck the life out of anyone trying to ask questions. It's so exhausting to ask questions it's often cheaper and faster to wallow in despair for an hour and hack something together than descend into people shouting preferences at each other and shaming me for not already knowing the answer.

Perks, pay, and tech-stack are all cool. It feels selfish to be unhappy because I can't innovate or challenge the status quo. Having tasted that safety though, I'm left with an unquenched thirst that grows stronger with every conflict.

Any night, 1:30am, bedtime: "Yes! I can't WAIT for tomorrow to begin! I'm gonna make SO much progress on that personal project that I just KNOW is gonna change the world and make me a billionaire! My time is now!"

Next day, 9am, first call of the day: "Ugh, waking up SUUUUUCKS! But, fine, just gotta get through the workday, then it's beast mode time!"

5pm: "Ugh, that day SUCKED... meeting after meeting, constant interruptions for the few minutes I got to hack code, SO many emails, and hey, good day, only five new things pushed down from corporate to bang my head against! Feelings pretty mentally exhausted, but it's all good, I fortunately love this programming stuff, so first dinner, then a little exercise, spend some time with the family, and then it's time to COOOODE!"

10pm: "Ok, house is FINALLY quiet (fucking dog), just a little noise from my daughter staying up way too late again... kinda spent, but this project still excites me, and I may not get as much done as I was hoping, but fine, I can still make some tangible progress and that's what matters. Maybe just one last quick check of email, Reddit, make sure there's no new Hot Ones or Honest Trailers I gotta watch, update IDEA plugins and see what's new, then it's work time! Nothing can stop me now!"

Any night, 1:30am, bedtime: "SHIT! I GOT FUCK ALL DONE AGAIN! GO DAAAAAAAMN IIIIIT!!!!"

Early on in my freelancing career I learned something important. Even with seemingly tame nerdy stuff, sh*t can get real, real quick. This story describes the very start of my career in web development and hopefully will serve as a warning to newbies out there.

A young teen, I had just learned some basics of wordpress, I was confident I could hack together something that worked and looked okay with minimal effort and knowledge. One day I was approached by a guy who wanted a job board board site. Knowing there were already clones out there I figured this would be an easy gig, man was I wrong.

In addition to the fact I didn't know about contracts or the scope creep from hell, I had somehow gotten myself involved with a criminal business front.

These guys operated a scam business to rip off investors. Me and my designer buddy were used to make the business look legit. What they would do is hold job fairs where people are supposed to pay to rent a booth, but instead they would give everyone a booth for free and then lie about what all businesses were coming. They would then show this info, along with the website and marketing materials to investors. They would take the money from the investors and launder it for drugs.

The real story starts the day of one of the worst hangovers I had ever had. I was at a random friends house sleeping for most of the day.

Apparently one of the guys who was operating the scam business was about to strike a deal with one of the investors when something on the website didn't work (it was working as designed). This guy, Manny we'll call him, had been blowing up my phone all morning. I check my voicemails and there are threats on my life; saying I will be sleeping with the fishes, or if they ever find me, they'll fuck me up. Needless to say this really freaked me out, either way I decided to head back to my dorm.

When I come back home, my designer buddy tells me that some guys were in the house looking for stuff. Apparently this guy hired two nerds to "break into my computer and steal the website", fortunately they didn't know what they were doing.

After a while I got another call, Manny wanted to sit down and "talk things out". Being naive I accepted and we met up. The two nerds were there with one of his body guards. He said he wanted to have those two nerds take over the project. While this was going on, his bodyguard flashed his gun at me several times making eye contact. I agreed to, but I still wanted to get paid. I asked about getting paid and he said we never signed a contract and that he owned the host and domain. I was pretty much screwed.

This is where the story should end, but I wasn't a very smart guy back then. I gave up the site but I created a back door into it. Every week or so, they would get "hacked". Because the two nerds didn't know what to do, they ended up coming back to me for help. This is when I finally got paid. Totally not worth it.

Is there something you find genuinely cool and would recommend ? Some webpage, program, OS, library or anything ?

I mean hey. There are SO MANY reaaaally cool things I didn't know until last few months.. Things I'd be so grateful for if I knew them earlier. I'll list some of them and I just know you have few of yours too. Feel free to educate the rest!

Processing - Program so fun to code in + CodingTrain(YTB channel)
Microcorruption.com - so freaking awesome if you wanna learn hacking / assembly (not x86 necessarily)
LiveOverflow - cool hacking channel
Radare - cool cmd Linux disassembler
vim-adventures.com - LEARN VIM (not just how to quit it) LITERALLY by playing a game!!!!!!!!!!!!!!
slashdot - stay updated , like really
"BEST-WEBSITES-A-PROGRAMMER-SHOULD-VISIT" - GUYS THIS! Sorry for caps but search this on GitHub and you will fucking die of happiness of how freaking useful links there are and no bullshit to dig through , just pure awesomeness. REALLY
HandBrake - Top media converter without bullshit and bloat stuff in it
Calibre - Best eBook management software capable of literally everything ebooks related. Kindle is a bloated joke compared to this
QubesOS - You know you can have every OS running at once - you have a Linux but are playing win games. Yup. It's there. Free
Computerphile - You all know it, it's just for completeness
Khan Academy - Same
VulnHub - download vulnerable VMs and hack them, or learn by reading writeup on how to do it!
Valgrind - MUST HAVE for C/C++ programmers
Computer Science crash course videos

That's all I can think of from top of my head but hey, there's more to it so definitely add your 2 cents!

Last thing, if nothing, just check the websites on GitHub, that's lifechanger

Looking forward to see some cool links & recommendations!

ASP.NET Web Forns?

Can't tell how many times I printed out the page lifecycle diagram for myself or a coworker. So many hours lost trying to figure out which lifecycle hook to use for a specific scenario and then have it all break down because something new was added to the feature. Or figuring when data can be bound, or doing some hack because things break when handling a POST event or some shit.

Overly abstract piece of technological excrement. Might as well express the thing in contemporary dance and check that into source control instead of that ungodly mess.

The switch to AJAX and API calls was such a huge relief it's almost hard to explain in words (I can do a dance tho). And then upgrading to AngularJS, man, worlds apart...

I don't care how much they pay me (okay, you got me...), I'm never touching Web Forms again.

lets say I have managed to hack over 100 PCs (not powerful , all in the same building)
what kind of things should I do to them ?
*mining bitcoin is out - those computers are really bad*

Rant and opinions wanted. Its a long one.

I have been working on a project for a month and a half. For the first week I was requesting designs that I got about 2 of out of 15. For the next week and a half the designer was on holiday so I couldn't do anything but delivered a few more designs once he got back.

This takes us 2 weeks in already. I have other things to do as well so at the same time I work on support tickets and some bespoke development coming in.

I get given 2 or 3 more designs and can't get anything else out of the designer after waiting a week so I have to design everything myself as I go and build it. Something I have never done before.

We are now 3 and a half weeks in. My boss randomly tells my pm it needs to be demo ready the next day. I work furiously to hack something together. It works but key functionality is missing.

I move house and work from home for a week and a half. I do my best but the project is full of bugs and the CSS is horrible because I didn't know what I was making at any stage. It is therefore CSS rules repeated in IDs everywhere.

My colleagues join me on the project because my boss has decided to try and sell it tomorrow.

They run through it and find all the bugs left from me working furiously to get things done quickly. Things like no search pagination and missing validation.

My boss is now pisses at me because the project is not finished, my colleagues are now all working on it. Throughout it all he knew the designer was not delivering me anything and that I was struggling.

Am I in the wrong for writing shit code that came about because I was coding with no idea of what the finished project should look like? Is he in the wrong for dumping this on me and just letting me get on with it even though he knew there were no designs?

Btw I am just finishing a 1 year internship and before this have never done web dev before.

Discuss.

Things I say to my clients when I know that a reboot is required to fix their issue but I don't have enough evidence to prove it to them :

"... On any computing platform, we noted that the only solution to infinite loops (and similar behaviors) under cooperative preemption is to reboot the machine. While you may scoff at this hack, researchers have shown that reboot (or in general, starting over some piece of software) can be a hugely useful tool in building robust systems.

Specifically, reboot is useful because it moves software back to a known and likely more tested state. Reboots also reclaim stale or leaked resources (e.g., memory) which may otherwise be hard to handle. Finally, reboots are easy to automate. For all of these reasons, it is not uncommon in large-scale cluster Internet services for system management software to periodically reboot sets of machines in order to reset them and thus obtain the advantages listed above.
Thus, when you indeed perform a reboot, you are not just enacting some ugly hack. Rather, you are using a time-tested approach to improving the behavior of a computer system."
😎

Electronic companies nowadays are no different than ranchers that force their slaves to earn money to buy new stuff cause people can’t repair old electronics or fix software bugs cause it’s not theirs or it’s not maintained and source code is not existent.

Damn you software and hardware corporations.

You tell everyone that you care about environment, yet you don’t fucking support your software and hardware as long as people use it. When you stop support you don’t make everything open source but keep it on your private repositories as intellectual property and fuck your clients.

Literally all electronics and software should be mandatory made open source to the people who purchased product so they can use it as long as they want not as long as corporate assholes want. This is insane law that is splitting our world and making it burn. If I could fix my laptop in nearby shop I wouldn’t have to purchase new one.

If it won’t change we will end up with <10 corporations that would rule world economy, everyone who will work for those corporations will be rich and happy and everyone else will be poor and unhappy . Mind me if this is not already happening and this planet slowly becomes Elysium movie nightmare.

Stop buying new stuff you stupid people cause this make things worse.

If it won’t change in 10 or so years there will be connected to cloud robots all over the world guarding us and some dick shit rich John Conor kid will hack them to exterminate humans by executing order 66. After that there will be big power outage that will put us into the role of battery and we would be closed in the barrel full of pink shit connected to matrix.

Get me out of here you asshole.

Time sheets. I'm not a fan of our task management system, you don't check out jobs or tasks like moving cards on a kanban board, it's more of a loose, calendar-based setup. We're also in a small, open office so it can be difficult to remember to log things in the software when you could tell the person opposite you that their task is finished. On top of that a lot of the time it takes me longer than the scheduled time to get a job finished as I'm learning a lot of new stuff, so digitally documenting things like that worry me a little. I don't want to look like I can't hack it just because a job takes me longer than my much-more-experienced colleagues.
I should note that I understand it's all incredibly useful data to the company, but I hate doing it and it's very easy to forget or ignore.

Need some advise from all you clever devs out there.

When I finished uni I worked for a year at a good company but ultimately I was bored by the topic.

I got a new job at a place that was run by a Hitler wannabee that didn't want to do anything properly including writing tests and any time I improved an area or wrote a test would take me aside to have a go so I quit after 3 months.

Getti g a new job was not that hard but being at companies for short stints was a big issue.

My new job I've been here 3 months again but the code base is a shit hole, no standardisation, no one knows anything about industry standards, no tests again, pull requests that are in name only as clearly broken areas that you comment on get ignored so you might as well not bother, fake agile where all user stories are not user stories and we just lie every sprint about what we finished, no estimates and so forth, and a code base that is such a piece of shit that to add a new feature you have to hack every time. The project only started a few months back.

For instance we were implementing permissions and roles. My team lead does the table design. I spent 4 hours trying to convince him it was not fit for purpose and now we have spent a month on this area and we can't even enforce the permissions on the backend so basically they don't exist. This is the tip of the iceberg as this shit happens constantly and the worst thing is even though I say there is a problem we just ignore it so the app will always be insecure.

None of the team knows angular or wants to learn but all our apps use angular..

These are just examples, there is a lot more problems right from agile being run by people that don't understand agile to sending database entities instead of view models to client apps, but not all as some use view models so we just duplicate all the api controllers.

Our angular apps are a huge mess now because I have to keep hacking them since the backend is wrong.

We have a huge architectural problem that will set us back 1 month as we won't be able to actually access functionality and we need to release in 3 months, their solution even understanding my point fully is to ignore it. Legit.

The worst thing is that although my team is not dumb, if you try to explain this stuff to them they either just don't understand what you are saying or don't care.

With all that said I don't think they are even aware of these issues somehow so I dont think it's on purpose, and I do like the people and company, but I have reached the point that I don't give a shit anymore if something is wrong as its just so much easier to stay silent and makes no difference anyway.

I get paid very well, it's close to home and I actually learn a lot since their skill level is so low I have to pick up the slack and do all kinds of things I've never done much of like release management or database optimisation and I like that.

Would you leave and get a new job?

If a job (swiss knife developer) is preventing you from reaching your goal (freelancing) and take all your time so you can't learn new things, you can't go to the gym, all the projects are boring (theme forest wordpress integration, prestashop hack into cpanel ...), make you sleepless at nights, and grumpier than grumpy cat ... will you quit ?