An incident which made a Security Researcher cry
--------------------------------------------------------
I was working on my laptop finishing up my code while waiting for the flight which was late . Meanwhile two guys (I'm gonna call them Fellas) in black suit and shades came to me

Fella : Sir you have to come with us .
Me : *goes along with them*
Fella : Sir please proceed *points towards the door . The room has a round table with some guys discussing something *
Fella 1 : Your passport please
Me : *Hands over the passport*
Fella 1 : Where are you traveling to sir?
Me : India
Fella 1 : Put your laptop in the desk sir.
Me : Sure thing
Fella 2 : What were you doing there? *Taps the power button*
Me : Just finishing up my work .
Fella 1 : Or hacking our systems?
Me : Seriously?
Fella 2 : The password please .
Me : Here you go
*5 minutes have passed and​ he still can't figure out how to use the machine*
Fella 2 : Which Windows is this?
Me : It's Linux
Fella 1 : So you are a hacker .
Me : Nope
Fella 1 : You are using Linux
Me : Does it matters?
Fella 1 : Where do you work?
Me : *I won't mention here but I told him*
Fella 2 : So what do you do there?
Me : I'm a Security Researcher
Fella 1 : What's your work?
Me : I find security holes in their systems .
Fella 1 : That means you are a hacker .
Me : Not at all .
Fella 2 : But they do the same and they use Linux .
Me : You can call me one .
*After 15 minutes of doo-laa-baa-dee-doo-ra-ba-doo amongst them I dunno what they were talking , they shutdown the computer and handed over it to me*
Fella 2 - So you are somewhat like a hacker .
Me - *A bit frustrated* Yes.

##And now the glorious question appeared like an angel from river ##

Can you hack Facebook?
Me - 😭😭😭

*Facebook Hackers follow the Rules*
(real story)

TL;DR: sorry, not available, can't do spoilers

One night I was with a group of friends out at a pub. A guy and his girlfriend show up, I didn't know them but they were my friend's friends.

The girl kept bragging the whole time about his boyfriend being a professional programmer, trying to remind it to everybody whenever possible (don't ask me why!).

So, after a while, the discussion moves towards "suspect Facebook activities" and the guy starts saying that he can hack Facebook.

- "What do you mean?", I ask.
- "Hacking into other people's accounts, even with 2 factor authentication. I did it a lot of times"
- "Wait, and they don't notice?"
- "Of course not! ^_^ He's a hacker", the girl replies.

Ok, time to do a coming out.

- "Hey, I'm a developer myself. Can you give me an idea of what you did in technical terms? Did you find a vulnerability? Used a virus? Maybe a keylogger?"
- "No... Uh... Well... The secret is to read the terms of service"
- "What?"
- "Yes... yes it's all in the facebook terms of service..."
- "Uhm, I'm not really sure I'm following. Could you prove it by hacking my Facebook account? I'm giving you the permission".

In less than a minute the discussion flew completely away and they never mentioned computers again.

😂😂

im a programmer.

Moms : Son, please fix my phone
Me : what the...
Moms : Cmon ur the IT guy right?

Dad : My laptop must be broken, can u fix it ?
Me : i can't..
Dad : ur degree is useless
Me : ....

Friend : hi, ur the IT guy right ? can u help me ?
Me : Sure ...
Friend : please hack my BF facebook account..
Me : *face Palm.

I get depressed during times like this.

Me: *does a keyboard shortcut*
Friend: Woaw, are you good on computers?
Me: yea.
Friend: CAN YOU HACK?
Me: yea...
Friend: WHATS MY PASSWORD?
Me: I don't know your password.
Friend: You can't hack then.

Seven months ago:
===============
Project Manager: - "Guys, we need to make this brand new ProjectX, here are the specs. What do you think?"

Bored Old Lead: - "I was going to resign this week but you've convinced me, this is a challenge, I never worked with this stack, I'm staying! I'll gladly play with this framework I never used before, it seems to work with this libA I can use here and this libB that I can use here! Such fun!"

Project Manager: - "Awesome! I'm counting on you!"

Six months ago:
====================
Cprn: - "So this part you asked me to implement is tons of work due to the way you're using libA. I really don't think we need it here. We could use a more common approach."

Bored Old Lead: - "No, I already rewrote parts of libB to work with libA, we're keeping it. Just do what's needed."

Cprn: - "Really? Oh, I see. It solves this one issue I'm having at least. Did you push the changes upstream?"

Bored Old Lead: - "No, nobody uses it like that, people don't need it."

Cprn: - "Wait... What? Then why did you even *think* about using those two libs together? It makes no sense."

Bored Old Lead: - "Come on, it's a challenge! Read it! Understand it! It'll make you a better coder!"

Four months ago:
==============
Cprn: - "That version of the framework you used is loosing support next month. We really should update."

Bored Old Lead: - "Yeah, we can't. I changed some core framework mechanics and the patches won't work with the new version. I'd have to rewrite these."

Cprn: - "Please do?"

Bored Old Lead: - "Nah, it's a waste of time! We're not updating!"

Three months ago:
===============
Bored Old Lead: - "The code you committed doesn't pass the tests."

Cprn: - "I just run it on my working copy and everything passes."

Bored Old Lead: - "Doesn't work on mine."

Cprn: - "Let me take a look... Ah! Here you go! You've misused these two options in the framework config for your dev environment."

Bored Old Lead: - "No, I had to hack them like that to work with libB."

Cprn: - "But the new framework version already brings everything we need from libB. We could just update and drop it."

Bored Old Lead: - "No! Can't update, remember?"

Last Friday:
=========
Bored Old Lead: - "You need to rewrite these tests. They work really slow. Two hours to pass all."

Cprn: - "What..? How come? I just run them on revision from this morning and all passed in a minute."

Bored Old Lead: - "Pull the changes and try again. I changed few input dataset objects and then copied results from error messages to assertions to make the tests pass and now it takes two hours. I've narrowed it to those weird tests here."

Cprn: - "Yeah, all of those use ORM. Maybe it's something with the model?"

Bored Old Lead: - "No, all is fine with the model. I was just there rewriting the way framework maps data types to accommodate for my new type that's really just an enum but I made it into a special custom object that needs special custom handling in the ORM. I haven't noticed any issues."

Cprn: - "What!? This makes *zero* sense! You're rewriting vendor code and expect everything to just work!? You're using libs that aren't designed to work together in production code because you wanted a challenge!?? And when everything blows up you're blaming my test code that you're feeding with incorrect dataset!??? See you on Monday, I'm going home! *door slam*"

Today:
=====
Project Manager: - "Cprn, Bored Old Lead left on Friday. He said he can't work with you. You're responsible for Project X now."

"Hey nephew, why doesn't the FB app work. It shows blank white boxes?"
- It can't connect or something? (I stopped using the FB app since 2013.)

"What is this safe mode that appeared on my phone?!"
- I don't know. I don't hack my smartphone that much. Well, I actually do have a customised ROM. But stop! I'm pecking my keyboard most of the time.

"Which of my files should I delete?"
- Am I supposed to know?

"Where did my Microsoft Word Doc1.docx go?"
- It lets you choose the location before you hit save.

"What is 1MB?"
- Search these concepts on Google. (some of us did not have access to the Internet when we learned to do basic computer operations as curious kids.)

"What should I search?"
- ...

"My computer doesn't work.. My phone has a virus. Do you think this PC they are selling me has a good spec? Is this Video Card and RAM good?"
- I'm a programmer. I write code. I think algorithmically and solve programming problems efficiently. I analyse concepts such as abstraction, algorithms, data structures, encapsulation, resource management, security, software engineering, and web development. No, I will not fix your PC.

Now I am underrated because I am a developer/Software engineer and I can't hack a facebook account !

Thanks my society

Biggest terminal hack I've discovered till now which is so fucking obvious I can't believe I literally just started using it:

Executing the date command right before and after another command/series of commands to see how long shit takes.

$ date; command or commands; date

This is incredibly useful when rendering loads of data in screen sessions!

I actually feel rather retarded for only thinking of this now.

Fuck code.org. Fuck code. Not code code, but "code" (the word "code"). I hate it. At least for teaching. Devs can use it as much as they want, they know what it means and know you can't hack facebook with 10 seconds of furiously typing "code" into a terminal. What the fuck are you thinking when you want me to hack facebook? No, when I program, it's not opening terminal, changing to green text and typing "hack <insert website name here, if none is given, this will result to facebook.com>" Can you just shut the fuck up about how you think that because you can change the font in google fucking docs you have the right to tell me what code can and can't do? No, fuck you. Now to my main point, fuck "code" (the string). It's an overused word, and it's nothing but a buzzword (to non devs, you guys know what you're talking about. how many times have you seen someone think they are a genius when they here the word "code"?) People who don't know shit don't call themselves programmers or devs, they call themselves coders. Why? It fucking sounds cool, and I won't deny that, but the way it's talked about in movies, by people, (fucking) code.org, etc, just makes people too much of a bitch for me to handle. I want everyone reading this rant who has friends who respect the fact that YOU know code (I truly believe everyone on devRant does), how it works, and it's/your limitations, AND that it takes hard work and effort, to thank god right now. If you're stuck with some people like me, I feel you. Never say "code" near them again. Say "program." I really hate people who think they know what an HTML tag is and go around calling themselves coders. Now onto my main point, code.org. FUCK IT. CAN YOU STOP RUINING MY FUCKING AP CS CLASS. NO CODE.ORG, I DON'T NEED TO WATCH YOUR TEN GODDAMN VIDEOS ON HOW TECHNOLOGY IS IMPORTANT, <sarcasm>I'VE BEEN LIVING UNDER A ROCK FOR THIRTY YEARS</sarcasm>. DO I REALLY NEED ANOTHER COPY OF SCRATCH? WAIT, NO, SCRATCH WAS BETTER. YOU HAD FUCKING MICROSOFT, GOOGLE, AND OTHER TECHNOLOGICAL GIANTS AND YOU FUCKED UP SO BAD YOU MADE IT WORSE THAT SCRATCH. JUST LETMECODE (yes I said that) AND STOP TALKING ABOUT HOW SOME IRRELEVANT ROBOT ARM DEVELOPED BY MIT IS USING AI AND MACHINE LEARNING TO MAKE SOME ROBOT EVOLVE?! IF YOU SPEND ONE MORE SECOND SAYING "INNOVATION" I'LL SHOVE THAT PRINT STATEMENT YOU HAVE A SYNTAX ERROR UP YOUR ASS. DON'T GET ME FUCKING STARTED ON HOW ITS IMPOSSIBLE TO DO ANYTHING FOR YOURSELF WHEN YOUR GETTING ALL THE ANSWERS WITHOUT DOING ANY WORK AND THE FACT THAT JAVASCRIPT IS YOUR FUCKING LANGUAGE. <sarcasm>GREAT IDEA, LETS GET THESE NEW PROGRAMMERS INTO A PROFESSIONAL ENVOIRMENT BY ADDING A DRAG AND DROP CODE (obviously we can say it) EDITOR</sarcasm> MAYBE IF YOU GOT THIS SHIT UP YOUR ASS AND TO YOUR BRAIN YOU'D ACTUALLY GET TO PRPGRAMMING IN YOUR ADVANCED AP COURSE. ITS CALLED FUCKING CODE.ORG FOR A REASON

Hesitated for a while before posting this, as I don't like to whine in public but this should be therapeutical

Beware, it's a #longread

Years ago, I thought about how cool it'd be to have conversation-based interactive fiction on my phone. I remember showing early prototypes to my ex in 2012. It took me over 2 years to build up the courage to make it my priority and to take time off. FictionBurgers.com was born.

A few weeks in, a friend of mine forwarded me a link to Lifeline. I was devastated. I literally spent 2 days cursing my past self for not making a move sooner.

I soldiered on, worked 7 months straight on it. Now the tech is 90-95% finished, content is maybe 60% finished and I just... gave up. Every other week now, similar projects are popping up. I'm under-staffed and under-financed compared to them. Beyond the entertainment space, "conversation-based" is hot stuff in 2016, and I still can't seem to know what to do with what I have.

I feel like I had this fantastic opportunity and squandered it, which makes me miserable.

Anyway, just so you get some cheese with my whine, here are a few lessons I learned the hard way:

Lesson #1 : Don't go it alone. I thought I could hack it, and for over 7 months, I did. But sooner or later, shit gets to you, it's just human. That's when you need someone; just so that their highs compensate your lows and vice versa. Most of the actual writing was done by a freelancer (and he did AMAZING WORK, especially considering that I couldn't pay him much) but it's not the same as a partner, who's invested same as you.

Lesson #1.5 : Complementary skills. Just like my fiction project failed because I was missing a writer partner, my fallback plan of getting into conversational tech hit the skids for lack of a bizdev partner. It's great to stick among devs when ranting, but you need to mingle with a variety of people. Some of them are actually ok, y'know :)

Lesson #2 : Lean Startup, MVP. Google those terms if you're not familiar with them. My mistake here (after MVPing the shit out of the tech) was to let my content goal run amok : what made my app superior to the competition (or so I reasoned) was that it would allow for conversations with multiple characters! So I started plotting a story... with 9 characters. Not 2 or 3. NINE FREAKING CHARACTERS! Branching conversations with 9 characters is the stuff of nightmare -- and is the main reason I gave up.

Lesson #3 : Know your reasons. I wasted some much time early on, zig-zaging between objectives:
"I'm just indulging myself"
"No, I really want it to be a project that pays off"
"Nah, it's just a learning opportunity"
"Damn, why is it bothering me so much that someone else is doing the same thing ?"
"Doesn't matter, I just mine finished"
"What a waste of time !!"
etc etc
And it's still a problem now that I'm trying to figure out what to do!

So anyway, that's my story, thanks for readin'
Check out chatty.im/player/sugar-wars if you want to test the most advance version.

Also, I've also tagged this #startupfail, if any of you fine people want to share the lessons you've dearly paid to learn!

I think this is so far one of the most priceless WTF moments I encountered at my current work:

A coworker of mine came up to me explaining the problem he had with russian characters in the filename. He explained in detail that everything works ok (the other part of the code he was fixing) if he changes the name of the file to test1.xlsx for example which doesn't use russian characters. OK great.

Then he goes on to show me how he fixed the other stuff and of course everything blows up. The file he used for demonstration was of course the original file our cusotomer provided, he just deleted the obvious russian chars and left the rest.

МТС != MTC

I cracked up: but you still have russian chars in the name.
The guy: no way, I deleted them all.
Me: but what about that МТС in the name?! Guy: what about it?
Me: did you actually typed that in or you left it there?! Those are russian chars that are fucking things up for you.
Guy: no way, it's MTC.
Me: checked the logs, you have ??? In the filename instead of МТС..don't you find that at least a little bit suspicious?!
Guy: but it looks the same. How does it (the computer) know it is in russian?!? //Why doesn't it understand?!

O.o I still can't believe it.. Is it just me & my high standards, or should it be normal for coders to know things such as character encoding & stuff?!?

I almost died of laughter, he and some other guy had problems finding customers in the software due to not being able to type the russian chars << happened more then once before, even after I told them about a quick hack on how to use google translate onboard keyboard & other stuff to make proper chars so they can get a match..

I think when they bury me, I'll still be facepalming and laughing over this incident. 🤣🤣🤣🤣🤣🤣🤣

The concept of, "hacking" at my school is so disgustingly bloated, as it probably is everywhere else. Some kid the other day said that he had hacked cookie clicker. Friggin cookie clicker. After opening inspect element and changing some local data to get infinite cookies. And he was hacking.

I swear, if I EVER told any of these idiots about some hacking project I did with an Arduino, they would start asking me how much money I made off with in the heist.

There is one kid in particular that annoys me, his name is Matthew, and he is the most pompous little piece of crap you have ever met. Every time they talk about him, they use the word, "hack" casually in conversation. "Wow dude he's gonna HACK you now", and it really boils my gears. I mean, come on, our school password is a birthday and initials, if he got into your account, he certainly didn't do it by hacking anyone. It has gotten to the point that I can't even hear the word without wanting to lash out at them and tell them how stupid they are. Maybe I can just send them a link to this rant.

I reversed engineered the network protocol for a game.
I uploaded the source code to GitHub and made a post on UC Forums.

I kept getting bombarded with messages from the same person, it went something like this:

Him: "I can't get this hack to work, pls send finish hack, thanks"
Me: "First of all this is not a complete hack. You actually need to know how to code to use this library."
Guy: "Ok, can u help me make hack for game?"
To keep this short, I basically told him:
"No. Look through the code, learn it, use what you learned."

Couple of hours later he replied:
"Ok. I look through code but don't know how work. Send me code pls."
From the kindness of my heart I made a extremely simplified wrapper for the already simple code and sent him the project files.

He replies with: "Thank for hack, I not able make it work. I build I try inject game but no work. How to run dll file."

At that point I gave up...

There was a time I made an update on one of our client's e-commerce website sign-up page. The update caused a bug that allowed new users to create an account without actually creating an account.

The code block meant to save user credentials (i.e email address and password) to the database was commented out for some reasons I still can't remember to this day. After registration new users had their session created just as normal but in reality they have no recorded account on the platform. This shit went on like this for a whole week affecting over 350 new customers before the devil sent me a DM.

I got a call from my boss on that weekend that some users who had made purchases recently can't access their account from a different device and cannot also update their password. Nobody likes duty calls on a weekend, I grudgingly and sluggishly opened up my PC to create a quick fix but when I saw what the problem was I shut down my PC immediately, I ran into the shower like I was being chased by a ghost, I kept screaming "what tha fuck! what tha fuck!!" cus I knew hell was about to break loose.

At that moment everything seemed off as if I could feel everything, I felt the water dripping down my spine, I could hear the tiniest of sound. I thought about the 350 new customers the client just lost, I imagined the raving anger on the face of my boss, I thought about how dumb my colleagues would think I was for such a stupid long running bug.

I wondered through all possible solutions that could save me from this embarrassment.
-- "If this shitty client would have just allowed us verify users email before usage things wouldn't have gotten to this extent"
-- "Should I call the customers to get their email address using their provided telephone?... No they'd think I'm a scammer"
-- "Should I tell my boss the database was hacked? Pffft hack my a**",
-- "Should I create a page for the affected users to re-verify their email address and password? No, some sessions may have expired"
-- "Or maybe this the best time to quit this f*ckn job!"
... Different thoughts from all four corners of the bathroom made it a really long bath. Finally, I decided it was best I told my boss what had happened. So I fixed the code, called my boss the next day and explained the situation on ground to him and yes he was furious. "What a silly mistake..!" he raged and raged. See me in my office by Monday.
That night felt longer than usual, I couldn't sleep properly. I felt pity for the client and I blamed it all on myself... yeah the "silly mistake", I could have been more careful.

Monday came boss wasn't at the office, Tuesday, Wednesday, Thursday, Friday not available. Next week he was around and when we both met the discussion was about a different project. I tried briefing him about last week incident, he seems not to recall and demands we focus on the current project.

However, over three hundred and fifty customers swept under the carpet courtesy of me. I still felt the guilt of that f*ck up till this day.

Worst hack/attack I had to deal with?

Worst, or funniest. A partnership with a Canadian company got turned upside down and our company decided to 'part ways' by simply not returning his phone calls/emails, etc. A big 'jerk move' IMO, but all I was responsible for was a web portal into our system (submitting orders, inventory, etc).

After the separation, I removed the login permissions, but the ex-partner system was set up to 'ping' our site for various updates and we were logging the failed login attempts, maybe 5 a day or so. Our network admin got tired of seeing that error in his logs and reached out to the VP (responsible for the 'break up') and requested he tell the partner their system is still trying to login and stop it. Couple of days later, we were getting random 300, 500, 1000 failed login attempts (causing automated emails to notify that there was a problem). The partner knew that we were likely getting alerted, and kept up the barage. When alerts get high enough, they are sent to the IT-VP, which gets a whole bunch of people involved.
VP-Marketing: "Why are you allowing them into our system?! Cut them off, NOW!"
Me: "I'm not letting them in, I'm stopping them, hence the login error."
VP-Marketing: "That jackass said he will keep trying to get into our system unless we pay him $10,000. Just turn those machines off!"
VP-IT : "We can't. They serve our other international partners."
<slams hand on table>
VP-Marketing: "I don't fucking believe this! How the fuck did you let this happen!?"
VP-IT: "Yes, you shouldn't have allowed the partner into our system to begin with. What are you going to do to fix this situation?"
Me: "Um, we've been testing for months already went live some time ago. I didn't know you defaulted on the contract until last week. 'Jake' is likely running a script. He'll get bored of doing that and in a couple of weeks, he'll stop. I say lets ignore him. This really a network problem, not a coding problem."
IT-MGR: "Now..now...lets not make excuses and point fingers. It's time to fix your code."
IT-VP: "I agree. We're not going to let anyone blackmail us. Make it happen."

So I figure out the partner's IP address, and hard-code the value in my service so it doesn't log the login failure (if IP = '10.50.etc and so on' major hack job). That worked for a couple of days, then (I suspect) the ISP re-assigned a new IP and the errors started up again.

After a few angry emails from the 'powers-that-be', our network admin stops by my desk.
D: "Dude, I'm sorry, I've been so busy. I just heard and I wished they had told me what was going on. I'm going to block his entire domain and send a request to the ISP to shut him down. This was my problem to fix, you should have never been involved."

After 'D' worked his mojo, the errors stopped.

Month later, 'D' gave me an update. He was still logging the traffic from the partner's system (the ISP wanted extensive logs to prove the customer was abusing their service) and like magic one day, it all stopped. ~2 weeks after the 'break up'.

Just got a call from an Indian scammer. He did the whole press Win + R shabang and I did what he said but the run box didn't appear (maybe cause I'm on a mac) I tried a few more times and then had a moment of enlightenment, I have a mac so that must be why the shortcut isn't working. He then goes on a rant saying everything is fine because he is the best technician and he can fix my mac too. He threatens to hack me and get my name and hack my computer but then goes straight back to his script and asks me to open my browser. I'm asked to go to a website which he mumbles so I don't understand and ask him to spell it for me. This of course is unacceptable and he goes no just type whatever you feel like typing, immediately changing his mind to xvideos.com instead. I say I can't visit the site since I am at work and he goes straight into trying to recruit me. Promises of infinite money and all I could ever wish for. Then he says I should work for him and he would pay me to watch porn which I politely decline. The final interaction was me letting him know I need to get back to work and to tell his call center buddies to never call me. He got super mad at me for accusing him of working at a call center whilst you can hear other calls in the background. 10/10 interaction.

F : "Oh, you're an IT guy. Can you help me hack my facebook? I forgot the password."
Me : "..."
F : "You can't? okay"

Why is it that every time I tell someone I love programming the immediate question that follows is: "So you can hack?". And when I tell them that I can't, the conversation is over.

I fucking hate holidays. Every goddamn time when it's a holiday, that's when I need to go to the store and get something, only to find out that they're closed. And what for.. holidays are - to me at least - no more than an excuse for people to not go to work for the day.

So, now I ran out of booze, and can't continue developing and testing my breathalyzer until Monday.

Then it hit me.. what if I take all my Arduino equipment (laptop, jumper wires, ...) to the café and deploy my build environment on a table there?

Eh, no no no. I don't want some idiot to come up to me saying "YOU EVIL HEKORMAN!!!" and have to explain that just like when you call a banker who's working with the money vaults a thief, it's wrong to call someone that's developing shit an evil hacker.. one should strive to not throw mindless accusations out of unknowingness. Not that I'm a good example of that though. But still.

It's probably that or some stupid bitch coming up to me asking to hack her boyfriend's Phasebuk.. that said, that could probably be an opportunity to get in her pants. But then, I don't wanna insert my meat in an idiot like that... ._.

So, no booze it is then? Thanks national holidays!

"Ok Google, remind me every day before a holiday because I really couldn't care less about them!!"

!rant For my uni project I have been developing a anti ransom-ware price of software which had a main purpose of damage limitation/containment in a business environment.

Some course mates were critising it saying yeah when is ransom ware ever really looked at these days, (they developed a chat app), then the news struck about the Nhs hack and now my Lecturer can't get enough of the project and suddenly the marks for real world application seem to be in my favour 🤘

Again not a rant, just a nice feeling after spending so long on my work.

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

Most kids just want to code. So they see "Computer Science" and think "How to be a hacker in 6 weeks". Then they face some super simple algebra and freak out, eventually flunking out with the excuse that "uni only presents overtly theoretical shit nobody ever uses in real life".

They could hardly be more wrong, of course. Ignore calculus and complexity theory and you will max out on efficiency soon enough. Skip operating systems, compilers and language theory and you can only ever aspire to be a script kiddie.
You can't become a "data scientist" without statistics. And you can never grow to be even a mediocre one without solid basic research and physics training.

Hack, I've optimized literal millions of dollars out of cloud expenses by choosing the best processors for my stack, and weeks later got myself schooled (on devRant, of all places!) over my ignorance of their inner workings. And I have a MSc degree. Learning never stops.

So, to improve CS experience in uni? Tear down students expectations, and boil out the "I just wanna code!" kiddies to boot camps. Some of them will be back to learn the science. The rest will peak at age 33.

I live in a developing country where not a lot of people know much about security, programming and such. The moment I make a post about coding or something on social media, relatives/friends/strangers come and ask me to hack a Facebook profile or request a free download link to PUBG. And when I say that I can't, or that it's not really possible, they fuss and blame me for it. God damn people.

I work in a contract position and reviewed the code of a senior engineer recently. Regretfully I can't provide context to preserve anonymity.

He wrote awful JavaScript;

- handled a single DOM element with 2 different frontend libraries
- used the logical operator && to 'chain' two methods (it didn't work) instead of returning a boolean value,
- broke everything down into minute detail (a comment box had 7 components!),
- API calls were made for every component update instead of maintaining local component state where it made sense, which meant UI updates were slow,
- animated EVERYTHING, which made my Firefox on Xubuntu i7 64bit with 16GB RAM beg for mercy.

I had a rough couple of months with interviews, with 2nd stage technical interviewers throwing impossible tasks at me.

Example:

1. Create an online Python code editor with Javascript which can compile Python bytecode,
2. Use Mesos and Kafka to create real time architecture for Tensorflow with a Javascript frontend in 1 day. (I asked, and wasn't allowed to use Kubernetes or serverless architecture),
3. Hack a website from the browser's address bar using parameters ( what?!! ),

Obviously, the next time I meet a 'senior', I'm going to tell him talk is cheap;

'SHOW ME YOUR CODE.'

I miss old times rants...So i guess, here it goes mine:

Tomorrow is the day of the first demo to our client of a "forward-looking project" which is totally fucked up, because our "Technical Quality Assurance" - basically a developer from the '90-s, who gained the position by "he is a good guy from my last company where we worked together on sum old legacy project...".
He fucked up our marvellous, loose coupling, publish/subscribe microservice architecture, which was meant to replace an old, un-maintainable enormous monolitch app. Basically we have to replace some old-ass db stored functions.
Everyone was on our side, even the sysadmins were on our side, and he just walked in the conversation, and said: No, i don't like it, 'cause it's not clear how it would even work... Make it an RPC without loose coupling with the good-old common lib pattern, which made it now (it's the 4th 2 week/sprint, and it is a dependency hell). I could go on day and night about his "awesome ideas", and all the lovely e-mails and pull request comments... But back to business

So tomorrow is the demo. The client side project manager accidentally invited EVERYONE to this, even fucking CIO, legal department, all the designers... so yeah... pretty nice couple of swallowed company...

Today was a day, when my lead colleague just simply stayed home, to be more productive, our companys project manager had to work on other prjects, and can't help, and all the 3 other prject members were thinking it is important to interrupt me frequently...

I have to install our projects which is not even had a heart beat... not even on developer machines. Ok it is not a reeeeaaally big thing, but it is 6 MS from which 2 not even building because of tight coupling fucktard bitch..., But ok, i mean, i do my best, and make it work for the first time ever... I worked like 10 ours, just on the first fucking app to build, and deploy, run on the server, connect to db and rabbit mq... 10 FUCKING HOURS!!! (sorry, i mean) and it all was about 1, i mean ONE FUCKING LINE!

Let me explain: spring boot amqp with SSL was never tested before this time. I searched everything i could tought about, what could cause "Connection reset"... Yeah... not so helpful error message... I even have to "hack" into the demo server to test the keystore-truststore at localhost... and all the fucking configs, user names, urls, everything was correct... But one fucking line was missing...
EXCEPT ONE FUCKING LINE:
spring.rabbitmq.ssl.enabled=false # Whether to enable SSL support.

This little bitch took me 6 hours to figure out...so please guys, learn from my fault and check the spring boot appendix for default application properties, if everything is correct, but it is not working...

And of course, if you want SSL then ENABLE it...
spring.rabbitmq.ssl.enabled=true

BTW i really miss those old rants from angry devs, and i hope someone will smile on my fucking torture

Not exactly dev stuff, but LaTeX low-key makes me nervous.

In writing my thesis it seems that through some keyboard-fuckery I managed to slip in some weird unicode bullshit character somewhere, so that it doesn't compile. Alright, I just do \DeclareUnicodeCharacter{0301}{ASDF} so that it gets replaced by ASDF. Searching for ASDF in the output pdf file does not yield results, so I can't even find the location of the fuckery in the text. It seems that unicode character is somewhere in my .bib-file and I guess my citation style doesn't even render the part of the data that character is in after all. So the above hack works, but still there is some weird-ass character in my bibliography file that I can't find.

On another note: I get that modularity is cool and all, but who thought that it is a good idea to give people zero transparency over what macro stems from which included package? No namespaces etc. I end up including a whole lot of packages that are needed for exactly one macro. That bloats up the file and you have no way to trace back which macro came from which of the quazillion included packages.

...then again maybe I'm just a lazy piece of shit whose google searches end before success and all of the above has some easy fix.

Am I the only one that loses some, if not all, motivation when they can't figure out a way of overcoming a problem that doesn't involve a nauseating hack?

A few years ago I was in high school and used to have a small reputation of hacking things. I could hack, just would never hack any school networks or systems (reputation + notice that there was a breach is a bad combo since everyone would immediately suspect you).

Anyways one day the networks internet connection went down in the school district and I was the only one who used a laptop to take notes. So I quickly opened the terminal and ran Wireshark and said to the person to my right "see that button there? yeah I programmed this last night. anytime I press it I can shut down the network so the teacher can't reach her files (she famously only saved them online). *Long dramatic press* Wireshark started scanning the network so all the numbers and lines were going crazy as it viewed the packet info "Now just wait", soon the whole class knew what I had done through whispers and lo and behold a few minutes later and the teacher couldn't reach her files.

Everyone loved me for the rest of the year for saving them from the homework for the week the wifi network was out since it also ended up having to cancel two tests in the class, and a lot more homework and tests in all their other classes. Solidified my reputation and no one fucked with me from that day on.

This is just one I had with my cousin who came for a visit.

Cousin: Yo bro, I want you to hack my girlfriend's Facebook?

Me: Lol, and why is that?

Cousin: I think she's cheating on me with this guy. I've seen her replying to him on fb messenger.

Me: Lol, ask her about it then if that's what you think.

Cousin: She won't talk bro. That's why I want you to hack her Facebook or even her phone so I can see who she's talking to.

Me: I can't bro.

Cousin: So you're not going to help me?

Me: Not that bro. I can't hack Facebook. I don't know how to do that stuff.

Cousin: But you have Bachelor's in CS and I've seen you writing those stuff on your computer....uhm, the code thing.

Me: Yeah, but those were school and personal programming projects. Not hacking stuff.. they're not the same.

Cousin: Oh man, what about her phone?

Me: Nope, can't do that either.

Cousin: But I've seen you hacking your Android phone... (*He saw me root my phone*)

Me: *face palm*

Oh boy, finally something to rant about.

I got hired in a "small" company (not even 2000 people in it), then got "shipped" to a way bigger company. Basically, I work for this company (the french biggest internet / phone service provider) but in the name of my own. And this since last wednesday.

First off, I'm fucking stupid. After leaving the big company that I was in before, I swore to myself that from now on, I would work for smaller companies, mainly because I couldn't stand the inertia that big company have. You ask for something, you get it a month and a half after. The old company has about 6000 employees... This company has 98k people in it. Fuck. My. Life.

Now, to the rant: Orange (the company) decided that they had to move their office somewhere else. They set up a lot of things so that all we needed to do was to put things in boxes, to work somewhere else until next monday, then we could go to the new office on tuesday morning.

Keep in mind that I have been there for 8 days: I keep learning how they do their stuff. For example, if I need a specific docker image, I can't get it from the Docker Hub, the download will fail. However, if I hit an Orange subdomain's registry, I will get this image from a mirror. Because fuck logic.

When we join the company, they give us a Windows laptop ("yeaah we have useless but required Orange softwares that don't run on Linux" "Yeeaaah fuck you") that have a specific VPN allowing us to use the Orange network and, in theory, you can download docker images or clone orange repositories from that network.

In practice, you can simply just go fuck yourself. Why? Because whenever you want to curl, wget or pull anything (or even pip install), your connection keeps being shut down while it waits for the response's header.

The worst part? According to my (new) boss's evasive answers, the way to fix that works with glue, sticks and the power of the Force.

WHY THE FUCK DO YOU ENFORCE US A SHITTY OS FOR DEVELOPMENT, WHEN THE TOOLS YOU SHOVE IN IT WITH A FAKE SMILE DON'T EVEN WORK, AND WE HAVE TO HACK OUR WAY TO FUCKING WORK?

Seems like everything on android is a "hack" or temporary solution, thanks to google .

Now how the fuck should i create a custom SMS inbox when:
1) i can't run the SMS broadcast reciever in a background service(because background services are deprecated )
2)message SMS reciever in a foreground service ,because this service is not fucking foreground! when the app is cleared from the recents , it shows the service as running, but on recieving the next message , the service dies??wtf?? i think its something related to processes

the app needs to detect a message instantly because some messages are needed to be sent to server the moment they are recieved :/

I wish my boss would stop revoking my permissions. He's always saying how these slew of things need to be accomplished, yet, everytime I go to do them I'm at a wall because, despite having permissions for a very long time he decided to revoke them entirely.

It's not like I can't be trusted with them, it's been over 2 years with them, so why the sudden revoke?

I finally sent some snot mail to him informing him I'm unable to complete my tasks without the permissions granted to me (I'm a sysadmin, sec guy, boss is vp of tech), and instead of him granting them yet again he's going to run around and try to hack around the permission requirement so he can avoid giving me them.

Seriously? This is stupid. I was the one who wrote the security design and implementation document, and put all that work in. Now I'm being locked out of the system I designed, built and implemented?

Well, time to look for a new job. If you're a manager, please don't revoke your employees permissions without notice, at random, and try to hack around well-documented security policies. It won't end well!

I find it hilarious the total misconception of hacking that the general public has. I tell people I know cyber security (Not as much as a lot of people around here) but it is a hobby of mine and I find it very useful/interesting.

But I can't stop but laugh when someone is like, can you get all the text messages my bf receives?

Can you hack this for me can you back that?

C'mon even if I knew how to do that without being caught you think I would even admit that to you. Do hackers just walk around with an index card pasted to their forehead of their skill? It's not even slightly reasonable to think this lol even for someone who doesn't know about the field

*right click on image*
[nothing happens]
*spams right click, thinking about getting a new mouse*
[small modal shows up: "this content is protected!"]
*laughs in developer's console*

I never thought I'd get to see a website that "protects" its content by disabling right click, I'm moved :')

Proxmox team, go fuck yourselves.

Now I'm sure that I'll receive a lot of flack for this, but hear me out.

I've tried Proxmox and was quite pleased with its web UI. But I hate how much it locks me into their own little ecosystem.

I want to use btrfs on my drives. Why is this impossible, yet the hack that is ZoL is your obvious alternative? An alternative wherein I can't even compile and run my own kernel, because then ZoL suddenly fails? And don't you tell me to compile your stock config, when it's well over 15GB large in your source tree.

Proxmox is literally the MacOS of Linux distributions. Which was even more so made clear by me being called an idiot by possibly wanting to run Same on the PVE host. Because why on Earth would sysadmins want to?! Why on Earth would sysadmins be competent for wanting to?!!

You know what? I'll just convert those Proxmox servers to Arch and say fuck you to all the bells and whistles that's Proxmox' web UI. Because at least Arch allows me to make my own fucking choices, limited only by what's supported by the Linux operating system.

Perhaps Proxmox will consider btrfs stable in 2021. Because you know, despite it being stable today in 2018, Debian and Proxmox alike live 3 years in the past, i.e. 2015. I hate the Debian ecosystem because of that, but boy do I hate Proxmox even more so. Bloody fucking piece of shit it is!!! 😡

The convo between my friend and me back then
He: dude I heard you can code can you help me with this coding challenge on codechef
Me: bro, I try to let's check the problem
After 15-30 min we solve the question together
Then after 3 days or so he again meets me
He: do you know about Kali Linux
Me: no man not heard of Linux but what is Kali seems interesting
He: trying to hack WiFi
Me: *getting excited* bro teach me
He: I'm learning too
That day he got to know he can't hack WiFi and I got to know that my friend doesn't know jack shit about Linux, also Linux is awesome
But that moment changed my whole engineering life, I got to learn about Linux and I'm getting good at it every single day since then.
It's been 3 year since I met that fucker.
Tagging my amigo @ashwini0529

Ibwish I had remembered this when the weekly theme was office pranks.

In the first or second year of high school we covered basic internet security. Stuff like don't follow suspicious urls, don't open suspicious emails and such.

Our teacher let us play around with some sort of simulated desktop environment, where we could execute some hacks like ad popups and such on each other's environment, if we fell for the trap.

Anyways, one hack I found interesting was a hack, that lockes a user out of their virual desktop, until he enters a password, that will be displayed on his environment.

Yes, a very interesting hack, because it contains two obvious yet major design flaws, which I could exploit 😈

1. It's case sensitive
In itself not a problem, but combined with #2, it's fatal.
2. "IlIlllIlI"
Depending on your font, you probably have no idea what exactly I just typed.

Let's just say, the font displayed uppercase i and lowercase L completely undifferentiable.

Guess whom I let suffer.

It was our teacher, who had to demonstrate us some things and who was connected to the same network.

I swear, nothing beats that feeling when your tearcher has go come to you and embarrassingly ask you to "unhack" them, because they can't type it 😂

If you've ever tried using Go plugins raise your hand.
If you've ever tried doing plugins in Go, raise your hand.
If you think that the following rant will be interesting, raise your hand.
If you raised your hand, press [Read More]:

This is a tale of pain and sorrow, the sorrow of discovering that what could be a wonderful feature is woefully incomplete, and won't be for a very long time...

Go plugins are a cool feature: dynamically load pre-compiled code, and interact with it in a useful and relatively performant way (e.g. for dynamically extending the capabilities of your program). So far it sounds great, I know right?

Now let me list off some issues (in order of me remembering them):
1. You can't unload them (due to some bs about dlopen), so you need to restart the application...
2. They bundle the stdlib like a regular Go binary, despite the fact that they're meant to be dynamic!
3. #2 wouldn't be so bad if they didn't also require identical versions of all dependencies in both binaries (meaning you'd need to vendor the dependencies, and also hope you are using the right Go version).
4. You need to use -trimpath or everything dies...

All in all, they are broken and no one is rushing to fix it (literally, the Go team said they aren't really supporting it currently...).

So what other options are there for making plugins in Go?

There's the Hashicorp method of using RPC, where you have two separate applications one the plugin, one the plugin server, and they communicate over RPC. I don't like it. Why? Because it feels like a hack, it's not really efficient and it carries a fear of a limitation that I don't like...

Then we come to a somewhat more clever approach: using Lua (or any other scripting language), it's well known, it's what everyone uses (at least in games...). But, it simply is too hard to use, all the Go Lua VMs I could find were simply too hard to set up...

Now we come to the most creative option I've seen yet: WASM. Now you ask "WASM!? But that's a web thing, how are you gonna make that work?" Indeed, my son, it is a web thing, but that doesn't mean I can't use it! Someone made a WASM VM for Go, and the pros are that you can use any WASM supporting language (i.e. any/all of them). Problem inefficient, PITA to use, and also suffers from the same issues that were preventing me from using Lua.

Enter Yaegi, a Go interpreter created by the same guys who made (and named) Traefik. Yes, you heard me right, an INTERPRETER (i.e. like python) so while it's not super performant (and possibly suffering from large inefficiency issues), it's very easy to set up, and it means that my plugins can still be written in Go (yay)! However, don't think this method doesn't have its own issues, there's still the problem of effectively abstracting different types of plugins without requiring too much boilerplate (a hard problem that I'm actively working on, commits coming soon). However, this still feels to be the best option.

As you can see, doing plugins in Go is a very hard problem. In the coming weeks (hopefully), I'm going to (attempt to at least) benchmark all the different options, as well as publish a library that should help make using Yaegi based plugins easier. All of this stuff will go (see what I did there 😉) in a nice blog post that better explains the issues and solutions. But until then I have some coding to do...

Have a good night(/day)!

I've been offline from devrant for a while now but damn, I need to vent this shit

One of my colleagues can't describe tickets well enough, so I often have to speak to my colleague about it what he/she ments with their description (usually the ticket description is one line… that's all)

But yesterday the ticket was quite ok, I got were he/she was going for

Conveniently my colleague walked by at the end of yesterday and asked me how it was going

I responded quite energetic 'quite well, ticket is almost done'

And when I showed my colleague the result he/she said, well I got some feedback this morning, and we need to move X to Y with Z data

But you don't get the full story, this project exists of a very old abandoned framework (2013). Hacked together to work for more than one customer (but still copied over to run standalone) with the last year of development being focused on fast results (no time given to workout bugs or refactoring for cleaner/readable code)

So now I have to (on a feature that already took me 3 days to build) remove roughly 25% of the code and hacks, and hack a solution together..

This shit is demotivating as fuck...

So just babbling my shit down here.

(Tldr : i am a crazy guy who followed my half slept brain, went onto a stage , gave some kind of motivating , stammering talk to a large group of professional strangers, enjoyed that day with a red embarrassed face and just got my first pic of me speaking on stage and that is so awesome !)

Last Saturday i went to a gdg meetup and i embarrassed the hell out of me.

I went there with just 2 hours of sleep from the previous night.
After a few talks there comes a guy who is taking some time to install is setup and the host calls for lightning round session ( ie he asks if anyone from the audience would like to share something about their product or something).

I am a fucking nutt guy. I can explain something to you nicely in a hacky way as long as i have done enough work on that and you speak my native language.

But giving a talk on English stage, hell no! I stammer, mix hindi with English and start speaking werd shit.. And that's what happened.

I don't know what went into me but as some guy went to the stage and talked for 2 mins, i was like yeah i want to do that too. So in next turn when he asked for a show of hands, i raised mine and fucking went to stage!

I forgot that if you go on stage you should have something to talk to . But the moment i was on stage, i was like... "Nope, we will do this differently".
I had been working on a video ads module from the last week which could be easily explained in 2 mins. But i felt like giving a non techy talk instead.

It went something like this: i introduced myself with my experience details ( who gives experience details on stage !?!) Then host said to speak loudly and i went like "Bharat mata ki jai!"( Victory to mother india (wtf!?😆) .

Then started talking about how the developers feel disheartened when searching on internet where the resources are scattered . And the solution i told them was :"don't be disheartened. You will eventually find it (like wow dude wtf, as if they didn't knew that) . Look on the youtube and other resources " and then went full on explaining/marketing about some online tutor who gives advice/consultancy via a subscription based payment ( tbf that guy really helped solve a lot of my doubts, he has written books on Android dev and is the top so answerer for Android).

Then i went on sharing my thoughts live on that fuckin stage ! ( Live because i usually post my thoughts here on devrant before discussing them out with real people, you guys are my safe space) but there i discussed my thoughts on libraries!

I have this believe that Android devs these days are having lesser knowledge of the system because we have all the libraries and templates available to us. But when we have to customize stuff, we need to go deep into docs and source classes and find ourselves in trouble there. So i kind of said this out loud and that we should try to read more the code and implement stuff ourselves instead of using the library 😅🙈)

I was feeling so fucking embarrassing after that all stuff! It was so full of stammering , broken English and worst attempt at motivation. At that time i was regretting this and about to burst cry and run away, but somehow i gathered my self, got my mood back to the event games and talks, later went to the organizers and apologized(and they were very nice and didn't cared about it), and overall enjoyed my weirdest day!

When i came home, my mom gave me a little more confidence about it. Now i think i shouldn't be that much instinctive. Next day i went hack to work and everything got normal.

But Yesterday i found a link to the public repository of the photos. Ohh fuck, someone had took my image! and that was too in full hd!!! 🙈🙈🙈😅😆😆 Oh mann I can't stop looking at that cool stage speaker image, i love it ! I, the shy-est and the most uncool awkward person , present on the stage with a mike, oof , i think i lived my dream !

I hope i could get enough confidence and speaking skills to take a real stage talk next time ( and maybe enough interesting talks and confidence to talk with girls of our office, ¯\_(ツ)_/¯ )

Just because I know a little bit of Linux, doesn't mean I am a Hacker :/

"No. I certainly can't Hack 'that' DEEPWEB website"

Are you fuckin kiddin me :|

Worst "hackathon" turned out to be the boss (scrum master type) and a Magento guy (super OCD) working on a tiny tiny adjustment to a email template. They didn't really do anything and expected me to just make it all way better with CSS alone. I built out a robust responsive email in a codepen for them. They acted like they couldn't trust me to be a part of the team because I wasn't contributing - but I wasn't even sure what was happening. Between gathering refreshments and patting themselves on the back... it was hard to see what they had done. The online presentation to the magento people was pretty funny to watch though. If you think you can't have a presentation about nothing - think again. Magento is totally fucked. The word 'hacking' is not really suited to describe 'programming websites/applications quickly' anyway. 'Ninja' and 'hack' should always be considered red flags. 'Magento' should be a triple red flag: Jerk-off Jesus-complex boss, self-centered out of touch programmers, crap product. Watch out!

First Year in College.

I have been into computers since 9th Standard. What I meant was I could make music, edit images, play and install games after downloading, hack them(change values) using Cheat Engine, make trainers for myself because why type when you can freeze, format computers using a pendrive (trust me, I saved a lot of money) and then finally, make some presentations and send emails.

Now, College begins. Programming in C language. I don't know what the fuck that means. But they say, it's 'essential'.

Enter Professor. "Okay students, we begin with the course on C Language. how many of you know pointers?".

Me: Wow. Sounds cool. But, I don't know anything.

I couldn't love coding. I think I love to code but at the end of the day, I'm a sick Undergraduate who fell in love with a Bass Guitar and Vocals and wants to code for a living. Heavily interested in changing the world and all that stuff but have no motivation and even if I have, I can't give a fuck about it.

Peers are getting medals everywhere. I'm sitting alone in a room learning C. They said, It was 'essential', but they never told me, 'why'.

Not a rant. IDGAF what you think but I'm a failure looking for ways to make a living.

Any night, 1:30am, bedtime: "Yes! I can't WAIT for tomorrow to begin! I'm gonna make SO much progress on that personal project that I just KNOW is gonna change the world and make me a billionaire! My time is now!"

Next day, 9am, first call of the day: "Ugh, waking up SUUUUUCKS! But, fine, just gotta get through the workday, then it's beast mode time!"

5pm: "Ugh, that day SUCKED... meeting after meeting, constant interruptions for the few minutes I got to hack code, SO many emails, and hey, good day, only five new things pushed down from corporate to bang my head against! Feelings pretty mentally exhausted, but it's all good, I fortunately love this programming stuff, so first dinner, then a little exercise, spend some time with the family, and then it's time to COOOODE!"

10pm: "Ok, house is FINALLY quiet (fucking dog), just a little noise from my daughter staying up way too late again... kinda spent, but this project still excites me, and I may not get as much done as I was hoping, but fine, I can still make some tangible progress and that's what matters. Maybe just one last quick check of email, Reddit, make sure there's no new Hot Ones or Honest Trailers I gotta watch, update IDEA plugins and see what's new, then it's work time! Nothing can stop me now!"

Any night, 1:30am, bedtime: "SHIT! I GOT FUCK ALL DONE AGAIN! GO DAAAAAAAMN IIIIIT!!!!"

I miss psychological safety. I'll define it as the willingness to be vulnerable to criticism and the belief that contrary opinions are embraced and judged on their merit.

When I first entered the startup scene my manager had exceptional candor. He had no qualms talking about how kids and personal projects caused his investment in his work to wax and wane.

He always made time to talk to me when I was frustrated and made me feel like he truly listened to what I had to say, even if he didn't act on it.

At the time, I attributed the safety to the company culture created by the CTO. The startup failed and eventually, I found my way to that CTO's next startup.

Completely different experience. I find myself in despair as I hear "I'm more senior and therefore am right and don't have time or interest in your ideas" blatantly stated.

When I disagree with people, I try to ask clarifying questions to identify where the divergence occurs. Sometimes I'm surprised and learn something new, sometimes my questions prompt reconsideration.

With the CTO (now CEO), we go in circles where he squirms, deflects, and outright refuses to respond to my questions. He cancels 75% of 1:1's and when we do talk he suggests that if I disagree I "should introspect which of my beliefs is holding me back from embracing his superior way of doing things"

Multi-hour slack wars suck the life out of anyone trying to ask questions. It's so exhausting to ask questions it's often cheaper and faster to wallow in despair for an hour and hack something together than descend into people shouting preferences at each other and shaming me for not already knowing the answer.

Perks, pay, and tech-stack are all cool. It feels selfish to be unhappy because I can't innovate or challenge the status quo. Having tasted that safety though, I'm left with an unquenched thirst that grows stronger with every conflict.

Who actually started the reign of mixed character passwords? because seriously it sucks to have an unnecessarily complex password! Like websites and apps requesting passwords to contain Upper/Lower case letter, numeric characters and symbols without considering the average user with low memory threshold (i.e; Me).

Let's push the complaint aside and return back to the actual reason a complex password is required.

Like we already know; Passwords are made complex so it can't be easily guessed by password crackers used by hackers and the primary reason behind adding symbols and numbers in a password is simply to create a stretch for possible outcome of guesses.

Now let's take a look into the logic behind a password cracker.

To hack a password,
1) The Password Cracker will usually lookup a dictionary of passwords (This point is very necessary for any possible outcome).
2) Attempts to login multiple times with list of passwords found (In most cases successful entries are found for passwords less than 8 chars).
3) If none was successful after the end of the dictionary, the cracker formulates each password on the dictionary to match popular standards of most website (i.e; First letter uppercase, a number at the end followed by a symbol. Thanks to those websites!)
4) If any password was successful, the cracker adds them to a new dictionary called a "pattern builder list" (This gives the cracker an upper edge on that specific platform because most websites forces a specific password pattern anyway)

In comparison:
>> Mygirlfriend98##
would be cracked faster compared to
>> iloveburberryihatepeanuts

Why?
Because the former is short and follows a popular pattern.

In reality, password crackers don't specifically care about Upper-Lowercase-Number-Symbol bullshit! They care more about the length of the password, the pattern of the password and formerly used entries (either from keyloggers or from previously hacked passwords).

So the need for requesting a humanly complex password is totally unnecessary because it's a bot that is being dealt with not another human.

My devrant password is a short story of *how I met first girlfriend* Goodluck to a password cracker!

ASP.NET Web Forns?

Can't tell how many times I printed out the page lifecycle diagram for myself or a coworker. So many hours lost trying to figure out which lifecycle hook to use for a specific scenario and then have it all break down because something new was added to the feature. Or figuring when data can be bound, or doing some hack because things break when handling a POST event or some shit.

Overly abstract piece of technological excrement. Might as well express the thing in contemporary dance and check that into source control instead of that ungodly mess.

The switch to AJAX and API calls was such a huge relief it's almost hard to explain in words (I can do a dance tho). And then upgrading to AngularJS, man, worlds apart...

I don't care how much they pay me (okay, you got me...), I'm never touching Web Forms again.

Ok... so I have a unique question/opportunity. I can't give all the details but here's the jist:

3yrs ago I was hired to consult a now prominent(still decently well known then) web-based company with many thousands of users, dealing with a lot of money and leveraging a social environment. They had several issues but initially they really needed me to find/train chat mods.

I did not take the offer for monetary reasons, like all consulting I've done, I had additional reason and/or fondness to fix the issues. In this case it was an interesting challenge and I knew several customers and some support staff so it'd be worthwhile.

They (without request) reduced their typical 2mo probationary period to 2wk for me. With less than a day left of that period, I was 'hacked' via a pushed telegram update, on the account they made me create for work purposes (they had control of the phone number not me).

During this 'hack' one of the 2, currently active, culprits sent a message to his tg account from the 'hacked' one and quickly deleted the entire convo. The other pretended (poorly) to be me in the chat with the mods in training (at least a few directly witnessed this and provided commentary).

Suddenly, I was fired without any rationale or even a direct, non-culprit, saying anything to me.

The 'hack' also included some very legit, and very ignorantly used, Ukrainian malware.

This 'hack' was only to a 2nd gen lenovo yoga I got due to being a certified refurbisher... just used for small bs like this chat mod/etc job. I even opened up my network, made honey pots, etc., waiting for something more interesting... nope not even an attempt at the static ip.

I started a screen recording program shortly after this crap started (unfortunately after the message sent be 'me' to the dude who actually sent it happened... so i still dont know the contents).

I figured I'd wait it out until i was bored enough or the lead culprit was at a pinnacle to fall from...

The evidence is overwhelming. This moron had no clue what he was doing (rich af by birth type)... as this malware literally created an unhidden log file, including his info down to the MAC id of his MacBook... on my desktop in real time (no, not joking... that stupid)

Here's my quandary... Due to the somewhat adjacent nature of part of our soon to be public start-up... as i dont want it to turn into some coat tail for our tech to ride on for popularity... it's now or never.

Currently im thinking, aside from any revenge-esq scheme, it'd be somewhat socially irresponsible to not out him to his fellow investors and/or the organisation that is growing with him as one of few at the forefront... ironically all about trust/safety/verification of admins in the industry.

I tried to reach out to him and request a call... he's still just as immature. Spent hours essentially spamming me while claiming it wasnt him but hed help me find whoever it was... and several other failed attempts to know what i had. When i confirmed he wasnt going to attempt a call, i informed him id likey mute him because i don't have time for back and forth bs. True to form he deleted the chat (i recorded it but its of no value).

So... any thoughts?

At my school we use iPads (I don't know why) and the teachers can see what's on your screen, lock you inside an app, block apps/basically everything, lock/shut down your iPad, uninstall apps and they can even see what's your location. It sucks ass, but with my "professional" hacking skills I figured out a way to hack the system. If I use a VPN, for some reason they can't do anything to my iPad. I'm still waiting for the day my school is going to ditch iPad's an buy us laptops, but at least I can sleep good at night without having my teacher doing stuff to my iPad.

(I have a ton of other things I don't like about my school, and would love to rant about, but I don't want this rant to be 5000 pages long)

Question about permission in `docker-compose`

So far, I've usually used vagrant for local dev. It was nice, as I was able to specify `wack:wack` as owner of all files. However with docker compose, if I connect with exec and use `/bin/bash` I'm logged in as `root`. When I then run composer, it kind of fucks with the file permissions, as after it all new files are owned by root and thus can't be edited with an ide on the "host" system.

One hack that I found suggested creating an user and a group with same uid as on the host and use that instead of root. This just doesn't sound right to me. Any advice on how to handle this situation?

So I'm back in school for a graduate program... mostly just to continue deferring loans because that seemed like a smart choice....

Anyway I'm back in school and at the end of the third class I realize I just spent the last hour teaching the class....how to hack....how did this happen?

I'm so disoriented I don't know what's going on anymore...I get to work and suddenly I'm teaching again...when did this happen?

Am I now stuck in some role as a mentor and teacher? If that's the case we are all screwed.

Those who can't do instead teach?

So, who wants to learn something useful? The below is pretty entertaining.

rm -rf

Rant and opinions wanted. Its a long one.

I have been working on a project for a month and a half. For the first week I was requesting designs that I got about 2 of out of 15. For the next week and a half the designer was on holiday so I couldn't do anything but delivered a few more designs once he got back.

This takes us 2 weeks in already. I have other things to do as well so at the same time I work on support tickets and some bespoke development coming in.

I get given 2 or 3 more designs and can't get anything else out of the designer after waiting a week so I have to design everything myself as I go and build it. Something I have never done before.

We are now 3 and a half weeks in. My boss randomly tells my pm it needs to be demo ready the next day. I work furiously to hack something together. It works but key functionality is missing.

I move house and work from home for a week and a half. I do my best but the project is full of bugs and the CSS is horrible because I didn't know what I was making at any stage. It is therefore CSS rules repeated in IDs everywhere.

My colleagues join me on the project because my boss has decided to try and sell it tomorrow.

They run through it and find all the bugs left from me working furiously to get things done quickly. Things like no search pagination and missing validation.

My boss is now pisses at me because the project is not finished, my colleagues are now all working on it. Throughout it all he knew the designer was not delivering me anything and that I was struggling.

Am I in the wrong for writing shit code that came about because I was coding with no idea of what the finished project should look like? Is he in the wrong for dumping this on me and just letting me get on with it even though he knew there were no designs?

Btw I am just finishing a 1 year internship and before this have never done web dev before.

Discuss.

Okay this is my first time posting on this site. I've browsed it (definitely not in class) and the community looks beautiful, so I'm going to just kind of slide in here. Anyways this is the part where I use my caps lock button and type lots of naughty words I guess...

<rant type = 'school'>
Our programming classes are fucking DISMAL uuugh... Okay so we have four technology classes: Tech Exploration, Coding 1, Coding 2, and Intro to CS (a 'high school' level class)... So this means a fuck ton of kids in programming classes, mostly because I WANNA MAKE MINCERAFT AND BE A KEWL BOI LIKE GAME DEV BUT I'M ALSO A FUCKING IDIOT AND WILL NOT LEARN ANYTHING YAAAAAAY but that's a mood and so there's a fucking tidal wave of dumb kids in these classes. So right we're dealing with like 80 kids per class period. Sorry if I'm repeating myself but there are a FUCKTON of students. Now, we have... wait for it... ONE FUCKING TEACHER. ONE. I fucking swear this district does not give a SINGLE SHIT about possibly THE SINGLE FUCKING MOST IMPORTANT SUBJECT WHYYYYYY... Okay so the teacher is kinda overworked as fuck lol. She can't really teach eighty kids at once so she mostly gives us exercises from websites but when she can she teaches us shit herself and actually knows a good bit about her field of study. She's usually pretty grumpy, understandably, but if you ask her a good question that makes her think you can see the passion there lol. So anyways that's a mood. Now at the other school it's even worse. They have this new asshole as a teacher that knows NOTHING about ANYTHING IT IS SO FUCKING REDICULOUS OH MY UUUUUGH... THEY STILL DON'T EVEN KNOW WHAT A FUCKING LOOP IS LIKE OKAY YOU'VE BEEN TEACHING PROGRAMMING FOR A YEAR AND YOU'RE THE ONLY ONE TEACHING IT AT THAT DISTRICT SO MAYBE YOU SHOULD AT LEAST FUCKING TRY WHAT IS WRONG WITH YOU... so he just makes them do shit from a website and obviously can't do half of the shit he assigns it's so fucking sad... I swear this district is supposed to be good but maybe not for the ONE THING I WANT IT TO BE GOOD FOR. Funny story: in elementary school once I wrote down school usernames for people I didn't really know and shared them a google doc that said "you have been hacked make a more secure password buddy" etc etc and made them the owner and these dull shits report it to the principal... So I'm in the principles office... Just a fucking dumb elementary school kid lol and the principal is like hAcKiNg Is BaD yOu ShOuLd NoT dO iT and I'm like how did you know it was me... so he goes on to say some bullshit about 'digital footprint' and 'tracing' me to it... he obviously has no clue what he's saying but anyways afterwards he points to where it says last change made by MY SCHOOL ACCOUNT... HOW DULL CAN YOU FUCKING POSSIBLY BE IT WAS FROM MY ACCOUNT THAT LITERALLY PROVED THAT I DID --NOT-- 'HACK' INTO THEIR ACCOUNT YOU DUMB FUCK. Okay so basically my school is a burning pile of garbage but it's better than most apparently but it's GARBAGE MY GOD... Please fucking tell me it gets better...

okay lol that was longer than I thought it would be guess I just needed to vent... later I guess
</rant>

How coding has impacted my life?

Lol, mann I don't think normal anymore. Everything is logical and conditional statements to me now. If this, do that! Else, do this. I've been making people think 2x about their dumb questions to fix their broken phones, computer screens and yes, the popular one.."can you hack facebook?". I can't even do a simple renaming or count without start with a 0. Normal people start like 1, 2, 3, 4.... and I'm like 0, 1, 2, 3. Bruh, I'd rather code than hang out which I still do but less now..smh

Time sheets. I'm not a fan of our task management system, you don't check out jobs or tasks like moving cards on a kanban board, it's more of a loose, calendar-based setup. We're also in a small, open office so it can be difficult to remember to log things in the software when you could tell the person opposite you that their task is finished. On top of that a lot of the time it takes me longer than the scheduled time to get a job finished as I'm learning a lot of new stuff, so digitally documenting things like that worry me a little. I don't want to look like I can't hack it just because a job takes me longer than my much-more-experienced colleagues.
I should note that I understand it's all incredibly useful data to the company, but I hate doing it and it's very easy to forget or ignore.

Don't you hate it when people have unrealistic expectations from you ? Like this friend of mine saw some movie and now wants me to teach him how to hack. He has zero knowledge of computers and I'm not very proficient in cybersecurity myself. I'm a Web-Dev. I build websites. Hacking is a whole other domain but they just can't seem to get it in their heads. I wish I could just smack them so hard that they'd come back to their senses but alas ! that's not an option and by the looks of it, it never will be.

While at a *coding* conference, with lots and lots of techy devs in attendance, many using mobile devices, a vendor decided to hold a hacking contest. Hack their little problem, get a t-shirt. Hack their big problem, get a bigger prize. I go to their website and notice:

1) they force me to create an account to do either problem.

2) the fucking bag of salty dicks can't even manage to make a responsive website. I mean, I could have fixed that for the cocksuckers while at the conference. But no, the shit company comes to a place full of devs and has a shitty website. Like, make your eyes bleed like a leaky sack of vaginas, bad.

I solved their little problem as fast as I could and deleted my account out of spite.

Every time I'm working on a task as soon as I need to write some hack, dirty code, that does work, but creates overhead in the run time performance or makes the project a mess. I stop and can't continue with this task...

it locks my mind and progress where after a while. I simply give up and do it anyway or give someone else the task.

How to deal with task that have no clean solution?

A hack that I won
They gave money too, but can't click that 🙈🙈🤣🤣

Need some help,
I am setting up postfix and I need it to accept all emails, from any domain (without a domain list), and forward it to a local address on the machine (It pipes into PHP, toscript@).

I have a catch-all working where it is forwarding the emails to the toscript@ mailbox dispite of the to address. But if I send an email to it that is not in the domain list it gets rejected as it's not in the domain list, Is their a known way to force Postfix to accept all domain emails without having a list of the domains in the server.

I have searched but no luck of a working solution, I have looked at the following with no working solution

Server Fault: 133190
Server Fault: 422468
Server Fault: 179419
Server Fault: 105641
Server Fault: 161321
Server Fault: 318426
Server Fault: 514643
Server Fault: 410053
Stack Overflow: 4772229
Super User: 353488

Looking at the docs I do not see anything for it but making it an open relay but I can't figure what settings to update to make it the open relay to capture all of the mail.

I know I am missing something but I can't figure out what it is!

::Rant::
I'd like to use Postfix as it seems very stable and it's not a hack job as some of the projects that I have seen. It also can communicate with all of the proper channels for SMTP and the Protocol as well as some very easy configs.

I took a career transition last year and I'm starting to question my decision. I'm stuck.

I've only learned to hack shit together in my past jobs (except one freelance project where I pretty much learned most of what I now properly know), exposing me to bad practices. To make it worse, I lack fundamentals and basics so can't even write JavaScript beyond for loops without documentations.

Lately I've been pushed to take charge in structuring a project from scratch. I failed at understanding what exactly Webpack does mainly because it required knowledge of web modules which I still find elusive. I make time to learn basics in the evening or weekends but most of the time I'm taking home the internship work project that I, again, just need to hack shit together, depleting my energy by the end of day.

Now I'm at the stage where I need money, for which I'm thinking of applying for waitressing or entry-level marketing jobs. I'm shit scared that I'll never break into the industry and will just end up living day by day feeling unfulfilled.

I'm so tired of trying.

Need some advise from all you clever devs out there.

When I finished uni I worked for a year at a good company but ultimately I was bored by the topic.

I got a new job at a place that was run by a Hitler wannabee that didn't want to do anything properly including writing tests and any time I improved an area or wrote a test would take me aside to have a go so I quit after 3 months.

Getti g a new job was not that hard but being at companies for short stints was a big issue.

My new job I've been here 3 months again but the code base is a shit hole, no standardisation, no one knows anything about industry standards, no tests again, pull requests that are in name only as clearly broken areas that you comment on get ignored so you might as well not bother, fake agile where all user stories are not user stories and we just lie every sprint about what we finished, no estimates and so forth, and a code base that is such a piece of shit that to add a new feature you have to hack every time. The project only started a few months back.

For instance we were implementing permissions and roles. My team lead does the table design. I spent 4 hours trying to convince him it was not fit for purpose and now we have spent a month on this area and we can't even enforce the permissions on the backend so basically they don't exist. This is the tip of the iceberg as this shit happens constantly and the worst thing is even though I say there is a problem we just ignore it so the app will always be insecure.

None of the team knows angular or wants to learn but all our apps use angular..

These are just examples, there is a lot more problems right from agile being run by people that don't understand agile to sending database entities instead of view models to client apps, but not all as some use view models so we just duplicate all the api controllers.

Our angular apps are a huge mess now because I have to keep hacking them since the backend is wrong.

We have a huge architectural problem that will set us back 1 month as we won't be able to actually access functionality and we need to release in 3 months, their solution even understanding my point fully is to ignore it. Legit.

The worst thing is that although my team is not dumb, if you try to explain this stuff to them they either just don't understand what you are saying or don't care.

With all that said I don't think they are even aware of these issues somehow so I dont think it's on purpose, and I do like the people and company, but I have reached the point that I don't give a shit anymore if something is wrong as its just so much easier to stay silent and makes no difference anyway.

I get paid very well, it's close to home and I actually learn a lot since their skill level is so low I have to pick up the slack and do all kinds of things I've never done much of like release management or database optimisation and I like that.

Would you leave and get a new job?

damn ios sucks ass. you seriously don't support any good css. I feel like I have to hack everything since you can't even do zindexes correctly or background-size:cover.