Today my classmate came up to me and said he was a hacker.

I told him to prove it, and guess what? HE ACTUALLY HACKED GOOGLE!

It was amazing! He impressed so many kids in the class with his skills of pressing F12! How impressive is that?

He even wore a black hoodie and can spell his name in binary code. Not to mention, he changed google doc's page color to black and the font to green as he typed his essay.

I need to be careful... This 1337 h4x0r is really scary.

83w4r3

So I just got one of those pop ups saying YOUR COMPUTER HAS BEEN HACKED.

I decided to call the number, while firing up a Linux virtual machine, running Linux Mint. I customized the home button to look like the Windows start menu logo, and proceeded to let that scammer connect to it.

He was so confused, considering the script he was reading off of was meant for windows. He opened up terminal, and started typing in "tree" and told me that's how many viruses I have.

😂😂😂

I was drunk yesterday, watching Mr. Robot.

Woke up with Kali linux booted from a usb and a hacked WiFi password for my annoying vegan neighbor.

I realized hacking was about being smart when at 14 i hacked into someones computer by guessing his password on the 2nd try.

The dude loved computers more than me and watched matrix all the time.

So i typed “neo”

Once, I used inspect element to change Google's image to one from a meme.

My mom legit freaked out and thought I had just hacked Google themselves, and because she wouldn't believe me, I had to wait two hours until my dad got home so he could explain. During which time, I was yelled at about how we were going to be "sued for millions".

If she only understood how inspect element works.

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Dear diary,

Today I sold my soul... I hacked my way around a bug instead of refactoring. It was a moment of weakness... I... I was not given enough time....

I am sorry...

When you were growing up to be a developer and your mom brags about what a genius you were and has literally no idea what she was bragging about...

#IJustInstalledLinuxMomChill...

Funny story my step dad was bragging about me hacking Google to a group of his guys a few months ago (mind you I'm 21, he's a roofing contractor) and he calls me over and is like "yo, Jimmy. Tell them how you hacked google. (Obviously I never "hacked google", whatever that means) and this guy he's talking to say:

"Oh shit. You can do that shazz".

For my own amusement I replied:
"Yeah I hacked google last week. I HTML'd into their json databases to pull out an ASP in order to bash attack on their .Net services using only CSS"

Of course the man's only response at this point was to ask me how much it would cost me to build him a site...

string excuses[]={
"it's not a bug it's a feature",
"it worked on my machine",
"i tested it and it worked",
"its production ready",
"your browser must be caching the old content",
"that error means it was successful",
"the client fucked it up",
"the systems crashed and the code got lost" ,
"this code wont go into the final version",
"It's a compiler issue",
"it's only a minor issue",
"this will take two weeks max",
"my code is flawless must be someone else's mistake",
"it worked a minute ago",
"that was not in the original specification",
"i will fix this",
"I was told to stop working on that when something important came up",
"You must have the wrong version",
"that's way beyond my pay grade",
"that's just an unlucky coincidence",
"i saw the new guy screw around with the systems",
"our servers must've been hacked",
"i wasn't given enough time",
"its the designers fault",
"it probably won't happen again",
"your expectations were unrealistic",
"everything's great on my end",
"that's not my code",
"it's a hardware problem",
"it's a firewall issue",
"it's a character encoding issue",
"a third party API isn't responding",
"that was only supposed to be a placeholder",
"The third party documentation is wrong",
"that was just a temporary fix.",
"We outsourced that months ago.","
"that value is only wrong half of the time.",
"the person responsible for that does not work here anymore",
"That was literally a one in a million error",
"our servers couldn't handle the traffic the app was receiving",
"your machines processors must be too slow",
"your pc is too outdated",
"that is a known issue with the programming language",
"it would take too much time and resources to rebuild from scratch",
"this is historically grown",
"users will hardly notice that",
"i will fix it" };

Funny story about the first time two of my servers got hacked. The fun part is how I noticed it.
So I purchased two new vps's for proxy server goals and thought like 'I can setup fail2ban tomorrow, I'll be fine.'

Next day I wanted to install NginX so I ran the command and it said that port 80 was already in use!

I was sitting there like no that's not possible I didn't install any server software yet. So I thought 'this can't be possible' but I ran 'pidof apache2' just to confirm. It actually returned a PID! It was a barebones Debian install so I was sure it was not installed yet by ME. Checked the auth logs and noticed that an IP address had done a huge brute force attack and managed to gain root access. Simply reinstalled debian and I put fail2ban on it RIGHT AWAY.

Checked about two seconds later if anyone tried to login again (iptables -L and keep in mind that fail2ban's default config needs six failed attempts within I think five minutes to ban an ip) and I already saw that around 8-10 addresses were banned.

Was pretty shaken up but damn I learned my lesson!

The windows/microsoft fanboy I've ranted about multiple times.

- wouldn't use anything except for windows. Even if required for a project (I would if really needed, have done that a few times already)
- refused to use any framework/language not written by Microsoft
- tried to get other projects to use windows/.net when it wasn't required and it was only linux/php guys (and that fit the projects perfectly)
- ONLY wanted to use Skype and whatsapp. Always bragged about how he had 10gb of Skype history.
- didn't want to use anything related to linus torvalds or open source because 'those are open source and have no business model so they're bad'

And then: he suggested the use of windows server right after one was hacked (windows vuln that wasn't patched yet) which caused the devops guys to want to install a new Linux server for it.
Even the windows sysadmin pointed to the door when he said that and gave him a huge 'GTFO' face cD

Yeah, fuck him.

So back story... I opened up my own company a while back. I provide not only general IT and phone repair etc but I also do ethical penetration testing and patch the holes.

Before opening my own business me and some buddy's went out to a bowling ally and bar to have a few drinks. I wanted to see what their network was like... I hacked into their entire network in less than two minutes. From my iPhone. I was in their switches, I was configuring their printers and fax machines. Lord knows what I could have done if I had my laptop.

Anyways, back to the rant... I got this text today. 😂😩🔫

A while ago (few months) I was on the train back home when I ran into an old classmate. I know that he's a designer/frontend/wordpress guy and I know that he'll bring anyone down in order to feel good. I also know that he knows jack shit about security/backend.
The convo went like this:

Me: gotta say though, wordpress and its security...
Him: yeah ikr it's bad. (me thinking 'dude you hardly know what the word cyber security means)
Me: yeah, I work at a hosting company now, most sites that get hacked are the wordpress ones.
Him: yeah man, same at my company. I made a security thing for wordpress though so we can't get hacked anymore.
Me; *he doesn't know any backend NOR security..... Let's ask him difficult stuff*
Oh! What language did you use?
Him: yeah it works great, we don't get hacked sites anymore now!
Me: ah yeah but what language did you use?
Him: oh it's not about what language you use, it's about whether it works or not! My system works great!
Me: *yeah.....right.* oh yeah but I'd like to know so I can learn something. What techniques did you use?
Him: well obviously firewalls and shit. It's not about what techniques/technology you use, it's about whether it works or not!

That's the moment I was done with it and steered the convo another way.

You don't know shit about backend or security, cocksucker.

SSH'd into all the computers in college's lab and edited the bashrc to display "YOU ARE BEING WATCHED / YOU'VE BEEN HACKED" etc.
Everyone freaked out instantly.
Then edited my own bashrc file too so that no one realizes it's me.
I was surprised at how easy it was.

The website i made has been hacked today.

Stored in their server.

They didnt give me an access for it.

The user account in the cms i used for updating content while building the website was revoked when the website is completed.

Now they ask me for the latest backup.

I have no backup because how the hell i do a backup when i got no access to the cpanel.

The only backup is the zip file for initial uploading into their server and the contents were added after the website is on their server.

That goddamn IT guy who wont give me any access for “securty sake” is calling me furiously asking for the backup and how to set up the stuffs from the beginning.

I thought he was the one who know his shit but i was wrong.

Fuck me?

No.

Fuck you.

But i still responding to him telling him step by step how to do shit with some swearing and sarcasm.

ALWAYS BACKUP YOUR SHITS, MATE

Our company got attacked last month by what i believe was a code time bomb from a ex employee. And it was brutal, website hacked, email server not responding, locked out from database servers. The IT department asked for my help and I was more than happy to do it. Long story short I got every thing back working smoothly. The IT guys ask for a favor to not include this in my monthly progress report. Fine by me. But then they went out and tokd the top management that they are teaching me about the networks and servers so thats why I was working with them last month. Fucking assholes. Not going to help them any more.

This is super childish but it's the gameserver insidstry and karma is a bitch.

TLDR: I hacked my boss

I was working for a gameserver and I did development for about 3 months and was promised pay after the network was released. I followed through with a bunch of dev friends and the guy ended up selling our work. He didn't know that I was aware of this as he tried to tell people to not tell us but one honest person came forward and said he sold our work for about 8x the price of what he owed ALL OF US collectively.

I proceeded to change the server password and when he asked why he couldn't log in I sent him an executable (a crypted remote access tool) and told him it was an "encryption tunnel" that makes ssh and file transfers secure. Being the idiot that he is he opened it and I snagged all of his passwords including his email and I changed them through a proxy on his machine to ensure I wouldn't get two factored with Google. After I was done I deleted system 32 :3

This happened when I was on third semester of the career at university. I had my first boyfriend, the "Python" guy. He has that nickname because he used Python as his main programming language and nobody on the classroom used it.

In a few words, he was a... horrible human being. He talked down to me almost all the time, saying to me that my country was sh*t (he is from United States, and for a reason he never wanted to told me, he cannot go back to his country), that my university was sh*t and he said "you're will be lucky if you rot programming in a chair".

As you might wondering, yes, unfortunately it was a toxic relationship. Once he said he wanted to kill the teacher because he though that he hacked his laptop D:

He claimed that he was going to teach me python and security stuff, bla bla bla, but nothing. I learned python by my own.

I almost lost my faith in dev future because I though that the only ones that could have a real future in programming where people without ethics and only if they have a friend or a relative on a company.

The saddest part was that I dated him because I love smart boys, but he was just an idiot that, furthermore, wanted to change me (he pressured me to have tattoos, dye my hair and have sex, things that, of course, I didn't do).

I found courage to break up with him. I waited until the semester ends (in order not to lose my programming final projects) and, the day after the last day of class, I broke up with him.

I recovered my faith on programming when, next semester, one of the teachers invited me to give a python programming workshop :D and I gave two python workshops, and two of mobile development.

Now I'm working as a junior .NET developer. Thank God I broke up with him before the relationship became even worse. "Python" wanted to marry me after a year! O_O

Tonight I was getting ready to pay my monthly apartment maintenance bill so I Googled my property management company's name because I always forget the url. It's always the first result, but I noticed Google placed a little "This site may be hacked." line of text on their listing.

Seeing that before and knowing what it means, I went into the source for their index page, and to my suspicion, their WordPress installation was hacked with the standard invisible spam links.

I realize this happens to a lot of WordPress blogs, but this is an NYC property management company that is responsible for a lot of buildings and has millions of dollars in contracts. Normally I would inform them, but having dealt with them in the past I don't like them very much, but more importantly, I don't think they'd understand what I was saying because they are so technically inept. They might even think that because I found this, that I had something to do with it.

So devRant, it is up to you. What should I do?

This is dedicated to all Webdevs, especially those WordPress fanboys.

I was reflecting on some things since I do more frequent freelance jobs at the time. And I have to admit: people are fucking crazy.

I had some serious talk with customers and some serious talk for people I work as subsidiary.

The average customer thinks a nice webpage costs I'm 9-50 bucks. They got some shitty Webhosting for 1-5$/month including domain and think they are set.

They have unclear visions about what they actually want, it all boils down to "I like the design". I made a page for someone who just posted images, no text nothing and I told him a trillion times NEEDS some text, even a fucking picture description would be sufficient, else he'll never score anything at google.

Ofc it got denied, now he's bitching how nobody finds the site when they google his name. The other thing is that Wordpress became the solution for everything.

I'm a fucking certified magento developer and I hate magento with a passion. Magento is an overabstracted clusterfuck and believe me, I did the certification I had to learn more than average about the core. But damn, don't slap woocommerce on everything.

Narrowninded fucktards, the cheap out of the box solution isn't always the best.

Don't cry if you got hacked because you were too dumb to upgrade your wordpress. Don't tell me to do some "enhancements" on a server you probably share with 100 other uses. I can't fix your Webserver with your shitty ftp account.

I also hate WordPress with a burning passion. Cum guzzling cavetroll it is. It has it usages, but don't rely on a core So small every kind of extra functionality has to somehow tinkered on it and then expect it to work flawlessly and for 10$ price.

Of course you can buy a theme that, if it would have been special made for you cost 800$ or more, but it wasn't. It just looks like it from the outside. If you want customization you are at the mercy of the option it provides. I can't even tell how many times i spent whole evenings explaining how their shiny template works. Just to do some crazy shit with JavaScript like rearranging domelements because it didn't work as expected.

I still stay to my word. Nothing great has been nor will be created with a Wordpress core. Don't tell me how some great stuff has been achieved. Or wait, please do so. But before you do think about if that wouldn't been faster, cheaper, more reliable , etc... if done with a framework like symphony or laravel... or even zend or cake.

And that brings me back to the point:
Is cheap and "out of the box" really what you need and desire? As customer and as developer?

I recently joined the dark side - an agile consulting company (why and how is a long story). The first client I was assigned to was an international bank. The client wanted a web portal, that was at its core, just a massive web form for their users to perform data entry.

My company pitched and won the project even though they didn't have a single developer on their bench. The entire project team (including myself) was fast tracked through interviews and hired very rapidly so that they could staff the project (a fact I found out months later).

Although I had ~8 years of systems programming experience, my entire web development experience amounted to 12 weeks (a part time web dev course) just before I got hired.

I introduce to you, my team ...

Scrum Master. 12 years experience on paper.
Rote memorised the agile manifesto and scrum textbooks. He constantly went “We should do X instead of (practical thing) Y, because X is the agile way.” Easily pressured by the client to include ridiculous (real time chat in a form filling webpage), and sometimes near impossible features (undo at the keystroke level). He would just nag at the devs until someone mumbled ‘yes' just so that he would stfu and go away.

UX Designer. 3 years experience on paper ... as business analyst.
Zero professional experience in UX. Can’t use design tools like AI / photoshop. All he has is 10 weeks of UX bootcamp and a massive chip on his shoulder. The client wanted a web form, he designed a monstrosity that included several custom components that just HAD to be put in, because UX. When we asked for clarification the reply was a usually condescending “you guys don’t understand UX, just do <insert unhandled edge case>, this is intended."

Developer - PHD in his first job.
Invents programming puzzles to solve where there are none. The user story asked for a upload file button. He implemented a queue system that made use of custom metadata to detect file extensions, file size, and other attributes, so that he could determine which file to synchronously upload first.

Developer - Bootlicker. 5 years experience on paper.
He tried to ingratiate himself with the management from day 1. He also writes code I would fire interns and fail students for. His very first PR corrupted the database. The most recent one didn’t even compile.

Developer - Millennial fratboy with a business degree. 8 years experience on paper.
His entire knowledge of programming amounted to a single data structures class he took on Coursera. Claims that’s all he needs. His PRs was a single 4000+ line files, of which 3500+ failed the linter, had numerous bugs / console warnings / compile warnings, and implemented 60% of functionality requested in the user story. Also forget about getting his attention whenever one of the pretty secretaries walked by. He would leap out of his seat and waltz off to flirt.

Developer - Brooding loner. 6 years experience on paper.
His code works. It runs, in exponential time. Simply ignores you when you attempt to ask.

Developer - Agile fullstack developer extraordinaire. 8 years experience on paper.
Insists on doing the absolute minimum required in the user story, because more would be a waste. Does not believe in thinking ahead for edge conditions because it isn’t in the story. Every single PR is a hack around existing code. Sometimes he hacks a hack that was initially hacked by him. No one understands the components he maintains.

Developer - Team lead. 10 years of programming experience on paper.
Writes spaghetti code with if/else blocks nested 6 levels deep. When asked "how does this work ?”, the answer “I don’t know the details, but hey it works!”. Assigned as the team lead as he had the most experience on paper. Tries organise technical discussions during which he speaks absolute gibberish that either make no sense, or are complete misunderstandings of how our system actually works.

The last 2 guys are actually highly regarded by my company and are several pay grades above me. The rest were hired because my company was desperate to staff the project.

There are a 3 more guys I didn’t mention. The 4 of us literally carried the project. The codebase is ugly as hell because the others merge in each others crap. We have no unit tests, and It’s near impossible to start because of the quality of the code. But this junk works, and was deployed to production. Today is it actually hailed as a success story.

All these 3 guys have quit. 2 of them quit without a job. 1 found a new and better gig.

I’m still here because I need the money. There’s a tsunami of trash code waiting to fail in production, and I’m the only one left holding the fort.

Why am I surrounded by morons?
Why are these retards paid more than me?
Why are they so proud when all they produce is trash?
How on earth are they still hired?

And yeah, FML.

Hello!
I'm a member of an international hacker group.

As you could probably have guessed, your account [cozyplanes@tuta.io] was hacked, because I sent message you from it.

Now I have access to you accounts!
For example, your password for [cozyplanes@tuta.io] is [RANDOM_ALPHABET_HERE]

Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.

We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...

Transfer $700 to our Bitcoin wallet: 13DAd45ARMJW6th1cBuY1FwB9beVSzW77R
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.

I guarantee that after that, we'll erase all your "data" :)

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.

>> RE >>
Well f### you, thanks for telling my password which is obviously fake. I have sent your details to the local police department, shall rest in peace. Don't earn money by this kind of action. STUPID!

I was registering for a website, and on a whim, I used this as my username:
null'); PRINT('Hello');--

And sure enough, the login system went down. The next day it was still down, so I went to Twitter to tell the people running the site that this was why, but to my surprise, I see them saying they had been hacked.
Based on the timing, I'm pretty sure they're referring to this, but they are saying user info was stolen. *facepalm*
They later said they stored passwords salted with a fixed salt and hashed with fucking md5, at which point I was glad not to have done any more business with them.

How incompetent can these fucking people be?!

An intern I was supposed to lead (as an intern) and work with. Which sounded kinda crazy to me, but also fun so I rolled with it. But when I met her I quickly found out she didn't even have a coding editor installed and when I advised one she was "scared of virusses". She had Microsoft Edge in her toolbar, and some picture of a cat as a background. We were given some project by our boss, and a freelance programmer helped us set it up on Trello. Great, lets start! Oke maybe first some R&D, she had to reaeach how to use the Twilio API. After catching her on WhatsApp a few times I realised this wasnt gonna go anywere. After a few weeks of coding and posting a initial project to git I asked her if she could show me the code of the API she made so far..

She told me she was using the quickstart guide (the last 3 FUCKING weeks) which contained some test project with specific use cases.

The one that I did 3 weeks ago that same fucking morning.

AND SHE WAS STILL NOT DONE...

A few days later I asked her about the progress (strangly, I wasn't allowed ti give her another task bcs the freelanc already did) and guess what... She got fking pissed at me

Her: "I will come to you when im done, ok?"
Me: "I just want to see how it is going so far and if you are running into any problems!"
Her: "I dont want to show you right now"

She then goes to my fucking boss to tell him I am bothering her.

And omg... Please dear god please kill me now...

Instead of him saying the she probably didn't do shit. He says to me that the girl thinks im looking down on her and she needs a stress free environment to work in. She will show me when its done. ITS A FUCKING QUICKSTART GUIDE YOU DUMB BITCH.

He then procceeded to whine to me about the email template (another project I do at the same time) which didn't look perfect in all of his clients.

Dont they understand that I am not a frontend developer? Can you stop please? I know nothing about email templates, I told you this!!!

Really... the whole fucking internship the only thing the girl did was ask people if they want more tea. Then she starts cleaning the windows, talk to people for an hour, or clean everyone's dask.

all this while I already made 50% of the fucking product and she just finished the quickstart tutorial 😭. Truly 2 months wasted, and the worse thing is I didn't get any apprication. They constantly blamed me and whined at me. Sometimes for being 3 minutes late, the other for smoking too much, or because I drink to much coffee, or that I dont eat healthy. They even forced me to play Ping Pong. While im just trying to do my job. One of the worst things they got mad at me for if when my laptop got hacked bcs it was infected with some virus. He had remote access and bought 5 iPhones 6's with my paypal while I was on break. I had to go home and quickly reset all my passwords and make sure the iPhones wouldnt get delivered. strange this was, this laptop I only used at the company. So it must have been software I had to download there. Probably phpstorm (torrent). Bcs nobody would give me a license. And the freelancer said I * have to *.

the monday after I still had to reinstall windows so I called them and said I would be late. when I came they were so disrepectfull and didn't understand anything. It went a little like this:

Boss: why u late?
Me: had to reinstall my laptop, sorry.
Boss: why didnt you do this in your own time?
Me: well, I didn't have any time.
Boss: cant you do this in the weekend or something? Because now we have to pay you several hours bcs you downloaded something at home.

Me: I am only using this laptop for work so thats not possible.

Boss: how can that even be possible? You are not doing anything at home with your laptop? Is that why you never do anything at home?

Me: uhm, I have desktop computer you know. Its much faster. And I also need to rest sometimes. Areeb (freelancer) told me to torrent the software. He gave me the link. 2 days later this happends

Boss: Ahh okeee I see.. Well dont let it happen again.

After that nobody at the compamy trusted me with anything computer related. Yes it was my own fault I downloaded a virus but it can happen to anyone. After that I never used Windows again btw, also no more auto login apps.

Site (I didn't build) got hacked, lots of data deleted, trying to find out what happened before we restore backup.

Check admin access, lots of blank login submissions from a few similar IPs. Looks like they didn't brute force it.

Check request logs, tons of requests at different admin pages. Still doesn't look like they were targeting the login page.

We're looking around asking ourselves "how did they get in?"

I notice the page with the delete commands has an include file called "adminCheck".

Inside, I find code that basically says "if you're not an admin, now you are!" Full access to everything.

I wonder if the attack was even malicious.

I've had my share of incompetent coworkers. In order of appearance:

1. A full stack dev. This one guy never, and I mean NEVER uses relationships in their tables. No indexing, no keys, nada. Couple of months later he was baffled why his page took ten seconds to load.

2. The same dev as (1). Requirement was to create some sort of "theme" feature for a web app. Hacked it by putting !important all over the place.

3. The same dev again. He creates several functions that if the data exists returns a view, and if it doesn't, "echo '0'". No, not return 0 or return false or anything, but fucking echo. This was PHP. If posted a rant about this a few months ago.

4. Same dev, has no idea what clean code is. No, not just reusable functions, he doesn't even get indenting right. Some functions have 4 spaces, some 2 tabs, some 6 tabs! And this is inside the same function. God wait until he tries Python...

5. Same dev now suggests that he become the PM. GM approves (very small company). Assigns me to travel to a client since they needed "technical assistance about the API". Was actually there to lead a UAT session.

Intermezzo, that guy went from fullstack dev to PM to sales (yes, one who calls clients to offer products) to business development, to product analyst in the span of two years.

After a year and a half there, I quit.

6. New company, a "QA engineer" who also assumes the role as the product owner. Does absolutely no tests other than "functional tests" in which he NEVER produces any form of documentation. Not even a set of test cases. He goes by "intuition".

7. Same guy as (6), hands me requirements for a feature. By "hands me" I mean he did that verbally. No spec documents, no slack chat, no Trello card. I ended up writing it as a card in Trello. Fast forward to the due date, he flips out because that wasn't what he wanted. Showed him the card. He walked away, without thinking of a solution how this mess should be handled.

Despite all this, I really don't want him (6&7) to leave the company. The devs get really stressed out at this job and he does make a really good person to laugh with/at.

I left a company once. Was there with one colleague and we had this kind of code review habit that we looked at each other changes befor merging them to the deploy branch. On my last day I made a dancing cat dance in front of our app as a tiny joke for him. He instead of reviewing just pulled this time and deployed the new version on the companies dev server without a look. So the fist time the cat showed up was appareantly in the first meeting after I left and everyone went completely crazy because they thought they got hacked.

I think they never found the hidden rock roll in the app.

Let me preface this by saying I'm not a designer.

While I can make individual bits of a site look good, and I'm actually pretty skilled with CSS/Sass, overall design completely escapes me. I can't come up with good designs, nor do I really understand *why* good designs are good. It's just not something I can do, which feels really weird to say. but it's true.

So, when I made the Surfboard site (that's the project's internal name), I hacked everything together and focused on the functionality, and later did a branding and responsive pass. I managed to make the site look quite nice, and made it scale well across sizes/devices despite being completely new to responsiveness. (I'm proud, okay? deal.)

After lots of me asking (in response to people loudly complaining that the UI doesn't have X feature, scale properly on Y device, and doesn't look as good as Z site), the company finally reached out to its UI contractor who does their design work. After a week or two, he sent a few mockups.

The mockups consisted of my existing design with a darker background, much better buttons, several different header bars (a different color) with different logo/text placements, and several restyled steppers. He also removed a couple of drop shadows and made some very minor styling changes (bold text, some copy edits). Oh, he also changed the branding colors. Nothing else changed. It's basically the same exact site but a few things look a little better. and the branding is different.

My intermediary with the designer asked for "any feedback before finalizing the designs" -- which I thought odd because he sent mocks for two out of the ten pages (nine plus a 404 page). (Nevermind most of the mocks showed controls from the wrong page...).

So, I typed up a full page of feedback. Much of it was asking for specifics such as responsive sizing on the new header layout, how the new button layout would work for different button counts, asking for the multitude of missing pages/components, asking why the new colors don't match the rest of our branding, etc. I also added a personal nitpick about flat-looking controls because I fucking hate them. Everything I wrote was very friendly and professional.

... His response was full of gems. Let me share a few.

1. "Everything about the current onboarding site looks like a complete after-thought." (After submitting a design basically identical to mine! gg!)

2. "Yes [the colors match our current branding]." (No. They don't. I checked. The dark grey is different, the medium grey is different, the silver is different, the light blue is different. He even changed the goddamn color of the goddamn LOGO for fuck's sake! How the fuck is that "matching"?!)

3. "Appreciate the feedback [re: overlapping colored boxes, aka 'flat'], design is certainly subjective. However, this is the direction we are going." (yet it differs from the rest of our already-redesigned sites you're basing this off. and it's ugly as shit. gg again :/)

4. "Just looked at the 404 page. It looks pretty bad, and reflects very poorly on the [brand name] brand. Definitely will make a change here!" (Hey! I love that thing. It's a tilted, dotted outline of a missing [brand product] entirely drawn with CSS. It has a light gray "???" underlay and some 404 text inside. Everyone I showed it to, coworkers and otherwise, loved it. "Looks pretty bad". fuck you.)

I know I shouldn't judge someone so quickly, but what the fuck. This guy reminds me of one of those pompous artists/actors who's better than everyone and who can never be wrong, even while they're contradicting themselves.

just.
asfjasfk;ajsg;klsadfhas;kldfjsdl.

We had a short power outage this morning. 30 min later I got an "urgent" call that someone's "computer" was not working in another branch of our company.

Not one person in that branch could figure this out so after them repeatedly messaging and calling me for around an hour I decided to come over.

I found out that the power wall plug to the monitor has a switch on it which this person accidentally kicked...

I fixed his problem in around 20 seconds. This same employee was one that somehow had his email account previously "hacked" and 8000 phishing emails were sent from his account in 1 hour.

I honestly think it is amazing people like this can even use a computer at all...

In few hours I was with client showing his website after long time coding and designing.

Client: I think this is it, here your final $$

Me: Me thanks sir and bye

A guy came in.

Client: Oh! Wait, this guy is our it expert let see if he have any advise.

Me: Oops! Okay

Guy: So this website will showcase our products

Me: Yes,

Guy: What about security because I just got news that Russian hacked one big company.

Me: I don’t think Russian have time to hack your one page website

Out of the door...

Was watching a Chinese movie and there's a scene where someone is getting hacked, and this is the fucking code that they are show as the "hacking code". How hard would it have been to find something more legitimate than this?

If I hadn't had a few $0.69 hamburgers from McDonald's today, I would be more upset.

I can't believe this company.

They want to stop using Certificates because it bothers the customer.

I had to use https because we were using service workers for a PWA.

I tried explaining we need them for the product to work, and also it's a basic security measure.

They were removing the certificates without my knowledge.

I found out because a colleague wanted a way to disable the service worker and asked me for help.

The manager said your not the boss of the company, it's not your company to make decisions.

Just do what they say, he tried to justify the decision from above, I said ok when was the last time you installed a certificate? he said never.
Ok, then what the fuck are you talking about, its 10 minutes to get a certificate letscrypt HELLO.

This company is very hierarchical 1900 style, I'm the person who does innovation in the organization, that's the most fucked up part, they say no to everything.
OMG, I'm going to quit.

There just asking to get hacked, this is just the tip of the iceberg.

Is this common or are they morons?

I used to work as an all-in-one IT guy in a company. One day I got a call from our HR team and the HR said "my Internet banking account has been hacked! It's logging in automatically!!" So I went to see the issue, and the so called "hack" was because she allowed Mozilla Firefox to save her login credentials, and because of that the login form was automatically filled. Such a stupid ass

My previous password for devRant was 123hackMe!

I never got hacked. I'm disappointed.

My Skype was hacked and spam links was sent to everyone.
I guess i deserved it since i haven't updated the password since i've signed up to skype 11 years ago.
Still very annoying.

Nearing the end of my internship I got to sit in with a few interviews for new interns. We asked them in advance to take some of their code with them if possible.

So this guy walks in a suit and with briefcase puts his briefcase on the table and takes out a few laminated A4 printouts. That was his code. He didn't want to take a USB or laptop because he might be hacked by the company.

The whole interview only took 4 minutes from the moment he walked in.

I have my best moments but the first time I felt badass about computers was when I was at kindergarten.

There was one computer with one cool game with skateboard. I wanted to play but the other kids didn’t let me.

I thought that if it look like I fix the computer they will let me. I took me month or little more but I made shutdown bat(I didn’t really understood fully) and I added it to the game shortcut from usb.

One of the other kids started the game and the computer turned itself off. Hi tried a few times and then I offered to fix it, I created new shortcut replacing the “hacked” one and the game ran.

From that moment the computer and the game were always free for me.

Best friends sister asked me if I could hack a phone or a router or something for her. Asked if the owner was alright with it. She said yes. Asked her for a picture of the interface. She sent me three pictures:
IPhone interface
Router interface
Blackberry phone interface.

😐

"I'll give you the iPhone through {best friends name}".

I have the phone now.

She's saying that I hacked their wifi.

I haven't even booted the phone yet.
I never connected to her network.
I don't know where she lives.

Dafuq.

I recently got a job as a sysadmin and they've been debriefing me on their hacked websites (wordpress malware injection). Beats me why they still have their sites up at all...
BUT WAIT THERE'S MORE!
I wanted to see if they have any backups... NONE.

The latest snapshot was over a year ago...FML. Over a year ago when they barely have anything on their company site and client sites 😒

Now, I have to revive 10 websites from redirection. Time to do some shell scripting!

I worked at a startup. They wanted to "save" money. So they hired a relative of "Fred" named "Bubba". Bubba made a custom website. Like hand built gifs and who knows how hand crafted html. It was fine for a time. Then somebody was wondering why nobody was calling us at the company. No customers. Another relative named "George" (who was actually a business major) looked at the website. It had been hacked and replaced with Jedis fighting Sith Lords. Me and another engineer named "Zeus" said "fuck this shit" and said "we are redoing this shit".

So I logged into godaddy (I know, shitty) and installed Wordpress (kinda shitty). I proceeded to turn wordpress into a half decent page. Wiped out the shit that was there, reused images as it made sense. Created more images. Reduced images to 80% quality to take loading size from 10MB to <1MB. Then I also proceeded to do SEO work and get the website listed properly within about a month. Customers started calling all the time. I had a simple contact form that barely gets any shit on it due to captcha. The was 5 years ago. I left 3 years ago (still help them on weekends) and nobody has done shit with the website. They are still getting calls and it hasn't been hacked.

We don't talk to Bubba. He didn't know what the fuck he was doing. I wonder if he still does websites for his relatives. I honestly had no clue what I was doing, but my take on the approach was easier to maintain and even George and Zeus and the new manager "Ralph" can maintain it, kinda. Went from shitty static website to full on dynamic and interactive. Yeah, I know, "dynamic". But the manager was happy.

Sometimes you just do what you gotta do in addition to doing all the electrical and software engineering for a company.

My private Email Account got hacked when I was in school, and they sent out a mail with something along the lines of "hey, you should really use this product to lose weight, it is great" to all of my contacts. Many of them ignored it, some of them called me to inform me about the issue (the worst part was, long after I used 2fa and changed passwords regularly, they still had my name and contact list, so they just made email adresses that looked like mine and continued to send out spam to my contacts). Anyway, one teacher of mine didn't know that this was a scam and was insulted because I regularly sent emails about her losing weight. And as if the whole situaion, which I couldn't do anything about, wasn't bad enough, my parents and I had do have a 1h conversation (which ended up in me explaining how those hacks work, and luckily she understood, but still). Never again. I prefer those fake ms support guys that call me over this every day.

When I thought I hacked Facebook.

I somehow managed to "inspect element" and changed a couple of the words on the page. I reloaded the page and all my work was gone... I tried it again and again then googled how to hack. I then learned how to make batch scripts. the rest is history.

The concept of, "hacking" at my school is so disgustingly bloated, as it probably is everywhere else. Some kid the other day said that he had hacked cookie clicker. Friggin cookie clicker. After opening inspect element and changing some local data to get infinite cookies. And he was hacking.

I swear, if I EVER told any of these idiots about some hacking project I did with an Arduino, they would start asking me how much money I made off with in the heist.

There is one kid in particular that annoys me, his name is Matthew, and he is the most pompous little piece of crap you have ever met. Every time they talk about him, they use the word, "hack" casually in conversation. "Wow dude he's gonna HACK you now", and it really boils my gears. I mean, come on, our school password is a birthday and initials, if he got into your account, he certainly didn't do it by hacking anyone. It has gotten to the point that I can't even hear the word without wanting to lash out at them and tell them how stupid they are. Maybe I can just send them a link to this rant.

My wifi was hacked two times last year, so I decided to change the factory credentials. Some months ago a tree fell on top of the cables on the street, cutting my internet connection. I call the ISP and when they get here they say I have no right for costumer support as I have altered my own connection.
WHAT. THE. FUCK
I had to revert the credentials to admin/admin in order get my internet back. These ISPs live in the fucking stone age. How the fuck do they force me to fucking have my router exposed with a fucking "admin/admin".
Fuck them.
I hope some day we have a cable revolution and finally have some rights over the networks we pay for with both tax money and excesive fees with low fucking speeds. Fuck them. Really.

Long rant ahead.. so feel free to refill your cup of coffee and have a seat 🙂

It's completely useless. At least in the school I went to, the teachers were worse than useless. It's a bit of an old story that I've told quite a few times already, but I had a dispute with said teachers at some point after which I wasn't able nor willing to fully do the classes anymore.

So, just to set the stage.. le me, die-hard Linux user, and reasonably initiated in networking and security already, to the point that I really only needed half an ear to follow along with the classes, while most of the time I was just working on my own servers to pass the time instead. I noticed that the Moodle website that the school was using to do a big chunk of the course material with, wasn't TLS-secured. So whenever the class begins and everyone logs in to the Moodle website..? Yeah.. it wouldn't be hard for anyone in that class to steal everyone else's credentials, including the teacher's (as they were using the same network).

So I brought it up a few times in the first year, teacher was like "yeah yeah we'll do it at some point". Shortly before summer break I took the security teacher aside after class and mentioned it another time - please please take the opportunity to do it during summer break.

Coming back in September.. nothing happened. Maybe I needed to bring in more evidence that this is a serious issue, so I asked the security teacher: can I make a proper PoC using my machines in my home network to steal the credentials of my own Moodle account and mail a screencast to you as a private disclosure? She said "yeah sure, that's fine".
Pro tip: make the people involved sign a written contract for this!!! It'll cover your ass when they decide to be dicks.. which spoiler alert, these teachers decided they wanted to be.

So I made the PoC, mailed it to them, yada yada yada... Soon after, next class, and I noticed that my VPN server was blocked. Now I used my personal VPN server at the time mostly to access a file server at home to securely fetch documents I needed in class, without having to carry an external hard drive with me all the time. However it was also used for gateway redirection (i.e. the main purpose of commercial VPN's, le new IP for "le onenumity"). I mean for example, if some douche in that class would've decided to ARP poison the network and steal credentials, my VPN connection would've prevented that.. it was a decent workaround. But now it's for some reason causing Moodle to throw some type of 403.

Asked the teacher for routers and switches I had a class from at the time.. why is my VPN server blocked? He replied with the statement that "yeah we blocked it because you can bypass the firewall with that and watch porn in class".
Alright, fair enough. I can indeed bypass the firewall with that. But watch porn.. in class? I mean I'm a bit of an exhibitionist too, but in a fucking class!? And why right after that PoC, while I've been using that VPN connection for over a year?

Not too long after that, I prematurely left that class out of sheer frustration (I remember browsing devRant with the intent to write about it while the teacher was watching 😂), and left while looking that teacher dead in the eyes.. and never have I been that cold to someone while calling them a fucking idiot.

Shortly after I've also received an email from them in which they stated that they wanted compensation for "the disruption of good service". They actually thought that I had hacked into their servers. Security teachers, ostensibly technical people, if I may add. Never seen anyone more incompetent than those 3 motherfuckers that plotted against me to save their own asses for making such a shitty infrastructure. Regarding that mail, I not so friendly replied to them that they could settle it in court if they wanted to.. but that I already knew who would win that case. Haven't heard of them since.

So yeah. That's why I regard those expensive shitty pieces of paper as such. The only thing they prove is that someone somewhere with some unknown degree of competence confirms that you know something. I think there's far too many unknowns in there.

Nowadays I'm putting my bets on a certification from the Linux Professional Institute - a renowned and well-regarded certification body in sysadmin. Last February at FOSDEM I did half of the LPIC-1 certification exam, next year I'll do the other half. With the amount of reputation the LPI has behind it, I believe that's a far better route to go with than some random school somewhere.

There was a time I made an update on one of our client's e-commerce website sign-up page. The update caused a bug that allowed new users to create an account without actually creating an account.

The code block meant to save user credentials (i.e email address and password) to the database was commented out for some reasons I still can't remember to this day. After registration new users had their session created just as normal but in reality they have no recorded account on the platform. This shit went on like this for a whole week affecting over 350 new customers before the devil sent me a DM.

I got a call from my boss on that weekend that some users who had made purchases recently can't access their account from a different device and cannot also update their password. Nobody likes duty calls on a weekend, I grudgingly and sluggishly opened up my PC to create a quick fix but when I saw what the problem was I shut down my PC immediately, I ran into the shower like I was being chased by a ghost, I kept screaming "what tha fuck! what tha fuck!!" cus I knew hell was about to break loose.

At that moment everything seemed off as if I could feel everything, I felt the water dripping down my spine, I could hear the tiniest of sound. I thought about the 350 new customers the client just lost, I imagined the raving anger on the face of my boss, I thought about how dumb my colleagues would think I was for such a stupid long running bug.

I wondered through all possible solutions that could save me from this embarrassment.
-- "If this shitty client would have just allowed us verify users email before usage things wouldn't have gotten to this extent"
-- "Should I call the customers to get their email address using their provided telephone?... No they'd think I'm a scammer"
-- "Should I tell my boss the database was hacked? Pffft hack my a**",
-- "Should I create a page for the affected users to re-verify their email address and password? No, some sessions may have expired"
-- "Or maybe this the best time to quit this f*ckn job!"
... Different thoughts from all four corners of the bathroom made it a really long bath. Finally, I decided it was best I told my boss what had happened. So I fixed the code, called my boss the next day and explained the situation on ground to him and yes he was furious. "What a silly mistake..!" he raged and raged. See me in my office by Monday.
That night felt longer than usual, I couldn't sleep properly. I felt pity for the client and I blamed it all on myself... yeah the "silly mistake", I could have been more careful.

Monday came boss wasn't at the office, Tuesday, Wednesday, Thursday, Friday not available. Next week he was around and when we both met the discussion was about a different project. I tried briefing him about last week incident, he seems not to recall and demands we focus on the current project.

However, over three hundred and fifty customers swept under the carpet courtesy of me. I still felt the guilt of that f*ck up till this day.

Let me tell you a story:
One upon a time poor lil PonySlaystation received a call. It was a nice guy who cried about his WordPress website had been hacked. So the clusterfuck began...

He gave me the login credentials for the hosting back-end, DB, FTP and CMS.
A hacked WP site was not new for me. It was probably the 6th of maybe 10 I had to do with.
What I didn't expect was the hosting back-end.
Imagine yourself back in 1999 when you tried to learn PHP and MySQL and all was so interesting and cool and you had infinite possibilities! Now forget all these great feelings and just take that ancient technology to 2018 and apply it to a PAID FUCKING HOSTING PROVIDER!
HOLY FUCKING ASSRAPE!
Wanna know what PHP version?
5.3.11, released the day before gomorrah was wiped.
The passwords? Stored in fucking plaintext. Shown right next to the table name and DB user name in the back-end. Same with FTP users.
EXCUSE ME, WHAT THE FUCK?!

I have to call Elon Musk and order some Boring Company Flame Throwers to get rid of this.

Long story long, I set up a new WP, changed all passwords and told the nice guy to get a decent hoster.

So I looked at our dashboard and noticed a banner mentioning scheduled maintenance set for 7:00 AM. And I thought to myself, "I never released an update, and even if I had, the maintenance would be performed 15 minutes after the build finished, not at 7:00 AM." So I emailed my coworkers, asking if they had put up the banner, no, no. I started pulling my hair out trying to figure out what caused this banner to be created. Was there some old job that was just now running? I combed through the server logs, thousands of entries later, and I found the banner was installed by some user with the IP 172.18.0.1...which was the local machine. I went through all the users on the system, running atq to see if anyone had jobs scheduled. And there was one job scheduled, under the root user. At that moment, I legit thought to myself, "have we been hacked? How is that possible?" It's wasn't! Then I looked under /var/spool/atjobs to see what the job actually was. And then I saw it. My weekly updater cron job had installed updates and had scheduled a maintenance window to reboot the system. And I smiled, realizing that my code was now sentient.

A few weeks before, my neighbor came to me saying his wifi is hacked and someone is abusing it.
So I tried the wifi and found out there is no password. And the one who was abusing a simple open wifi was me XD.
So I set a password for her and disabled wps. But hopefully no one (expect devrant) will know I used that much bandwidth.

Every time I encounter "404 Not Found - nginx" when I was really young, I thought the website was hacked by Nginx(ngingks). When I got to uni and found out what it was and how to say it, I just facepalmed. Even until now, every time I read it on job posts, I still say ngingks in my head and laugh hahaha

The only hacked sites I had to fix were running on ... [prepare your stomach] ... Joomla.
I'm not sure if there is even one single solid developer for Joomla. This shit piece has more vulnerabilities than a crack hobo infested with pest-ebola-hyperAIDS.

The sites were full of hidden viagra and pr0n ads and links so the crawlers would list them.

Luckily for me, I was able to pursuade the clients in all 3 cases to build a new site from scratch on a different CMS.

Fucking bruteforce man. Was supposed to go sleep when got few messages from my gameserver players that their accounts have been hacked.

Checked their logs, all of their accounts have been accessed from Russia. Told them to change their passwords and they told me their previous passwords which were easy af to guess.

Digged deeper and found hundreds of thousands failed logins in the last few hours and all of them from different ips.

Since I cant modify gamefiles on client side, the solution for now was to disable in-game registration and force player registration through the website form with captcha and also where each players login name gets appended with a random suffix chosen by player from a random list..

Fuck you bruteforce scriptkiddies, good luck guessing accounts now. At least I can sleep now.

Before 10 years, a WordPress site hacked with sql injection. They had access to site, they modified many php files and installed commands to download random malwares from over the internet.

At first I didn't know that it hacked and I was trying to remove any new file from the server. That was happening every 1-2 days for a week.

Then I decided to compare every WordPress file with the official, it was too many files, and I did it manually notepad side notepad!! :/

Then I found about over 50 infected files with the malware code.

Cleaned and finished my job.

No one else knows that I did a lot of hard job.

THE WORST PRANK ATTEMPT

If i remember true, it was 2012. april fool day..

me and my co-worker (we were the founders) decided to fool our members (we had a script's unofficial support forum). so, we did the plan. we register another account on march and wrote a few useful messages with it. help guys with that fake account (named as Root).

on fool day, we move the site to hidden folder (but didnt backup it) and added an index file as "hi, i am Root. you know me who am i. i hacked this site and deleted all dbs. cya later" (in turkish of course)

and we sit our chairs, began the watch our messages from facebook,skype,whatsapp etc..

we act like we are in trouble and we cant solve the problem.
at the same time, one of the our crew, decided to help us :D
so, he contact with our server's management crew. they dont know the fool too :)

server management looked up the situation without try to contact with me or my co. and we got an email from server like that
"hello tilkibey and impack, we just realized your site is hacked. so we delete your all ftp and db for safety. please contact with us asap"

we shocked and contact with them, explain the truths and request the recover our site (because we though they backup site before deleting all things). but they didnt backup it :(

so, we recover our last backup which is got nearly 10 days ago :(

last week was the funniest week in my damn life.

so apparently, some of friend knew about i can make some mobile applications, lets just call her riri. and that week, riri's Instagram account got hacked.

whats so funny about it? she ask me to get her account back or she'll accuse me as the one who hacked her account.

when i ask her, how could i bring her account back, she replied with, "why would you ask me? you were the one who good at computer thingy"

SO?
if i can drive a car, you'll assuming that i can make a car and repair it myself?

haha, funny

Building a business can hamper one's development urges!

I have been building stuff since 2008. Took my first job in 2012, won a hackathon at Yahoo right after that. Got an amazing team to work with! Our team converted the hacked product into a proper product using Django and AngularJS. Those were the fun days. At that time AngularJS had just come out and I was under the dilemma to use Angular, Ember or backbone. But with all this came the responsibility to build a business out of our product. It didn't happen eventually though.

So I moved on to cure my entrepreneural itch and went on to start up an e-commerce startup along with my day job. It started getting good traction and I finally left my day job to focus completely on it. It's a sticker marketplace and I had to focus a lot on the actual physical product, improve the quality, tackle business development and stuff etc. In all this, my habit of creating stuff with code kind of got the back seat. Everyday, I see such exciting technologies come up and I want to try them out. I have been itching to create a native app using react native. Try to build a skill for Amazon Alexa.

On one side I am happy that I have been able to build a brand and become the largest sticker marketplace in India providing super awesome reusable stickers, but on the other hand, managing the business on a daily basis is killing the developer in me :(

Does anyone else building a business which involves a physical product also face a similar problem? I think I should just take up weekend hackathon type problems and try to solve them using the technologies I want to learn. Example, I have been meaning to build an app for our company. I think I will start with that!

I have been following devRant for quite sometime now and it has been awesome. Finally, signed up and ranted today! 😊😊

So, the other day a friend of mine called me. It's been years that I haven't talked to this girl. She says "can you do me a favour?". I asked "what?". To which she replies "My Facebook account has been hacked. Can you do something and destroy the guys pc? Don't let him create any other account or even let him use the internet. Ban him from the internet or do something.
And I was like

Got a request on a freelance site, was about modding a game.
I've answered thinking "easy money", then he reveals it's for a console, that it's not "hacked" so I couldn't run any third-party script.
I've tried to kindly explain the situation and he seemed having understood.

Few minutes ago I checked my inboxes and I got a bad review on that freelance platform, of course from him. 👌

So my previous alma mater's IT servers are really hacked easily. They run mostly in Microsoft Windows Server and Active Directory and only the gateway runs in Linux. When I checked the stationed IT's computer he was having problems which I think was another intrusion.

I asked the guy if I can get root access on the Gateway server. He was hesitant at first but I told him I worked with a local Linux server before. He jested, sent me to the server room with his supervision. He gave me the credentials and told me "10 minutes".

What I did?

I just installed fail2ban, iptables, and basically blocked those IP ranges used by the attacker. The attack quickly subsided.

Later we found out it was a local attack and the attacker was brute forcing the SSH port. We triaged it to one kid in the lobby who was doing the brute forcing connected in the lobby WiFi. Turns out he was a script kiddie and has no knowledge I was tracking his attacks via fail2ban logs.

Moral of lesson: make sure your IT secures everything in place.

So my gf was sleeping and i took the opportunity to unlock her phone using her finger print. Sent bunch of texts and later told her i hacked her cellphone. She now believes i am a genuine hacker. Should i tell her the truth or just drag a little longer?

!dev but actual long rant - about the students in my grade.

TL;DR: 1 asshole in 10 people can ruin everything. Mobbing sucks. I dislike parties.

There's the word "Jahrgang" in Germany which means the people in the same school year as you. I'll refer to it as "my (collective) classmates" although we don't have classes anymore, rather courses and I also mean those I do not have courses with.

With that out of the way, let the rant begin.

It's often the case that people with high logical and intellectual skills (no being arrogant, other people categorize me like that) have a lack of social skills - or empathy.

I'm a kind of an outsider in a way that since 10th grade I stopped trying to attach myself to certain groups since I do not fit in there. I'm fine with that now. Nowadays I can at least socialize with other nerds.

Here's why I dislike the collective of my classmates. This year is my last school year and as always, a big group forms a spirit. They have a theme (superheroes - super boring). I didn't go to any party they threw and I don't plan to go to the graduation ceremony as well since it's an unofficial party and not a school event. I hate parties. I hate alc and drunken teenagers. I didn't attend the "Kursfahrt" - a kind of excursion that's like holidays with your course - mainly because I dislike my "Stammkurs" (main course).

Why? I had a friend in this course. She was short, geeky and I could actually talk to her. Yet some jerks (not intensely) bullied her because "she was awkward" and in the end, she switched school - also because of other reasons.
When she was gone, even those who didn't bully her and who are considered "nice" made fun of her and talked badly about her - and me hanging around with her. So since then, I avoid anything with them that's not 100% school related.

Now they're planning what we call "Abigag" - it's a joke/prank the graduates pull on the school and younger students, something funny like an entrance room full of balloons and many other things. Also, the "Abizeitung", the yearbook the graduates put out with articles about their courses, teacher ranking and quotes etc. Also, a cabaret evening from the graduates to collect money for the graduation party. Cool stuff actually. I thought about taking part.

I'd say my talents are creativity and computer stuff. So a friend chatted with me about nerdy pranks like a school-wide wallpaper change. Or releasing a fake password list of the teachers - claiming we hacked them - with puns and insiders about the teaches. He said he gotta invite me into the WhatsApp group of the Abi prank. Disclaimer: He's one of those people who are socialized but still able to talk with me. He's fine.

Well guess what he told me later:

They don't want me on the team since I distance myself from my classmates. I should either be fully one of them or not at all.

That's enough. Who distances whom? I thought they were happy to have me on board but horse shit! Stuck with ideologies from the 19th century.
They can lick my ***. I don't have anything against most of them in person but as a collective, they're just fucking stupid. I guess it wasn't even the majority saying they don't want me to help. It was probably just the small crew of leading and loud jerks. And no one would disagree with them saying "Why not? He wants to help?" (even if it was their opinion) - they don't have the brain or balls to say anything against the strong idiot leaders. They'll do great later in politics as an adult - they wouldn't criticize Hitler if they were under his "protection".

So I won't take part in making Abi pranks, - but also not the Paper and cabaret eve. They can go jerk off to being part of a huge collection of assholes - which I, in all my pride, am not part of other than on paper.

(Disclaimer: No critics to other outsiders but those who were engaged and responsible for the choice of not letting me help)

If anyone actually read this:
Who were/are you in school times?
A proud outsider like me? Party boi/girl? Engaged striver?

Spammer just called me saying my windows computer was hacked and that I needed his assistance, I agreed and let him download free malware remover tool and other random shit, apparently the terminal commands were not working so he asked what version of Windows I was on, I said XP, and he continued and gave up on the terminal. tried to ruin whatever malware he put on the thing, finally he went to find what version I was running, and found out I was on Linux.

So this happened last week.

Last week I went as a volunteer to give an introduction class basic programming to some guys and gals who are going to attend computer science soon next year.

The class lasted one week and we had done some basic algorithms and programming in Python.
Besides that we also did some very basic websites (html, css and javascript).

Obviously all those people were very enthusiastic.
Some were a little bit too enthusiastic...

There were these 2 guys who were best friends. They already knew everything apparently. Even though they just finished high school they had been programming for over 10 years, had already made countless of websites, applications, 'hacked Windows', RATs and some amazing games.

So there were some people there who never had programmed before. I started giving the lecture and warned people who already knew some basics of programming the first day might be a quite boring but I could not simply skip it obviously.

Those 2 dickheads acted like the biggest childs ever, started screaming in class, making sure everyone knew they were bored, and were constantly complaining to me that they know what print, for, while and strings were. I stayed calm and tried to explain them again I simply couldn't skip parts of the lecture for them.

Every hour and every day it started getting worse and worse with them. Not only but the whole class were furiously mad at them. Some other students even started screaming at them. They screamed back insulting everyone they even didn't what php was and stupid stuff like that.

At some point they interrupted me AGAIN and asked me how long I programmed. I told him little them over 5 years or something. They started laughing at me. Those 2 dickheads looked at me like they were so much better than me because they programmed over 10 years.

At some point, almost the last day, I had enough of their bullshit, interruption, screaming, insulting other students who asked questions, ... I said you know what, you give the lecture!

They refused because they felt too good for all these other 'noobs' (the other students). They would never become good and blah blah more bullshit.

I said alright, we're doing websites, you've made some websites, show me your most impressive website.

He was happy and felt honered.

He sent me the whole folder and I showed his website on code on the big screen in the room.

Then I said: "Everyone, pay close attention to this!"

That dickhead smiled and felt good

Me: "This is how NOT to make a website"

I started explaining to everyone all things that were complete shit and all things that were straight up sins.

That one friend of the dickhead stayed quiet. The other dickhead became as red as a tomato. At some points you even saw tears in his eyes. At some point he insulted me I was a scriptie and simply left.

The class started clapping.

One of the weirdest but also best moments of my life

Moral: Don't act like a complete bigheaded dickhead, don't feel better than everyone and show some respect

Thank you for reading

Have a nice day!

It's finally happened. I've used my mail servers for about a year to give out different email addresses on my domain to things I sign up for online, and only used my "actual" email address that received all this email for the whole domain but the single one that I used outbound for private communications.

This worked well for a long time as I could see when spam comes in, where it came from by looking at the email address I designated it. Each company's email would be sent not only from an email address that they choose, but also to an email address that I choose. It allowed me to easily determine where there were problems. For example, on Freenode IRC my vhost happened to make my username@host there a valid email address. It eventually got blacklisted due to too much incoming spam as crawlers started detecting it. Another one was "nickname"@my.domain as I posted it a few times here. Got crawled as well. But it allowed me to easily blacklist each.

I'd never thought my actual outbound email address, my real one, to get crawled though. That would require the mail server of a company I explicitly communicated with to get hacked. But today that happened. I wonder whose it is, but I can't tell.

Time to make my outgoing email bound to a designated email address as well. I want to know which companies this happens to, even if they don't disclose it.

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

So earlier today as I was walking out of class, I overheard some people talking.
One of them said “Oh I hacked google”
Then the other one said “Oh yeah I hacked google aswell. I made it say (something I forgot)”
They were thinking that using the dev tools to make one of the tags say stuff was hacking.
😤😤😤😤😤😤😤😤😤😤😤
I had to run away
It was t o o m u c h

A friend of mine got an account hacked on Crunchyroll. Whenever he tried to login, the website told him that no account with his email existed. As I had two accounts, I tried something real quick. I logged in to the account I'm not using and tried to change the email address to a 10 minute mail. I logged into my own email account patiently waiting for a confirmation email. After 10 minutes I still hadn't received it. So I checked the 10 minute mail, and there it was. I can't describe how furious I got with Crunchyroll at that point. Are you for real? It's that easy? Fucking idiots. I hope the guy responsible for that system dies in a fire with a thousand rubber penises up his ass!

I know it is 1 week too late but i dont care. Im aware that my workbench looks like shit but in reality it is a "creative mess"

@Condor Do you envy me now? I have 1054z that is hacked and has all its features unlocked! I have desoldering station and crappy (very crappy) soldering station. In addition to that i got simple sine/square generator that goes to 1Mhz (old communist poland tech - indestructible and great)

Situation with my pc is complicated. My main pc (with the curved monitor)
-i5 3350p
-12 Gb or ram (2*4Gb and another 4 that friend gave me)
-radeon 7800hd (*RIP* cant play games anymore 😥)
-256Gb sata SSD
-2Tb WD blue HDD

In addition to that i have a laptop
i5 4 cores, 8Gb ram, 1Tb HDD, GTX1050

I use my lap for gaming now, i even connected that monitor as main lap.
(double monitors yay!) sometimes i use my old pc for minor things but i use rdp for that, it is great experience! (my lap displaying rdp from my old pc on second monitor that was my old pcs main one 😂 i find it a tiny bit funny)

I started attending this IoT class in some computer training school. During my first class, I was early because I had the raspberry pi class earlier in the day. A guy came up to me and started chatting to me, he was bragging about how he created some big projects, how he works in his dad's company which develops IoT products (he codes it). Later on in class he talked about how he hacked his school's server or something and changed his marks. Whenever he brags, he has a tendency to use a deeper voice (which is pretty annoying).

Anyways so I thought he is pretty good and maybe I can learn a thing or two from him. A few class later, I started having my doubts, why? Because he doesn't know how to debug code, he copies the lecturer's code and still copies it wrong, and he doesn't know what variables and constants are. He uses IE and doesn't know about GitHub.

Now he asks me or the guy in front for help in class. He makes the class more fun, it's funny listening to him brag. Love it.

MY LAPTOP just scared the shit out of me. It screamed words like a demon. I thought that I am hacked. But it was just a screen reader... I accidentally activated it or something while unlocking the lappy.

I FREAKED OUT

I WAS A DIFFERENT PERSON FOR SOME REASON

Dfox thanks for the heart attack, I thought I got hacked.

Earlier i ranted about how someone hacked our site and he had our source code.
Now finally we found how was our site code stolen, thanks to @dfox he mentioned how can we pull code from got server at that time I checked trying commamds to dowload git folder but it was secure but later we found that we had another subdomain running for pur project and its git folder was not secured

I hacked a browser game a few years ago for fun and the exploit I found and used was basically this:

<$php

$f = $_GET['f'];
$p = $_GET['p'];

$f($p);

So it was possible to pass a function and it's parameter in the URL to the server. The author used this to include() sub pages. I to highlight_file()s.

A popular social media website in my country (which my friends and I were working on it's new design) was hacked and everyone on the dev side of the website was invited to the ministry of communications, believing we were going to discuss security of user data. The other guys (working on the back-end) were friends with the CEO (if you want to call it that) and naturally came to the meeting. They started to talk about the girls of their city. Meanwhile about 1.2 million user data encrypted with MD5 was out there.

Might be nothing for others, but I finally published my Vue website with the following setup:
1. Vue inside docker
2. Nodejs API inside docker
3. MongoDB inside docker
4. Nginx as reverse proxy
5. Let's Encrypt

6. NO I WILL NOT SHARE THE LINK, don't want to be hacked lol and it is for personal use only.

But I'd love to thank devRant members who have helped me reach this point, two months ago I was a complete noob in Vue and a beginner in NodeJs services, now I have my own todo website customized for my needs.
Thank you :)

"four million dollars"

TL;DR. Seriously, It's way too long.

That's all the management really cares about, apparently.

It all started when there were heated, war faced discussions with a major client this weekend (coonts, I tell ye) and it was decided that a stupid, out of context customisation POC had that was hacked together by the "customisation and delivery " (they know to do neither) team needed to be merged with the product (a hot, lumpy cluster fuck, made in a technology so old that even the great creators (namely Goo-fucking-gle) decided that it was their worst mistake ever and stopped supporting it (or even considering its existence at this point)).

Today morning, I my manager calls me and announces that I'm the lucky fuck who gets to do this shit.

Now being the defacto got admin to our team (after the last lead left, I was the only one with adequate experience), I suggested to my manager "boss, here's a light bulb. Why don't we just create a new branch for the fuckers and ask them to merge their shite with our shite and then all we'll have to do it build the mixed up shite to create an even smellier pile of shite and feed it to the customer".

"I agree with you mahaDev (when haven't you said that, coont), but the thing is <insert random manger talk here> so we're the ones who'll have to do it (again, when haven't you said that, coont)"

I said fine. Send me the details. He forwarded me a mail, which contained context not amounting to half a syllable of the word "context". I pinged the guy who developed the hack. He gave me nothing but a link to his code repo. I said give me details. He simply said "I've sent the repo details, what else do you require?"

1st motherfucker.

Dafuq? Dude, gimme some spice. Dafuq you done? Dafuq libraries you used? Dafuq APIs you used? Where Dafuq did you get this old ass checkout on which you've made these changes? AND DAFUQ IS THIS TOOL SUPPOSED TO DO AND HOW DOES IT AFFECT MY PRODUCT?

Anyway, since I didn't get a lot of info, I set about trying to just merge the code blindly and fix all conflicts, assuming that no new libraries/APIs have been used and the code is compatible with our master code base.

Enter delivery head. 2nd motherfucker.

This coont neither has technical knowledge nor the common sense to ask someone who knows his shit to help out with the technical stuff.

I find out that this was the half assed moron who agreed to a 3 day timeline (and our build takes around 13 hours to complete, end to end). Because fuck testing. They validated the their tool, we've tested our product. There's no way it can fail when we make a hybrid cocktail that will make the elephants foot look like a frikkin mojito!

Anywho, he comes by every half-mother fucking-hour and asks whether the build has been triggered.

Bitch. I have no clue what is going on and your people apparently don't have the time to give a fuck. How in the world do you expect me to finish this in 5 minutes?

Anyway, after I compile for the first time after merging, I see enough compilations to last a frikkin life time. I kid you not, I scrolled for a complete minute before reaching the last one.

Again, my assumption was that there are no library or dependency changes, neither did I know the fact that the dude implemented using completely different libraries altogether in some places.

Now I know it's my fault for not checking myself, but I was already having a bad day.

I then proceeded to have a little tantrum. In the middle of the floor, because I DIDN'T HAVE A CLUE WHAT CHANGES WERE MADE AND NOBODY CARED ENOUGH TO GIVE A FUCKING FUCK ABOUT THE DAMN FUCK.

Lo and behold, everyone's at my service now. I get all things clarified, takes around an hour and a half of my time (could have been done in 20 minutes had someone given me the complete info) to find out all I need to know and proceed to remove all compilation problems.

Hurrah. In my frustration, I forgot to push some changes, and because of some weird shit in our build framework, the build failed in Jenkins. Multiple times. Even though the exact same code was working on my local setup (cliche, I know).

In any case, it was sometime during sorting out this mess did I come to know that the reason why the 2nd motherfucker accepted the 3 day deadline was because the total bill being slapped to the customer is four fucking million USD.

Greed. Wow. The fucker just sacrificed everyone's day and night (his team and the next) for 4mil. And my manager and director agreed. Four fucking million dollars. I don't get to see a penny of it, I work for peanut shells, for 15 hours, you'll get bonuses and commissions, the fucking junior Dev earns more than me, but my manager says I'm the MVP of the team, all I get is a thanks and a bad rating for this hike cycle.

4mil usd, I learnt today, is enough to make you lick the smelly, hairy balls of a Neanderthal even though the money isn't truly yours.

I fucking hate my boss so much

He looks down on me like I’m some idiot who doesn’t know his shit.
The other day he was trying to explain OAuth2.0 to me in the most dumbed down way ever, even after telling him I do already know how OAuth 2.0 works. He just said “oh well just making sure” and continued explaining it to me the exact same way. Felt shitty having something explained to you which you already know in such a way in front of all of your coworkers

Whenever I give my thoughts on something he answers with an argument that’s essentially true but pretty stupid:

B: “We don’t need to bundle our JS files” (see my other rant)
M: “Our load time is around 15 seconds though and it takes forever to update our script tags”
B: “Yes but it’s only 15 seconds once and the tags are already there so it’s fine”

How do you reply to something like that??

On top of that, his code is absolutely awful, always looks hacked together, lacks documentation and i don’t think he has written a unit test in his life

I don’t even like frontend, was told I would mostly do backend and it seems like all I’m doing recently is write fucking javascript because even if I wanted to write backend code, it’s nearly impossible to write clean code in this pile of horseshit codebase

Not a Story about an actual hack, but a story about people being dumb and using hacks as an excuse.

A few weeks ago my little cousin would reach out to me because "his Account was hacked...". Supposedly his League of Legends account was hacked by a guy of his own age (14) and this guy was boasting about it.

So i asked the usual things: "Has the email account been hijacked? Did anyone know about details to your acvount access? Etc..."

Turns out that one if his "friends" knew his password and username, but suppsedly erased these Informationen. And that was the part i didn't buy.

This was the point where he lost. Just because i am a programmer does not mean i can retrieve an account he lost because of a dumb mistake that could have easily been avoided. And that guy who was boasting about hacking LoL Account was coincidentally freinds with the friend who had the user credentials and password.

Moral of the Story? The biggest security weakness is almost always the user or a human in between...

My dad got this scammy E-Mail today...
The strange thing was, the sender and recipient were the same address, but I'll get back to that.
Unfortunately, I can't show it to you, but it said something like this:
"As you can see, I wrote this E-Mail from *YOUR* address. I have hacked your Account. Please pay me 300$ in bitcoin to this address: (address here) ..."
You get the point.
Now... my dad was pretty worried about the Account actually beeing hacked. One of his coworkers also got the same E-Mail. I told him that it's easy to fake the 'From' Header of an E-Mail, at least with the mail command on Linux. So I ssh'd into one of my Servers and sent him an E-Mail from lol@lol.de. Obviously, he didn't expect it to be that easy. Now he believes me that this is a scam and will tell his coworkers tomorrow.

From what I read in that E-Mail there was no part about recipient specific stuff, so I guess someone just wrote one text and made a simple bash Script for that... as you can see, people really do fall for this shit.

Now one question: is there a way to track down the Servers the E-Mail went through? Or is there anything one can do, apart from ignoring it?

Scared the shit out of me when I heard one of my volunteer side projects website was down. Because I just finished fixing my own hacked website today.

Turn out the server and website is fine but the domain was expired yesterday 😣

Don't fucking scare at me like that.

Tough week indeed.

What was your moment of realization that you picked the right profession?

I didn't grow up building computers or loving code... I was a lazy piece of shit until I hit college when I finally got my act together (a late start, if you will).

My moment of realization happened when I was asked to rewrite an old C program to blacklist IPs of "hacked" emails based on email logs. I was the only one in the office who could read C, so it was kind of a spotlight moment for me lol. Anyways, the script I wrote to replace it turned out to catch more cases than the original script. We kicked it back to our email filtering service since they allowed us access to the source code and they were impressed. That was my moment for knowing I'm I'm the right industry 🙃

Yesterday was the day. I got asked. Asked, if I could hack back someone's "hacked" Instagram account. For the first time.

He's probably one of those dudes who use short and easy passwords, so his password was just guessed.

Sorta dev related.
I work at a service desk for an automotive supplier.
We've once hab out entire mobile phone system crash and for whatever reason, it won't let the phones connect, if there are more than 50 phones trying to connect at the same time. Kind of a problem if there are 400+ phones trying to connect.
My colleagues showed me what to do in order to get one phone to connect to our system.
It was basically: enter some invalid data on out webinterface, save, enter the correct data again and safe again.

It was too stupid for me. So i hacked an AutoIt script together in about 15 minutes, and let it run for the next half an hour. Showed it to my colleagues, they were excited and I went and got a coffee.

I love my adhd kicks. My webstorm trial ended, I downloaded vscode, hated the bindings, I then used thr intellij extension. Everything ok expect autocomplete, not a fan of tab, couldn't use enter to enter enter as a binding. Hacked that binding.json, idk how i ended up installing a json sorter extension, ow theres a imports sorter. Okay what exactly i wanted to do? Right, do my niche site. Bad idea, i had written it in kotlin js, (missing intellij already) so i searched for almost non-scripting framework. Idk what happened...i ended up being interested in tailwind. Tried it a bit, ow they have tailwind ui. Thinking about buying the sweet shit. Ow i see headless UI... Pause, threw tailwind out. Thinking about react, met Solid, loved it, yarned and npmed it. Extension time, auto tag rename, more emmet like shit, rainbow and fira fonts, theme, scheme, ow colors whaaaw. Okay, its not gonna look like or feel like intellij, more like IDEA community if i had made the ide. What was i making again? Ah my webcrapp. still (idea)less... I went to codepen, grew a beard, came out, still feeling powerfully uncreative. Last stop: awwwards.. ow that awesome 7up nl site, imma see it, they nuked the animations, everything. This is where the rant actually ends, because THANK GOD I DONT FULLSTACK FOR A LIVING!!! Swift, Kotlin, XML and unpredictable Gradle is good enough for me to stop me from going wild. Stay safe. Genetic.🙋‍♂️

So one of my clients got their wordpress site hacked and basically just redirects to scam links and well.. I looked at in the server file manager and their are like three directories with this wordpress site (not clones but the same?) one in the root, a version in a folder called old and another in temp.. with 3 separate wp databases.. DNS entries had malware redirects, the wp-content folder was writable to the public and contained a temp folder with tons of encoded malware and ip links to malicious sites.. there was encoded malware in index.php, has like 20+ plugins, oh and the theme uses a dynamic web builder so the code is basically unreadable in source and scattered.. and the redirects seem to happen randomly or at least on a new session or something. Oh.. and did I mention there are no backups? 😃

I think I have multiple but this guy stands out.

He was a fellow student at my software development study. Used primarily FOSS systems/software, not because he cared about ethics as much but because that way he could tinker with the software as much as he wanted.

He was always searching for new things to tweak, write, explore and so on. And he shared as much as he could with fellow students.

A few examples of what he did:
- wanted to change something about how Linux worked at its core (he mainly used debian based systems) so he learned how to write kernel modules and wrote his solution.
- wanted to be able to monitor his gas/power usage so he hacked an arduino thing into the power/gas meter and got it to send updates to a messenger at command.
- setup and automated mini data center because fuck it, fun to do.

His thinking was always very creative and to this day I still appreciate what he taught me on that!

I don't understand how is possible that programmers today are developing applications that are storing plain password in the database.

I know it's kinda boring topic since everybody here is talking about it this week, but it's really confusing to me.

Every now and then some DB gets hacked, millions of passwords are leaked and then you have developers, who should be smart and logical people, who decide to do that.

Ok, maybe the project deadline was close or something similar, but I think there is no excuse for something like that. No matter how close or behind deadline project is, you should always be able to explain to your boss/client what could happen.

TL;DR my first vps got hacked, the attacker flooded my server log when I successfully discovered and removed him so I couldn't use my server anymore because the log was taking up all the space on the server.

The first Linux VPN I ever had (when I was a noob and had just started with vServers and Linux in general, obviously) got hacked within 2 moths since I got it.
As I didn't knew much about securing a Linux server, I made all these "rookie" mistakes: having ssh on port 22, allowing root access via ssh, no key auth...

So, the server got hacked without me even noticing. Some time later, I received a mail from my hoster who said "hello, someone (probably you) is running portscans from your server" of which I had no idea... So I looked in the logs, and BAM, "successful root login" from an IP address which wasn't me.

After I found out the server got hacked, I reinstalled the whole server, changed the port and activated key auth and installed fail2ban.
Some days later, when I finally configured everything the way I wanted, I observed I couldn't do anything with that server anymore. Found out there was absolutely no space on the server. Made a scan to find files to delete and found a logfile. The ssh logfile. I took up a freaking 95 GB of space (of a total of 100gb on the server). Turned out the guy who broke into my server got upset I discovered him and bruteforced the shit out of my server flooding the logs with failed login attempts...

I guess I learnt how to properly secure a server from this attack 💪

Today was a good day, (day 4 of my junior dev career) I met the only other female Dev in the company , great stuff

And I'm starting to see how well I fit into the company. The only hot drinks options are coffee and green tea- exactly the only hot things I drink 😂(I think they all hacked me and made the work exactly the way I'd like it hm)

Today was a good day.

I was told to use in-house BitBucket runners for the pipelines. Turns out, they are LinuxShellRunners and do not support docker/containers.

I found a way to set up contained, set up all the dependencies and successfully run my CI tasks using dagger.io (w/o direct access to the runner -- only through CI definition yaml and Job logs in the BitBucket console).

Turns out, my endeavour triggered some alerts for the Infra folks.

I don't care. I'm OOO today. And I hacked their runners to do what I wanted them to do (but they weren't supposed to do any of it). All that w/o access to the runners themselves.

It was a good day :)))))
Now I'll pat myself on my back and go get a nice cup of tea for my EOD :)

Rant considering the latest Cyber attack and the news around it.

(A recap: a lot of Windows computers were infected with ransomware (due to security hole on Windows), which demanded 300$ in bitcoins to unlock data. After 3 days the price would double, and after 7 days the data was to be deleted)
1) In our country, one of the biggest companies was attacked (car factory). The production stopped and they got for around 1 000 000€ damage in less than 24h (1300 people without work). The news said that they were attacked because they are such a big company and were charged more, as the hackers "knew who they were dealing with" - another reason being the fact that the text was in croatian (which is our neighbor country), but noone realized that it is just a simple google translate of english text - which is obviously not true. The hackers neither know nor care who is hacked, and will charge everyone the same. They only care about the payment.
2) In UK whole (or large part) of medical infrastructure went down. The main thing everyone was saying was: "Nobody's data is stolen". Which, again, is obvious. But noone said anything about data being deleted after a week, which includes pretty much whole electronic medical record of everyone and is pretty serious.
And by the way, the base of the ransomware is code which was stolen from NSA.
All that millions and millions of dollars of damage could be avoided by simply paying the small fee.
The only thing that is good is that (hopefully) the people will learn the importance of backups. And opening weird emails.
P.S. I fucking hate all that 'hacky thingys' they have all over the news.

At the institute I did my PhD everyone had to take some role apart from research to keep the infrastructure running. My part was admin for the Linux workstations and supporting the admin of the calculation cluster we had (about 11 machines with 8 cores each... hot shit at the time).

At some point the university had some euros of budget left that had to be spent so the institute decided to buy a shiny new NAS system for the cluster.

I wasn't really involved with the stuff, I was just the replacement admin so everything was handled by the main admin.

A few months on and the cluster starts behaving ... weird. Huge CPU loads, lots of network traffic. No one really knows what's going on. At some point I discover a process on one of the compute nodes that apparently receives commands from an IRC server in the UK... OK code red, we've been hacked.

First thing we needed to find out was how they had broken in, so we looked at the logs of the compute nodes. There was nothing obvious, but the fact that each compute node had its own public IP address and was reachable from all over the world certainly didn't help.
A few hours of poking around not really knowing what I'm looking for, I resort to a TCPDUMP to find whether there is any actor on the network that I might have overlooked. And indeed I found an IP adress that I couldn't match with any of the machines.

Long story short: It was the new NAS box. Our main admin didn't care about the new box, because it was set up by an external company. The guy from the external company didn't care, because he thought he was working on a compute cluster that is sealed off behind some uber-restrictive firewall.

So our shiny new NAS system, filled to the brink with confidential research data, (and also as it turns out a lot of login credentials) was sitting there with its quaint little default config and a DHCP-assigned public IP adress, waiting for the next best rookie hacker to try U:admin/P:admin to take it over.

Looking back this could have gotten a lot worse and we were extremely lucky that these guys either didn't know what they had there or didn't care.

I was wondering how a sysadmin would know if the user sending malicious traffic is the real attacker or his account has been hacked ?
(Also probable that the attacker has faked his mac address to user's device)

So fuck this. Fucking fuckers fuck this.

We've been having massive performance issues with a nested drag and drop component. I built this abomination about a year ago and had to rush through it due to my colleague not thinking the change was necessary, even though the previous revision was even worse. It's been going strong for a while, but since a month ago it has started to perform badly. Makes sense, because it was hacked together, and wasn't made for the amount of data that it's handling now.

So the other day I presented the issue to my colleague, telling him exactly what the problem was, and that we'll have to rewrite quite a bunch of the code to get it working. Today when I bring it up again he is really negative towards the changes because they are so big, and don't really want me to do them. He is, however, super stressed about the performance issues and starts digging around in the code himself. Code that he's never touched, don't understand how it works, and has said he's not interested in learning about. He even says he sucks at frontend and Vue himself. So we sit there from morning to lunch, digging through the code together (I had to do it as well because he came nowhere). And what do you think the conclusion was? The same thing I told him a few days ago.

So what now then? He still don't want me to do the changes, but still wants it solved! How the fuck is that supposed to happen?!?

Worst part is that we're the only two developers in the company, and our boss has little IT experience. That puts me and my colleague at the same hierarchical level, so all decisions has to be cool with the both of us.

So fuck this. Fucking fuckers fuck this.

When I was in 11th class, my school got a new setup for the school PCs. Instead of just resetting them every time they are shut down (to a state in which it contained a virus, great) and having shared files on a network drive (where everyone could delete anything), they used iServ. Apparently many schools started using that around that time, I heard many bad things about it, not only from my school.
Since school is sh*t and I had nothing better to do in computer class (they never taught us anything new anyway), I experimented with it. My main target was the storage limit. Logins on the school PCs were made with domain accounts, which also logged you in with the iServ account, then the user folder was synchronised with the iServ server. The storage limit there was given as 200MB or something of that order. To have some dummy files, I downloaded every program from portableapps.com, that was an easy way to get a lot of data without much manual effort. Then I copied that folder, which was located on the desktop, and pasted it onto the desktop. Then I took all of that and duplicated it again. And again and again and again... I watched the amount increate, 170MB, 180, 190, 200, I got a mail saying that my storage is full, 210, 220, 230, ... It just kept filling up with absolutely zero consequences.
At some point I started using the web interface to copy the files, which had even more interesting side effects: Apparently, while the server was copying huge amounts of files to itself, nobody in the entire iServ system could log in, neither on the web interface, nor on the PCs. But I didn't notice that at first, I thought just my account was busy and of course I didn't expect it to be this badly programmed that a single copy operation could lock the entire system. I was told later, but at that point the headmaster had already called in someone from the actual police, because they thought I had hacked into whatever. He basically said "don't do again pls" and left again. In the meantime, a teacher had told me to delete the files until a certain date, but he locked my account way earlier so that I couldn't even do it.
Btw, I now own a Minecraft account of which I can never change the security questions or reset the password, because the mail address doesn't exist anymore and I have no more contact to the person who gave it to me. I got that account as a price because I made the best program in a project week about Java, which greatly showed how much the computer classes helped the students learn programming: Of the ~20 students, only one other person actually had a program at the end of the challenge and it was something like hello world. I had translated a TI Basic program for approximating fractions from decimal numbers to Java.
The big irony about sending the police to me as the 1337_h4x0r: A classmate actually tried to hack into the server. He even managed to make it send a mail from someone else's account, as far as I know. And he found a way to put a file into any account, which he shortly considered to use to put a shutdown command into autostart. But of course, I must be the great hacker.

Fucking shit for brains authors that think the digital world is a fantasy realm where everything can happen just to aid their story. Out of boredom i watched "scorpion" today, a tv series about a group of geniusses which are a special case task force.
They got a visitor from the government saying the servers from the federal reserve bank were encrypted with ransomware. I already twitched when they said the economic system would collapse if the servers were left inoperational for a few days. Then one guy got to his desk and "hacked" the fed network to check... he then tried to remove the malware but "it changed itself when observed". But they got the magical fingerprint of the device that uploaded it. In the end some non-programmers created the malware, but it is super fast and dangerous because it runs on a quantum computer which makes it hyper fast and dangerous. They got to the quantum computer which was a glowing cube inside another cube with lasers going into it and they had to use mirrors to divert the lasers to slow down that quantum thingy. And be careful with that, otherwise it explodes. In the end the anti-malware battled the malware and won, all in a matter of minutes.

This is a multimillion hollywood production. How can a movie this abusive to computer science even air on television? Shit like this is the reason people still think the cyberworld is some instable thing that can explode any second. It's not, it's an instable thing that can break down any second. I remember "ghost in the wires" and people had surreal imaginations about the internet already. Shit like this is why people stay dumb and think everything can be done in seconds. If i ever should encounter one of these idiots i tell him i have an app that can publish his browser history by taking a picture of his phone and watch his reaction.
Time to shuw down the tv and learn vim again.

These ignorant comments about arch are starting to get on my nerves.

You ranted or asked help about something exclusive to windows and someone pointed out they don't have that problem in arch and now you're annoyed?

Well maybe it's for good.

Next comes a very rough analogy, but imagine if someone posts "hey guys, I did a kg of coke and feeling bad, how do I detox?"

It takes one honest asshole to be like "well what if you didn't do coke?".

Replace the coke with windows.
Windows is a (mostly) closed source operating system owned by a for profit company with a very shady legal and ethical history.

What on earth could possibly go wrong?

Oh you get bsod's?
The system takes hours to update whenever the hell it wants, forces reboot and you can't stop it?
oh you got hacked because it has thousands of vulnerabilities?
wannacry on outdated windows versions paralyzed the uk health system?

oh no one can truly scrutinize it because it's closed source?

yet you wonder why people are assholes when you mention it? This thing is fucking cancer, it's hundreds of steps backwards in terms of human progress.

and one of the causes for its widespread usage are the savage marketing tactics they practiced early on. just google that shit up.

but no, linux users are assholes out to get you.

and how do people react to these honest comments? "let's make a meme out of it. let's deligitimize linux, linux users and devs are a bunch of neckbeards, end of story, watch this video of rms eating skin off his foot on a live conference"

short minded idiots.

I'm not gonna deny the challenges or limitations linux represents for the end user.

It does take time to learn how to use it properly.
Nvidia sometimes works like shit.
Tweaking is almost universally required.
A huge amount of games, or Adobe/Office/X products are not compatible.
The docs can be very obscure sometimes (I for one hate a couple of manpages)

But you get a system that:
* Boots way faster
* Is way more stable
* Is way way way more secure.
* Is accountable, as in, no chance to being forced to get exploited by some evil marketing shit.

In other words, you're fucking free.
You can even create your own version of the system, with total control of it, even profit with it.

I'm not sure the average end user cares about this, but this is a developer forum, so I think in all honesty every developer owes open source OS' (linux, freebsd, etc) major respect for being free and not being corporate horseshit.

Doctors have a hippocratic oath? Well maybe devs should have some form of oath too, some sworn commitment that they will try to improve society.

I do have some sympathy for the people that are forced to use windows, even though they know ideally isn't the ideal moral choice.
As in, their job forces it, or they don't have time or energy to learn an alternative.

At the very least, if you don't know what you're talking about, just stfu and read.

But I don't have one bit of sympathy for the rest.

I didn't even talk about arch itself.
Holy fucking shit, these people that think arch is too complicated.

What in the actual fuck.

I know what the problem is, the arch install instructions aren't copy paste commands.
Or they medium tutorial they found is outdated.

So yeah, the majority of the dev community is either too dumb or has very strong ADD to CAREFULLY and PATIENTLY read through the instructions.

I'll be honest, I wouldn't expect a freshman to follow the arch install guide and not get confused several times.
But this is an intermediate level (not megaexpert like some retards out there imply).

Yet arch is just too much. That's like saying "omg building a small airplane is sooooo complicated". Yeah well it's a fucking aerial vehicle. It's going to be a bit tough. But it's nowhere near as difficult as building a 747.

So because some devs are too dumb and talk shit, they just set the bar too low.

Or "if you try to learn how to build a plane you'll grow an aviator neckbeard". I'll grow a fucking beard if I want too.

I'm so thankful for arch because it has a great compromise between control and ease of install and use.

When I have a fresh install I only get *just* what I fucking need, no extra bullshit, no extra programs I know nothing about or need running on boot time, and that's how I boot way faster that ubuntu (which is way faster than windows already).

Configuring nvidia optimus was a major pain in the ass? Sure was, but I got it work the way I wanted to after some time.

Upgrading is also easy as pie, so really scratching my brain here trying to understand the real difficult of using arch.

It was more of "Hate story" with a guy whose mere presence would irritate me very much. He was also close to the girl I liked a bit (not very huge crush or something).

So he was very active on two of his social networks one being fb and second directly connected to fb so basically getting hold of fb would mean that I could control his other one too.

It was Oct 2016 and that time you could easily hack an account using social hacking (not asking OTP out something mere details did it for few accounts).

I hacked his account and wrote curse words and all. As I had already changed the email and password, he couldn't till date retrieve it.
However as he reported to fb, his account was held and I could no longer access it but till then everything was over.
I couldn't still spot him on FB or the other social network.
And this was one of the most evil act I have performed in my life.

I fucking told them that yes, i can do frontend but im in no way expert, so dont expect much.

"Yeah, cool, use angular"

I was full of questions and tried to reason with them that angular is literally just an unnecessary load and would slow the development down (its a really simple site).

"No, use angular"

Ok fine whatever. So i built the site, it was ugly as fuck, half the functionality was hacked in with jquery because i have no idea how these fucked up frameworks work (or apparently dont work) when i realized that i get jackshit from the backend.

Turns out most of the json responses were totally disregarding the json standard, like {1: tag0},{2: tag1}, where a json arrat should have been used. The other half was xml. Yeah. Also of course they used spring so the backend took like 3 months where it could have been done in like 2 weeks.

Way back, 20 or so years ago, when I went to the university, every student got an account so that we could work with the Unix machines. Every user got the same default password, -apollo-, still remember it until today, and one day I felt a little bit evil and I tried to login to the administrator account, of course the first password I tried was the default password and it worked!!! I got super scared and told an older student about it, who was brave enough to scare the administrators a little bit by leaving a message like "you have been hacked!!!" or something similar. I was just too scared to do anything about it. All I wanted to do was see IF I could login ☺️ my few minutes of being Mr. Robot... Guess hacking was not for me 😃

I have a Yahoo app on my phone for some legacy purposes. I just allowed the storage access permissions when it was asking for it during the installation or something, cause like, who doesn't? I checked my Yahoo Mail on the browser tonight and saw copies of my mobile photos in it! It's through the Attach Icon > Insert animated GIF. WTF? So that's how you can easily get hacked from apps?

!dev
This boring story with stupid ending started on Monday with me going out to buy some food and cook something delicious, day like always until my mind went nuts.

I work from home and cook my meals by myself cause I love cooking.
To buy ingredients I go shopping couple times a week always making the same steps, doing this for over a year now and by this time everything was automatic so I could think about work problems and solutions.

I start usually by getting up from my desk around noon, not many people doing shopping at that time and I can proceed quick.
Algorithm is like this: go to kitchen and look at the fridge, go out, wait for traffic lights, take tram, ride two stops, wait for the traffic lights again, go to supermarket, do shopping and finally go back the same way. Boooring.

When I get out from tram that day l looked at traffic lights to go green, as always and that’s the place where everything started to go bad.

So I was waiting there doing nothing and then stupid idea got me.
I figured out I can stop looking at light to make this day different and look ahead.
Then simply start walking when people from other side start walking.

It worked smoothly on those lights and I was happy I can do things differently from now on. I proceed with this idea on the way back and motherfuckers started walking on red. Twice !!!!
Almost died.

Since then three times some car was driving on green near me in those places and people started walking on red.

It got me worried about world determinism instantly. I might increased some entropy to much and some world developer changed some line of code while I was shopping and from that time death is passing by me.

Now it got me to the point where the more I follow this way the more I am worried about my life. Started thinking about ordering ingredients online.

So if you read this you know that I know your plan and I will be changing supermarkets and paths to it randomly starting from next week.

Or not I hope nobody hacked my mind and only thing that read and write to it is my consciousness.

I feel relief now.

I've been offline from devrant for a while now but damn, I need to vent this shit

One of my colleagues can't describe tickets well enough, so I often have to speak to my colleague about it what he/she ments with their description (usually the ticket description is one line… that's all)

But yesterday the ticket was quite ok, I got were he/she was going for

Conveniently my colleague walked by at the end of yesterday and asked me how it was going

I responded quite energetic 'quite well, ticket is almost done'

And when I showed my colleague the result he/she said, well I got some feedback this morning, and we need to move X to Y with Z data

But you don't get the full story, this project exists of a very old abandoned framework (2013). Hacked together to work for more than one customer (but still copied over to run standalone) with the last year of development being focused on fast results (no time given to workout bugs or refactoring for cleaner/readable code)

So now I have to (on a feature that already took me 3 days to build) remove roughly 25% of the code and hacks, and hack a solution together..

This shit is demotivating as fuck...

Don't you just love customers?

It al began when they showed us the flyers they were printing for their new products, an some one at our company who doesn't work here anymore had the brilliant idea of copying it to their webshop, as a fucking gimmick... Ooohh man the customer didn't seem to understand it was only visually

They wanted the 3d layering effect to be dynamic, so each product would have its own with custom colours

So it was made

A few weeks later they didn't want the informational text, they wanted links to each product that the layer uses

Sounded like logical so it was made

Again some time later, they noticed that the layers were not textured, but just plain

I argued against it because it would add unnecessary loading time for some 300 by 400 px element but they insisted

So they got what they wanted

A few days later they said that the textures were of low quality, and that we had to create ones with higher quality

Again our management said, yes

We made ~ twice the size of the element in image pixels to create a higher definition image

Then the customer wanted that the layers should change based on some selection menu above it

(At this point we realized that it would no longer be just a fun little gimmick)

So we tried to refactor/rebuild it to remove most if not all the hacks we did just to make the customer happy, that took too long for them (the customer) so we had to revert back to the hacked together version because otherwise we would not be done on time (commanded by management)

But again, we ... I say 'we' as in the company but realistically I've been the only one who has worked on the fucking abomination

But I digress...

A few stupid requests later, some layer images are almost fully transparent PNG images that are almost 1mb in Filesize each (some products have 5 or even more layers) and the god damn thing now has to account for optional layers...

I AM FUCKING SPENT... I'VE JUST CAME BACK FROM VACATION BUT I ALREADY NEED IT AGAIN... FUCKING WORKING 60 HOURS A WEEK JUST TO KEEP ONE CUSTOMER HAPPY WHILE OTHER PROJECTS BREATH ON MY NECK

TLDR; Default admin login on WEP encrypted WLAN router for getting free stuff at my hair stylist studio.

Free WLAN in my hair stylist studio: They had their WEP key laying around in the waiting area. Well, I am not very happy with WEP, thought that they never heard of security. Found the default GW address, typed it into my browser and pressed Enter, logged in with admin/1234 and voila, I was root on their ADSL router 😌 Even more annoyed now from such stupidity I decided to tell the manager. All I told him was: You use a default login on your router, you give the WiFi password for free, WEP is very very insecure and can be hacked in seconds, and do you know what criminals will do with your internet access? He really was shocked about that last question, blank horror, got very pale in just one sec. I felt a little bit sorry for my harsh statement, but I think he got the point 😉 Next problem was: he had no clue how to do a proper configuration (he even didn't knew the used ISP username or such things). Telled me that 'his brother' has installed it, and that he will call him as soon as possible. Told him about everything he should reconfigure now, and saw him writing down the stuff on a little post-it.

Well, he then asked me what he can pay me? Told him that I don't want anything, because I would be happy when he changes the security settings and that is pay enough. He still insisted for giving me something, so I agreed on one of a very good and expensive hairwax. Didn't used it once 😁

Some weeks later when I was coming back for another hair cut: Free WLAN, logged in with admin/1234, got access and repeated all I did the last time once more 😎

HOW CAN YOU NOT LEARN FROM FAILS??

Alright, server got hacked a week ago. Bad enough on its own but okay, perfect time to change the server infrastucture completely instead of doing it later this year. Since Saturday we are working on setting everything up (game server, apache, etc.pp.) while making sure to configure everything correctly to be safer this time.

We are finally at the point where we could go back online. And what happens? One team member _now_ (6 days after the hack) suggests that it might be a good idea to format the hacked server and configure just what we need to patch the clients with it.

Great fucking idea, why didn't you have that idea 5 days earlier?! There was more than enough time already to format the old server and configure it. Another day delay, yay. X_X

Aaah, ranting really helps in those situations. Oh and Hi, I'm new here. Nice place, I like it. ^_^

The university I used to study CSE, they had some OLD computers with Windows XP in them. Also, all those computers had TWO user accounts. One with the admin access and another one with normal access. Until this, it was fine.
But the browsers installed there were so old, even normal website struggles to load properly. and so many outdated apps, kept bugging us for update, but every time we click on UPDATE, they ask for the admin password, which we didn't have. So, most of the students were frustrated about this, but nobody took any action! :/
So, I hacked one of the computers' admin password. the password was "BRIGHT". I'm like, these people are never gonna set different passwords in different computers and remember them for eternity. Definitely all passwords have to be the same, and they were! Which saved my time.
So, I shared the password with everyone in my class and now they can install any apps they want. Which made me so happy!
But You know, words travel fast! Just one day after the hacking incident, the Seniors ( & the juniors ) came to me with their laptops to find their forgotten password, which made me earn some money & eat some delicious foods, also got to meet some beautiful girls of our campus ^_^
& I used to go to other classes to hack those Admin passwords for fun ^_^ But I never told them the password until they pay me or feed me something delicious! ^_^

I miss those good old days! ^_^

I really wish I had worked somewhere that was hacked, so as to know how it was done, how it was found out, and what measures were taken, from the inside.

The problem is that I worked at a lot, and big places. We were never successfully attacked or hacked as far as I know. Was our security so good, that nobody succeeded? Or was it so bad, that we didn't even notice?

I hacked my friend's laptop when i was 12. Entered the password as BATMAN because his lockscreen wallpaper was BATMAN😅😂😂

Email from a department mgr regarding a sharepoint site we inherited (lots of custom javascript, XLS, etc, stuff we didn't write)

Dan: "The department filter isn't showing up when I select the 'Logistics and Support' department. Was this caused by the changes you guys made? Its causing a major disruption in our processes and need it fixed ASAP."
Me: "Those changes went out almost two months ago and all the filters were working fine, at least that is what you told me when you tested it."
Dan: "I thought so, but its not working. It has probably been broken ever since you made those changes so I filed a corrective action ticket against your department for not following the documented deployment and testing processes"
Me: "Really? We've been over this. Its your department that is responsible for that sharepoint site. Previous developers hacked javacript together to make it all work, but I'm sure its something simple."
Dan: "Great. I'll start putting together a root-cause analysis to determine which of your processes we need to address."

Start looking at the javascript and found the issue..

if (dept === "Logistics & Support") {
$('deptFilter').show();
}
else {
$('deptFilter').hide();
}

Me: 'Found the issue. Did you rename the logistics department?'
Dan: 'No'
Me: 'To show or hide the filter, the code was looking for "Logistics & Support", someone changed the title to "Logistics and Support"'
Dan: "Well...I guess I did that yesterday...but I didn't change the name, just that stupid character. That shouldn't make any difference."
Me: "I can fix that right now. Are you going to need more information for your root cause analysis?"
Dan: "No, I think we're good. Thanks."

We support a system we inherited from another company, it’s an online document store for technical specifications of electronic devices used by loads of people.

This thing is the biggest pile of shite I’ve ever seen, it wasn’t written by developers but rather by civil engineers who could write vb...so needless to say it’s classic asp running on iis, but it’s not only written in vbscript oh god no, some of it is vb other parts is jscript (Microsoft’s janky old JavaScript implementation) and the rest is php.

When we first inherited it we spent the best part of 2 months fixing security vulnerabilities before we were willing to put it near the internet - to this day I remain convinced the only reason it was never hacked is that everything scanning it thought it was a honeypot.

We’ve told the client that this thing needs put out of its misery but they insist on keeping it going. Whenever anything goes wrong it falls to me and it ends up taking me days to work out what’s happening with it. So far the only way I’ve worked out how to debug it is to start doing “Response.AddHeader(‘debug’, ‘<thing>’) on the production site and looking at the header responses in the browser.
I feel dirty doing that but it works so I don’t really care at this point

FUCK I hate this thing!

Boy oh boy.. Reminds me of good ol college days. I was in my final sem when Amazon came to our university for campus hiring. I was very confident that I will get selected. Funnily enough I went till the final round and I had a feeling that it went well if not excellent. It was a Friday night and we had to wait two excruciating days for the final shortlisted result to come. On the evening of Monday my friend T called me and told me my name is not on the list. I was heartbroken. I asked him who all got selected and he said our friend A did. A was, and still is a good friend of ours and I was happy for him. That night we sat down for drinks and as the night progressed I anguished over my selection. I still remember solving a binary tree problem holding a glass of whiskey in my one hand. The next morning I woke up at 6, detoxed myself with fruit juices and sat in front of my laptop feeling full rage from last night. I sat till lunch and hacked a chrome extension in one sitting. Mind you I had no existing knowledge of extensions at that point of time. I sometimes look how my life has turned since that time and now I am one of the devs in a team which work on a product that itself is a browser extension. :)

Oh my dear internet,

FUCK THIS FUCKING SHIT
I AM SICK AND TIRED OF IT, WHO BUILT THIS HACKED TOGETHER ORWELLIAN SWAMP PIT?

Fuck the same fucking Envato template on every content page with 70 layers of sidebars, inline ads, popups, cookies and content shifting as if I was playing CATCH UP WITH YOUR FUCKING CONTENT.

FUCK the same fucking annual upselling 'plans' on every 7-day trial overengineered scam app that requires me to sign up for 1 fucking, falsely advertised task where my fucking password generator doesn't even recognize the input as a password field so I have to cmd+, to my FUCKING BABYLONIAN PASSWORD ARCHIVES PROMPTING ME FOR THE MASTER PASSWORD.
Thank god I can at least CREATE A BURNER CREDIT CARD THAT FREEZES ITSELF BECAUSE I CANNOT BE BOTHERED TO UNSUBSCRIBE FROM YOUR FUCKING STEAMING CRAP.

FUCK every fucking step I take being recorded by our CYBERPUNK OVERLORDS REQUIRING ME to sign up for 5 different fucking privacy protection tools' annual plan or duct tape some open source shit onto my browser just for some BASIC PRIVACY WHILE TRYING TO NAVIGATE ALL THE OTHER 5000 annuals plan naval mines like A FUCKING FRENCH SUBMARINE IN 1940 GERMAN WATERS.

FUCK my walled garden scam ecosystem not being compatible with your walled garden scam ecosystem prompting me to reactivate my old SATANIC GOOGLE DON'T BE EVIL ACCOUNT from 2012 sending me on a DANTE ALIGHIERI STYLE ODYSSEY THROUGH THE 9 LAYERS OF PASSWORD RESET QUESTIONS, UNEXPECTED ERROR, 2FA MY PHONE DIED HELL to come out on the other side as a broken man.

Thank GOD I have your useless SUPPORT PAGE to aid with my signup problems that is actually just an FAQ with a hidden EASTER EGG HUNT for your support form CRISP AI BOT THAT IS ALSO 'currently experiencing high demand due to COVID' which is peculiar since that has been 3 years ago, but fortunately for you enabled you to fire ALL YOUR SUPPORT STAFF AND REPLACE IT WITH THIS BANNER.

I might as well just SCRAPE your fucking content, it'd be faster.

And although it is quite funny, FUCK THIS PAGE TOO for having me create another of 10.000 accounts to write this shit, where my browser firmly placed a newly created burner email into the PASSWORD FIELD.

I do not know how we managed to create something that is even more unwieldy than 56k DIAL-UPS, but I know that if this shit continues I'll have to train my own AGI to proudly interact with of all this STUPID SHIT on my behalf or I'll have to move into THE FUCKING MOUNTAINS AND LIVE WITH THE DEER.

Year ago in university.
We opened our university's website and select inspect element in browser then edit the header tag to "hacked by..."

My friends and i : hey look, we just hacked university website.

Our friend : oh let me see, damn you, how did u do that?

Our : it was easy, just don't tell anybody. He answered ok.

After couple days our proffesor asked me : do you know who hacked university website? I want to know if anyone could hack it.

I answered: no sir. I don't know.

I think our friend still thinks we hacked the website xD

Well the hacker was hacked today... God damn you equifax!! I will get my revenge.

Early on in my freelancing career I learned something important. Even with seemingly tame nerdy stuff, sh*t can get real, real quick. This story describes the very start of my career in web development and hopefully will serve as a warning to newbies out there.

A young teen, I had just learned some basics of wordpress, I was confident I could hack together something that worked and looked okay with minimal effort and knowledge. One day I was approached by a guy who wanted a job board board site. Knowing there were already clones out there I figured this would be an easy gig, man was I wrong.

In addition to the fact I didn't know about contracts or the scope creep from hell, I had somehow gotten myself involved with a criminal business front.

These guys operated a scam business to rip off investors. Me and my designer buddy were used to make the business look legit. What they would do is hold job fairs where people are supposed to pay to rent a booth, but instead they would give everyone a booth for free and then lie about what all businesses were coming. They would then show this info, along with the website and marketing materials to investors. They would take the money from the investors and launder it for drugs.

The real story starts the day of one of the worst hangovers I had ever had. I was at a random friends house sleeping for most of the day.

Apparently one of the guys who was operating the scam business was about to strike a deal with one of the investors when something on the website didn't work (it was working as designed). This guy, Manny we'll call him, had been blowing up my phone all morning. I check my voicemails and there are threats on my life; saying I will be sleeping with the fishes, or if they ever find me, they'll fuck me up. Needless to say this really freaked me out, either way I decided to head back to my dorm.

When I come back home, my designer buddy tells me that some guys were in the house looking for stuff. Apparently this guy hired two nerds to "break into my computer and steal the website", fortunately they didn't know what they were doing.

After a while I got another call, Manny wanted to sit down and "talk things out". Being naive I accepted and we met up. The two nerds were there with one of his body guards. He said he wanted to have those two nerds take over the project. While this was going on, his bodyguard flashed his gun at me several times making eye contact. I agreed to, but I still wanted to get paid. I asked about getting paid and he said we never signed a contract and that he owned the host and domain. I was pretty much screwed.

This is where the story should end, but I wasn't a very smart guy back then. I gave up the site but I created a back door into it. Every week or so, they would get "hacked". Because the two nerds didn't know what to do, they ended up coming back to me for help. This is when I finally got paid. Totally not worth it.

I hacked port authority administration computers using enable Bluetooth flip phone ,then I changed background pic in all computers on network, and put an mp3 song on startup folder, turn volume to the max, gues the rest, they were using window xp ,and told their manager she gave me a job on spot , and was very interested, and that where my journey begun

This is an old one that I have hacked about to make it fit, so I hope it still works..
There were a business user, a B.A. and a developer on a road trip in the UK when they crossed the border into Wales. (This was antevirum, so that kind of behaviour was allowed back then).
They saw a sheep on a mountainside.
The business user cried out "Look! All the sheep in Wales are black!"
The B.A. tutted and said "Actually, all we can say is that there is at least one sheep in Wales and it is black down one side."
The developer woke up from nursing his hangover in the back seat, peered out of the window and said "How do you know its a sheep?"

So I was hacked, this guys encrypted all my files and asked me to pay BTC to decrypt it. They even changed my wallpaper and gave me put instructions on all my folder directories on how to pay and recover my files

I understand the muggles on Facebook saying it was Apple and Amazon that were hacked, but here on devrant where people know WTF is up, I'm still not seeing people say where the hack actually took place, and what makes the news truly terrifying: SMC.

So for my school's annual interschool symposium, I hacked together an app to scan QR codes and keep track of who's taken their refreshments (It was pizza.) If it's been scanned once, it'll show an error. Easy enough, right? Wrong.

So the team at the counter took a screenshot when my app showed "Approved" and whenever they wanted a pizza, they showed the guys their screenshot. Result? Over 70 pizzas weren't counted. And I bore the wrath of my teacher *sigh*.

What the hell could I have done?

I get plenty of sleep and wake up to my manager talking about escalating tickets. I'm on support this week and my queue was empty yesterday, but there were several new "urgent" requests that never got assigned to me.

Wait, so I'm responsible to assigning tickets to myself now? Our support is so shitty now. Our good document got hacked to pieces and now I can't find anything, and the customer support people are constantly bitching if things aren't done right now for tickets I was assigned while I was asleep.

For uni we get assignments based on our classes. I'm always super excited about these and immediately start thinking about how I would implement it and come up with cool features I could add.
I would write out the whole thing and plan everything. Eventually I get distracted by other assignments or things. Then 1 or 2 days before the actual deadline I start coding like a madmen, thinking about al the features I wanted to implement and realizing I would never make it in time.
That's the moment I switch to plan B. Which is creating the best possible demo I can present. Most of the time this does the trick. I would show my professors the demo and they wouldn't notice the completely broken application and the code that was hacked together.
Luckily I always managed to get good grades!

Who actually started the reign of mixed character passwords? because seriously it sucks to have an unnecessarily complex password! Like websites and apps requesting passwords to contain Upper/Lower case letter, numeric characters and symbols without considering the average user with low memory threshold (i.e; Me).

Let's push the complaint aside and return back to the actual reason a complex password is required.

Like we already know; Passwords are made complex so it can't be easily guessed by password crackers used by hackers and the primary reason behind adding symbols and numbers in a password is simply to create a stretch for possible outcome of guesses.

Now let's take a look into the logic behind a password cracker.

To hack a password,
1) The Password Cracker will usually lookup a dictionary of passwords (This point is very necessary for any possible outcome).
2) Attempts to login multiple times with list of passwords found (In most cases successful entries are found for passwords less than 8 chars).
3) If none was successful after the end of the dictionary, the cracker formulates each password on the dictionary to match popular standards of most website (i.e; First letter uppercase, a number at the end followed by a symbol. Thanks to those websites!)
4) If any password was successful, the cracker adds them to a new dictionary called a "pattern builder list" (This gives the cracker an upper edge on that specific platform because most websites forces a specific password pattern anyway)

In comparison:
>> Mygirlfriend98##
would be cracked faster compared to
>> iloveburberryihatepeanuts

Why?
Because the former is short and follows a popular pattern.

In reality, password crackers don't specifically care about Upper-Lowercase-Number-Symbol bullshit! They care more about the length of the password, the pattern of the password and formerly used entries (either from keyloggers or from previously hacked passwords).

So the need for requesting a humanly complex password is totally unnecessary because it's a bot that is being dealt with not another human.

My devrant password is a short story of *how I met first girlfriend* Goodluck to a password cracker!

It's always irked me that people can't RTFM simple things. But I've often just hacked my way through code, brute-forcing equations here and there until they work by trial and error. Nothing for an employer or anything, but nonetheless, I was not RTFMing. I was doing all the D and as little of the R as possible in R&D, just to save time. I'm trying to change that about myself. It's easier to implement systems when you properly understand them. No more hackery.

I suppose this rant was from me, about me.

A couple of weeks ago my work email got hacked, I found out because he/she was sending phishing mails to yahoo emailaddresses, but they couldn't be delivered because they were marked as phishing.

I've immediately changed my password and turned on two-factor authentication, shared my story with my boss and now we use two-factor authentication for every service where it is possible.

Got bit by a hacked repo. It was compromised for all of like 30-some seconds. No intrusions, but now I can't set my root password (passwd goes "oh, yeah, we got this" then it does... nothing...) and Weyland/X/Gnome/Cinnamon/KDE/whatever the kids use nowadays are all busted (they all start, but they just hang tty1 and whatever other console invoked it). Tried reinstalling all those kinds of things, didn't help.

fml

When I was making 3d floor planner I needed to cut holes in walls to make doorways. I couldn’t use 3d model of hole cause there isn’t 3d model of empty space and the hole itself required to be with adjustable size so I hacked backend model of door to add some data with empty 3d model and stored all of the positions instead to load that and cut those holes on walls manually.
So it become door without door model. Doorway.
It worked like a charm.

Friends, gather round for a story of "the user".

Two days ago I assisted a friend in reviving their scammed Instagram account with final confirmation it was back in their possession yesterday. I stated "make sure you clean out phone numbers, emails and change the password. WHATEVER YOU DO DON'T USE THE SAME PASSWORD"....I bet you know where this is going....

Queue 6:45am: "HELP! THEY DID IT AGAIN! THEY TOOK MY FACEBOOK THIS TIME TOO!" as a safety measure, I told her to link them for recoverability.....not thinking you just created a bridge to the facebook...

Now We're going through EVERY account BY HAND and changing EVERY password for EVERY service and enabling MFA. We've also learned the power that the forgot password button wields for everyone.

ProTip: If your friend was "hacked" be patient, friendly and soft to get every detail...sometimes you learn more and can position them better.

Now I'm upset with myself because I couldn't save their accounts and at this point we've lost the only footing we had to them. Social Media is a curse.

Ok... so I have a unique question/opportunity. I can't give all the details but here's the jist:

3yrs ago I was hired to consult a now prominent(still decently well known then) web-based company with many thousands of users, dealing with a lot of money and leveraging a social environment. They had several issues but initially they really needed me to find/train chat mods.

I did not take the offer for monetary reasons, like all consulting I've done, I had additional reason and/or fondness to fix the issues. In this case it was an interesting challenge and I knew several customers and some support staff so it'd be worthwhile.

They (without request) reduced their typical 2mo probationary period to 2wk for me. With less than a day left of that period, I was 'hacked' via a pushed telegram update, on the account they made me create for work purposes (they had control of the phone number not me).

During this 'hack' one of the 2, currently active, culprits sent a message to his tg account from the 'hacked' one and quickly deleted the entire convo. The other pretended (poorly) to be me in the chat with the mods in training (at least a few directly witnessed this and provided commentary).

Suddenly, I was fired without any rationale or even a direct, non-culprit, saying anything to me.

The 'hack' also included some very legit, and very ignorantly used, Ukrainian malware.

This 'hack' was only to a 2nd gen lenovo yoga I got due to being a certified refurbisher... just used for small bs like this chat mod/etc job. I even opened up my network, made honey pots, etc., waiting for something more interesting... nope not even an attempt at the static ip.

I started a screen recording program shortly after this crap started (unfortunately after the message sent be 'me' to the dude who actually sent it happened... so i still dont know the contents).

I figured I'd wait it out until i was bored enough or the lead culprit was at a pinnacle to fall from...

The evidence is overwhelming. This moron had no clue what he was doing (rich af by birth type)... as this malware literally created an unhidden log file, including his info down to the MAC id of his MacBook... on my desktop in real time (no, not joking... that stupid)

Here's my quandary... Due to the somewhat adjacent nature of part of our soon to be public start-up... as i dont want it to turn into some coat tail for our tech to ride on for popularity... it's now or never.

Currently im thinking, aside from any revenge-esq scheme, it'd be somewhat socially irresponsible to not out him to his fellow investors and/or the organisation that is growing with him as one of few at the forefront... ironically all about trust/safety/verification of admins in the industry.

I tried to reach out to him and request a call... he's still just as immature. Spent hours essentially spamming me while claiming it wasnt him but hed help me find whoever it was... and several other failed attempts to know what i had. When i confirmed he wasnt going to attempt a call, i informed him id likey mute him because i don't have time for back and forth bs. True to form he deleted the chat (i recorded it but its of no value).

So... any thoughts?

Okay this is my first time posting on this site. I've browsed it (definitely not in class) and the community looks beautiful, so I'm going to just kind of slide in here. Anyways this is the part where I use my caps lock button and type lots of naughty words I guess...

<rant type = 'school'>
Our programming classes are fucking DISMAL uuugh... Okay so we have four technology classes: Tech Exploration, Coding 1, Coding 2, and Intro to CS (a 'high school' level class)... So this means a fuck ton of kids in programming classes, mostly because I WANNA MAKE MINCERAFT AND BE A KEWL BOI LIKE GAME DEV BUT I'M ALSO A FUCKING IDIOT AND WILL NOT LEARN ANYTHING YAAAAAAY but that's a mood and so there's a fucking tidal wave of dumb kids in these classes. So right we're dealing with like 80 kids per class period. Sorry if I'm repeating myself but there are a FUCKTON of students. Now, we have... wait for it... ONE FUCKING TEACHER. ONE. I fucking swear this district does not give a SINGLE SHIT about possibly THE SINGLE FUCKING MOST IMPORTANT SUBJECT WHYYYYYY... Okay so the teacher is kinda overworked as fuck lol. She can't really teach eighty kids at once so she mostly gives us exercises from websites but when she can she teaches us shit herself and actually knows a good bit about her field of study. She's usually pretty grumpy, understandably, but if you ask her a good question that makes her think you can see the passion there lol. So anyways that's a mood. Now at the other school it's even worse. They have this new asshole as a teacher that knows NOTHING about ANYTHING IT IS SO FUCKING REDICULOUS OH MY UUUUUGH... THEY STILL DON'T EVEN KNOW WHAT A FUCKING LOOP IS LIKE OKAY YOU'VE BEEN TEACHING PROGRAMMING FOR A YEAR AND YOU'RE THE ONLY ONE TEACHING IT AT THAT DISTRICT SO MAYBE YOU SHOULD AT LEAST FUCKING TRY WHAT IS WRONG WITH YOU... so he just makes them do shit from a website and obviously can't do half of the shit he assigns it's so fucking sad... I swear this district is supposed to be good but maybe not for the ONE THING I WANT IT TO BE GOOD FOR. Funny story: in elementary school once I wrote down school usernames for people I didn't really know and shared them a google doc that said "you have been hacked make a more secure password buddy" etc etc and made them the owner and these dull shits report it to the principal... So I'm in the principles office... Just a fucking dumb elementary school kid lol and the principal is like hAcKiNg Is BaD yOu ShOuLd NoT dO iT and I'm like how did you know it was me... so he goes on to say some bullshit about 'digital footprint' and 'tracing' me to it... he obviously has no clue what he's saying but anyways afterwards he points to where it says last change made by MY SCHOOL ACCOUNT... HOW DULL CAN YOU FUCKING POSSIBLY BE IT WAS FROM MY ACCOUNT THAT LITERALLY PROVED THAT I DID --NOT-- 'HACK' INTO THEIR ACCOUNT YOU DUMB FUCK. Okay so basically my school is a burning pile of garbage but it's better than most apparently but it's GARBAGE MY GOD... Please fucking tell me it gets better...

okay lol that was longer than I thought it would be guess I just needed to vent... later I guess
</rant>

In my dream my devRant account was hacked 😐 and i thought it was something usual recently on devRant. I was typing my (email?) and like i was hacked on my computer too the input was something like this ے

I'm just fed up with the industry. There are so much stupidity and so much arrogance.
My professional experience comes mainly from the frontend and I feel like it's not as bad on the backend but I'm still convinced it's not really different:

I'm now about to start my 3rd job. It's always the same. The frontend codebase is complete shit. It's not because some juniors messed up not at all. It's always some highly paid self-proclaimed full-stack developer that didn't really care somehow hacked together most of the codebase.
That person got a rediculous salary considering the actual skill and effort that went into the code, at some point things became difficult, issues started to occur and that person left. If I search for that person I find next to the worst code via gitlens on Linkedin it's somebody that has changed companies at least two times after leaving and works now for a lot of money as tech-lead at some company.

There's never any tests. At the same time the company takes pride in having decent test coverage on the backend. In the end this only results in pushing a lot of business logic to the frontend because it would just take way to long to implement it on the backend.

Most of the time I'm getting told on my first day that the code quality is really high or some bullshit.

It's always a redux app written by people, that just connect everything to the store and never tried to reflect about their use of redux.
Usually it's people, that never even considered or tried not using redux, even if it's just to learn and experiment.

At the same time you could have the most awesome projects on github but people look at your CV, sum up the years and if you invested a lot of time, worked way harder to be better than other developers with the same amount of experience, it's totally irrelevant.
At the same time all companies are just the worst crybabies about not being able to find enough developers.

HR and recruiters are generally happy to invite somebody for an interview, even if that person does not have any code available to the public, as long as that person somehow was in some way employed in the industry for a couple of years. At the same time they wouldn't even notice if you're core contributor for some major open-source product if you do not have the necessary number of years in the industry.

I'm just fed up.
By the way, I got my first real job about two years ago. Now I'm about to start my third position because my last job died because of the corona crisis. I didn't complain for some time because I didn't want to look like I'm just complaining about my own situation. With every new job I made more money, now I'm starting for the first time at a position that is labeled "lead" in the contract.
So I did okay. But I know that lots of talented people that worked hard gave up at some point and even those that made it had to deal with way too much rejection.
At the same time there are so many "senior" people in the industry, that don't care, don't even try to get better, that get a lot of money for nothing.

It's ridiculously hard to get a food in the door if you don't have any experience.
But that's not because juniors are actually useless. It's because the code written by many seniors is so low quality, that you need multiple years of experience just to deal with all the traps.
Furthermore those seniors are so busy trying to put out the fires they are responsible for to actually put time into mentoring juniors.

It's just so fucked up.

So i worked in a book publishing place, an i was the only one there with computer education.
So i was talking to one of the guys there at lunch and told him that i hacked into a the oxford electronical dictionary and got an interview in the news.
so the first thing he asks me after that is:
"CaN yOU HAcK mE A RolEX FRoM Ebay???"

At that moment i lost my faith in humanity.

Blindsided by a project meeting 5 mins to end of day when I was super busy and I've spent all day dealing with shitty hacked together legacy code, requirements changing everyday and still no business solutions to some areas of the project. We already have one booked in for tomorrow at 10. What the fuck. Needless to say I pretty much shouted about everything to everyone. Fucking joke. Now I'm just mad at me for letting my blood boil externally

Ok, I need to vent a little bit about myself. Just got back from my 2 weeks vacations. Met with everyone, caught up on everything that has happened, booted my lap top and tried to ssh into the servers to see log files if anything out of the ordinary has happened.

Well, I was having "Permission denied (publickey)." . Well fuck. Tried on other servers and same thing.

I got panicked, thinking how the fuck did we get hacked? The ssh key is only on my laptop, and an encrypted backup exists only in Bitwarden account. If yes, why are the systems intact and working well? Kept scratching my head for hours. Well, I was trying to log in with user "root" instead of "admin". I always mistake these two names. Rusty brain ._.

Not my 'first' but the first outside of stupid little toy projects.

I got an internship back in 2016 while I was in 11th grade. Mine was sort of a college doing community outreach, so yeah, not really impressive of an internship.

But my manager handed me a Micro:Bit. At the time, there were like 1000 in the U.S. the U.K. was brainstorming, including them in school curriculums. My manager just told me to experiment and see what I could do with it.

Minimal requirements Minimal guidance outside of ideas now and then (he had doctorate students to manage so I get it lol), so I started just doing stupid small things with the micro python, the language the minimal back then documentation reccomended, like a 'lowest of poly' crazy taxi thing.

But by the end, I hacked together some HORRIBLY written C++ to get 2 of them to communicate. 1 always powered and gets a state from the other at regular intervals. The other is powered by a hand crank and sending the direction of the crank to the other.

I forget what the end goal was. But it was fun to learn, and thinking back, I did a lot in just 8 weeks

My manager gave me the first Micro:Bit on my last day. I don't do anything with it anymore. But it's a fun memory.

It was also around that time I found DevRant and needed you guys to knock my ego down a few pegs when my head over inflated, lol.

Back in the early noughties I had an interview for the new job. A couple days before the interview I've visited that company's website. There was search input. Of cause I've entered some hacky things into it. And after several attempts I hacked it. The site was down in an infinite loop.
Two days later I told interviewer about the bug and what I did to reproduce it. He was surprised and checked the website. It was still down the same way.
I was totally ashamed. I was supposed to report that problem somehow.
BTW I got the job:)

I once hacked my brain and track all my calls. I new when and who was about to call, simple mind. Control and it took me 3 month to learn , I believe anything is possible, there lots I learned about enhancing your mind , its real fun

Someone didn’t properly set the httpcookies domain for our staging and production websites. Yep, this was a C#/.NET site. The cookie domain for the staging site was set to the production domain instead of the staging domain (which was a subdomain). So if someone logged into the staging admin, that would also grant them access to production admin if they also had an account in the production site.

The staging site technically had an additional login to enter the site, but the username and password weren’t too hard to guess. It was like that for years until I was hired to be an in-house dev (the role was previously outsourced to a software development company).

The admin side of the website wasn’t very sophisticated. But there was enough personal identifying info for a hacker to do something with.

I don’t know how they weren’t hacked yet. Honestly, I’d tell my employer to go back to that software agency and ask for a refund and cite the shotty work.

Picked up javascript few months ago, hacked through the basics and shit was looking too complicated and all over the place, tried react and got hooked. So I'm going all in on React. Like how you just get to build real projects right from the start.

But hell, I love my Python

Is dilbert.com down/get hacked or did my IP get blacklisted?

1st time, I went today, all the comic strips were replaced with ads.

2nd, the site just hung in Chrome

But ....

After I turned on my VPN, the site was accessible...

I thought the weather app I was using was hacked because because it displayed Ukranian Village as my current/default location.

Somehow this zip code though is known by that...

Recent VM/Emulation Adventures:

The goal was to get TCP/IP and SSH running on whatever weird VM/emulated machine, and connect to the chatroom at chat.tcp.direct successfully.

Longhorn, somewhere late pre-reset: Crashes right after installer begins "Starting Windows", 0x7b from sum-match ISO. Fail.

TempleOS (well, Shrine, but y'know): Dear god. No. No, I am not writing SSH in HolyC myself *fuck that,* fail.

Slackware: oh ffs i gotta use fdisk to partition this damn thing? and it's not even the good fdisk? Oh, wait... it hangs. Fail.

WinME: shockingly, was *fairly* stable... until it hung up WASAPI and the hypervisor two frames into desktop rendering. Fail.

Mac OS 7: First-boot after install, immediate unknown trap. Just works, eh? Fail.

Amiga: After about 85 resets and 7 hours of constant fighting with WinUAE, I finally got TCP/IP working. (Required 10MB of total RAM and an FPU to connect.) Success!

Win98FE: just... PuTTY and done. Easy. (This was the warmup.) Success...

Other people's achievements so far:

- Minecraft using the new QEMU interface mod thing.
- Hacked smart fridge.
- iPhone, from custom initramfs.

Why are some defaults still so broken on Windows? Do they just not care or expect poeple will replace everything with third party stuff as the real defaults anyway?
Now through RDP connection stuff I have to spend more time on that #*?%&$§ OS and I would have expected the standard programs to work better. Here some of the stuff that really irks me:
* Groove Music sucks hard, how it doesn't let me edit playlists, but relies on its broken discovery of tracks. So I can play my old Eels songs from some subfolder in music folder, but only by manually loading each song. It never adds the songs to the list whereas the new NIN album is recognized. - It could have been nice, more of a lightweight Cessna, compared to that scary giant nineties Jumbo of media player?
* every time I use the snipping tool for a screen shot they suggest to use that screen sketch tool. I tried. Inside the RDP it was just unusable, when I tried to select the part of the screen. The selection cross wouldn't show or only too late. Unusable.
* using Internet Explorer as the default application for xml files. Sorry it's just so damn slow. And this smiley always gives me the creeps. (liveoverflow had one episode where he described his panic when he first saw an opening internet explorer: Uh, that strange face there, has it been hacked?) - but then nothing happens for a minute, I calm down, and open the file in some useful editor.

Experience with Plasma Mobile, part 2.

I was able to clone the official master repository and commit my hacks to it, but when I sent the pull request, the current active maintainer said that the master branch was actually severely out of date and to try the "halium-flash" branch.

So I did. I checked out the "halium-flash" branch and attempted to install Plasma Mobile. The bash file used to flash the phone still needed to be hacked around, though my previous commit was made irrelevant by the change. However, I did get it working on my phone.

So, here are my thoughts: It's most definitely not ready. The lock screen looks pretty and is well put together, and the "desktop" and icons for applications look very nice.

However, my phone does not have a physical "home" button, and Plasma Mobile to date does not have a digital "home" button. So, in order to close an application I have to literally reboot my phone.

As of yet there seems to not be any tactile feedback or visual feedback, which is odd when typing in the passcode to log into Plasma Mobile or trying to open an application.

Firefox crashes if you try to open it, and currently there are two choices of wallpaper. I haven't tried calling someone, but I'm fairly certain that Plasma Mobile does not support telephony on my phone type.

So, my verdict is still the same: I have great hopes for the Plasma Mobile project, but unless you are a developer who is interested in making it a better product, I would stay away for now.