Gets an email from office facilities.

Email - A package has been received under your name, please collect it at the mail room in the 5th floor.

Me (excited as hell) - Yay! My devRant stickers are finally here!!!!

Gets to the mail room as fast as she could only to find that the stupid package was a stupid promotional offer from a stupid bank sending me a stupid credit card that I never even asked for. That entire day was a disappointment :-(

When am I getting my stickers! It's been ages!

Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.

That time when...

He wrote a social media network with end-to-end encryption before it was cool.

He wrote custom 64kb encryption for his academic HDD.

He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.

He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).

He used only hashes of passwords as passwords (which isn't actually good).

He kept a drill on the desk ready to destroy his HDD at a moments notice.

He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.

He set up a new email account for each individual online service.

He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).

He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).

He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).

He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.

He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.

He bought a burner phone to visit the capital city.

He bought a burner phone whenever he left his hometown come to think of it.

He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).

He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.

(You might be noticing it's all he's. Maybe it is, maybe it isn't).

He ate a sim card.

He brought a balaclava to pentesting training (it was pretty meme).

He printed out his source code as a manual read-only method.

He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).

He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).

He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.

I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.

Earlier I signed up on this forum called NulledBB. Basically some hacker skiddie forum that had a dump of an archive I wanted, unfortunately behind a paywall which I didn't want to bother with.

On signup I noticed that I couldn't use my domain as an email address, as I usually do (the domain is a catch-all which means that mail addresses can be made up for each service I sign up to on the fly, super useful). They did expose the regex that they accepted email as however, which included something along the lines of "@live.*".

So I figured, why not register a subdomain live.nixmagic.com real quick and put that into the mail servers? Didn't take too long and that's what I eventually went with, and registered as somepissedoffsysop@live.nixmagic.com (which I have no trouble putting on a public forum as you'll see in a minute).

Still didn't manage to get that archive I wanted but I figured, fuck it. It's a throwaway account anyway. But eventually that email address started to receive spam. Stupid motherfucker of a forum operator with his Kali skidmachine probably leaked it.

Usually I just blacklist the email address in SpamAssassin by adding an additional spam score of 100 to email sent to such addresses. But in that case it didn't even sit on the main domain, thanks to that stupid regex block from earlier... 😏

*Logs into my domain admin panel*
*Le rm on the live.nixmagic.com record*

Null routed entirely.. nulled, if you will! 🙃

Why are clients so ignorant and stupid?!

Send them the software with specific instructions WHERE to install it. Location is important as it is a plugin for AutoCAD.

First mail with complains about the plugin doesn't work. Find out (in the mail they sent internal) that they installed the plugin somewhere else than I instructed them.

Sent an email back with (again) an explanation why it doesn't work and where to install the plugin.

Email from client: So I put the plugin here [incomplete and invalid location] and create the last folder myself...

FOR FUCK SAKE SRUPID ASS IGNORANT DOWN SYNDROM (sorry folks) MOFO CLIENT!!!!
I SENT YOU UP TO 3 TIMES WHERE TO PUT THE GODDAMNED PLUGIN!

I've promised to do the Mozilla rant about the whole meritocracy thing a few days ago.. well, this is that. Along with some other stuff along the way. Haven't ranted for a couple of days man, shit happened! But losing 6 days that could've been spent on finishing my power supply project.. to a stupid cold, it got a little bit on my nerves, so that's what I've been working on for the time being. Hopefully I'll be able to finish it up in a couple of days.

1. COCKtail party thingy

Turns out that there's this conference in Brussels in a couple of days about the whole Article 13 copyright stuff. I've been letting a mail to the MEP's about it mature on my systems for a while now.. well, maturing or procrastinating, you be the judge 😛
Now I'm glad that I waited with that though. It's mostly a developer-centric insight into how the directive would be a horrible idea.. think AI, issues with context recognition, Tom Scott's video on Penistone and Scunthorpe etc etc. But maybe I can include some stuff from the event afterwards.
Also, if you're coming to the conference too, do let me know! Little devRant meet while we're at it, it'd be fucking great! I'll try to remember to bring my Christmas ducks, they've got these cute little Santa hats 😋

(P.S.: about the whole COCKtail, I saw the email while drunk and during registration I had to choose an email address.. I figured, feminazis are doing such a great job at going out of their way to find offense in everything, I figured that I'd make their job a little bit easier by sending a COCK bomb in my registration mail address, in the hopes that it finds its way to one of them.. evil, I know XD)

2. The whole feminazi stuff at Mozilla

So Mozilla hates meritocracy now? I've been wanting to rant about the big bad meritocracy for a while now. Thank you Mozilla for giving me an incentive to actually do it!

Meritocracy, feminazis think it's bad because it's about power relationships and discrimination, right? But what if I told you that that is exactly what makes great software great. Good code, good merit, is what's welcomed in software development.. or at least it should be. Because it's a job of fucking knowledge, experience, and quality! Also, meritocracy is a great thing because nobody cares if you're a professional developer in a suit, getting paid to work on a piece of OSS, or a homegamer neonazi who's coding shit in their underwear while wanking to child porn.. nobody fucking cares. If your code, your merit, is good, contribute ahead! Super inclusive, yet apparently bad because bad code is excluded to ensure the health of the project.

So what is the alternative to the big bad meritocracy? Inclusion (or as it's looked like in practice, more like exclusion) based on gender/sex, political orientation, things like that. But not actual fucking merit, the ability to write good code. How the fuck is politics and gender going to be any good at all to an inherently meritocratic craft?! Oh but yeah, it's great for inclusion. It's like females in tech. Artificial growth is just a matter of growth numbers and the only folks who like it are fucking HR and wanketeering cunts, and feminazis. Merit, that's what matters!! And have you ever considered that females are generally not interested in technology? Or for that matter, where's our inclusion movement for men in healthcare?! Gender equality my ass.

That's just my two cents on it of course. Meritocracy shouldn't be abandoned in tech. And even if it's just a matter of calling it something else. How the fuck is it a good idea to not call a pot a fucking pot just because someone might take offense at it?! It's meritocracy, call it fucking meritocracy!!! And while we're at it, call a master a fucking master and a slave a fucking slave!

Today I saw someone reading an email on hard copy. I suppose he casted it to just mail.

!rant && advice
I am an Android Developer, but about to start my final year. I got a mail from a company telling me saying...
"... and we are looking for problem solvers like you.

We Invite your CV and look forward to hearing back from you."

Stupid it may sound, but how do I reply to them? Do I also send a cover letter? If yes, what do I write? What do I mention in the email?

Thanks.

My IT-teacher has a website. Aside from it looking like from 1980 (which is ok), he has a "security js Mail decryption":
In his page there is a <script> with a simple yet custom de/encrypt function. Then his E-Mail is an <a href="javascript:mailto:function('rubberish173848'>private email</a>. (Or something like that)

You can just run this link (open email app and read it) or use the same function and same href in the browser console and read it. It sounds so stupid.

(Yet I figured out he probably doesn't want bots to spam his mail, so maybe I am stupid)

The global joke of Information Security

So I broke my iPhone because the nuclear adhesive turned my display into a shopping bag.

This started the ride for my character arc in this boring dystopia novel:

Amazon is preventing me from accessing my account because they want my password, email AND mobile phone number in their TWO.STEP Verifivation.
Just because one too many scammers managed to woo one too many 90+y/o's into bailing their long lost WW2 comrades from a nigerian jail with Amazon gift cards and Amazon doesn't know what to do about anymore,

DHL is keeping my new phone in a "highly secure" vault 200m away from my place, waiting for a letter to register some device with a camera because you need to verify your identity with an app,

all the while my former car insurance is making regress claims of about 7k€ against me for a minor car accident (no-one hurt fortunately, but was my fault).

Every rep from each of the above had the same stupid bitchass scapegoat to create high-tech supra chargers to the account deletion request:

- Amazon: We need to verify your password, whether the email was yours and whether the phone number is yours.

They call it 2-step-verification.

Guess what Amazon requests to verify you before contacting customer support since you dont have access to your number? Your passwoooooord. While youre at it, click on that button we sent you will ya? ...

I call this design pattern the "dement Tupi-Guarani"

- DHL: We need an ID to verify your identity for the request for changing the delivery address you just made. Oh you wanted to give us ANOTHER address than the one written on your ID? Too bad bro, we can't help, GDPR

- Car Insurance: We are making regress claims against you, which might throw you back to mom's basement, oh and also we compensated the injured party for something else, it doesn't matter what it is but it's definitely something, so our claims against you just raised by 1.2k. Wait you want proof we compensated something to the injured at all? Nah mate we cant do that , GDPR. But trust me, those numbers are legit, my quant forecasted the cost of childrens' christmas wishes. You have 14 days or we'll see you in court haha

I am also their customer in a pension scheme. Something special to Germany, where you save some taxes but have to pay them back once you get the fund paid out. I have sent them a letter to terminate the contract.

Funniest thing is, the whole rant is my second take. Because when I hit the post button, devrant made me verify my e-mail. The text was gone afterwards. If someone from devRant reads this, you are free to quote this in the ticket description.

Fuck losing your virginity, or filing your first tax return, or by God get your first car, living through this sad Truman dystopia without going batshit insane is what becoming a true adult is.

I am grateful for all this though:

Amazon's safety measures prevented me from spending the money I can use to conclude the insurance odyssey, and DHLs "giving a fuck about customers" prevention policies made me support local businesses. And having ranted all this here does feel healthy too. So there's that.

Oh, cherry on top. I cant check my balance, because I can only verify my login requests to my banking account wiiiiiiith...?

when you have to validate an email address to fit the requirements of some stupid mail software

(^$|^([^<>()\[\].,;:\s@!&#$%+'{}|~*="]+(\.?[^<>()\[\].,;:\s@!&#$%'{}|~*="]+)*))@((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}|(([a-zA-Z\-0-9]+.)+[a-zA-Z]{2,})$)

I'm not even sorry.

That time when I requested someone from a different department to include the ID row in their database excerpt. Me, having the lowest possible status in the company, did not know the who I wrote to was the boss over at the other department. So I ask straight forward: "Could you please include the ID row?"

Then a damn long email comes back stating that there was absolutely no time for stupid shit as mine. There existed no ID row and I would only waste his time. All further requests should be route via my boss.

So, fuck, he's pissed. So what he deserve? A shit load of honey right into his mouth, like he wants to.
That company had a huge ass hierarchy in job positions and I was at the bottom. So I write my oh-im-so-sorry-mail.

~I never knew what position he had and that I would of course fuck off with my stupid request.~

What was his response?

Oh, yeah, thanks. Have a look into the attachment, is that the ID row you requested?

Yeah, as one can guess, it was.
Stupid honeyfucker. Of course an ID row exists, duh.

I'll try to pay back some smaller credit by one large credit...

Hence I need to contact the banks and get one (!) fucking frigging stupid piece of paper which lists the account number and the amount of money I need to pay back.

Sounds simple ...

Well.

One bank just answered my email request by sending me that piece of paper. Except they didn't have any validation of my identity.

Yes. They answered the request of 'I want to pay back the credit in full, can u send me the necessary documents?' (more formal of course) with confidential data without any more credibility than my email address.

YAY.

Another bank requests a telephone call for identity validation and sending back a signed form via postal service...

Another bank just needs a PDF sent via mail with an electric signature (yeah. They were aware of what that means - I was shocked and confused) or a "qualified signature matching previous documents" (translated from German).

The last one offers a WhatsApp number - send a GIF / JPG or video and we answer directly.

I need to reach a higher state than drunk.

It's not funny to know how confidential data gets mistreated by companies who should have the highest security.

They want what?! Call me away from vacation even though I'm not employed there anymore because they are to STUPID to read a FUCKING EMAIL?!

I sent the mail to THREE PEOPLE with the path to the docs and friggin TRIPLE CHECKED THE PATH AND FILES...

"Yeah could you please be there tomorrow morning?"

Imagine a web way ahead of our time where its size goes beyond our imagination...

This is my first rant, and I'll cut to the chase! I don't like how web currently stands. Here's what makes me angry the most altough I know there's a myriad of solutions or workarounds:

- A gazillion credentials/accounts/services in your lifetime.

- Everyone tries to reinvent the wheel.

- There's no single source of truth.

- Why the fuck there's so much design in a vision that started as a network of documents? Why is it that we need to spend time and energy to absorb the page design before we can read what we are after?

- What's up with the JS front end frameworks?! MB's of code I need to download on every page I visit and the worse is the evaluation/parsing of it. Talk about acessibility and the energy bills. I don't freaking need a SPA just give a 20-50ms page load and I'm good to go!

- I understand that there's a whole market based on it but do we really need all that developer tools and services?

- Where's our privacy by the way? Why the fuck do I need ads? Can't I have a clue about what I wan't to buy?

Sticking with this points for now... Got plenty more to discuss though.

What I would like to see:

A unique account where i can subscribe services/forums/whatever. No credentials. Credentials should be on your hardware or OS. Desktop Browser and mobile versions sync everything seemlesly. Something like OpenID.

Each person has his account and a profile associated where I share only what I want with whom I want when I want to.

Sharing stuff individually with someone is easy and secure.

There's no more email system like we know. Email should be just email like it started to be. Why the hell are we allowing companies to send us so much freaking "look at me now, we are awesome", "hey hey buy from me".. Here's an idea, only humans should send emails. Any new email address that sends you an email automatically requests your "permission" to communicate with you. Like a friend request.

Oh by the way did I tell you that static mail is too old for us? What we need is dynamic email. Editing documents on the fly, together, realtime, on the freaking email. Better than mail, slack and google docs combined.

In order for that to work reasonably well, the individual "letter" communication would have to be revamped in a new modern approach.

What about the single source of truth I talked about? Well heres what we should do. Wikipedia (community) and Larry Page (concept) gave us tremendous help. We just need to do better now.

Take the spirit of wikipedia and the discoverability that a good search engine provides us and amp that to a bigger scale. A global encyclopedia about everything known to mankind. Content could be curated from us all just like a true a network.

In this new web, new browser or whatever needed to make this happen I could save whatever I want, notes, files, pictures... and have it as I left it from device to device.

Oh please make web simple again, not easy just simple and bigger.

I'm not old by the way and I don't see a problem with being older btw.

Those are just my stupid rants and ideas. They are worth nothing. What I know for sure is that I'll do something about or fail trying to.

Did you ever had to integrate a fucking "API" that is done via mail bodies?

Fuck this shit! Who need responses about success or failure?! Guess this will take a long time to test this fucking piece of garbage... We don't get a test system, we need to test this with the production system of the other company. I hope their retarded application crashes when receiving malicious mails.

Not speaking about security, I bet everyone can send a mail to their stupid mail address and modify their data 🙈

And inside of this crap mail you also have to send the name, street and email of their company. Why do you fucking need this information?!

/rambling

Arghhh!

Okay, so have just been having a play with Mailgun's webhook functionality (a client finally has a decent use for these).

I setup a test endpoint that sends a mail via Mailgun and then handles the POST data too. It emails myself the raw POST request response from Mailgun when I open the email. Mailgun fire an event their end when they detect the message has been opened.

All is good apart from Mailgun are posting multiple requests for each event, which is annoying.

After an hour messing around and getting annoyed I have a complete face palm moment.

In my test script Mailgun is called is send my notification email! So I'm creating multiple events for the same test message.

i.e. send original message, receive post back from Mailgun to my endpoint, my script then emails me the result using Mailgun. The latter itself generates its own events again.

Sooooo stupid of me to not notice something so obvious :(

Today marks the second day of me having to build an email template and I never hated anything more in my life than that. WHY DOES IT HAVE TO BE SO COMPLICATED? WHY CAN'T THEY UPGRADE THEIR STUPID RENDERING ENGINES SO WE CAN USE MORE MODERN METHODS?!? Sorry but I don't want to create an E-Mail and having to pretend its 1995. The table view is so outdated and I'm aware of the fact that some clients support divs but not Outlook (Outlook itself sucks pretty hard but thats another story). I just wanna be able to use grid, flex, etc. to build my template.
I HATE MY LIFE

That lovely moment, when I have to spend an hour on mail delivery issue, only to find out the message was flagged as spam due to a faulty dns blacklist.

Though the way it got flagged is idiotic and funny at the same time, too.

The blacklist domain got parked, dunno why, and of course, all of the dns queries thus got redirected to a different dns server that just returned the A records of the dns park owners.

Guess what that causes when you use that blacklist? Every single email gets flagged, including that one of ours that I had to debug.

Fml, an hour of overtime for a stupid malfunctioning blacklist...