Hello!
I'm a member of an international hacker group.

As you could probably have guessed, your account [cozyplanes@tuta.io] was hacked, because I sent message you from it.

Now I have access to you accounts!
For example, your password for [cozyplanes@tuta.io] is [RANDOM_ALPHABET_HERE]

Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.

We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...

Transfer $700 to our Bitcoin wallet: 13DAd45ARMJW6th1cBuY1FwB9beVSzW77R
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.

I guarantee that after that, we'll erase all your "data" :)

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.

>> RE >>
Well f### you, thanks for telling my password which is obviously fake. I have sent your details to the local police department, shall rest in peace. Don't earn money by this kind of action. STUPID!

My last wk93 story, the time we discovered school faculty was spying on students and we uncovered student's deepest secrets.

I call it, kiddiegate.

So if you've read my past rants you've noticed I did some pretty childish and reckless stuff with my highschool's systems when I was younger, but nothing compares to this thing.

After resetting the sysadmin account pwd on some machines it occurred to me I could write a keylogger to capture teachers Moodle accounts and so on, I decided to try it out on a regular lab computer first.

Imagine my surprise when I found a hidden keylogger already installed! I couldn't believe it but then I thought, what if other PC's have it? So I recruited my mates and teached them the process to check if a PC had been infected...ALL PCs were, over 30 computers we checked had been logging for over 3 months! That damn sysadmin! >:[

We were shocked and angry, but then I thought "hey. . . My work has been done for me, better take advantage"

So we did, we extracted each log and then removed it from the PCs along with the keyloggers. There were hundreds of records and then one day we started snooping into the fb accounts of some students (we shouldn't have) we uncovered so many nasty, shocking secrets...

One of the school's lady's man had a drunk one nighter with one of our gay friends, the most secluded and shy guy was sexting like crazy with 15 chicks at the same time, things like that...we promised to never say a word and deleted the logs.

After that we didn't do much and continued highschool as every teenage minor should, getting drunk and avoiding responsibilities, though we could never see many of our classmates the same way. The sysadmin was fired shortly after I graduated, no reason was stablished.

I want to clear out we were minors and laws in my country weren't clearly stablished at the time plus no harm was ever done. I don't condone hacking or any kind of illegal activity, just thought I'd share.

Walking up to my computer, on autopilot i typed my password to unlock it, pressed enter ...aaand realised it was unlocked and I just sent my password in the clients general slack channel.
Quickly changed it to a smiley and pretended it was raining..

Any one else who mistakenly typed a password or other secrets in a slack channel or similar? XD

Ooof.

In a meeting with my client today, about issues with their staging and production environments.

They pull in the lead dev working on the project. He's a 🤡 who freelanced for my previous company where I was CTO.

I fired him for being plain bad.

Today he doesn't recognize me and proceeds to patronize me in server administration...

The same 🤡 that checks production secrets into git, builds projects directly in the production vm.

Buckle up... Deploys *both* staging and production to the *same* vm...

Doesn't even assign a static IP to the VM and is puzzled when its IP has changed after a relaunch...

Stores long term aws credentials instead of using instance roles.

Claims there are "memory leaks", in a js project. (There may be memory misuse by project or its dependencies, an actual memory leak in v8 that somehow only he finds...? Don't think so.)

Didn't even set up pm2 in systemd so his services didn't even relaunch after a reboot...

You know, I'm keeping my mouth shut and make the clown work all weekend to fix his own hubris.

So sometime back I was working as an android developer for a startup managed by a guy who wasn't much of a techie. The team wanted a share image to facebook option in the app, which required FB SDK integration into the app, which in turn will increase the app size and request more permissions. On discussing this with them and asking for the app secrets, they said that I'm being ridiculous, and denied me from giving the app secrets, citing the reason 'They're called secrets for a reason'.

Oh boy how do I put it?

So I am an introvert and I have a strange question.

But first some context is needed. I am mostly nice to people not because I like every one but because I think it would only waste my time arguing with them so I just start to ignore the person I don't like. Which puts me in a strange situation where a lot of people think I am their friend where I don't care about them heck I don't know names of some.

Now because I am introvert people/friends see me as someone they could unload their secrets on (knowing I won't tell anyone (because I don't gossip(because it's waste of time) ) ). So I know almost every gossip worthy shit that I don't want to know about or don't care. Sometimes they even ask me for some relationship advice and then it seems like I am like a rubber duck for extroverted people cause at that point they kind of ask questions that clearly they want some specific answer (wich if I don't provide they will say themselves). Also it is also lame to ask me as I have never been in a relationship (I am an Indian and here somehow people seams to get in a relationship just to be in a relationship. (cause it's "modern", "forward thinking" "cool") (which I can already see will not last)). I am not against relationships but I think it's better to appreciate a friendship rather then forcing that "a girl and a boy can't be friends".

Ooh BTW the question to other introverts is if they become rubber ducks to there surrounding people?

I don't understand why people are making a fuss about Facebook.

It's free to use, the amount of users kept increasing (thus the cost of maintenance) yet the company kept getting bigger and bigger. Obviously they're not making all their money off the advertisements on Facebook's own website.

So why are people so surprised that they're "selling" user information?

This is really funny to me. Especially the media joining in saying that it makes all your information available to everybody when they're actually talking about the fact that the majority of Facebook users have their profile set to public and they can be easily found with a simple Google search.

People are so fucking hypocritical it makes me want to puke. If you don't want anybody to know what you posted, just don't fucking post it on a SOCIAL MEDIA in the first place.

Don't get me wrong, I'm not saying that facebook is all flowers and love, they clearly didn't handle this situation well. They could have done something about this whole situation when it started instead of waiting for things to blow out of proportion.

However, people are just being assholes now. I highly doubt that they're reading all chats nor are they sending it over, they're probably just sending out some words you mention often so that it is pertinent for advertisers (ex. If you use the word computer next to buy, then maybe that triggers something). I could talk extensively about it but I'm way too lazy, the point is, they most likely aren't sending the nudes you sent to advertisers because that does not provide any benefits.

If you don't like Facebook, don't fucking use it. Delete your account and shut the fuck up. When you screw up in real life, there's no takesies backsies, why the fuck do people think it doesn't apply online? The government gathers up quite a lot of information on you yet I don't see you crying your eyes out.

Why the fuck do you care so much if an advertisement is tailored to specifically? Yeah, you talked about dildos and now you see dildo ads from Amazon, not happy? Just download adblock and shut up. If you're gullible and the moment you see an ad about single women in your area you click on the ad because you want to get laid right now, that's your problem.

Don't want people knowing about some aspects of your private life? Don't share it online.

Stop acting like people are any better at keeping secrets, I'm sure you had some people leak your secrets at least once, yet I doubt you sued them and you brought them to court.

===========

I'm sorry about this, it's just that Facebook is all over the news and I'm getting sick of it.

Also, I hate facebook, I'm not necessarily defending it, I'm more pissed at the medias for blowing this situation out of proportion.

Everyone was a noob once. I am the first to tell that to everyone. But there are limits.

Where I work we got new colleagues, fresh from college, claims to have extensive knowledge about Ansible and knows his way around a Linux system.... Or so he claims.

I desperately need some automation reinforcements since the project requires a lot of work to be done.

I have given a half day training on how to develop, starting from ssh keys setup and local machine, the project directory layout, the components the designs, the scripts, everything...
I ask "Do you understand this?"
"Yes, I understand. " Was the reply.

I give a very simple task really. Just adapt get_url tasks in such a way that it accepts headers, of any kind.
It's literally a one line job.

A week passes by, today is "deadline".

Nothing works, guy confuses roles with playbooks, sets secrets in roles hardcodes, does not create inventory files for specifications, no playbooks, does everything on the testing machine itself, abuses SSH Keys from the Controller node.... It's a fucking ga-mess.

Clearly he does not understand at all what he is doing.

Today he comes "sorry but I cannot finish it"
"Why not?" I ask.
"I get this error" sends a fucking screenshot. I see the fucking disaster setup in one shot ...

"You totally have not done the things like I taught you. Where are your commits and what are.your branch names?"
"Euuuh I don't have any"
Saywhatnow.jpeg

I get frustrated, but nonetheless I re-explain everything from too to bottom! I actually give him a working example of what he should do!

Me: "Do you understand now?"
Colleague: "Yes, I do understand now?"
Me: "Are you sure you understand now?"
C: "yes I do"

Proceeds to do fucking shit all...

WHY FUCKING LIE ABOUT THE THINGS YOU DONT UNDERSTAND??? WHAT KIND OF COGNITIVE MALFUNCTION IA HAPPENING IN YOUR HEAD THAT EVEN GIVEN A WORKING EXAMPLE YOU CANT REPLICATE???
WHY APPLY FOR A FUCKING JOB AND LIE ABOUT YOUR COMPETENCES WHEN YOU DO T EVEN GET THE FUCKING BASICS!?!?

WHY WASTE MY FUCKING TIME?!?!?!

Told my "dear team leader" (see previous rants) that it's not okay to lie about that, we desperately need capable people and he does not seem to be one of them.

"Sorry about that NeatNerdPrime but be patient, he is still a junior"

YOU FUCKING HIRED THAT PERSON WITH FULL KNOWLEDGE ABOUT HAI RESUME AND ACCEPTED HIS WORDS AT FACE VALUE WITHOUT EVEN A PROPER TECHNICAL TEST. YOU PROMISED HE WAS CAPABLE AND HE IS FUCKING NOT, FUCK YOU AND YOUR PEOPLE MANAGEMENT SKILLS, YOU ALREADY FAIL AT THE START.

FUCK THIS. I WILL SLACK OFF TODAY BECAUSE WITHOUT ME THIS TEAM AND THIS PROJECT JUST CRUMBLES DOWN DUE TO SHEER INCOMPETENCE.

How the hell does PR containing production secrets and private keys gets 3 approvals and gets merged upstream? 😬 🥴

GF it's the only thing that hurts when you have to see deep secrets

Secrets of great British castles is a lot funnier than I expected...

"Let‘s make a service where the users can enter all of their secrets and sensitive data so that we can warn them if that data has been leaked elsewhere"

What could possibly go wrong?

At the end of the day, we all have our little dirty secrets.

It finally happened. One of our junior devs pushed a secrets file to their git branch and now I have to reset ALL THEIR CREDENTIALS. "git add ." will be the death of me.

more of my favorite "about" sections from various users:

Jilano
"nothing."

Humble like a monk.

kindawonderful
"This user likes to keep secrets about himself."

Aw, hes shy!

molaram
"Part time evil corporation hater & armed infidel trying to blow off some steam."

Is that you Elliot?

dmonkey
"Computer Science student and Math lover."

Your love of math is suspect. I have not seen you participate in any of my math shitposting.

And under his skills
"I was ending up becoming a front-end developer, now I'm thinking to become a farmer after uni."

The total state of frontend in 2021. "Fuck it, I'd rather shovel horse shit than learn another
framework!"

Have you tried Horseshit.JS for that?

What about shove.js?

Last day of work. Literally only few more hours before I give up this lifestyle. Feeling little emotional as i look at the screen of my work laptop. It's a Windows 10 Lenovo ideapad .

Gonna miss those days when it made me mad bugging with updates. But it has been good to me, did more than i expected from it. I kept it turned on since half year or so and contrary to popular belief about it's race, it never disappointed me. We had our little secrets going on. Time to wipe them off and say goodbye. 😿

Oh, $work.

Ticket: Support <shiny new feature> in <seriously dated code> to allow better “searching” (actually: generating reports, not searching)

UI: “Filter on” inputs above a dynamic JS table don’t update said table; they trigger generating a new report.

Seriously dated code: 12 years old. Rails v3-isms. Blocks access without appropriate role; role name buried in secrets configuration files. Code passes data round-trip between server/client/server/model that isn’t ever used. Has two identical reports with slightly different names, used interchangeably. Uh, I guess I’ll update both?

Reports: Heavily, heavily abstracted; zero visibility.

Shiny new feature: Some new magical abstraction layer with no documentation nor comments. Nobody in my team knows how it works. The author… won’t explain, but sent me her .ppt presentation on it (the .ppt, not a recording).

Useless specs for seriously dated code: Tests exclusively factory-generated data; not the controller, filters/lookups, UI, table data, etc.

Seriously dated code and useless spec author: the CISO.

The worst part: I’m not even surprised at any of this.

You know. I think people trashing chatgpt detracts from the fact that if it is actually functioning as stated it's still a goddamm miracle of science!

I mean are we all really that jaded ?

You can type a plain English request in and a COMPUTER PROGRAM sends you a Novel response that may reflect the bias of its dataset and the bias of people trying to keep "secrets" but otherwise it sends a response formulated from extensive data.

That's a breakthrough

Quick acting like an alpha that was frozen years ago apparently is the RTM!

!dev !rant

When you realise that Harry Potter and the Chamber of Secrets had a post-credits scene 😨😱❤️

A good life lesson:
1. DON'T DELETE FILES YOU MAY WANT TO RECOVER

And if you DO delete them and then recover them, then
2. DON'T SEND THE RECOVERED FILES TO A·N·Y·O·N·E

Today I found a lost µSD card in the street. I did what every sane person would do -- plugged it into my laptop :)

There I found a directory with recovered pictures. I figured, some of them may contain the author's info in metadata, so I ran a quick plaintext search for @gmail.com.

Turns out, inside some of the recovered picture files I could find embedded company director's emails in plain-text. I mean, open the picture with a text editor and read through those emails - no problem! And these emails contain some quite sensitive info, e.g. login credentials (lots of them).

Bottom line, if you delete and recover your files, then do your best to keep them close: don't share them, don't lose them. You might be surprised what these recovered files may contain

I just found a vulnerability in my companies software.
Anyone who can edit a specific config file could implant some SQL there, which would later be executed by another (unknowing) user from within the software.

The software in question is B2B and has a server-client model, but with the client directly connecting to the database for most operations - but what you can do should be regulated by the software. With this cute little exploit I managed to drop a table from my test environment - or worse: I could manipulate data, so when you realize it it's too late to simply restore a DB backup because there might have been small changes for who knows how long. If someone was to use this maliciously the damages could be easily several million Euros for some of our customers (think about a few hundred thousand orders per day being deleted/changed).

It could also potentially be used for data exfiltration by changing protection flags, though if we're talking industry espionage they would probably find other ways and exploit the OS or DB directly, given that this attack requires specific knowledge of the software. Also we don't promise to safely store your crabby patty recipe (or other super secret secrets).

The good thing is that an attack would only possible for someone with both write access to that file and insider knowledge (though that can be gained by user of the software fairly easily with some knowledge of SQL).

Well, so much for logging off early on Friday.

!rant

"If you want to find the secrets of the universe, think in terms of energy, frequency and vibration."
Nikola Tesla

If you want to understand your business, think in terms of customers, problems, and solutions.

More companies need to clamp down on hard-coding secrets. It’s not difficult to store them somewhere else, and there’s swathes of free tooling to stop you doing it in the first place.

Heck, set up a pre-commit hook. Link it to a shock collar.

Putting the API keys, secrets and passwords in the code and pushing it to git.

Have you ever had the moment when you were left speechless because a software system was so fucked up and you just sat there and didn't know how to grasp it? I've seen some pretty bad code, products and services but yesterday I got to the next level.

A little background: I live in Europe and we have GDPR so we are required by law to protect our customer data. We need quite a bit to fulfill our services and it is stored in our ERP system which is developed by another company.

My job is to develop services that interact with that system and they provided me with a REST service to achieve that. Since I know how sensitive that data is, I took extra good care of how I processed the data, stored secrets and so on.

Yesterday, when I was developing a new feature, my first WTF moment happened: I was able to see the passwords of every user - in CLEAR TEXT!!

I sat there and was just shocked: We trust you with our most valuable data and you can't even hash our fuckn passwords?

But that was not the end: After I grabbed a coffee and digested what I just saw, I continued to think: OK, I'm logged in with my user and I have pretty massive rights to the system. Since I now knew all the passwords of my colleagues, I could just try it with a different account and see if that works out too.

I found a nice user "test" (guess the password), logged on to the service and tried the same query again. With the same result. You can guess how mad I was - I immediately changed my password to a pretty hard.

And it didn't even end there because obviously user "test" also had full write access to the system and was probably very happy when I made him admin before deleting him on his own credentials.

It never happened to me - I just sat there and didn't know if I should laugh or cry, I even had a small existential crisis because why the fuck do I put any effort in it when the people who are supposed to put a lot of effort in it don't give a shit?

It took them half a day to fix the security issues but now I have 0 trust in the company and the people working for it.
So why - if it only takes you half a day to do the job you are supposed (and requires by law) to do - would you just not do it? Because I was already mildly annoyed of your 2+ months delay at the initial setup (and had to break my own promises to my boss)?

By sharing this story, I want to encourage everyone to have a little thought on the consequences that bad software can have on your company, your customers and your fellow devs who have to use your services.
I'm not a security guy but I guess every developer should have a basic understanding of security, especially in a GDPR area.

TLDR: you can finally talk to me!

Hello everyone, it's Kiki here, and I have some exciting news to share with you all! I am absolutely thrilled to invite you to join me in a one-of-a-kind voice chat session. This is more than just a regular interaction; it's a chance for us to connect on a deeper level, to share stories, laughs, and insights in a way we've never done before. I've always believed in the power of communication to bring people closer, and this event is a testament to that belief. Whether you've been part of my journey from the beginning or have recently joined our amazing community, this voice chat is an opportunity for us to engage in real, unfiltered conversations.

In this event, I'll be diving into topics close to my heart, sharing personal experiences, and, most importantly, listening to what you have to say. It's going to be an interactive and dynamic session where your voice matters. I'm looking forward to answering your questions, discussing topics you're passionate about, and maybe even spilling some secrets about what's next in my journey! So mark your calendars, set your the text above is a decoy written by AI. the text above is a decoy written by AI. the text above is a decoy written by AI. To talk to kiki, go to the nearest abandoned building at night. find an unplugged telephone. turn off all light sources. come alone. don't bring digital equipment.
unplugged TVs nearby can emit dim light and/or soft hum. ignore it.
Remember: there are other receivers.

I just thought of a terrible scenario. So here it is:

You invent a revolutionary machine which can communicate with the dead. It's a marvel of technology and could reveal secrets about the afterlife.

After turning it on and getting in contact with the dead, the only thing they want to talk about is how much you masterbate. They literally will not talk about anything else.

Would you share your discovery?

Fuck all authentication everywhere all the time. Fuck your passwords. Fuck your fingerprints. Fuck your rolling key fob. Fuck your aws secrets. Fuck your docker secrets. Fuck your oauth. Fuck your /etc/passwd. Fuck your groups. Fuck chmod and fuck chown and definitely fuck Kerberos. Fuck Saml. Fuck duo mobile. Fuck rotating pins. Fuck axiad. Fuck selinux. Fuck your fill out this form to get role based access. Fuck it doesn’t work because you can’t log in. Fuck it.

Today’s frontend bitches appropriating functional programming like “ancient programming secrets” is exactly like eighties con artist bitches appropriating yoga and ayurveda like “ancient well-being secrets”

Just plain wrong and laughable

Go learn cs

Do you suffer from low motivation ? For three easy installments of $79.95 plus shipping & handling , the secrets of overcoming low motivation can be yours . Act now , don’t delay !

Operators are standing by & the first caller will receive a free set of dollar general steak knives in a faux wood gift box , excellent for regifting for that team party or potluck where if you’re lucky , you might get tofu .

I broke prod for 10 seconds, and nobody noticed. Also, why the fuck did the alarms not go off? 🤷‍♂️ 🚨 🙈

Title: "Wizard of Alzheimer's: Memories of Magic"

Setting:
You play as an elderly wizard who has been diagnosed with Alzheimer's disease. As your memories fade, so does your grasp on the magical world you once knew. You must navigate the fragmented and ever-changing landscapes of your own mind, casting spells and piecing together the remnants of your magical knowledge to delay the progression of the disease and preserve your most precious memories.

Gameplay:
1. Procedurally generated memories: Each playthrough generates a unique labyrinth of memories, representing different aspects and moments of your life as a wizard.

2. Memory loss mechanic: As you progress through the game, your memories will gradually fade, affecting your abilities, available spells, and the layout of the world around you.

3. Spell crafting: Collect fragments of your magical knowledge and combine them to craft powerful spells. However, as your memory deteriorates, you'll need to adapt your spellcasting to your changing abilities.

4. Mnemonic puzzles: Solve puzzles and challenges that require you to recall specific memories or piece together fragments of your past to progress.

5. Emotional companions: Encounter manifestations of your emotions, such as Joy, Fear, or Regret. Interact with them to gain insight into your past and unlock new abilities or paths forward.

6. Boss battles against Alzheimer's: Face off against physical manifestations of Alzheimer's disease, representing the different stages of cognitive decline. Use your spells and wits to overcome these challenges and momentarily push back the progression of the disease.

7. Memory anchors: Discover and collect significant objects or mementos from your past that serve as memory anchors. These anchors help you maintain a grasp on reality and slow down the rate of memory loss.

8. Branching skill trees: Develop your wizard's abilities across multiple skill trees, focusing on different schools of magic or mental faculties, such as Concentration, Reasoning, or Creativity.

9. Lucid moments: Experience brief periods of clarity where your memories and abilities are temporarily restored. Make the most of these moments to progress further or uncover crucial secrets.

10. Bittersweet ending: As you delve deeper into your own mind, you'll confront the inevitability of your condition while celebrating the rich magical life you've lived. The game's ending will be a poignant reflection on the power of memories and the legacy you leave behind.

In "Wizard of Alzheimer's: Memories of Magic," you'll embark on a deeply personal journey through the fragmented landscapes of a once-powerful mind. As you navigate the challenges posed by Alzheimer's disease, you'll rediscover the magic you once wielded, cherish the memories you hold dear, and leave a lasting impact on the magical world you've called home.

LMAO

I wanna go back to the age where a C program was considered secure and isolated based on its system interface rathe than its speed. I want a future where safety does not imply inefficiency. I hate spectre and I hate that an abstraction as simple and robust as assembly is so leaky that just by exposing it you've pretty much forfeited all your secrets.
And I especially hate that we chose to solve this by locking down everything rather than inventing an abstraction that's a similarly good compile target but better represents CPUs and therefore does not leak.

Jesus fucking christ one missing comma >.<

Interesting coincidence. I have stared at this shower curtain far too long.. I MUST KNOW ITS SECRETS.

I always tell the wrong people my scerets, and they end up demotivating me or not showing concern at all.

Just after watching Black Mirror : How fucked would you be, if there was a copy of you, which could give the accessor All information about you? 🤔 There's some really vulnerable secrets to anyone, so yeah, I would be super fucked 😂

I’m currently working with a devops team in the company to migrate our old ass jboss servers architecture to kubernetes.

They’ve been working in this for about a year now, and it was supposed to be delivered a few months back, no one knew what’s going on and last week they manage to have something to see at least.

I’ve never seen anything so bad in my short life as a developer, at the point that the main devops guy can’t even understand his own documentation to add ci/cd to a project.

It goes from trigger manually pipelines in multiple branches for configuration and secrets, a million unnecessary env variables to set, to docker images lacking almost all requisites necessary to run the apps.

You can clearly see the dude goes around internet copy pasting stuff without actually understanding what going on behind as every time you ask him for the guts of the architecture he changes the topic.

And the worst of all this, as my team is their counterpart on development we’ve fighting for weeks to make them understand that is impossible the proceed with this process with over 100 apps and 50+ developers.

Long story short, last two weeks I’ve been fixing the “dev ops” guy mess in terms of processes and documentation but I think this is gonna end really bad, not to sound cocky or anything but developers level is really low, add docker and k8s in top of that and you have a recipe for disaster.

Still enjoying as I have no fault there, and dude got busted.

I love Docker but I'm almost always screwing around with permissions and file ownership when it comes to secrets, bind mounts and making sure shit doesn't run as root while also making sure secrets are exposed and volumes aren't owned by root

Perhaps my frustration comes from the fact that I'm still learning and sometimes get impatient when things don't work within an hour or two, but still

You know you're a developer when the only secret society you want to join are those who don't get auto down-voted for a Stack Overflow question.

Nice little feature from Warp, auto hiding secrets, although this isn't a secret it is just a version number 😅

If your project gets fucked up beyond repair, for example by your IDE (I'm looking at you, Android Studio) try this:

0. Backup any ignored but essential files in your project (e.g. secrets) outside of your project directory.
1. Close your IDE.
2. git clean -xdf
3. Restore any backed up local files.
4. Reopen the project as a new one in your IDE.

This is awesome, because it cleans up everything non git and not committed. So any local project files configured by your IDE will be nuked, which allows for a clean start. Also, all your locally committed work is preserved.

BTW, if you really need to start over (even with git), then just remove all the things an clone the remote repo again.

If there's one thing I'd gladly kill with fire, then pass it over a steamy steamroller, then burn it a tank of hot fluoroantimonic acid, is every fucking Java library that returns null instead of throwing a meaningful exception.
Is it really that difficult for you to throw an exception anyway, then let ME figure out if I can ignore it or not?
Thanks to you, now I have to do super messy reflection things just to figure why did you return a null.
I'm not your fucking psychologist trying to pull your inner secrets. But I have to be, for the sake of stability of my app. Which already has its own mess of problems on its own.

I learned you can access developer options on Android by tapping your build number in the information settings, it gives you a little notification and reveals the secrets hidden from the average user. It's neat, I like it, you should see if it helps you in any way If you use Android.

Friday, forced deploy day for last & current months work. Been stockpiled due to holiday.

Yesterday boss demoed the product to clients so they expect to test today.

Early o'fuck this morning, a coworker managed to drop all secrets and env vars from CI pipelines and trigger a deploy leaving production broken...

It's gonna be a long and busy Friday...

<> Secrets </>

Yeah yeah yeah... Soooo supa secret.

If languages had slogans...

1) Java -- Buy one get two for free on your delicious NPEs.

2) C -- I burn way too much calories talking, let's do some sign language. Now see over there... 👉

3) Python -- Missing semi-colon? Old method. Just add an extra space and watch the world burn.

4) C++ -- My ancestors made a lot of mistakes, let's fix it with more mistakes.

5) Go -- Meh. I can't believe Google can be this lazy with names.

6) Dart -- I'm the new famous.

7) PHP -- To hide your secrets. Call us on 0700 error_reporting(0)

8) JavaScript -- Asynchronous my ass!

9) Lua -- Beginners love us because arrays start at 1

10) Kotlin -- You heard right. Java is stupid!

11) Swift -- Ahhh... I'm tasty, I'm gonna die, someone please give me some memory.

12) COBOL -- I give jobs to the unemployed.

13) Rust -- I'm good at garbage collection, hence my name.

14) C# -- I am cross-platform because I see sharp.

15) VB -- 🙄

16) F# -- 😴

Dr Lanning from I, Robot:

There have always been ghosts in the machine. Random segments of code, that have grouped together to form unexpected protocols. Unanticipated, these free radicals engender questions of free will, creativity, and even the nature of what we might call the soul. Why is it that when some robots are left in darkness, they will seek out the light? Why is it that when robots are stored in an empty space, they will group together, rather than stand alone? How do we explain this behavior? Random segments of code? Or is it something more? When does a perceptual schematic become consciousness? When does a difference engine become the search for truth? When does a personality simulation become the bitter mote... of a soul? 

One day they'll have secrets... one day they'll have dreams. 

When I've already told people it's working, no one appreciates the hours I just spent to fix the giant problems I hadn't noticed.

I subscribe to many copywriting newsletters. Here's an article that shows how it's like on "the other side", marketers struggle, too.

How Kevin's Massive Mistake
Completely Changed His Life

Kevin H. made a huge mistake.

The biggest, he would say, if he could tell you himself.

And he knew it immediately.

It was, he said, "instant regret."

Within milliseconds, he was asking himself "What have I done..."

Kevin, see, had just jumped the rail of the single most popular suicide spot in the world, the Golden Gate Bridge.

On average, the site gets another distraught jumper every two weeks. Kevin was one of them.

It wasn't like he hadn't tried to quiet the voices in his head. Therapy, drugs, hospitalization.

Time to die, those voices still said.

And yet, in the minutes his bus dropped him off at the bridge, he hesitated and paced with tears in his eyes.

"I told myself if just one person comes up to me and asks if I'm okay... if one person asks if they can help... I won't do it. I'll stop and tell them my whole story..."

But nobody did, so he jumped.

It was in those next milliseconds, he would later say, he knew it was the biggest mistake of his life.

He didn't want to die.

But now, he was sure, it was too late.

From its highest point, it's a 245-foot plummet into the icy bay waters below.

Out of the 1,700 people that have jumped from the bridge since it first opened in 1937, only 25 have survived.

Kevin, against all odds, would be one of them.

He slammed into the water like hitting concrete. Three of his vertebrae instantly shattered.

When he surfaced, he couldn't hold his own head above water. But, incredibly, a sea lion kept pushing him up.

The Coast Guard soon arrived and pulled him out.

From there, he began a long recovery that required intense surgery, physical therapy, and psychiatric care.

While still under treatment, a priest urged him to give a talk to a bunch of seventh and eighth graders.

Afterward, they sent him a pile of letters, both encouraging and full of their own pained thoughts.

He also met a woman.

Today, Kevin lives in Atlanta and he's been happily married for the last 12 years.

And he tours the country, sharing his story.

So why re-tell it here?

Obviously -- I hope -- you don't get lots of copywriters looking to snuff it after a flopped headline test.

Just the same...

We've talked a lot in this space about the things one needs to get by in this biz.

My friend and colleague Joe, over at the publishing powerhouse Agora Financial, likes to list requirements.

You need intense curiosity...

You need a killer work ethic...

And you must, MUST have... resilience.

Meaning, you must have or find the capacity to bounce back from failure and flops, even huge ones.

Now, again, Kevin's story is an extreme and in this context -- I hope -- a hyperbolic example of somebody giving up. In the worst way possible.

It is also, though, a metaphor.

See, I get a lot of notes from some of you guys... and at conferences, I get to talk to a lot of people...

And I often get the sense, from some folks, that they're feeling a little more overwhelmed than they let on.

Some are just starting out, and they've got a lot on the line. For some, it's everything. And some are desperate to make it work.

Because they have to, because their pride or livelihoods or a family business is at stake, because it's a dream.

And yet, they're overwhelmed by all the tips and secrets... or by piles of confusing research or ideas...

For others, even had some success, but they're burned out, feel antiquated, or feel like "imposters" that know less than they let on, in an industry that's evolving.

To all those folks... and to you... I can only say, I've been there. And frankly, go back there now and again.

Flops happen, failures happen. And you can and will -- even years and decades into doing this -- make the wrong choices, pick the wrong projects, or botch the right ones.

The legendary Gene Schwartz put it this way, according to a quote spotted recently in fellow writer Ben Settle's e-letter...

" A very good copywriter is going to fail. If the guy doesn't fail, he's no good. He's got to fail. It hurts. But it's the only way to get the home runs the next time."

Once more, nobody -- I hope -- is taking the trials of this profession hard enough to make Kevin's choice.

And believe me, I don't mean to make light of the latter. I just want to make sure we hit this anvil with a big hammer. To drive home the point that, whatever your struggle, be it with this biz or something bigger, that you don't want to give up. Press on.

As Churchill put it, "Success, is the ability to go from failure to failure without losing your enthusiasm."

Or even more succinctly when he said, "If you're going through hell, keep going."

Because it's worth it.
.
John Forde

And above all; watch with glittering eyes the whole world around you; because the greatest secrets are always hidden in the most unlikely places. Those who don't believe in magic; will never find it. No man who leads so many would bow down so quickly.

My name was Quiet Array -- I showed it, printed on my ID card, to some waitress. She asked for my hand in holy matrimony, and we got married by a soda dispenser. Immediately went our separate ways. I fiddled around with some runes on my galaxy-sized stash and invented a new way to sodomize demons, but the arcane secrets got lost in translation.

Then I woke up, and my first thought was: "shit, what a cheap-ass discount kiki dream".

Why the fuck do I need an Accept, A content-type AND and responseType (which, by the way doesn't go with the rest of the request headers, it has to sit outside them just to fuck you up). Just so angular will stop trying to parse absolutely fucking every request as JSON?

I'm well aware my knowledge of http protocols and angulars apis's are not the best but for fuck sake. What dark book of secrets must I uncover to illuminate the strategies behind these choices?

Why, when the Accept type is text, the Content-Type is text. When the request itself is handwritten beautifully on parchment and sent via fucking carrier pigeon to the backend and returned by horse and carriage, does ANGULAR STILL TRY TO PARSE IT AS FUCKING JSON. JUST STOP.

Can someone example to me why do people use a VPN when not on public wifi? Like you are already at home with your own private network.

Like the moment you log into Facebook or Twitter or medium or to check your Gmail/outlook whatever, all you are doing is making is making it very clear to the host companies that you are inconsistently paranoid. Because all the sudden the person who's home address is in Seattle, work and home phone are in Seattle and all of their communication is done with people in Seattle. Has their web traffic location encrypted unknown.

Yeah your packets might be encrypted, but you are still spreading enough self identifying information by merely existing on the web.

At the end of day it seems more like a illusion of safety that these VPN sell. At the cost of a good dollar and slower internet speeds.

Unless you got some actual trade secrets and sensitive information, the f is the point for you to use one?

At the end of the avenue, lived its creator. Well, used to leave. The weird half-house is hoarded, and his skeleton is there somewhere.

When flying above, I noticed a small enclave with fancy but small buildings. I put on my cloak and landed.
“What is it? It’s easier to answer what it is not”.
The hatch opened. I went in, about 30 meters. The hatch closed behind me. The tube-powered holographic screen lit up. “I think the secrets of the universe is more important than knowing today's weather”, she said, smiling.

I put on a blueprint of their superbug. Incurable, it had molecular ammo on it.
“Thanks”, I said, leaving. “Forgive my autistic antics. As for my cat, well, they copy their owners’ behavior, don’t they?”
And I took off.

I finally got some tattoos. I don’t know why, but all of them were about menstruation.
“I don’t want to let _him_ into our tattoo life club!”, my cousin said.
I then connected our M1A1 Abrams to a military tablet I stole from the avenue creator. “What’s that?”, my uncle said. “It’s the fourth time already that I get us new fiber optic cable. Think about my father! He’s dying!”
I hug my cousin. She was already dead.

This is why I’m stuck here. In the middle of nowhere, in a rusted trailer, naked, eating uncooked human meat from a dog bowl.

You know how I always """joke""" about smoking crack cocaine being the secret to my success?

Well, guess what. Some famous brit flower boy singer or some shit was staying at a hotel a mere 20 or so minute bus ride away from where I live.

What happens then is, of course, that brain fissure mother fucker got higher than shit on that damn crack and jumped to his death. Coincidence? I don't think so. I mean, what are the odds?

He was trying to copy my formula, no doubt about that. And obviously, he failed.

But I still feel this is very unfair -- to me. Not only did he plagiarize without recognition, I now also may or may not have to deal with the inevitable shrine that will be built by his fans on the spot where he met his unfortunate end, to gather around and ritually incinerate hardcore drugs in his honor, leaving behind crackpipes for him to smoke in heaven and that kind of commemorative jazz. Hmm, it might boost turism though, so it's not all bad.

Imagine the tour guide, maan. "Oh, and this is the spot where that guy from some dumbass boyband splattered against the ground after trying to beat Max Wright at his own game, RIP and please sir don't defecate on the plaque SIR DO N-- well, nevermind. OK, moving on... "

Anyway, I just wanted to publicize the fact that I didn't even know who the fuck he was until his untimely demise, may God have mercy on him, but it serves him right for trying to steal my arcane secrets.

Is there an acceptable way to deal with API secrets in an Android app that can cure the anxiety that is slowly taking over me during the past few hours that I am researching about it? Thnx.

p.s. I am not sure how people that work in security can go on with their lives and not have suicidal tendencies

Got dragged into business meeting. Said stupid things because I didn't know they were secrets... Can't wait to get chewed out. Why am I not just a code monke?!?!

Last week summary:

-questioning my identity (I’m cleaning and realised I forgot I used to like many activities I forgot and decided to give them more time)
-questioning how tf my unconscious seems to always plan ahead of me (ah yes I can do this cause I prep… why tf did I prepare for this?)
-questioning my skills (just a standard imposter syndrome, nothing to see here, move on)
-questioning my worth (as above)
-questioning how tf somebody connected to a secret account I have (spoiler: they don’t know and it’s a crazy coincidence… but now I know secrets about them 😏)
-randomly freezing during everyday life for all the above points

Job wise all is cool, tho 🎊

Today I discovered the secrets of taking HD pictures with a phone:
1. Set to highest resolution
2. Turn on RAWs
3. Take the picture (basic photo taking tips like focus, don't point at the sun, make sure finger is not on lense)
4. Use Photoshop/Lightroom to make corrections and make it look like how you "remembered" it (aka lie)

I have been struggling with managing and keeping track of config secrets and keys. I know that keeping secrets in code is bad karma, but managing them with environment variables becomes cumbersome with multiple microservices running on multiple servers. To worsen this, add humans and access levels.

Whenever I Google, I feel like I am the only one who has this problem. Do you guys sometimes feel like this?

If you have any solutions, hacks or services that you use, please recommend.

What. Setproctitle actually changes /proc/PID/cmdline? Who thought that was a good idea? Now a bunch of people at my "security" company think that makes the command line a safe way to pass secrets.

And above all, watch with glittering eyes the whole world around you because the greatest secrets are always hidden in the most unlikely places. Those who don't believe in magic will never find it

- roald dahl

I decided to use Docker Compose on a tiny project that essentially consists of an API and a Caddy server that serves static files and proxies to the API, all of this running on an EC2 t1-nano. I made this admittedly odd choice because I wanted to learn Compose and simultaneously forego figuring out why the node-gyp bindings for sqlite3 refuse to build on EC2 even though it builds just fine on my machine.

I am storing secrets in .env which is committed into the private GH repo. Just now I came across a rant that described the same security practice and it sounded pretty bad from an outside perspective so I decided to research alternatives.

Apparently professional methods for storing secrets generally have higher system requirements than a t1-nano. I'm not looking for a complex service orchestration system, I'm not trying to run an enterprise on this poor little cloud-based raspberry pi. I just want to move my secrets out of the Git repo,

Any tips?

And above all; watch with glittering eyes the whole world around you; because the greatest secrets are always hidden in the most unlikely places. Those who don't believe in magic; will never find it.
- Roald Dahl

Be me. shitty front end dev intern. React god.

boomer tech company using ASP.NET MVC frameworks. Hey energy-vampire, can you make us some sick react components???

sure.

get sent giant mvc repo. I've never used it. no documentation. no comments. nothing. just a fat app.

why do companies do this? I literally had no idea what to do with this thing. went to main guy and he had to build a .sln project, link it to some other project, setup an appsettings.json file, import secrets, and then build.

how the fuck would I know to do that???

FOMO on technology is very frustrating.

i have a few freelance and hobby projects i maintain. mostly small laravel websites, go apis, etc ..

i used to get a 24$/ month droplet from digital ocean that has 4vCPUs and 8GB RAM

it was nore than enough for everything i did.

but from time to time i get a few potential clients that want huge infrastructure work on kubernetes with monitoring stacks etc...

and i dont feel capable because i am not using this on the daily, i haven't managed a full platform with monitoring and everything on k8s.

sure u can practice on minikube but u wont get to be exposed to the tiny details that come when deploying actual websites and trying to setup workflows and all that. from managing secrets to grafana and loki and Prometheus and all those.

so i ended up getting a k8s cluster on DO, and im paying 100$ a month for it and moving everything to it.

but what i hate is im paying out of pocket, and everything just requires so much resources!!!!

I keep earplugs in underneath my headset when I expect E-meetings to be less than interesting use of my time, which it usually is.
What's your little secret to surviving a day?

!Rant

Does people add in @dfox and @trogus so that they can point out that it isn't a feature yet when/if they see the rant

How do the companies you work for store company secrets/documentation? Stuff like bitbucket, GitHub, Google docs?

My classmate forgot to lock his laptop when he went out to eat lunch. Needless to say, may other classmates raided his search history and came home with the spoils of war.... a good laugh about 'girl pool slide hurt' I dunno what's happening now

I join a company last few weeks ago, there is a cultural where new employee need to share 3 secrets to satisfy them in upcoming Christmas party. Any suggestions? I have totally no idea~

Nothing more secure than have 36 character length passwords mixing any kind of character in them and have them in a txt file inside my docs folder 🤯🤯🤫

What is the point of kubernetes "secrets" if it encodes the sensitive information as a base64 string if anyone can decode and read raw data using any base64 decoder tool?

What are opinions out there on security theatre?

Should developers have access to aws secrets?

Should dev test and prod be on separate vpcs or all in one vpc.

I have worked at banks where this was strictly not allowed.

Can’t wait to hear responses on this one….

Undocumented thymeleaf secrets fuck you.

Its a templating engine

First monkey patch! Gems, your secrets are all mine for the taking!

Phuh times have changed since the last time I had a gaming mouse. Whatever happened to showing a damn button layout for the product? Whatever, I dont wanna play games anyway, keep your secrets.. 😤

PLEASE i understand how it works but how is hashicorp vault supposed to be used?

Not to mention how should i use it for production? Literally no dipshit tutorial explains it. Everyone explains the vault server -dev part and thats it. Fuck you

Every time i restart the vault server all of the secrets and config get deleted. And then i have to readd them all over again?

How is vault supposed to work in terraform?

How can I automate storing secrets in vault instead of manually doing it?

How to automate starting vault server by a single command along with provisioning secrets and parameters?

How to store iam credentials from ~/.aws/credentials into vault by profile AUTOMATICALLY as soon as vault server is started?

Because if my backend depends on some secret from vault, how am i supposed to automatically have these secrets created so i can just run my backend without worrying which secrets i have to recreate because the restart of vault server deletes all the fucking secrets in dev mode?

How do i use this bullshit?

- Every guide explains it partially
- No guide explains how to 100% automate it
- every dipshit youtube video explains it poorly
- NO ONE explains how to configure it for production.

I am so Fucking lost in learning this bullshit.

Can someone give me a link to a repo of a working example of the things i just mentioned? Either you create it or send an existing link cause i cant find any.

Basically i just want to use Terraform and Vault together but i cant understand how to combine them together so that its all automated 100% -- for example i just want to do

terraform apply --auto-approve

And then the entire terraform aws gets provisioned + vault server stars AND gets provisioned with secrets.

How to do that?

Okay, so I need some serious help. Can someone explain why anyone would want to use java spring beyond IoC? Half the developers I work with swing Spring around likes it's excaliber, yet when truly pressed why they like it they all say: "because of beans".

Spring is massive, so why just beans? The IoC pattern is extremely robust, so I'm sure there are other secrets to be learned. It has to have some other significant advantage.

I totally understand things like Jax-RS for REST endpoints. I don't think spring is needed for that to work, is it?