Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "secure coding"
--- SUMMARY OF THE APPLE KEYNOTE ON THE 30TH OF OCTOBER 2018 ---
> Retina Display
> Touch ID
> 17% less volume
> 8GB RAM
> 128GB SSD
> T2 Chip (Core i5 with 1.6 GHz / 3.6 GHz in turbo mode)
Price starting at $1199
> T2 Chip
> up to 64GB RAM
> up to 2TB all-flash SSD
> better cooling than previous Mac Mini
> more ports than previous Mac Mini - even HDMI, so you can connect it to any monitor of your choice!
> stackable - yes, you can build a whole data center with them!
Price is 799$
Both MacBook Air and Mac Mini are made of 100% recyled aluminium!
Good job, Apple!
> home-button moved to trash
> very sexy edges (kinda like iPhone 4, but better)
> all-screen design - no more ugly borders on the top and bottom of the screen
> 15% thinner and 25% less volume than previous iPads
> liquid retina display (same as the new iPhone XR)
> Face ID - The most secure way to login to your iPad!
> A12X Bionic Chip - Insane performance!
> up to 1TB storage - Whoa!
> USB-C - Allow you to connect your iPad to anything! You can even charge your iPhone with your iPad! How cool is that?!
> new Apple Pencil that attaches to the iPad Pro and charges wirelessly
> new, redesigned physical keyboard
Price starting at 799$
Also, Apple introduced "Today at Apple" - Hundreds of sessions and workshops hosted at apple stores everywhere in the world, where you can learn about photography, coding, art and more! (Using Apple devices of course)18
Me : I should start building user authentication system.
inner self : there are enough free and secure ones out there, just go read the documentation.
Me : fuck I'm not reading 10000 pages of documentation written in alien language.
inner self : well then you better start building
Me : **writes code
Inner self : you better add the data validation and security while coding
Me : I just want it to work !
Me after a few days trying not to suicide : the site is hacked, the code is bugged, hello darkness my friend5
My first job was actually nontechnical - I was 18 years old and sold premium office furniture for a small store in Munich.
I did code in my free time though (PHP/JS mostly, had a litte browsergame back then - those were the days), so when my boss approached me and asked me whether I liked to take over a coding project, I agreed to the idea.
Little did I know at the time: I was supposed to work with a web agency the boss had contracted to build their online shop. Only that he had no plan or anything, he basically told them "build me an online shop like abc(a major competitor of ours at the time)"
He employed another sales lady who was supposed to manage the shop (that didn't exist yet). In the end, I think 80% of her job was to keep me from killing my boss.
As you can imagine, with this huuuuge amout of planning and these exact visions of what was supposed to be, things went south fast and far. So far that I could visit my fellow flightless birds down in the Penguin's republic of Antarctica and still need to go further.
Well... When my boss started suing the web agency, I was... ahem, asked to take over. Dumb as I was, I did - I was a PHP kid and thought that Magento, being written in PHP, would be easy to master. If you know Magento, you know that was maybe the wrongest thing I ever said.
Fast forward 3 very exhausting months, the thing was online. Not all of it worked yet, but it was online and fairly secure.
I did next to everything myself, administrating the CentOS box the shop was running on, its (own) e-mail server, the web server, all the coding required for the shop (can you spell 12 hour day for 8 hour pay?)
3 further months later, my life basically was a wreck, I dragged myself to work, the only thing I looked forward being the motorcycle ride home. The system worked though.
Mind you, I was still, at the time, working with three major customers, doing deskside support and some admin (Win Server 2008R2 at the time) - because, to quote my boss, "We could not afford a full time developer and we don't need one".
I think i stopped coding in my free time, the one hobby I used to love more than anything on the world, somewhere Decemerish 2012. I dropped out of the open source projects I was in, quit working on my browser game and let everything slide.
I didn't even care to renew the domains and servers for it, I just let it die without notice.
The little free time I had, I spent playing video games and getting drunk/high.
December 2013, 1.5 years on the job, I reached my breaking point and just left, called in sick at least a week per month because I just could not see this fucking place anymore.
I looked for another job outside of ALL of what I did before. No more Magento, no more sales, no more PHP. I didn't have to look for long, despite what I thought of my skills.
In February 2014, I told my boss that I quit. It was still seven months until my new job started, but I wanted him to know early so we could migrate and find a replacement.
The search for said replacement started in June 2014. I had considerably less work in the months before, looks like he got the hint.
In August 2014, my replacement arrived and I got him started.
I found a job, which I am still in, and still happy about after almost half a decade, at a local, medium sized ISP as a software dev and IT security guy. Got a proper training with a certificate and everything now.
My replacement lasted two months, he was external and never really did his job - the site, which until I had quit, had a total of 3 days downtime for 3 YEARS (they were the hoster's fault, not mine), was down for an entire month and he could not even tell why.
HIS followup was kicked after taking two weeks to familiarize himself with the project. Well, I think that two weeks is not even barely enough to familiarize yourself with nearly three years of work, but my boss gave him two days.
In 2016, the shop was replaced with another one. Different shop system, different OS, different CI. I don't know why and I can't say I give a damn.
Almost all the people that worked at the company back with me have left for greener pastures, taking their customers (and revenue) with them.
As for my boss' comments, instructions and lines: THAT might not be safe for work. Or kids. Or humans in general. And there wouldn't be much left if you put it through a language filter...
Moral of the story: No, it's not a bad thing to leave a place if you're mistreated there. Don't mistake loyalty with stupidity!
And, to quote one of my favourite Bands: "Nothing matters when the pain is all but gone" (Tragedy + Time by Rise Against).8
C: “Look, I agree that these are likely leading practices, but we really don’t need all that.”
M: “These aren’t even leading practices, these are the bare minimum practices to help ensure secure login sessions and that account passwords aren’t trivially compromised.”
C: “How do I put this...? You’re trying to secure us against the hacker. That’s a noble goal. But my only concern is the auditor.”
"Coding" has become the skill to learn. So much so that you can hardly watch TV or surf the Internet without seeing at least one ad for a boot camp or training course or series of online videos that promise to make you a coder in 24 hours/7 days/30 days.
I can't imagine that the majority of people who complete these courses become skilled coders. No doubt, some do, but it is probably along the same percentages of cooking school graduates who become top chefs.
Just like cooking, coding requires knowledge of techniques, a specialized vocabulary, a willingness to experiment, constant learning and a desire to be better. Any coder or chef who lacks these will never be great and may not even be good.
Can these courses teach people the basics of coding? Sure
Can these courses teach people the specifics of a given language or platform? Absolutely
Will these courses turn out seasoned developers who will be able to be part of a team and contribute at a high level immediately? Probably not
Will these courses turn out independent developers who will be able to write their own secure, functional applications? Maybe
I haven't lost faith in my future in development.
I am losing my faith in the future of development as a vocation. How long before most "developers" are cookie-cutter, line cooks?
I had a friend who once railed agains the idea of "Visual" languages because he thought something was lost when a developer no longer had to write the code to generate and handle the UI. I disagreed and said the real act of coding was underneath, in the actions that happened when the button was pushed. Now I think he was on to something. I just wasn't looking far enough down the road.6
Oh boy, this is gonna be good:
TL;DR: Digital bailiffs are vulnerable as fuck
So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:
The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.
So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!
I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.
Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!
Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...
The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.
But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.
So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)
So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"
So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones6
Hmm...recently I've seen an increase in the idea of raising security awareness at a user level...but really now , it gets me thinking , why not raise security awareness at a coding level ? Just having one guy do encryption and encoding most certainly isn't enough for an app to be considered secure . In this day an age where most apps are web based and even open source some of them , I think that first of all it should be our duty to protect the customer/consumer rather than make him protect himself . Most of everyone knows how to get user input from the UI but how many out here actually think that the normal dummy user might actually type unintentional malicious code which would break the app or give him access to something he shouldn't be allowed into ? I've seen very few developers/software architects/engineers actually take the blame for insecure code . I've seen people build apps starting on an unacceptable idea security wise and then in the end thinking of patching in filters , encryptions , encodings , tokens and days before release realise that their app is half broken because they didn't start the whole project in a more secure way for the user .
Just my two cents...we as devs should be more aware of coding in a way that makes apps more secure from and for the user rather than saying that we had some epic mythical hackers pull all the user tables that also contained unhashed unencrypted passwords by using magix . It certainly isn't magic , it's just our bad coding that lets outside code interact with our own code .
!Rant #motivation #hugeProject
Yesterday i started a new app and i designed some of it but classes i coded will speed up the whole coding of other parts .
Anyways today i needed to work on the server side of the project and when i was working on setting up the databases structures i realized how big is this project (it uses like 3 APIs) so i was unmotivated because its a side project and it takes alot of time and overall it dont worth it and even app may fail or may be successful.
So i said i dont care about how it will turn out
Im gonna do it , and im gonna do it right now
So i did now its 6 am and the server part is almost finished ! 75% done .
It was a secure login system and signup with verifications and more security stuff and the codes that provide the server status and most of the user parts . And some of the features of the app .
The most hard thing remaining is to setup the in app purchases and the APIs .
So if you see a project that is huge .
Dont give up . Just do it as long as you can
And you will see how much you progress !
And the huge project will be a big project ;)
Then a normal project , then a tiny project :P
Dev industry develop so fast. This is because information available anywhere in the internet and people try to learn any programming language they want . But only few know whether they following secure coding practice or not
But the thing is most of Dev people dosent care about security. They focus just to develop a application but not to secure it?2
Im having a sort of dilema. I recently started taking freelance work for web developement (and design ack) and Im uncomfortable with the state of the industry. Ill explain: Say if I bid a client for a simple 1-3 page site w contact form (a new page, not migration) My suggestion is to use djangocms, django, or just static html/css/js (ie bootstrap), which produces clean, fairly secure, and fast sites. Of course I can throw a templated unoriginal wordpress site together in a few hours 2 days latest, so I offer that option as a sidenote on the bid, charging almost 2x more. For some reason I dont understand they choose the wp shitshow. I explain all the reasons that not the way to go( which I wont list, if u dont know, u never used it. google up) but they dont care abt the details, they rather pay more for shit job. OFC I reluctantly deliver what they want, but as a result my portfolio is full of unoriginal shit Im not happy showing off. I have a few sites Ive done on the side my prefered way, but they not deployed and sit in my github for all intents n purposes unviewable to potential clients.
I want to be proud of my portfolio, and it to be a representation of what Im capable of. BUT, I gotta eat, and work is better than no work.
There are so many "wordpress designers" oversaturaring the field and it lowering the overall standard of what we are capable of. I just begining my dev journey, but if I cant have a body of work Im proud of, theres no way I can see doing this the rest of my life, and that makes me really sad. My love of developing, coding, and IT/computers in general drove me to change careers from audio engineering to web development, and the fact that this fucking mr. potatoe head of a CMS is slowly turning that love into hate really pisses me off. So Im ending this !rant looking for hope.
Okay this is my first time posting on this site. I've browsed it (definitely not in class) and the community looks beautiful, so I'm going to just kind of slide in here. Anyways this is the part where I use my caps lock button and type lots of naughty words I guess...
<rant type = 'school'>
Our programming classes are fucking DISMAL uuugh... Okay so we have four technology classes: Tech Exploration, Coding 1, Coding 2, and Intro to CS (a 'high school' level class)... So this means a fuck ton of kids in programming classes, mostly because I WANNA MAKE MINCERAFT AND BE A KEWL BOI LIKE GAME DEV BUT I'M ALSO A FUCKING IDIOT AND WILL NOT LEARN ANYTHING YAAAAAAY but that's a mood and so there's a fucking tidal wave of dumb kids in these classes. So right we're dealing with like 80 kids per class period. Sorry if I'm repeating myself but there are a FUCKTON of students. Now, we have... wait for it... ONE FUCKING TEACHER. ONE. I fucking swear this district does not give a SINGLE SHIT about possibly THE SINGLE FUCKING MOST IMPORTANT SUBJECT WHYYYYYY... Okay so the teacher is kinda overworked as fuck lol. She can't really teach eighty kids at once so she mostly gives us exercises from websites but when she can she teaches us shit herself and actually knows a good bit about her field of study. She's usually pretty grumpy, understandably, but if you ask her a good question that makes her think you can see the passion there lol. So anyways that's a mood. Now at the other school it's even worse. They have this new asshole as a teacher that knows NOTHING about ANYTHING IT IS SO FUCKING REDICULOUS OH MY UUUUUGH... THEY STILL DON'T EVEN KNOW WHAT A FUCKING LOOP IS LIKE OKAY YOU'VE BEEN TEACHING PROGRAMMING FOR A YEAR AND YOU'RE THE ONLY ONE TEACHING IT AT THAT DISTRICT SO MAYBE YOU SHOULD AT LEAST FUCKING TRY WHAT IS WRONG WITH YOU... so he just makes them do shit from a website and obviously can't do half of the shit he assigns it's so fucking sad... I swear this district is supposed to be good but maybe not for the ONE THING I WANT IT TO BE GOOD FOR. Funny story: in elementary school once I wrote down school usernames for people I didn't really know and shared them a google doc that said "you have been hacked make a more secure password buddy" etc etc and made them the owner and these dull shits report it to the principal... So I'm in the principles office... Just a fucking dumb elementary school kid lol and the principal is like hAcKiNg Is BaD yOu ShOuLd NoT dO iT and I'm like how did you know it was me... so he goes on to say some bullshit about 'digital footprint' and 'tracing' me to it... he obviously has no clue what he's saying but anyways afterwards he points to where it says last change made by MY SCHOOL ACCOUNT... HOW DULL CAN YOU FUCKING POSSIBLY BE IT WAS FROM MY ACCOUNT THAT LITERALLY PROVED THAT I DID --NOT-- 'HACK' INTO THEIR ACCOUNT YOU DUMB FUCK. Okay so basically my school is a burning pile of garbage but it's better than most apparently but it's GARBAGE MY GOD... Please fucking tell me it gets better...
okay lol that was longer than I thought it would be guess I just needed to vent... later I guess
I see a lot of people complain about uni degrees and stuff because they don't learn how to code etc. Is this really the standard?
I mean I'm only in fourth semester bachelor and had coding knowledge before starting uni. But we had basic to intermediate java in the first two semester, now learning how to write secure code and OS-Level stuff in C++, we had a module with practical Assembly coding all while still learning all the theory.
At the end of the first semester we had to write a terminal game in Java. I mean of course that's not "real experience" but if you dive in you definitely learn the basics you need to get started in real life.
Or am I wrong completely / just in a weird uni?6
From the last 3 years, i have accumulated interest and experience in android dev. Not sure about the future, but that's probably where i will be.
But this fact is moot to our 50 year old grumpy professors teaching 1000 year old rusted computer syllabus, who rejected my idea of a video streaming app as major project, simply because i projected it as a social media app, and "everyone is making a social media app, its such an old topic". yeah right sir, its younger than your daughter that fucks in the lobby
Now we are doing a project on file conversions website, a project suggested by my team member and my good friend. its such a shitty topic, there is no resources available, even the research papers are bad , every search points to a shitty site, and i don't know shit about web dev.
Technically i am the team leader, but my team mate won't let me make the project as android native app, because "Brooo, i am going to make a react app that would be completely offline, completely client side, full secure and shitt small" and sometimes "Bro its my idea" .
Well, 1. the whole point of client side is stupid because the 18 mb jsfile isn't going to get downloaded first in the client's cache(or whatever the process is, idk). The top stack overflow answers i saw told me to buy an ec2 instance and run liberoffice commands on it for every request, and that's SERVER SIDE. even if we could, i am sure its going to be bigger than what i would have made in kotlin.
2. what am i supposed to do? look at you coding while make all the ppts and research paper? you are going to use undocumented libs that "just works" , and i am suppose to curate the theory behind this, looking at all the researches of the world?well i guess okay that's a light job since THERE AREN'T ANY.
And we are targetting all types of conversions, nice. from what i know, handbrake.fr: video conversion s/w = 16 mb. photoshop: image conversion s/w=1gb and ms word: doc to pdf/other formats= 500mb.
Plus all those proprietary and undocumented formats, ugh. Thank you ugly ass companies.
Internet is great but web dev has become a whole lot mess. "I am going to build a software that is going to run in your system only using your device's processor" is a desktop/mobile app, not a website
-i won't follow logging practices
-i won't follow secure coding
-i won't leverage profiling n monitoring tools
-i won't reuse best practices
-i won't listen to thought leaders
-i will outsource writing UT
-i will outsource code quality checks
-i will outsource all testing
-i will ignore n overide CTO team
But I still want high stability, security n 4 9s availability. Just want it done. My team is best. Am a fast-track leadership program leader who never has or ever needs to cod. I just know ...
People I have to deal with every sprint. Site reliability is not easy ...
Teaching good code makes great products to morons, toughest ...
"Beginners mind needed"2
So I am a fresher and have worked a lot in coding and good at full stack and reactjs.
This situation of due to covid got me into high pressure and
Rn I took a job in non department that too in sales.
I really need a job/ internship in technical so that my career gets secure.
Just 4 days back I was super confident and excited about upcoming life.. and today
Anyways.. I think this is gonna bring the best out of me and am gonna proove that am super talented and can do anything I want including getting a good job in this market :))
Wish me luck and ofcc
I would be greatful if I get wise advice on the same <3
so i've been working with a ux/graphic designer on a pretty large project that will likely have many services attached to it, it's been in "active" development for about a year now. something that concerns me however is how uncertain i feel about what i'm doing, constant questions like "am i doing this right", "is this secure", and many like them plague my mind while i'm coding and it's really discouraging. when i was just learning i didn't really take any heed from these questions, intact i never even really thought about them so why am i now? i feel kid if i'm able to just work and have fun i will be so much more productive and happy. my partner has been learning front end and has been doing great me i'm working on front and back end. i have been making most of the decision in regards to our stack but i feel like i'm making them arbitrarily and to attribute to this fact, i have switched things up several times, we went from react to an mvc framework and now i'm considering going back to react. i just can't seem to keep on track with my decisions, if any of you have experienced this before i would really like some advice on how i can be productive and again and not fall into this never-ending abyss of doubt.2
Nothing more secure than have 36 character length passwords mixing any kind of character in them and have them in a txt file inside my docs folder 🤯🤯🤫15