Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "secure my ass"
-
Dear EA games.
If you want to tell me my password needs to be “more” secure in your error message, at least tell the fucking truth about it.
- 100 random character password entered on mobile
- response: password needs to be more secure
- WTf!
- loads on pc
- notices password rules
- must be between 8 and 16 characters...
- I think that’s a Wii little Less secure you ass hats, and WHY can’t you show this fucking notice on mobile 😖12 -
I just blocked some of the top management from connecting to our WLAN because I was testing a verifing feature for said WiFi that kicks all devices not listed in the DB.
It happened while my boss/senior/guidance was trying to show them the advantages of a centrally managed infrastructure.
He covered my ass well and tried to sell it to them as proof of a secure solution, that unknown devices couldn't log in.
I feel like human trash right now, but that's what you get for testing in production.4 -
TL; DR: Bringing up quantum computing is going to be the next catchall for everything and I'm already fucking sick of it.
Actual convo i had:
"You should really secure your AWS instance."
"Isnt my SSH key alone a good enough barrier?"
"There are hundreds of thousands of incidents where people either get hacked or commit it to github."
"Well i wont"
"Just start using IP/CIDR based filtering, or i will take your instance down."
"But SSH keys are going to be useless in a couple years due to QUANTUM FUCKING COMPUTING, so why wouldnt IP spoofing get even better?"
"Listen motherfucker, i may actually kill you, because today i dont have time for this. The whole point of IP-based security is that you cant look on Shodan for machines with open SSH ports. You want to talk about quantum computing??!! Lets fucking roll motherfucker. I dont think it will be in the next thousand years that we will even come close to fault-tolerant quantum computing.
And even if it did, there have been vulnerabilities in SSH before. How often do you update your instance? I can see the uptime is 395 days, so probably not fucking often! I bet you "dont have anything important anyways" on there! No stored passwords, no stored keys, no nothing, right (she absolutely did)? If you actually think I'm going to back down on this when i sit in the same room as the dude with the root keys to our account, you can kindly take your keyboard and shove it up your ass.
Christ, I bet that the reason you like quantum computing so much is because then you'll be able to get your deepfakes of miley cyrus easier you perv."9 -
Chrome, Firefox, and yes even you Opera, Falkon, Midori and Luakit. We need to talk, and all readers should grab a seat and prepare for some reality checks when their favorite web browsers are in this list.
I've tried literally all of them, in search for a lightweight (read: not ridiculously bloated) web browser. None of them fit the bill.
Yes Midori, you get a couple of bonus points for being the most lightweight. Luakit however.. as much as I like vim in my terminal, I do not want it in a graphical application. Not to mention that just like all the others you just use webkit2gtk, and therefore are just as bloated as all the others. Lightweight my ass! But programmable with Lua, woo! Not like Selenium, Chrome headless, ... does that for any browser. And that's it for the unique features as far as I'm concerned. One is slow, single-threaded and lightweight-ish (Midori) and another has vim keybindings in an application that shouldn't (Luakit).
Pretty much all of them use webkit2gtk as their engine, and pretty much all of them launch a separate process for each tab. People say this is more secure, but I have serious doubts about that. You're still running all these processes as the same user, and they all have full access to the X server they run under (this is also a criticism against user separation on a single X session in general). The only thing it protects against is a website crashing the browser, where only that tab and its process would go down. Which.. you know.. should a webpage even be able to do that?
But what annoys me the most is the sheer amount of memory that all of these take. With all due respect all of you browsers, I am not quite prepared to give 8 fucking gigabytes - half the memory in this whole box! - just for a dozen or so tabs. I shouldn't have to move my web browser to another lesser used 16GB box, just to prevent this one from going into fucking swap from a dozen tabs. And before someone has a go at the add-ons, there's 4 installed and that's it. None of them are even close to this complete and utter memory clusterfuck. It's the process separation. Each process consumes half a GB of memory, and there's around a dozen of them in a usual browsing session. THAT is the real problem. And I want to get rid of it.
Browsers are at their pinnacle of fucked up in my opinion, literally to the point where I'm seriously considering elinks. Being a sysadmin, I already live my daily life in terminals anyway. As such I also do have resources. But because of that I also associate every process with its cost to run it, in terms of resources required. Web browsers are easily at the top of the list.
I want to put 8GB into perspective. You can store nearly 2 entire DVD movies in that memory. However media players used to play them (such as SMPlayer) obviously don't do that. They use 60-80MB on average to play the whole movie. They also require far less processing power than YouTube in a web browser does, even when you download that exact same video with youtube-dl (either streamed within the media player or externally). That is what an application should be.
Let's talk a bit about these "complicated" websites as well. I hate to break it to you framework web devs, but you're a dime a dozen. The competition is high between web devs for that exact reason. And websites are not complicated. The document itself is plain old HTML, yes even if your framework converts to it in the background. That's the skeleton of your document, where I would draw a parallel with documents in office suites that are more or less written in XML. CSS.. oh yes, markup. Embolden that shit, yes please! And JavaScript.. oh yes, that pile of shit that's been designed in half a day, and has a framework called fucking isEven (which does exactly what it says on the tin, modulo 2 be damned). Fancy some macros in your text editor? Yes, same shit, different pile.
Imagine your text editor being as bloated as a web browser. Imagine it being prone to crashing tabs like a web browser. Imagine it being so ridiculously slow to get anything done in your productivity suite. But it's just the usual with web browsers, isn't it? Maybe Gopher wasn't such a bad idea after all... Oh and give me another update where I have to restart the browser when I commit the heinous act of opening another tab, just because you had to update your fucking CA certs again. Yes please!23 -
One thing every junior web developer learns is how to implement a login system.
They may not make it the most secure, but it works.
It boggles my mind how Microsoft still don't know how to make a login that works consistently.
Every Microsoft login page requires like 30 redirections to work.
The Teams app on my PC fails to login at least once a week, just because another Microsoft app is logged in using the same account (usually office), but Windows is not.
Microsoft needs to take it's head out of it's ass and BEG Google to teach them how to make a decent login system.4 -
A few days ago Aruba Cloud terminated my VPS's without notice (shortly after my previous rant about email spam). The reason behind it is rather mundane - while slightly tipsy I wanted to send some traffic back to those Chinese smtp-shop assholes.
Around half an hour later I found that e1.nixmagic.com had lost its network link. I logged into the admin panel at Aruba and connected to the recovery console. In the kernel log there was a mention of the main network link being unresponsive. Apparently Aruba Cloud's automated systems had cut it off.
Shortly afterwards I got an email about the suspension, requested that I get back to them within 72 hours.. despite the email being from a noreply address. Big brain right there.
Now one server wasn't yet a reason to consider this a major outage. I did have 3 edge nodes, all of which had equal duties and importance in the network. However an hour later I found that Aruba had also shut down the other 2 instances, despite those doing nothing wrong. Another hour later I found my account limited, unable to login to the admin panel. Oh and did I mention that for anything in that admin panel, you have to login to the customer area first? And that the account ID used to login there is more secure than the password? Yeah their password security is that good. Normally my passwords would be 64 random characters.. not there.
So with all my servers now gone, I immediately considered it an emergency. Aruba's employees had already left the office, and wouldn't get back to me until the next day (on-call be damned I guess?). So I had to immediately pull an all-nighter and deploy new servers elsewhere and move my DNS records to those ASAP. For that I chose Hetzner.
Now at Hetzner I was actually very pleasantly surprised at just how clean the interface was, how it puts the project front and center in everything, and just tells you "this is what this is and what it does", nothing else. Despite being a sysadmin myself, I find the hosting part of it insignificant. The project - the application that is to be hosted - that's what's important. Administration of a datacenter on the other hand is background stuff. Aruba's interface is very cluttered, on Hetzner it's super clean. Night and day difference.
Oh and the specs are better for the same price, the password security is actually decent, and the servers are already up despite me not having paid for anything yet. That's incredible if you ask me.. they actually trust a new customer to pay the bills afterwards. How about you Aruba Cloud? Oh yeah.. too much to ask for right. Even the network isn't something you can trust a long-time customer of yours with.
So everything has been set up again now, and there are some things I would like to stress about hosting providers.
You don't own the hardware. While you do have root access, you don't have hardware access at all. Remember that therefore you can't store anything on it that you can't afford to lose, have stolen, or otherwise compromised. This is something I kept in mind when I made my servers. The edge nodes do nothing but reverse proxying the services from my LXC containers at home. Therefore the edge nodes could go down, while the worker nodes still kept running. All that was necessary was a new set of reverse proxies. On the other hand, if e.g. my Gitea server were to be hosted directly on those VPS's, losing that would've been devastating. All my configs, projects, mirrors and shit are hosted there.
Also remember that your hosting provider can terminate you at any time, for any reason. Server redundancy is not enough. If you can afford multiple redundant servers, get them at different hosting providers. I've looked at Aruba Cloud's Terms of Use and this is indeed something they were legally allowed to do. Any reason, any time, no notice. They covered all their bases. Make sure you do too, and hope that you'll never need it.
Oh, right - this is a rant - Aruba Cloud you are a bunch of assholes. Kindly take a 1Gbps DDoS attack up your ass in exchange for that termination without notice, will you?6 -
You see that, over there?
That massive, 10-ton bag of dicks sitting there in the corner?
Secure Code Warrior can eat that ENTIRE FUCKING THING!
SO many flaws in their tests... SO much HIGHLY questionable content... utterly RIDICULOUS bullshit code with no comments and no context... asking me fucking Angular questions when I'm doing an Express test... two answers that are IDENTICAL... and a busted-ass site on top of it all.
I hate this motherfucking bullshit SO much, and at this moment I hate my employer even more for forcing me to deal with it.
But, hey, I hope you enjoy no work getting done today since you seem to prefer I do this instead, so I guess I'll just scare my dog some more as I yell about this bullshit.
Fuck you Secure Code Warrior, fuck you very, VERY much.7 -
These ignorant comments about arch are starting to get on my nerves.
You ranted or asked help about something exclusive to windows and someone pointed out they don't have that problem in arch and now you're annoyed?
Well maybe it's for good.
Next comes a very rough analogy, but imagine if someone posts "hey guys, I did a kg of coke and feeling bad, how do I detox?"
It takes one honest asshole to be like "well what if you didn't do coke?".
Replace the coke with windows.
Windows is a (mostly) closed source operating system owned by a for profit company with a very shady legal and ethical history.
What on earth could possibly go wrong?
Oh you get bsod's?
The system takes hours to update whenever the hell it wants, forces reboot and you can't stop it?
oh you got hacked because it has thousands of vulnerabilities?
wannacry on outdated windows versions paralyzed the uk health system?
oh no one can truly scrutinize it because it's closed source?
yet you wonder why people are assholes when you mention it? This thing is fucking cancer, it's hundreds of steps backwards in terms of human progress.
and one of the causes for its widespread usage are the savage marketing tactics they practiced early on. just google that shit up.
but no, linux users are assholes out to get you.
and how do people react to these honest comments? "let's make a meme out of it. let's deligitimize linux, linux users and devs are a bunch of neckbeards, end of story, watch this video of rms eating skin off his foot on a live conference"
short minded idiots.
I'm not gonna deny the challenges or limitations linux represents for the end user.
It does take time to learn how to use it properly.
Nvidia sometimes works like shit.
Tweaking is almost universally required.
A huge amount of games, or Adobe/Office/X products are not compatible.
The docs can be very obscure sometimes (I for one hate a couple of manpages)
But you get a system that:
* Boots way faster
* Is way more stable
* Is way way way more secure.
* Is accountable, as in, no chance to being forced to get exploited by some evil marketing shit.
In other words, you're fucking free.
You can even create your own version of the system, with total control of it, even profit with it.
I'm not sure the average end user cares about this, but this is a developer forum, so I think in all honesty every developer owes open source OS' (linux, freebsd, etc) major respect for being free and not being corporate horseshit.
Doctors have a hippocratic oath? Well maybe devs should have some form of oath too, some sworn commitment that they will try to improve society.
I do have some sympathy for the people that are forced to use windows, even though they know ideally isn't the ideal moral choice.
As in, their job forces it, or they don't have time or energy to learn an alternative.
At the very least, if you don't know what you're talking about, just stfu and read.
But I don't have one bit of sympathy for the rest.
I didn't even talk about arch itself.
Holy fucking shit, these people that think arch is too complicated.
What in the actual fuck.
I know what the problem is, the arch install instructions aren't copy paste commands.
Or they medium tutorial they found is outdated.
So yeah, the majority of the dev community is either too dumb or has very strong ADD to CAREFULLY and PATIENTLY read through the instructions.
I'll be honest, I wouldn't expect a freshman to follow the arch install guide and not get confused several times.
But this is an intermediate level (not megaexpert like some retards out there imply).
Yet arch is just too much. That's like saying "omg building a small airplane is sooooo complicated". Yeah well it's a fucking aerial vehicle. It's going to be a bit tough. But it's nowhere near as difficult as building a 747.
So because some devs are too dumb and talk shit, they just set the bar too low.
Or "if you try to learn how to build a plane you'll grow an aviator neckbeard". I'll grow a fucking beard if I want too.
I'm so thankful for arch because it has a great compromise between control and ease of install and use.
When I have a fresh install I only get *just* what I fucking need, no extra bullshit, no extra programs I know nothing about or need running on boot time, and that's how I boot way faster that ubuntu (which is way faster than windows already).
Configuring nvidia optimus was a major pain in the ass? Sure was, but I got it work the way I wanted to after some time.
Upgrading is also easy as pie, so really scratching my brain here trying to understand the real difficult of using arch.22 -
I never understood how people have any problems with getting paid for freelancing work, when middleman/escrow platforms like upwork exist, just don't be retarded when applying for a job. I am so sick of those shit ass stories from people telling me "my client didnt pay meeee 😭😭😭" ITS YOUR FAULT. I never had any client not paying, if you don't have the option of escrow, then just fucking put remote execution via "update" system in for fucks sake or give remote control to the client while monitoring it, there is so much fucking ways to secure yourself, just don't be retarded and many clients instantly show their character when talking budget and turnaround time.15
-
I just got my third 128GB MicroSD card off Amazon, this time SanDisk. Yet again, trying to do anything not involving the OEM full-disk exFAT partition staying intact (which, fuck that, all that uses that is Windows and Linux, i'm looking for splitting this thicc bih up) shifts EVERYTHING, including MBR+PT/GPT down the disk by 16MB exactly inserting data from... the atmosphere? whatever's using it? ...do SD cards have that secure key/DRM store space thing still?
(EDIT: I do verify that they ARE genuinely the right size after purchasing before reformatting or repartitioning, by the way.)
First it was a Silicon Power card, then a Samsung card, now a SanDisk.
(Also, why all S?)
Luckily, this time it wasn't a pain in the ass to get it to read as anything but "Bad Card" or a 0-byte/empty/non-existent device in Windows/Linux (respectively) so I was able to see that it was indeed the same issue without taking 3 days to jump through device hoops to finally get it to do it again but in such a way that it shifts out and back in all zeroes.2 -
FUCK you "WP iThemes Security Pro".
First of all, your FUCKing services isn't really secure, more like security by obscurity.
Don't get me started on how you probably don't have a dedicated team of security experts.
But oh well, the customer insisted I must install you, despite my advise.
Second of all, Don't FUCKing send me emails regarding "Scheduled malware scan failed" without it containing the FUCKing error message, not some generic "http_request_failed" error, why did it FUCKing fail?
Last but not least: Don't FUCKing clutter is with with your giant ass logo that takes up half my screen or FUCKing spam such as your upcoming events, newly published books/articles, incorrect "documentation"2 -
From the last 3 years, i have accumulated interest and experience in android dev. Not sure about the future, but that's probably where i will be.
But this fact is moot to our 50 year old grumpy professors teaching 1000 year old rusted computer syllabus, who rejected my idea of a video streaming app as major project, simply because i projected it as a social media app, and "everyone is making a social media app, its such an old topic". yeah right sir, its younger than your daughter that fucks in the lobby
Now we are doing a project on file conversions website, a project suggested by my team member and my good friend. its such a shitty topic, there is no resources available, even the research papers are bad , every search points to a shitty site, and i don't know shit about web dev.
Technically i am the team leader, but my team mate won't let me make the project as android native app, because "Brooo, i am going to make a react app that would be completely offline, completely client side, full secure and shitt small" and sometimes "Bro its my idea" .
Well, 1. the whole point of client side is stupid because the 18 mb jsfile isn't going to get downloaded first in the client's cache(or whatever the process is, idk). The top stack overflow answers i saw told me to buy an ec2 instance and run liberoffice commands on it for every request, and that's SERVER SIDE. even if we could, i am sure its going to be bigger than what i would have made in kotlin.
2. what am i supposed to do? look at you coding while make all the ppts and research paper? you are going to use undocumented libs that "just works" , and i am suppose to curate the theory behind this, looking at all the researches of the world?well i guess okay that's a light job since THERE AREN'T ANY.
And we are targetting all types of conversions, nice. from what i know, handbrake.fr: video conversion s/w = 16 mb. photoshop: image conversion s/w=1gb and ms word: doc to pdf/other formats= 500mb.
Plus all those proprietary and undocumented formats, ugh. Thank you ugly ass companies.
Internet is great but web dev has become a whole lot mess. "I am going to build a software that is going to run in your system only using your device's processor" is a desktop/mobile app, not a website -
My answer to their survey -->
What, if anything, do you most _dislike_ about Firebase In-App Messaging?
Come on, have you sit a normal dev, completely new to this push notification thing and ask him to make run a simple app like the flutter firebase_messaging plugin example? For sure you did not oh dear brain dead moron that found his college degree in a Linux magazine 'Ruby special edition'.
Every-f**kin thing about that Firebase is loose end. I read all Medium articles, your utterly soporific documentation that never ends, I am actually running the flutter plugin example firebase_messaging. Nothing works or is referenced correctly: nothing. You really go blind eyes in life... you guys; right? Oh, there is a flimsy workaround in the 100th post under the Github issue number 10 thousand... lets close the crash report. If I did not change 50 meaningless lines in gradle-what-not files to make your brick-of-puke to work, I did not changed a single one.
I dream of you, looking at all those nonsense config files, with cross side eyes and some small but constant sweat, sweat that stinks piss btw, leaving your eyes because you see the end, the absolute total fuckup coming. The day where all that thick stinky shit will become beyond salvation; blurred by infinite uncontrolled and skewed complexity; your creation, your pathetic brain exposed for us all.
For sure I am not the first one to complain... your whole thing, from the first to last quark that constitute it, is irrelevant; a never ending pile of non sense. Someone with all the world contained sabotage determination would not have done lower. Thank you for making me loose hours down deep your shit show. So appreciated.
The setup is: servers, your crap-as-a-service and some mobile devices. For Christ sake, sending 100 bytes as a little [ beep beep + 'hello kitty' ] is not fucking rocket science. Yet you fuckin push it to be a grinding task ... for eternity!!!
You know what, you should invent and require another, new, useless key-value called 'Registration API Key Plugin ID Service' that we have to generate and sync on two machines, everyday, using something obscure shit like a 'Gradle terminal'. Maybe also you could deprecate another key, rename another one to make things worst and I propose to choose a new hash function that we have to compile ourselves. A good candidate would be a C buggy source code from some random Github hacker... who has injected some platform dependent SIMD code (he works on PowerPC and have not test on x64); you know, the guy you admire because he is so much more lowlife that you and has all the Pokemon on his desk. Well that guy just finished a really really rapid hash function... over GPU in a server less fashion... we have an API for it. Every new user will gain 3ms for every new key. WOW, Imagine the gain over millions of users!!! Push that in the official pipe fucktard!.. What are you waiting for? Wait, no, change the whole service name and infrastructure. Move everything to CLSG (cloud lambda service ... by Google); that is it, brilliant!
And Oh, yeah, to secure the whole void, bury the doc for the new hash under 3000 words, lost between v2, v1 and some other deprecated doc that also have 3000 and are still first result on Google. Finally I think about it, let go the doc, fuck it... a tutorial, for 'weak ass' right.
One last thing, rewrite all your tech in the latest new in house language, split everything in 'femto services' => ( one assembly operation by OS process ) and finally cramp all those in containers... Agile, for sure it has to be Agile. Users will really appreciate the improvements of your mandatory service. -
I think I found out why Cengage hasn't gotten back to me on their root-server issue: They're leased by next.tech (that's their name and URL) and it's literally an iframe from them inside like 7 Cengage iframe wrappers (which is also why it runs like ass apparently!)
next.tech supplies cengage with the actual heavy lifting, and cengage is literally a shitty wrapper for it.
"Our SmartScaled infrastructure ensures your users have a secure computing environment available in seconds." fucking bullshit i'm already root in my own personal server you've handed to me