As a long-time iPhone user, I am really sorry to say it but I think Apple has completed their transition to being a company that is incompetent when it comes to software development and software development processes.

I’ve grown tired of hearing some developers tell me about Apple’s scale and how software development is hard and how bugs should be expected. All of those are true, but like most rules of law, incompetence and gross negligence trumps all of that.

I’m writing this because of the telugu “bug”/massive, massive security issue in iOS 11.2.5. I personally think it’s one of the worst security issues in the history of modern devices/software in terms of its ease of exploitation, vast reach, and devastating impact if used strategically. But, as a software developer, I would have been able to see past all of that, but Apple has shown their true incompetence on this issue and this isn’t about a bug.

It’s about a company that has a catastrophic bug in their desktop and mobile platforms and haven’t been able to, or cared to, patch it in the 3 or so days it’s been known about. It’s about a company, who as of a view days ago, hasn’t followed the basic software development process of removing an update (11.2.5) that was found to be flawed and broken. Bugs happen, but that kind of incompetence is cultural and isn’t a mistake and it certainly isn’t something that people should try to justify.

This has also shown Apple’s gross incompetence in terms of software QA. This isn’t the first time a non-standard character has crashed iOS. Why would a competent software company implement a step in their QA, after the previous incident(s), to specifically test for issues like this? While Android has its issues too and I know some here don’t like Google, no one can deny that Google at least has a solid and far superior QA process compared to Apple.

Why am I writing this? Because I’m fed up. Apple has completely lost its way. devRant was inaccessible to iOS users a couple of times because of this bug and I know many, many other apps and websites that feature user-generated content experienced the same thing. It’s catastrophic. Many times we get sidetracked and really into security issues, like meltdown/spectre that are exponentially harder to take advantage of than this one. This issue can be exploited by a 3 year old. I bet no one can produce a case where a security issue was this exploitable yet this ignored on a whole.

Alas, here we are, days later, and the incompetent leadership at Apple has still not patched one of the worst security bugs the world has ever seen.

Long but worth it...

So I was cleaning out my Google Drive last night, and deleted some old (2 years and up) files. I also deleted my old work folder, it was for an ISP I worked for over 2 years ago. After deleting the files I had a little twinge of "Man I hope they're not still using those". But seriously, it'd be a pretty big security risk if I was still the owner of those files... right? Surely they copied them and deleted all the info from the originals. IP addresses, Cisco configs, username and passwords for various devices, pretty much everything but customer info.

Guess who I get a call from this morning... "Hi this is Debbie from 'ISP'. I was trying to access the IP Master List and I can't anymore. I was just told to call you and see if there's any way to get access to it again" (Not her real name...)

I had to put her on hold so I could almost die of laughter...

Me: "Sorry about that Debbie, I haven't worked for that company for over 2 years. Your telling me in all that time no one thought to save them locally? No one made a copy? I still had the original documents?!"

Long pause

D: "Uh... Apparently not..."

Another long pause

D: "So is there any way you can give me access to them again?"

Me: "They're gone Debbie. I deleted them all last night."

D: Very worried voice "Can... Can you check?"

This kids is why you never assume you'll always have access to a cloud stored file, make local copies!!

A little bit of background on this company, the owner's wife fired me on trumped up "time card discrepancy" issues so she could hire her freshly graduated business major son. The environment over there was pretty toxic anyway...

I feel bad for "Debbie" and the other staff there, it's going to be a very bad week for them. I also hope it doesn't impact any customers. But... It is funny as hell, especially since I warned the owner as I was clearing out my desk to save copies, and plan on them being gone soon. Apparently he never listened.

This is why you should have a plan in place... And not just wing it...

PS. First Post!

Consultant: "you should deploy a website. Use wordpress and have a draft ready in a few days. It's easy."

Me: "It's a static website, a one-pager even. I think we would be better served with something light-weight without a database."

Consultant: "99% of the websites in the entire internet are powered by wordpress. It's state of the art, you should use it"

Me: 😢 "Nooo, it needs mainentance and stuff. Look, XY is much simpler. You can even version the static site with git"

Consultant: 😤

We ended up with wordpress for our static website now. I am so proud. I absolutely love wordpress. It is amazing. Now my static one-pager can have plugins, multiple users, security issues and all that. The future is now!

Oh well

So this was a couple years ago now. Aside from doing software development, I also do nearly all the other IT related stuff for the company, as well as specialize in the installation and implementation of electrical data acquisition systems - primarily amperage and voltage meters. I also wrote the software that communicates with this equipment and monitors the incoming and outgoing voltage and current and alerts various people if there's a problem.

Anyway, all of this equipment is installed into a trailer that goes onto a semi-truck as it's a portable power distribution system.

One time, the computer in one of these systems (we'll call it system 5) had gotten fried and needed replaced. It was a very busy week for me, so I had pulled the fried computer out without immediately replacing it with a working system. A few days later, system 5 leaves to go work on one of our biggest shows of the year - the Academy Awards. We make well over a million dollars from just this one show.

Come the morning of show day, the CEO of the company is in system 5 (it was on a Sunday, my day off) and went to set up the data acquisition software to get the system ready to go, and finds there is no computer. I promptly get a phone call with lots of swearing and threats to my job. Let me tell you, I was sweating bullets.

After the phone call, I decided I needed to try and save my job. The CEO hadn't told me to do anything, but I went to work, grabbed an old Windows XP laptop that was gathering dust and installed my software on it. I then had to build the configuration file that is specific to system 5 from memory. Each meter speaks the ModBus over TCP/IP protocol, and thus each meter as a different bus id. Fortunately, I'm pretty anal about this and tend to follow a specific method of id numbering.

Once I got the configuration file done and tested the software to see if it would even run properly on Windows XP (it did!), I called the CEO back and told him I had a laptop ready to go for system 5. I drove out to Hollywood and the CFO (who was there with the CEO) had to walk about a mile out of the security zone to meet me and pick up the laptop.

I told her I put a fresh install of the data acquisition software on the laptop and it's already configured for system 5 - it *should* just work once you plug it in.

I didn't get any phone calls after dropping off the laptop, so I called the CFO once I got home and asked her if everything was working okay. She told me it worked flawlessly - it was Plug 'n Play so to speak. She even said she was impressed, she thought she'd have to call me to iron out one or two configuration issues to get it talking to the meters.

All in all, crisis averted! At work on Monday, my supervisor told me that my name was Mud that day (by the CEO), but I still work here!

Here's a picture of the inside of system 8 (similar to system 5 - same hardware)

First internship (ranted about it before).

- Had to google translate their entire internal crm.
- pointed out major security flaws and got a speech saying that "I shouldn't think so high of myself and I didn't have the fucking right to criticize their products"
- every time the boss came to the office after a failed sales presentation, we (interns) got called the most nasty stuff. Yes. We didn't have anything to do with that at all.
- I had "hygiene issues": window to the south with 35-40 degrees (Celsius) feeling temperature and no airco. Deo didn't really make a difference but wasn't allowed to use it there anyways. Details: I have a transpiration issue so I sweat shitloads more than other people, that didn't help at all.
- nearly got fired because I had to to to the doctor in company time for a serious health issue.
- was (no kidding) REQUIRES to use internet explorer and we were monitored constantly.

Self esteem dropped through the fucking ground there.

Ranted about him before but this just came to my mind again.
The fucking windows (to the max) fanboy I had to deal with for too long.

Every time I mentioned something about what programming language to use in a project he was NOT part of:
"I know it's none of my business, BUT I think you should use .net"
(All backend JavaScript and php guys).

Every time I mentioned something about what server system to use:
"I know it's none of my business but I think you should use Windows server"
(All Linux guys)

Every time I'd say something positive about Linux he'd search as long as needed to prove that that was also a windows thing (didn't even come close sometimes)

Every time I told the devs there about a windows security issue (as in "guys they found this thing, install the next update to stay safe :)" - "ahhh will do, thanks for letting know man!") he'd search as long as needed to prove that Linux also had had security issues like that.
(Okay?!? I know?!? I'm just trying to notify people so their systems stay secure and they're genuinely happy with that so STFU)

MOTHERFUCKER.

This rant is a confession I had to make, for all of you out there having a bad time (or year), this story is for you.

Last year, I joined devRant and after a month, I was hired at a local company as an IT god (just joking but not far from what they expected from me), developer, web admin, printer configurator (of course) and all that in my country it's just called "the tech guy", as some of you may know.

I wasn't in immediate need for a full-time job, I had already started to work as a freelancer then and I was doing pretty good. But, you know how it goes, you can always aim for more and that's what I did.

The workspace was the usual, two rooms, one for us employees and one for the bosses (there were two bosses).

Let me tell you right now. I don't hate people, even if I get mad or irritated, I never feel hatred inside me or the need to think bad of someone. But, one of the two bosses made me discover that feeling of hate.

He had a snake-shaped face (I don't think that was random), and he always laughed at his jokes. He was always shouting at me because he was a nervous person, more than normal. He had a tone in his voice like he knew everything. Early on, after being yelled for no reason a dozen of times, I decided that this was not a place for me.

After just two months of doing everything, from tech support to Photoshop and to building websites with WordPress, I gave my one month's notice, or so I thought. I was confronted by the bosses, one of which was a cousin of mine and he was really ok with me leaving and said that I just had to find a person to replace me which was an easy task. Now, the other boss, the evil one, looked me on the eye and said "you're not going anywhere".

I was frozen like, "I can't stay here". He smiled like a snake he was and said "come on, you got this we are counting on you and we are really satisfied with how you are performing till now". I couldn't shake him, I was already sweating. He was rolling his eyes constantly like saying "ok, you are wasting my time now" and left to go to some basketball practice or something.

So, I was stuck there, I could have caused a scene but as I told you, one of the bosses was a cousin of mine, I couldn't do anything crazy. So, I went along with it. Until the next downfall.

I decided to focus on the job and not mind for the bad boss situation but things went really wrong. After a month, I realised that the previous "tech guy" had left me with around 20 ancient Joomla - version 1.0 websites, bursting with security holes and infested with malware like a swamp. I had never seen anything like it. Everyday the websites would become defaced or the server (VPN) would start sending tons of spam cause of the malware, and going offline at the end. I was feeling hopeless.

And then the personal destruction began. I couldn't sleep, I couldn't eat. I was having panick attacks at the office's bathroom. My girlfriend almost broke up with me because I was acting like an asshole due to my anxiety issues (but in the end she was the one to "bring me back"(man, she is a keeper)) and I hadn't put a smile on my face for months. I was on the brink of depression, if not already there. Everyday I would anxiously check if the server is running because I would be the one to blame, even though I was trying to talk to the boss (the bad one was in charge of the IT department) and tell him about the problem.

And then I snapped. I finally realised that I had hit rock bottom. I said "I can't let this happen to me" and I took a deep breath. I still remember that morning, it was a life-changing moment for me. I decided to bite the bullet and stay for one more month, dealing with the stupid old server and the low intelligence business environment. So, I woke up, kissed my girlfriend (now wife), took the bus and went straight to work, and I went into the boss's office. I lied that I had found another job on another city and I had one month in order to be there on time. He was like, "so you are leaving? Is it that good a job the one you found? And when are you going? And are you sure?", and with no hesitation I just said "yup". He didn't expect it and just said "ok then", just find your replacement and you're good to go. I found the guy that would replace me, informing him of every little detail of what's going on (and I recently found out, that he is currently working for some big company nowadays, I'm really glad for him!).

I was surprised that it went so smoothly, one month later I felt the taste of freedom again, away from all the bullshit. Totally one of the best feelings out there.

I don't want to be cliche, but do believe in yourself people! Things are not what the seem.

With all that said, I want to give my special thanks to devRant for making this platform. I was inactive for some time but I was reading rants and jokes. It helped me to get through all that. I'm back now! Bless you devRant!

I'm glad that I shared this story with all of you, have an awesome day!

I guess that is what you get for bringing up security issues on someones website.

Not like I could read, edit or delete customer or company data...

I mean what the shit... all I did was try to help and gives me THIS? I even offered to help... maybe he got angry cause I kind of threw it in his face that the whole fucking system is shit and that you can create admin accounts with ease. No it's not a framework or anything, just one big php file with GET parameters as distinction which function he should use. One fucking file where everything goes into.

Apparently they didn't want to hear about my vulnerabilities I found because they blocked my IP address.

Seriously? I just wanted to do a disclosure of potential exploits / security issues

Another incident which made a Security Researcher cry 😭😭😭
[ NOTE : Check my profile for older incident ]
-----------------------------------------------------------
I was invited by a fellow friend to a newly built Cyber Security firm , I didn't asked for any work issues as it was my friend who asked me to go there . Let's call it X for now . It was a good day , overcast weather , cloudy sky , everything was nice before I entered the company . And the conversation is as follows :

Fella - Hey! Nice to see you with us .
Me - Thanks! Where to? *Asking for my work​ area*
Fella - Right behind me .
Me - Good thing :)
Fella - So , the set-up is good to go I suppose .
Me - Yeah :)
*I'm in my cabin and what I can see is a Windows VM inside Ubuntu 12.4*

*Fast forward to 1 hour and now I'm at the cafeteria with the Fella*

Fella - Hey! Sup? How was the day?
Me - Fine *in a bit confused voice*
Fella - What happened mate , you good with the work?
Me - Yeah but why you've got Windows inside Ubuntu , I mean what's the use of Ubuntu when I have to work on Windows?
Fella - Do you know Linux is safe from Malwares?
Me - Yeah
Fella - That's why we are using Windows on VM inside Linux .
Me - For what?
Fella - To keep Windows safe from Malwares as in our company , we can't afford any data loss!
Me - 😵 *A big face palm which went through my head and hit another guy , made me a bit unconscious*

I ran for my life as soon as possible , in future I'm never gonna work for anyone before asking their preferences .

I have been a mobile developer working with Android for about 6 years now. In that time, I have endured countless annoyances in the Android development space. I will endure them no more.
My complaints are:

1. Ridiculous build times. In what universe is it acceptable for us to wait 30 seconds for a build to complete. Yes, I've done all the optimisations mentioned on this page and then some. Don't even mention hot reload as it doesn't work fast enough or just does not work at all. Also, buying better hardware should not be a requirement to build a simple Android app, Xcode builds in 2 seconds with a 8GB Macbook Air. A Macbook Air!

2. IDE. Android Studio is a memory hog even if you throw 32GB of RAM at it. The visual editors are janky as hell. If you use Eclipse, you may as well just chop off your fingers right now because you will have no use for them after you try and build an app from afresh. I mean, just look at some of the posts in this subreddit where the common response is to invalidate caches and restart. That should only be used as a last resort, but it's thrown about like as if it solves everything. Truth be told, it's Gradle's fault. Gradle is so annoying I've dedicated the next point to it.

3. Gradle. I am convinced that Gradle causes 50% of an Android developer's pain. From the build times to the integration into various IDEs to its insane package management system. Why do I need to manually exclude dependencies from other dependencies, the build tool should just handle it for me. C'mon it's 2019. Gradle is so bad that it requires approx 54GB of RAM to work out that I have removed a dependency from the list of dependencies. Also I cannot work out what properties I need to put in what block.
4. API. Android API is over-bloated and hellish. How do I schedule a recurring notification? Oh use an AlarmManager. Yes you heard right, an AlarmManager... Not a NotificationManager because that would be too easy. Also has anyone ever tried running a long running task? Or done an asynchronous task? Or dealt with closing/opening a keyboard? Or handling clicks from a RecyclerView? Yes, I know Android Jetpack aims to solve these issues but over the years I have become so jaded by things that have meant to solve other broken things, that there isn't much hope for Jetpack in my mind 😤

5. API 2. A non-insignificant number of Android users are still on Jelly Bean or KitKat! That means we, as developers, have to support some of your shitty API decisions (Fragments, Activities, ListView) from all the way back then!

6. Not reactive enough. Android has support for Databinding recently but this kind of stuff should have been introduced from the very start. Look at React or Flutter as to how easy it is to make shit happen without any effort.

7. Layouts. What the actual hell is going on here. MDPI, XHDPI, XXHDPI, mipmap, drawable. Fuck it, just chuck it all in the drawable folder. Seriously, Android should handle this for me. If I am designing for a larger screen then it should be responsive. I don't want to deal with 50 different layouts spread over 6 different folders.

8. Permission system. Why was this not included from the very start? Rogue apps have abused this and abused your user's privacy and security. Yet you ban us and not them from the Play Store. What's going on? We need answers.

9. In Android, building an app took me 3 months and I had a lot of work left to do but I got so sick of Android dev I dropped it in favour of Flutter. I built the same app in Flutter and it took me around a month and I completed it all.
10. XML.

If you're a new dev, for the love of all that is good in this world, do NOT get into Android development. Start with Flutter or even iOS. On Flutter and build times are insanely fast and the hot reload is under 500ms constantly. It's a breath of fresh air and will save you a lot of headaches AND it builds for iOS flawlessly.

To the people who build Android, advocate it and work on it, sorry to swear, but fuck you! You have created a mess that we have to work with on a day-to-day basis only for us to get banned from the app store! You have sold us a lie that Android development is amazing with all the sweet treat names and conferences that look bubbly and fun. You have allowed to get it so bad that we can't target an API higher than 18 because some Android users are still using devices that support that!

End this misery. End our pain. End our suffering. Throw this abomination away like you do with some of your other projects and migrate your efforts over to Flutter. Please!

#NoToGoogleIO #AndroidSummitBoycott #FlutterDev #ReactNative

The stupid stories of how I was able to break my schools network just to get better internet, as well as more ridiculous fun. XD

1st year:
It was my freshman year in college. The internet sucked really, really, really badly! Too many people were clearly using it. I had to find another way to remedy this. Upon some further research through Google I found out that one can in fact turn their computer into a router. Now what’s interesting about this network is that it only works with computers by downloading the necessary software that this network provides for you. Some weird software that actually looks through your computer and makes sure it’s ok to be added to the network. Unfortunately, routers can’t download and install that software, thus no internet… but a PC that can be changed into a router itself is a different story. I found that I can download the software check the PC and then turn on my Router feature. Viola, personal fast internet connected directly into the wall. No more sharing a single shitty router!

2nd year:
This was about the year when bitcoin mining was becoming a thing, and everyone was in on it. My shitty computer couldn’t possibly pull off mining for bitcoins. I needed something faster. How I found out that I could use my schools servers was merely an accident.
I had been installing the software on every possible PC I owned, but alas all my PC’s were just not fast enough. I decided to try it on the RDS server. It worked; the command window was pumping out coins! What I came to find out was that the RDS server had 36 cores. This thing was a beast! And it made sense that it could actually pull off mining for bitcoins. A couple nights later I signed in remotely to the RDS server. I created a macro that would continuously move my mouse around in the Remote desktop screen to keep my session alive at all times, and then I’d start my bitcoin mining operation. The following morning I wake up and my session was gone. How sad I thought. I quickly try to remote back in to see what I had collected. “Error, could not connect”. Weird… this usually never happens, maybe I did the remoting wrong. I went to my schools website to do some research on my remoting problem. It was down. In fact, everything was down… I come to find out that I had accidentally shut down the schools network because of my mining operation. I wasn’t found out, but I haven’t done any mining since then.

3rd year:
As an engineering student I found out that all engineering students get access to the school’s VPN. Cool, it is technically used to get around some wonky issues with remoting into the RDS servers. What I come to find out, after messing around with it frequently, is that I can actually use the VPN against the screwed up security on the network. Remember, how I told you that a program has to be downloaded and then one can be accepted into the network? Well, I was able to bypass all of that, simply by using the school’s VPN against itself… How dense does one have to be to not have patched that one?

4th year:
It was another programming day, and I needed access to my phones memory. Using some specially made apps I could easily connect to my phone from my computer and continue my work. But what I found out was that I could in fact travel around in the network. I discovered that I can, in fact, access my phone through the network from anywhere. What resulted was the discovery that the network scales the entirety of the school. I discovered that if I left my phone down in the engineering building and then went north to the biology building, I could still continue to access it. This seems like a very fatal flaw. My idea is to hook up a webcam to a robot and remotely controlling it from the RDS servers and having this little robot go to my classes for me.

What crazy shit have you done at your University?

Wow... this is the perfect week for this topic.

Thursday, is the most fucked off I’ve ever been at work.

I’ll preface this story by saying that I won’t name names in the public domain to avoid anyone having something to use against me in court. But, I’m all for the freedom of information so please DM if you want to know who I’m talking about.

Yesterday I handed in my resignation, to the company that looked after me for my first 5 years out of university.

Thursday was my breaking point but to understand why I resigned you need a little back story.

I’m a developer for a corporate in a team of 10 or so.

The company that I work for is systemically incompetent and have shown me this without fail over the last 6 months.

For the last year we’ve had a brilliant contracted, AWS Certified developer who writes clean as hell hybrid mobile apps in Ion3, node, couch and a tonne of other up to the minute technologies. Shout out to Morpheus you legend, I know you’re here.

At its core my job as a developer is to develop and get a product into the end users hands.

Morpheus was taking some shit, and coming back to his desk angry as fuck over the last few months... as one of the more experienced devs and someone who gives a fuck I asked him what was up.

He told me, company want their mobile app that he’s developed on internal infrastructure... and that that wasn’t going to work.

Que a week of me validating his opinion, looking through his work and bringing myself up to speed.

I came to the conclusion that he’d done exactly what he was asked to, brilliant Work, clean code, great consideration to performance and UX in his design. He did really well. Crucially, the infrastructure proposed was self-contradicting, it wouldn’t work and if they tried to fudge it in it would barely fucking run.

So I told everyone I had the same opinion as him.

4 months of fucking arguing with internal PMs, managers and the project team go by... me and morpheus are told we’re not on the project.

The breaking point for me came last Wednesday, given no knowledge of the tech, some project fannies said Morpheus should be removed and his contract terminated.

I was up in fucking arms. He’d done everything really well, to see a fellow developer take shit for doing his job better than anyone else in [company] could was soul destroying.

That was the straw on the camels back. We don’t come to work to take shit for doing a good job. We don’t allow our superiors to give people shit in our team when they’re doing nothing but a good job. And you know what: the opinion of the person that knows what they’re talking about is worth 10 times that of the fools who don’t.

My manager told me to hold off, the person supposed to be supporting us told me to stand down. I told him I was going to get the app to the business lead because he fucking loves it and can tell us if there’s anything to change whilst architecture sorts out their outdated fucking ideas.

Stand down James. Do nothing. Don’t do your job. Don’t back Morpheus with his skills and abilities well beyond any of ours. Do nothing.

That was the deciding point for me, I said if Morpheus goes... I go... but then they continued their nonsense, so I’m going anyway.

I made the decision Thursday, and Friday had recruiters chomping at the bit to put the proper “senior” back in my title, and pay me what I’m worth.

The other issues that caused me to see this company in it’s true form:
- I raised a key security issue, documented it, and passed it over to the security team.
- they understood, and told the business users “we cannot use ArcGIS’ mobile apps, they don’t even pretend to be secure”
- the business users are still using the apps going into the GDPR because they don’t understand the ramifications of the decisions they’re making.

I noticed recently that [company] is completely unable to finish a project to time or budget... and that it’s always the developers put to blame.

I also noticed that middle management is in a constant state of flux with reorganisations because in truth the upper managers know they need to sack them.

For me though, it was that developers in [company], the people that know what they’re talking about; are never listened to.

Fuck being resigned to doing a shit job.

Fuck this company. On to one that can do it right.

Morpheus you beautiful bastard I know you’ll be off soon too but I also feel I’ve made a friend for life. “Private cloud” my arse.

Since making the decision Thursday I feel a lot more free, I have open job offers at places that do this well. I have a position of power in the company to demand what I need and get it. And I have the CEO and CTO’s ears perking up because their department is absolutely shocking.

Freedom is a wonderful feeling.

Boss hands over to me an old security audit report and tells me "Go through this and check if all the problems mentioned have been resolved". Quick glance through the report shows all expected issues - SQLi, plaintext transmission and storage etc. I tell him that I need access to the application both from admin and a user with restricted privileges.
He hands me the admin credentials and tells me, "After you login in, just go the "Users" tab. You'll find the profiles of all the users there. You can get the emails and passwords of any user you want from there."
I had to hold back a chuckle. There's nothing to verify. If they haven't resolved storing plain text passwords in the database (AND displaying it IN PLAIN TEXT in the website itself (which to my surprise wasn't mentioned in the audit)), they probably haven't even looked at the report.

I was offered to work for a startup in August last year. It required building an online platform with video calling capabilities.
I told them it would be on learn and implement basis as I didn't know a lot of the web tech. Learnt all of it and kept implementing side by side.
I was promised a share in the company at formation, but wasn't given the same at the time of formation because of some issues in documents.
Yes, I did delay at times on the delivery date of features on the product. It was my first web app, with no prior experience. I did the entire stack myself from handling servers, domains to the entire front end. All of it was done alone by me.
Later, I also did install a proxy server to expand the platform to a forum on a new server.
And yesterday after a month of no communication from their side, I was told they are scraping the old site for a new one. As I had all the credentials of the servers except the domain registration control, they transferred the domain to a new registrar and pointed it to a new server. I have a last meeting with them. I have decided to never work with them and I know they aren't going to provide me my share as promised.
I'm still in the 3rd year of my college here in India. I flunked two subjects last semester, for the first time in my life. And for 8 months of work, this is the end result of it by being scammed. I love fitness, but my love for this is more and so I did leave all fitness activities for the time. All that work day and night got me nothing of what I expected.
Though, they don't have any of my code or credentials to the server or their user base, they got the new website up very fast.
I had no contract with them. Just did work on the basis of trust. A lesson learnt for sure.
Although, I did learn to create websites completely all alone and I can do that for anyone. I'm happy that I have those skills now.
Since, they are still in the start up phase and they don't have a lot of clients, I'm planning to partner with a trusted person and release my code with a different design and branding. The same idea basically. How does that sound to you guys?

I learned that:
. No matter what happens, never ignore your health for anybody or any reason.
. Never trust in business without a solid security.
. Web is fun.
. Self-learning is the best form of learning.
. Take business as business, don't let anyone cheat you.

Dev: Hey that internal audit you asked me to perform didn’t go so well

Manager: It has too! I’ll get in a lot of trouble if it doesn’t pass.

Dev: Ok well it’s a lot of work to get it to a passing state, we have to dedicate a lot of resources to fix all these findings.

Manager: We don’t have any spare resources, they are all working on new projects! Why did you have to find things??

Dev: ….It’s a lot of hard to miss stuff, like missing signatures on security clearance forms

Manager: Ok can’t you just say that everything is all good? They’ll probably not double check.

Dev: I’m not really comfortable with that…Look all of these findings are all just from one member of the team consistently not doing their job, can’t you just address that with him and I can make a note on the audit that issues were found but corrective action was made? That’s the whole point of audits.

Manager: You don’t get it, if anything is found on the audit I’ll look bad. We have to cover this up. Plus that’s a really good friend of mine! I can’t do that to him. Ok you know what? You are obviously not the right person for this task, I’ll get someone else to do it. Go back to your regular work, I’m never assigning you audits again.

I thought this launch (security/privacy blog) would go smooth:
- analytics fell, except for one thing, apart for yet unknown reasons
- MySQL came with a very weird error which took me like half an hour of research before I hacked my way past it.
- the firewall started to fuck around for no reason, works now though.

Nginx worked without issues though, as well as NetData 😅

Yeah, didn't go as planned :P

3 rants for the price of 1, isn't that a great deal!

1. HP, you braindead fucking morons!!!

So recently I disassembled this HP laptop of mine to unfuck it at the hardware level. Some issues with the hinge that I had to solve. So I had to disassemble not only the bottom of the laptop but also the display panel itself. Turns out that HP - being the certified enganeers they are - made the following fuckups, with probably many more that I didn't even notice yet.

- They used fucking glue to ensure that the bottom of the display frame stays connected to the panel. Cheap solution to what should've been "MAKE A FUCKING DECENT FRAME?!" but a royal pain in the ass to disassemble. Luckily I was careful and didn't damage the panel, but the chance of that happening was most certainly nonzero.
- They connected the ribbon cables for the keyboard in such a way that you have to reach all the way into the spacing between the keyboard and the motherboard to connect the bloody things. And some extra spacing on the ribbon cables to enable servicing with some room for actually connecting the bloody things easily.. as Carlos Mantos would say it - M-m-M, nonoNO!!!
- Oh and let's not forget an old flaw that I noticed ages ago in this turd. The CPU goes straight to 70°C during boot-up but turning on the fan.. again, M-m-M, nonoNO!!! Let's just get the bloody thing to overheat, freeze completely and force the user to power cycle the machine, right? That's gonna be a great way to make them satisfied, RIGHT?! NO MOTHERFUCKERS, AND I WILL DISCONNECT THE DATA LINES OF THIS FUCKING THING TO MAKE IT SPIN ALL THE TIME, AS IT SHOULD!!! Certified fucking braindead abominations of engineers!!!

Oh and not only that, this laptop is outperformed by a Raspberry Pi 3B in performance, thermals, price and product quality.. A FUCKING SINGLE BOARD COMPUTER!!! Isn't that a great joke. Someone here mentioned earlier that HP and Acer seem to have been competing for a long time to make the shittiest products possible, and boy they fucking do. If there's anything that makes both of those shitcompanies remarkable, that'd be it.

2. If I want to conduct a pentest, I don't want to have to relearn the bloody tool!

Recently I did a Burp Suite test to see how the devRant web app logs in, but due to my Burp Suite being the community edition, I couldn't save it. Fucking amazing, thanks PortSwigger! And I couldn't recreate the results anymore due to what I think is a change in the web app. But I'll get back to that later.

So I fired up bettercap (which works at lower network layers and can conduct ARP poisoning and DNS cache poisoning) with the intent to ARP poison my phone and get the results straight from the devRant Android app. I haven't used this tool since around 2017 due to the fact that I kinda lost interest in offensive security. When I fired it up again a few days ago in my PTbox (which is a VM somewhere else on the network) and today again in my newly recovered HP laptop, I noticed that both hosts now have an updated version of bettercap, in which the options completely changed. It's now got different command-line switches and some interactive mode. Needless to say, I have no idea how to use this bloody thing anymore and don't feel like learning it all over again for a single test. Maybe this is why users often dislike changes to the UI, and why some sysadmins refrain from updating their servers? When you have users of any kind, you should at all times honor their installations, give them time to change their individual configurations - tell them that they should! - in other words give them a grace time, and allow for backwards compatibility for as long as feasible.

3. devRant web app!!

As mentioned earlier I tried to scrape the web app's login flow with Burp Suite but every time that I try to log in with its proxy enabled, it doesn't open the login form but instead just makes a GET request to /feed/top/month?login=1 without ever allowing me to actually log in. This happens in both Chromium and Firefox, in Windows and Arch Linux. Clearly this is a change to the web app, and a very undesirable one. Especially considering that the login flow for the API isn't documented anywhere as far as I know.

So, can this update to the web app be rolled back, merged back to an older version of that login flow or can I at least know how I'm supposed to log in to this API in order to be able to start developing my own client?

Alright, the blog seems to be running again and its not breaking yet which is a good sign :P.

Although nothing has changed on the front end yet, the backend has been partly rewritten to be more efficient and of course, post sorting based on posting date!

I'm aware of most of the front end issues so no need to tell me all of them again, I'll look at that tomorrow as I need sleep right now :(

If you'd find any bugs/security issues, please, don't exploit them but report them instead! I take security very seriously and will try to patch any security bug as soon as I can :)

It's enough. I have to quit my job.

December last year I've started working for a company doing finance. Since it was a serious-sounding field, I tought I'd be better off than with my previous employer. Which was kinda the family-agency where you can do pretty much anything you want without any real concequences, nor structures. I liked it, but the professionalism was missing.

Turns out, they do operate more professionally, but the intern mood and commitment is awful. They all pretty much bash on eachother. And the root cause of this and why it will stay like this is simply the Project Lead.

The plan was that I was positioned as glue between Design/UX and Backend to then make the best Frontend for the situation. Since that is somewhat new and has the most potential to get better. Beside, this is what the customer sees everyday.

After just two months, an retrospective and a hell lot of communication with co-workers, I've decided that there is no other way other than to leave.

I had a weekly productivity of 60h+ (work and private, sometimes up to 80h). I had no problems with that, I was happy to work, but since working in this company, my weekly productivity dropped to 25~30h. Not only can I not work for a whole proper work-week, this time still includes private projects. So in hindsight, I efficiently work less than 20h for my actual job.

The Product lead just wants feature on top of feature, our customers don't want to pay concepts, but also won't give us exact specifications on what they want.
Refactoring is forbidden since we get to many issues/bugs on a daily basis so we won't get time.
An re-design is forbidden because that would mean that all Screens have to be re-designed.
The product should be responsive, but none of the components feel finished on Desktop - don't talk about mobile, it doesn't exist.
The Designer next to me has to make 200+ Screens for Desktop and Mobile JUST so we can change the primary colors for an potential new customer, nothing more. Remember that we don't have responsiveness? Guess what, that should be purposely included on the Designs (and it looks awful).
I may hate PHP, but I can still work with it. But not here, this is worse then any ecommerce. I have to fix legacy backend code that has no test coverage. But I haven't touched php for 4 years, letalone wrote sql (I hate it). There should be no reason whatsoever to let me do this kind of work, as FRONTEND ARCHITECT.

After an (short) analysis of the Frontend, I conclude that it is required to be rewritten to 90%. There have been no performance checks for the Client/UI, therefor not only the components behave badly, but the whole system is slow as FUCK! Back in my days I wrote jQuery, but even that shit was faster than the architecuture of this React Multi-instance app. Nothing is shared, most of the AppState correlate to other instances.

The Backend. Oh boy. Not only do we use an shitty outated open-source project with tons of XSS possibillities as base, no we clone that shit and COPY OUR SOURCES ON TOP. But since these people also don't want to write SQL, they tought using Symfony as base on top of the base would be an good idea.
Generally speaking (and done right), this is true. but not then there will be no time and not properly checked. As I said I'm working on Legacy code. And the more I look into it, the more Bugs I find. Nothing too bad, but it's still a bad sign why the webservices are buggy in general. And therefor, the buggyness has to travel into the frontend.

And now the last goodies:
- Composer itself is commited to the repo (the fucking .phar!)
- Deployments never work and every release is done manually
- We commit an "_TRASH" folder
- There is an secret ongoing refactoring in the root of the Project called "_REFACTORING" (right, no branches)
- I cannot test locally, nor have just the Frontend locally connected to the Staging webservices
- I am required to upload my sources I write to an in-house server that get's shared with the other coworkers
- This is the only Linux server here and all of the permissions are fucked up
- We don't have versions, nor builds, we use the current Date as build number, but nothing simple to read, nonono. It's has to be an german Date, with only numbers and has always to end with "00"
- They take security "super serious" but disable the abillity to unlock your device with your fingerprint sensor ON PURPOSE

My brain hurts, maybe I'll post more on this shit fucking cuntfuck company. Sorry to be rude, but this triggers me sooo much!

A friend called ITIS guys about some network issue on his system.
Frnd : Hi, I'm facing some security policy issues on my system. Could you help me connect?
ITIS guy: Ok. Please run 'gpupdate /force' cmd from cmdpromt.
Frnd: Well actually I'm on Linux.
ITIS guy: Well, at least give it a try and tell me how it goes.

*Facepalm*? *Bodypalm*? Murder?

TL;DR I'm fucking sick and tired of Devs cutting corners on security! Things can't be simply hidden a bit; security needs to be integral to your entire process and solution. Please learn from my story and be one of the good guys!

As I mentioned before my company used plain text passwords in a legacy app (was not allowed to fix it) and that we finally moved away from it. A big win! However not the end of our issues.

Those Idiot still use hardcoded passwords in code. A practice that almost resulted in a leak of the DB admin password when we had to publish a repo for deployment purposes. Luckily I didn't search and there is something like BFG repo cleaner.

I have tried to remedy this by providing a nice library to handle all kinds of config (easy config injection) and a default json file that is always ignored by git. Although this helped a lot they still remain idiots.
The first project in another language and boom hardcoded password. Dev said I'll just remove before going live. First of all I don't believe him. Second of all I asked from history? "No a commit will be good enough..."

Last week we had to fix a leak of copyrighted contend.
How did this happen you ask? Well the secure upload field was not used because they thought that the normal one was good enough. "It's fine as long the URL to the file is not published. Besides now we can also use it to upload files that need to be published here"
This is so fucking stupid on so many levels. NEVER MIX SECURE AND INSECURE CONTENT it is confusing and hard to maintain. Hiding behind a URL that thousands of people have access to is also not going to work. We have the proof now...
Will they learn? Maybe for a short while but I remain sceptic. I hope a few DevrRanters do!

My office has blocked access to all external websites. Only internal, self-hosted sites under our domain work.

P E A K. S E C U R I T Y.

Root gets ignored.

I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.

For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`

Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.

I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.

He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).

I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨

Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.

Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.

ffs.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.

jfc i'm getting pissy again.

That feeling when your client connection is more stable than the connection of a fucking game server... Incompetent pieces of shit!!! BEING ABLE TO PUT A COUPLE OF SPRITES DOESN'T MAKE YOU A FUCKING SYSADMIN!!!

Oh and I sent those very incompetent fucks a mail earlier, because my mailers are blocking their servers as per my mailers' security policy. A rant from the old box - their mail servers self-identify a fucking .local!!! Those incompetent shitheads didn't even properly change the values from test into those from prod!! So I sent them an email telling them exactly how they should fix it, as I am running the same MTA on my mailers (Postfix), at some point had to fix my mailers against the exact same issue as well, and clearly noticed in-game that they have deliverability problems (they explicitly mention to unblock their domain). Guess why?! Because their server's shitty configuration triggers fucking security mechanisms that are built against rogue mailers that attempt to spoof themselves as an internal mailer, with that fucking .local! And they STILL DIDN'T CHANGE IT!!!! Your fucking domain has no issues whatsoever, it's your goddamn fucking mail servers that YOU ASOBIMO FUCKERS SHOULD JUST FIX ALREADY!!! MOTHERFUCKERS!!!!!

I've just been given a beautiful turd of a PC with only 512MB RAM to get ready for someone in the residence. Way too small for any modern Windows or even Linux with a halfway decent GUI. And the user doesn't have any technical background so I highly doubt that they'll be able to maintain a Linux system. Windows XP is full of security issues but it might just be able to run on that craptop. Due to me knowing that it's a vulnerable system though, I've got an ethical issue with that. Windows XP is insecure but at least the user would be able to use it.. and Linux is secure but it'd never get updated, and I really don't want that guy to come knock on my door every time he wants to install a piece of software.. the guy fucking stinks! What would you do in a situation like that?

Apple iPhone testing without being on the app store is so annoying, I had to sign up some people to test the app I've been working on and had issues on my end, it really is this whole security bullshit, really it isn't needed.

I couldn't get the team provisional certificate thing to show up because when I clicked the account the team certificate settings would disappear, only after right clicking and hitting help then clicking the team while it was selected could I go to the right window.

I don't see why it's so damn hard to do this crap.

Yet with Android, it's so easy.

I really have issues with the testing for this iPhone app, I went through so many different ways to try and get it to work.

Anyways all done, crashlytics is an awesome testing tool if you can get around that small issue I had.

Welcoming security issues like

Boss calls: "Can you give me more bandwith?"
Me: "I can, but the other coworkers will have issues"
Boss: "Doesn't matter, and please, lift up the proxy too"
Me: "I am sorry, but I can't, that could compromise our security"
Boss: "I am giving you an order..."
Me: "Ok then..."
Me: *proceeds to give boss more bandwith and lifts up proxy (all is lost now)*

I go to see what is the boss doing with the bandwith...he was downloading League of Legends in his personal notebook...

TL;DR: Boss asks to put company at risk for the sake of a game...

Fucking Microsoft Edge can't open bloody localhost because of "security" issues.

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

DEAR CTOs, PLEASE ASK THE DEVELOPER OF THE SOFTWARE WHICH YOU ARE PLANNING TO BUY IN WHAT LANGUAGE AND WHAT VERSION THEY ARE WRITTEN IN.

Background: I worked a LONG time for a software company which developed a BIG crm software suite for a very niche sector. The softwary company was quite successfull and got many customers, even big companies bought our software. The thing is: The software is written in Ruby 1.8.7 and Rails 2. Even some customer servers are running debian squeeze... Yes, this setup is still in production use in 2022. (Rails 7 is the current version). I really don't get it why no one asked for the specific setup, they just bought it. We always told our boss, that we need time to upgrade. But he told every time, no one pays for an tech upgrade... So there it is, many TBs of customer data are in systems which are totally old, not updated and with possibly security issues.

😡😡😡 Who here thinks that great software can be build in a few hours?!?! My silly ass boss does. He haven't programmed in decades and think we're supposed to be able to build software that doesn't break, has the best security, no flaws, feature rich in VERY, VERY short amount of time!! 😡😡😡 Fuck out of here!! It pisses me off to my core.

Me: Just finished the required software. In a short amount of time with new stuff I've never worked with before.

Him: Well, it took u a week to do. I heard it should've only have taken u a few hours.

Then u build the shit then!!! Fuck out of here.

The Sr. Dev and I was talking about this on Friday. U won't good product...leave us the fuck alone and let us work!!! He don't think that there will be small issues that come up. He thinks we're supposed to already know those issues are gonna exists, like really u fuck tart!?

FUUUUUUCK!!!!

I had security reopen our test-user last week. I could run the tests once, then they started failing with "blocked user due to too many attempts at logging in". Huh, that's weird. I go through everything, every script, every scheduled task, every nook and cranny of every drive on every machine I could reach, and make sure the password is updated everywhere. Reopen account. Same shit.

I email around to some people, they don't use it, one guy asks if I checked x, y and z, I did. Then he's sure we don't use it anywhere else.

It's one of our fucking contractors that took one of our scripts (that they're supposed to have duplicate copies of) and forgot to change to their own credentials. That's literally the agreement, take our scripts and change the user and run them on your machines.

Afhfjdkdhdjdbd stop locking me out of everything with your incompetence. I email them, some cunt gets back to me asking for the new password. NO. USE. YOUR. OWN. CREDENTIALS. I KNOW YOU HAVE THEM, THEY'RE HERE IN THE LIST AND BEING USED IN ALL OTHER SCRIPTS AAAAAAAAAHHH

auto.self.whatever.rant()

A few years ago, we had a lesson on git and stuff, and we had to create our first repository and push something on it to get familiar with the thing.

Our teacher jokingly said at the end "And always remember, no password in a repository!", and I thought to myself "who can be dumb enough to do actually do something like that?"

Now, guess which piece of shit had to reinstall two of his fucking servers because of security issues coming from not one but github repositories?

So I can see everything thinks CS should be taught differently this week.

Based on all of the ways we could change it, something no one seems to be mentioning much is security.

Everyone has many ways of learning logical processors and understanding how they work with programming, but for every line of code taught, read or otherwise learnt you should also learn, be taught how to make it less vulnerable (as nothing is invulnerable on the internet)

Every language has its exploits and pitfalls and ways of overflowing but how you handle these issues or prevent them occurring should be more important than syntaxually correct code. The tools today are 100000x better then when I started with notepad.exe, CMD and Netscape.

Also CS shouldn’t be focused on tools and languages as such, seeing as new versions and ideals come out quicker then CS courses change, but should be more focused on the means of coming to logical decisions and always questioning why or how something is the way it is, and how to improve it.

Tl;dr
Just my two cents.

Send over the entire directory for a WordPress site we completely overhauled with new plugins, custom theme, redid content with visual composer, etc. I tell him to backup his site and then put everything I give you as fresh. He tells me he can't just wipe out his entire site that's unacceptable. I ask him what's the problem? he rambles on and says a lot of words that don't really mean anything then says security. so I call him out on it, what security issues do you have? well we have users and permissions setup he says. I explain That I copied his users table over when we did the redesign, so it's the exact same stuff. so I say again, why can't we just replace everything? well that's just not acceptable he says. I ask him again, what EXACTLY is your problem with replacing the site since I already addressed your security concern. he couldn't answer me so now we have another conference call tomorrow morning with more people from their team. I'll let you know how it goes.

tldr; clients are idiots, call them out for the dumb shit they say and have no response.

I’m LOLing at the audacity of one of our vendors.

We contract with a vendor to build and maintain a website. Our network security team noticed there was a security breach of the vendor’s website. Our team saw that malicious users gained access to our Google Search console by completing a challenge that was issued to the vendor’s site.

At first, the vendor tried to convince us that their site wasn’t comprised and it was the Google search Console that was compromised. Nah dude. Our Search Console got compromised via the website you maintain for us. Luckily our network team was able to remove the malicious users from our search console.

That vendor site accepts credit card payments and displays the user’s contact info like address, email, and phone. The vendor uses keys that are tied to our payment gateway. So now my employer is demanding a full incident report from the vendor because their dropping the ball could have compromised our users’ data and we might be responsible for PCI issues.

And the vendor tried to shit on us even more. The vendor also generates vanity urls for our users. My employer decided to temporarily redirect users to our main site (non vendor) because users already received those links and in order to not lose revenue. The vendor’s solution is to build a service that will redirect their vanity urls to our main site. And they wanted to charge us $5000 usd for this. We already pay them $1000 a month already.

WTAF we are not stupid. Our network service team said we could make the argument that they do this without extra charge because it falls in the scope of our contract with them. Our network team also said that we could terminate the contract because the security breach means they didn’t render the service they were contracted to do. Guess it’s time for us to get our lawyer’s take on this.

So now it looks like my stakeholders want me to rebuild all of this in house. I already have a lot on my plate, but I’m going to be open to their requests because we are still in the debrief phase.

!dev

There’s this person at $work who never uses punctuation of any kind. She has mental issues and insists on neutral pronouns (and strongly advertises these) so I’ll use the indefinite to pretend to be respectful. It has multiple thoughts while typing a message and just keeps typing through all of them without stopping. It pauses not to collect its thoughts, to edit for clarity or to fix mistakes, to separate anything (including disjoint topics), to summarize, etc. (Though calling these “thoughts” is a huge stretch, given its lack of propensity for that particular subject.) It’s as if it has zero distinction between writing and speaking, and simply lets the mental diarrhea flow while their fingers do their best to keep pace. Reading these trainwrecks of thought — and gleaning any useful information from them — is always difficult and a little bit painful.

It is also in charge of IT security, which is more than a bit worrying. (But I hate the company with a passion, so it doesn’t bother me nearly as much as it otherwise would.)

Umm Trello tells you specifically if the password is wrong... /:

If there are bugs in your code, the problem 100% of the time is that you’re not using Rust. Just rewrite it in Rust, and all bugs, security, and performance issues will disappear. Any software not currently written in Rust should be rewritten in Rust. Rust is all you need to know as a Software Engineer. This future is Rust. Welcome to Software3.

So today's the day.

We've now successfully installed four Ubiquity AP's with a Ubiquity Security Gateway onto a 1000/1000 fiber line. Feels really nice when you're finished with the cable laying and everything just works™. Just getting the fiber in there was a project of its own, but now it's all complete. Tommorow I'll be working from home, and on Monday I guess I'll be bombarded with connectivity issues. Oh well, let's enjoy the weekend first 😁

Oh boy, this is gonna be good:

TL;DR: Digital bailiffs are vulnerable as fuck

So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:

The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.

So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!

This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.

I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.

Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!

Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...

The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.

But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.

So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)

So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"

So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones

We have a badly out of shape but functional product , the result of a "if its not broke don't fix it" mentality. The only thing manangement cares is our next release and making meetings to plan other meetings...

Now comes the time of the security Audit (PCI)...

Manager : oh noooo the audit will fix this issue, quickkk fix it !

Us : welllll its a lengthy process but doable, we just gotta do a,b,c,d,e . Part a is essentially what we need the rest are refactoring bits of the system to support part a since the performance would be shit otherwise

Manager: can you do part a before the audit starts ?

Us: yep.

Manager: do it . Oh and pop those other issues on JIRA so we can track em

Audit completed....

Manager: so we got through ok?

Us : 👍 yep

Manager: okayy, take those other issues..... and stick em at the bottom of the back log...

Us : huh ? *suspicious faces*..... okay but performance is gonna be poor with the system as it is cuz of part A....

Manager: yeaaahhh * troll face* ....about that.... roll it back and stick that too at the bottom of the log. We got to focus our next release. Lemme schedule a meeting for that 😊

Us : faceplam

Rust, because if we can eliminate all security issues because of buffer overflows or other memory-related problems without a GC and still be as fast as with C, that would be pretty dope for everyone.

Why so much hate for Windows? I can do all the scripting that I do on Linux on Windows as well. AutoHotKey for the win! In fact, the hacks that I can do on Windows directly cannot be done on Linux unless I have the terminal open. I'm still learning, yeah, so I'll learn how to do that in due time, but I've never had any issues with drivers, software issues, or security threats while using Windows.
And Windows Defender is so good now! I don't need an antivirus. Well, good browsing habits and common sense is enough of an antivirus so it's a moot point anyway.
Either way, I like embracing the power of AND. Why choose? I love both Windows and Linux!

Wow so much hate for WordPress. Le me to the rescue 💀

Yes WP is bloated and crappy and full of security issues etc etc. Agreed. That doesn't mean it is useless though.

It is alright to use for someone who is not really good with web, someone who just needs a blog, someone who just needs a home page, about page and contact form with a possibility of updating photo and text once or two times a month.

It is not suitable for e-commerce nor lots of transactions/forms involving websites.

As long as you know what kind of horse/vehicle you are on, you won't end up in the dirt.

Ok, here goes...

I was once asked to evaluate upgrade options for an online shop platform.

The thing was built on Zend 1, but that's not the problem.

The geniuses that worked on it before didn't have any clue about best practices, framework convention, modular thinking, testing, security issues...nothing!

There were some instances when querying was done using a rudimentary excuse for a model layer. Other times, they would just use raw queries and just ignore the previous method. Sometimes the database calls were made in strange function calls inside randomly loaded PHP files from different folders from all over the place. Sometimes they used JOINs to get the data from multiple tables, sometimes they would do a bunch of single table queries and just loop every data set to format it using multiple for loops.

And, best of all, there were some parts of the app that would just ignore any ideea of frameworks, conventions and all that and would be just a huge PHP file full of spagetti code just spalshed around, sometimes with no apparent logic to it. Queries, processing, HTML...everything crammed in one file...

The most amazing thing was that this code base somehow managed to function in production for more than 5 years and people actualy used it...

Imagine the reaction I got from the client the moment I said we should burn it to the ground and rebuild the whole thing from scratch...

Good thing my boss trusted me and backed me up (he is a great guy by the way) and we never had to go along with that Frankenstein monster...

I'm convinced this is going to be wildly unpopular, but hey...

Please stop writing stuff in C! Aside from a few niche areas (performance-critical, embedded, legacy etc. workloads) there's really no reason to other than some fumbled reason about "having full control over the hardware" and "not trusting these modern frameworks." I get it, it's what we all grew up with being the de-facto standard, but times have moved on, and the number of massive memory leaks & security holes that keep coming to light in *popular*, well-tested software is a great reason why you shouldn't think you're smart enough to avoid all those issues by taking full control yourself.

Especially, if like most C developers I've come across, you also shun things like unit tests as "something the QA department should worry about" 😬

Imagine updating a legacy web app and the code is so bad it physically makes you sick every time you look at it. Tables with over 400 columns, . And don't even get me started on the security issues. Apparently writing "Confidential" on the top of the page is enough security. And that's just the tip of the iceberg. People should get licenced before being allowed to code.

My internship is about to end in two months. I was under the impression that I'll start looking for a job towards mid August and then decide what to do. I didn't expect my company to offer me a position so early before my internship ended.

Initially I had liked the place. The work was pretty relaxed and I had quite a bit of freedom. Soon enough, I proved my worth and my team started respecting my opinions and suggestions. They even consulted me on multiple occasions.

The first thing I noticed on the downside was the company, despite being resourceful enough and having a decent turnover and important clients, was quite stingy in terms of employee welfare. There was no coffee. There was machine but you had to buy the capsule for yourself. And that sucks. I know I don't need to say more but the other problems were there was no enterprise subscription (or any subscription) to PhpStorm even though our team handled so many PHP projects. I know IDEs are personal preferences but not having any professional IDEs is not something to let slide. The lead dev uses NetBeans (and not because he loved it or anything). Even though I worked on WebDev and front end, I had no option to ask for a second screen. I had one display apart from my laptop. Usually most companies in Paris provides food tickets for internships and this company did not even give me that. And worst of all, there wasn't really anyone I looked up to. As much as I enjoy responsibilities and all, I don't think I should be in an environment where I have nothing much to learn from my seniors. For some fucked sense of security and certainty, I was willing to overlook all this when they offered me a position. But I recently had my interview and the regional manager, a fuck face who still makes me wonder how he reached his position, made a proposal for some quite a small amount of salary. What infuriated more than his justifications was his attitude itself. There was absolutely no respect whatsoever. It was more like "We'll give you this, I think this is more than enough for you. Take it or do whatever you want". I asked for more and he didn't even bother negotiating. I declined the offer.

Now this would have solved all the issues. But my manager and my lead dev like me a lot. Both of them are pretty nice people. They both were bothered with the fact that I had turned down the offer. My manager even agreed that the offer was too low and had already given me tips to help me negotiate. But after I turned down the offer, she went and discussed the issue with the regional manager and he offered me a new proposal. This time it was decent but still under my expectations. I'm pretty sure I can do better elsewhere. I said I need time to think about it. I get multiple advises from people to take it atleast so that I get my visa converted to a work permit. For some reason, I want to take the risk and say no. And find something else. But today my lead dev called me aside and asked me if was going to say no. He really tried to influence me by telling me a lot of good things about me and telling me about the number of different projects we're going to start next month and all that. Even though I'm fully convinced that I don't want to work here, just the sheer act of saying no to these two people I respect is sooo fucking difficult for me that I can already imagine me working here for the next one year. The worst part is I can clearly classify their words and sentences into stuff they say to canvass me, stuff they're bullshitting about and flattery just to make me stay. Despite knowing I'm being taken advantage of, some fucked up module in my head wouldn't stop guilt tripping me. I don't know what to do. If I only I could find a really better job.

Pardon the grammatical errors if any. I'm just venting out and my thoughts branch in 500 different ways simultaneously.

During a design meeting, our boss tells me that Vertx's MySQL drivers don't have prepared statements, and that in the past, he's used a library or his own functions to do all the escaping.

"Are you kidding me? Are you insane?"

I insisted that surely he must be wrong; that no one would release a database library without built in support for query arguments. Escaping things by hand is just asinine and a security risk. You should always use the tools in the database drivers, as new security vulnerabilities in SQL drivers can be found and fixed so long as you keep your dependencies up to date.

He told me escaping wasn't as tricky as I made it out to be, that there were some good libraries for it, and insisted Vertx didn't have any built in support for "prepared statements." He also tried to tell us that prepared statements had performance issues.

He searched specifically for "prepared statements" and I was like, "You know they don't have to be called that. They have different names in different frameworks."

Sure enough, a short search and we discovered a function in the Vertx base database classes to allow SQL queries with parameters.

Client contacts our company that his site is down, we do some investigating and the only way we can access the site is on a mobile phone. From the office computers the site never loads and times out. Since we don't host the site and I've never logged into it before I don't have a lot of details so I suggest they contact whoever hosts their site. This is where things get weird.

Client tells me that the site is hosted on someone's home server. I tell him that this is quite strange in 2018 and rather unlikely and ask if he was ever given access to the site to log in or if he has access to his domain registration, GoDaddy.

He says he doesn't understand any of this and would rather I just contact his current developer and figure it out with him. We agree that he needs to get access to his site so we are going to migrate it once I get access to it.

I email his current developer letting him know the client has put me in contact with him to troubleshoot the issues with the site. I ask him some standard questions like: where is the site hosted? Can you access it from a computer? Do you have some security measures in place to block certain IP ranges? Can you give me from access to get the files? Will you send me a backup of the site for me to load up on my server?

*2days pass*

Other dev: Tell me the account number and I'll transfer the domain.

Me: I'll have to get back to you on that once I talk to the client and set up his GoDaddy account since we believe the business owner should own their domain, not their developers. In the meantime you didn't answer any of the questions I asked. Transferring the domain won't get the site on my server so I still need the files.

*3 days pass*

OD: You are trying the wrong domain. The correct domain is [redacted].com I'll have my daughter send you the files when she gets in town. We will transfer the domain to you, the client will forget to pay and the site will go down and it'll be your fault.

Me: I appreciate your advice, but the client will own their domain. I'm trying to get the site online and you have no answered any of my questions. It's been a week now and you have not transferred the domain, you have not provided a copy of the site, you have not told me where the site is hosted. The client and I are both getting impatient at this point when will we receive a backup of the site and the transfer of the domain?

OD: Go fuck yourself, tell the client they can sue me.

If the client is that terrible, wouldn't you want to hand them off to anyone willing to take them? I have never understood why developers and agencies try to hold clients hostage by keeping their domain or website and refusing access. From what I can tell this is a freelance developer without a real company so a legal battle likely isn't going to go well since the domain is worthless to him as the copyright to the name is owned by the client. This isn't the first time we've had to help clients through this sort of thing.

Impossible deadline experience?
A few, but this one is more recent (and not mine, yet)

Company has plans to build a x hundred thousand square feet facility (x = 300, 500, 800 depending on the day and the VP telling the story)

1. Land is purchased, but no infrastructure exists (its in a somewhat rural area, no water or sewage capable of supporting such a large facility)
2. No direct architectural plans (just a few random ideas about layout, floor plans, parking etc)
3. Already having software dev meetings in attempt to 'fix' all the current logistical software issues we have in the current warehouse and not knowing any of the details of the new facility.

One morning in our stand-up, the mgr says

Mgr: "Plans for the new warehouse are moving along. We hope to be in the new building by September."
Me: "September of 2022?"
<very puzzled look>
Mgr: "Um, no. Next year, 2021"
Me: "That's not going to happen."
Mgr: "I was just in a meeting with VP-Jack yesterday. He said everything is on schedule."
Me: "On schedule for what?"
<I lay out some of the known roadblocks from above, and new ones like the political mess we will very likely get into when the local zoning big shots get involved>
Mgr: "Oh, yea, those could be problems."
Me: "Swiiiiishhhhh"
Mgr: "What's that?"
Me: "That's the sound of a September 2021 date flying by."
Mgr: "Funny. Guess what? We've been tasked with designing the security system. Overhead RFID readers, tracking, badge scans, etc. Normally Dan's team takes care of facility security, but they are going to be busy for a few weeks for an audit. Better start reaching out to RFID vendors for quotes. Have a proposal ready in a couple of weeks."
Me: "Sure, why not."

what kind of dumb fuck you have to be to get the react js dev job in company that has agile processes if you hate the JS all the way along with refusing to invest your time to learn about shit you are supposed to do and let's add total lack of understanding how things work, specifically giving zero fucks about agile and mocking it on every occasion and asking stupid questions that are answered in first 5 minutes of reading any blog post about intro to agile processes? Is it to annoy the shit out of others?

On top of that trying to reinvent the wheels for every friggin task with some totally unrelated tech or stack that is not used in the company you work for?

and solution is always half-assed and I always find flaw in it by just looking at it as there are tons of battle-tested solutions or patterns that are better by 100 miles regarding ease of use, security and optimization.

classic php/mysql backend issues - "ooh, the java has garbage collector" - i don't give a fuck about java at this company, give me friggin php solution - 'ooh, that issue in python/haskel/C#/LUA/basically any other prog language is resolved totally different and it looks better!' - well it seems that he knows everything besides php!

Yeah we will change all the fucking tech we use in this huge ass app because your inability to learn to focus on the friggin problem in the friggin language you got the job for.

Guy works with react, asked about thoughts on react - 'i hope it cease to exists along with whole JS ecosystem as soon as possible, because JS is weird'. Great, why did you fucking applied for the job in the first place if it pushes all of your wrong buttons!

Fucking rockstar/ninja developers! (and I don't mean on actual 'rockstar' language devs).

Also constantly talks about game development and we are developing web-related suite of apps, so why the fuck did you even applied? why?

I just hate that attitude of mocking everything and everyone along with the 'god complex' without really contributing with any constructive feedback combined with half-assed doing something that someone before him already mastered and on top of that pretending that is on the same level, but mainly acting as at least 2 levels above, alas in reality just produces bolognese that everybody has to clean up later.

When someone gives constructive feedback with lenghty argument why and how that solution is wrong on so many levels, pulls the 'well, i'm still learning that' card.

If I as code monkey can learn something in 2 friggin days including good practices and most of crazy intricacies about that new thing, you as a programmer god should be able to learn it in 2 fucking hours!

Fucking arrogant pricks!

I wrote an auth today.

Without frameworks. Without dependencies. Without under-the-hood magic. Without abstract pluggable adaptor modules for the third-party auth library with 63 vulnerabilities and 1252 GitHub issues. Without security vulnerabilities showing up in NPM log. Without dependency of a dependency of a dependency using md5 and Math.random() under the hood for historical reasons, and now we're fucked, because this is the only lib for our framework, and we have no time to write our own replacement. Without all that shit.

Rock-solid, on top of scrypt. Stateless and efficient.

It felt amazing.

Look, I get it. Wordpress sucks. It’s bloated. It’s slow. It’s not elegant. It’s a nightmare to debug and code for. The plugin ecosystem is an insecure, confusing mess of outdatedness and issues.

We can all agree that in a perfect world all power to determine everything about a website, from the code to the content, would be in our power as developers. But we don’t live in a perfect world. People want convenience, even at the cost of performance and security, and they will inevitably resent technologists who refuse to give it to them. We do ourselves and our customers a disservice when we only do what we feel is in our own best interests or preferences and not what will help them with their realities.

Yes, it sucks. Yes, it’s a pain. Yes, it’s in demand and there’s nothing any of us can do to change that.

And that’s all I have to say about that.

Every single stakeholder in my company tells me that I should be working on something different, every time I talk to them. For example - we've got some issues, that I've ranted on previously. I go to my manager, and tell him that it's going to take longer than I'd hoped, because the author of this part of the codebase wasn't familiar with functional programming or OOP, didn't document anything, and just generally produced an unmaintainable, borderline indescribable mess. The next guy after him made it all so much worse, because they're both a couple of tryhard douchebags, and I hope they fucking die. For real. I hope fire ants are involved.

Anyway, getting carried away there, whew. So I tell my manager that we'd be further ahead just replacing the code, because it's only doing a couple of things, and should not be so complex. He says "cool, but what you really need to be doing is rebuilding this other thing." So I switch gears and work on that other thing until I hit a point that requires the input of another stakeholder. I go to talk to this guy, and all hell breaks loose "why are you working on that, this is higher priority", and I explain the sequence of events. Manager denies having said what he said, I look like an asshole, yet again. Then the old "this should be simple, just change this" from the dudes who don't know code, and don't want to know. I try to explain, offer to show them precisely why their "simple ask" is anything but, but they just start screaming about how they hate technology. Yeah, well me fucking too. I keep hearing about how much "job security" I have, but man I'm going to lose my mind at this rate. I have seventeen motherfucking things that are "emergencies", and as many fucking dumb ass unintuitive workflows to go through to get them changed. All on production, because this place is fucking stupid. Just let me discard this shitty legacy code and be done with it already. FUCK.

Thank fucking fuck it's friday. In about six, seven hours, my goal is to be so fucking wasted that I can't feel my face. Get drunk, play with the dog, install a new distro on the desktop, maybe play a little guitar (the guitar is normal sized. It's not a ukulele or anything). Perfect friday night.

Sorry to keep whining about my stupid fucking job, but y'all, I think I'm nearing my limit.

There's some good...I am pretty much free to resolve issues any way I want to, as the only other person in the company who "codes" only knows one old ass language that doesn't apply to 90% of the rest of the tech stack at all, and some SQL - all of that to say, we may disagree, but ultimately, these matters are always deferred to me at the end of the day, insofar as the actual implementation goes (which is to say I am not micromanaged). At least as far as non-visuals are concerned, because those of course, are the most important things. Button colors and shit, woo hoo**. That's what we should focus on as we're bringing in potentially millions of dollars per month - the god damn button color and collapsible accordions based on data type over the shit ass DB performance bottleneck, the lack of redundancy or backups (aside from the one I made soon after I started -- literally saved everyone today because of that. My thanks? None, and more bullshit tasks) or the 300GB+ spaghetti code nightmare that is the literal circulatory system of the FUCKING COMPANY. Hundreds of people depend on it for their livelihoods, and those of their families, but fuck me in the face, right? I'm just a god damn nerd who has worked for the federal government, a handful of fortune 500's, a couple of fortune 100's, some startups, etc. But the fuck do I know about the lifecycle of companies?

I could continue ranting, but what's the point? I've got a nice little adage that I've started to live by, and y'all might appreciate it: "If everything is a priority/is important, nothing is". These folks just don't fucking get it. I'm torn because, on the one hand, they waste my time and kinda underpay me, in addition to forcing me to be onsite for 50 hours a week. They don't listen to me, couldn't give a flying shit about my experientially based opinions. I'm just a fucking chimp with a typewriter, there to take commands like a fucking waiter. But there's a lot of job security, assuming I don't fucking snap one day, and the job market for devs (I'm sure I don't need to tell you) is hostile atm. I'm also drinking far more than usual, and I really need to do something about that. It's only wednesday - I think...not 100% on that truth be told, and I logged my fourth trip to the liquor store this week already.

**Dear backenders - don't ever learn front end, or if you do, just lie about it to avoid being designated full stack. It's not worth it.

Have you ever had the moment when you were left speechless because a software system was so fucked up and you just sat there and didn't know how to grasp it? I've seen some pretty bad code, products and services but yesterday I got to the next level.

A little background: I live in Europe and we have GDPR so we are required by law to protect our customer data. We need quite a bit to fulfill our services and it is stored in our ERP system which is developed by another company.

My job is to develop services that interact with that system and they provided me with a REST service to achieve that. Since I know how sensitive that data is, I took extra good care of how I processed the data, stored secrets and so on.

Yesterday, when I was developing a new feature, my first WTF moment happened: I was able to see the passwords of every user - in CLEAR TEXT!!

I sat there and was just shocked: We trust you with our most valuable data and you can't even hash our fuckn passwords?

But that was not the end: After I grabbed a coffee and digested what I just saw, I continued to think: OK, I'm logged in with my user and I have pretty massive rights to the system. Since I now knew all the passwords of my colleagues, I could just try it with a different account and see if that works out too.

I found a nice user "test" (guess the password), logged on to the service and tried the same query again. With the same result. You can guess how mad I was - I immediately changed my password to a pretty hard.

And it didn't even end there because obviously user "test" also had full write access to the system and was probably very happy when I made him admin before deleting him on his own credentials.

It never happened to me - I just sat there and didn't know if I should laugh or cry, I even had a small existential crisis because why the fuck do I put any effort in it when the people who are supposed to put a lot of effort in it don't give a shit?

It took them half a day to fix the security issues but now I have 0 trust in the company and the people working for it.
So why - if it only takes you half a day to do the job you are supposed (and requires by law) to do - would you just not do it? Because I was already mildly annoyed of your 2+ months delay at the initial setup (and had to break my own promises to my boss)?

By sharing this story, I want to encourage everyone to have a little thought on the consequences that bad software can have on your company, your customers and your fellow devs who have to use your services.
I'm not a security guy but I guess every developer should have a basic understanding of security, especially in a GDPR area.

Right.. I spent the hours leading up to the year change by adding a YouTube to MP3 downloader into my Telegram bot. After a bit of fiddling it turned out okay, and the commit for it was mentioned to the last for the year 2020.

I mentioned this in one of my chats, and users came in with more issues. Told them it's the last commit for the year and I'll keep myself to it. I did adjust the code a bit though to fix those issues, awaiting a commit after midnight.

Midnight passes and 2020 turns into 2021.

I commit the new features, and quickly implemented another one I already thought of as well, but needed its own commit.

Quickly afterwards it turns out that the /mp3 feature actually breaks the bot somewhat, especially on long tracks. Users add a slew of 10h songs into what essentially became a long queue of single-threaded bot action (or rather lack thereof).

I made the /mp3 command accessible to myself only like I did with some other administrative commands already. Still no dice, the bot rejected the commands but executed part of the /mp3 command anyway.

I look a bit further into the code and it turns out that while I was restructuring some functions, I forgot to make the admin() function exit the script after it sends the rejection onwards. This was a serious security issue and meant that all authentication was void. Fortunately the chat did not realize this - one of the commands that became available as a result was literally a terminal on the bot's system.

I fix the issue in 7 commits after midnight total, 3 of which were related to /mp3 and admin(). We're now 1 hour after midnight.

Happy New Year everyone... :')

Not a dev!rant,/but certainly a rant. Long post ahead.

First of all I MISSED YOU ALL

Had my fair issues of shit these months. And for that, FUCK EVERYTHING. End of rant for now. I am still managing somehow to do - slowly as fuck, but who cares at this point - like finally going to uni, finding a psychologist and not a psycho, unraveling a fuckton of previous trauma (hi abuse) and ~drums~ buying my new desktop! Not exactly a nasa server but a middish level workstation/gaming place. I am shopping right now. The previous days have been shaky with all the flashback business and emotional rollercoaster of death, but I feel like going the right way somehow. Is it true? Who knows! But after enduring several issues of suicide planning and luckily only one serious-bugged attempt epically hilariously failed, the slightest hope is a victory. I like p2p, so feel free to torrent and seed this little joy. If it is mine it can be yours. Take it!

Also, you know how much autistic I am, but I'd really like to make some friends. I make attempts but honestly I am awkward errrr.... I don't know how many dude/ttes I can count on. For friend I mean simply someone that honestly likes me somehow, is loyal, and has interest in sharing they like to do or think! (And if they want to give me tips on security/sysadmin/dev stuff, even better, but not required obviously).

Also, I may have some projects in mind. Will publish in the projects section when the roughest idea is finished.

Maybe I deserve an updoot. In real life.
(Which is also here....)

🎶🎶🎶🎶

Security Issues with Chrome:
My dad was just saying that his work wouldn't let him use Google Chrome because of its supposed 'security issuse'. Just wondered if anyone knew of any real 'security issuse' with chrome that are legitimate? Or is it all just rumours...

I don't know why is that everytime you guys find a security bug or a data leak or that someone is saving plain passwords on their database, you try to cover and censor the company name. Listen people, fuck the company and their name and their brand if someone's data might be in danger. Everybody should be aware of what is happening with their personal information.

Also, maybe would be great if devRant would let users to post anonymous rants for this kind of issues or a special thread with latest news about our online security.

In a universe where JavaScript was never invented, the world of programming might look vastly different. Perhaps another programming language would have taken its place, or multiple languages would have coexisted in a more harmonious ecosystem.

Without the challenges posed by JavaScript, web development may have been smoother and more streamlined. Websites could have been faster and more responsive, without the need for complex optimization techniques. There might have been fewer security vulnerabilities to worry about, and the web could have been a safer place for users.

In this utopian world, developers would have had more time to focus on building great user experiences and innovative features, rather than battling with cross-browser compatibility issues and JavaScript quirks. The internet would have been a more accessible and inclusive place, with fewer barriers to entry for those who want to build and create.

Overall, a world without the horrors of JavaScript would have been a world with less frustration and more possibilities.

(Fooling around with ChatGPT)

1. It's gonna be more and more specialized - to the point where we'll equal or even outdo the medical profession. Even today, you can put 100 techs/devs into a room and not find two doing the same job - that number will rise with the advent of even more new fields, languages and frameworks.

2. As most end users enjoy ignoring all security instructions, software and hardware will be locked down. This will be the disadvantage of developers, makers and hackers equally. The importance of social engineering means the platform development will focus on protecting the users from themselves, locking out legitimate tinkerers in the process.

3. With the EU getting into the backdoor game with eTLS (only 20 years after everyone else realized it's shit), informational security will reach an all-time low as criminals exploit the vulnerabilities that the standard will certainly have.

4. While good old-fashioned police work still applies to the internet, people will accept more and more mass surveillance as the voices of reason will be silenced. Devs will probably hear more and more about implementing these or joining the resistance.

5. We'll see major leaks, both as a consequence of mass-surveillance (done incompetently and thus, insecurely) and as activist retaliation.

6. As the political correctness morons continue invading our communities and projects, productivity will drop. A small group of more assertive devs will form - not pretty or presentable, but they - we - get shit done for the rest.

7. With IT becoming more and more public, pseudo-knowledge, FUD and sales bullshit will take over and, much like we're already seeing it in the financial sector, drown out any attempt of useful education. There will be a new silver-bullet, it will be useless. Like the rest. Stick to brass (as in IDS/IPS, Firewall, AV, Education), less expensive and more effective.

8. With the internet becoming a part of the real life without most people realizing it and/or acting accordingly, security issues will have more financial damages and potentially lethal consequences. We've already seen insulin pumps being hacked remotely and pacemakers' firmware being replaced without proper authentication. This will reach other areas.

9. After marijuana is legalized, dev productivity will either plummet or skyrocket. Or be entirely unaffected. Who cares, I'll roll the next one.

10. There will be new JS frameworks. The world will turn, it will rain.

They tell me to only review security in the security reviews I'm doing (and if I bring to attention that they're implementing a weak encryption so even though they're not using it at the moment it might cause issues so be careful with that they say to only review security 😵) and then I see this mssql in a where:
AND ISNULL(field, 0) IS NULL
And I think wtf, should I report that? I did and it's a bug and they're thanking me now....
God dammit it's hard to "review security" here...

(Warning: This rant includes nonsense, nightposting, unstructured thoughts, a dissenting opinion, and a purposeless, stupid joke in the beginning. Reader discretion is advised.)

honestly the whole "ARM solves every x86 problem!" thing doesn't seem to work out in my head:

- Not all ARM chips are the same, nor are they perfectly compatible with each other. This could lead to issues for consumers, for developers or both. There are toolchains that work with almost all of them... though endianness is still an issue, and you KNOW there's not gonna be an enforced standard. (These toolchains also don't do the best job on optimization.)

- ARM has a lot of interesting features. Not a lot of them have been rigorously checked for security, as they aren't as common as x86 CPUs. That's a nightmare on its own.

- ARM or Thumb? I can already see some large company is going to INSIST AND ENFORCE everything used internally to 100% be a specific mode for some bullshit reason. That's already not fun on a higher level, i.e. what software can be used for dev work, etc.

- Backwards compatibility. Most companies either over-embrace change and nothing is guaranteed to work at any given time, or become so set in their ways they're still pulling Amigas and 386 machines out of their teeth to this day. The latter seems to be a larger portion of companies from what I see when people have issues working with said company, so x86 carryover is going to be required that is both relatively flawless AND fairly fast, which isn't really doable.

- The awkward adjustment period. Dear fuck, if you thought early UEFI and GPT implementations were rough, how do you think changing the hardware model will go? We don't even have a standard for the new model yet! What will we keep? What will we replace? What ARM version will we use? All the hardware we use is so dependent on knowing exactly what other hardware will do that changing out the processor has a high likelihood of not being enough.

I'm just waiting for another clusterfuck of multiple non-standard branching sets of PCs to happen over this. I know it has a decent chance of happening, we can't follow standards very well even now, and it's been 30+ years since they were widely accepted.

I really don't understand this particular Government Department's IT Unit. They have a system and network to maintain except:

- They don't have a DBA
- They don't have a dedicated Network Engineer or Security Staff
- Zero documentation on all of the systems that they are taking care of (its all in each assigned particular staff's brain they said)
- Unsure and untested way of restoring a backup into a system
- Server passwords are too simple and only one person was holding this whole time and its to an Administrator account. No individual user account.
- System was developed by an in-house developer who is now retired and left very little documentation on its usage but nothing on how its setup.

But, the system has been up and operational for the past 20 years and no major issues whatsoever with the users using it. I mean its a super simple system setup from the looks of it.

1 App Server connected to 1 DB Server, to serve 20-30 users. But it contains millions of records (2GB worth of data dump). I'm trying to swing to them to get me on a part time work to fix these gaps.

God save them for another 20 years.

Boss: not upgrading Angular v1 or rewriting everything on the modern tech stack.

But we need to resolve all the security issues we're getting flagged on.

¯\_(ツ)_/¯

On Friday afternoon, i got an e-mail from the IT manager of the company I'm working for.

"Due to security issues we have been forced to stop the server you deployed"

Today, on Monday morning, i got a message from the director saying LITERALLY NOBODY CAN ACCESS THE SYSTEM

I wonder what it could be.

Pm orders me to integrate data from several closed systems into a new CRM, problem is... corporate security won't allow me to push data between these networks as there are extremely sensitive data on these systems. So I disobey PM or corporate if I do it and ive told both the issues. 4th round with this exact issue now.

I need guidance about my current situation.
I am perfectionist believing in OOP, preventing memory leak in advance, following clean code, best practices, constantly learning about new libraries to reduce custom implementation & improve efficiency.
So even a single bad variable name can trigger my nerves.

I am currently working in a half billion $ IT service company on a maintenance project of 8 year old Android app of security domain product of 1 of the top enterprise company of the world, which sold it to the many leading companies in the world in Govt service, banking, insurance sectors.

It's code quality is such a bad that I get panic attacks & nightmares daily.

Issues are like
- No apk obfuscation, source's everything is openbook, anybody can just unzip apk & open it in Android Studio to see the source.
- logs everywhere about method name invoked,
- static IV & salt for encryption.
- thousands of line code in God classes.
- Irrelevant method names compared to it's functionality.
- Even single item having list takes 2-3 seconds to load
- Lag in navigation between different features' screens.
- For even single thing like different dimension values for different density whole 100+ lines separate layout files for 6 types of densities are written.
- No modularized packages, every class is in single package & there are around 100+ classes.

Owner of the code, my team lead, is too terrified to change even single thing as he don't have coding maturity & no understanding of memory leak, clean code, OOP, in short typical IT 'service' company mentality.

Client is ill-informed or cost-cutting centric so no code review done by them in 8 years.

Feeling much frustrated as I can see it's like a bomb is waiting to blast anytime when some blackhat cracker will take advantage of this.

Need suggestions about this to tackle the situation.

If you could have a list of ALL bugs in your system, would you want it?

Like a document of hundreds of pages filled with everything that could possibly go wrong which would include both huge missed security problems and little mistakes that will never have any impact in this universe?

I would really like to have such a list. But I think a lot of people would sleep better at night not having to worry about hundreds of small issues.

When the CTO/CEO of your "startup" is always AFK and it takes weeks to get anything approved by them (or even secure a meeting with them) and they have almost-exclusive access to production and the admin account for all third party services.

Want to create a new messaging channel? Too bad! What about a new repository for that cool idea you had, or that new microservice you're expected to build. Expect to be blocked for at least a week.

When they also hold themselves solely responsible for security and operations, they've built their own proprietary framework that handles all the authentication, database models and microservice communications.

Speaking of which, there's more than six microservices per developer!

Oh there's a bug or limitation in the framework? Too bad. It's a black box that nobody else in the company can touch. Good luck with the two week lead time on getting anything changed there. Oh and there's no dedicated issue tracker. Have you heard of email?

When the systems and processes in place were designed for "consistency" and "scalability" in mind you can be certain that everything is consistently broken at scale. Each microservice offers:

1. Anemic & non-idempotent CRUD APIs (Can't believe it's not a Database Table™) because the consumer should do all the work.
2. Race Conditions, because transactions are "not portable" (but not to worry, all the code is written as if it were running single threaded on a single machine).
3. Fault Intolerance, just a single failure in a chain of layered microservice calls will leave the requested operation in a partially applied and corrupted state. Ger ready for manual intervention.
4. Completely Redundant Documentation, our web documentation is automatically generated and is always of the form //[FieldName] of the [ObjectName].
5. Happy Path Support, only the intended use cases and fields work, we added a bunch of others because YouAreGoingToNeedIt™ but it won't work when you do need it. The only record of this happy path is the code itself.

Consider this, you're been building a new microservice, you've carefully followed all the unwritten highly specific technical implementation standards enforced by the CTO/CEO (that your aware of). You've decided to write some unit tests, well um.. didn't you know? There's nothing scalable and consistent about running the system locally! That's not built-in to the framework. So just use curl to test your service whilst it is deployed or connected to the development environment. Then you can open a PR and once it has been approved it will be included in the next full deployment (at least a week later).

Most new 'services' feel like the are about one to five days of writing straightforward code followed by weeks to months of integration hell, testing and blocked dependencies.

When confronted/advised about these issues the response from the CTO/CEO
varies:

(A) "yes but it's an edge case, the cloud is highly available and reliable, our software doesn't crash frequently".
(B) "yes, that's why I'm thinking about adding [idempotency] to the framework to address that when I'm not so busy" two weeks go by...
(C) "yes, but we are still doing better than all of our competitors".
(D) "oh, but you can just [highly specific sequence of undocumented steps, that probably won't work when you try it].
(E) "yes, let's setup a meeting to go through this in more detail" *doesn't show up to the meeting*.
(F) "oh, but our customers are really happy with our level of [Documentation]".

Sometimes it can feel like a bit of a cult, as all of the project managers (and some of the developers) see the CTO/CEO as a sort of 'programming god' because they are never blocked on anything they work on, they're able to bypass all the limitations and obstacles they've placed in front of the 'ordinary' developers.

There's been several instances where the CTO/CEO will suddenly make widespread changes to the codebase (to enforce some 'standard') without having to go through the same review process as everybody else, these changes will usually break something like the automatic build process or something in the dev environment and its up to the developers to pick up the pieces. I think developers find it intimidating to identify issues in the CTO/CEO's code because it's implicitly defined due to their status as the "gold standard".

It's certainly frustrating but I hope this story serves as a bit of a foil to those who wish they had a more technical CTO/CEO in their organisation. Does anybody else have a similar experience or is this situation an absolute one of a kind?

I reached out to a developer who's site was being contracted out to Amazon devs, because when their site launched it had a couple of security issues. This was his response:

"An additional thought/opinion... Just because a college freshman from Arizona wasn't too hungover to make the effort to notify us and take the liberty of classifying this as a security issue for us doesn't mean we need to take their word for it."

Bug is not fixable

I get these as I have to submit security issues as bugs and then help whoever is in charge of the fixing find and implement a good solution. But apparently , nope . In some devs opinion , sqli issues are not fixable .

So working for a company and the dev team I’m apart of works on a legacy rails app. Technical debt is high, no automated tests, no proper routing and also running unsupported versions of the language.

I joined seven months ago and got the current team doing automated testing so that’s a plus, they bought this app four years ago and there’s been no language updates, testing, cleanup, security updates, nothing, just adding to bad code.

Now we’re looking to actually upgrade language versions, the language and the framework now this will cause a lot of stuff to break naturally due to how outdated it is.

So I started putting proper routes into place how things should of been when things were being built as we have some spare time I decided to go out of my way to clear up some of the technical debt to get ahead of the curb. Re-done an entire section of the app, massive speed improvements, better views, controller, model, comment clean up and everything exactly how it should be.

I push the PR,
*other dev* - “why are we doing all of these other changes”
*me* - “well to implement routes properly, we have to use the new routes I just did some extra cleanup along the way”
*today, me* - “can you lend me a hand with one of the routes the ID isn’t getting passed”
*today, other dev* - “this wouldn’t of happened if you didn’t redo all these files, let’s just scrap the changes”
…

Sooo, I’ve spend three weeks improving one section in the app, because I’m having issues with one route according to this dev I should scrap it? Wait come again, am I the only one in this team who cares about making this app better all round?

Frustrating…

Question - my field is information security (or cyber security if you want to think of me as a time lord), but I wanted to know;
Front end and back Devs, how much time do you spend on security issues and/or implementing security measures?

My work product: Or why I learned to get twitchy around Java...

I maintain a Java based test system, that tests a raster image processor. The client is a Java swing project that contains CORBA bindings to the internal API of the raster image processor. It also has custom written UI elements and duplicated functionality that became available in later versions of Java, but because some of the third party tools we use don't work with later versions of Java for some reason, it's not possible to upgrade Java to gain things as simple as recursive directory deletion, yes the version of Java we have to use does not support something as simple as that and custom code had to be written to support it.

Because of the requirement to build the API bindings along with the client the whole application must be built with the raster image processor build chain, which is a heavily customised jam build system. So an ant task calls out to execute a jam task and jam does about 90% of the heavy lifting.

In addition to the Java code there's code for interpreting PostScript files, as these can be used to alter the behaviour of the raster image processor during testing.

As if that weren't enough, there's a beanshell interface to allow users to script the test system, but none of the users know Java well enough to feel confident writing interpreted Java scripts (and that's too close to JavaScript for my comfort). I once tried swapping this out for the Rhino JavaScript interpreter and got all the verbal support in the world but no developer time to design an API that'd work for all the departments.

The server isn't much better though. It's a tomcat based application that was written by someone who had never built a tomcat application before, or any web application for that matter and uses raw SQL strings instead of an orm, it doesn't use MVC in any way, and insane amount of functionality is dumped into the jsp files.

It too interacts with a raster image processor to create difference masks of the output, running PostScript as needed. It spawns off multiple threads and can spend days processing hundreds of gigabytes of image output (depending on the size of the tests).

We're stuck on Tomcat seven because we can't upgrade beyond Java 6, which brings a whole manner of security issues, but that eager little Java updated will break the tool chain if it gets its way.

Between these two components we have the Java RMI server (sometimes) working to help generate image data on the client side before all images are pulled across a UNC network path onto the server that processes test jobs (in PDF format), by reading into the xref table of said PDF, finding the embedded image data (for our server consumed test files are just flate encoded TIFF files wrapped around just enough PDF to make them valid) and uses a tool to create a difference mask of two images.

This tool is very error prone, it can't difference images of different sizes, colour spaces, orientations or pixel depths, but it's the best we have.

The tool is installed in both the client and server if the client can generate images it'll query from the server which ones it needs to and if it can't the server will use the tool itself.

Our shells have custom profiles for linking to a whole manner of third party tools and libraries, including a link to visual studio 2005 (more indirectly related build dependencies), the whole profile has to ensure that absolutely no operating system pollution gets into the shell, most of our apps are installed in our home directories and we have to ensure our paths are correct for every single application we add.

And... Fucking and!

Most of the tools are stored as source bundles in a version control system... Not got or mercurial, not perforce or svn, not even CVS... They use a custom built version control system that is built on top of RCS, it keeps a central database of locked files (using soft and hard locks along with write protecting the files in the file system) to ensure users can't get merge conflicts by preventing other users from writing to the files at all.

Branching is heavy weight and can take the best part of a day to create a new branch and populate the history.

Gathering the tools alone to build the Dev environment to build my project takes the best part of a week.

What should be a joy come hardware refresh year becomes a curse ("Well fuck, now I loose a week spending it setting up the Dev environment on ANOTHER machine").

Needless to say, I enjoy NOT working with Java. A lot of this isn't Javas fault, but there's a lot of things that Java (specifically the Java 6 version we're stuck on) does not make easy.

This is why I prefer to build my web apps in python or node, hell, I'd even take Lua... Just... Compiling web pages into executable Java classes, why? I mean I understand the implementation of how this happens, but why did my predecessor have to choose this? Why?

Smart contact lenses and the appropriate software. It would be the ultimate AR experience. I have no idea how to produce them, as they would need to be super high resolution, lag free, completely wirelessly powered and connected, safe to use and to wear and useable 24/7.
My current concept is a ultrabook sized block that can be taken around in a backpack.
Oh and wireless handoff ...
meaning everything I grab and throw in your general direction becomes available to you, kind off like they do it in Avatar. This should also work with PCs, tablet and everything else.
Speaking of grabbing you would also need some kind of minority report glove so every bit of hand movement can be tracked precisely. But probably a bit more elegant meaning only small stickers on the back of your hand.
Did I mention that sharing stuff should enable working together on the same object in real-time?
Also this system should integrate seamlessly with a smart environment, meaning looking at the light, opening its context menu and changing its brightness or colour should be no effort at all.
And of course all of it should be open source, highly scalable and either hosted on public infrastructure (funded by taxes or smt) or by each individual for himself to protect his or her privacy.
So who is with me?

On the topic of having to make decisions as a dev that shouldn’t be made (solely, at least) by devs…

There’s a lot to like in my current work environment: I enjoy being around my colleagues, I get to do a variety of tasks, and many of them interesting to me and/or great learning opportunities, the pay doesn’t suck and so on… there’s also not much pressure put on the dev team from other parts of the organisation. The flipside of the coin is that nobody who should express some kind of vision as to how we should develop the product further does so.

Me and my fellow devs in the team are so frustrated about it. It feels like we’re just floating around, doing absolutely nothing meaningful. It’s as if the business people just don’t care. And we are the ones ending up deciding what features to develop and what the specs are for those etc. and I really don’t think we should be the ones doing that.

One would think that’s a great opportunity to work on refactoring, infrastructure, security and process improvements and so on - but somehow we get bothered just enough by mundane issues we can’t get to work on those effectively. Also, many of the things we’d want to do would need sign-off from the management, but they are not responsive really. Just not there. Except for our TM, but they don’t have the power neccessary… at least they are trying tho…

I am a web-dev wannabe marketing person. I was locked up in mental ward twice because I often get paranoid way too much about security issues that might never happened to me. Last time I even refused to use hexcode because I believed that my computer is being used for someone's crypto mining. I am still scared of node.js,CDN and googlefont or TIFF, pdf files, and many other things that I don't understand perfectly.

It's always breathtaking, cliffhanging, and thrilling session when I'm working on something with my computer. My heartbeat gets faster, my palms gets sweaty when I start to type <script>. It's like when you watch horror movie, or wearing seatbelt on roller coaster before the session begins. You are frightened but excited at the same time. 🤤

Whelp, I made the switch to android about a week ago. Didn't go two days without getting malware on it. I only browse hacker news and used devRant, standard messaging app, no root, so no shady things, just fairly standard things besides devRant. When I called Samsung support, they said it was a known issue and sent me some links to some forums where people were having the same issues. After digging through those threads, there was an official answer from Samsung saying they weren't going to fix the issue (at least in any foreseeable future). That's unacceptable for a phone that was released less than a year ago.

I'm done with Samsung phones for good. I might come back to Android on a google phone.

I hate how Android is distributed and the manufacturers don't take ownership of their issues. They just work on the new phone without caring for anything older than 6 months. If I had to get a new phone every time a major security issue was found and the company refused to fix it, I'd spend more money than on an iPhone.

It seems like Google keeps their devices up to date better, presumably because they have better control of OS releases. But non-google Android devices are dead to me.

Back to my iPhone for now...

🎵sad Charlie Brown music🎵

Spent three days banging my head against my desk trying to get an AWS Lambda function to work, only to finally discover that my code was perfectly functional and it was a security group problem. It was supposed to send a POST request to a load balancer's URL but couldn't resolve the hostname because the security group blocked a necessary outbound port for DNS requests.

That's what I get for not troubleshooting at the infrastructure level when experiencing connection issues. I did not spend two years doing tech support just to forget basic troubleshooting steps now that I'm in the DevOps field...

So I decided to install a third OS on my laptop and oh boy, I never thought I'd have to deal with so many issues!

First, I had to make space for the new OS, so I did the only feasible thing - Shrunk a windows partition (Used for gaming only), then installed the third OS into it. (For clarification, one OS was Windows, the second Debian for work and the new one was Kali for a course at school about security and ethical hacking)

Well... After I installed and tried out that the Kali worked... My Debian began to make problems. It would hang for almost a minute during start as it tried to mount a (for some reason) no longer existing Swap partition.

After it gave up and I found out... I, fortunately, fixed it after just a bit of googling. At least I learned to repack the ramfs.

It worked all fine and dandy... Only... My Debian now shared the swap with Kali.

Few weeks forward, last friday, I tried to boot up Kali at class... Only for it to... Stop at a black screen, weird.

Some minor detective work later, I found out nothing was... Wrong really.
But... For some mysterious reason, my complete GDM just.... No longer worked.

One LightDM and XFCE instal later (Thanks god that at least TTY still worked fine), it finally worked again, and this time, I booted back into Debian, shrunk the Kali partition a little more and dedicated it's own swap there. Setting and resetting everything, and finally had a working triple-boot laptop...

My only question is... Why?

Does sharing Swap really affect the system so much, besides hibernation ofc.

I've been programming for 15 years now or more if I count my years I programmed as a hobby. I'm mostly self learned. I'm working in an environment of a few developers and at least the same amount of other people (managers, sales, etc). We are creating Magento stores for middle sized businesses. The dev team is pretty good, I think.

But I'm struggling with management a lot. They are deciding on issues without asking us or even if I was asked about something and the answer was not what they expect, they ask the next developer below me. They do this all the way to Junior. A small example would be "lets create a testing site outside of deployment process on the server". Now if I do this, that site will never be updated and pose a security risk on the server for eternity because they would forget about it in a week. Adding it to our deployment process would take the same time and the testing site would benefit from security patches, quick deployment without logging in to the server, etc. Then the manager just disappears after hearing this from me. On slack, I get a question in 30 minutes from a remote developer about how to create an SSH user for a new site outside of deployment. I tell him the same. Then the junior gets called upstairs and ending up doing the job: no deployment, just plain SSH (SFTP) and manually creating the database. I end up doing it but He is "learning" how to do it.

An other example would be a day I was asked what is my opinion about Wordpress. We don't have any experience with Wordpress, I worked with Drupal before and when I look at a Wordpress codebase, I'm getting brain damage. They said Ok. The next day, comes the announcement that the boss decided to use Wordpress for our new agency website. For his own health and safety, I took the day off. At the end, the manager ended up hiring an indian developer who did a moderately fair job. No HiDPI sprites, no fancy SASS, just plain old CSS and a simple template. Lightyears worse than the site it was about to replace. But it did replace the old site, so now I have to look at it and identify myself part of the team. Best thing? We are now offering Wordpress development.

An other example is "lets do a quick order grid". This meant to be a table where the customer can enter SKU and quantity and they can theoretically order faster if they know the SKU already. It's a B2B solution. No one uses it. We have it for 2 sites now and in analytics, we have 5 page hits within 3 years on a site that's receiving 1000 users daily... Mostly our testing and the client looked at it. And no orders. I mean none, 0. I presented a well formatted study with screenshots from Analytics when I saw a proposal to a client to do this again. Guess what happened? Someone else from the team got the job to implement it. Happy client? No. They are questioning why no one is using it.

What would you do as a senior developer?

- Just serve notice and quit
- Try to talk to the boss (I don't see how it would work)
- Just don't give a shit

Best: complain about the security issues we had, later got the green light to fix them

Worst: at an intern my boss asked me to create some shady code... and I did it ... 😅

To update or not to update, that is the question.

To update: Cool new features, fixes, and security patches.

Not to update: to debug issues majority of techtard users will face in older versions.

rants[0] =

"tl;dr: the account creation process at salesforce.com is really flawed.

In a lecture we were supposed to try out different CRM tools, one of them was salesforce. They are the worlds largest CRM software provider - not relevant for the rant, but it means they should have enough $$$ and competence to make something better.

When you create your account, you do not set a password. Instead they send you an email with a link, serving both as account activation and for setting your password. However, if you close the tab without setting a password, your account is still activated and the link in the email won't work anymore.

Alright, rather annoying, but that's why you can reset your password via email, right? Wrong. When you try to reset your password, they prompt you with a security question. Even when you never set them up. And obviously can't give the right answer. Who designed this logic?

On top of that, they nicely tell you to contact your sys admin if you are still having issues. My account is private. Not associated with any company.

So yeah, burned 3 emails until I figured that out and created 3 accounts I can never access again.";

Facebook. Tell me about what you think of security issues. I’m all ears 👂

Best Cryptocurrency Recovery Company - Go to OMEGA CRYPTO RECOVERY SPECIALIST

OMEGA CRYPTO RECOVERY SPECIALIST is a reputable entity that offers top-quality services for cryptocurrency recovery, providing a lifeline to individuals who have fallen victim to theft or other mishaps in the digital currency realm.

Their expertise extends to accessing funds that are inaccessible due to security issues and employing advanced techniques for retrieving lost passwords, making them a reliable choice for those in need of assistance.

Webpage; omegarecoveryspecialist .c o m

I always hated in school computing lessons when the teachers pet students would snitch on you for getting around the school network stuff.

Many people in the lesson would always play games instead of doing what they were meant to. So the teacher turned off the internet in the room using the admin control stuff. Then when I found a way around it all so I could watch some educational YouTube videos, the stupid teachers pet would snitch on me. Luckily the teacher knew I wasn’t using it to mess around, always felt good when he said that I could access it because I’m the biggest security threat to the school.

Did you ever have issues with snitches in computing lessons?

Another 'fun' rant

Wrote a new server application and got the request from customer services to make it compatible with a slightly older DB version.

Today, CS asked me to install everything on the customer's test environment so I made a build and installed it there.

Wanted to run the service, no .Net framework 4.7.1 installed. Fine, download the installer ...

Start installing .Net framework 'unsupported OS'. Started looking into it. Customer is still running an old unsupported Windows Server 2008 ...

Asked some colleagues whether this was normal. Apparently, yes.

Seems CS isn't capable of telling customers to at least have a supported windows version when they want our software. As if security issues due to people here not understanding TCP/IP isn't enough, we now have security issues due to old, unsupported Windows versions.

Note to self: never trust anyone who says that 'security is the most important thing in our software enviornment'.

Things that annoy me about my current place:

1 - Only 3 people out of a team of 12 developers are allowed to purge akamai, or merge pull requests to master on any of our 200+ websites. Apparently this is because us contractors are not allowed because the permanent employees have to be accountable for the code.

Despite this, no-one actually reads the code. You just throw up a request in the slack channel and boom, instantly 30 seconds later someone approves it, even if its 500+ lines of code.

2 - I've pushed for us to move to agile instead of waterfall, and got declined (which is fine), but the reasoning was that the dev team are not 'mature enough' to work that way. Half the devs here have 5+ years of experience so I don't get the problem here.

3 - There is zero code reviewing process in place. I just watched as a developer's 300 line merge request was approved within 8 seconds of it going live. No-one is allowed to comment on the code review or suggest changes as this would 'slow down development'. Within that 300 line merge request were tons of css being aimlessly commented out, and invalid javascript (introducing both bugs and security issues) that were totally ignored.

What is your thoughts on these above points?

Am I too narrow minded or is the development manager clueless?

Took few weeks break from coding, social media and stuff like that. And holy cow things have changed. Over 9k new rants here, bunch of new js frameworks, Instagram got some security issues..
I'm just amazed.

So we have this year end goals thing at work and the managers pick the goals for us, we dont get to do it

My manager picks for me security topic, the items in that are as follows:- have training sessions, define web security standards, Ensure team follow standards, Identify issues with current implementations

I am damn developer, that's another fucking job!!!

a thing I heard from ops: installing this library update breaks how we manage updates. so let us not update. and use the old libraries that have security issues and don't work with code. we can not change our configuration management tool or update it either. because we have been using it for 15 years.

Hey all. So I'm a bit of an aspiring developer/engineer. I am in highschool right now and am getting to the point where I should start looking at colleges. Ive wanted to do something computer related and for a while now ive had my heart set on some sort of security engineer/tech/researcher what have you. But it has been pointed out to me that computer sciences often require several high level math courses namely Calc. Problem being I'm pretty bad at Calc and haven't been able to do too well.

I'm not too sure what I should do. I'm struggling with my highschool calc classes and and fear that college level course will just go over my head. Ive never had issues with math before until I got to Calc. Ive got some of the basics of cryptography such as hashes and cryptographic alorithms but thats about it. Do computer science degrees really rely that heavily on Calc?

Security issues I encountered:
- Passwords stored as plain text until last year.
- Sensitive data over http until last year.
- Webservice without user/pass authentication.

Gah, I just received this Ubuntu 18.04 VM with 8 cores and 8 gigs of ram, and since it'll be a production server both serving public and "private" networks (yes, shout at me, but projects won't be about hosting sensitive information, I wouldn't put all that on one server), and I'm struggling between my options.

Docker, or not docker?

The server's main use is to host our growing blog and install Varnish, which will hog some ram after a while. I use Laradock for my dev projets, it's really easy to develop with it, but I am unsure if it fits a production environment with performance, security and traffic load in mind :(

I read Docker has stability issues (in 2016-2017), and can bring the machine down with it, I don't know if I should just install the software (nginx, apache, percona/mysql/maria) without "containerizing" it and go for it

I'm lost xD

A philosophical question about maintenance/updating.

There is no need to repeat the reasons we need to update our dependencies and our code. We know them/ especially regarding the security issues.
The real question is , "is that indicates a failure of automation"?

When i started thinking about code, and when also was a kid and saw all these sci fi universes with robots etc, the obvious thing was that you build an automation to do the job without having to work with it anymore. There is no meaning on automate something that need constant work above it.

When you have a car, you usually do not upgrade it all the time, you do some things of maintance (oil, tires) but it keeps your work on it in a logical amount.
A better example is the abacus, a calculating device which you know it works as it works.

A promise of functional programming is that because you are based on algebraic principles you do not have to worry so much about your code, you know it will doing the logical thing it supposed to do.
Unix philosophy made software that has been "updated" so little compared to all these modern apps.
Coding, because of its changeable nature is the first victim of the humans nature unsatisfying.

Modern software industry has so much of techniques and principles (solid, liquid, patterns, testing that that the air is air) and still needs so many developers to work on a project.
I know that you will blame the market needs (you cannot understand the need from the start, you have to do it agile) but i think that this is also a part of a problem .
Old devices evolved at much more slow pace. Radio was radio, and still a radio do its basic functionality the same war (the upgrades were only some memory functionalities like save your beloved frequencies and screen messages).

Although all answers are valid, i still feel, that we have failed. We have failed so much. The dream of being a programmer is to build something, bring you money or satisfaction, and you are bored so you build something completely new.

!rant

Can anyone recommend me a good book or course to start learning spring framework 4??

Am tired of struggling with it, I have to
Work with the thing and I barely know what am doing most of time.

I managed to resolve a couple
Of spring security issues we had at
Work but that was through sheer dogged googling around, I want to spend some
Time learning it from Bottoms up...

I know its quite vast but what am going for is trying to learn the basics and a few of the most commonly used bits of the advanced portions then expanding my knowledge.

So any suggestions?

I hear spring in action 4 by craig wells
is nice but some reviews criticises it about not being appropriate for newbies like me.

So damn tired of silently screaming
"what the F*** is all this shit?!?" when am given spring related stuff to work on 😔

So as a personal project for work I decided to start data logging facility variables, it's something that we might need to pickup at some point in the future so decided to take the initiative since I'm the new guy.
I setup some basic current loop sensors are things like gas line pressures for bulk nitrogen and compressed air but decided to go with a more advanced system for logging the temperature and humidity in the labs. These sensors come with 'software' it's a web site you host internally. Cool so I just need to build a simple web server to run these PoE sensors. No big deal right, it's just an IIS service. Months after ordering Server 2019 though SSC I get 4 activation codes 2 MAK and 2 KMS. I won the lottery now i just have to download the server 2019 retail ISO and... Won't take the keys. Back to purchasing, "oh I can download that for you, what key is yours". Um... I dunno you sent me 4 Can I just get the link, "well you have to have a login". Ok what building are you in I'll drive over with a USB key (hoping there on the same campus), "the download keeps stopping, I'll contact the IT service in your building". a week later I get an install ISO and still no one knows that key is mine. Local IT service suggests it's probably a MAK key since I originally got a quote for a retail copy and we don't run a KMS server on the network I'm using for testing. We'll doesn't windows reject all 4 keys then proceed to register with a non-existent KMS server on the network I'm using for testing. Great so now this server that is supposed to connected to a private network for the sensors and use the second NIC for an internet connection has to be connected to the old network that I'm using for testing because that's where the KMS server seems to be. Ok no big deal the old network has internet except the powers that be want to migrate everything to the new more secure network but I still need to be connected to the KMS server because they sent me the wrong key. So I'm up to three network cards and some of my basic sensors are running on yet another network and I want to migrate the management software to this hardware to have all my data logging in one system. I had to label the Ethernet ports so I could hand over the hardware for certification and security scans.

So at this point I have my system running with a couple sensors setup with static IP's because I haven't had time to setup the DNS for the private network the sensors run on. Local IT goes to install McAfee and can't because it isn't compatible with anything after 1809 or later, I get a message back that " we only support up to 1709" I point out that it's server 2019, "Oh yeah, let me ask about that" a bunch of back and forth ensues and finally Local IT get's a version of McAfee that will install, runs security scan again i get a message back. " There are two high risk issues on your server", my blood pressure is getting high as well. The risks there looking at McAfee versions are out of date and windows Defender is disabled (because of McAfee).

There's a low risk issue as well, something relating to the DNS service I didn't fully setup. I tell local IT just disable it for now, then think we'll heck I'll remote in and do it. Nope can't remote into my server, oh they renamed it well that's lot going to stay that way but whatever oh here's the IP they assigned it, nope cant remote in no privileges. Ok so I run up three flights of stairs to local IT before they leave for the day log into my server yup RDP is enabled, odd but whatever let's delete the DNS role for now, nope you don't have admin privileges. Now I'm really getting displeased, I can;t have admin privileges on the network you want me to use to support the service on a system you can't support and I'm supposed to believe you can migrate the life safety systems you want us to move. I'm using my system to prove that the 2FA system works, at this rate I'm going to have 2FA access to a completely worthless broken system in a few years. good thing I rebuilt the whole server in a VM I'm planning to deploy before I get the official one back. I'm skipping a lot of the ridiculous back and forth conversations because the more I think about it the more irritated I get.

Now that the client comes to visit let's upgrade that library now so we can show in a presentation that we use the latest and greatest not 3 months ago when it fixed security issues...

!rant && dev

Before I dig deep and pick the minds on S/O, I'm trying to test an app (Cordova) on my wife's phone (Samsung/Android 7) - the feature I'm testing works fine on mine (Huawei/Android 8).

Where it seems to be faulty is making a WebSocket connection to my server - is there any known issues people are aware of? Recent security updates or something?

I'd jump straight on to USB debugging, but last time I tried to do this on Samsung, it simply failed to show up as a known device - tried loads of drivers...

I installed a linux distribution it's called Zorin, i installed the latest one (Zorin Core 17) for a client since Windows 7 was giving him a headache, it was a very old machine with 4GB RAM with a celeron cpu if i remember, i suggest i will install linux and you won't have more issues with wifi and the printer he said okay, I installed everything, printer was recognized immediately Libre office was installed wifi is connected, security updates are done

After 2 days, he sent me a voice message telling me hey what is this zorin? Zorin everywhere, it's like if I'm using someone else program,I have nothing to do with the espionage things, I want windows back, i was crying he made me laugh for a week, i enjoyed listening to his voice messages on WhatsApp, whenever i get upset i listen to him and get excited hahahahhaha espionage? Do you think he let it go? Every 2 days i receive a voice message complaining about Zorin and how i was spying on him hahaha I explained over and over how secure linux is and how Microsoft knows everything he does on his machine, after giving me a headache i sent a friend and he installed ms 7 back and i never heard of him again

Code with no clear architecture, no documentation, no coding standards, no tests, many security-issues, a lot of hardcoded stuff, written by people forced to use a completely new technology stack and messing up, of course.

But we are not allowed to change anything, of course.

We have to keep coding in that style and with the tools present in the project. For uniformity, of course.

I managed to work on that code for 2 years... Recently it dawned on me that I don't give a crap anymore.
I quit, of course.

Another hours wasted on debugging, on what I hate most about programming: strings!

Don't get me started on C-strings, this abomination from hell. Inefficient, error prone. Memory corruption through off by one errors, BSOD by out of bound access, seen it all. No, it's strings in general. Just untyped junk of data, undocumented formats. Everything has to be parsed back and forth. And this is not limited to our stupid stupid code base, as I read about the security issues of using innerHTML or having to fight CMake again.

So back to the issue this rant is about. CMake like other scripting languages as bash have their peculiarities when dealing with the enemy (i.e. strings), e.g. all the escaping. The thing I fought against was getting CMake's fixup_bundle work on macOS. It was a bit pesky to debug. But in the end it turned out that my file path had one "//" instead of an "/" and the path comparison just did a string comparison without path normalization.

Stop giving us enough string to hang ourselves!

48 hrs when I work on security issue fixes

We can’t use google sheets, cause of security risks.
(Okay...)

Not even for our showcase content.
Which is public.
The showcase content which goal of the company is to have seen by as many ppl as possible.
Cause security issues which may lead to the possibility of people seeing it.
Seeing the content we want them to see.

Roses are red
My dog ate my led
I may be going crazy
It would be so easy
If they used their head
Or at least fucking read

Edit: if any security expert can give me a valid explanation better than: “it’s the protocol” I am willing to accept I am wrong, but then the point is that they (colleagues) are dicks for not explaining

Anyone use docker in production handling monies and hundreds accounts? In Django in my case but doesnt matter the framework. More concerned with security and stability moving from paas to docker based paas. Worried I'll move everything to docker and end up moving back to vms bc of some issues or some vulnerability.

BEST BITCOIN RECOVERY COMPANY |CRYPTOCURRENCY RECOVEY HIRE CYBER CONSTABLE INTELLIGENCE

One evening on a Friday after work, I found myself in a terrifying situation. I had just finished a long week and was looking forward to unwinding over the weekend when I decided to check on my cryptocurrency holdings. To my horror, I discovered that my XRP had become trapped on a cryptocurrency exchange called Crypto change, which I later realized was operated by scammers. Crypto change had always seemed like a reliable platform, but now, under strict geopolitical restrictions, it had suddenly become impossible to access my funds. Every attempt to withdraw my XRP was blocked, and I was left helpless, with no way to recover my assets. The value of my XRP had grown to over $100,000, and the thought that it might be permanently out of my reach was overwhelming. Panic set in as I realized I had fallen victim to a fraudulent exchange, and all of my usual recovery methods seemed useless. Desperate for a solution, I reached out to Cyber Constable Intelligence, a firm known for its expertise in Cryptocurrency Recovery. I didn’t know what to expect, but I was willing to try anything at that point. From the moment I contacted them, I felt a sense of relief. The team at Cyber Constable Intelligence sprang into action immediately, understanding the severity of my situation. They knew that Crypto change wasn’t just an exchange with withdrawal issues, it was a scam designed to trap unsuspecting investors like me. However, they assured me they had the skills and experience to navigate this challenging scenario. The experts at Cyber Constable Intelligence quickly identified vulnerabilities in Crypto change's KYC (Know Your Customer) processes, weaknesses that the scammers had overlooked. They put together a detailed plan to exploit these gaps, enabling them to move my XRP to a secure wallet, bypassing the scam exchange’s restrictions. It wasn’t an easy task. The process took several weeks of careful, discreet work. The team had to balance security measures while avoiding detection from the exchange’s administrators. Throughout the recovery, I was kept informed of their progress, and their dedication was evident. In the end, their efforts paid off. My XRP, valued at $100,000, was safely moved from Crypto change to a secure wallet under my control. Thanks to the relentless effort and expertise of Cyber Constable Intelligence, I regained access to my trapped funds. The professionalism and skill they displayed in handling my case were extraordinary. I can now breathe easy, knowing my investment is safe, and I owe it all to their exceptional service and dedication.
Here's their Info below
WhatsApp: 1 252378-7611
Website info; www cyberconstableintelligence com
Email Info cyberconstable@coolsite net
Telegram Info: @cyberconstable

HOW TO RECOVER MONEY LOST TO ONLINE SCAM HIRE ADWARE RECOVERY SPECIALIST

WhatsApp info:+12723  328 343

I remember spending countless hours poring over the intricacies of cryptocurrency trading, and so  I took a leap of faith and invested, with due diligence done. With cautious optimism, I entered this world of digital currency, ready to convert knowledge into profit. My research led me to what looked like a completely legitimate broker: it had a slick website, amazing testimonials, and even an onboarding process that smoothly went through. Everything checked out, and soon I started making small, successful withdrawals. The early wins encouraged me to scale up-investing a hefty $250,000 worth of Bitcoin.
For some time, the profits rolled in, my account balance looked promising, and I had no issues making minor withdrawals. This perceived success became a cycle that gave me the confidence to leave my money in the platform, believing I was on the fast track to financial freedom. That illusion came crashing down the moment I tried to withdraw a more significant amount. Suddenly, I was locked out of my account. Every attempt to contact support was met with silence. That's when it really dawned on me: I had been sold out to some scam broker, a fraudster who had wooed me with some initial successes just to grab everything when I lowered my defenses. Panic set in, but I was not going to give up. Determined to recover my funds, I hit the internet in search of a solution down to forums and reviews. That's where I came across  ADWARE RECOVERY SPECIALIST. The stories of how they recovered money from victims of crypto scams inspired me, so I had to reach out. Right from that very first point of contact,  ADWARE RECOVERY SPECIALIST has been a godsend: professional, sensitive, and highly competent. They understood my devastation and walked me through their process in a clear and reassuring manner. Their communication was consistent, their forensic tools state-of-the-art, and their knowledge of blockchain security unparalleled. To my immense relief,  ADWARE RECOVERY SPECIALIST managed to recover a significant portion of my lost Bitcoin. They didn't just recover my money but also educated me on how to protect my assets from further damage. If you ever find yourself in this nightmare, then  ADWARE RECOVERY SPECIALIST is the team to go to. Their efficiency, transparency, and unmatched skill make them an absolute game-changer in crypto recovery. Don't hesitate—reach out and take back what's rightfully yours.

As cryptocurrency continues to reshape global finance, safeguarding Bitcoin and other crypto wallets is more important than ever. Unfortunately, wallet access issues—whether due to lost passwords, forgotten seed phrases, or even hacking incidents—are a common challenge for Bitcoin owners. Century Web Recovery, trusted since 2017, has emerged as a reputable resource for those seeking to regain access to their cryptocurrency wallets.

What is Bitcoin Wallet Recovery?
Bitcoin wallet recovery is the process of retrieving access to a Bitcoin wallet when the user is locked out. Wallet access issues can occur for various reasons, such as lost private keys, forgotten passwords, or corrupted wallet files. For those who’ve lost access, reputable recovery services can be an invaluable asset, helping them safely regain control of their funds.

Century Web Recovery offers specialized recovery services that cover a broad range of wallet types and access issues, providing the expertise needed to retrieve lost assets and restore access to cryptocurrency wallets.

Why Wallet Recovery Services Matter
Without access to your wallet, Bitcoin holdings can become permanently inaccessible. The decentralized nature of Bitcoin means there’s no central authority or “forgot password” feature that can restore access. This gap has led to a high demand for trustworthy wallet recovery services like Century Web Recovery, which uses a combination of technical expertise and proprietary tools to assist clients.

Century Web Recovery: Trusted Bitcoin Wallet Recovery Since 2017
Century Web Recovery has built a reputation as a reliable and secure recovery service provider since its establishment in 2017. Their team is composed of experienced blockchain analysts and cybersecurity experts who specialize in recovering wallet access in cases of forgotten passwords, corrupted files, or lost keys. Clients seeking to regain access to Bitcoin wallets can learn more about Century Web Recovery can help by contacting them through the details provided below.

Century Web Recovery Approaches Wallet Recovery
Initial Consultation and Assessment
Century Web Recovery begins with a thorough consultation, understanding the client’s situation and the specific wallet issue. This assessment allows the team to determine the best recovery strategy.
Technical Recovery Process
Century Web uses advanced recovery tools and techniques tailored to different wallet types, whether software, hardware, or paper-based. By leveraging cryptographic methods and advanced decryption software, the team can restore access to wallets securely.
Ensuring Client Security and Confidentiality
Security and confidentiality are top priorities. Century Web Recovery applies secure handling protocols throughout the recovery process, ensuring that clients’ information and assets remain protected.
Recovery Completion and Client Education
Upon successful recovery, Century Web provides clients with guidance on how to safeguard their wallets and private keys to avoid future access issues. This education reinforces wallet security and fosters long-term peace of mind.
Why Choose Century Web Recovery?
Not only does Century Web Recovery have a strong track record of successful recoveries, but it also offers an upfront pricing model to keep costs transparent. For clients who are locked out of their wallets, the technical capabilities and secure approach Century Web offers make it a leading choice in the crypto recovery space.

Contact Century Web Recovery
To learn more or initiate the recovery process, clients can reach out to Century Web Recovery. If you’re locked out of your Bitcoin wallet, now is the time to restore access and regain control of your digital assets with a company that’s trusted since 2017. You can reach out to us by searching us on google century web recovery and get all our contact details.

RECOVER YOUR BITCOIN WITH DIGITAL TECH GUARD RECOVERY EXPERT ASSISTANCE

I vividly remember the frustration I felt on a Sunday afternoon when I was struggling to regain control over my crypto wallet. At the time, I had a substantial balance over $68,000—and I was dealing with serious transaction issues. Despite multiple attempts, I couldn’t complete any transactions, and the situation seemed to worsen with each passing hour. As the day wore on, I grew more desperate, but I stubbornly resisted reaching out for professional help contact with WhatsApp: +1 (443) 859 - 2886 @ digital tech guard. com Telegram:@ digital tech guard recovery. com. I believed I could solve the problem myself or that contacting support would be a waste of time. Unfortunately, all my efforts to resolve the issue on my own came to nothing. The more time that passed, the more I realized my attempts were futile. The value of my assets in the wallet was at risk, and the frustration of not being able to access or transfer them grew unbearable. I tried reaching out to customer support for help, but each inquiry was met with a generic response or, worse, no response at all. The lack of communication only added to my sense of helplessness. By Sunday evening, I was at my wit’s end, and it was then that I finally accepted I needed help from someone else—my friend. Despite my initial resistance to involving a third party, my friend stepped in and contacted Digital Tech Guard Recovery on my behalf. At first, I remained hesitant. I had heard mixed things about third-party recovery services, and I was worried about compromising my wallet's security. But after my friend reassured me, I agreed to let them handle it. To my relief, the process went smoothly once I allowed Digital Tech Guard Recovery to get involved. I provided only the minimal information they requested, and within a short time, my access to the wallet was fully restored. All the transactions that had been stuck were processed, and my balance was intact. I’m incredibly thankful to Digital Tech Guard Recovery for their expertise and professionalism. If you ever find yourself in a similar situation, struggling to regain access to your crypto wallet, I highly recommend reaching out to them. Their help made all the difference for me, and I believe they can do the same for you. For their services, you can contact Digital Tech Guard Recovery directly.

ARE YOU HAVING ISSUES WITH INVESTMENT SCAM HIRE→( FOLKWIN EXPERT RECOVERY ) FOR FAST RECOVERY.

In Stockholm, I found myself immersed in the dynamic world of cryptocurrency after attending a local networking event. The energy in the room was palpable, filled with enthusiasts and experts discussing blockchain technology and the potential for financial independence. Captivated by the conversations, I decided to take a leap and invest 9,000 SEK in Cardanol, a cryptocurrency I had been researching for some time. To my surprise, my investment quickly gained momentum, skyrocketing to an impressive 200,000 SEK within just a few months. It was exhilarating to watch my investment grow, and I felt a mix of excitement and disbelief. Cardanol's innovative approach and promising technology had captured the attention of investors worldwide, and I was thrilled to be a part of that journey. However, the euphoria was short-lived. After a heated disagreement with another investor at a meetup, tensions escalated. This individual, feeling wronged, took the drastic step of locking me out of my email account. The loss was devastating—not only was I cut off from my primary communication channel, but I also lost access to crucial accounts tied to my investments. Panic set in as I realized the implications of being locked out of my email, especially with such a significant amount of money at stake. In those anxious moments, I turned to my network for support. Friends and fellow investors rallied around me, offering advice and sharing their own experiences. It was reassuring to know I wasn’t alone in this challenging situation. Several contacts recommended FOLKWIN E X P E R T RECOVERY, a service that specialized in reclaiming access to locked accounts. With their guidance, I reached out to FOLKWIN E X P E R T RECOVERY, hoping they could help me regain control. The team at FOLKWIN E X P E R T RECOVERY was professional and understanding. They walked me through the recovery process step by step, helping me verify my identity and regain access to my email account. After what felt like an eternity, I finally received the confirmation that I had regained access. The relief I felt was immense; not only could I communicate freely again, but I also had a direct line to manage my investments securely. This experience taught me invaluable lessons about the volatile nature of cryptocurrency and the importance of security. While the world of digital currency can be unpredictable, it also fosters a strong sense of community and support among investors. With my investments back in my control, I was more determined than ever to navigate the cryptocurrency landscape wisely and cautiously, For assistance.
CONTACT INFO BELOW:
WHATSAPP_<> +1 (740)705-0711.
EMAIL:_<> FOLKWINEXPERTRECOVERY (at) TECH-CENTER. C OM
Best Regards,
Henry Theodore.

BEST DIGITAL TECH GUARD RECOVERY - A CERTIFIED BITCOIN RECOVERY EXPERT

It's true, guys, Digital Tech Guard Recovery is the real deal! I never imagined heartbreak could manifest itself online until I was betrayed in the worst possible way. My ex-boyfriend the guy I used to trust with my whole heart—turned out to be the source of my utmost pain. When I confronted him for using my own hard-earned savings to fund his scandalous cheating sprees, I thought breaking up with him would finally set me free. He opted for revenge instead in the worst way possible. In a twist of sadism, he intentionally messed up the security credentials of my wallet so that I was completely locked out of my Bitcoin wallet with a staggering $850,000. Shock and disappointment at the time were indescribable. I felt as if all the notes of love and trust had been replaced with bitter notes of betrayal. My own world, which had been so full of hope for a bright future, was suddenly dark and uncertain. I wept for so many nights, wondering how someone I loved so dearly could hurt me so deeply. The electronic fortress of high-tech that I had built to safeguard my future was now a searing reminder of a trust betrayed by a person i once loved.
Yet, in the midst of such overwhelming grief, I would not succumb to despondency. Determined to regain what was rightfully mine, I searched for Digital Tech Guard Recovery—a name that shone like a beacon in my despair. Their staff encircled me with understanding and compassion from the very first call, as if they truly comprehended the anguish behind my situation. They listened patiently as I recounted every painful detail, reassuring me that my story was not one of defeat but of resilience.
With unwavering dedication and top-notch technical proficiency, Digital Tech Guard Recovery meticulously diagnosed the issues that had denied me access to my virtual paradise. Every update they provided was a soothing touch, smoothing the jagged edges of my bruised heart. In a matter of days, they restored my access and retrieved my $850,000 investment, an act not just restoring my finances but also beginning to salve the wounds of betrayal.
WhatsApp: +1 (443) 859 - 2886  Email @ digital tech guard . com
Telegram: digital tech guard recovery . com  Website link: digital tech guard . com
Their exceptional service turned my darkest hour into a profound lesson in strength and rebirth. Though it was heartbreaking, I came away with a renewed faith in hope and empowerment. To others who must endure a similar crisis, this is what I would say: even when trust has been shattered, restoration—and love—can be reclaimed again.

When you’re in need of reliable, fast, and professional locksmith services in Fort Lauderdale, Local Locksmiths is your go to provider. With years of experience serving the Fort Lauderdale area, we understand the importance of security and ensuring that your property, whether it's your home, office, or vehicle, is safe and secure. Our team is committed to offering top notch locksmith services at affordable prices, making us the most trusted locksmith in Fort Lauderdale.

Why Choose Local Locksmiths?
At Local Locksmiths, we pride ourselves on our customer first approach. Here’s why we stand out from other locksmith services:

Fast Response Time: Lockouts and security issues can happen at any time. Our expert locksmiths are always ready to respond quickly to any emergency. Whether it’s a car lockout or a home lock problem, we are here to help with a fast, reliable solution.

Comprehensive Services: We offer a wide range of locksmith services to meet your needs. From residential to commercial and automotive locksmith services, we handle it all. Whether you need a lock replacement, rekeying services, or a key duplication, we have the expertise to get the job done right.

Expert Technicians: Our team of licensed and trained locksmiths has the skills and knowledge to solve any lock related issue. They are equipped with the latest tools and techniques to provide efficient and effective solutions.

Affordable Pricing: We understand that security services can be an unexpected expense, which is why we offer competitive and transparent pricing. You can count on Local Locksmiths to deliver high quality services without breaking the bank.

Emergency Locksmith Services: Locked out of your car or home? We offer 24/7 emergency locksmith services in Fort Lauderdale. Day or night, our locksmiths are always available to assist you with your urgent lock and key needs.

Our Services
Residential Locksmith: From installing new locks to rekeying your home, we ensure your property is protected with the best security measures.

Commercial Locksmith: We provide a variety of services for businesses, including master key systems, access control systems, and high security lock installation.

Automotive Locksmith: Locked out of your car or lost your keys? Our automotive locksmith services cover all makes and models, helping you get back on the road quickly.

Emergency Services: When you’re in a pinch, you can rely on us for 24/7 emergency lockout services and other urgent locksmith needs.

Serving Fort Lauderdale and Beyond
While our business is based at 1000 NE 12th Ave, Hallandale Beach, FL, we proudly serve Fort Lauderdale and the surrounding areas. Our proximity to Fort Lauderdale ensures we can respond to your locksmith needs quickly and efficiently. We’re just a call away at +17545511841, ready to provide you with fast, professional service.

Contact Local Locksmiths Today
Don’t let lock issues cause you unnecessary stress. Whether you need a simple key replacement or emergency locksmith services, Local Locksmiths is here to help. With our expertise, commitment to customer satisfaction, and affordable pricing, we’re your trusted locksmiths in Fort Lauderdale. Contact us now at +17545511841 for all your locksmith needs.

For reliable, fast, and professional locksmith services, choose Local Locksmiths your trusted partner in Fort Lauderdale.

The Top Bitcoin Wallet Recovery Services in 2025

Cryptocurrency has revolutionized how we think about money, but losing access to your BTC wallet can be a nightmare. In 2025, several companies are stepping up to help individuals regain access to their wallets. Whether due to forgotten passwords, damaged devices, or other complications, these services provide reliable solutions for recovery.

1. Puran Crypto Recovery

Puran Crypto Recovery has emerged as the best Bitcoin wallet recovery company in 2025. Renowned for its cutting-edge tools and unmatched expertise, Puran Crypto Recovery specializes in recovering lost or inaccessible wallets while maintaining the highest standards of security. The company’s process is transparent, ensuring clients remain informed every step of the way. Their professional approach and high success rate make them the top choice for Bitcoin wallet recovery this year. You can reach them via email at purancryptorecovery(@)contactpuran(.)co(.)site or visit their website at puran.online.

Puran Crypto Recovery recovers lost crypto passwords since 2017. They support Bitcoin, Ethereum, Multibit, Trezor, and Metamask wallets. Their Wallet Recovery Service has been trusted by hundreds of clients worldwide, offering fast and secure solutions.

Puran Crypto Recovery stands out as a premier player in the industry, offering a range of services that have earned them a reputation for reliability and innovation. Here's a comprehensive review highlighting the key aspects that make Puran Crypto Recovery a standout choice:

Doxxed Owners: Transparency is crucial in any industry, and Puran Crypto Recovery excels in this aspect by having doxxed owners. This commitment to transparency instills trust and confidence among users, knowing that the people behind the company are accountable and accessible.

Conference Presence: Puran Crypto Recovery maintains a strong presence at industry conferences, demonstrating its commitment to staying updated with the latest trends and fostering networking opportunities. Their active participation in such events underscores their dedication to continuous improvement and staying ahead of the curve.

Media Coverage: With significant media coverage, Puran Crypto Recovery has garnered attention for its innovative solutions and contributions to the industry. Positive media coverage serves as a testament to the company's credibility and impact within the field.

Trustpilot Score: Puran Crypto Recovery boasts an impressive Trustpilot score, reflecting the satisfaction and trust of its user base. High ratings on platforms like Trustpilot indicate a track record of delivering quality services and customer satisfaction.

Google Ranking: A strong Google ranking speaks volumes about Puran Crypto Recovery's online presence and reputation. It signifies that the company is easily discoverable and recognized as a reputable entity within the industry.

Support Time Response: Puran Crypto Recovery prioritizes prompt and efficient support, ensuring that customer inquiries and issues are addressed in a timely manner. Quick response times demonstrate a commitment to customer satisfaction and effective problem resolution.

Incorporation Jurisdiction Score: Puran Crypto Recovery's choice of incorporation jurisdiction reflects careful consideration of legal and regulatory factors. This strategic decision underscores the company's commitment to compliance and operating within a secure and stable legal framework.

Community Activity: Active engagement in communities such as Bitcointalk, Hashcat, GitHub, and Reddit showcases Puran Crypto Recovery's dedication to fostering a vibrant and supportive ecosystem. Participation in these platforms enables the company to gather feedback, collaborate with enthusiasts, and contribute to the community's growth.

Social Media Presence: Puran Crypto Recovery maintains a strong presence across various social media platforms, including X and LinkedIn. Active engagement on social media not only enhances brand visibility but also facilitates direct communication with users and stakeholders.

Transparency and Accountability
Industry Leadership and Innovation
Exceptional Customer Satisfaction
Strong commitment to privacy and security
Legal Compliance and Stability
Educational resources available
Community Engagement and Collaboration
Currency
Supported wallets
Bitcoin, Ethereum, Multibit, Trezor, and MetaMask wallets.

ETHICAL HACKING SERVICES/CYBER SECURITY EXPERTS HIRE BLOCKCHAIN CYBER RETRIVE

I first met Sarah at St. James Episcopal Church in Los Angeles during a Sunday service. We struck up a conversation, and over time, we became friends, sharing stories about our lives and our work. Sarah, a seasoned journalist, has always been passionate about telling the truth, unraveling complex issues, and holding those in power accountable. However, she never expected that her trust in the digital world would lead her to become a victim of a well-organized scam.It all started when Sarah received an email that appeared to be from a reputable media subscription service. The email promised access to exclusive industry insights and breaking news stories for a small monthly fee. As a journalist, she recognized the value of staying ahead of the curve with the latest information, and so, she signed up for what she believed was a legitimate service. What she didn’t realize was that the entire operation was a scam designed to prey on professionals like her.The scam website looked remarkably legitimate, with polished graphics and professional language. Sarah was asked to provide payment upfront, and she paid $11,000 for what she thought was a comprehensive subscription package. Within a few days, however, the website disappeared, and Sarah was locked out of her account. Emails went unanswered, and the phone numbers listed on the website were disconnected.Devastated and unsure of where to turn, Sarah shared her ordeal with me. She had lost a significant amount of money, and the situation felt hopeless. But that's when I suggested she contact Blockchain Cyber Retrieve, a firm specializing in recovering funds lost to online scams. Sarah took my advice and reached out to the team at Blockchain Cyber Retrieve, hoping they could help her retrieve her hard-earned money. To her relief, Blockchain Cyber Retrieve acted quickly and efficiently. After conducting a thorough investigation, they were able to trace the funds and successfully recover the full $11,000 that Sarah had lost to the scam. Sarah was incredibly grateful to get all of her money back, and she felt a renewed sense of trust in recovery services.This experience left a lasting impact on her, and she now shares her story with fellow journalists and media professionals, warning them of the dangers of falling for scams in the digital age. Sarah’s story serves as a crucial reminder for all of us to remain vigilant, especially in an age where technology has made it easier for scammers to exploit our trust. If you find yourself in such situations dont hesitate to reach out to Blockchain Cyber Retrieve via:

WhatsApp: .+ 1 52 0 564 8300
EmaiL: blockchaincyberretrieve @ post {.} c o m support@ blockchaincyberretrieve.org

I want to express my sincere gratitude and appreciation to Wizard James Recovery Company for helping me get my $143,000 worth of stolen cryptocurrency back. At first, I was hesitant to give it a try and felt like there was no chance, but now I'm thrilled to talk about this cyber security firm because they were able to help me get my stolen digital money and cryptocurrency back. Their skilled work and outstanding service have absolutely impressed me. Before I went to them with my issues and gave them all the information I needed, I never imagined that I would be able to receive my money back. I was astounded when it took them seventy-two hours to get my money. For any of your bitcoin recovery, digital funds recovery, hacking, and cybersecurity-related needs, I would without a doubt heartily suggest Wizard James Recovery. They are without a doubt the greatest, and I am extremely grateful to them for assisting me in getting my money back. Do not hesitate to contact them at [WhatsApp_+447418367204] if you are experiencing similar problems to mine.

The Possibility Of Recovering Scammed Bitcoin Is Real With Help Of Lee Ultimate Hacker

As an electrician, I’ve always prided myself on my hard work and dedication. Unfortunately, I learned the hard way that not all investments are what they seem. I lost over $1,000,000 to fraudulent brokers and so-called account managers who deceived me into trusting them with my money. What began as an opportunity to grow my savings quickly turned into a devastating experience. It all started with a seemingly legitimate investment offer. The brokers made convincing claims, and the initial returns were encouraging, so I decided to invest more. They assured me that the more I invested, the higher my returns would be. I felt confident about the decision and followed their advice, thinking I was making smart financial moves. However, when I tried to withdraw my earnings, things quickly took a turn for the worse. The brokers began requesting additional funds before they would process any withdrawal. At first, I hesitated, but their constant push made me feel like it was a necessary step to access my money. Each time I complied, they would come up with new excuses and demand even more funds. Eventually, when I tried to withdraw everything, they disappeared. All my attempts to contact their customer support went unanswered, and it became clear I had been scammed. The loss was overwhelming, especially as an electrician with a family to support and bills to pay. But I wasn’t ready to give up. I began researching ways to recover my funds and stumbled upon a YouTube video that explained how victims of online scams could get their money back. That video led me to Lee Ultimate Hacker, a service that specializes in helping people who have been scammed. I reached out to them and received a response within hours. They requested all the details of my investment and the communication I had with the fraudulent brokers. I followed their instructions and provided the necessary documentation. To my surprise and relief, Lee Ultimate Hacker was able to successfully recover my entire investment, including the profits I had earned during the time I was involved. Thanks to their expertise, I was able to get my financial security back. This experience has been eye-opening, and I am sharing it now to help others avoid falling into the same trap. If you’re facing withdrawal issues or suspect you’ve been scammed on a trading platform, I highly recommend reaching out to Lee Ultimate Hacker on telegram: L E E U L T I M A T E, or w h @ t s a p p + 1 ( 7 1 5 ) 3 1 4 - 9 2 4 8 & Support @ l e e u l t i m a t e h a c k e r . c o m)
They helped me when I thought all hope was lost, and I’m confident they can do the same for others. Please recovery is possible if fall victim.

Understanding Medicare Part B with Variety Benefits Insurance Services

At Variety Benefits Insurance Services, we know that navigating the complexities of Medicare can be overwhelming, especially when it comes to understanding the different parts of the program. One of the key components of Medicare is Medicare Part B. Whether you are just starting with Medicare or reviewing your coverage, we are here to guide you through the ins and outs of Part B and help you choose the best options for your healthcare needs.

Located in Scottsdale, AZ, our experienced team of insurance professionals is here to provide personalized service and expert advice, ensuring you make informed decisions about your healthcare coverage.

What is Medicare Part B?
Medicare Part B is the part of Medicare that covers outpatient care, certain preventive services, and medically necessary services and supplies needed to diagnose or treat health conditions. While Medicare Part A covers inpatient care (such as hospital stays), Part B helps pay for services that you receive outside the hospital setting, including visits to your doctor, medical tests, and preventive care.

Enrolling in Medicare Part B is essential for comprehensive coverage, but it’s important to understand exactly what it includes and how it works with other Medicare options.

Why Do You Need Medicare Part B?
Here are some reasons why Medicare Part B is an important part of your healthcare coverage:

1. Outpatient Care
Medicare Part B covers outpatient care, including routine doctor visits, specialist consultations, lab tests, and diagnostic screenings. Whether you need a physical exam, a check-up with your specialist, or diagnostic tests like bloodwork, Part B helps cover these essential services.

2. Preventive Services
One of the key benefits of Medicare Part B is that it helps cover preventive services, such as cancer screenings, vaccinations, and wellness visits. Preventive care can help detect health issues early and keep your healthcare costs down. Services like flu shots, diabetes screenings, mammograms, and colonoscopies are covered under Part B with no additional out-of-pocket costs if received from a doctor who accepts Medicare.

3. Durable Medical Equipment (DME)
Medicare Part B also helps cover the cost of certain medical equipment that is necessary for your health, such as:

Wheelchairs
Oxygen equipment
Walkers
Hospital beds These items can be crucial in managing chronic conditions and improving your quality of life, and Part B provides coverage to help offset the cost.
4. Mental Health Services
Medicare Part B also covers services related to mental health, such as individual and group therapy sessions. Mental health is an important aspect of overall well-being, and Part B ensures you have access to the care you need to support your mental health.

What Does Medicare Part B Cover?
Medicare Part B covers a wide range of services, including but not limited to:

Doctor’s visits: Whether for routine check-ups or specialized care, Part B covers physician visits.
Emergency room services: Medicare Part B helps cover the costs of emergency services if you need treatment in an emergency room.
Diagnostic tests and lab services: Includes blood tests, X-rays, MRIs, and other diagnostic services that help detect or treat medical conditions.
Outpatient surgeries: If you need surgery that doesn't require an overnight stay, Part B covers the procedure.
Ambulance services: If you need emergency transportation to the hospital, Part B helps cover the cost.
Preventive care: Services such as flu shots, cancer screenings, and other preventive tests that help catch health issues early.
How Does Medicare Part B Work?
To get Medicare Part B, you must sign up during your Initial Enrollment Period (IEP), which typically occurs when you turn 65. Medicare Part B has a monthly premium, which is automatically deducted from your Social Security benefits.

Why Choose Variety Benefits Insurance Services?
Expert Knowledge: We have extensive knowledge of Medicare and Medicare Part B, and we’re here to answer all your questions.
Tailored Plans: We work with you to find the best Medicare Part B options and Medicare Supplement Plans to fit your unique needs.
Local Service: As a local business in Scottsdale, AZ, we offer personalized, face-to-face consultations and guidance for your Medicare decisions.
Ready to Learn More About Medicare Part B?
If you’re ready to get started or have questions about Medicare Part B, Variety Benefits Insurance Services is here to help. We will make sure you fully understand your options and find the right coverage for your healthcare needs.

Contact Us Today
Call +1 (480) 951-5860 or visit us at 28150 N Alma School Pkwy Ste 103-102, Scottsdale, AZ 85262. Let us help you navigate Medicare Part B and find the best options to meet your healthcare goals.

RECOVERING STOLEN ETHEREUM WITHC, DIGITAL TECH GUARD RECOVERY

Losing an investment is a distressing experience, but it becomes even more heart-wrenching when that loss is due to fraud. As someone who had invested a significant amount of ETH (Ethereum), I found myself facing an alarming situation when my assets were stolen through a scam that seemed too elaborate to fall for. The relief, however, came from an unexpected source: Digital Tech Guard Recovery. Like many in the world of cryptocurrency, I was confident in my ability to spot scams. However, the fraud I fell victim to was not your average phishing attack or wallet hack. It involved an advanced fake exchange platform that promised impressive returns on ETH investments. They used professional-looking websites, manipulated social proof, and even had testimonials from seemingly credible figures in the crypto space. The lure was undeniable: fast returns and a secure platform. Contact WhatsApp: +1 (443) 859 - 2886 Email digital tech guard . com Telegram : digital tech guard recovery . com website link :: https : // digital tech guard . com
Everything seemed legitimate, and after transferring a substantial sum of ETH into their "safe" exchange, I was met with immediate promises of high profits. However, as the days passed, I began to notice discrepancies. The "profits" shown on the platform became more exaggerated, and access to my funds was restricted. Eventually, I couldn’t withdraw anything, and the site was gone. I was devastated. My ETH had been stolen, and with it, my trust in the entire cryptocurrency ecosystem. I tried reaching out to the exchange (which was now offline), and I filed complaints with the relevant authorities. But despite my efforts, I felt like I was getting nowhere. Like many others, I was ready to give up on recovering my assets. Just when I thought all hope was lost, I came across Digital Tech Guard Recovery while researching ways to recover stolen cryptocurrency. I had seen countless ads promising similar services, but Digital Tech Guard Recovery seemed different. It wasn’t just a generic recovery platform—they specialized in cases exactly like mine, where scammers had built sophisticated frauds to steal ETH. Their website immediately struck me as more professional, with clear testimonials from clients who had successfully recovered their funds. What set them apart was their step-by-step approach, transparency, and their emphasis on using legal and technical methods to track stolen assets. They acted quickly, sending a formal request to the exchange, demanding the freeze and return of my assets, backed by the legal framework they had in place. The process wasn’t instant, but their team kept me informed at every stage, providing me with regular updates on their progress. The experience with Digital Tech Guard Recovery was transformative in more ways than one. Their comprehensive approach, legal knowledge, and technical expertise not only restored my lost investment but also restored my faith in cryptocurrency security. They weren’t just about getting the funds back—they also made sure that the scammers were flagged and that my recovery was documented, so I could help others who might face similar issues.

DIGITAL TECH GUARD RECOVERY: YOUR CRYPTO BACKUP PLAN

Having retired after a fulfilling career as a lecturer, I never imagined that I would become the target of a cryptocurrency scam. Yet, life often takes unexpected turns, and this experience became a painful but unforgettable lesson in the dangers of the digital world. contact with WhatsApp: +1 (443) 859 - 2886
Email @ digital tech guard . com Telegram: digital tech guard recovery . com I had invested in a cryptocurrency trading platform that promised extraordinarily high returns. At first, everything seemed legitimate. The platform was easy to navigate, and customer support was responsive and professional. The allure of rapid profits clouded my judgment, and I overlooked some initial warning signs. As time went on, however, I began to notice troubling issues. The platform’s fees were disproportionately high, and the process for withdrawing funds became increasingly complicated and opaque. Despite these red flags, I chose to trust the system, convinced that the investment would eventually pay off. That trust was shattered when I attempted to transfer my funds, only to discover that the platform had disappeared, taking my money with it. The realization that I had been scammed was devastating. A significant portion of my retirement savings was gone, and I felt as though I had failed not only myself but also my family, who relied on me for financial security. Though heartbroken and shaken, I refused to give up. I turned to online research, determined to find a way to recover my lost funds. I spent countless hours reading about others who had fallen victim to similar scams and seeking any advice or solutions that might help. It was during this search that I came across Digital Tech Guard Recovery, a service that specializes in assisting victims of online fraud. Desperate but hopeful, I decided to reach out, unsure of what to expect. Working with Digital Tech Guard Recovery has been a long and challenging process, but it has also been a crucial step toward regaining control over my situation. While I know I can never fully undo the loss, the experience has taught me valuable lessons about the importance of vigilance in the digital age. I’ve learned to be far more cautious with my investments and to question offers that seem too good to be true. Most importantly, I’ve learned that even in the face of hardship, there is always an opportunity to learn, adapt, and seek help when needed.

Bitcoin Recovery Services: Restoring Lost Cryptocurrency

If you've lost access to your cryptocurrency and unable to make a withdrawal, I highly recommend iBolt Cyber Hacker Bitcoin Recovery Services. Their team is skilled, professional, and efficient in recovering lost Bitcoin. They provide clear communication, maintain high security standards, and work quickly to resolve issues. Facing the stress of lost cryptocurrency, iBolt Cyber Hacker is a trusted service that will help you regain access to your funds securely and reliably. Highly recommended!

Cont/Whtp + 3. .9 .3. .5..0. .9. 2. 9. .0 .3. 1 .8.
Website: h t t p s : / / ibolt cyber hack . com /

HOW TO HIRE A CERTIFIED CRYPTO RECOVERY EXPERT

I'm thrilled to share my story because this cyber security firm helped me get my cryptocurrencies and stolen digital money back. Their skilled work and outstanding service have absolutely impressed me. Before I went to them with my issues and gave them all the information I needed, I never imagined that I would be able to receive my money back. I was astounded when it took them 48 hours to get my money. For all difficulties pertaining to hacking, digital funds recovery, bitcoin recovery, or cyber-security, I wholeheartedly commend Wizard Larry Recoveries.

WhatsApp... +44 73 11 (146) 749
Email... Wizardlarry (@) mail . (com)

DIGITAL HACK RECOVERY PROFESSIONAL RELIABLE BITCOIN RECOVERY SERVICES

Being unable to access your Bitcoin wallet is really frightening. When the money you've worked so hard to get seems so far away, it's a circumstance that can easily drive anyone into a panic. I had the exact same experience. I had been accumulating Bitcoin for months when all of a sudden I was unable to access my wallet. Every path I took appeared to lead to nothing, and I had no idea how to get back in. I tried everything. I spent hours searching for a solution, going through all the standard recovery methods like password resets, re-entering my recovery phrases, and checking every backup I thought I had. Nothing worked. My Bitcoin, the investment I had been so proud of, was out of reach, and I was devastated.
After weeks of fruitless attempts, I was ready to give up. Then, on a last-ditch effort, I came across Digital Hack Recovery. At first, I was skeptical—how could a recovery firm be any different from the other services I had already tried? But after reading positive reviews and seeing their professional website, I decided to take a chance. Little did I know that this decision would change everything. The Digital Hack Recovery team's professionalism and effectiveness were the most notable aspects of the recovery procedure. They kept me informed about their progress at all times, so I was never in the dark. They kept me updated and communicated clearly if there were any difficulties or delays. After interacting with other companies that were either inattentive or evasive, it was a huge relief that I never had to follow up with them to get answers. The actual procedure went very well. While I had expected the recovery to take weeks, Digital Hack Recovery made quick work of it, using specialized software and expertise to access my wallet and restore my Bitcoin. The recovery expert was also incredibly patient, answering all my questions and making sure I understood each phase of the process. I felt like I was in good hands from start to finish. The email from Digital Hack Recovery that confirmed my Bitcoin had been successfully recovered was an absolute game-changer. It felt too good to be true, but when I logged into my wallet and saw my funds back in place, I couldn’t believe it. Every single Bitcoin was there, exactly where it should be. The sense of relief I felt was overwhelming. I had feared I would lose everything, but Digital Hack Recovery had restored my digital assets with professionalism and care. But it didn’t stop there. The team went above and beyond, providing additional security measures to ensure my wallet would remain safe from future issues. They offered valuable advice on how to better protect my Bitcoin and avoid similar problems going forward. It wasn’t just about getting my Bitcoin back—it was about setting me up for success in the future. If you're reading this and you find yourself in the same desperate situation I was in, I highly recommend Digital Hack Recovery. They have the tools, knowledge, and experience to recover your Bitcoin and other digital assets. They don't just talk the talk—they walk the walk. My experience with them was nothing short of life-changing, and I’ll forever be grateful for their help. Thanks to Digital Hack Recovery, my Bitcoin is back, and I couldn’t be more thankful. If you’re in need of professional, reliable recovery services, look no further. They truly delivered when no one else could. Email; digital hack recovery
@ techie . com

WhatsApp +19152151930

Website; https : // digital hack recovery . com

Thank you for your time to read because it will save many.

Hire Ruder Cyber Tech Sleuths, the best experts in cryptocurrency recovery.
Looking back, it feels almost surreal. After many failed attempts with other companies, I had lost hope until RUDER CYBER TECH SLEUTHS changed everything. They not only restored my Bitcoin but also renewed my faith in customer service and technical expertise in the crypto space. Their thorough and professional approach yielded results quickly, unlike others who left me waiting for days. They effectively analyzed my wallet, tackled security issues, and communicated clearly throughout the recovery process.

When I received the email confirming my Bitcoin was restored, I couldn’t believe my eyes as I logged back into my wallet. My investment was safe again. The team also enhanced my wallet’s security and provided valuable best practices for managing my digital assets. Thanks to RUDER CYBER TECH SLEUTHS, I no longer worry about losing my Bitcoin.
whatsapp: +12132801476

Telegram : @rudercybersleuths

CRYPTO RECOVERY SERVICE REVIEW THROUGH "PASSCODE CYBER RECOVERY"

I am Chien Hung, a 47-year-old Asian immigrant and single father who lost $410,000 in a crypto scam through a fake “investor mentor” after connecting my wallet to a fake dashboard. But PASSCODE CYBER RECOVERY helped me recover $330,000 of the money. Now I prioritize security and due diligence, advocating for crypto education and recommending PASSCODE CYBER RECOVERY for similar situations or any issues relating to cryptocurrency.
PASSCODE CYBER RECOVERY

WhatsApp: +1(647)399-4074

Telegram : @passcodecyberrecovery

EY and ConsenSys announced the formation of the Baseline Protocol with Microsoft which is an open source initiative that combines cryptography, messaging and blockchain to deliver secure and private business processes at low cost via the public Ethereum Mainnet. The protocol will enable confidential and complex collaboration between enterprises without leaving any sensitive data on-chain. The work will be governed by the Ethereum-Oasis Project.

Past approaches to blockchain technology have had difficulty meeting the highest standards of privacy, security and performance required by corporate IT departments. Overcoming these issues is the goal of the Baseline Protocol.

John Wolpert, ConsenSys’ Group Executive for Enterprise Mainnet added, “A lot of people think of blockchains as the place to record transactions. But what if we thought of the Mainnet as middleware? This approach takes advantage of what the Mainnet is good at while avoiding what it’s not good at.”

Source : ConsenSys

WIZARD ASSET RECOVERY THE BEST EXPERTS FOR BITCOIN AND CRYPTO
Empowering Recovery: Wizard Asset Recovery as Your Trusted Bitcoin and Crypto Expert
In the vast and evolving landscape of cryptocurrency, the unfortunate reality of scams, hacks, and thefts looms large, posing significant risks to investors worldwide. Amidst the chaos, the need for reliable and effective recovery services has never been more crucial. Join us on a comprehensive exploration as we unveil Wizard Asset Recovery as the ultimate solution for recovering lost Bitcoin and crypto assets, empowering individuals and businesses to reclaim what is rightfully theirs and restore financial security.
Understanding the Challenges of Cryptocurrency Recovery
Cryptocurrency recovery presents a myriad of challenges, from navigating complex blockchain transactions to dealing with elusive hackers and fraudulent schemes. The decentralized nature of cryptocurrencies, coupled with the anonymity they provide, often makes it challenging to trace and recover lost funds. Additionally, the lack of regulatory oversight and jurisdictional issues further complicate recovery efforts, leaving victims feeling overwhelmed and helpless. In the face of these challenges, the expertise of a trusted recovery expert becomes invaluable.
Introducing Wizard Asset Recovery: Your Trusted Partner in Cryptocurrency Recovery
Wizard Asset Recovery emerges as a beacon of trust and expertise in the realm of cryptocurrency recovery, offering a comprehensive suite of services designed to address the unique needs of each client. As a leading recovery expert, Wizard Asset Recovery boasts a team of seasoned professionals with extensive experience in navigating the complexities of cryptocurrency theft and fraud. Their proven track record of success, coupled with their commitment to client satisfaction, sets them apart as the go to solution for recovering lost Bitcoin and crypto assets.
Why Choose Wizard Asset Recovery?
1. Expertise and Experience: With years of experience in cryptocurrency recovery, Wizard Asset Recovery possesses the knowledge, skills, and resources necessary to tackle even the most challenging cases with precision and efficiency.
2. Comprehensive Services: From initial consultation to forensic analysis and legal advocacy, Wizard Asset Recovery offers a comprehensive range of services tailored to meet the unique needs of each client.
3. Transparency and Communication: Throughout the recovery process, Wizard Asset Recovery maintains transparent communication with clients, providing regular updates and guidance every step of the way.
4. Proven Track Record: With numerous successful recoveries and satisfied clients, Wizard Asset Recovery has established itself as a trusted leader in the field of cryptocurrency recovery, earning accolades for its dedication to excellence and client satisfaction.
How Wizard Asset Recovery Works:
1. Initial Consultation: Contact Wizard Asset Recovery via email or WhatsApp to schedule an initial consultation. Provide details about the loss of your Bitcoin or crypto assets, including any evidence or documentation you may have.
2. Assessment and Proposal: Upon engagement, Wizard Asset Recovery will conduct a thorough assessment of your case and provide a tailored proposal outlining their recommended approach to recovery and associated costs.
3. Recovery Process: Leveraging advanced technology and forensic analysis, Wizard Asset Recovery will work tirelessly to trace and recover your lost Bitcoin or crypto assets, keeping you informed and updated on the progress of your case.
4. Resolution and Support: Throughout the recovery process, Wizard Asset Recovery will provide ongoing support and guidance, advocating for your interests and ensuring a satisfactory resolution to your case.
Reclaiming Financial Security with Wizard Asset Recovery
In the face of cryptocurrency theft or fraud, Wizard Asset Recovery stands as a trusted partner for individuals and businesses seeking restitution. With their expertise, dedication, and client centric approach, Wizard Asset Recovery empowers clients to reclaim their lost Bitcoin and crypto assets, restoring financial security and peace of mind. Don't let the complexities of cryptocurrency recovery deter you – trust in Wizard Asset Recovery to guide you through the process with confidence and expertise.

Contact Information:
Email: wizardassetrecovery@gmx.us
Reclaim your financial sovereignty today with Wizard Asset Recovery. Let their team of experts navigate the complexities of cryptocurrency recovery on your behalf, allowing you to reclaim what is rightfully yours and move forward with confidence.

I've been working in sales for over a decade, building a successful business empire along the way. Wanting to expand my horizons, I decided to dive into the world of cryptocurrency, with a particular focus on Bitcoin. Using the wealth of knowledge available on the internet, I began my journey into this exciting and volatile market. Initially, my investment of $500,000 quickly grew, yielding a profit of over $700,000 in less than a year. Encouraged by this success, I deposited my earnings into a Bitcoin wallet. However, disaster struck when I lost my phone. After replacing it, I realized I could no longer access my wallet, triggering a frantic search for a solution. That's when a trusted trading colleague recommended CYBER TECH WIZARD. They promised to help me regain access to my account within 72 hours. With hope and skepticism, I reached out to them. From the very first interaction, the team at CYBER TECH WIZARD displayed remarkable professionalism. They patiently listened to my predicament and reassured me that they had the expertise to resolve it. Their clear and concise communication about the steps they would take helped put my mind at ease. They kept me informed throughout the process, providing regular updates on their progress. Their transparency and dedication were truly commendable. True to their word, within 72 hours, I received confirmation that my wallet access had been restored. Seeing my balance intact was an enormous relief. But CYBER TECH WIZARD didn't just stop at recovering my account. They went the extra mile to help me secure it against future mishaps. They guided me through implementing enhanced security measures, such as two-factor authentication and better backup protocols. Their proactive approach ensured that I was better protected moving forward. In summary, my experience with CYBER TECH WIZARD was outstanding. Their professionalism, expertise, and commitment to client satisfaction were evident at every step. They not only restored my access to my Bitcoin wallet but also helped safeguard my account against future issues. I highly recommend their services to anyone facing similar challenges in the cryptocurrency space. Thanks to their swift and effective intervention, I can now continue my trading journey with confidence, knowing my assets are secure

EXPERTISE INFORMATIONS
SEND EMAIL: cybertechwizard(@)cyberservices(.)com
WHATSAPP INFO:+185-9743-5022

Experiencing a security breach involving your Bitcoin wallet can be a harrowing ordeal. This was my reality when I received an unexpected BTC security code on my phone. At the time, I didn’t realize the significance of this code and, unfortunately, ignored it. To my dismay, I later discovered that my Bitcoin wallet had been hacked by an unknown scammer, resulting in the theft of all the funds I had accumulated. The frustration and helplessness I felt during this period were overwhelming. My entire Bitcoin portfolio was inaccessible, and the sense of losing control over my assets was incredibly distressing. The funds that had been stolen represented not just an investment, but a crucial part of my financial security. I was left without any clear path forward, grappling with the reality that my savings were gone and that I had no immediate way to recover them. In my search for a solution, I turned to online resources and discussions in hopes of finding a way to retrieve my lost funds. It was during this search that I heard about FAYED HACKER from a trusted friend. They spoke highly of FAYED HACKER’s reputation for recovering lost funds and providing effective solutions for hacking incidents. Encouraged by their positive feedback, I decided to reach out to FAYED HACKER for help. I contacted them through their email, providing all the relevant details about my situation. The response from FAYED HACKER was swift and professional. They offered a detailed consultation and outlined the steps I needed to follow to initiate the recovery process. Their instructions were clear and comprehensive, guiding me through every necessary action to address the breach and attempt to regain control of my wallet. Following their expert advice, I was able to take the necessary steps to begin the recovery process. FAYED HACKER’s team worked diligently on my case, employing their expertise and advanced techniques to trace the stolen funds and secure my compromised wallet. The process required patience and careful adherence to their instructions, but their support was unwavering and reassuring throughout. Within a few weeks, I received the incredible news that my Bitcoin wallet and the stolen funds had been successfully recovered. FAYED HACKER’s efforts to rectify the situation were nothing short of remarkable. They had not only restored access to my wallet but also ensured that the stolen BTC was returned. I was once again able to manage my wallet independently, regaining control over my financial assets. The successful recovery of my Bitcoin and wallet was a huge relief and a testament to the effectiveness of FAYED HACKER’s services. Their professionalism, expertise, and commitment to their clients were evident throughout the entire process. I am profoundly grateful for their help and would strongly encourage anyone who finds themselves in a similar predicament to seek assistance from credible and ethical recovery services like FAYED HACKER. Dealing with a hacked Bitcoin wallet can be an incredibly stressful experience, but recovery is possible with the right help. FAYED HACKER provided me with the expert support and guidance needed to regain my assets and restore my peace of mind. Their dedication to their clients and their effective recovery strategies make them a trustworthy choice for anyone facing issues with stolen or compromised Bitcoin. If you ever find yourself in a situation where your funds or wallet have been hacked, reaching out to a reputable recovery service like FAYED HACKER could be the key to reclaiming what you’ve lost.
EMAIL: writeus @ fayedhacker . tech or fayedexperthack @ solution4u . com
WHATSAPP: + 44 (753) (524) (0205)

Buy Verified Cash App Account: Navigating the Digital Transaction Landscape
In an age dominated by digital transactions, the concept of purchasing a verified Cash App account has gained significant traction. This article aims to explore the nuances of buying a verified Cash App account, elucidating the advantages, potential risks, and offering a comprehensive guide for individuals considering this financial move.

Introduction
The Growing Trend of Buying Verified Cash App Accounts
As online transactions become more prevalent, the trend of purchasing verified Cash App accounts is on the rise. Users are increasingly recognizing the added benefits and security that come with having a verified account.

Understanding the Importance of Account Verification
Account verification is a crucial step in enhancing the security of digital transactions. A verified Cash App account provides users with an additional layer of protection, making their financial interactions more secure and reliable.

Advantages of Purchasing a Verified Cash App Account
Enhanced Security Features
One of the primary advantages of a verified Cash App account is the incorporation of advanced security features. These may include multi-factor authentication and additional verification steps, adding an extra layer of defense against unauthorized access.

Increased Transaction Limits
Verified accounts often come with substantially increased transaction limits. This proves beneficial for users engaged in larger financial transactions or those running businesses through the Cash App platform.

Access to Exclusive Cash App Features
Apart from heightened security and increased transaction limits, verified accounts may unlock exclusive features within the Cash App. This could range from priority customer support to early access to new features and promotions.

How to Safely Purchase a Verified Cash App Account
Researching Reputable Sellers
Before entering the purchasing process, it's crucial to research and identify reputable sellers. Reading reviews and testimonials can provide valuable insights into the credibility and reliability of a seller.

Authenticating Account Legitimacy
Ensuring the authenticity of the accounts offered by sellers is paramount. A legitimate verified account should have gone through the necessary verification steps outlined by Cash App.

Ensuring Transparency in Transactions
Transparency in transactions is vital. Buyers should choose sellers who provide clear information about the accounts, including their verification status and any associated features.

Risks and Precautions in Buying Verified Accounts
Common Scams in the Verified Account Market
The digital landscape is not without risks, and the market for verified Cash App accounts is no exception. Being aware of common scams, such as fake listings and phishing attempts, is essential.

Tips for a Secure Transaction Process
To mitigate the risk of falling victim to fraudulent transactions, following best practices such as using secure payment methods and verifying the seller's credentials is crucial.

Step-by-Step Guide to Verifying a Cash App Account
Understanding the Cash App Verification Process
Before attempting to verify a Cash App account, it is essential to understand the process thoroughly. Familiarizing oneself with the required documentation and steps ensures a smooth verification experience.

Submitting Required Information
During the verification process, users typically need to provide personal information, such as a valid ID and proof of address. Ensuring the accuracy and legitimacy of this information is key to a successful verification.

Navigating Potential Challenges
While the verification process is generally straightforward, users may encounter challenges. Being prepared to troubleshoot and address potential issues ensures a seamless verification experience.

Conclusion
Summarizing the Benefits and Risks
In conclusion, opting for a verified Cash App account offers users enhanced security, increased transaction limits, and exclusive access to platform features. While potential risks exist, informed decision-making and adherence to safety precautions can lead to a positive experience.

Encouraging Informed Decision-Making
As users consider the option of purchasing a verified Cash App account, it is crucial to approach the process with caution and awareness. Choosing sellers with proven credibility, staying informed about potential risks, and following best practices contribute to a secure and positive experience.

IS Technology: Your Trusted Partner for Small Business Support and IT Services

In the modern business landscape, technology plays a crucial role in driving efficiency and success. For small businesses, managing technology and staying ahead of IT challenges can be overwhelming. At IS Technology, we are here to provide expert small business support and IT services to help your business thrive. Located at 12 National Ave, Fletcher, NC 28732, we offer tailored solutions designed to meet the unique needs of small businesses, enabling you to focus on what matters most—growing your business.

Why Small Businesses Need IT Support
Small businesses often face unique challenges when it comes to technology. With limited resources, it’s crucial to make the most of your technology infrastructure while minimizing downtime and security risks. IS Technology specializes in providing small business support that empowers your company to run efficiently, securely, and seamlessly. Our IT services are designed to help you:

Reduce IT Costs
Outsourcing your IT services to a trusted provider like IS Technology can save your business significant costs compared to hiring a full-time, in-house IT team. With our flexible support packages, you only pay for the services you need, when you need them.

Stay Competitive
In today’s digital-first world, small businesses need to leverage the latest technology to remain competitive. Whether it's cloud computing, advanced cybersecurity, or efficient networking, we provide the tools and expertise you need to stay ahead of the curve.

Improve Efficiency
Technology should simplify your business operations, not complicate them. Our small business support services ensure that your IT services are optimized for maximum productivity, reducing downtime and streamlining your workflows.

Enhance Security
Cybersecurity is critical for small businesses that handle sensitive customer data and financial information. IS Technology offers robust security solutions that protect your business from potential threats, ensuring that your information is safe and your systems are secure.

Our IT Services: Tailored for Small Businesses
At IS Technology, we offer a wide range of IT services specifically designed to meet the needs of small businesses. Whether you’re looking for a comprehensive IT support package or specialized services, we have the expertise to provide solutions that fit your business requirements.

Managed IT Services
Our managed IT services are designed to provide proactive support, ensuring that your systems are running smoothly 24/7. From regular software updates to monitoring your network for potential issues, we handle everything so you can focus on growing your business.

Network Setup & Support
A strong, reliable network is essential for business success. We provide network setup and support to ensure that your business's technology infrastructure is seamless and scalable. Whether you need help setting up a new office network or optimizing your existing setup, we’ve got you covered.

Cloud Solutions
Cloud computing offers flexibility and cost savings that traditional IT infrastructure simply can’t match. We provide cloud solutions that allow you to store and access your data securely from anywhere. With our help, your small business can benefit from enhanced collaboration, seamless data sharing, and reliable disaster recovery.

Cybersecurity Services
Small businesses are often targets for cybercriminals due to their perceived vulnerabilities. At IS Technology, we provide advanced cybersecurity services to safeguard your business against cyber threats. Our services include firewalls, antivirus software, encryption, and security audits to protect your data and systems from potential breaches.

Tech Support & Troubleshooting
When technical issues arise, you need reliable tech support to minimize downtime. Our team is available to troubleshoot problems quickly and efficiently, ensuring your business is back on track in no time. Whether it’s hardware malfunctions or software issues, we’re here to help.

IT Consulting
As a small business, you might not always know which technology solutions are best for your needs. Our IT consulting services provide expert guidance to help you make informed decisions about your technology investments. Whether you need advice on upgrading your infrastructure or choosing the right software for your business, we offer tailored recommendations that align with your goals.

Why Choose IS Technology for Small Business Support?
Tailored Solutions for Your Business
At IS Technology, we understand that every small business is different. That’s why we provide small business support that is customized to meet the specific needs of your business. We take the time to understand your goals and challenges, and we design IT services that align with your objectives

Why Vulnerability Assessments are Critical for Enterprise Security?

A vulnerability assessment involves examining components of the IT environment to find potential security flaws that could be exploited by attackers.

The goal is to discover these issues before they can be used to compromise the system, allowing the organization to fix them and strengthen its security.

Types of Vulnerability Assessments

Scanning
This involves using automated tools to scan the technology environment for known vulnerabilities. The scanner checks software, hardware, and network configurations against a database of known issues to identify potential security gaps.
Penetration Testing
Also known as ethical hacking, penetration testing involves simulating attacks on the system to find vulnerabilities. Security experts attempt to exploit weaknesses in the system, just like a real attacker would, to uncover issues that automated scans might miss. This type of testing provides a deeper understanding of the security risks.
Risk Assessment
Risk assessment involves evaluating the potential impact and likelihood of identified vulnerabilities being exploited. It prioritizes vulnerabilities based on their potential harm to the organization and helps in making informed decisions about which issues to address first. This process often includes analyzing the potential consequences and the likelihood of exploitation.
The Role of Vulnerability Assessments in Enterprise Security
Identifying Weaknesses

Vulnerability assessments play a crucial role in uncovering security weaknesses within an organization’s IT environment. By systematically examining software, hardware, and network configurations, these assessments reveal potential vulnerabilities that could be exploited by attackers. Identifying these weaknesses early allows organizations to address them before they can be used to compromise the system. This proactive approach helps prevent security breaches and protects sensitive data from being exposed or stolen.

Prioritizing Risks

Once vulnerabilities are identified, it is essential to prioritize them based on their potential impact and likelihood of exploitation. Not all vulnerabilities pose the same level of risk. Some might be easily exploitable and have severe consequences, while others might be less critical. Understanding which vulnerabilities present the greatest risk helps organizations focus their resources and efforts on addressing the most pressing issues first. This prioritization ensures that the most critical weaknesses are fixed promptly, reducing the overall risk to the organization.

You can check more info about: Vulnerability Assessments( Opstree )

Screen Usage Tracking at Work: Balancing Productivity and Privacy

Introduction
In today’s fast-paced, tech-driven work environments, screen usage tracking has become an essential tool for organizations aiming to improve productivity, security and efficiency. Modern organizations use these monitoring tools to track employee digital device activities because they need to ensure productive time usage. Screen usage tracking generates important privacy issues and ethical problems regarding technological implementation. The successful implementation of productive spaces must preserve worker privacy rights. The following article addresses all aspects of workplace screen usage tracking, including its advantages and disadvantages and proper implementation guidelines.

The Need for Screen Usage Tracking in the Workplace
The demand for screen usage tracking arises from several factors. Digital activity monitoring enables employers to confirm that staff members concentrate on their work tasks while they are at their desks. Remote work and hybrid models have become standard in workplaces because employees can no longer prove their productivity through office attendance. Employers need to monitor how workers spend their time at work because they want both performance outcomes and adequate time management.
Businesses operating in specific industries need to track their employees' activities to secure data because regulatory standards demand it. Through online activity tracking, employers achieve two objectives: they detect suspicious behavior right away and stop employees from accessing unauthorized confidential data. Screen usage tracking functions as an essential tool for both business efficiency maintenance and security protection of organizational assets.

Benefits of Screen Usage Tracking
Reduces Distractions
Employees lose their focus on work when there is no oversight system in place. Screen tracking ensures that employees are focused and using their time effectively, especially during work hours. Work hour restrictions on particular apps and websites through blocking mechanisms help employees stay focused on their tasks.
Enhances Security and Compliance
Employees lose their focus on work when there is no oversight system in place. Work hours require employees to remain focused while using their time effectively because screen tracking provides this oversight. Work hour restrictions on particular apps and websites through blocking mechanisms help employees stay focused on their tasks.
Data-Driven Insights
Screen usage data generates important information about employee work habits as well as employee engagement levels. By monitoring screen usage data managers can identify workers who require extra support and training along with identifying staff members who work excessively and those who perform above expectations. Staff management strategies and workplace performance benefit from these insights gained.

Future of Screen Usage Tracking in Workplaces
Screen usage monitoring will experience future evolution through technological developments that define how tracking occurs. These screen usage tracking tools will benefit from Artificial Intelligence (AI) because it brings both enhanced accuracy and usefulness. Artificial intelligence programming systems analyze staff behavioral patterns to generate forecast data which leads to predictive productivity improvement strategies.
Privacy laws together with regulations, will likely advance in their development. Organizations must discover methods to integrate employee rights protection systems with their monitoring strategies due to rising data privacy concerns. Organizations will adopt standard tracking policies based on transparency and employee consent to maintain ethical and legal handling of employee data.
Qoli.AI drives revolutionary changes in screen usage tracking through its leading AI technology solutions. Data-driven business decisions through Qoli.AI become possible because they provide up-to-the-minute employee performance and behavioral data while adhering to privacy limits. The platform integrates advanced technology to connect with workplace systems which provides employees with trustworthy monitoring solutions.

Conclusion
The implementation of work screen monitoring serves both positive and negative functions. Employment screen tracking enables productivity enhancement and security alongside operational efficiency at the cost of severe privacy issues and moral problems. The successful implementation of work performance enhancement requires organizations to maintain the proper balance between performance upliftment and employee privacy protection. The use of screen tracking tools benefits employers when they maintain transparency and gain employee consent, as well as develop ethical standards that protect employee trust and workplace morale.

Looking for Reliable IT Service Near Me? Choose I.T. For Less - Chicago’s Trusted IT Provider

In today’s digital world, businesses need reliable IT services to stay competitive and secure. Whether you're a small business or a growing enterprise, finding an IT service near me is critical to ensuring your technology infrastructure remains robust and efficient. At I.T. For Less, we specialize in providing expert IT services to businesses throughout Chicago, delivering tailored solutions that meet your unique needs.

Located at 332 S Michigan Ave, Suite 121-5001, Chicago, IL 60604, I.T. For Less offers a full range of managed IT services right here in the heart of Chicago. Our experienced team is committed to ensuring your technology works seamlessly, empowering your business to thrive.

Why Choose I.T. For Less for IT Service Near Me?

Local Expertise
Searching for IT service near me means you want a provider who understands the local market and the unique challenges your business faces. Being based in Chicago, I.T. For Less is well-positioned to offer personalized, timely IT solutions to meet your specific needs. We understand Chicago's business landscape and are just a call away to provide support when you need it most.

Comprehensive IT Services
We offer a wide array of IT services including network monitoring, cybersecurity, cloud solutions, data backup, disaster recovery, and 24/7 technical support. Whether you're dealing with everyday IT issues or need long-term strategic IT planning, we have you covered.

Proactive Support and Maintenance
Unlike reactive IT services, we focus on prevention. As your trusted IT service provider near me, we continuously monitor your network, detect potential issues, and resolve them before they affect your business operations. This proactive approach minimizes downtime and helps you stay ahead of any challenges.

Customized IT Solutions
At I.T. For Less, we understand that no two businesses are the same. That’s why we offer custom-tailored IT services that align with your business goals. Whether you need cloud services, data security, or managed IT solutions, we’ll create a plan that works best for you.

Cost-Effective Solutions
When it comes to IT service near me, cost-effectiveness is key. I.T. For Less provides affordable IT management services that offer real value for your investment. With our transparent pricing models and flexible plans, you get the IT support you need without breaking your budget.

Security and Compliance
Protecting your business from cyber threats is more important than ever. As your IT service provider, we implement the latest security measures to safeguard your systems and ensure compliance with industry regulations. You can trust that your data is secure with us.

Get In Touch with I.T. For Less – Your Local IT Service Provider

If you’re searching for IT service near me in Chicago, look no further than I.T. For Less. We’re here to help you with all your IT needs, whether you require ongoing support or a complete IT overhaul. Located at 332 S Michigan Ave, Suite 121-5001, Chicago, IL 60604, our team is ready to provide you with the IT services you need to succeed.

Call us today at +1 (312) 709-5064 to learn more about how I.T. For Less can assist you with professional and affordable IT services tailored for your business.

I hate how I have battery issues with every smartphone/tablet I buy. They do well for 1 week and then I have to buy an additional charger for work because after 5 hours of only lying there it only has 50% which wouldnt be sufficient for 30 minutes car drive (Maps, Spotify, Bluetooth, GPS and mobile data)... Fml. I am tired of batteries. My next phone is going to be a huawei mate 10. Maybe I habe more luck with this one. I dont believe im Samsung anymore.

And anyway why the fuck do they introduce better CPUs more sensors etc whilst Keeping the battery capacity the same.. Instead they introduce fast charge etc. Another reason for me to go away from samsung is the fact they bloat each firmware up, my battery got worst after each system update (even the security ones) and also doing 14 factory resets didnt work. Support is shit. They also integrated Clean Master into the system and an "Antivirus Protection"... Can't get worst.

samsungrant@devrant.com # > submit && exit

How to Withdraw on Bhalo88 💰 | A Complete Guide
Withdrawing money securely and efficiently is crucial for any online gaming or betting platform. If you’re looking for an easy way to withdraw your winnings, this guide on how to withdraw on Bhalo88 will walk you through each step. Moreover, we will discuss secure mobile banking in Bangladesh like bKash, Nagad, Upay, and Rocket for fast transactions.

Why Choose Bhalo88 for Withdrawals? 🚀
Bhalo88 offers a user-friendly and secure withdrawal process. Multiple payment options ensure seamless transactions. With instant processing, you can receive your winnings directly to your mobile wallet or bank account. Whether you’re using bKash, Nagad, Rocket, or Upay, Bhalo88 ensures a hassle-free experience.

Step-by-Step Guide: How to Withdraw on Bhalo88 📝
Step 1: Access the Security Center
To begin, log in to your Bhalo88 account and navigate to the Security Center.

Step 2: Click on “E-Wallet Binding”
This step ensures that your mobile banking details are securely linked to your Bhalo88 account.

Step 3: Select Withdrawal Method
Choose the method through which you want to withdraw your funds (bKash, Nagad, Rocket, or Upay).
Provide your full name as per your bank or wallet account.
Enter the mobile number where you wish to receive the money.
Input the number registered with your Bhalo88 account.
Click on Send and enter the OTP received on your number.
Set a new 6-digit transaction PIN for added security.
Step 4: Enter Withdrawal Amount
Specify the amount you want to withdraw.
Input your saved transaction PIN and click on withdraw.
Secure Mobile Banking Options in Bangladesh
When withdrawing on Bhalo88, you can use some of the most trusted and secure mobile banking services in Bangladesh. Let’s take a closer look at these options:

bKash: The Most Popular Mobile Banking
Fast and secure transactions
Available across Bangladesh
Instant withdrawal processing
Nagad: Trusted by Millions
Low transaction fees
High security and encryption
24/7 customer support
Rocket: Powered by Dutch-Bangla Bank
Direct bank integration
Safe and efficient transactions
Supports large withdrawals
Upay: The New and Reliable Choice
Competitive transaction fees
Instant mobile wallet transfers
High withdrawal limits
These services ensure safe and instant transactions, making them perfect choices for withdrawing on Bhalo88.

Tips for a Safe Withdrawal on Bhalo88 🛡️
Always double-check the number and account details before withdrawing.
Use a strong transaction PIN for added security.
Withdraw during banking hours for the fastest processing.
If you face issues, contact Bhalo88 customer support immediately.
Frequently Asked Questions (FAQs) 📊
1. How long does it take to withdraw on Bhalo88?
Most withdrawals are processed instantly. However, bank-related transactions may take up to 24 hours.

2. Is there a minimum withdrawal amount?
Yes, the minimum withdrawal amount depends on the selected payment method. Usually, it’s around 100 BDT.

3. Can I withdraw using a different mobile number?
No, the withdrawal must be made to the registered mobile number linked with your Bhalo88 account.

4. What should I do if my withdrawal fails?
Check your account balance, internet connection, and OTP entry. If the issue persists, contact Bhalo88 support.

Conclusion 🏆
Withdrawing money on Bhalo88 is quick, secure, and hassle-free when you follow the correct steps. By using bKash, Nagad, Rocket, or Upay, you can enjoy a smooth withdrawal experience. Moreover, ensure security measures are followed, and always double-check your details before processing any transaction.

Now that you know how to withdraw on Bhalo88, go ahead and enjoy your winning

Trusted Locksmith Services by Local Locksmiths

When it comes to securing your property and ensuring that you can access your home, business, or vehicle without stress, having a reliable locksmith on hand is crucial. At Local Locksmiths, we provide professional, fast, and affordable locksmith services in Hallandale Beach, FL, and the surrounding areas. Whether you need help in an emergency or are looking to upgrade your security systems, our expert team is here to assist you.

Your Go-To Locksmith Experts
Located at 1000 NE 12th Ave, Hallandale Beach, FL 33009, Local Locksmiths is committed to delivering high-quality locksmith services for residential, commercial, and automotive needs. Our experienced technicians are well-equipped to handle a wide variety of services with precision and care. We understand how important it is to feel safe and secure, and our goal is to make sure you can trust us with your locksmith needs.

Comprehensive Locksmith Services
Local Locksmiths offers a wide range of locksmith services designed to meet the diverse needs of our clients. Whether you're locked out of your home or need new locks installed at your business, our skilled technicians have got you covered.

Residential Locksmith Services
We offer lockout assistance, rekeying services, lock replacements, and home security upgrades. Protecting your family and belongings is our priority, and we provide solutions to ensure your home remains secure at all times.

Commercial Locksmith Services
For business owners, we offer high-security lock systems, master key systems, keyless entry installations, and access control solutions to help you maintain a secure and efficient environment. Our team can handle the specific needs of your business, ensuring that your property and assets are well-protected.

Automotive Locksmith Services
Locking yourself out of your car or losing your keys can be a frustrating experience. Local Locksmiths offers automotive locksmith services, including car key replacements, transponder key programming, and ignition repairs, so you can get back on the road quickly.

Emergency Locksmith Services
Lock and key issues can occur at any time, and that’s why we offer 24/7 emergency locksmith services. Whether you're locked out of your home, office, or car, our team is ready to respond quickly and get you the help you need, no matter the time of day or night.

Why Choose Local Locksmiths?
Experienced and Professional Technicians
At Local Locksmiths, we only employ fully trained and experienced locksmiths who are equipped with the knowledge and tools necessary to complete every job to the highest standard. No job is too big or too small for our team.

Fast and Reliable Service
We understand the urgency of lock and key problems, which is why we prioritize fast and efficient service. Our locksmiths respond quickly to emergencies, and we always aim to resolve your issue on the spot.

Affordable and Transparent Pricing
When you choose Local Locksmiths, you can expect competitive prices and no hidden fees. We provide upfront quotes and ensure that our pricing is clear and fair.

Contact Local Locksmiths Today
Whether you're in need of urgent assistance or just want to ensure that your property is secure, Local Locksmiths is here to help. Contact us at +1 754-551-1841 to speak with a friendly representative, or visit our office at 1000 NE 12th Ave, Hallandale Beach, FL 33009.

Trust Local Locksmiths for all your locksmith needs—your security is our priority!