Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "the audacity of this vendor"
-
I’m LOLing at the audacity of one of our vendors.
We contract with a vendor to build and maintain a website. Our network security team noticed there was a security breach of the vendor’s website. Our team saw that malicious users gained access to our Google Search console by completing a challenge that was issued to the vendor’s site.
At first, the vendor tried to convince us that their site wasn’t comprised and it was the Google search Console that was compromised. Nah dude. Our Search Console got compromised via the website you maintain for us. Luckily our network team was able to remove the malicious users from our search console.
That vendor site accepts credit card payments and displays the user’s contact info like address, email, and phone. The vendor uses keys that are tied to our payment gateway. So now my employer is demanding a full incident report from the vendor because their dropping the ball could have compromised our users’ data and we might be responsible for PCI issues.
And the vendor tried to shit on us even more. The vendor also generates vanity urls for our users. My employer decided to temporarily redirect users to our main site (non vendor) because users already received those links and in order to not lose revenue. The vendor’s solution is to build a service that will redirect their vanity urls to our main site. And they wanted to charge us $5000 usd for this. We already pay them $1000 a month already.
WTAF we are not stupid. Our network service team said we could make the argument that they do this without extra charge because it falls in the scope of our contract with them. Our network team also said that we could terminate the contract because the security breach means they didn’t render the service they were contracted to do. Guess it’s time for us to get our lawyer’s take on this.
So now it looks like my stakeholders want me to rebuild all of this in house. I already have a lot on my plate, but I’m going to be open to their requests because we are still in the debrief phase.2 -
Reanimated an old e-ink tablet today.
First, I didn't even know it needed to be reanimated. I just copied my books there, but it didn't find them. When I connected it again, they were gone.
Factory reset. Format storage. The memory seems empty, but after rebooting I see that everything is still intact.
Ok, imma hit forums then. They tell me I need to replace the internal memory. But isn't that something you need soldering for? Wrong! The internal memory IS JUST A MICRO SD CARD on the motherboard. The card is some cheap no name one, and people tell the similar story of it burning out after like four years of use.
Damn! The vendor has the AUDACITY to charge for signing their firmware to be flashed to a new micro sd card.
But I won't go down this easily. I hit forums again, and apparently there is a tool to sign the firmware yourself, but you need to find the card's serial number. To do that, you have to flash a bootleg tool, boot from that card, and it will show you the data you need. Then, you have to insert them into some shady .ini file (why is everything touching bootleg firmware runs only on windows?).
So I do that. The problem is, I need an image for my book. I find some shady one online, sign & flash it — touchscreen doesn't work. But I have the official firmware. I put two and two together and figure out that if the reader is able to display the ui, it probably has the firmware update tool working. So, immediately after flashing, I launch the firmware update utility that picks up my firmware from the second sd card (yes, they have an additional external slot).
Bingo. It works.
So, here are the steps:
1. Find a shady sd serial number detection tool
2. Flash it on a memory card with a shady vendor-specific flashing tool
3. Insert the new (now shady) card
4. Boot, write down the serial number
5. Find a shady boot image online
6. Edit a shady .ini file of a shady self-signing tool to sign the shady boot image
7. Flash the altered shady boot image with the shady flashing tool on your memory card
8. Copy a shady firmware update on a new card
9. Insert both cards
10. Pray4