Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Dear nerds from all over the world,
We get it. 404 pics are funny.
But did you know there other status codes too?
Like...
204 - No Response
301 - Moved
302 - Found
400 - Bad request
401 - Unauthorized
402 - Payment Required
403 - Forbidden
501 - Not Implemented
502 - Service Temporarily Overloaded
I'm sure you'll also find funny situations with these.
Thanks. We're the best!26 -
It's maddening how few people working with the internet don't know anything about the protocols that make it work. Web work, especially, I spend far too much time explaining how status codes, methods, content-types etc work, how they're used and basic fundamental shit about how to do the job of someone building internet applications and consumable services.
The following has played out at more than one company:
App: "Hey api, I need some data"
API: "200 (plain text response message, content-type application/json, 'internal server error')"
App: *blows the fuck up
*msg service team*
Me: "Getting a 200 with a plaintext response containing an internal server exception"
Team: "Yeah, what's the problem?"
Me: "...200 means success, the message suggests 500. Either way, it should be one of the error codes. We use the status code to determine how the application processes the request. What do the logs say?"
Team: "Log says that the user wasn't signed in. Can you not read the response message and make a decision?"
Me: "That status for that is 401. And no, that would require us to know every message you have verbatim, in this case, it doesn't even deserialize and causes an exception because it's not actually json."
Team: "Why 401?"
Me: "It's the code for unauthorized. It tells us to redirect the user to the sign in experience"
Team: "We can't authorize until the user signs in"
Me: *angermatopoeia* "Just, trust me. If a user isn't logged in, return 401, if they don't have permissions you send 403"
Team: *googles SO* "Internet says we can use 500"
Me: "That's server error, it says something blew up with an unhandled exception on your end. You've already established it was an auth issue in the logs."
Team: "But there's an error, why doesn't that work?"
Me: "It's generic. It's like me messaging you and saying, "your service is broken". It doesn't give us any insight into what went wrong or *how* we should attempt to troubleshoot the error or where it occurred. You already know what's wrong, so just tell me with the status code."
Team: "But it's ok, right, 500? It's an error?"
Me: "It puts all the troubleshooting responsibility on your consumer to investigate the error at every level. A precise error code could potentially prevent us from bothering you at all."
Team: "How so?"
Me: "Send 401, we know that it's a login issue, 403, something is wrong with the request, 404 we're hitting an endpoint that doesn't exist, 503 we know that the service can't be reached for some reason, 504 means the service exists, but timed out at the gateway or service. In the worst case we're able to triage who needs to be involved to solve the issue, make sense?"
Team: "Oh, sounds cool, so how do we do that?"
Me: "That's down to your technology, your team will need to implement it. Most frameworks handle it out of the box for many cases."
Team: "Ah, ok. We'll send a 500, that sound easiest"
Me: *..l.. -__- ..l..* "Ok, let's get into the other 5 problems with this situation..."
Moral of the story: If this is you: learn the protocol you're utilizing, provide metadata, and stop treating your customers like shit.22 -
Got bored at work today and tried to write a program to do my job for me. Security and compliance saw it in the logs (trying to run unauthorized program) and came to give me a hug.11
-
Every step of this project has added another six hurdles. I thought it would be easy, and estimated it at two days to give myself a day off. But instead it's ridiculous. I'm also feeling burned out, depressed (work stress, etc.), and exhausted since I'm taking care of a 3 week old. It has not been fun. :<
I've been trying to get the Google Sheets API working (in Ruby). It's for a shared sales/tracking spreadsheet between two companies.
The documentation for it is almost entirely for Python and Java. The Ruby "quickstart" sample code works, but it's only for 3-legged auth (meaning user auth), but I need it for 2-legged auth (server auth with non-expiring credentials). Took awhile to figure out that variant even existed.
After a bit of digging, I discovered I needed to create a service account. This isn't the most straightforward thing, and setting it up honestly reminds me of setting up AWS, just with less risk of suddenly and surprisingly becoming a broke hobo by selecting confusing option #27 instead of #88.
I set up a new google project, tied it to my company's account (I think?), and then set up a service account for it, with probably the right permissions.
After downloading its creds, figuring out how to actually use them took another few hours. Did I mention there's no Ruby documentation for this? There's plenty of Python and Java example code, but since they use very different implementations, it's almost pointless to read them. At best they give me a vague idea of what my next step might be.
I ended up reading through the code of google's auth gem instead because I couldn't find anything useful online. Maybe it's actually there and the past several days have been one of those weeks where nothing ever works? idk :/
But anyway. I read through their code, and while it's actually not awful, it has some odd organization and a few very peculiar param names. Figuring out what data to pass, and how said data gets used requires some file-hopping. e.g. `json_data_io` wants a file handle, not the data itself. This is going to cause me headaches later since the data will be in the database, not the filesystem. I guess I can write a monkeypatch? or fork their gem? :/
But I digress. I finally manged to set everything up, fix the bugs with my code, and I'm ready to see what `service.create_spreadsheet()` returns. (now that it has positively valid and correctly-implemented authentication! Finally! Woo!)
I open the console... set up the auth... and give it a try.
... six seconds pass ...
... another two seconds pass ...
... annnd I get a lovely "unauthorized" response.
asjdlkagjdsk.
> Pic related.
22 -
What's the point of using a framework if you don't use any of its features!? What the heck, I have to fix this damn web frontend that is so broken in many ways.
Instead of using an authentication middleware, every single view has the same block of code to check if a user is authenticated. Instead of templates, they used static HTML/JavaScript files and they passed data to pages through cookies.
The "REST" API is so messed up, nothing is resource-oriented, HTTP methods are chosen randomly as well as status codes. They are returning "412 Precondition Failed" instead of a plain simple "401 Unauthorized" when you're not authenticated! What the hell, did they even bother to check what 412 is about when they copied and pasted it from a crappy website!? I would never come up with 412, not even in my scariest nightmare.
What kind of drugs were they using when they wrote such code? Oh dear, I need a vacation...2 -
A lot of brainwashed people dont care about privacy at all and always say: "Ive got nothing to hide, fuck off...". But that is not true. Any information can be used aginst you in the future when "authorities" will release some kind of Chinas social credit system. Stop selling your data for free to big companies.
https://medium.com/s/story/...6 -
Poorly written docs.
I've been fighting with the Epson T88VI printer webconfig api for five hours now.
The official TM-T88VI WebConfig API User's Manual tells me how to configure their printer via the API... but it does so without complete examples. Most of it is there, but the actual format of the API call is missing.
It's basically: call `API_URL` with GET to get the printer's config data (works). Call it with PUT to set the data! ... except no matter what I try, I get either a 401:Unauthorized (despite correct credentials), 403:Forbidden (again...), or an "Invalid Parameter" response.
I have no idea how to do this.
I've tried literally every combination of params, nesting, json formatting, etc. I can think of. Nothing bloody works!
All it would have taken to save me so many hours of trouble is a single complete example. Ten minutes' effort on their part. tops.
asjdf;ahgwjklfjasdg;kh.5 -
Continuation from :
https://devrant.io/rants/835693/...
Hi everybody! I am sorry that as a first time poster I am building 2 long stories, but I really like the idea of connecting with other people here!
Well, as I was mentioning before, I got a job in Android development and had a blast with it. Me and the developer clicked and would spend our time discussing PHP, the move to other stacks (I was making him love the idea of Django or Spring Java) games, bands and cool stuff like that. This dude was my hero, his own stack was developed in a similar MVC fashion that he had implemented from scratch before for many projects. It was through him that I learned how to use my own code (rather than frameworks and other libraries) to build what I wanted. I seriously thought that I had it made with a position that respected me and placed me in the lead mobile development position of the company. Then it happened. He had taken 2 weeks of unauthorized leave, which was ok since he was best friends with the owner of the company, those 2 along another asshole started it so they could do whatever they wanted. And I could not make much progress without him being there since there were things that he needed to do, that I was not allowed, for me to continue. When he came back I was quickly rushed to the owner of the company's office to discuss my lack of progress. The lead developer was livid, as if he knew that he had fucked up. He blamed the whole thing on me (literally told the owner that it was my fault before I was summoned) and that we lost 2 weeks of business time because I did not had the initiative to make progress on my own. I felt absolutely horrible, someone that I had trusted and befriended doing something like that, I really felt like shit. I had mad respect and love for this guy. It got heated, I showed the owner the text messages in which I showed him my pleas to led me finish the parts that were needed while he was away. Funny enough, he acted betrayed. After that it was 3 months of barely talking to one another except for work related stuff. He got cold and would barely let me touch the internal code that he was developing. It was painful. The owner kept complaining about progress and demanded that I do a document scanner for the company, which was to be attached to their mobile application. Not only that but it had to be done with OpenCV. Now, CV is great, but it is its own area, it takes a while to be able to develop something nice with it that is efficient and not a shitstorm.
I had two weeks.
Finished in one. After burning my brain and ensuring that the c++ code was not giving issues and the project was steady I turned it in...to their dismay. And I say so because I felt that they gave me such a huge project with the intention of firing me if it was not done. After that it was constant shit from the owner and the lead developer. I was asked then to port the code to the IOS version. I had some knowledge of it already so I started working on it. Progress was fast since the initial idea was already there and I really love working on Apple devices. And when I was 70% done the owner decided to cut me loose. At first he cited things such as lack of funding and him being unable to pay my salary. I was fine with that even though I knew it was not true. So at the time I just nodded and thanked the company for my time there. Before I left, he decided to blame it on me, stating that if they were not producing money that it was perhaps my fault. I lost my shit, and started using my military voice to explain to him how a software company is normally ran. Then I stormed out.
It was known to me, that the lead developer had actually argued against me being laid off. And that he was upset about it, we made amends, but the fact remains that I was laid off because the owner did not think of me as an asset, regardless of how many times I worked alongside the lead developer or how valuable I was actually to the company, their infrastructure did get better while we worked together, so I just assumed that he never actually did any mention of my value.
I lasted 2 months without a job, feeling horribly shitty because my wife had to work harder to ensure our stability whilst I was without any sort of salary. At this time I had already my degree, so all I had to do was look better. In the meantime I decided to study more about other technologies. I learn React, and got way better at JS and Node that I thought I could and was finally able to get another job as a full stack developer for another company.
I have been here since 2 months. It has been weird, we do classic ASP, which is completely pointless at this time, but meh. At this time though, I just don't really have the same motivation. Its really hard for me to trust the people that I work with and would like to connect with more developers.21 -
Someone once sent me an email talking about vulnerabilities in my website. He sent a full document with step by step instructions and code.
I emailed back and said woah! Thanks for the heads up I really appreciate it!
He responds back and says
"usually people send a payment as thank you"
I said sorry we're poor.
And he responds with "should I disclose the issue to your users?"
I said "we have like 6 users and most of them are my mom. Lol"
This was the email title:
Vulnerability Report 1 : Clickjacking On Login Lead to Account Takeover Of Any User/Cross Site Scripting Attacks/User Account Privilege Escalation/Victim Privilege Escalation/Malware Execution/Victim PC Hijack/Unauthorized Access To Any User Account/Account Takeover Of All The Users Registered On Your Application11 -
Years ago I used to work a guvmant site. They had really strict security rules for internet and how you spent your time. Makes sense considering what that site did. I was a support engineer for some of their process control equipment.
I was approached by an operator supervisor to install dvd player software on a business machine (non process related). Basically just a general purpose PC with no function other than time cards and general office use. I was fine with the request, but the reason was for watching movies during a holiday period by the operators. Not for anything official. So I made some noise about my dislike of this request feigning moral superiority. But the supervisor swore up and down it was for "training" dvds.
So I wrote a simple windows script. The script basically popped up a window that said:
"Security has detected unauthorized media inserted into this machine. Please state the reason for this infraction." It provided a dialog to enter a justification. After you entered the justification it said: "Security has been contacted and your user logged. You will be contacted shortly."
This script was then attached to the supervisors Start folder so it ran when he, and only he logged in. We made sure the "training" video (some movie) was already inserted at this point.
He logged in. He just about shit his pants when reading this. He promptly logged and left the building to walk somewhere else in the site. We called him and let him know it was a gag. His response: That son of a bitch Demolishun!2 -
There comes that dreaded time in the life of a developer working in a conservative, borderline medieval corporate, where darkness sweeps over the land and the evil lords rummage through every peasant's hovel searching for the forbidden - AKA software audit.
So I made a list of all the unauthorized open source code we desperately rely on, and we decided as a team to go down in flames and gloriously fail the audit, a legend of sacrifice that shall be passed on in hushed voices.3 -
WARNING: There is a dangerous malware out in the wild, and chances are, you have it installed on your computer.
It's called Windows Update, and it is marketed as a software that "delivers security patches to your PC". Wrong. What it actually does is hard-reboot your computer at randomly picked time intervals without asking for your consent, or even showing any type of warning, basically deleting all unsaved progress that you've made in your programs or games. It also deletes/undoes all registry tweaks that you might have made (e.g. to the context menu), it deletes your nvidia display configurations, uninstalls any custom themes that you might have installed, possibly even downloads another malware disguised as "Microsoft Edge" and shoves it in your face on next boot without giving a possibility to close it. Oh and it might also make your computer unbootable so you have to go to the advanced recovery settings to fix it manually.
Yes, everything I just mentioned above happened to me about an hour ago. This LITERALLY classifies the software as a malware (Google: "software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system"). If we throw in all the data collection that happens without your consent, Microsoft actually manages to check not only one, but all three boxes in the "malware" definition.
Pleas, stop using microshit, and switch to linux as soon as possible if you can.24 -
Today somebody claimed they have the "copyright" of responsive websites.
First of all, I'm here for almost a year now, but this is my first rant. Hello guys!
(linuxxx, call me)
This didn't happen to me.
So, it begins like this:
Some client called us and said "[INSERT_COMPANY_NAME] called us and said they have the copyright of all responsive websites, asking money."
I hanged up, laughed hard and visited [INSERT_COMPANY_NAME] website and saw this:
- Each website that uses the solution must report the domain name in order to register it.
- If a company undertakes web site design, it is the company responsibility to inform and record.
- Any unauthorized website will be considered unauthorized and a violation case will be opened.
...
Pricing (Currency Converted to Dollars)
1 Website ~$260
2 - 10 Website ~$1300
...
Well, eventually I reported this to government. I unmasked this fraud.
OR DID I?
Their site is saying this now: "We do not serve this to anyone except government now, you are making nonsense and we do not want nonsense."
So I posted it on a forum, asking what can we do.
We are suing this company now. Yeah, I said "we".
PS: If we cannot win this, I'll get the copyright of subdomains.1 -
> phone has OEM unlock disabled
> phone is vulnerable to like 300 race conditions
> reboot phone, get to menu as fast as possible
> sure enough, what do you fucking know, option is unblocked for a split second if I get to and open the dev settings perfectly
> manage to pull it off again
> SETTING STAYS ON AFTER REBOOTING we have ourselves a winner
it's never this easy, i have yet to check if it has a key or not, will keep you posted, but if this all works this will have been the most retardedly-simple unauthorized bootloader unlock ever5 -
https://thehackernews.com/2019/11/...
Facebug secretly opens a camera on iphones: a bug or a malicious behaviour?
OFC IT'S A BUG!!!! FB DOES NOT UPLOAD ANY PICTURES W/O AUTHORIZATION!!! FB IS GOOD!
/s7 -
SO MAD. Hands are shaking after dealing with this awful API for too long. I just sent this to a contact at JP Morgan Chase.
-------------------
Hello [X],
1. I'm having absolutely no luck logging in to this account to check the Order Abstraction service settings. I was able to log in once earlier this morning, but ever since I've received this frustratingly vague "We are currently unable to complete your request" error message (attached). I even switched IP's via a VPN, and was able to get as far as entering the below Identification Code until I got the same message. Has this account been blocked? Password incorrect? What's the issue?
2. I've been researching the Order Abstraction API for hours as well, attempting to defuddle this gem of an API call response:
error=1&message=Authentication+failure....processing+stopped
NOWHERE in the documentation (last updated 14 months ago) is there any reference to this^^ error or any sort of standardized error-handling description whatsoever - unless you count the detailed error codes outlined for the Hosted Payment responses, which this Order Abstraction service completely ignores. Finally, the HTTP response status code from the Abstraction API is "200 OK", signaling that everything is fine and dandy, which is incorrect. The error message indicates there should be a 400-level status code response, such as 401 Unauthorized, 403 Forbidden or at least 400 Bad Request.
Frankly, I am extremely frustrated and tired of working with poorly documented, poorly designed and poorly maintained developer services which fail to follow basic methodology standardized decades ago. Error messages should be clear and descriptive, including HTTP status codes and a parseable response - preferably JSON or XML.
-----
This whole piece of garbage is junk. If you're big enough to own a bank, you're big enough to provide useful error messages to the developers kind enough to attempt to work with you.
2 -
Public REST (-inspired) API. Should I skip numeric IDs because it's easy for consumers to snoop around?
Example:
POST api/foo
201 Created api/foo/69
Uh, I'll get 68 just because I can. Hopefully it returns Unauthorized, unless we some kind of bug.
Is it just security by obscurity if I use, like, guids or something instead of sequental IDs?17 -
Part 1: https://devrant.com/rants/4298172/...
So we get this guy in a meeting and he is now saying "we can't have application accounts because that violates our standard of knowing who accessed what data - the application account anonamizes the user behind the app account data transaction and authorization"
And so i remind him that since it's an application account, no one is going to see the data in transit (for reference this account is for CI/CD), so the identity that accessed that data really is only the app account and no one else.
This man has the audacity to come back with "oh well then thats fine, i cant think of a bunch of other app account ideas where the data is then shown to non-approved individuals"
We have controls in place to make sure this doesnt happen, and his grand example that he illustrates is "Well what if someone created an app account to pull github repo data and then display that in a web interface to unauthorized users"
...
M******* why wouldnt you JUST USE GITHUB??? WHO WOULD BUILD A SEPARATE APPLICATION FOR THAT???
I swear I have sunk more time into this than it would have costed me to mop up from a whole data breach. I know there are situations where you could potentially expose data to the wrong users, but that's the same issue with User Accounts (see my first rant with the GDrive example). In addition, the proposed alternative is "just dont use CI/CD"!!!
I'm getting pretty pissed off at this whole "My compliance is worth more than real security" bullshit. -
"When you set up the new app instance, can you set an easier password for our account? No special characters or numbers"
Sure. It's not like having a strong password prevented unauthorized access in the first place. BECAUSE YOU GAVE THE FUCKING LOGIN DETAILS TO AN UNAUTHORIZED 3rd PARTY! Which incidentally is why I now have to set up a new app instance... -
Aside from simple programs I wrote by hand-transcribing code from the "Basic Training" section of 3-2-1 Contact magazine when I was a kid in the '80s, I would say the first project I ever undertook on my own that had a meaningful impact on others was when I joined a code migration team when I was 25. It was 2003.
We had a simple migration log that we would need to fill out when we performed any work. It was a spreadsheet, and because Excel is a festering chunk of infected cat shit, the network-shared file would more often than not be locked by the last person to have the file open. One night after getting prompted to open the document read-only again, I decided I'd had it.
I went to a used computer store and paid $75 out of pocket for an old beater, brought it back to the office, hooked it to the network, installed Lunar Linux on it, and built a simple web-based logging application that used a bash-generated flat file backend. Two days later, I had it working well enough to show it to the team, and they unanimously agreed to switch to it, rather than continue to shove Excel's jagged metal dick up our asses.
My boss asked me where I was hosting it, as such an application in company space would have certainly required his approval to procure. I showed him the completely unauthorized Linux machine(remember, this was 2003, when fortune 500 corporations, such as my employer, believed Ballmer's FUD-spew about Linux being a "virus" was real and not nonsense at all), and he didn't even hesitate to back me up and promise to tell the network security gestapo to fuck off if they ever came knocking. They never did.
I was later informed that the team continued to use the application for about five years after I left. -
I am trying to implement an API. It has a very good documentation, everything is written clear and simple, along with
- HTTP 401 on unauthorized request and
- Error codes from 1-35 with definitions
Opened the provided sample file, changed the username, password and client code fields to our own in the source, then tried the request. The Response:
HTTP 200
{"ErrorCode":-1,"ErrorDescription":"Unauthorized."}
Well, thank you very much! 🤬2 -
Spent an hour trying to figure out why my API request was returning unauthorized, turned out I had a trailing space after the ID (hard coded for testing purpose) T_T4
-
Since the last update of the company antivirus some things became terribly slow, like IE dev tools, they are standard slow, but now they ere horribly slow, copying a 500MB file over the network to my pc now takes 10 minutes and the worst part is git. Git is unusably slow so i can't use git-tfs anymore and have to use standard TFS again.
And whenever all of this is happening there is always the same thing on the top spot of CPU usage 'trend micro unauthorized change prevention service'.
Oh how I hate that antivirus crap -
either my DietPi setup (PAM in particular) got traumatized by me going away for a weekend and started lisping, or I need a new SD card.
Damn it...
3 -
Someone wrote some error handling middleware for the whole application.
Then someone wrote some default classes for HTTP errors; BadRequest, Unauthorized and so on.
If I didn't know any better, I'd think throwing one of these default errors would give the proper status code, instead of default everything to 500.
But alas, I do know better.
1 -
This has been bothering me for a while. I have an old freelance client of mine I’ve created an web site for (his company) it was small one so I took the complete payment before deployment and I needed no contract. I deployed the complete version of the site on my server, bought the domain for his company under my name and it has been running for a year now.
Lately he had asked me to give admin privileges to his son (cs student 1y) to upload some photos of their new building. I noticed he ruined several functions on the site in doing so, but I was never paid to support that just the hosting for a year.
When I was making the design I made a simple but pretty logo as a placeholder for the site which went in production since they never gave me company logo. All good, no contract small cash all delivered, everyone happy.
Up until few days when I saw my f**king logo cut out from the site as 250px jpeg and made as a huge banner on the company building..
From my pov I would’ve never given permission to use that since its not something i’m proud of and would suggest to make a better one for a fee. I see this as stolen/unauthorized use of intellectual property. But the laws are super shitty in our country so at this point I am stuck at taking their site, domain a hostage until they pay for the logo they used or take it down or taking legal actions.. we never signed anything about that logo.4 -
Gaining root in Macs by not using a password, a vulnerability in HomeKit devices allowing unauthorized remote access.
https://9to5mac.com/2017/12/...
Next you tell me FaceID isn't as secure as you want me to believe.
Oh, wait...1 -
How difficult is it to create a custom 401 page in apache while requiring basic auth for the web root. I cant work out how to allow just the file /401.php
I keep getting:
Additionally, a 401 Unauthorized error was encountered while trying to use an ErrorDocument to handle the request.
Any suggestions?
I've tried the following
ErrorDocument 401 /401.php
<Directory "/var/www/glype">
AuthType Basic
AuthName "Site Under Construction - Dev Only"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<Files "/var/www/glype/401.php">
order Deny,Allow
Allow from all
</Files>
What am I doing wrong2 -
I recently became manager of the student radio at my university. Our servers are extremely old and insecure, so I am currently working on getting some new servers up hosted by the university’s IT department as a replacement.
Meanwhile, a few days ago someone unauthorized have fucking accessed our server, deleted /home folder and a bunch of other shit, then cleared the history of the user. Why the fuck what someone do that? What the fuck did they achieve? What is the fucking point? That fucking piece of shit left his IP address though when he signed out from the server...
I just don’t fucking get why the fuck someone would do that? They don’t achieve a fucking shit about it, only fucks with us trying to save the radio from dying.4 -
How to protect API endpoints from unauthorized usage by bots?
If the API end points are meant to be used by any incoming to CSR frontend user without prior registration?
So far, my the only idea is going from pure CSR React to something with partial SSR at least in Node.js, Django or any other backend framework. I would be able restricting some API endpoints usage to specific allowed server ip.
Next.js allows dynamically both things as well.
As alternative I have a guess to invent some scheme with temporally issued tokens... But all my scheme ideas I can break really easily so far.
Any options? If SSR is my only choice, what would you recommend as best option in already chosen Django and not decided fully front-end framework?
I have the most crazy idea to put some CSR frontend framework literally into my django backend and making initial SSR from it. The only thing its missing... my lack of skills how to use React, but perhaps I have enough time to get a hang of it.
SSRed frontend can be protected with captcha means at least.16 -
Hey their did anybody notice unauthorized login attempt over ssh. Means I have a demo digitalocean droplet I just left it for some logs their isn't any imp data over but when I try to ssh back that machine after an interval of max 5 to 6 days after login message displayed their were 9876 login attempts were made, then I directly go to ssh log over secure log file get all those IP, found out max were from China some from France and all are doing random login names like user, admin etc etc and with random password over multiple ports even non standard one, is anyone finds this happening10
-
Taking my company's Security training... One of the rules was don't download unauthorized programs.
Find except we're devs so if we really need a program we could write our own that does the same thing
But yes lots of things mentioned we shouldn't do that well I think any sane person would do...
Wondering are they trying to make everyone quit or is this like double speak?
Do all companies do this?4 -
I created a custom interface for an LMS that allows students to see their marks even if they haven't been 'shared' yet by their teachers. This is all done without accessing any unauthorized apis, as the LMS always returns all student marks and then hides the ones with a False 'shared' key. School administration caught me, so I've now shut it down. I have a meeting with the deans tomorrow. Any advice? (Again, this is all done using existing methods found within this LMS)5
-
my APAP's SD card died and I had a generic 2GB one kicking around unused
>formats as FAT16
>inserts
UNAUTHORIZED CARD
>hmm
>zeroes drive
>forgets to reformat
>inserts
Formatting SD Card... done.
Space available: 1.8GB
Set as Primary Log Storage
>:megathink:
>checks format
>FAT16
>reinserts
UNAUTHORIZED CARD
>wipes MBR/PT
Formatting SD Card... done.
Space available: 1.8GB
Set as Primary Log Storage
and that's the story of how i managed to not need to spend $200 on a proprietary SD card for my APAP2 -
I have a couple of "at risk" teens (I won't say what) who need an extra level of Internet filtering and restriction for their own protection against their use of really bad judgment. I've already enabled the OpenDNS parental control URL/content filters on my Netgear R8000 router but one of the teens has figured out how to install a VPN on mobile. I want to enable the router's OpenVPN feature for better overall security for all of us. But is there a way to block the use of an "unauthorized" VPN, like on a mobile device, without also effectively blocking my router's OpenVPN as well? I was looking at this post (https://community.netgear.com/t5/...) but wondered if anyone here has experience with this.6
-
Android 13 will Unlock Certain Device Controls even when Locked
Android 13 is the newest operating system that will be available soon. The OS comes with a range of new features, one of which is unlocking certain device controls even when the device is locked. This is a game-changer that will significantly enhance the user experience.
Introduction
The Android operating system has undergone numerous changes since its inception. With every new release, users are treated to new features that enhance the overall user experience. Android 13 is no different, and it promises to revolutionize the way we interact with our devices. One of the most exciting features of Android 13 is unlocking certain device controls even when the device is locked. In this article, we'll take a closer look at this feature and explore its implications for users.
What is Android 13?
Before we delve into the details of Android 13, let's take a moment to understand what it is. Android is an operating system designed primarily for mobile devices such as smartphones and tablets. It was developed by Google and is currently the most widely used mobile operating system in the world. Android 13 is the latest version of this operating system, and it comes with a range of new features that will make it even more user-friendly.
Device Control Access
One of the most exciting features of Android 13 is the ability to access certain device controls even when the device is locked. This means that users will be able to control various functions of their device without having to unlock it. Some of the controls that will be accessible include the flashlight, camera, and voice assistant.
How will it work?
The process of accessing device controls when the device is locked will be straightforward. Users will only need to swipe left on the lock screen to access a new panel that will display the controls. The controls will be easy to use, and users will be able to activate or deactivate them with a single tap. This feature will make it easier for users to perform certain tasks without having to unlock their device.
Implications for Users
The ability to access certain device controls when the device is locked will have several implications for users. Firstly, it will make it easier for users to perform certain tasks quickly. For example, if you need to use the flashlight, you won't have to go through the process of unlocking your device and navigating to the flashlight app. Instead, you can simply access the flashlight control from the lock screen.
Secondly, this feature will enhance the security of the device. By limiting access to certain controls, users can ensure that their device remains secure even when it is locked. For example, the camera control will only be accessible when the device is unlocked, which will prevent unauthorized users from taking pictures or videos.
Other Features of Android 13
Apart from the device control access feature, Android 13 comes with several other exciting features. These include:
Improved Privacy Controls
Android 13 comes with improved privacy controls that give users more control over their data. Users will be able to decide which apps have access to their location, contacts, and other sensitive data.
Enhanced Multitasking
Multitasking has always been a key feature of Android, and Android 13 takes it to the next level. Users will be able to view multiple apps at the same time, making it easier to switch between them.
New Messaging Features
Android 13 comes with new messaging features that will make it easier for users to communicate with their friends and family. These include the ability to react to messages with emojis and the ability to schedule messages.
2 -
Firebase local emulator decides to just break for no reason. All of a sudden all requests are unauthorized (even though I haven't changed anything in the authentication process of my app).
W H Y
Yay, I just need to debug for 5 hours and then the thing is going to fix itself without any explanation.
Top Tags
Weekly Rant
View