Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "what even is security"
After over 20 years as a Software Engineer, Architect, and Manager, I want to pass along some unsolicited advice to junior developers either because I grew through it, or I've had to deal with developers who behaved poorly:
1) Your ego will hurt you FAR more than your junior coding skills. Nobody expects you to be the best early in your career, so don't act like you are.
2) Working independently is a must. It's okay to ask questions, but ask sparingly. Remember, mid and senior level guys need to focus just as much as you do, so before interrupting them, exhaust your resources (Google, Stack Overflow, books, etc..)
3) Working code != good code. You are an author. Write your code so that it can be read. Accept criticism that may seem trivial such as renaming a variable or method. If someone is suggesting it, it's because they didn't know what it did without further investigation.
4) Ask for peer reviews and LISTEN to the critique. Even after 20+ years, I send my code to more junior developers and often get good corrections sent back. (remember the ego thing from tip #1?) Even if they have no critiques for me, sometimes they will see a technique I used and learn from that. Peer reviews are win-win-win.
5) When in doubt, do NOT BS your way out. Refer to someone who knows, or offer to get back to them. Often times, persons other than engineers will take what you said as gospel. If that later turns out to be wrong, a bunch of people will have to get involved to clean up the expectations.
6) Slow down in order to speed up. Always start a task by thinking about the very high level use cases, then slowly work through your logic to achieve that. Rushing to complete, even for senior engineers, usually means less-than-ideal code that somebody will have to maintain.
7) Write documentation, always! Even if your company doesn't take documentation seriously, other engineers will remember how well documented your code is, and they will appreciate you for it/think of you next time that sweet job opens up.
8) Good code is important, but good impressions are better. I have code that is the most embarrassing crap ever still in production to this day. People don't think of me as "that shitty developer who wrote that ugly ass code that one time a decade ago," They think of me as "that developer who was fun to work with and busted his ass." Because of that, I've never been unemployed for more than a day. It's critical to have a good network and good references.
9) Don't shy away from the unknown. It's easy to hope somebody else picks up that task that you don't understand, but you wont learn it if they do. The daunting, unknown tasks are the most rewarding to complete (and trust me, other devs will notice.)
10) Learning is up to you. I can't tell you the number of engineers I passed on hiring because their answer to what they know about PHP7 was: "Nothing. I haven't learned it yet because my current company is still using PHP5." This is YOUR craft. It's not up to your employer to keep you relevant in the job market, it's up to YOU. You don't always need to be a pro at the latest and greatest, but at least read the changelog. Stay abreast of current technology, security threats, etc...
These are just a few quick tips from my experience. Others may chime in with theirs, and some may dispute mine. I wish you all fruitful careers!177
I know it wasn't ethical, but I had to do it.
Semester 4 started this week, we all got to vote which day we wanted the lecture to be held on. There were quite a few options. My preference was Monday at 7:30pm.
So I entered the poll, as I have every other semester. But I noticed something, this particular poll didn't require any form of identification. Not even a Student ID.
I dug deeper, found that it used local cookies to store weather you'd voted or not, this is obviously a security problem, so I opened up Python and wrote a simple Selenium program to automate this process.
I called it the "Vote Smasher". First it would open the webpage, then it would choose Monday 7:30pm and vote. Then it would clear it's cookies, refresh and do it over again.
I ran it fifty times.
Can you guess what the revealed vote was for UCD SP4 IT was?
I heard my lecturer mutter:
"The votes aren't usually this slanted..."
I could hardly contain my giggles.
My vote won by about fifty over the others 😂
Let me just say, it was his fault for choosing such a naive poll system in the first place 😉38
This rant is a confession I had to make, for all of you out there having a bad time (or year), this story is for you.
Last year, I joined devRant and after a month, I was hired at a local company as an IT god (just joking but not far from what they expected from me), developer, web admin, printer configurator (of course) and all that in my country it's just called "the tech guy", as some of you may know.
I wasn't in immediate need for a full-time job, I had already started to work as a freelancer then and I was doing pretty good. But, you know how it goes, you can always aim for more and that's what I did.
The workspace was the usual, two rooms, one for us employees and one for the bosses (there were two bosses).
Let me tell you right now. I don't hate people, even if I get mad or irritated, I never feel hatred inside me or the need to think bad of someone. But, one of the two bosses made me discover that feeling of hate.
He had a snake-shaped face (I don't think that was random), and he always laughed at his jokes. He was always shouting at me because he was a nervous person, more than normal. He had a tone in his voice like he knew everything. Early on, after being yelled for no reason a dozen of times, I decided that this was not a place for me.
After just two months of doing everything, from tech support to Photoshop and to building websites with WordPress, I gave my one month's notice, or so I thought. I was confronted by the bosses, one of which was a cousin of mine and he was really ok with me leaving and said that I just had to find a person to replace me which was an easy task. Now, the other boss, the evil one, looked me on the eye and said "you're not going anywhere".
I was frozen like, "I can't stay here". He smiled like a snake he was and said "come on, you got this we are counting on you and we are really satisfied with how you are performing till now". I couldn't shake him, I was already sweating. He was rolling his eyes constantly like saying "ok, you are wasting my time now" and left to go to some basketball practice or something.
So, I was stuck there, I could have caused a scene but as I told you, one of the bosses was a cousin of mine, I couldn't do anything crazy. So, I went along with it. Until the next downfall.
I decided to focus on the job and not mind for the bad boss situation but things went really wrong. After a month, I realised that the previous "tech guy" had left me with around 20 ancient Joomla - version 1.0 websites, bursting with security holes and infested with malware like a swamp. I had never seen anything like it. Everyday the websites would become defaced or the server (VPN) would start sending tons of spam cause of the malware, and going offline at the end. I was feeling hopeless.
And then the personal destruction began. I couldn't sleep, I couldn't eat. I was having panick attacks at the office's bathroom. My girlfriend almost broke up with me because I was acting like an asshole due to my anxiety issues (but in the end she was the one to "bring me back"(man, she is a keeper)) and I hadn't put a smile on my face for months. I was on the brink of depression, if not already there. Everyday I would anxiously check if the server is running because I would be the one to blame, even though I was trying to talk to the boss (the bad one was in charge of the IT department) and tell him about the problem.
And then I snapped. I finally realised that I had hit rock bottom. I said "I can't let this happen to me" and I took a deep breath. I still remember that morning, it was a life-changing moment for me. I decided to bite the bullet and stay for one more month, dealing with the stupid old server and the low intelligence business environment. So, I woke up, kissed my girlfriend (now wife), took the bus and went straight to work, and I went into the boss's office. I lied that I had found another job on another city and I had one month in order to be there on time. He was like, "so you are leaving? Is it that good a job the one you found? And when are you going? And are you sure?", and with no hesitation I just said "yup". He didn't expect it and just said "ok then", just find your replacement and you're good to go. I found the guy that would replace me, informing him of every little detail of what's going on (and I recently found out, that he is currently working for some big company nowadays, I'm really glad for him!).
I was surprised that it went so smoothly, one month later I felt the taste of freedom again, away from all the bullshit. Totally one of the best feelings out there.
I don't want to be cliche, but do believe in yourself people! Things are not what the seem.
With all that said, I want to give my special thanks to devRant for making this platform. I was inactive for some time but I was reading rants and jokes. It helped me to get through all that. I'm back now! Bless you devRant!
I'm glad that I shared this story with all of you, have an awesome day!17
Me: *enters password on phone (long PIN)*
Person next to me is looking at my phone WHILE I enter my password, and as I look at him, he doesn't even turn away and even has the nerve to say:
"Wow, why do you have such a long password!"
Μy answer: "Because of security reasons."
What I actually wanted to say:
"Because of pieces of SHIT like you who can't keep their eyes to themselves, even when PASSWORDS are involved, you FUCK! Guess why everytime I enter a password in public, I have to dim my screen and turn my screen sideways? Because of fuckheads like you, not knowing shit about privacy and security! Fuck you!"8
Navy story time again. Grab that coffee and fire up Kali, the theme is security.
So, when I got promoted to Lieutenant Jr. I had to attend a 1-year school inside my nostalgic Naval Academy... BUT! I was wiser, I was older... and I was bored. Like, really bored. What could go wrong? Well, all my fellow officers were bored too, so they started downloading/streaming/torrenting like crazy, and I had to wait for hours for the Kali updates to download, so...
mdk3 wlan0mon -d
I had this external wifi atheros card with two antennae and kicked all of them off the wifi. Some slightly smarter ones plugged cables on the net, and kept going, enjoying much faster speeds. I had to go to the bathroom, and once I returned they had unplugged the card. That kind of pissed me off, since they also thought it would be funny to hide it, along with the mouse.
But, oh boy, they had no idea what supreme asshole I can be when I am irked.
So, arpspoof it is. Turns out, there were no subnetworks, and the broadcast domain was ALL of the academy. That means I shut EVERYONE off, except me. Hardware was returned in 1 minute with the requested apologies, but fuck it, I kept the whole academy off the net for 6 hours. The sysadmin ran around like crazy, because nothing was working. Not even the servers.
I finally took pity on the guy (he had gotten the duties of sysadmin when the previous sysad died, so think about that) and he almost assaulted me when I told him. As it turned out, the guy never had any training or knowledge on security, so I had to show him a few things, and point him to where he could study about the rest. But still, some selective arp poison on select douchebags was in order...
Needless to say, people were VERY polite to me after that. And the net speed was up again, so I got bored. Again. So I started scanning the net.
To be continued...3
I guess that is what you get for bringing up security issues on someones website.
Not like I could read, edit or delete customer or company data...
I mean what the shit... all I did was try to help and gives me THIS? I even offered to help... maybe he got angry cause I kind of threw it in his face that the whole fucking system is shit and that you can create admin accounts with ease. No it's not a framework or anything, just one big php file with GET parameters as distinction which function he should use. One fucking file where everything goes into.21
It was fun to watch my entire high school (~1200 people) freak out when I ran "net send * Big brother is watching you..." on what I found to be an insecure computer in my high school's library. Every single computer in the building displayed the pop up message. The town's IT director even showed up to figure out what happened.
I was caught, but they were more happy it wasn't a hacker, and that I discovered that the IT firm the town hired totally botched properly implementing network security, so I was let off the hook.5
The craziest shit in my life just happened.
I left my laptop(basically my whole life) and my handbag at my dinner table and went to the the toilet for 4 minutes. I live in a ground-house in a rural area, and the front door wasn't locked.
After I exited the bathroom I noticed eevrything was gone. My laptop, my bags, my wallet. Everything. I panicked.
I quickly informed the local security authority while canceling my credit card and resetting all of my credentials, they with the help of the police they tracked the theives in 10 minutes in a neighboring town, with what it seems all of my stuff intact, which I am supposed to get tommorow.
This is both insane and a miracle. I am speechless and thankful to G-d. This is divine providence. I can't explain it in any other explanation
Watch over your stuff like your life depends on them. Don't ever leave your laptop even for a few minutes.8
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there25
I have been a mobile developer working with Android for about 6 years now. In that time, I have endured countless annoyances in the Android development space. I will endure them no more.
My complaints are:
1. Ridiculous build times. In what universe is it acceptable for us to wait 30 seconds for a build to complete. Yes, I've done all the optimisations mentioned on this page and then some. Don't even mention hot reload as it doesn't work fast enough or just does not work at all. Also, buying better hardware should not be a requirement to build a simple Android app, Xcode builds in 2 seconds with a 8GB Macbook Air. A Macbook Air!
2. IDE. Android Studio is a memory hog even if you throw 32GB of RAM at it. The visual editors are janky as hell. If you use Eclipse, you may as well just chop off your fingers right now because you will have no use for them after you try and build an app from afresh. I mean, just look at some of the posts in this subreddit where the common response is to invalidate caches and restart. That should only be used as a last resort, but it's thrown about like as if it solves everything. Truth be told, it's Gradle's fault. Gradle is so annoying I've dedicated the next point to it.
3. Gradle. I am convinced that Gradle causes 50% of an Android developer's pain. From the build times to the integration into various IDEs to its insane package management system. Why do I need to manually exclude dependencies from other dependencies, the build tool should just handle it for me. C'mon it's 2019. Gradle is so bad that it requires approx 54GB of RAM to work out that I have removed a dependency from the list of dependencies. Also I cannot work out what properties I need to put in what block.
4. API. Android API is over-bloated and hellish. How do I schedule a recurring notification? Oh use an AlarmManager. Yes you heard right, an AlarmManager... Not a NotificationManager because that would be too easy. Also has anyone ever tried running a long running task? Or done an asynchronous task? Or dealt with closing/opening a keyboard? Or handling clicks from a RecyclerView? Yes, I know Android Jetpack aims to solve these issues but over the years I have become so jaded by things that have meant to solve other broken things, that there isn't much hope for Jetpack in my mind 😤
5. API 2. A non-insignificant number of Android users are still on Jelly Bean or KitKat! That means we, as developers, have to support some of your shitty API decisions (Fragments, Activities, ListView) from all the way back then!
6. Not reactive enough. Android has support for Databinding recently but this kind of stuff should have been introduced from the very start. Look at React or Flutter as to how easy it is to make shit happen without any effort.
7. Layouts. What the actual hell is going on here. MDPI, XHDPI, XXHDPI, mipmap, drawable. Fuck it, just chuck it all in the drawable folder. Seriously, Android should handle this for me. If I am designing for a larger screen then it should be responsive. I don't want to deal with 50 different layouts spread over 6 different folders.
8. Permission system. Why was this not included from the very start? Rogue apps have abused this and abused your user's privacy and security. Yet you ban us and not them from the Play Store. What's going on? We need answers.
9. In Android, building an app took me 3 months and I had a lot of work left to do but I got so sick of Android dev I dropped it in favour of Flutter. I built the same app in Flutter and it took me around a month and I completed it all.
If you're a new dev, for the love of all that is good in this world, do NOT get into Android development. Start with Flutter or even iOS. On Flutter and build times are insanely fast and the hot reload is under 500ms constantly. It's a breath of fresh air and will save you a lot of headaches AND it builds for iOS flawlessly.
To the people who build Android, advocate it and work on it, sorry to swear, but fuck you! You have created a mess that we have to work with on a day-to-day basis only for us to get banned from the app store! You have sold us a lie that Android development is amazing with all the sweet treat names and conferences that look bubbly and fun. You have allowed to get it so bad that we can't target an API higher than 18 because some Android users are still using devices that support that!
End this misery. End our pain. End our suffering. Throw this abomination away like you do with some of your other projects and migrate your efforts over to Flutter. Please!
#NoToGoogleIO #AndroidSummitBoycott #FlutterDev #ReactNative16
Look I understand online privacy is a concern and we should really be very much aware about what data we are giving to whom. But when does it turn from being aware to just being paranoid and a maniac about it.? I mean okay, I know facebook has access to your data including your whatsapp chat (presumably), google listens to your conversations and snoops on your mail and shit, amazon advertises that you must have their spy system (read alexa) install in your homes and numerous other cases. But in the end it really boils down to "everyone wants your data but who do you trust your data with?"
For me, facebook and the so-called social media sites are a strict no-no but I use whatsapp as my primary chating application. I like to use google for my searches because yaa it gives me more accurate search results as compared to ddg because it has my search history. I use gmail as my primary as well as work email because it is convinient and an adv here and there doesnt bother me. Their spam filters, the easy accessibility options, the storage they offer everything is much more convinient for me. I use linux for my work related stuff (obviously) but I play my games on windows. Alexa and such type of products are again a big no-no for me but I regularly shop from amazon and unless I am searching for some weird ass shit (which if you want to, do it in some incognito mode) I am fine with coming across some advs about things I searched for. Sometimes it reminds me of things I need to buy which I might have put off and later on forgot. I have an amazon prime account because prime video has some good shows in there. My primary web browser is chrome because I simply love its developer tools and I now have gotten used to it. So unless chrome is very much hogging on my ram, in which case I switch over to firefox for some of my tabs, I am okay with using chrome. I have a motorola phone with stock android which means all google apps pre-installed. I use hangouts, google keep, google map(cannot live without it now), heck even google photos, but I also deny certain accesses to apps which I find fishy like if you are a game, you should not have access to my gps. I live in India where we have aadhar cards(like the social securtiy number in the USA) where the government has our fingerprints and all our data because every damn thing now needs to be linked with your aadhar otherwise your service will be terminated. Like your mobile number, your investment policies, your income tax, heck even your marraige certificates need to be linked with your aadhar card. Here, I dont have any option but to give in because somehow "its in the interest of the nation". Not surprisingly, this thing recently came to light where you can get your hands on anyone's aadhar details including their fingerprints for just ₹50($1). Fuck that shit.
There are and should be always exceptions when it comes to privacy because when you give the other person your data, it sometimes makes your life much easier. On the other hand, people/services asking for your data with the sole purpose of infilterating into your private life and not providing any usefulness should just be boycotted. It all boils down to till what extent you wish to share your data(ranging from literally installing a spying device in your house to them knowing that I want to understand how spring security works) and how much do you trust the service with your data. Example being, I just shared most of my private data in this rant with a group of unknown people and I am okay with it, because I know I can trust dev rant with my posts(unlike facebook).38
Privacy & security violations piss me off. Not to the point that I'll write on devRant about it, but to the point that coworkers get afraid from the bloodthirsty look in my eyes.
I know all startups proclaim this, but the one I work at is kind of industry-disrupting. Think Uber vs taxi drivers... so we have real, malicious enemies.
Yet there's still this mindset of "it won't happen to us" when it comes to data leaks or corporate spying.
Me: "I noticed we are tracking our end users without their consent, and store not just the color of their balls, but also their favorite soup flavor and how often they've cheated on their partner, as plain text in the system for every employee to read"
Various C-randomletter-Os: "Oh wow indubitably most serious indeed! Let's put 2 scrumbag masters on the issue, we will tackle this in a most agile manner! We shall use AI blockchains in the elastic cloud to encrypt those ball-colors!"
NO WHAT I MEANT WAS WHY THE FUCK DO WE EVEN STORE THAT INFORMATION. IT DOES IN NO WAY RELATE TO OUR BUSINESS!
"No reason, just future requirements for our data scientists"
I'M GRABBING A HARDDRIVE SHREDDER, THE DB SERVER GOES FIRST AND YOUR PENIS RIGHT AFTER THAT!
(if it's unclear, ball color was an optimistic euphemism for what boiled down to an analytics value which might as well have been "nigger: yes/no")13
Worst thing you've seen another dev do? So many things. Here is one...
Lead web developer had in the root of their web application config.txt (ex. http://OurPublicSite/config.txt) that contained passwords because they felt the web.config was not secure enough. Any/all applications off of the root could access the file to retrieve their credentials (sql server logins, network share passwords, etc)
When I pointed out the security flaw, the developer accused me of 'hacking' the site.
I get called into the vice-president's office which he was 'deeply concerned' about my ethical behavior and if we needed to make any personnel adjustments (grown-up speak for "Do I need to fire you over this?")
Me:"I didn't hack anything. You can navigate directly to the text file using any browser."
Dev: "Directory browsing is denied on the root folder, so you hacked something to get there."
Me: "No, I knew the name of the file so I was able to access it just like any other file."
Dev: "That is only because you have admin permissions. Normal people wouldn't have access"
Me: "I could access it from my home computer"
Dev:"BECAUSE YOU HAVE ADMIN PERMISSIONS!"
Me: "On my personal laptop where I never had to login?"
VP: "What? You mean ...no....please tell me I heard that wrong."
Dev: "No..no...its secure....no one can access that file."
VP: "Hmmm...I can see the system administration password right here. This is unacceptable."
Dev: "Only because your an admin too."
VP: "I'll head home over lunch and try this out on my laptop...oh wait...I left it on...I can remote into it from here"
VP: "OMG...there it is. That account has access to everything."
<in an almost panic>
Dev: "Only because it's you...you are an admin...that's what I'm trying to say."
Me: "That is not how our public web site works."
VP: "Thank you, but Adam and I need to discuss the next course of action. You two may go."
<Adam is her boss>
Not even 5 minutes later a company wide email was sent from Adam..
"I would like to thank <Dev> for finding and fixing the security flaw that was exposed on our site. She did a great job in securing our customer data and a great asset to our team. If you see <Dev> in the hallway, be sure to give her a big thank you!"
The "fix"? She moved the text file from the root to the bin directory, where technically, the file was no longer publicly visible.
That 'pattern' was used heavily until she was promoted to upper management and the younger webdev bucks (and does) felt storing admin-level passwords was unethical and found more secure ways to authenticate.7
Root encounters HR at her new job.
So, I left my job a few weeks ago. I was pretty sad about it, so I didn't want to write anything about it. It was a great place to work, with great managers, decent coworkers, and interesting work. I also had free reign over how I built things, what to improve, etc. Within about four months, I authored over half of the total commits on their backend repo, added a testing suite with 90% coverage, significantly improved the security (more accurately: added security), etc. but I got a job offer that allowed me to work remotely, and make well over six figures (usd). I couldn't turn it down, even though I wanted to. So, I left. I'm still genuinely sad about that. I had emotions and everything. 🙁 I stayed on long enough to finish the last of the features for their new product launch, and make sure everything was stable. I'm welcome back whenever, though they don't want to have remote employees, and I want to move, so. that's probably not going to happen. sigh.
Anyway, I started my new job this week. Rented an office (read: professional closet) and everything! It's been veritable mountains of HR paperwork so far. That's all I've done besides some accounts setup. I've seriously only worked on and completed one ticket so far in two and a half days, and I still have six documents/contracts to sign! (and benefits; that'll probably take my weekend.)
But getting an I9 thing notarized? Apparently I only have three days before I'm legally unemployable by them or something, idk. HR made it sound ridiculously dire and important, and reminded me like five or more times. I figured it was just some notary service; that takes like 10 minutes, right? So I put it off until my second day so I didn't have to disappear in the middle of my first day. Anyway, I called a bunch of notary services on day 2, and apparently only like 5% of them both do notary services this time of year and aren't booked full. And of those, probably another 5% will notarize I9 documents.. No idea why it's rare, but whatever, I'm not a notary.
The HR lady assured me that I didn't need any special documents; I should just go there, present my IDs, and the notary will provide or draft documents for everything else. Totally doesn't sound right, but fine; I'm not a notary nor will I ever work in HR, so I'm not very knowledgeable about this. So, against my better judgement I decided to just go anyway. I called around and finally found a place that wasn't closed, busy, or refusing, and drove over there. Waited. Waited. Waited. Notary lady was super slow in every single action. (I should mention that it's now 10am, and I have a meeting with the Senior VP of Engineering [a stern, stubborn old goat who enjoys making people feel inadequate] at 12:30pm.) The notary lady looks like she's an npc updating in slow motion (maybe at 0.25x speed?) and can't seem to understand what I need. Eventually, she tells me exactly what I had assumed: if there's no document, she can't notarize said document, and she doesn't have an I9 for the company I'm trying to work for. (like, duh.) So I thank her for proving the flow of time is variable, which she ignores in slow motion, and drive back home. It's now about 11.
I message the same HR lady, and the useless wench gawks in surprise and says she's never heard of that ridiculous request before. It took prodding to get her to respond every time, but after some (very slow) back and forth, she says she wants to call the notary personally and ask what they need. I waited around for another response that never came, and eventually just drove to the notary place again to have them notarize the required ID documents. That plus my chat history with HR should be enough to show that I bloody well tried, and HR just shit the bed instead. I finally got them notarized at like 12:10, and totally broke the speed limit the entire way to the office, found the last remaining parking spot, and made it to my office just in time for the meeting. seriously, less than two minutes to spare. Meeting was interesting (mostly about security), but totally made me facepalm, shout "Seriously!? What the hell are you thinking!?" and make slapping motions at some of the people talking. I will probably rant about that next.
But anyway, I'm willing to bet that the useless wench won't get back to me before the notary closes, if at all, and will somehow try to blame it completely on me if I bring it up again. Passive aggressive bitch. She's probably thinking: "If I don't help her with these mandatory legal processes, it'll be her fault she didn't get them done in time. I mean, they're so easy! She's just doing it wrong." I fucking hate HR.13
Every single one of them, and every one that will come after them.
Google, it started out as 2 people in their garage, wanting to make a search engine that was better than the others. Nothing else, nothing evil. Just make the world a little bit better. And look what it's become now. A megacorporation with little to no regards for their user base. Because who cares about users anyway?
Microsoft, it started out with Bill Gates - young high school computer nerd - who wanted to make an operating system for the world to use. Something that's better than the competition. And boy did he do so. Well "better than the competition" aside, he did make it for the world to use. And the world adopted it. And look what it's become now. A megacorporation with little to no regards for their user base. Because who cares about users anyway?
See where I'm going here?
Apple, it started out with Steve Jobs and Steve Wozniak in their garage, just like Google did, wanting to make hardware that was better than the others. Nothing else, nothing evil. Just to make the world a little bit better. And look what it's become now. Planned obsolescence has been baked into it, just like it is in every other piece of technology. Quality control and thinking through the design has become a thing of the past. User choice, yeah who cares about that.
Samsung, it started out centuries ago actually, and I don't really remember the details of it.. ColdFusion has a video on it if memory serves me right. Do watch it if you're interested. Anyway, just like all the others they started out as a company which wanted to make the world a little bit better. And damn right did they do so.. initially. Look what they've become now. Forcing their stupid TouchWiz UI upon their customers (or products?), a Bixby button that can't even be reprogrammed.. and the latest thing.. Knox, advertised as a security feature, but as everyone who likes rooting their devices and mucking with it knows, it is an anti-feature that only serves for lockdown. Why shouldn't you be able to turn in a phone for RMA when a hardware error occurs, when all you've personally modified is the software? Why should changing the software blow that eFuse, so that you can be sure that you can't replace it without specialized equipment and a very steady hand?
I could go on and on forever about more of the tech giants out there, but I feel like this suffices for now. Otherwise I won't have anything else left for future rants! But one thing I know for sure. Every tech company started, starts, and will start out with a desire to make the world a better place, and once they gain a significant customer base, they will without exception turn into the same kind of Evil Megacorp., just like the ones before them. Some may say that capitalism itself is to blame for this, the greed for more when you already have a lot. Who knows? I'd rather say that the very human nature itself is to blame for it. We're by design greedy beings, and I hate it. I hate being human for that. I don't want humans to be evil towards one another, and be greedy for ever more. But I guess that that's just the way it is, and some things do actually never change...20
New guy at work asks me for a code review. 16 lines added, and I have 4 comments, all about readability. Only the major stuff because I went easy on him. I even ignored a missing semicolon.
Guy comes to me and explains that code review is about if code works, not what it should look like. "You want me to write it your way, and we'll have endless arguments if that's how you do code reviews. But I'll do your requested changes." Reduces his entire code to two lines, which make a lot more sense.
Later, I ask him why he used "void 0" anyway. I was wondering if he's thinking of security aspects or if there's another reason. His answer: "because it looks cool and nobody else does it".
Wow... this is the perfect week for this topic.
Thursday, is the most fucked off I’ve ever been at work.
I’ll preface this story by saying that I won’t name names in the public domain to avoid anyone having something to use against me in court. But, I’m all for the freedom of information so please DM if you want to know who I’m talking about.
Yesterday I handed in my resignation, to the company that looked after me for my first 5 years out of university.
Thursday was my breaking point but to understand why I resigned you need a little back story.
I’m a developer for a corporate in a team of 10 or so.
The company that I work for is systemically incompetent and have shown me this without fail over the last 6 months.
For the last year we’ve had a brilliant contracted, AWS Certified developer who writes clean as hell hybrid mobile apps in Ion3, node, couch and a tonne of other up to the minute technologies. Shout out to Morpheus you legend, I know you’re here.
At its core my job as a developer is to develop and get a product into the end users hands.
Morpheus was taking some shit, and coming back to his desk angry as fuck over the last few months... as one of the more experienced devs and someone who gives a fuck I asked him what was up.
He told me, company want their mobile app that he’s developed on internal infrastructure... and that that wasn’t going to work.
Que a week of me validating his opinion, looking through his work and bringing myself up to speed.
I came to the conclusion that he’d done exactly what he was asked to, brilliant Work, clean code, great consideration to performance and UX in his design. He did really well. Crucially, the infrastructure proposed was self-contradicting, it wouldn’t work and if they tried to fudge it in it would barely fucking run.
So I told everyone I had the same opinion as him.
4 months of fucking arguing with internal PMs, managers and the project team go by... me and morpheus are told we’re not on the project.
The breaking point for me came last Wednesday, given no knowledge of the tech, some project fannies said Morpheus should be removed and his contract terminated.
I was up in fucking arms. He’d done everything really well, to see a fellow developer take shit for doing his job better than anyone else in [company] could was soul destroying.
That was the straw on the camels back. We don’t come to work to take shit for doing a good job. We don’t allow our superiors to give people shit in our team when they’re doing nothing but a good job. And you know what: the opinion of the person that knows what they’re talking about is worth 10 times that of the fools who don’t.
My manager told me to hold off, the person supposed to be supporting us told me to stand down. I told him I was going to get the app to the business lead because he fucking loves it and can tell us if there’s anything to change whilst architecture sorts out their outdated fucking ideas.
Stand down James. Do nothing. Don’t do your job. Don’t back Morpheus with his skills and abilities well beyond any of ours. Do nothing.
That was the deciding point for me, I said if Morpheus goes... I go... but then they continued their nonsense, so I’m going anyway.
I made the decision Thursday, and Friday had recruiters chomping at the bit to put the proper “senior” back in my title, and pay me what I’m worth.
The other issues that caused me to see this company in it’s true form:
- I raised a key security issue, documented it, and passed it over to the security team.
- they understood, and told the business users “we cannot use ArcGIS’ mobile apps, they don’t even pretend to be secure”
- the business users are still using the apps going into the GDPR because they don’t understand the ramifications of the decisions they’re making.
I noticed recently that [company] is completely unable to finish a project to time or budget... and that it’s always the developers put to blame.
I also noticed that middle management is in a constant state of flux with reorganisations because in truth the upper managers know they need to sack them.
For me though, it was that developers in [company], the people that know what they’re talking about; are never listened to.
Fuck being resigned to doing a shit job.
Fuck this company. On to one that can do it right.
Morpheus you beautiful bastard I know you’ll be off soon too but I also feel I’ve made a friend for life. “Private cloud” my arse.
Since making the decision Thursday I feel a lot more free, I have open job offers at places that do this well. I have a position of power in the company to demand what I need and get it. And I have the CEO and CTO’s ears perking up because their department is absolutely shocking.
Freedom is a wonderful feeling.13
The last year my school installed MagicBoards (whiteboard with beamer that responses to touch) in every class room and called itself "ready for the future of media". What they also got is A FUCKING LOW SPEC SERVER RUNNING DEBIAN 6 W/O ANY UPDATES SINCE 2010 WHICH IS DYING CONSTANTLY.
As I'm a nice person I asked the 65 y/o technician (who is also my physics teacher) whether I could help updating this piece of shit.
Teacher: "Naahh, we don't have root access to the server and also we'll get a new company maintaining our servers in two years. And even if we would have the root access, we can't give that to a student."
My head: "Two. Years. TWO YEARS?! ARE YOU FUCKING KIDDING ME YOU RETARDED PIECE OF SHIT?! YOU'RE TELLING ME YOU DON'T HAVE TO INSTALL UPDATES EVEN THOUGH YOU CREATE AN SSH USER FOR EVERY FUCKING STUDENT SO THEY CAN LOGIN USING THEIR BIRTH DATE?! DID YOU EVER HEAR ABOUT SECURITY VULNERABILITIES IN YOUR LITTLE MISERABLE LIFE OR SOUNDS 'CVE-2016-5195' LIKE RANDOM LETTERS AND NUMBERS TO YOU?! BECAUSE - FUNFACT - THERE ARE TEN STUDENTS WHO ARE IN THE SUDO GROUP IF YOU EVEN KNOW WHAT THAT IS!"
Me (because I want to keep my good grades): "Yes, that sounds alright."13
3 rants for the price of 1, isn't that a great deal!
1. HP, you braindead fucking morons!!!
So recently I disassembled this HP laptop of mine to unfuck it at the hardware level. Some issues with the hinge that I had to solve. So I had to disassemble not only the bottom of the laptop but also the display panel itself. Turns out that HP - being the certified enganeers they are - made the following fuckups, with probably many more that I didn't even notice yet.
- They used fucking glue to ensure that the bottom of the display frame stays connected to the panel. Cheap solution to what should've been "MAKE A FUCKING DECENT FRAME?!" but a royal pain in the ass to disassemble. Luckily I was careful and didn't damage the panel, but the chance of that happening was most certainly nonzero.
- They connected the ribbon cables for the keyboard in such a way that you have to reach all the way into the spacing between the keyboard and the motherboard to connect the bloody things. And some extra spacing on the ribbon cables to enable servicing with some room for actually connecting the bloody things easily.. as Carlos Mantos would say it - M-m-M, nonoNO!!!
- Oh and let's not forget an old flaw that I noticed ages ago in this turd. The CPU goes straight to 70°C during boot-up but turning on the fan.. again, M-m-M, nonoNO!!! Let's just get the bloody thing to overheat, freeze completely and force the user to power cycle the machine, right? That's gonna be a great way to make them satisfied, RIGHT?! NO MOTHERFUCKERS, AND I WILL DISCONNECT THE DATA LINES OF THIS FUCKING THING TO MAKE IT SPIN ALL THE TIME, AS IT SHOULD!!! Certified fucking braindead abominations of engineers!!!
Oh and not only that, this laptop is outperformed by a Raspberry Pi 3B in performance, thermals, price and product quality.. A FUCKING SINGLE BOARD COMPUTER!!! Isn't that a great joke. Someone here mentioned earlier that HP and Acer seem to have been competing for a long time to make the shittiest products possible, and boy they fucking do. If there's anything that makes both of those shitcompanies remarkable, that'd be it.
2. If I want to conduct a pentest, I don't want to have to relearn the bloody tool!
Recently I did a Burp Suite test to see how the devRant web app logs in, but due to my Burp Suite being the community edition, I couldn't save it. Fucking amazing, thanks PortSwigger! And I couldn't recreate the results anymore due to what I think is a change in the web app. But I'll get back to that later.
So I fired up bettercap (which works at lower network layers and can conduct ARP poisoning and DNS cache poisoning) with the intent to ARP poison my phone and get the results straight from the devRant Android app. I haven't used this tool since around 2017 due to the fact that I kinda lost interest in offensive security. When I fired it up again a few days ago in my PTbox (which is a VM somewhere else on the network) and today again in my newly recovered HP laptop, I noticed that both hosts now have an updated version of bettercap, in which the options completely changed. It's now got different command-line switches and some interactive mode. Needless to say, I have no idea how to use this bloody thing anymore and don't feel like learning it all over again for a single test. Maybe this is why users often dislike changes to the UI, and why some sysadmins refrain from updating their servers? When you have users of any kind, you should at all times honor their installations, give them time to change their individual configurations - tell them that they should! - in other words give them a grace time, and allow for backwards compatibility for as long as feasible.
3. devRant web app!!
As mentioned earlier I tried to scrape the web app's login flow with Burp Suite but every time that I try to log in with its proxy enabled, it doesn't open the login form but instead just makes a GET request to /feed/top/month?login=1 without ever allowing me to actually log in. This happens in both Chromium and Firefox, in Windows and Arch Linux. Clearly this is a change to the web app, and a very undesirable one. Especially considering that the login flow for the API isn't documented anywhere as far as I know.
So, can this update to the web app be rolled back, merged back to an older version of that login flow or can I at least know how I'm supposed to log in to this API in order to be able to start developing my own client?10
For an ostensibly security-focused financial company, these people really don't know what they're doing. Everything I've seen thus far is so hacked-together that I feel like i'm looking at code written by high schoolers.
Seriously, some of API Guy's code is better than this.
And they even make a point to remind me of ultra basics like `.to_a`, `.map`, or "a good command to keep on hand is `rake db:migrate`" -- like seriously? Those are in bloody "Intro to Rails" tutorials (and it's `rails db:migrate` as of Rails 5). For an ostensibly all-senior team, these devs are awfully junior.5
What I'm posting here is my 'manifesto'/the things I stand for. You may like it, you may hate it, you may comment but this is what I stand for.
What are the basic principles of life? one of them is sharing, so why stop at software/computers?
I think we should share our software, make it better together and don't put restrictions onto it. Everyone should be able to contribute their part and we should make it better together. Of course, we have to make money but I think that there is a very good way in making money through OSS.
Next to that, since the Snowden releases from 2013, it has come clear that the NSA (and other intelligence agencies) will try everything to get into anyone's messages, devices, systems and so on. That's simply NOT okay.
Our devices should be OUR devices. No agency should be allowed to warrantless bypass our systems/messages security/encryptions for the sake of whatever 'national security' bullshit. Even a former NSA semi-director traveled to the UK to oppose mass surveillance/mass govt. hacking because he, himself, said that it doesn't work.
We should be able to communicate freely without spying. Without the feeling that we are being watched. Too badly, the intelligence agencies of today do not want us to do this and this is why mass surveillance/gag orders (companies having to reveal their users' information without being allowed to alert their users about this) are in place but I think that this is absolutely wrong. When we use end to end encrypted communications, we simply defend ourselves against this non-ethical form of spying.
I'm a heavy Signal (and since a few days also Riot.IM (matrix protocol) (Riot.IM with end to end crypto enabled)), Tutanota (encrypted email) and Linux user because I believe that only those measures (open source, reliable crypto) will protect against all the mass spying we face today.
The applications/services I strongly oppose are stuff like WhatsApp (yes, encryted messages but the metadata is readily available and it's closed source), skype, gmail, outlook and so on and on and on.
I think that we should OWN our OWN data, communications, browsing stuffs, operating systems, softwares and so on.
This was my rant.18
It's enough. I have to quit my job.
December last year I've started working for a company doing finance. Since it was a serious-sounding field, I tought I'd be better off than with my previous employer. Which was kinda the family-agency where you can do pretty much anything you want without any real concequences, nor structures. I liked it, but the professionalism was missing.
Turns out, they do operate more professionally, but the intern mood and commitment is awful. They all pretty much bash on eachother. And the root cause of this and why it will stay like this is simply the Project Lead.
The plan was that I was positioned as glue between Design/UX and Backend to then make the best Frontend for the situation. Since that is somewhat new and has the most potential to get better. Beside, this is what the customer sees everyday.
After just two months, an retrospective and a hell lot of communication with co-workers, I've decided that there is no other way other than to leave.
I had a weekly productivity of 60h+ (work and private, sometimes up to 80h). I had no problems with that, I was happy to work, but since working in this company, my weekly productivity dropped to 25~30h. Not only can I not work for a whole proper work-week, this time still includes private projects. So in hindsight, I efficiently work less than 20h for my actual job.
The Product lead just wants feature on top of feature, our customers don't want to pay concepts, but also won't give us exact specifications on what they want.
Refactoring is forbidden since we get to many issues/bugs on a daily basis so we won't get time.
An re-design is forbidden because that would mean that all Screens have to be re-designed.
The product should be responsive, but none of the components feel finished on Desktop - don't talk about mobile, it doesn't exist.
The Designer next to me has to make 200+ Screens for Desktop and Mobile JUST so we can change the primary colors for an potential new customer, nothing more. Remember that we don't have responsiveness? Guess what, that should be purposely included on the Designs (and it looks awful).
I may hate PHP, but I can still work with it. But not here, this is worse then any ecommerce. I have to fix legacy backend code that has no test coverage. But I haven't touched php for 4 years, letalone wrote sql (I hate it). There should be no reason whatsoever to let me do this kind of work, as FRONTEND ARCHITECT.
After an (short) analysis of the Frontend, I conclude that it is required to be rewritten to 90%. There have been no performance checks for the Client/UI, therefor not only the components behave badly, but the whole system is slow as FUCK! Back in my days I wrote jQuery, but even that shit was faster than the architecuture of this React Multi-instance app. Nothing is shared, most of the AppState correlate to other instances.
The Backend. Oh boy. Not only do we use an shitty outated open-source project with tons of XSS possibillities as base, no we clone that shit and COPY OUR SOURCES ON TOP. But since these people also don't want to write SQL, they tought using Symfony as base on top of the base would be an good idea.
Generally speaking (and done right), this is true. but not then there will be no time and not properly checked. As I said I'm working on Legacy code. And the more I look into it, the more Bugs I find. Nothing too bad, but it's still a bad sign why the webservices are buggy in general. And therefor, the buggyness has to travel into the frontend.
And now the last goodies:
- Composer itself is commited to the repo (the fucking .phar!)
- Deployments never work and every release is done manually
- We commit an "_TRASH" folder
- There is an secret ongoing refactoring in the root of the Project called "_REFACTORING" (right, no branches)
- I cannot test locally, nor have just the Frontend locally connected to the Staging webservices
- I am required to upload my sources I write to an in-house server that get's shared with the other coworkers
- This is the only Linux server here and all of the permissions are fucked up
- We don't have versions, nor builds, we use the current Date as build number, but nothing simple to read, nonono. It's has to be an german Date, with only numbers and has always to end with "00"
- They take security "super serious" but disable the abillity to unlock your device with your fingerprint sensor ON PURPOSE
My brain hurts, maybe I'll post more on this shit fucking cuntfuck company. Sorry to be rude, but this triggers me sooo much!2
So today I basically "lost" the chance to enter this remarkable security StartUp. The dream made true... a couple of Python nice scripts, the logic test that wasn't that big, everything was going well.
I met the CEO, damn! He seems to be a great dude. But suddenly, a wild co-founder appeared.
The dude started to talk about money and how he didn't perceive me as a Senior developer (not even if my results were telling him the oppositive); he ended up with: you seemed to be Mid-advance.
I was like: Ok, I understand. Wasn't that big because I knew that I could have demonstrated my skills.
Then he asked about my salary expectations, I answered to him my realistic expectations, that to be honest, it wasn't a lot of damn money! Because, I really was expecting a chance to learn more, have bigger challenges, bring value, etc.
He said: Okay let me check this with my partner. But, that was a week ago.
Anyway, today I received an email from the CEO, with the typical apologize telling me that the vacancy will be paused by the moment.
Oh, I didn't mention that one friend of mine is working there and he told me a couple of hours ago that they have hired a Junior developer because he was willing to accept what they wanted to pay him. Puff it broke my heart, but I wish him luck because even though I was dying to be on that security StartUp, I’m not at the point to accept a misery of money to work harder, I just felt frustrated with that stingy guy.14
I've got a confession to make.
A while ago I refurbished this old laptop for someone, and ended up installing Bodhi on it. While I was installing it however, I did have some wicked thoughts..
What if I could ensure that the system remains up-to-date by running an updater script in a daily cron job? That may cause the system to go unstable, but at least it'd be up-to-date. Windows Update for Linux.
What if I could ensure that the system remains protected from malware by periodically logging into it and checking up, and siphoning out potential malware code? The network proximity that's required for direct communication could be achieved by offering them free access to one of my VPN servers, in the name of security or something like that. Permanent remote access, in the name of security. I'm not sure if Windows has this.
What if I could ensure that the system remains in good integrity by disabling the user from accessing root privileges, and having them ask me when they want to install a piece of software? That'd make the system quite secure, with the only penetration surface now being kernel exploits. But it'd significantly limit what my target user could do with their own machine.
At the end I ended up discarding all of these thoughts, because it'd be too much work to implement and maintain, and it'd be really non-ethical. I felt filthy from even thinking about these things. But the advantages of something like this - especially automated updates, which are a real issue on my servers where I tend to forget to apply them within a couple of weeks - can't just be disregarded. Perhaps Microsoft is on to something?12
Something I probably shouldn't talk about:
One of the projects at work has a specific path you can visit. The """security""" is that nobody should know the path. But I can guaran-fucking-tee you it's not difficult to guess.
On this page, ***without a login***, you can view some user information. Well, you can view all of it, but only certain fields.
And if you perform a specific action on this page, you can get their password, plaintext.
This project is not mine. But learning all of this made me super uneasy. I had to share it.15
Because the RSS feed is still down, hereby.
The post about what I personally take for security and privacy measures is up.
Hopefully you can learn something from it or even email me some tips!3
Warning: long read....
I got a call this morning from a client who was panicking about not being able to login to his web panel.
So I went to the web panel and tried to login and was just redirected back to the login page. No errors or anything (at least visible on the page). Went looking for an error_log file and found it.
It turns out there was an error was showing: Disk quota exceeded.
So I went into the cPanel and checked, he used about 16GB out of 100GB and that got me confused. So I looked around and found out he was using about 510000/500000 inodes.
Went looking trough FTP to see where he has so many files and try and remove some.
Well it turns out that there were about 7 injected websites (warez, online casino, affiliate one etc) and a full hacking web panel on his FTP. After detailed analysis some who actually built the site (I just maintain some parts) made an upload form available to public with any checks on it. Meaning anyone could upload whatever they wanted and the form would allow it.
The worst part is that the client is not allowing us to secure the form with some sort of login or remove it completely (the best option) as it is not really needed but he uses it to upload some pdf catalogs or something.
Old programmer created an upload form that was accessible to anyone on the web without adding any security or check as to see what kind of files was getting uploaded. Which lead to having maximum number on inodes used on server and client being unable to login.
And ofc I had to go and fix the mess behind him again, even though he stopped working a long time ago and I started just recently and have been having nightmares of this project.2
One of our newly-joined junior sysadmin left a pre-production server SSH session open. Being the responsible senior (pun intended) to teach them the value of security of production (or near production, for that matter) systems, I typed in sudo rm --recursive --no-preserve-root --force / on the terminal session (I didn't hit the Enter / Return key) and left it there. The person took longer to return and the screen went to sleep. I went back to my desk and took a backup image of the machine just in case the unexpected happened.
On returning from wherever they had gone, the person hits enter / return to wake the system (they didn't even have a password-on-wake policy set up on the machine). The SSH session was stil there, the machine accepted the command and started working. This person didn't even look at the session and just navigated away elsewhere (probably to get back to work on the script they were working on).
Five minutes passes by, I get the first monitoring alert saying the server is not responding. I hoped that this person would be responsible enough to check the monitoring alerts since they had a SSH session on the machine.
Seven minutes : other dependent services on the machine start complaining that the instance is unreachable.
I assign the monitoring alert to the person of the day. They come running to me saying that they can't reach the instance but the instance is listed on the inventory list. I ask them to show me the specific terminal that ran the rm -rf command. They get the beautiful realization of the day. They freak the hell out to the point that they ask me, "Am I fired?". I reply, "You should probably ask your manager".
Lesson learnt the hard-way. I gave them a good understanding on what happened and explained the implications on what would have happened had this exact same scenario happened outside the office giving access to an outsider. I explained about why people in _our_ domain should care about security above all else.
There was a good 30+ minute downtime of the instance before I admitted that I had a backup and restored it (after the whole lecture). It wasn't critical since the environment was not user-facing and didn't have any critical data.
Since then we've been at this together - warning engineers when they leave their machines open and taking security lecture / sessions / workshops for new recruits (anyone who joins engineering).26
Can someone explain to me why the fuck I should even care about the fact, that some companies collect, use and sell my data? I'm not famous, I'm not a politician and I'm not a criminal, I think most of us aren't and won't ever be. We aren't important. So what is this whole bullshittery all about? I seriously don't get it and I find it somewhat weird that especially tech guys and IT "experts" in the media constantly just make up these overly creepy scenarios about big unsafe data collecting companies "stealing" your "private" information. Welcome to the internet, now get the fuck over it or just don't be online. It's your choice, not their's.
I honestly think, some of these "security" companies and "experts" are just making this whole thing bigger than it actually is, because it's a damn good selling point. You can tell people that your app is safe and they'll believe you and buy your shit app because they don't understand and don't care what "safe" or "unsafe" means in this context. They just want to be secure against these "evil monster" companies. The same companies, which you portrayed them as "evil" and "unfair" and "mean" and "unrepentant" for over a decade now.
Just stop it now. All your crappy new "secure" messenger apps have failed awesomely. Delete your life now, please. This isn't about net neutrality or safety on the internet. This is all about you, permanently exaggerating about security and permanently training people to be introverted paranoid egoistic shit people so that they buy your elitist bullshit software.
Sorry for my low english skills, but please stop to exist, thank you.76
Rant about a german problem in english
I think we as the people should just sue the german government for neglect of progress and neglect of the education system. If your not familiar with the state of german IT we have worse internetspeeds than uganda or the notoriously shitty australia, our neighbourstates look at us in disbelief while laughing in optic fibre. Our school system seperates all students after 4th grade in 3 tiers, the lowest one gives you the future perspective as a social security case. The second and highest tier require masses of useless knowledge, so called "competences"(Kompetenzen) which are totally useless skills with no real world application because they are derived from real skills, a median ground between all possible applications of that skill. And while doing that they terribly insist on doing everything the "proper" way, meaning handwritten. Most people you would expect to have basic computer literacy, meaning age 40 and below, are incapable of using basic functions of a non-smartphone computer and do not understand the slightest of what they are actually doing or supposed to do. And I mean nothing technical. Germans are the reasons they still put word as a job requirement for devjobs because this disqualifies half of our population. This leads to many people having the archaeic "we versus the machines" mentality, thinking that if they ever let the computer do parts of the job, they will then lose all of it to the machines. Thats why you never strive past basic mathematical principles in mathematics, which is a big misnomer because you never do actual mathematics, only calculating and basic calculus and statics. If you get to use your calculator, its some basic casio with no actual functionality then standard operations. And even using that is shunned upon. How is this country ever supposed to become something more than it was in the 90's, if we teach people nothing of use and kill all progress in its root.23
Dear Australian Government and National Authorities, you can go fuck the right away with this shit!
It’s bad enough we are a country of national data collection with flimsy laws of obtaining access to said data, but to then go that one step further and shove back doors into everything is going too far.
Under the proposed new laws, Australian government agencies could compel companies to provide technical information such as design specifications to help in an investigation, remove electronic protections, assist in accessing material on a device subject to a warrant and even build or install software or equipment that could help authorities gather information.
What could possibly go wrong 🤷♂️2
My school just tried to hinder my revision for finals now. They've denied me access just today of SSHing into my home computer. Vim & a filesystem is soo much better than pen and paper.
So I went up to the sysadmin about this. His response: "We're not allowing it any more". That's it - no reason. Now let's just hope that the sysadmin was dumb enough to only block port 22, not my IP address, so I can just pick another port to expose at home. To be honest, I was surprised that he even knew what SSH was. I mean, sure, they're hired as sysadmins, so they should probably know that stuff, but the sysadmins in my school are fucking brain dead.
For one, they used to block Google, and every other HTTPS site on their WiFi network because of an invalid certificate. Now it's even more difficult to access google as you need to know the proxy settings.
They switched over to forcing me to remote desktop to access my files at home, instead of the old, faster, better shared web folder (Windows server 2012 please help).
But the worst of it includes apparently having no password on their SQL server, STORING FUCKING PASSWORDS IN PLAIN TEXT allowing someone to hijack my session, and just leaving a file unprotected with a shit load of people's names, parents, and home addresses. That's some super sketchy illegal shit.
So if you sysadmins happen to be reading this on devRant, INSTEAD OF WASTING YOUR FUCKING TIME BLOCKING MORE WEBSITES THAN THEIR ARE LIVING HUMANS, HOW ABOUT TRY UPPING YOUR SECURITY, PASSWORDS LIKE "", "", and "gryph0n" ARE SHIT - MAKE IT BETTER SO US STUDENTS CAN ACTUALLY BROWSE MORE FREELY - I THINK I WANT TO PASS, NOT HAVE EVERY OTHER THING BLOCKED.
Thankfully I'm leaving this school in 3 weeks after my last exam. Sure, I could stay on with this "highly reputable" school, but I don't want to be fucking lied to about computer studies, I don't want to have to workaround your shitty methods of blocking. As far as I can tell, half of the reputation is from cheating. The students and sysadmins shouldn't have to have an arms race between circumventing restrictions and blocking those circumventions. Just make your shit work for once.
**On second thought, actually keep it like that. Most of the people I see in the school are c***s anyway - they deserve to have half of everything they try to do censored. I won't be around to care soon.**2
Watch out for these fucking bug bounty idiots.
Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.
Might be useful for some people but not so much for me.
It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.
It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.
I had another one recently though that was a total disgrace.
"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."
It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.
The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.
In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.
It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.
It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.
These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.
The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.4
I've just been given a beautiful turd of a PC with only 512MB RAM to get ready for someone in the residence. Way too small for any modern Windows or even Linux with a halfway decent GUI. And the user doesn't have any technical background so I highly doubt that they'll be able to maintain a Linux system. Windows XP is full of security issues but it might just be able to run on that craptop. Due to me knowing that it's a vulnerable system though, I've got an ethical issue with that. Windows XP is insecure but at least the user would be able to use it.. and Linux is secure but it'd never get updated, and I really don't want that guy to come knock on my door every time he wants to install a piece of software.. the guy fucking stinks! What would you do in a situation like that?31
Taking IT classes in college. The school bought us all lynda and office365 accounts but we can't use them because the classroom's network has been severed from the Active Directory server that holds our credentials. Because "hackers." (The non-IT classrooms don't have this problem, but they also don't need lynda accounts. What gives?)
So, I got bored, and irritated, so I decided to see just how secure the classroom really was.
So I created a text file with the following rant and put it on the desktop of the "locked" admin account. Cheers. :)
1. don't make a show of "beefing up security" because that only makes people curious.
I'm referring of course to isolating the network. This wouldn't be a problem except:
2. don't restrict the good guys. only the bad guys.
I can't access resources for THIS CLASS that I use in THIS CLASS. That's a hassle.
It also gives me legitimate motivation to try to break your security.
3. don't secure it if you don't care. that is ALSO a hassle.
I know you don't care because you left secure boot off, no BIOS password, and nothing
stopping someone from using a different OS with fewer restrictions, or USB tethering,
or some sort malware, probably, in addition to security practices that are
wildly inconsistent, which leads me to the final and largest grievance:
4. don't give admin priveledges to an account without a password.
seriously. why would you do this? I don't understand.
you at least bothered to secure the accounts that don't even matter,
albeit with weak and publicly known passwords (that are the same on all machines),
but then you went and left the LEAST secure account with the MOST priveledges?
I could understand if it were just a single-user machine. Auto login as admin.
Lots of people do that and have a reason for it. But... no. I just... why?
anyway, don't worry, all I did was install python so I could play with scripting
during class. if that bothers you, trust me, you have much bigger problems.
I mean you no malice. just trying to help.
For real. Don't kick me out of school for being helpful. That would be unproductive.
Plus, maybe I'd be a good candidate for your cybersec track. haven't decided yet.
-- a guy who isn't very good at this and didn't have to be
have a nice day <3
oh, and I fixed the clock. you're welcome.2
My first job was actually nontechnical - I was 18 years old and sold premium office furniture for a small store in Munich.
I did code in my free time though (PHP/JS mostly, had a litte browsergame back then - those were the days), so when my boss approached me and asked me whether I liked to take over a coding project, I agreed to the idea.
Little did I know at the time: I was supposed to work with a web agency the boss had contracted to build their online shop. Only that he had no plan or anything, he basically told them "build me an online shop like abc(a major competitor of ours at the time)"
He employed another sales lady who was supposed to manage the shop (that didn't exist yet). In the end, I think 80% of her job was to keep me from killing my boss.
As you can imagine, with this huuuuge amout of planning and these exact visions of what was supposed to be, things went south fast and far. So far that I could visit my fellow flightless birds down in the Penguin's republic of Antarctica and still need to go further.
Well... When my boss started suing the web agency, I was... ahem, asked to take over. Dumb as I was, I did - I was a PHP kid and thought that Magento, being written in PHP, would be easy to master. If you know Magento, you know that was maybe the wrongest thing I ever said.
Fast forward 3 very exhausting months, the thing was online. Not all of it worked yet, but it was online and fairly secure.
I did next to everything myself, administrating the CentOS box the shop was running on, its (own) e-mail server, the web server, all the coding required for the shop (can you spell 12 hour day for 8 hour pay?)
3 further months later, my life basically was a wreck, I dragged myself to work, the only thing I looked forward being the motorcycle ride home. The system worked though.
Mind you, I was still, at the time, working with three major customers, doing deskside support and some admin (Win Server 2008R2 at the time) - because, to quote my boss, "We could not afford a full time developer and we don't need one".
I think i stopped coding in my free time, the one hobby I used to love more than anything on the world, somewhere Decemerish 2012. I dropped out of the open source projects I was in, quit working on my browser game and let everything slide.
I didn't even care to renew the domains and servers for it, I just let it die without notice.
The little free time I had, I spent playing video games and getting drunk/high.
December 2013, 1.5 years on the job, I reached my breaking point and just left, called in sick at least a week per month because I just could not see this fucking place anymore.
I looked for another job outside of ALL of what I did before. No more Magento, no more sales, no more PHP. I didn't have to look for long, despite what I thought of my skills.
In February 2014, I told my boss that I quit. It was still seven months until my new job started, but I wanted him to know early so we could migrate and find a replacement.
The search for said replacement started in June 2014. I had considerably less work in the months before, looks like he got the hint.
In August 2014, my replacement arrived and I got him started.
I found a job, which I am still in, and still happy about after almost half a decade, at a local, medium sized ISP as a software dev and IT security guy. Got a proper training with a certificate and everything now.
My replacement lasted two months, he was external and never really did his job - the site, which until I had quit, had a total of 3 days downtime for 3 YEARS (they were the hoster's fault, not mine), was down for an entire month and he could not even tell why.
HIS followup was kicked after taking two weeks to familiarize himself with the project. Well, I think that two weeks is not even barely enough to familiarize yourself with nearly three years of work, but my boss gave him two days.
In 2016, the shop was replaced with another one. Different shop system, different OS, different CI. I don't know why and I can't say I give a damn.
Almost all the people that worked at the company back with me have left for greener pastures, taking their customers (and revenue) with them.
As for my boss' comments, instructions and lines: THAT might not be safe for work. Or kids. Or humans in general. And there wouldn't be much left if you put it through a language filter...
Moral of the story: No, it's not a bad thing to leave a place if you're mistreated there. Don't mistake loyalty with stupidity!
And, to quote one of my favourite Bands: "Nothing matters when the pain is all but gone" (Tragedy + Time by Rise Against).8
Long rant ahead.. 5k characters pretty much completely used. So feel free to have another cup of coffee and have a seat 🙂
So.. a while back this flash drive was stolen from me, right. Well it turns out that other than me, the other guy in that incident also got to the police 😃
Now, let me explain the smiley face. At the time of the incident I was completely at fault. I had no real reason to throw a punch at this guy and my only "excuse" would be that I was drunk as fuck - I've never drank so much as I did that day. Needless to say, not a very good excuse and I don't treat it as such.
But that guy and whoever else it was that he was with, that was the guy (or at least part of the group that did) that stole that flash drive from me.
Context: https://devrant.com/rants/2049733 and https://devrant.com/rants/2088970
So that's great! I thought that I'd lost this flash drive and most importantly the data on it forever. But just this Friday evening as I was meeting with my friend to buy some illicit electronics (high voltage, low frequency arc generators if you catch my drift), a policeman came along and told me about that other guy filing a report as well, with apparently much of the blame now lying on his side due to him having punched me right into the hospital.
So I told the cop, well most of the blame is on me really, I shouldn't have started that fight to begin with, and for that matter not have drunk that much, yada yada yada.. anyway he walked away (good grief, as I was having that friend on visit to purchase those electronics at that exact time!) and he said that this case could just be classified then. Maybe just come along next week to the police office to file a proper explanation but maybe even that won't be needed.
So yeah, great. But for me there's more in it of course - that other guy knows more about that flash drive and the data on it that I care about. So I figured, let's go to the police office and arrange an appointment with this guy. And I got thinking about the technicalities for if I see that drive back and want to recover its data.
So I've got 2 phones, 1 rooted but reliant on the other one that's unrooted for a data connection to my home (because Android Q, and no bootable TWRP available for it yet). And theoretically a laptop that I can put Arch on it no problem but its display backlight is cooked. So if I want to bring that one I'd have to rely on a display from them. Good luck getting that done. No option. And then there's a flash drive that I can bake up with a portable Arch install that I can sideload from one of their machines but on that.. even more so - good luck getting that done. So my phones are my only option.
Just to be clear, the technical challenge is to read that flash drive and get as much data off of it as possible. The drive is 32GB large and has about 16GB used. So I'll need at least that much on whatever I decide to store a copy on, assuming unchanged contents (unlikely). My Nexus 6P with a VPN profile to connect to my home network has 32GB of storage. So theoretically I could use dd and pipe it to gzip to compress the zeroes. That'd give me a resulting file that's close to the actual usage on the flash drive in size. But just in case.. my OnePlus 6T has 256GB of storage but it's got no root access.. so I don't have block access to an attached flash drive from it. Worst case I'd have to open a WiFi hotspot to it and get an sshd going for the Nexus to connect to.
And there we have it! A large storage device, no root access, that nonetheless can make use of something else that doesn't have the storage but satisfies the other requirements.
And then we have things like parted to read out the partition table (and if unchanged, cryptsetup to read out LUKS). Now, I don't know if Termux has these and frankly I don't care. What I need for that is a chroot. But I can't just install Arch x86_64 on a flash drive and plug it into my phone. Linux Deploy to the rescue! 😁
It can make chrooted installations of common distributions on arm64, and it comes extremely close to actual Linux. With some Linux magic I could make that able to read the block device from Android and do all the required sorcery with it. Just a USB-C to 3x USB-A hub required (which I have), with the target flash drive and one to store my chroot on, connected to my Nexus. And fixed!
Let's see if I can get that flash drive back!
P.S.: if you're into electronics and worried about getting stuff like this stolen, customize it. I happen to know one particular property of that flash drive that I can use for verification, although it wasn't explicitly customized. But for instance in that flash drive there was a decorative LED. Those are current limited by a resistor. Factory default can be say 200 ohm - replace it with one with a higher value. That way you can without any doubt verify it to be yours. Along with other extra security additions, this is one of the things I'll be adding to my "keychain v2".11
Okay, That right there is pathetic https://thehackernews.com/2019/02/... .
First of all telekom was not able to assure their clients' safety so that some Joe would not access them.
Second of all after a friendly warning and pointing a finger to the exact problem telekom booted the guy out.
Thirdly telekom took a defensive position claiming "naah, we're all good, we don't need security. We'll just report any breaches to police hence no data will be leaked not altered" which I can't decide whether is moronic or idiotic.
Come on boys and girls... If some chap offers a friendly hand by pointing where you've made a mistake - fix the mistake, Not the boy. And for fucks sake, say THANK YOU to the good lad. He could use his findings for his own benefit, to destroy your service or even worse -- sell that knowledge on black market where fuck knows what these twisted minds could have done with it. Instead he came to your door saying "Hey folks, I think you could do better here and there. I am your customes and I'd love you to fix those bugzies, 'ciz I'd like to feel my data is safe with you".
How on earth could corporations be that shortsighted... Behaviour like this is an immediate red flag for me, shouting out loud "we are not safe, do not have any business with us unless you want your data to be leaked or secretly altered".
Yeah, I know, computer misuse act, etc. But there are people who do not give a tiny rat's ass about rules and laws and will find a way to do what they do without a trace back to them. Bad boys with bad intentions and black hoodies behind TOR will not be punished. The good guys, on the other hand, will.
Whre's the fucking logic in that...
P.S. It made me think... why wouldn't they want any security vulns reported to them? Why would they prefer to keep it unsafe? Is it intentional? For some special "clients"? Gosh that stinks6
Can https be decrypted easily?
(Or even by spending some time)
Plus what other security methods banks apply to prevent theft of sensible data?
Do they encrypt data using thair own private key thet is changed automatically?30
NEW 6 Programming Language 2k16
Golang Programming Language from Google
Let's start a list of six best new programming language and with Go or also known by the name of Golang, Go is an open source programming language and developed by three employees of Google and the launch in 2009, very cool just 3 people.
Go originated and developed from the popular programming languages such as C and Java, which offers the advantages of compact notation and aims to keep the code simple and easy to read / understand. Go language designers, Robert Griesemer, Rob Pike and Ken Thompson, revealed that the complexity of C ++ into their main motivation.
This simple programming language that we successfully completed the most tasks simply by librariesstandar luggage. Combining the speed of pemrogramandinamis languages such as Python and to handalan of C / C ++, Go be the best tools for building 'High Volume of distributed systems'.
You need to know also know, as expressed by the CTO Tokopedia namely Mas Leon, Tokopedia will switch to GO-lang as the main foundation of his system. Horrified not?
eh not watch? try deh see in the video below:
Swift Programming Language from Apple
Apple launched a programming language Swift ago at WWDC 2014 as a successor to the Objective-C. Designed to be simple as it is, Swift focus on speed and security.
Furthermore, in December 2015, Swift Apple became open source under the Apache license. Since its launch, Swift won eye and the community is growing well and has become one of the programming languages 'hottest' in the world.
Learning Swift make sure you get a brighter future and provide the ability to develop applications for the iOS ecosystem Apple is so vast.
Also Read: What to do to become a full-stack Developer?
Rust Programming Language from Mozilla
Developed by Mozilla in 2014 and then, and in StackOverflow's 2016 survey to the developer, Rust was selected as the most preferred programming language.
Rust was developed as an alternative to C ++ for Mozilla itself, which is referred to as a programming language that focus on "performance, parallelisation, and memory safety".
Rust was created from scratch and implement a modern programming language design. Its own programming language supported very well by many developers out there and libraries.
Julia Programming Language
Julia programming language designed to help mathematicians and data scientist. Called "a complete high-level and dynamic programming solution for technical computing".
Hack Programming Language from Facebook
Hack is another programming language developed by Facebook in 2014.
Social networking giant Facebook Hack develop and gaungkan as the best of their success. Facebook even migrate the entire system developed with PHP to Hack
Facebook also released an open source version of the programming language as part of HHVM runtime platform.
Scala Programming Language
Scala programming termasukbahasa actually relatively long compared to other languages in our list now. While one view of this programming language is relatively difficult to learn, but from the time you invest to learn Scala will not end up sad and disappointing.
The features are so complex gives you the ability to perform better code structure and oriented performance. Based programming language OOP (Object oriented programming) and functional providing the ability to write code that is capable of evolving. Created with the goal to design a "better Java", Scala became one behasa programming that is so needed in large enterprises.3
This isn’t gonna be a random because I do eventually get to a Tech and YouTube related topic.
YouTube is actually killing itself with all of the dumbass rules they’re implementing. Trying to child proof or limit educational content is genuinely a shit policy. The reason so many gaming channels are switching to twitch because it doesn’t try to censor you.
But now I don’t know if you’ve heard but YouTube updated their guidelines and they’re no longer allowing content that teaches people about Hacking essentially (and I hate putting it like that but I can’t remember the exact words they used Hacking just summarizes it) which is fucking ridiculous like what the fuck else, are they gonna stop allowing lock picking videos?
YouTube has always been an amazing FREE resource for people learning Programming, Cyber Security, IT related fields, and even shit like lock picking, cooking, car stuff, and all that stuff. Even sometimes when the tutorials aren’t as detailed or helpful to me they might be exactly what someone else needed. And Cyber Security can be a difficult topic to learn for free. It’s not impossible far from it, but YouTube being there was always great. And to think that a lot of those could be taken down and all of the Security based channels could either lose all revenue or just be terminated is terrifying for everyone but more so them.
A lot of people and schools rely on YouTube for education and to learn from. It’s not like YouTube is the only resource and I understand they don’t want to be liable for teaching people that use these skills for malicious purposes but script kiddies and malicious people can easily get the same knowledge. Or pay someone to give them what they want. But that’s unfair to the people that don’t use the information maliciously.
It’s the same for the channels of different topics can’t even swear and it’s ridiculous there’s so many better options than just banning it. Like FUCK kids nowadays hear swearing from their older siblings, parents, friends, and TV it’s inevitable whether someone swears or not and YouTube is not our parents, they aren’t CBS, so stop child proofing the fucking site and let us learn. Fuck.
TLDR YouTube is banning educational hacking videos and are being retarded with rules in general23
Recently started at a new job. Things were going fine, getting along with everyone, everything seems good and running smoothly, a few odd things here and there but for the most part fine.
Then I decided to take a look at our (public facing) website... What's this? Outdated plugins from 2013? Okay, that's an easy fix I guess? All of these are free and the way we're using them wouldn't require a lot of refactoring...
Apparently not. Apparently, we can't even update them ourselves, we have to request that an external company does it (which we pay, by the way, SHITELOADS of money to). A week goes past, and we finally get a response.
No, we won't update it, you'll have to pay for it. Doesn't matter that there's a CVE list a bloody mile long and straight up no input validation in several areas, doesn't matter that tens of thousands of users are at risk, pay us or it stays broken. Boggles the fuckin' mind.
I dug into it a bit more than I probably should have (didn't break no laws though I'm not a complete dumbass, I just work for em) and it turns out it's not just us getting fucked over, it's literally EVERYONE using their service which is the vast majority of people within the industry in my country. It also turns out that the entirety of our region is running off a single bloody IP which if you do a quick search on shodan for, you guessed it, also has a CVE list pop up a fuckin' mile long. Don't get me started on password security (there is none). I hate this, there's fucking nothing I can do and everyone else is just fine sitting on their hands because "nobody would target us because we're not a bank!!", as if it bloody matters and as if peoples names, addresses, phone numbers and assuming someone got into our actual database, which wouldn't be a fuckin' stretch of the imagination let me tell you, far more personal details, that these aren't enticing to anyone.
What would you do in my situation?
What can I even do?
I don't want to piss anyone senior off but honestly, I'm thinkin' they might deserve it. I mean yeah there's nothing we can do but at least make a fuss 'cause they ain't gunna listen to my green ass.10
The Cloud Of Bullshit
Every day I wake, and I think of my one true mission in life. To mock and ridicule paint huffing idiots. Something recently that drew my ire, like the hemorrhoids on my ass is this idea of 'the cloud', THE CLOUD and the buzzword lingo-bingo bullshit that providers use to hype and sell it.
For example, airtable is an amazing service. I love that I can insert just about anything into a row, create any of my own row datatypes, that it's flexible as all hell.
I love it.
And I hate that I'm essentially locked in to the cloud.
I fucking hate how if my internet goes down (thanks you pie eating inbred dipshits at comcast) I have no access.
If the company is bought, they'll shut down like all the rest , to be "relaunched at a later time" (or never).
I hate that if the company doesn't make enough money, or it's investors change their mind, woopsie, service is shut down.
I hate that the cloud is synonymous with massive data leaks and IOT-levels of stupidity in security practices.
Every time someone says "but its in the cloud! Isn't it amazing!"
I always think 1. YEAH IF IM AN INVESTOR I GET TO MILK LOW BROW FINGER PAINTING FUCKWITS EVERY MONTH like Adobe sucking the blood from infants who are still in college.
2. Why? So I can get locked into their platform, have them segment off previously free features (fucking youtube and the 'subscribe so you can continue playing audio with your screen off' bullshit), and then have fees increase month over month?
3. Why, so every four years during the presidential selection, if I piss off some fuckstick braindead lemming literally sucking his girlfriends BFs cock, they can potentially shut me out from my own data completely?
The Cloud is built on shit-colored hype sold to knob gobbling idiots, controlling idiots, profiting at the expense of idiots, and later fucking them for buyout payola. The Cloud is a Cloud of Bullshit shat out by huckster messiahs straight into the lapping mouths of fanatics worshiping slavishly like toilet drinking scum at the porcelain alter of a neon god, invisible, untouchable, and like a spigot, easily shut off without anyone noticing. And when it happens, I'll be there, shouting "WHERE IS YOUR CLOUD NOW?"
Native any day. 100% native or I don't fucking want it
None of this node.js-gone-native bullshit either with notetaking apps taking up hundreds of megabytes of ram, where everything is bootstrap or react, in a browser, in a window container, because people are so fucking incompetent we have to hold their hand WHILE they give themselves a reach around.
Native or nothing.
For my favorite notetaking app, I use Microsoft OneNote. "OH god, a heathen, quick, stick his body up on a stake!"
But hear me out. I'll be the first one in a crowd to kick bill gates in the nuts (not because I particularly hate microsoft, just because I think hes kind of a cunt).
So when I say onenote is good, I really fucking mean it. Sure they did some cunty things like 'dumbed down' the interface, and cut out some options. But you know what they can't do?
Shut down the damn service (short of a system update completely removing the whole app, which, frankly, wouldn't surprise me).
It's so god damn good it waxed my balls, cured my cancer, fixed my relationship with my father, found my long lost brother, and replaced ALL my irl notebooks.
It's so good that if it was cocaine I'd be hospitalized for overusing it.
So god damn good it didn't just replace all my notebooks, it even replaced and sped up my mockup process three to five times. Want layers?
Built in. Just drag an image on to the notebook to import instantly.
Want to rearrange layers? Right click select "send forward/back/bring to front/send to back".
Everything snaps to grid by default and is easily resizeable.
I had all the elements for a UI sliced and diced. Wanted to try a bunch of layouts. Was gonna take me two damn days.
Did it in three hours with the notebook features of onenote.
After I started using onenote, me and my bodypillow finally conceived even.
Sweet marries mammaries I just fucking jizzed. Thank you onenote.
P.s. It really did speed up my UI design, allows annotated images, highlighted text. Shit, it can even do kanban.
And all I can think is "good job microsoft making an awesome product for free, being dumb as fuck for not charging for it, and then not marketing it at ALL."
It was sheer fucking luck that I discovered it while was I was looking for vendor STD bloatware to blast off my new install.
OneNote: Worth a try even for the kick-gates-in-the-nuts fan club.
The cloud can suck my balls.20
> Worst work culture you've experienced?
It's a tie between my first to employers.
First: A career's dead end.
Bosses hardly ever said the truth, suger-coated everything and told you just about anything to get what they wanted. E.g. a coworker of mine was sent on a business trip to another company. They had told him this is his big chance! He'd attend a project kick-off meeting, maybe become its lead permanently. When he got there, the other company was like "So you're the temporary first-level supporter? Great! Here's your headset".
And well, devs were worth nothing anyway. For every dev there were 2-3 "consultants" that wrote detailed specifications, including SQL statements and pseudocode. The dev's job was just to translate that to working code. Except for the two highest senior devs, who had perfect job security. They had cooked up a custom Ant-based build system, had forked several high-profile Java projects (e.g. Hibernate) and their code was purposely cryptic and convoluted.
You had no chance to make changes to their projects without involuntarily breaking half of it. And then you'd have to beg for a bit of their time. And doing something they didn't like? Forget it. After I suggested to introduce automated testing I was treated like a heretic. Well of course, that would have threatened their job security. Even managers had no power against them. If these two would quit half a dozen projects would simply be dead.
And finally, the pecking order. Juniors, like me back then, didn't get taught shit. We were just there for the work the seniors didn't want to do. When one of the senior devs had implemented a patch on the master branch, it was the junior's job to apply it to the other branches.
Second: A massive sweatshop, almost like a real-life caricature.
It was a big corporation. Managers acted like kings, always taking the best for themselves while leaving crumbs for the plebs (=devs, operators, etc). They had the spacious single offices, we had the open plan (so awesome for communication and teamwork! synergy effects!). When they got bored, they left meetings just like that. We... well don't even think about being late.
And of course most managers followed the "kiss up, kick down" principle. Boy, was I getting kicked because I dared to question a decision of my boss. He made my life so hard I got sick for a month, being close to burnout. The best part? I gave notice a month later, and _he_still_was_surprised_!
Plebs weren't allowed anything below perfection, bosses on the other hand... so, I got yelled at by some manager. Twice. For essentially nothing, things just bruised his fragile ego. My bosses response? "Oh he's just human". No, the plebs was expected to obey the powers that be. Something you didn't like? That just means your attitude needs adjustment. Like with the open plan offices: I criticized the noise and distraction. Well that's just my _opinion_, right? Anyone else is happily enjoying it! Why can't I just be like the others? And most people really had given up, working like on a production line.
The company itself, while big, was a big ball of small, isolated groups, sticking together by office politics. In your software you'd need to call a service made by a different team, sooner or later. Not documented, noone was ever willing to help. To actually get help, you needed to get your boss to talk to their boss. Then you'd have a chance at all.
Oh, and the red tape. Say you needed a simple cable. You know, like those for $2 on Amazon. You'd open a support ticket and a week later everyone involved had signed it off. Probably. Like your boss, the support's boss, the internal IT services' boss, and maybe some other poor sap who felt important. Or maybe not, because the justification for needing that cable wasn't specific enough. I mean, just imagine the potential damage if our employees owned a cable they shouldn't!
You know, after these two employers I actually needed therapy. Looking back now, hooooly shit... that's why I can't repeat often enough that we devs put up with way too much bullshit.3
My Sunday Morning until afternoon. FML. So I was experiencing nightly reboots of my home server for three days now. Always at 3:12am strange thing. Sunday morning (10am ca) I thought I'd investigate because the reboots affected my backups as well. All the logs and the security mails said was that some processes received signal 11. Strange. Checked the periodics tasks and executed every task manually. Nothing special. Strange. Checked smart status for all disks. Two disks where having CRC errors. Not many but a couple. Oh well. Changing sata cables again 🙄. But those CRC errors cannot be the reason for the reboots at precisely the same time each night. I noticed that all my zpools got scrubbed except my root-pool which hasn't been scrubbed since the error first occured. Well, let's do it by hand: zpool scrub zroot....Freeze. dafuq. Walked over to the server and resetted. Waited 10 minutes. System not up yet. Fuuu...that was when I first guessed that Sunday won't be that sunny after all. Connected monitor. Reset. Black screen?!?! Disconnected all disks aso. Reset. Black screen. Oh c'moooon! CMOS reset. Black screen. Sigh. CMOS reset with a 5 minute battery removal. And new sata cable just in cable. Yes, boots again. Mood lightened... Now the system segfaults when importing zroot. Good damnit. Pulled out the FreeBSD bootstick. zpool import -R /tmp zroot...segfault. reboot. Read-only zroot import. Manually triggering checksum test with the zdb command. "Invalid blckptr type". Deep breath now. Destroyed pool, recreated it. Zfs send/recv from backup. Some more config. Reboot. Boots yeah ... Doesn't find files??? Reboot. Other error? Undefined symbols???? Now I need another coffee. Maybe I did something wrong during recovery? Not very likely but let's do it again...recover-recover. different but same horrible errors. What in the name...? Pulled out a really old disk. Put it in, boots fine. So it must be the disks. Walked around the house and searched for some new disks for a new 2 disk zfs root mirror to replace the obviously broken disks. Found some new ones even. Recovery boot, minimal FreeBSD Install for bootloader aso. Deleted and recreated zroot, zfs send/recv from backup. Set bootfs attribute, reboot........
It works again. Fuckit, now it is 6pm, I still haven't showered. Put both disks through extensive tests and checked every single block. These disks aren't faulty. But for some reason they froze my system in a way so that I had to reset my BIOS and they had really low level data errors....? I Wonder if those disks have a firmware problem? So that was most of my Sunday. Nice, isn't it? But hey: calm sea won't make a good sailor, right?3
I'm working at this company where I have to update their app both for Android and iOS and it was originally coded by what seems to be one guy, that has written some of the worse code I've seen (I've seen pretty bad code when I was at uni), there is so much uncommented code, commented code with no real reason on why it's commented, variables that are one or two letters, Lots and Lots of magical numbers for things like images! And for the first few weeks working on the iOS app I was also still learning objective-c and had to look at his code for reference, I cringed so much.
I take pride in my commented code, I take pride in writing description for methods and having my variables at the top of a class and explain exactly why it's a constant. I'm also only just a recent graduate.
This guy that worked out this app is a senior developer, now working on security software for a bank, how is he even allowed to code?3
//Random Mr. Robot thought//
So this picture and this quote in general has been in my mind quite recently. The first time I saw this scene it just passed through my mind as just a wierd quirk of elliot. But upon further thinking, I question that given Elliot is someone who specializes in network security in a sense. A part of which focuses on finding exploits in networks or even software in general( basically finding the worst in them). And the more I think about that,the more I come to realisation that just like most programmers mix together logic in their life in dealing with people, this scene stands out as an example of just that happening with Elliot and what perhaps, makes him such a good hacker. Perhaps we could all learn from this, or perhaps I'm just looking too much into this. Eh.5
//Proper Haxk20 tech rant
So uhmmm this is interesting.
Apparently Acer decided to not make proper vBIOS for Nitro 5 RX560X and they left some stuff well just empty or to stock.
For example they set the maximum OC clocks to stock so even if you want to overclock you cant exactly on Linux.
OK but why can we OC on windows ?
Well to no ones suprise windows stuff doesnt exactly follow specs published and well they just ignore some stuff so if you want you can OC on windows even past the max OC clocks because oh safety on windows isnt a fucking thing.
OK so how do we fix it on Linux ?
Well we have 2 ways.
1. Is to dump vBIOS. Edit it to contain the proper max limit and load it on startup because flashing it isnt great to do on laptop.
This will get you OC support but takes ages because again this isnt normal GPU. Its desktop GPU in laptop and Acer had to do something to it because oh well. So you will get lot of shit in the way.
Second way you can OC is to lets just say disable the security feature on Linux.
Hmmmm but AMDGPU driver doesnt exactly support that.
What do we do ?
Well if you look at AMDGPU code there is code for overdrive which is basically driver for overclocking support. When you look at the code for it you will be blown away first at what you are looking at but then Oh boom. variables for max clock on memory and core. Bingo.
OK set it to the values and boot the patched kernel. Hmmmmmm why is it so slow ?
Why is it running at minimum clocks ?
Look at the code again and you forgot that drivers use Hz instead of MHz. Yeahhhhhh. OK multiply the value to match Hz and its at stock. But no worries. Now when i tell the GPU to run at clocks past its limit it wont yell at me that i cant do that.
OK now comes a little weird part. I didnt find docs about boot parameters in linux and i didnt find a way to implement them. So if anybody has a way of implementing them please comment here a link to it. I will possibly even make this a patch and send it to kernel since well manual patching is shit.2
I mean how thick do you have to be to not understand what CSRF is? I almost lost a gig to this supposedly 'seasoned' dev who kept bragging about how she takes web security very seriously. I pointed out this flaw in her work and she fucking flipped out and refused to even acknowledge that she might have made a mistake. She kept insisting how it isn't even a vulnerability.
Well, too bad I got the gig for pointing it out.19
Making electronics more difficult to repair with security fasteners and ultrasonically welded plastic nightmares and what have you.. what's the point? The argument from manufacturers is that "users don't want to get in there anyway". But, it's not like even if they could, they'd want to, right? Which type of person that doesn't know electronics very well and has an interest in repairing it would go and look at a board, and say "this is how it works, this and that is broken and this is how it should be repaired"? Not many users can repair their own devices regardless. So why? To preserve IP? Not like the Chinese bootleggers care about that. To preserve sales? Users can't repair their stuff anyway. To keep those who want to peek inside out, just for the hell of it? Anyone determined enough will be willing to break it in the process anyway.7
Today I learned that bugs in Proxmox aren't bugs because they're not *exactly* within the scope of le fancy PVE web UI.
Today I also learned that running Samba on the PVE host is stupid. No real reasons but let's assume security. Well it's decently secured, has good passwords, and the killer is.. it isn't even fucking accessible to the internet! And even if it was, privilege separation is no secret to me.
But clearly I'm an idiot for even thinking about running Samba on PVE. Well guess what?! PVE is aimed at sysadmins that want to deploy a virtualization server. It's not a big stretch to imagine that those sysadmins might be halfway competent and want to run external services on the PVE host, is it.
But apparently it is. I'm an idiot and bugs aren't bugs anymore. Go fucking kill yourself, motherfuckers in the ##proxmox IRC channel. I really hope that your servers will go down on Friday when you're on call. Fucking cunts 😑
Edit: IRC chatlog @ https://clbin.com/nU9Fu13
After a few weeks of being insanely busy, I decided to log onto Steam and maybe relax with a few people and play some games. I enjoy playing a few sandbox games and do freelance development for those games (Anywhere from a simple script to a full on server setup) on the side. It just so happened that I had an 'urgent' request from one of my old staff member from an old community I use to own. This staff member decided to run his own community after I sold mine off since I didn't have the passion anymore to deal with the community on a daily basis.
O: Owner (Former staff member/friend)
D: Other Dev
O: Hey, I need urgent help man! Got a few things developed for my server, and now the server won't stay stable and crashes randomly. I really need help, my developer can't figure it out.
Me: Uhm, sure. Just remember, if it's small I'll do it for free since you're an old friend, but if it's a bigger issue or needs a full recode or whatever, you're gonna have to pay. Another option is, I tell you what's wrong and you can have your developer fix it.
O: Sounds good, I'll give you owner access to everything so you can check it out.
Me: Sounds good
*An hour passes by*
O: Sorry it took so long, had to deal with some crap. *Insert credentials, etc*
Me: Ok, give me a few minutes to do some basic tests. What was that new feature or whatever you added?
O: *Explains long feature, and where it's located*
Me: *Begins to review the files* *Internal rage wondering what fucking developer could code such trash* *Tests a few methods, and watches CPU/RAM and an internal graph for usage*
Me: Who coded this module?
O: My developer.
Me: *Calm tone, with a mix of some anger* So, you know what, I'm just gonna do some simple math for ya. You're running 33 ticks a second for the server, with an average of about 40ish players. 33x60 = 1980 cycles a minute, now lets times that by the 40 players on average, you have 79,200 cycles per minute or nearly 4.8 fucking cycles an hour (If you maxed the server at 64 players, it's going to run an amazing fucking 7.6 million cycles an hour, like holy fuck). You're also running a MySQLite query every cycle while transferring useless data to the server, you're clusterfucking the server and overloading it for no fucking reason and that's why you're crashing it. Another question, who the fuck wrote the security of this? I can literally send commands to the server with this insecure method and delete all of your files... If you actually want your fucking server stable and secure, I'm gonna have to recode this entire module to reduce your developer's clusterfuck of 4.8 million cycles to about 400 every hour... it's gonna be $50.
D: *Angered* You're wrong, this is the best way to do it, I did stress testing! *Insert other defensive comments* You're just a shitty developer (This one got me)
Me: *Calm* You're calling me a shitty developer? You're the person that doesn't understand a timer, I get that you're new to this world, but reading the wiki or even using the game's forums would've ripped this code to shreds and you to shreds. You're not even a developer, cause most of this is so disorganized it looks like you copy and pasted it. *Get's angered here and starts some light screaming* You're wasting CPU usage, the game can't use more than 1 physical core, and after a quick test, you're stupid 'amazing' module is using about 40% of the CPU. You need to fucking realize the 40ish average players, use less than this... THEY SHOULD BE MORE INTENSIVE THAN YOUR CODE, NOT THE OPPOSITE.
O: Hey don't be rude to Venom, he's an amazing coder. You're still new, you don't know as much as him. Ok, I'll pay you the money to get it recoded.
Me: Sounds good. *Angered tone* Also you developer boy, learn to listen to feedback and maybe learn to improve your shitty code. Cause you'll never go anywhere if you don't even understand who bad this garbage is, and that you can't even use the fucking wiki for this game. The only fucking way you're gonna improve is to use some of my suggestions.
D: *Leaves call without saying anything*
TL;DR: Shitty developer ran some shitty XP system code for a game nearly 4.8 million times an hour (average) or just above 7.6 million times an hour (if maxed), plus running MySQLite when it could've been done within about like 400 an hour at max. Tried calling me a shitty developer, and got sorta yelled at while I was trying to keep calm.
Still pissed he tried calling me a shitty developer...
So a couple months ago, my dad called me to try and solve a problem he was having in his work.
You see, my dad owns a driving school and he was teaching 14 and 15yo kids how to ride mopeds and their theory exams are made in the school's facility, by going to this website of the entity that rules the moped teaching thing. When the time to have the exams came, they couldn't even see the exams and one of the kids had one of his attempts wasted (they had 3 attempts). We mailed and called the entity multiple times, to no avail, as they told us to "check the website, the instructions are all there". They were also trying to get it together but they couldn't. Here's the "funny" part: the software in which the exams were done ran on XP and there was no way in hell we could make it work on our W10 PCs. Not to mention this is a natiowide problem.
We reinstalled Java to v.7.9 (I think...?) as the "instructions" told us, with no results whatsoever.
So my dad decided to call me and asked me to bring a PC that didn't run W10. The closest thing to XP I could think of was my uncle's Toshiba, that had Vista, so I went to his house and grabbed it and drove to my dad's school. Even in compatibility mode, it didn't work. Everyone was in despair LoL. I was even put on the phone with the entity's technician, who didn't know how to solve it either but was trying, as well with our tech guy.
After a bit of running around and crying inside, our secretary remembered we still had a tower on site that ran XP. We went for the thing and connected it and booted it up. After reinstalling Java and setting security to "medium" (required), and meddling with zoom (the window was too small to show the whole exam and if the window showed up before we set the zoom to 75% or so we couldn't choose the answers) it was finally set to do the exams.
I've never felt so relieved for solving tech stuff LoL. It took me 3h to get it done and I feel it would have been easier if we had remembered about the tower earlier but oh well what can one do.8
Trying to log in as a vendor on a client's timesheet web portal,
Web only accessible on safari,
Latest Java must be installed,
Java security must be set to highest, but Java applet for 2 very specific domain must be allowed,
An Avast antivirus must be installed for reason as below,
Must access the web, wait for applet to run and check computer's security settings, only if it's satisfactory will then redirect to a login page,
In which I spent an hour trying to figure out why I cannot login with my username, until another friend has same problem, what in common between us is both our names are long, and after experimenting, we found out that inputting only 20 characters of our name enabled us to login,
After login another tiny app will be installed and activate a VPN, in which then we are able to access the actual system,
The VPN will only active for 15-20 minutes tops, after that we will be kicked out and had to repeat the whole process,
Sometimes it works, sometimes it's not, even worse sometimes the only way to make it work again is to restart the computer, and redo the steps in exact same way
I wanna make you feel what you have brought into my house!!
I was working with security cameras once in a home automation project. One of those camera particularly stand out by offering a cgi without password request to view and change the current passwort and username.
Seriously wtf is wrong with you? I mean this thing automatically connects to an internet service offering everyone to connect to it with that passwort and username. And I know some of you might say "hey chill the cgi is only available on the wifi" - dammit no. Security is a lifestyle do it complete or get the fuck out. God knows what other mistakes there might be hidden in that thing screaming out to everyone to watch me taking a shit.
But that's not the end of it. My company arranged a call to the technical support of that camera so that I can explain the problem and a patch gets released. Those guys didn't give a shit about it and were even laughing at me. Fuck you!
So whoever is responsible - I will find you - and you will never see me coming.4
Holy fcuk! Can anyone here help me understand how this domain is possible?
WARNING: obviously its a spam site. Take necessary security precautions if you are going to visit.
the following domain opens a cluster fuck domain name! >> secret.ɢoogle.com
That ɢ is not what it looks like. How is such domains possible to exist? Even more surprising, how is this sub domain -ception possible?7
Alright lads here is the thing, have not been posting anything other than replies to things cuz I have been busy being miserable at school and dealing with work stuff.
Our manager left us back in February. Because she was leaving I decided that I wanted to try a different path and went on to become a programmer analyst for my institution, if anything I knew that it was going to be pretty boring work, but it came with nice monetary compensation and a foot in the door for other data science related jobs in the future. Thing is, the department head asked me to stay in the web technologies department because we had a lack of people there and hiring is hard as shit, we do not do remote jobs since our work usually requires a level of discretion and security. Thus I have been working in the web tech department since she left albeit with a different title since I aced the interview for the analyst position and the team there were more than happy to have me. I have done very few things for them, some reports here and there and mostly working directly with the DBA in some projects. One migration project would have costed my institution a total of 58k and we managed to save the cost by building the migration software ourselves.....honestly it was a fucking cake walk, if you had any doubts about the shaddyness of enterprise level applications regarding selling overpriced shit with different levels of complexity, keep them, enterprise is shaddy af indeed. But I digress.
I wrote the specification for the manager position along the previous manager, we had decided that the next candidate needed to be strong with development knowledge as well as other things as to properly understand and manage a software team, we made the academic requirement(fuck you, yes we did ask for academic requirements) to be either in the Computer Science/software engineering area or at least on the Business Administration side. We were willing to consider BA holders in exchange for having knowledge of the development process of different products and a complete understanding of what developers go through. NOT ONE SINGLE motherfucker was able to satisfy this, some of them were idiots that I knew from before that had ABSOLUTELY no business even considering applying to the position, the courage it took for some of these assholes to apply would have hurt their mothers, their God if they had one, and their country, they were just that fucking bad in their jobs as well as being overall shit people.
Then we had 1 candidate actually fall through the cracks enough to get an interview. My dude here was lying out of his ass through the interview process. According to him he had "lots of Laravel experience and experience managing Laravel projects" and mentioned repeatedly how it would be a technology that we should consider for our products. I was to interview him alongside the vice president of our institution due to the head of my department and the rest of the managers for I.T being on vacation leave all at the same bloody time.
Backstory before the interview:
Whilst I was going over the interview questions with the vice president literally offered me the job instead. I replied with honesty, reflecting how I did not originally wanted him but feeling that our institution was ready to settle on any candidate due to the lack of potentials. He was happy to do it since apparently both him and the HOD were expecting me to step up sooner or later. I was floored.
Regardless, out of kindness he wanted to go through the interview.
So, going back to the interview. As soon as the person in question referenced the framework I started to ask him about it, just simple questions, the first was "what are your thoughts on the Eloquent ORM? I am not too fond of it and want to know what you as a full time laravel dev think of it"
his reply: "I am sorry I am not too familiar with it, I don't know what that is" <--- I appreciated his honesty in this but thought it funny that someone would say that he was a Laravel developer whilst not knowing what an ORM was since you can't really get away from using it on the initial stages of learning about Laravel, maybe if one wanted to go through the hurdle of switching to something like doctrine...but even then, it was....odd.
So I met with the hod when he came back, he was stoked at the prospect of having me become the manager and I happily accepted the position. It will be hell, but I don't even need to hit the ground running since I have been the face of the department since ages. My team were ecstatic about it since we are all close friends and they have been following my directions without complaints(but the ocational eat a dick puto) for some time, we work well together and we are happy to finally have someone to stop the constant barrage that comes from people taking advantage of a missing manager.
Its gonna get good, its gonna get fun, and i am getting to see how shit goes.7
So my dad is watching some movie from the nineties titled "Hackers". Here are some lines from it:
"So I got into a server, looked around, run some commands. Only then did I realize that it was a bank server"
How can you not know what server are you hacking? And how did you later find out that it was a bank? For all you know you might be hacking into somebody's blog.
Hacker 1: So how are you gonna hack that database?
Hacker 2: I don't know yet.
H1: I would use a vulnerability in their security
That's like saying you would enter a building using the front doors.
Did whoever wrote the script for this movie even consulted somebody that knows at least something about hacking?6
Oh boy, this is gonna be good:
TL;DR: Digital bailiffs are vulnerable as fuck
So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:
The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.
So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!
I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.
Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!
Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...
The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.
But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.
So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)
So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"
So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones6
Hey guys it's not a rant, but i feel this place might help...
I am a 20 yr old, second year guy ...have got some experience in core Java and after that, i have been doing android for 8months... Yeah , i coded some basic apps got my hands dirty on firebase, sql libraries and some connectivity...
Even got landed in an internship.
Today i feel myself to be an intermediate android dev , nd i know their are many things that can be learnt in android that i don't know..
But what after that?development as a carrier interests me, but i fear for a job security ... I could learn more of Android,maybe learn ios after that but their are always articles coming out that react is future, webapps will replace android and stuff like that...
I Have also heard stuff like companies today want to squeeze more out of their techs, so they want less and complete developers having experience in both web and mobile app designing and other stuff like that
Are you freakin kidding me? Android and ios alone are like drinking Pacific and indian ocean and to add web developing, its like drinking out every drop of ocean in the world.
I guess their are guys which exist with knowledge of all three, maybe I can cover them all too(someday) but that would take my whole clg life of 4 years..(I guess)
And no ,I don't have problems with that too.. I actually like developing but again i hear big words like cloud computing, AR,VR AI, data sciences, automation, graphics designing, game dev, and many more...
Basically i hear too much and i fear too much 😅 and i don't think closing my ears would be a good choice...
So, which ocean of carrier should i aim to go for?nd are my fears real? Do companies really prefer some web guy designing Amazon like apps over android-only guys like me?is automation nd templates really gonna take all we, developers jobs?should i look into ai/data sciences?
Well , i am a simple guy, who got his first pc at 17 so naturally, i am fascinated even by the working of a calculator app and anything relates to tech so am open to pursue my interests in any fields24
Despite common sense, I think technology is not making our lives easier. It's just build chaos on top of chaos.
Take server-side programming for instance.
First you have to find someone to host your thing, or a PaaS provider. Then you have to figure out how much RAM and storage you need, which OS you're going to use. And then there's Docker (which will run on top of a VM on AWS or GCP anyway, making even less sense). And then there's the server technology: nginx, Apache (and many many more; if, that is, you're using a server at all). And then there are firewalls, proxies, SSL. And then you go back to the start, because you have to check if your hosting provider will support the OS or Docker or your server. (I smell infinite recursion here.)
Each of these moving parts come with their own can of worms in terms of configuration and security. A whole bible to read if you want to have the slightest clue about what you're doing.
And then there's the programming language to use and its accompanying frameworks. Can they replace the server technology? Should you? Will they conflict with each other and open yet another backdoor into your system? Is it supported by your hosting provider? (Did I mention an infinite recursion somewhere?)
And then there's the database. Does it have a port to the language/framework of your choosing? Why does it expose an web interface? Is it supposed to replace your server? And why are its security features optional again? (Just so I have to test both the insecure and the secure environments?)
And you haven't written a single line of code yet, mind you.4
I'm a geek. I love programming alot and I post programming memes and educational posts daily in my Instagram stories. There were many people in my profile who don't even know what programming is and when they see someone coding or sharing something related to coding, they call him/her hacker. That's what I used to be called in my Instagram account. I don't even know how to use Kali Linux, neither do I have any backend experience or experience in making exploits nor I shared any post related to hacking. Though I do post about cyber security things but the people are so dumb that everyday I get a new message in which the person asks me 'Bro can you teach me how to hack?', 'Bro let's hack a bank and we'll divide the funds' or 'Can you please hack my GF's account' and shits like that 😂 I'm like 'WTF is this!? What do you think I'm man!?' 😂😂 They all are really way too silly.
Please ++ this if ever happened with you 😂3
this just happened a few seconds ago and I am just laughing at the pathetic site that is Facebook. xD
4 years ago:
So I was quite a noobie gamer/hacker(sort of) back then and i had a habit of having multiple gmail/fb accounts, just for gaming, like accounts through which i can log in all at once in the same poker room, so 4/5 players in the game are me, or just some multiple accounts for clash of clans for donations.
I had 7-8 accounts back then. one had a name that translated to "may the dead remain in peace "@yahoomail.com . it was linked to fb using same initials. after sometime only this and 2 of my main accs were all i cared about.even today when i feel like playing, i sometimes use those accs.
2 years ago.
My dad is a simple man and was quite naive to modern techs and used to hang around with physical button nokia phones.But we had a business change, my father was now in a partnership in a restaurant where his daily work included a lot of sitting job and and casual working. So he bought a smartphone for some time pass.
He now wanted to download apps and me to teach him.I tried a lot to get him his own acc, but he couldn't remember his login credentials.
so at the end i added one of my own fake ID's(maythedead...) so he could install from playstore, watch vids on youtube and whatever.
The Actual Adventure starts now
Today, 1 hour ago:
I had completely forgot about this incident, since my parents are now quite modern in terms of tech.
But today out of nowhere i recieved an email that someone has JUST CHAINGED MY FB PASSWORD FOR ONE OF MY FAKE ACCS!?!??
what the hell, i know it was just a useless acc and i never even check my fb from any acc these days, but if someone could login into that acc, its not very difficult to track my main accs, id's, etc so i immediately opened this fb security portal and that's where the stupidity starts:
1)To recover your account they FUCKIN ASKS FOR A PHYSICAL ID. yeah, no email, no security question you have to scan your driving license or passport to get back to your account.And where would I get a license for some person named "may the dead remain in peace"? i simply went back.
2) tried another hack that i thought that will work.Closed fb help page, opened fb again , tried to login with my old credentials, it says" old password has been changed,please enter new password", i click forget password and they send an otp. i thought yes i won, because the number and recover mail id was mine only so i received it.
when i added the otp, i was first sent to a password change page (woohoo, i really won! :)) but then it sends me again to the same fuckin physical id verification page.FFFFFFFFFuck
3)I was sad and terrified that i got hacked.But 10 mins later a mail comes ,"Your Facebook password was reset using the email address on Tuesday, April 10, 2018 at 8:24pm (UTC+05:30)."
I tried clicking the links attached, hoping that the password i changed(point<2>) has actually done something to account.NADA, the account still needs a physical license to open:/
4) lost, i just login to my main account and lookup for my lost fake account. the fun part:my account has the display pic of my father?!!?!
So apparently, my father wanted to try facebook, he used the fake account i gave him to create one, fb showed him that this id already has an fb account attached to it and he accidently changed my password.MY FATHER WAS THE HACKER THE WHOLE TIME xD.
but response from fb?" well sir, if you want your virtually shitty account back , you first will have to provide us with all details of your bank transactions or your voter id card, maybe trump will like it"
Don't get me wrong, I am a huge fan of disparate microservices when building applications. I started 4 years ago building monolithic applications on symfony, laravel and .net.
SPAs have not only made my applications more flexible but have allowed me to build more flexible front ends. But I almost ALWAYS have this dirty, unorganized feeling when working in this microserviced approach.
My data always feels scattered. Because my backend doesn't have as tight of a grip on what view is being rendered and what data it gets, I am always left with a sense of disorganization and lack of security. I have more anxiety that my application will unravel at any given moment then I've ever had and that keeps me up at night.
Does anyone else feel this way when working with disparate systems?
And dont even get me started on mongo. Again, I love it, but the feeling of disorganization is intense when using it.4
Because of some theft this year and even though we already have security cameras, my apartment building decided to check the front door locks so it's more secure.
This key looks very high tech... Only issue though is I never use the key anyway... I just entered the door code...
So what is the point of changing the locks? I'm going to guess whoever is stealing isn't picking the lock... People would notice... They must know the code.
Also it seems most of the apartment locks are digital key card/pins too. Wondering if this just means most owners are young or just are techies/devs...9
So someone decides that the employees need to do these stupid Web-based training's that not even high school kids should be looking into.
What is about ?
Security and Cryptography, and now event the real stuff.
What it covers?
Alice and Bob, Bob and Alice.
Alice wants Bob some pics/messages that she suspects someone else will see. DDDDDDAAAAAAAFFFFFFFAAAAAAAAAKKKKKK
A total of 7 useless time wasting interactive and annoying training's, 20+ min each.
But someone forgot that please do not send this shit to engineers of your company, specially Software/Network engineers. Oh another subset, specially not to those who work deeper into the domain.
I'm getting paid to do this time wasting activity, and still.
I also may come back and remove this BUT FOR NOW I NEED TO RANT.
I don't understand privacy advocators.
Am I the only one who wouldn't give up practicality in exchange for "potentially more secure"?
I don't understand so much what the deal is with people who avoid Facebook, or don't trust Google or Microsoft, just in the basis of "privacy" or "security".
Websites tracking you to serve ads? Well, it's pointless because I very rarely buy something from the internet or let myself be influenced, ads are waste of time, just use an adblocker.
I can pretty much upload my whole life or documents on Google drive, even if I made it public no one would really care or read it all. It's like that GitHub project you uploaded but never documented, so no one cares. I usually use alternative software not because of "privacy" but because it has features other software doesn't have.
In reality you realize people aren't that interested in your life more than their own life.24
OKAY BUT WHY THE FUCK DO PEOPLE HAVE TO ACT LIKE THEY'RE SOME KIND OF GOD WHEN THEY CAN'T EVEN PASS AN INTRO CLASS. Some background: I go to an early college in high school program which offers computer science where you take two college classes a semester starting you junior year in high school. AND THIS GIRL TALKS ABOUT THIS PROGRAM LIKE IT'S AWFUL AND SHE HATES IT AND HOW THE PROFESSORS DON'T TEACH AND SHE FAILED AN INTRO TO PROGRAMMING CLASS WHICH TEACHES JAVA BUT THEN SHE ACTS LIKE SHE'S WAY ABOVE THE OTHER KIDS IN MY CLASS BECAUSE SHE'S RETAKING IT. SHE'S ALSO A STUDENT ASSISTANT IN MY CYBER SECURITY CLASS BUT DOESN'T KNOW WHAT THE localhost IP IS. I UNDERSTAND THAT I DON'T KNOW EVERYTHING BUT AT LEAST I DON'T ACT LIKE I DO. IT'S SO INFURIATING!!!!!!
So one of my clients had a different company do a penetrationtest on one of my older projects.
So before hand I checked the old project and upgraded a few things on the server. And I thought to myself lets leave something open and see if they will find it.
So I left jquery 1.11.3 in it with a known xss vulnerability in it. Even chrome gives a warning about this issue if you open the audit tab.
Well first round they found that the site was not using a csrf token. And yeah when I build it 8 years ago to my knowledge that was not really a thing yet.
And who is going to make a fake version of this questionair with 200 questions about their farm and then send it to our server again. That's not going to help any hacker because everything that is entered gets checked on the farm again by an inspector. But well csrf is indeed considered the norm so I took an hour out of my day to build one. Because all the ones I found where to complicated for my taste. And added a little extra love by banning any ip that fails the csrf check.
Submitted the new version and asked if I could get a report on what they checked on. Now today few weeks later after hearing nothing yet. I send my client an email asking for the status.
I get a reaction. Everything is perfect now, good job!
In Dutch they said "goed gedaan" but that's like what I say to my puppy when he pisses outside and not in the house. But that might just be me. Not knowing what to do with remarks like that. I'm doing what I'm getting paid for. Saying, good job, your so great, keep up the good work. Are not things I need to hear. It's my job to do it right. I think it feels a bit like somebody clapping for you because you can walk. I'm getting off topic xD
But the xss vulnerability is still there unnoticed, and I still have no report on what they checked. So I have like zero trust in this penetration test.
And after the first round I already mentioned to the security guy in my clients company and my daily contact that they missed things. But they do not seem to care.
Another thing to check of their to do list and reducing their workload. Who cares if it's done well it's no longer their responsibility.
2018 disclaimer: if you can't walk not trying to offend you and I would applaud for you if you could suddenly walk again.2
So I enventually spent 2 years working for that company with a strong b2b market. Everything from the checkouts in their 6 b2c stores to the softwares used by the 30-people sales team was dependant on the main ERP shit home-built with this monstruosity we call Windev here in France. If you don't know it just google and have some laugh : this is a proprieteray FRENCH language. Not french like made by french people, well that too, but mostly french like the fucking language is un fucking french ! Instructions are on french, everything. Hey that's my natural language okay, but for code, really ?
The php website was using the ERP database too, even all the software/hardware of the massive logistic installation they had (like a tiny Amazon depot), and of course the emails of all employees. Everything was just handled by this unique shitty and so sloooooow fucking app. When there was to many clients on the website or even too many salespeople connected to the ERP at the same time, every-fuckin-piece of the company was slowing down, and even worse facing critical bugs. So they installed a monitor in the corner of a desk constantly showing the live report page of Google analytics and they started panic attacks everytime it was counting more than 30 sessions on the website. That was at the time fun and sad to observe.
The whole shit was created 12 years ago and is since maintened locally by one unique old-fashion-microsoft dev who also have to maintain all the hardware of all the fucking 150+ people business. You know, when the keyboard of anyone is "broken" cause it's unplugged... That's his job too. The poor guy was totally overstressed on a daily basis and his tech knowledge just saddly losts themeselves somewhere in the way. He was my n+1 in a tech team of 3 people : him, a young and inexperimented so-called "php developer" who was in charge of the website (btw full of security holes I discovered and dealed with when I first arrive at the job), and myself.
The database was a hell of 100+ tables of business and marketing data with a ton of specific logic added on-the-go during years. No consistent data model or naming. No utf8. Fucked up relations that ends with queries long enough to fill books. And that's not all, all the customers passwords was just stored there uncrypted. Several very big companies and administrations were some of these clients. I was insisting on the passwords point litterally all the time, that was an easy security fix and a good start... But no, in two years of discussions on the subject I never achieved to have them focusing on other considerations than "our customers like that we can remind them their password by a simple phone call if they lost it". What. The. Fuck. WHATTHEFUCK!
Eventually I ran myself out of this nightmare. I had a few bad jobs already, and worked on shitty software already. But that one really blows my mind (and motivation for a time too). Happy it's over.1
When i was younger, lesser experienced and more naive than now; i got away with a lot of things. By lot of things i mean security flaws in my applications and overall architecture. I realise now i could've so easily been pawned.
Not that i claim to be totally secure even now, or would ever. It is a process, slow and painful one - Learning.
What i wish to point out is the role of favorable probability (non believers would call it luck). Security is so much about it. You get away with so many things for so long. And bang one day the roll of dice is unfavorable. On such rare occasions, just look back and wonder - damn i should've been breached long ago.2
My university has a internal developed system, where everything is managed from e-mails, exams to personal data.
What I'd like most about it, they talk all day about Internet Security and store our passwords in plain text and if you press the "I've forgott my Password button", they even send your password unencrypted, plaintext via e-mail. (Hello Wiresharks)
I don't know how to feel about this, it just hurts :(1
I freelanced for a startup one time, and found out they had ten of thousands of records stored in their DB about dental patients, inducing name, address, social security #, some medical history, etc. All in plain text. Worst part is they hired me after a 20 min phone call, and didn't even sign a NDA!
Makes me paranoid to use the Internet knowing what some of these companies do.2
Many advantages of being a dev:
- You can work on multiple projects simultaneously.
- You solve problems for a living, how cool is that!
- Job security (Even if you get fired or something, you can still earn your bread with your skills)
- Even if you are bed ridden or get in an accident or get old, you can still work(kind of a pessimist).
But the best part is, you get to do what you love(for me its true).1
Client doesn't want me to use internet, while connecting to their vpn to code. It's a security 'violation', it seems. Do they think I am Denise Richie to code without internet? And the catch is I code for OpenFlow with OpenNetworkLinux+OpenNIE. I mean, do they even understand what Open means in all these?11
I don't know what you did yesterday, but i did make my company throw away 2 months of progress.
It all started in the beginning, since that i've made numerous complaints about the workflow or code and how to improve it. I've been told off every time, and every time i either told the boss who agreed in the end or wrote code to prove myself. Everything was a hassle and my tasks weren't better.
Team lead: you'll do X now, please do that by making Y.
Me: but Y is insecure, we should do Z.
Team lead: please do Y
Later it turns out Y is impossible and we do Z in the end...
Team lead: please do W now
Me, a few days later: i've tried and their server doesn't give http cors headers, doing W in the browser is impossible
Team lead, a few days later: have you made progress on W?
Me: * tells again it's impossible and uploads code to prove it *
Team lead: * no response *
After that i had enough. Technically i still was assigned to do W, but i used my time to look over the application and list all the things wrong with it. We had everything, giant commits, commented out code, unnecessary packages, a new commit introduced packages that crashed npm install on non-macs, angularjs-packages even though we use angular, weird logic, a security bug, all css in one file even though you can use component-specific css files...
I sent that to my boss, telling him to let the backend-guys have a look at it too and we had a meeting about this. I couldn't attend but they agreed with me completely. They decided to throw away what we have already and to let one of the backend-guys supervise our team. I guess there will be another talk with the team lead, but time will tell.
It feels so good having hope to finally escape this hellish development cycle of badly defined task, bad communication and headache-inducing merges.
My internship is about to end in two months. I was under the impression that I'll start looking for a job towards mid August and then decide what to do. I didn't expect my company to offer me a position so early before my internship ended.
Initially I had liked the place. The work was pretty relaxed and I had quite a bit of freedom. Soon enough, I proved my worth and my team started respecting my opinions and suggestions. They even consulted me on multiple occasions.
The first thing I noticed on the downside was the company, despite being resourceful enough and having a decent turnover and important clients, was quite stingy in terms of employee welfare. There was no coffee. There was machine but you had to buy the capsule for yourself. And that sucks. I know I don't need to say more but the other problems were there was no enterprise subscription (or any subscription) to PhpStorm even though our team handled so many PHP projects. I know IDEs are personal preferences but not having any professional IDEs is not something to let slide. The lead dev uses NetBeans (and not because he loved it or anything). Even though I worked on WebDev and front end, I had no option to ask for a second screen. I had one display apart from my laptop. Usually most companies in Paris provides food tickets for internships and this company did not even give me that. And worst of all, there wasn't really anyone I looked up to. As much as I enjoy responsibilities and all, I don't think I should be in an environment where I have nothing much to learn from my seniors. For some fucked sense of security and certainty, I was willing to overlook all this when they offered me a position. But I recently had my interview and the regional manager, a fuck face who still makes me wonder how he reached his position, made a proposal for some quite a small amount of salary. What infuriated more than his justifications was his attitude itself. There was absolutely no respect whatsoever. It was more like "We'll give you this, I think this is more than enough for you. Take it or do whatever you want". I asked for more and he didn't even bother negotiating. I declined the offer.
Now this would have solved all the issues. But my manager and my lead dev like me a lot. Both of them are pretty nice people. They both were bothered with the fact that I had turned down the offer. My manager even agreed that the offer was too low and had already given me tips to help me negotiate. But after I turned down the offer, she went and discussed the issue with the regional manager and he offered me a new proposal. This time it was decent but still under my expectations. I'm pretty sure I can do better elsewhere. I said I need time to think about it. I get multiple advises from people to take it atleast so that I get my visa converted to a work permit. For some reason, I want to take the risk and say no. And find something else. But today my lead dev called me aside and asked me if was going to say no. He really tried to influence me by telling me a lot of good things about me and telling me about the number of different projects we're going to start next month and all that. Even though I'm fully convinced that I don't want to work here, just the sheer act of saying no to these two people I respect is sooo fucking difficult for me that I can already imagine me working here for the next one year. The worst part is I can clearly classify their words and sentences into stuff they say to canvass me, stuff they're bullshitting about and flattery just to make me stay. Despite knowing I'm being taken advantage of, some fucked up module in my head wouldn't stop guilt tripping me. I don't know what to do. If I only I could find a really better job.
Pardon the grammatical errors if any. I'm just venting out and my thoughts branch in 500 different ways simultaneously.5
Warning: This is gonna come across as a little cringe/self-pitying, but whatever
Jesus Christ I'm so fucking lonely it literally hurts. I know I should be grateful I have a hobby in coding, also recently I got my first job as a developer (even if I'm overworked and paid shit all with poor job security), but I swear what will eventually kill me will be my own hand cos this empty feeling is unbearable at times.
Also, I'll try to ask this in the most politically correct way possible: how do you single guys in your 20s/30s cope with the lack of females in the industry? I absolutely do not mean this in a "making-unwarranted-advances" sort of way; I just mean that we're biologically wired to desire some form of interaction with the opposite sex (unless you're queer), and this happens naturally in most professions but obviously not engineering/software dev. It's especially difficult when you don't have a big social circle so your job basically becomes your life.
So... For those of you who can relate, what do you do? Do you make an effort to socialize outside work? Or maybe you're lucky enough to work somewhere with a diverse mix of people? Should I blame Zuckerberg for damaging my adolescent brain and turning me into a needy piece of crap?8
Have you ever had the moment when you were left speechless because a software system was so fucked up and you just sat there and didn't know how to grasp it? I've seen some pretty bad code, products and services but yesterday I got to the next level.
A little background: I live in Europe and we have GDPR so we are required by law to protect our customer data. We need quite a bit to fulfill our services and it is stored in our ERP system which is developed by another company.
My job is to develop services that interact with that system and they provided me with a REST service to achieve that. Since I know how sensitive that data is, I took extra good care of how I processed the data, stored secrets and so on.
Yesterday, when I was developing a new feature, my first WTF moment happened: I was able to see the passwords of every user - in CLEAR TEXT!!
I sat there and was just shocked: We trust you with our most valuable data and you can't even hash our fuckn passwords?
But that was not the end: After I grabbed a coffee and digested what I just saw, I continued to think: OK, I'm logged in with my user and I have pretty massive rights to the system. Since I now knew all the passwords of my colleagues, I could just try it with a different account and see if that works out too.
I found a nice user "test" (guess the password), logged on to the service and tried the same query again. With the same result. You can guess how mad I was - I immediately changed my password to a pretty hard.
And it didn't even end there because obviously user "test" also had full write access to the system and was probably very happy when I made him admin before deleting him on his own credentials.
It never happened to me - I just sat there and didn't know if I should laugh or cry, I even had a small existential crisis because why the fuck do I put any effort in it when the people who are supposed to put a lot of effort in it don't give a shit?
It took them half a day to fix the security issues but now I have 0 trust in the company and the people working for it.
So why - if it only takes you half a day to do the job you are supposed (and requires by law) to do - would you just not do it? Because I was already mildly annoyed of your 2+ months delay at the initial setup (and had to break my own promises to my boss)?
By sharing this story, I want to encourage everyone to have a little thought on the consequences that bad software can have on your company, your customers and your fellow devs who have to use your services.
I'm not a security guy but I guess every developer should have a basic understanding of security, especially in a GDPR area.2
rant = Rant.STORY_TIME
This is still something funny me and my friends often remember.
There was once upon a time we were young and stupid, playing on the internet with fake credit card numbers, sometimes we had luck and the orders passed.
We were on the living room, checking who could put an order for a coffee machine, while another friend of mine was talking about the deep web and what he found there.
Suddenly, someone knocks really hard on the door... We went silent...
Me: "Who's there?"
Voice: Federal Police, open up!
I went blank, close my laptop as fast as possible, I thought of throwing it away through the window. My friends panicked, I had my laptop upside down, opening the lid to remove the HDD.
One of my friends stood up and went to the door, looked through the eyehole.
Friend: *whispering* The eyehole's covered!
We quickly stood up and looked at each other, like we were acknowledging our wrong doing and getting ready to face the consequences.
I took a deep breath and put the key in the door to open it. Sudden heavy knock again. I jumped and yelled "I'm on it, wait a minute!".
Slowly I opened the door... And there they were, another two of my friends.
F1: hey...what, what happened? Why are you so scared.
They stepped in while we told them what we were doing and they laughed their asses off.
We were shit scared, and those two were laughing.
So, nowadays, I don't even think about doing that kind of stuff again and I'm hoping to make a Master's degree in security...or electronics, whatever happens first.
TLDR; Default admin login on WEP encrypted WLAN router for getting free stuff at my hair stylist studio.
Free WLAN in my hair stylist studio: They had their WEP key laying around in the waiting area. Well, I am not very happy with WEP, thought that they never heard of security. Found the default GW address, typed it into my browser and pressed Enter, logged in with admin/1234 and voila, I was root on their ADSL router 😌 Even more annoyed now from such stupidity I decided to tell the manager. All I told him was: You use a default login on your router, you give the WiFi password for free, WEP is very very insecure and can be hacked in seconds, and do you know what criminals will do with your internet access? He really was shocked about that last question, blank horror, got very pale in just one sec. I felt a little bit sorry for my harsh statement, but I think he got the point 😉 Next problem was: he had no clue how to do a proper configuration (he even didn't knew the used ISP username or such things). Telled me that 'his brother' has installed it, and that he will call him as soon as possible. Told him about everything he should reconfigure now, and saw him writing down the stuff on a little post-it.
Well, he then asked me what he can pay me? Told him that I don't want anything, because I would be happy when he changes the security settings and that is pay enough. He still insisted for giving me something, so I agreed on one of a very good and expensive hairwax. Didn't used it once 😁
Some weeks later when I was coming back for another hair cut: Free WLAN, logged in with admin/1234, got access and repeated all I did the last time once more 😎
HOW CAN YOU NOT LEARN FROM FAILS??2
Windows 10 updates. I see many posts about singular events that people have experienced, so I thought I'd try to sum up all the problems I have had.
Home computer, always on:
Is scheduled to update during 'inactive hours' but the options for that window are too narrow. So almost daily the 'required updates' overlay pops up WHILE I'M DOING STUFF and I have to say 'Ok' then close the update settings window that opens automatically so I can get on with what I'm doing.
Now, if I'm just browsing, writing or something like that, it's just really annoying.
But when I'm gaming and it causes the game to freeze up (because, you know, ubisoft and ea and such) and I lose my progress, that pisses me off.
When I'm hosting movie night with my friends and the movie gets interrupted, that pisses me off.
Even when I'm just trying to relax with a good show after a hard day and THAT gets interrupted, it really bugs me.
And then when there's a major update and I don't want to schedule it right away, they decide that I probably meant 'do it in an hour'. And then a message pops up every hour with only the option to postpone one more hour. What happened to all the options for scheduling it for several days in the future? Nope! Can't decide? We'll do it RIGHT NOW, NO TAKEBACKS, THAT'S FINAL!
I cannot fathom that they can't find a way to ACTUALLY do the 'inactive hours' thing.
And then there's the work computer. For the last two years, that has been a laptop that I shut down and take home every day. The common problem with that is that it always tells me it has to update when I want to shut down for the day because I have to go home. I can't leave the pc turned on in my bag, it would overheat. So since there is no option to shut down without updating anymore, I have had to rely on the fact that using the power button to shut down circumvents the update.
And if I don't remember to update at home, it's then going to waste my time the next morning at work.
Just give me the option to delay for a bit, then remind me NON-INTRUSIVELY so I can do it when I have the time.
And then there was the update that prevented the machine from booting and I had to waste TWO working days reinstalling EVERYTHING! And we were about 6-7 people hit by that update in our organization.
So yeah. Windows updates are a real fucking problem. Yes, I wan't critical fixes for security problems and other serious software flaws.
But the current policy of 'fuck you, we're doing this' is just not fucking acceptable in any way.3
Look, I get it. Wordpress sucks. It’s bloated. It’s slow. It’s not elegant. It’s a nightmare to debug and code for. The plugin ecosystem is an insecure, confusing mess of outdatedness and issues.
We can all agree that in a perfect world all power to determine everything about a website, from the code to the content, would be in our power as developers. But we don’t live in a perfect world. People want convenience, even at the cost of performance and security, and they will inevitably resent technologists who refuse to give it to them. We do ourselves and our customers a disservice when we only do what we feel is in our own best interests or preferences and not what will help them with their realities.
Yes, it sucks. Yes, it’s a pain. Yes, it’s in demand and there’s nothing any of us can do to change that.
And that’s all I have to say about that.5
I've noticed looking at the card exit of a building that most people a) just carry their laptop without putting it in the backpack because the carpark is a jump away anyway, b) that stickers on said laptops can leak your infrastructure
No idea what made me interested in that, but if you take the average of people's laptop stickers (sadly not everybody had their laptop or maybe even a laptop at all, so I've got just 20) - you could probably tell what tools and what services the company is running.
Could be a funny coincidence and I was able to verify later by googling their company, but it's an interesting non trackable way to know what services and tools need to be exploited/emulated to possibly gain access to some high security network.
I feel like somebody had to have a talk/presentation about this, so I wonder, had anybody else seen something like that? or how far could this actually go?5
MarSecOps: "Marketing Security Operations, the idea is that security is not just the realm of website developers or the IT department anymore, but rather the marketing department has an equal if not greater interest in, and even responsibility to security."
WHAT THE FUCKING FUCK? The marketing dimwits responsible for security? Whose IT competence ends at Powerpoint drivel?!
I LOLed so hard that I could have shat a cactus!8
A Rant that took my attention on MacRhumors forum.
I pre-calculated projected actual overall cost of owning my i5/5/256 Haswell Air, which I got for $1500.
After calculations, this machine would cost me about $3000 for 3 years of use.
(Apple Care, MS Office Business, Parallels, Thunderbolt adapter to HDMI, Case... and so on).
Yea... A lot of people think it's all about the laptop with Apple. nah... not at all. There's a reason Apple is gradually dropping the price of their laptops.
They are slowly moving to a razor and blade business model... which basically is exactly what it sounds like - you buy the razor which isn't too expensive, but you've got no choice but to buy expensive additional blades.
I doubt Apple is making much money from laptop sales alone... well definitely not as much as they were making 5 years or so ago (remember the original air was about $1800 for base model, and if i remember correctly - $1000 additional dollars to upgrade to 64GB SSD from the base HDD.
Yes, ONE THOUSAND DOLLARS FOR 64GB SSD!
Well, anyways, the point is that Apple no longer makes them BIG bucks from the laptop alone, but they still make good profits from upgrades. $300 to go to 512GB SSD from 256, $100 for 4GB extra ram, and $150 for a small bump in processor. They make good profits from these as well.
But that's not where they make mo money. It's once you buy the Macbook, they've got you trapped in their walled garden for life. Every single apple accessory is ridiculously overpriced (compared to market standards of similar-same products).
And Apple makes their own cables and ports. So you have to buy exclusively for Apple products. Every now and then they will change even their own ports and cables, so you have to buy more.
Software is exclusive. You have no choice but to buy what apple offers... or run windows/linux on your Mac.
This is a douche level move comparable to say Mircrosoft kept changing the usb port every 2-3 years, and have exclusive rights to sell the devices that plug in.
No, instead, Intel-Microsoft and them guys make ports and cables as universal as possible.
Can you imagine if USB3.0 was thinner and not backwards compatible with usb2.0 devices?
Well, if it belonged to Apple that's how it would be.
This is why I held out so long before buying an apple laptop. Sure, I had the ipod classic, ipod touch, and more recently iPad Retina... but never a laptop.
I was always against apple.
But I factored in the pros and cons, and I realized I needed to go OS X. I've been fudged by one virus or another during my years of Windows usage. Trojans, spywares. meh.
I needed a top-notch device that I can carry with me around the world and use for any task which is work related. I figured $3000 was a fair price to pay for it.
No, not $1500... but $3000. Also I 'm dead happy I don't have to worry about heat issues anymore. This is a masterpiece. $3000 for 3 years equals $1000 a year, fair price to pay for security, comfort, and most importantly - reliability. (of course awesome battery is superawesome).
Okay I'm going to stop ranting. I just wish people factored in additional costs from owning an a mac. Expenses don't end when you bring the machine home.
I'm not even going to mention how they utilize technology-push to get you to buy a Thunderbolt display, or now with the new Air - to get a time capsule (AC compatible).
It's all about the blades, with Apple. And once you go Mac, you likely won't go back... hence all the student discounts and benefits. They're baiting you to be a Mac user for life!
Apple Marketing is the ultimate.
Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D
1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?
2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?
3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?
4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?
5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.
6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).
7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?
8) Any other advice you can give :P ?12
Open source is poison, hoax and source of much troubles.
Even as I love OSS, and I use it a lot, when things go south, they go south terribly.
There was "security" updates in one OSS program I have been using, that accidentally prevented use cases which specifically affected me. I raised bug report, made issue and gave small repro for it.
One of the core developers acknowledges that yes, this is problem, and could be handled with few added options, which users of similar use case could use to keep things working. He then tags issue "needs help" and disappears.
After I have waited some time, I ask help how I could fix it myself, like how to setup proper dev environment for that tool. Asked it in their forums few days later, as issue didn't get any response. Then asked help in their slack, as forums didn't get any help.
Figured out how to get dev environment up, fix done (~4 lines changed, adding simple check for option enabled or not) and figured out how to test that this works.
I create pull request to project, checking their CONTRIBUTING and following instructions there. Then I wait. I wait two weeks, and then one of the core develors goes to add label "needs response from maintainer". That is now almost two weeks ago...
So, bug that appeared in October, and issue that was created October 8th, is still not fixed, even as there is fix in PR for 28 days this far.
And what really ticks me off? People who make statements like: "it is OSS, have you thought of contributing and fixing things yourself?" when we run into problems with open source software.
Making fix yourself ain't biggest problem... but getting it actually applied seems to be biggest roadblock. This kind of experiences doesn't really encourage me to spend time fixing bugs in OSS, time is often better spend changing to different tool, or making changes in my own workflow or going around problem some kludge way.
I try to get business starting, and based on OSS tools. But my decision is staggering, as I had also made decision to contribute back to OSS... but first experiences ain't that encouraging.
Currently, OSS feels like cancer.17
Honestly, school is useless for me as of right now. I know I should be well rounded and stuff, but do I honestly need to know the symptoms of cervix cancer while going into a tech career? My eyes have been set on tech for my whole life, ever since I left the womb, and I know that if I do switch careers, it'll be from comp sci to cyber security not from IT to med school...
I feel like I could really be devoting my time towards something better than writing a 5 page essay on a healthy food choice.
Every night I think to myself, "You know what, I'm going to lock myself in a room and write bash scripts all day" but then I wake up in the morning, and remember I have to take a quiz on reproductive systems, learn about the procedure of organ donations for driver's ed, write 2 paragraph definitions of vocab words, and read a book about communism.
The most useful thing I learned last year, was how to efficiently navigate the java API, and that's something you don't even learn, you just encounter it. Schools need to start having more specific specialties and stop enforcing knowledge of pointless topics.
I'm not saying to remove all core classes and stuff, I'm saying why waste space in our brains with something we won't use ever again? I get it, some people don't know what career they're looking for yet so you can't make them choose, but it honestly sucks some serious ass that I can't learn what I want to at school, and as a matter of fact, I can't even learn at home, because they're filling my schedule with pointless work because they feel that they have to fill our time somehow.
Point of this long ass rant is: Why lock yourself in a room and learn about something if it isn't something you want to learn about? The space in our brain is finite enough, why can't it be filled with things we're interested in rather than things that will only be used to get good grades in the future then overwritten with useful knowledge. Same thing with time. We have a very finite amount of time in a day, and now that I think of it, a lifetime. Why spend it on something that doesn't, and never will, make your life enjoyable?7
Just got a lovely update on Windows 10. It pops up on login and informs me of this great new browser called edge. Then it fucking takes over the screen and gives me one fucking option: "Get Started". I cannot escape, I cannot close the app, I cannot right click the app icon on the toolbar and close this POS. My only option is to fucking ctrl-alt-del and kill this piece of garbage. You also cannot uninstall this shit either. I even found a thread where the MS guy was trying to help them uninstall, but the end result is that you cannot on newer Windows 10. So I have this POS thing that keeps updating flash and other shit periodically that is nothing but a security hole. Now I never want to ever run this garbage.
The irony is this. I have read a lot of good things about Edge. I was considering it as an alternative to Chrome for specific use cases. Now I absolutely no longer want to run this fucktard pos software. This one experience has now tarnished any gains MS has in the browser arena. It is just more overbearing malware being pushed by assholes. Tech these days is defined by assholes. Apple is assholes, Google is bigger assholes, and MS is still the classic assholes.
Microsoft LET ME FUCKING JUST WORK! Is this not the pro version or what?
Fuck you edge and your pos os.
Now I feel better!
Edit: That was a rendition of the evil caption Kirk from episode 27.10
Deciding whether to stick to being a web developer, or switch to something else
(thinking more like rocket software, or something with security (but maybe sticking with web), or some other cool sh#t
I don't know yet, what I do know is even when I'm creating an erp system, I find it very unsatisfying
"I helped create the software on that rocket"
"that hospital uses the system I've helped to create"
Sounds a lot more satisfying than,
"that company uses my 'warehouse resources manager'/'webshop'/'planning system'
But then again I don't know, I now have a stable job, know what to do and know the language we use.1
I really wish I had worked somewhere that was hacked, so as to know how it was done, how it was found out, and what measures were taken, from the inside.
The problem is that I worked at a lot, and big places. We were never successfully attacked or hacked as far as I know. Was our security so good, that nobody succeeded? Or was it so bad, that we didn't even notice?
What makes free ssl "Unsuitable for e-commerce websites", Please read to end to see my view point.
Free Certificates are domain validation only which means they don't certify the identity of the website owner, they simply ensure a secure connection. Customers can't be sure of the integrity and trustworthiness of the website owner. If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer. It's important your customers trust your business is safe enough to hand over these details. To gain this trust, you need a certification of your authenticity, which you can only get with a (paid) Business Validation or Extended Validation SSL Certificates.
* "To gain this trust, you need a certification of your authenticity"
~ But isn't that just Domain Verification and other Extras, What justifies somebody or business's authenticity? Tax Id, Valid Address, Nobody is going to study the ssl cert to make sure that amazon.com is a valid business and has a tax Id.
* "domain validation only which means they don't certify the identity of the website owner,"
~ Wouldn't this just be the domain validation test that is required when using services like LetsEncrypt using Certbot etc, or are we referencing back to this idea that they look for a Valid Tax Id sort of thing?
* "If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer"
~ Why is the paid version going to do double encryption, is the CA going to run a monitoring tool to scan for intrusions like a IDS or IPS? (disregard the use of DNS Validation being in the picture)
Am I missing something, this just seems like well crafted text to get people to buy a cert, I could understand if the encryption was handled differently, Maybe if they checked the site for HSTS or HTTPs Redirect or even, They blocked wildcard SSL before and now with the paid its included, but overall it doesn't sound like anything special. Now I'm not just picking on namecheap because domain.com does the same.14
Have you ever gotten a task where you have to modify some existing code, and to get it to work the way it needs to you have to write some ugly ass code?
And I'm talking FUGLY ass code. The kind where every brain cell you have screams to refactor it all so that your code won't be so ugly and you can live with yourself. But you only wrote it that way because some numbnuts who was fired a year ago designed it that way, and left zero commentary or documentation on his reasoning ("sELf-dOcUmeNtiNg cOde, bRuH!").
It doesn't pose any sort of risk with regards to security or resource management or efficiency, or really even faulty logic. It just looks fucking awful, my brain can instantly see better ways to design it and I don't want history to tie my name to it.
But also the system is being gutted and retired within a matter of months, so maintenance won't even be a concern; and you know that you have a lot of other large tasks that need your attention too, and to refactor will ultimately prove to be a time sink.
I mean ultimately, I know what I need to do, but I guess it's a pride thing. Just makes me feel icky.2
I recently went to an office to open up a demat account
Manager: so your login and password will be sent to you and then once you login you'll be prompted to change the password
Me: *that's a good idea except that you're sending me the password which could be intercepted* ok
Manager: you'll also be asked to set a security question...
Me: *good step*
Manager: ...which you'll need to answer every time you want to login
Me: *lol what? Maybe that's good but kinda seems unnecessary. Instead you guys could have added two factor authentication* cool
Manager: after every month you'll have to change your password
Me : *nice* that's good
Manager: so what you can do change the password to something and then change it back to what it was. Also to remember it keep it something on your number or some date
Me: what? But why? If you suggest users to change it back to what it was then what is the point of making them change the password in the first place?
Manager: it's so that you don't have to remember so many different passwords
Me: but you don't even need to remember passwords, you can just use softwares like Kaspersky key manager where you can generate a password and use it. Also it's a bad practice if you suggest people who come here to open an account with such methods.
Manager: nothing happens, I'm myself doing that since past several years.
Me: *what a fucking buffoon* no, sir. Trust me that way it gets much easier to get access to your system/account. Also you shouldn't keep your passwords written down like that (there were some password written down on their whiteboard)
Manager: ....ok...so yeah you need sign on these papers and you'll be done
Me:(looking at his face...) Umm..ok4
Why the fuck is debit cards that don't need a PIN for transactions even a thing? What is so difficult to understand or implement in a two factor authentication? Like do these companies have meetings where some fucktard proposes removing a crucial security feature and the others just nod approval?6
So I went for a "special" interview to a company whose slogan is "experience certainty" (fresher, was hoping to get a role in cyber security/Linux sysadmin). Got shown what the "real" hiring process of an indian consultancy company is...
We were called because we cleared a rank of the coding competition which the company holds on a yearly basis, so its understood that we know how to code.
3 rounds; technical, managerial and HR...
Technical is where I knew that I was signing up for complete bullshit. The interviewer asks me to write and algo to generate a "number pyramid". Finished it in 7 minutes, 6-ish lines of (pseudo) code (which resembled python). As I explained the logic to the guy, he kept giving me this bewildered look, so I asked him what happened. He asks me about the simplest part of the logic, and proceeds to ask even dumber questions...
Ultimately I managed to get through his thick skull and answer some other nontechnical questions. He then asks if I have anything to ask him...
I ask him about what he does.
Him - " I am currently working on a project wherein the client is a big American bank as the technical lead "
Me (interest is cybersec) - "oh, then you must be knowing about the data protection and other security mechanisms (encryption, SSL, etc.)"
Him (bewildered look on face) - "no, I mostly handle the connectivity between the portal and data and the interface."
Me (disappointed) - "so, mostly DB, stuff?"
Him (smug and proud) - "yeup"
Gave him a link to my Github repo. Left the cabin. Proceeded to managerial interview (the stereotypical PM asshats)
Never did I think I'd be happy to not get a job offer...1
TLDR; WINE+me=system binaries gone. (HOWTHEFUCKDIDIDOTHAT) Kernel panic. Core program files gone. I'll never have it fixed right. Will backup, then install fedora tomorrow.
I really like games and I'm sure there are many of you who can relate. Imagine my perpetual pain, being on the job hunt, no money, and only my Linux laptop for games. (It's only Linux because of a stupid accident and a missing windows installation disk, partly explained in a previous rant). My stack of games my dad and I have played over the years, going back to populous and before, looked light enough for my laptop to run them smoothly. I wanted to see if I could get one to work. My eyes settled on simcity 4 and Sid Meier's railroad tycoon, 13 and 10 years old, respectively. Simcity didn't work as many times as I tried following online instructions. Disk 1 went fine. Disk 2 showed up as Disk 1. Didn't think much of it, so long as the computer could read the contents. I downloaded playonlinux as that could apparently do the complex stuff for me. Didn't work. I gave up with it after an hour and a half.
Next was railroads. Put the disk in aaaand it says SimCity disk 1 is in the tray. Fuck right off, thank you very much. Eject, put back, reject, eject, fiddle in wineconfig, eject, more of this, and voilà it read as railroads :) Ran autoplay.exe with wine, followed instructions, installed it, and it worked! Chose single player, then the map and setting, pressed play, and all the models of the buildings and track were floating in the air over a green plane, the UI is weird and the map doesn't represent anything but trains. All the fkin land is gone, laying track is gonna be a ballache.
I quit it and decided bedtime.
sudo shutdown -h now
shutdown not found.
reboot not found
Nope, I don't like this.
Force choked my laptop by the power button. Turned it on again.
Lines of text appear.
Saw a phrase I've only ever seen on Mr Robot.
Nooooo thanks, not today, this is fiction.
I turned it off and on. Same thing. I read the logs and some init files couldn't be found. I got the memory stick I used to install mint in the first place and booted from that. I checked the difference between my stick's bin and sbin and the laptop's, and it was indeed missing binaries. Fuck knows what else has happened, I only wanted to play games but now I don't know what is or isn't in my computer. How can I trust what's on it now?
I go downstairs and tell my dad. He says something about rpm, but this is Linux so it won't work. I learn that binaries can be copied over, so maybe I can fix it.
Go upstairs again, decide not to fix it. Fedora is light, has a good rep for security, and is even more difficult to get games on, which is my vice. There are more reasons, but the overriding one is that I'm spooked by the fact that something I did went into and removed system binaries, maybe even altered others, so I want something I'm less likely to do that with. Also my fellow cs students used to hate on it but my dad uses and recommended it so I want to try it.
Also, seriously, fuck wine/PlayOnLinux/my inability to follow instructions(?)/whatever demons haunt me. Take your pick, at least one if not more is to blame and I can't tell which, but it's prooooobably the third one.
It's going to be 16 hours before I touch my laptop again, comments before I backup then install fedora are welcome, especially if they persuade me to do differently.
P.S thanks for reading this mind dump of a post, I'm writing while it's fresh but I'm tired AF.6
Note: In this rant I will ask for advices, and confess some sins. I will tell my personal story- it will be long.
So basically it has been almost 2 years since I first entered the world of software development. It has been the biggest and most important quest of my life so far, but yet I feel like I missed a lot of my objectives, and lots of stuff did not go the way I wanted them to be, and it makes feel frustrated and it lowered my self esteem greatly. I feel confused and a bit depressed, and don't know what to do.
I'll start: I'm 23 years old. 2 years ago I was still a soldier(where I live there is a forced conscription law) in a sysadmin/security role. I grew tired of the ops world and got drawn more and more into programming. A tremendous passion became to burn in me, as I began to write small programs in Python and shell scripts. I wanted to level up more seriously so I started reading programming books and got myself into a 10 month Java course.
In the meanwhile I got released from army duty and got a job as a security sysadmin at a large local telco company. Job was boring and unchallenging but it payed well. I had worked there for 1 year and at the same time learned more and more stuff from 2 best friends who have been freelance developers for years. I have learned how to build full-stack mobile apps and some webdev, mainly Android and Node.js. However because I was very inexperienced and lacked discipline, all of my side projects failed horribly, and all attempts to work with my experienced friends have failed too- I feel they lost a lot of trust for me(they don't say it, but I feel it, maybe I'm wrong).
I began to realise I had to leave this job and seek a developer job in order to get better, and my wish came true 6 months ago when I finally got accepted into a startup as a fullstack webdev, for a bit lower wage but I felt it was worth it. I was overjoyed.
But now my old problems did not end, they just changed. My new job is a thousand times harder and more intensive than the old one. I feel like it sucks all the energy and motivation that was still left in me, and I have learned almost nothing in my free time, returning home exhausted. My bosses are not impressed from my work despite me being pretty junior level, and I feel like I'm in a vicious cycle that keeps me from advancing my abilities. My developer friends I mentioned earlier have jobs like I do and still manage to develop very impressive side projects and even make a nice sum of money from them, while I can't even concetrate on stupid toy projects and learning.
I don't know why It is like this. I feel pathetic and ashamed of my developer sins and lack of discipline. During that time I also gained some weight that I'm trying t lose now... I know not all of it is my fault but it makes me feel like crap.
Sorry for the long story. I just feel I need to spill it out and hope to get some advices from you guys who may or may not have similar experiences. Thanks in advance for reading this.2
My new employer is giving me the option to learn whatever I want. I’m doing procurement and Sharepoint and some other things, covering on the help desk, and some graphic design work. I have a bit of free time though and want to try something new!
We have the following teams: networks, development, security, and help desk. What should I ask to do next?
I’m learning SQL and have also been given the opportunity to do some of that work once I am ready.
Note: I know that it’s my preference what I do, I just don’t even know where to begin!3
Disclaimer: This is all theoretical. Neither me nor my friend (with whom I discussed this) are stupid enough to even try to pursue this, but as an idea, i believe it might generate cool/new ideas/ways for handling secure communications across social groups.
Let's do some role play. Let's design a delivery app for drug dealers, think Seamless or Uber Eats, but for drugs. Not for big deliveries, like kilograms of coke, but smaller stuff. Maybe a few grams of it or something. The clients could rate dealers, and vide-versa. This would build a level of trust within the system. There would be no names, just anonymous reviews, ratings, and prices. Only the info you'd need to know.
The biggest (only?) problem we found (besides legality) was that, how would you prove that you're a client and not a snitch (or cop). This would have to somehow be handled both on signup, as well as when ordering (let's imagine that all who are clients are pure and won't ever snitch).
One of the ways we found to combat this was to have the app invite-only. This would, in theory, do away with the problem of having snitches signing up. However, what if the phone got stolen/breached by a snitch, and they also got full access to the account. One way we thought we could combat this would be with a "dispose number" or something similar. Basically, you call a number, or send a text, or message a Signal bot etc, which would lead to the account's instant termination, no traces of that user left. Hence, a dispose number.
The flow of the app would be as follows:
A client wants some amount of heroin. He opens the app, searches for a dealer, sends the him the desired amount, and in return gets back a price from the dealer. If both parties agree on the amount and price, the deal would start.
The app would then select a random time (taken from the client's selected timeframe and the dealer's "open" time) and a location (within a certain radius of both them, somewhere in between them both for convenience). If both of them accept the time and place, they'll have to meet up at said time and place.
The actual delivery could also be done using two dead drops - the client drops the money at one of them, the dealer drops the goods at the other one. Yes, this might be subject to abuse, but it wouldn't be that bad. I doubt that clients would make huge orders to unknown/badly rated dealers, as well as dealers accepting offers from badly rated clients. My idea is that they would start small, just so if they do lose their money/goods, the actual loss wouldn't be as big for them, but for the other party, having bad ratings would mean less clients willing to buy or dealers willing to sell.
A third way would be to use crypto, but the reason I left this as the last one is because it's not that wide-spread yet, at least not in local drug dealing. With this method, the client would initiate the order, the crypto would be sent to either the dealer or an escrow account, the dealer would then drop the goods at a random place and let the client know where to go to get them. After the client has gotten the goods, they could both review/rate the quality as well as the overall experience with that dealer, which would either make or break the dealer's upcoming deals. This would be pretty much like other DNM's, but on a local scale, making deliveries faster.
So far, this would seem like something that would work. Are there any ideas that might improve this? Anything that might make things more secure/anonymous?
My reason for this post is to spark a conversation about security and anonymity, not to endorse drugs or other illegal stuff.
PS. Really loving the new PC design of devRant14
Magento Debugging Horror!
Changing lots of things in magento with no problem. Continuing development for quite sometime. Suddenly decide to clear cache to see affect of a change on a template in frontent. Suddenly magento crashes! There's no error message. No exception log. No log in any file anywhere on the disk. All that happens is that magento suddenly returns you to the home page!
Reverting all the changes to the template. Clear the cache. Nope! Still the same! Why? Because the problem has happened somewhere in your code. Magento just didn't face it, because it was using an older version of your code. How? Because magento 2 even caches code! Not the php opcache. Don't get me wrong. It has it's own cache for code, in a folder called generated. Now that you cleared all the caches including this folder, you just realized that, somewhere something is wrong. But there is no way for you to know where as there is absolutely no exception logged anywhere!
So you debug the code, from index.php, down to the deepest levels of hell. In a normal php code, once the exception happens, you should see the control jumps to an exception handler, there, you can see the exception object and its call stack in your debugger. But that's not the case with magento.
Your debugger suddenly jumps to a function named:
That's all. No exception object. No call stack. No way to figure out why it failed. So you decide to debug into each and every step to figure out where it crashes. The way magento renders response to each request is that, it calls a plugin, which calls a plugin loop, which calls another plugin, which calls a list of plugins, which calls a plugin loop, which calls another plugin.....
And if in each step, just by accident, instead of step through, you use the step over command of your debugger, the crash happens suddenly and you end up with the same freaking write_close() function with no idea what went wrong and where the error happened! You spend a whole day, to figure out, that this is actually a bug in core of magento, they simply introduced after your recent update of magento core to the latest STABLE version!!! It was not your mistake. They ruined their own code for the thousandth of time. You just didn't notice it, because as I said, you didn't clear the `generated` folder, therefore using an older version of everything!
Now that after spending 7 hours figuring out what has failed with absolutely no standard way of debugging and within a spaghetti of GOTO commands (Magento calls them plugin), why not report it to github? So you report it with a pull request. This also takes 1 hour of your time. Just to next day get informed that your pull request is rejected because another person already fixed the bug and made the same pull request. It was just not on the latest stable version yet!
So you decide to avoid updating magento as much as possible. Because you know that the next Stable version will make your life and career unstable. But then the customer complains that the Admin Panel is warning him of using old Magento version which might pose SECURITY THREATS!
I want to switch over to Linux again, Windows just annoys me a lot lately. Thing is, I don't know what distro I wanna use yet.
I want one that is:
0. Security focused, so encryption, VPN and so on. (I know software could do the job, but would be nice if it comes with the OS)
1. Not hard to configure, but I should be able to configure it more when I want to.
2. Not too ulgy looking.
I have a little bit of experience with Linux, but I'm not even close a professional.
Looking forward to your suggestions!12
My work product: Or why I learned to get twitchy around Java...
I maintain a Java based test system, that tests a raster image processor. The client is a Java swing project that contains CORBA bindings to the internal API of the raster image processor. It also has custom written UI elements and duplicated functionality that became available in later versions of Java, but because some of the third party tools we use don't work with later versions of Java for some reason, it's not possible to upgrade Java to gain things as simple as recursive directory deletion, yes the version of Java we have to use does not support something as simple as that and custom code had to be written to support it.
Because of the requirement to build the API bindings along with the client the whole application must be built with the raster image processor build chain, which is a heavily customised jam build system. So an ant task calls out to execute a jam task and jam does about 90% of the heavy lifting.
In addition to the Java code there's code for interpreting PostScript files, as these can be used to alter the behaviour of the raster image processor during testing.
The server isn't much better though. It's a tomcat based application that was written by someone who had never built a tomcat application before, or any web application for that matter and uses raw SQL strings instead of an orm, it doesn't use MVC in any way, and insane amount of functionality is dumped into the jsp files.
It too interacts with a raster image processor to create difference masks of the output, running PostScript as needed. It spawns off multiple threads and can spend days processing hundreds of gigabytes of image output (depending on the size of the tests).
We're stuck on Tomcat seven because we can't upgrade beyond Java 6, which brings a whole manner of security issues, but that eager little Java updated will break the tool chain if it gets its way.
Between these two components we have the Java RMI server (sometimes) working to help generate image data on the client side before all images are pulled across a UNC network path onto the server that processes test jobs (in PDF format), by reading into the xref table of said PDF, finding the embedded image data (for our server consumed test files are just flate encoded TIFF files wrapped around just enough PDF to make them valid) and uses a tool to create a difference mask of two images.
This tool is very error prone, it can't difference images of different sizes, colour spaces, orientations or pixel depths, but it's the best we have.
The tool is installed in both the client and server if the client can generate images it'll query from the server which ones it needs to and if it can't the server will use the tool itself.
Our shells have custom profiles for linking to a whole manner of third party tools and libraries, including a link to visual studio 2005 (more indirectly related build dependencies), the whole profile has to ensure that absolutely no operating system pollution gets into the shell, most of our apps are installed in our home directories and we have to ensure our paths are correct for every single application we add.
And... Fucking and!
Most of the tools are stored as source bundles in a version control system... Not got or mercurial, not perforce or svn, not even CVS... They use a custom built version control system that is built on top of RCS, it keeps a central database of locked files (using soft and hard locks along with write protecting the files in the file system) to ensure users can't get merge conflicts by preventing other users from writing to the files at all.
Branching is heavy weight and can take the best part of a day to create a new branch and populate the history.
Gathering the tools alone to build the Dev environment to build my project takes the best part of a week.
What should be a joy come hardware refresh year becomes a curse ("Well fuck, now I loose a week spending it setting up the Dev environment on ANOTHER machine").
Needless to say, I enjoy NOT working with Java. A lot of this isn't Javas fault, but there's a lot of things that Java (specifically the Java 6 version we're stuck on) does not make easy.
This is why I prefer to build my web apps in python or node, hell, I'd even take Lua... Just... Compiling web pages into executable Java classes, why? I mean I understand the implementation of how this happens, but why did my predecessor have to choose this? Why?2
I can't believe companies fucking do this! If your users PIIs gets fucking leaked or the security is breached in any god-damned way it's YOUR FUCKING JOB to let the affected users know! 57 million users got affected! What the fucking fuck? I think they should pass proper laws where companies have to tell the victims about breaches, especially when it's at a such a huge scale. I get it that it's wasn't under Uber but some third party; but even so Uber should have talked about the level of security in their SLAs and maybe performed regular audits.
This is ridiculous!
Just dropping some current experience here.
Content security policies are big mess in both chrome and firefox.
Chrome has some 4 years old "bug" where you can't add hash of JS file to 'style-src' policy to permit inline-styles THAT would be set by this script (jQuery actually).
Firefox is beautifully unhelpful, it just pops of error "blocked ..something..", not even saying what it was.
And I am missing a pair of some steel balls to ask about this on SO because there is this much of very similar questions, nonetheless -if I did read them right- every one of them is talking about enabling style attribute, and that's something different.
EDIT2: Chrome currently generates 138 errors "jquery-3.4.0.min.js:2 Refused to apply inline style..." , this ain't hitting production.10
Two friends (doing part time degree in Digital System Security awarded by a pretty well known Aussie Uni) hired me to do their final year project.
I was like "Sure,extra money + a project to apply my newly learned laravel skills". So,I quoted them a certain price for the whole project. Remember,even after I started the project, they have no clear vision. Both of them are like "Sure,man whatever is easier for you". And the system at their uni is that they need to meet with their project supervisor every 2 weeks. If the supervisor wanted to change sth,they relay it to me and I need to add/modify...so the same process has been going on for about 2 months. I was expecting to finish the project within the first month but now they keep requesting.. What I've charged was for their supposedly version 1.
So my mistakes here -
Working with friend/ not setting a line between work and friendship.
Charging by the whole project(without even really knowing what the customers are expecting) should have charged hourly rate.
The good thing here is that I was thinking about going for a part time degree(still thinking about it) previously it was 100% now it's only 50-50
I've been programming for 15 years now or more if I count my years I programmed as a hobby. I'm mostly self learned. I'm working in an environment of a few developers and at least the same amount of other people (managers, sales, etc). We are creating Magento stores for middle sized businesses. The dev team is pretty good, I think.
But I'm struggling with management a lot. They are deciding on issues without asking us or even if I was asked about something and the answer was not what they expect, they ask the next developer below me. They do this all the way to Junior. A small example would be "lets create a testing site outside of deployment process on the server". Now if I do this, that site will never be updated and pose a security risk on the server for eternity because they would forget about it in a week. Adding it to our deployment process would take the same time and the testing site would benefit from security patches, quick deployment without logging in to the server, etc. Then the manager just disappears after hearing this from me. On slack, I get a question in 30 minutes from a remote developer about how to create an SSH user for a new site outside of deployment. I tell him the same. Then the junior gets called upstairs and ending up doing the job: no deployment, just plain SSH (SFTP) and manually creating the database. I end up doing it but He is "learning" how to do it.
An other example would be a day I was asked what is my opinion about Wordpress. We don't have any experience with Wordpress, I worked with Drupal before and when I look at a Wordpress codebase, I'm getting brain damage. They said Ok. The next day, comes the announcement that the boss decided to use Wordpress for our new agency website. For his own health and safety, I took the day off. At the end, the manager ended up hiring an indian developer who did a moderately fair job. No HiDPI sprites, no fancy SASS, just plain old CSS and a simple template. Lightyears worse than the site it was about to replace. But it did replace the old site, so now I have to look at it and identify myself part of the team. Best thing? We are now offering Wordpress development.
An other example is "lets do a quick order grid". This meant to be a table where the customer can enter SKU and quantity and they can theoretically order faster if they know the SKU already. It's a B2B solution. No one uses it. We have it for 2 sites now and in analytics, we have 5 page hits within 3 years on a site that's receiving 1000 users daily... Mostly our testing and the client looked at it. And no orders. I mean none, 0. I presented a well formatted study with screenshots from Analytics when I saw a proposal to a client to do this again. Guess what happened? Someone else from the team got the job to implement it. Happy client? No. They are questioning why no one is using it.
What would you do as a senior developer?
- Just serve notice and quit
- Try to talk to the boss (I don't see how it would work)
- Just don't give a shit1
"Dear TitanLannister : You are in the final year. A lot of shit is happening around u. its now time to make a career and take tough decisions. What would you do?"
CHOICE 1: COMPETITIVE
>>>>background : "a lot of super companies like wallmart, fb, amazon, ms, google,.. etc simply takes a straight coding test for fresher placement. They ask tough bad ass level questions, but with right guidance, a hell ton of dedicated hours of coding, and making it to the top of various coding tests could make you a potential candidate"
>>>>+ve points :
- "You got the teachers and professionals with great experience to guide you"
- "a dream job come true.you can go there and join teams that interests you"
- "it was your first exposure to computer world. maybe you would like doing it again, after 4 years"
>>>> -ve points:
- "You have always been an average 70 percentile guy. The task requires 2000-3000 hours of coding an year. it will be hard and you always grow bored out of this pretty quickly"
- "Even If you did that , you stand a lesser chance because your maths is shitty.There are millions running in this race with brains faster than your IDE"
- "your college will riot with you because they expect 75% attendance"
- "You are virtually out of college placements, in which , even though shitty companies come and offer even shittier 4LPA packages($6000 per annum), would take a tough logical/aptitude based test for which you won't be able to prepare"
CHOICE 2: PROFESSIONAL WORK
>>>>background: "you always wanted to create something , and therefore you started taking android based courses. you have been doing android for over 2 years and today you know a lot of things in android. you might be good in other professional lines like web dev, data analytics, ml,ai, etc too if you give time to that"
>>>>+ve points :
- "you will love doing this, you always did"
- "With the support of a good team, you will always be able to complete tasks and build new things quickly"
- "Start ups might offer you the placement, they always need students with some good exposure"
>>>>-ve points :
- "Every established company which provides interesting dev work takes their first round as coding, and do not considers your extra curricular dev work. So you are placing your all hopes in 1 good start up with super offerings that would somehow be amazed by your average profile and offer you a position"
- "start ups are well, startups and may not offer a job security as strong as est. companies"
- "You are probably not as awesome dev as you think you are. for 2 years, you have only learned the concepts , and not launched more than 1 shitty app and a few open source work"
CHOICE 3: NON CODING
>>>>background: "companies coming in college placements have 1-2 rounds of aptitude,logical reasoning , analysis based questions and other non tech tests. There are also online tests available like elitmus,AMCAT, etc which, when cleared with good marks help receive placements from decent established companies like TCS, infosys, accenture,etc"
>>>>+ve points :
- "you will eventually get placed from college, or online tests"
- "there will be a job security, as most of these companies bonds the person for 2-3 years"
>>>> -ve points:
- "You really don't like this. These companies are low profile consultant/services based companies which would put you in any area: from testing to sales, and job offers are again $5000-6000 per annum at max"
- "Since it includes college, the other factors like your average cgpa and 1 backlog will play an opposing role"
- "Again, you are a 70 percentile avg guy. who knows you might not able to crack even these simple tests"
Ugh... I am fucking confused. Please be me, and help.The things that i wrote about myself are true, but the things that i assumed about super companies, start ups or low profile companies might not be correct, these points comes from my limited knowledge ,terrified and confused brain, after all.
Some of my previous rants mention a web application that I wrote for my then-employer. As it is still in use and I have the whole code, too, I figured to check on security a little with a friend. It's all fine, except for one page, were I was sloppy and didn't escape strings, thus allowing for SQL injection.
This is however only possible if already logged in, which has shown to be secure (and the tool is for employees only).
Nobody is ever going to find out, as the only one who knew what injection even is was me. I left 2 years ago.
Things that annoy me about my current place:
1 - Only 3 people out of a team of 12 developers are allowed to purge akamai, or merge pull requests to master on any of our 200+ websites. Apparently this is because us contractors are not allowed because the permanent employees have to be accountable for the code.
Despite this, no-one actually reads the code. You just throw up a request in the slack channel and boom, instantly 30 seconds later someone approves it, even if its 500+ lines of code.
2 - I've pushed for us to move to agile instead of waterfall, and got declined (which is fine), but the reasoning was that the dev team are not 'mature enough' to work that way. Half the devs here have 5+ years of experience so I don't get the problem here.
What is your thoughts on these above points?
Am I too narrow minded or is the development manager clueless?1
I like the people I work with although they are very shit, I get paid a lot and I mostly enjoy the company but..
Our scrum implementation is incredibly fucked so much so that it is not even close to scrum but our scrum master doesn't know scrum and no one else cares so we do everything fucked.
Our prs are roughly 60 file hangers at a time, we only complete 50% of our work each sprint because the stories are so fucked up, we have no testers at all, team lead insists on creating sql table designs but doesn't understand normalisation so our tables often hold 3 or 4 sets of data types just jammed in.
Our software sits broken for months on end until someone notices (pre release), our architecture is garbage or practically non existent. Our front end apps that only I know the technology have approaches dictated by team lead that has no clue of the language or framework.
Our front end app is now about 50% tech debt because project management is so ineffectual and approaches are constantly changing. For instance we used to use view models for domain transfer objects... Now we use database entities, so there is no commonality between models but the system used to have shared features relying on that..sour roles and permissions are fucked since a role is a page regardless of the pages functionality so there is no ability to toggle features, but even though I know the design is fucked I still had to implement after hours of trying to convince team lead of it. Fast forward a few months and it's a huge cluster fuck to enforce.
We have no automated testing of any sort or manual testing in place.
I know of a few security vulnerabilities I can nuke our databases with but it got ignored.
Pr reviews are obviously a nightmare since they're so big.
I just tried to talk to scrum master again about story creation since any story involving front end ui as an aspect of it is crammed in under one pointed story as sub tasks, essentially throwing away any ability to calculate velocity. Been here a year now and the scrum master doesn't know what I mean by velocity... Her entire job is scrum master.
So anyway I am thinking about leaving because I like being a developer and it is slowly making me give up on doing things to a high standard and I have no chance of improving things, but at the same time the pay is great and I like the people.
I was hoping it would be possible in a big international company to work (as a software developer) on my own laptop (MacBook Pro) - cause of better parameters = better performance = better efficiency. After I got hired, I was told that it is not possible to bring my own laptop. So I was given an old DELL laptop with Windows + a lot of security stuff in it from the company. The poor DELL is so slow - that even a single commit into the branch takes about 2 minutes because of the security stuff : -O ...I am soooo disappointed... :[ .... On the other hand, by working at home on my MacBook in compare with that DELL I feel about it like I work with some super ultra alien technology from the future :D what a feeling <35
Im always trying to learn new things. Im passionate about learning new things, especially development. So much i started a small collaboration group of developers and slack group to collaborate new projects/ideas,get to know new people, and just to learn new things from each other. The group is not language specific developers only, but mostly consists of PHP/Laravel developers at the moment, so im always trying to grow that network as much as possible, so if you would like to join my network to collaborate new ideas or to just even talk to some cool cats, ill send you an invite any day. Anyways, back to my original reason for this post. Im mid level developer who considers himself pretty knowledgeable in PHP and Laravel. Im curious to what other developers use to learn new things. Im constantly questioning my skillset and compare myself to senior developers who always blow me away with their knowledge which often makes me feel like i dont know enough. Currently I use resources such as:
-digital ocean articles or any textbook that wont cost me an arm and a leg lol
I mean i just want to learn about tech related stuff always but currently interested in learning specifically about development topics such as:
- Server administration because i would consider this my weakest skill set (things like provisioning,nginx/security, deployment)
- Continous Integration (as ive never been at a job that practices it)
- RESTful APIs(as ive never developed one)
and so much more but i wont waste your time with my never ending list. What resources/tools do you guys use for your learning?6
So I'm sitting here trying to bodge my way through a member system. These fucknuts really made a bad system..
The task: Export a list of users and their info.
Is there an API available? No, who the fuck would need that shit, even tho the system is built upon Odoo, which has an API!
But it has an export function, you just have to log in and press the right sequence of buttons, because you need the running ID...
Here I discovered the first of many security flaws... "What happens if I post the wrong ID?"... Well, I get access to a file that has nothing to do with me or my users.... What?
Well after some fiddling It works, but holy fuck I found a lot of bugs. And this is a system that is launching in 7 days for us.. Some users have been on it for a year....
How can they ship this bad a product? There's absolute no documentation only a 15-page manual. Guess they don't want developers to develop shit that works in junction with theirs.1
all this talk of australian crypto laws got me thinking. here's a hypothetical (this might get a little complicated):
for the sake of the security facade, the government decides to not ban encryption outright. BUT they decide that all crypto will use the same key. therefore you can not directly read encrypted things, but it's not really encrypted anymore is it?
part two: there's a concept called chicken sexing, named after people who determine the sex of baby chicks. male chicks are pretty useless and expensive to keep alive, so they are eaten. female chicks go on to lay eggs, so ideally, from a financial standpoint, you only raise hens to maturity. this is nearly impossible to discern early on so at first you're just straight up guessing. is this one female? sure? that one? no? really 50/50. BUT if you have a skilled chicken sexer looking over your shoulder, saying right or wrong, then eventually you get better. why? nobody knows. they can't explain it. nobody can. you just sort of "know" when it's female or not. some people can do 1000s of chicks/hr with success up to 98% but nobody can explain how to tell them apart.
part three. final part:
after years, even decades of using this encryption with only one key, I wonder if people (even if only people who are regularly exposed to crypto like NSA analysts or cryptographers) can ever learn to understand it. in the same way as above. you don't know exactly what it says. or how you know it. you didn't run an algorithm in your head or decrypt it. but somehow you get the gist.
28464e294af01d1845bcd21 roughly translates to "just bought a PS5! WOOT!" or even just pick out details. PS5. excited. bought.
but how do you know that? idk. just do.
oh what a creepy future it has become.8
I hate it when I fuck up an update and don't realize it until the next morning.
Did an update last night. Had a large amount of bugs that I had to fix. Some caused by me not testing all the way, some caused by some other guys doing maintenance last night and me not knowing about it.
Woke up to a text from my boss asking if I even tested the program last night. Yeah, I just made sure it loaded after the nightmare amount of bugs I had. I just missed a portion of the program. So I fixed the portion of the program and then he asked me to roll the program back and try again tonight.
What makes this even better is I was really hoping for this to go smoothly. I'm also doing another program release and its going really fucking badly too, security is fucking the shit out of me. My peer review is Monday. I haven't gotten a raise in a year and a half since I started at this company and I was going to ask for one. But this kind of dashes my confidence on the rocks.4
Just what is life
1st I love developing Web Apps
2nd I hate when it has bugs (Always does Everyone does)
3rd More hate for Security related bugs
So I started bug hunting so that even I can make developers hurt I thought I might find peace here
But here we fucking have SQL Injections which are not really that bad easy peasy
But we also have special kind of SQL Injections the Boolean Based ones (Medium Level Demons) and also The Time Based SQL Injections (Medium Level Demon with lots of health consumes too much time has a repetitive process and we have to wait a lot also if you have network lag you are doomed)
No its nice story till here but here it fucking ends the happiness I mean my luck is worst kind of fucking thing anybody ever can have.
I got a mix of both Demons;_;
A Time-Based Boolean SQL Injections yess fuckety amounts of fucking time wasted and redundant fucking process also to make matters worst the fucking famous tool #SQLMAP doesn't work in my case
What we will miss, if he really softens:
In fact, if the reason is stated as "it makes debugging easier", then I fart in your general
direction and call your mother a hamster.
In short: just say NO TO DRUGS, and maybe you won't end up like the Hurd people.
Of course, I'd also suggest that whoever was the genius who thought it was a good idea to read things ONE F*CKING BYTE AT A TIME with system calls for each byte should be retroactively aborted. Who the f*ck does idiotic things like that? How did they not die as babies, considering
that they were likely too stupid to find a tit to suck on?
Gnome seems to be developed by interface nazis, where consistently the excuse for not doing something is not "it's too complicated to do", but "it would confuse users".
I think the stupidity of your post just snuffed out everything
I think the OpenBSD crowd is a bunch of masturbating monkeys, in that they make such a big deal about concentrating on security to the
point where they pretty much admit that nothing else matters to them.
That is either genius, or a seriously diseased mind. - I can't quite tell which.
Christ, people. Learn C, instead of just stringing random characters together until it compiles (with warnings).
"and anybody who thinks that the above is
(b) efficient (even with the magical compiler support)
(c) particularly safe
is just incompetent and out to lunch.
The above code is sh*t, and it generates shit code. It looks bad, and
there's no reason for it."
Well thanks a lot for the clarification of WHY I cannot sync my work (Office 365) mail using the mail client in Windows 10!
It's not that it's wrong; it's (probably) very much correct.
It's not that it's not precise; I don't think it could be anymore precise than a data dump like that.
It's not that trying to help me solve the problems; I'm sure it is.
But now that I have all the (debug) info about the security policies in place it would be great if it would show what violated which policy and maybe even what they mean and how to fix it?
The most concrete to go by is the error code, and judging by a google that has meant "your mail has problems" for at least three years...
...not even a single link was found to the (only) page detailing content, possible values, and dependencies between policies.
Once again the department head fucks up my degree plan!
I'm getting my associates degree in Cyber Security. So we have to take networking courses and what not. So my institution recently became a Cisco certified teaching establishment or something along the lines of that.
The department head said that everyone who was enrolled in classes before the upcoming fall semester would have to take the new Cisco networking classes and not switch to the new degree plan. (We would take 3 Cisco classes instead of the new degree plan which is 5 or 6) so we planned and register for those classes.
Now he comes back and says we don't have to take those new classes. So it just fucks up the whole shit.
Switching to the new degree plan would add like 3 semesters to my total semester count and I'm supposed to graduate. August 2018
Fuck this new shit. Even tho I need Cisco.
I plan on taking The Cisco classes after I graduate with my associates degree while I'm going to a university for a dual degree in Software Engineering and Cyber Security
Looking for help starting with DevOps.
Does anyone know of a site or forum where you can talk about general coding/scripting patterns rather than just asking specific questions?
Bear with me, this may be a bit longer than most posts here.
I'm a self-taught admin/tech working with one colleague (who's also mostly self taught) at a high school, managing both clients and servers.
We've been doing most things manually bit I'm looking into converting as much work as possible into more of a DevOps setup, with Powershell-scripts for multi step tasks.
I want to do this for a number of reasons. Having a script doing a number of steps would cut down on time spent on individual tasks and minimize the risk that a step is missed or, perhaps even worse, mistyped. Also it's important that I actually learn what I'm doing, why something works and why something fails.
As and example, I have a powershell-script which moves a student from one year to another (basically they have user names with a two-digit prefix based on the year they started and a suffix with two letters from their first names and four from their last names) if they need to repeat a grade.
It basically renames the account in the AD with the correct year-prefix, changes the samAccountName, renames Home and Profile-directories on disk and changes paths on the profile-tab in AD, moves the user into a new OU and security group etc.
It works as intended if the user account to be renamed exists and there's no name conflict with the new name. But I'd like for the script to validate that there's no problem with user names, source and target security groups and OUs etc. and eventually split the script up into smaller clearly defined functions for better readability.
However, I don't want someone to just write the script for me, I'd prefer to be able to discuss script flow and come to my own conclusions and solutions.1
I’m currently in school and halfway done my bachelors in SE and I need a PT job.
I used to work as a server and security guard, but I want to do something PT that’s somewhat related to dev. My focus is game programming and most game studios generally take only full timers.
What are some industries in the dev field that can be good to work in on a part time basis? Any tools/languages I should pick up?
Or even better - something that I could do on a PT basis related to dev from home?