3 rants for the price of 1, isn't that a great deal!

1. HP, you braindead fucking morons!!!

So recently I disassembled this HP laptop of mine to unfuck it at the hardware level. Some issues with the hinge that I had to solve. So I had to disassemble not only the bottom of the laptop but also the display panel itself. Turns out that HP - being the certified enganeers they are - made the following fuckups, with probably many more that I didn't even notice yet.

- They used fucking glue to ensure that the bottom of the display frame stays connected to the panel. Cheap solution to what should've been "MAKE A FUCKING DECENT FRAME?!" but a royal pain in the ass to disassemble. Luckily I was careful and didn't damage the panel, but the chance of that happening was most certainly nonzero.
- They connected the ribbon cables for the keyboard in such a way that you have to reach all the way into the spacing between the keyboard and the motherboard to connect the bloody things. And some extra spacing on the ribbon cables to enable servicing with some room for actually connecting the bloody things easily.. as Carlos Mantos would say it - M-m-M, nonoNO!!!
- Oh and let's not forget an old flaw that I noticed ages ago in this turd. The CPU goes straight to 70°C during boot-up but turning on the fan.. again, M-m-M, nonoNO!!! Let's just get the bloody thing to overheat, freeze completely and force the user to power cycle the machine, right? That's gonna be a great way to make them satisfied, RIGHT?! NO MOTHERFUCKERS, AND I WILL DISCONNECT THE DATA LINES OF THIS FUCKING THING TO MAKE IT SPIN ALL THE TIME, AS IT SHOULD!!! Certified fucking braindead abominations of engineers!!!

Oh and not only that, this laptop is outperformed by a Raspberry Pi 3B in performance, thermals, price and product quality.. A FUCKING SINGLE BOARD COMPUTER!!! Isn't that a great joke. Someone here mentioned earlier that HP and Acer seem to have been competing for a long time to make the shittiest products possible, and boy they fucking do. If there's anything that makes both of those shitcompanies remarkable, that'd be it.

2. If I want to conduct a pentest, I don't want to have to relearn the bloody tool!

Recently I did a Burp Suite test to see how the devRant web app logs in, but due to my Burp Suite being the community edition, I couldn't save it. Fucking amazing, thanks PortSwigger! And I couldn't recreate the results anymore due to what I think is a change in the web app. But I'll get back to that later.

So I fired up bettercap (which works at lower network layers and can conduct ARP poisoning and DNS cache poisoning) with the intent to ARP poison my phone and get the results straight from the devRant Android app. I haven't used this tool since around 2017 due to the fact that I kinda lost interest in offensive security. When I fired it up again a few days ago in my PTbox (which is a VM somewhere else on the network) and today again in my newly recovered HP laptop, I noticed that both hosts now have an updated version of bettercap, in which the options completely changed. It's now got different command-line switches and some interactive mode. Needless to say, I have no idea how to use this bloody thing anymore and don't feel like learning it all over again for a single test. Maybe this is why users often dislike changes to the UI, and why some sysadmins refrain from updating their servers? When you have users of any kind, you should at all times honor their installations, give them time to change their individual configurations - tell them that they should! - in other words give them a grace time, and allow for backwards compatibility for as long as feasible.

3. devRant web app!!

As mentioned earlier I tried to scrape the web app's login flow with Burp Suite but every time that I try to log in with its proxy enabled, it doesn't open the login form but instead just makes a GET request to /feed/top/month?login=1 without ever allowing me to actually log in. This happens in both Chromium and Firefox, in Windows and Arch Linux. Clearly this is a change to the web app, and a very undesirable one. Especially considering that the login flow for the API isn't documented anywhere as far as I know.

So, can this update to the web app be rolled back, merged back to an older version of that login flow or can I at least know how I'm supposed to log in to this API in order to be able to start developing my own client?

I don't understand why people are making a fuss about Facebook.

It's free to use, the amount of users kept increasing (thus the cost of maintenance) yet the company kept getting bigger and bigger. Obviously they're not making all their money off the advertisements on Facebook's own website.

So why are people so surprised that they're "selling" user information?

This is really funny to me. Especially the media joining in saying that it makes all your information available to everybody when they're actually talking about the fact that the majority of Facebook users have their profile set to public and they can be easily found with a simple Google search.

People are so fucking hypocritical it makes me want to puke. If you don't want anybody to know what you posted, just don't fucking post it on a SOCIAL MEDIA in the first place.

Don't get me wrong, I'm not saying that facebook is all flowers and love, they clearly didn't handle this situation well. They could have done something about this whole situation when it started instead of waiting for things to blow out of proportion.

However, people are just being assholes now. I highly doubt that they're reading all chats nor are they sending it over, they're probably just sending out some words you mention often so that it is pertinent for advertisers (ex. If you use the word computer next to buy, then maybe that triggers something). I could talk extensively about it but I'm way too lazy, the point is, they most likely aren't sending the nudes you sent to advertisers because that does not provide any benefits.

If you don't like Facebook, don't fucking use it. Delete your account and shut the fuck up. When you screw up in real life, there's no takesies backsies, why the fuck do people think it doesn't apply online? The government gathers up quite a lot of information on you yet I don't see you crying your eyes out.

Why the fuck do you care so much if an advertisement is tailored to specifically? Yeah, you talked about dildos and now you see dildo ads from Amazon, not happy? Just download adblock and shut up. If you're gullible and the moment you see an ad about single women in your area you click on the ad because you want to get laid right now, that's your problem.

Don't want people knowing about some aspects of your private life? Don't share it online.

Stop acting like people are any better at keeping secrets, I'm sure you had some people leak your secrets at least once, yet I doubt you sued them and you brought them to court.

===========

I'm sorry about this, it's just that Facebook is all over the news and I'm getting sick of it.

Also, I hate facebook, I'm not necessarily defending it, I'm more pissed at the medias for blowing this situation out of proportion.

Why are apple so fucking back assward and stubborn when it comes to their app review process?

So, at work I made an app. It's a simple one, but it's an app.
It makes it so that the user doesn't have to enter their credentials to sign in to a system developed on our platform.
If you give it a hard oded config it will only connect to that server, if not, it fetches a list of available servers and the user has to select which they want to connect to.

I've uploaded basically the same fucking app thrice, twice with and once without a config.
Two of them when somewhat smoothly through the review, but the last one has been stuck for almost two fucking months! And guess what it's one of the ones with a config!?!

How is that in any way consistent?
They fill us with shit like "your screenshots aren't representative", so I update them.
They go "this is not an AP for the public", I tell them I give less than a steaming pile of fresh dung from a retarded donkey, the intended users are freelancers, so just fucking greenlight it.
Then they go "your screenshots aren't representative", so I tell them to pound sand or specify which screenshot is wrong or what they think is missing.

How are they so fucking inconsistent with their process? Isn't is this process that they used as of defence for their shittastic monopoly, that they don't want to call a monopoly?
I'm so fucking tired.