Bruteforce IRL

So I recently bought my first house (yay!).

Whilst doing the initial viewings I saw the below on the backyard and thought "hey that's neat, I can leave a key in there for when I come in late and my fiancée is asleep.

Fast forward to moving in day and the previous owners hand me the keys so I ask "oh yeah, what's the code for the keysafe" and he just looks at me completely blank, so I'm just like "the box on the wall out back" and he's just like "oh! So that's what that is. No we've never had the code for that, bye."

Being a pen tester I'm just stood there dumbfounded thinking "How the hell can you have a locked box attached to your house and not want to know what is inside!"

Anyway, that brings us to now where I'm stood outside in December on a Sunday morning brute forcing my way into my own keysafe.

I wish this didn't run so many parallels with my work life 😂

The project where I realized I wanted to go from chemist to pro dev.

I built a flow-chemistry spectrometer with monitoring backend in Haskell.

Spectroscopy is where you add a reagent to a glass tube, it changes color, and by measuring the exact color it tells you how much of something (for example, a toxin) is present in the sample.

I had to do that a lot on factory samples, writing down measurements using pen & paper.

I'm lazy so I decided to do the logical thing: Automate it. I bought a second hand spectrometer, stripped the casing, did a shitload of glassblowing and hooked up tubes to the production pipelines, so I could get samples, mixing them in the correct ratio with reagents in continuous flows using valves.

I ended up using 2 home-crafted arduino-like boards (etching PCBs is fun!).

One to calibrate the mixture against known samples and control solenoid valves to continuously cycle through various reagents and deionized flushing water, the other to record the measurements and send them to a server running a Haskell/Yesod API.

The server collected the information into InfluxDB (A time series database), displaying all data on a graphite dashboard.

Eventually I wrote Haskell plugins for most of the chemistry processes, from pH & temperature measurements to polymer property and pigment tests (they made a lot of printer ink).

Then I was fired because they didn't need chemists anymore, and the code "could be maintained by the intern" (poor guy)...

But I did find out that I loved functional programming, chemistry automation projects, and crafting my own electronics during that time.

CSS is like #03
(repost, forgot image last time xD)

Not being able to write code only using pen and paper :/
I had one job interview where they ask me to iterate a tree using my preferred language. I felt so uncomfortable.
And my problem is only the pen and paper.
I'm able to write working code without any code completion even without highlighting in any shitty editor. But when it comes to write code by hand on paper it feels like my programmer brain side turns off.

Is there a service, or forum, where you can ask people to try to break into your software for free?

Stupid as that is, I kind of want a beginner security guy to pen test my server. Eventually I'll shell out cash for a real review, but I'd like a lite one now. 😔

Since I started my routine of checking bug logs every morning, I've had 2 instances where a website vulnerability scanner was run against a production website and generated over 2,000 Coldfusion errors.

At the time, I was super nervous about the apparent hack attempt, and hyped that the attackers never actually got in. It's nice to know that despite the various errors indicating vulnerable / breakable code, they were ultimately unsuccessful. I know now that a determined attacker could probably have wrecked our production websites. Since then I've made a ton of security-related updates and I'm actually thankful for the script kiddie getting my attention with that scan.

PS. We're now building a website for a local security company who is going to work with us to pen test the site when it's finished! Gulp.

So, I have been offered two jobs at the same company (big, global corp)

1. RPA coordinator or operator or business analyst. Completely new to me, they're happy with my background enough so that I could learn on the job. RPA is new in this place and they're creating team from scratch.

2. Member of IT security team where most of my work would be split between things that interest me greatly - vulnerabilities, fixing them and pen testing.

I'm not sure what to pick, really.

Option 1 seems to be way more future proof and seems like a lifetime opportunity to get into something relatively new, potentially more ££ down the road.
Option 2 is what I already spent some time learning and I have quite a big interest in. I've always been less of a programmer and more of an admin/sec guy.

Tbh before option 1 called me yesterday I thought that option 2 is a dream job for me. Now I'm all in doubt.

Looking at @striker28 's rant made me think of my time I did my MSc and I think it needs it's own separate rant so here it goes:

So I did an MSc at one of the big league unis in London. First clue was during week 1 where in one of the class a mature student asked whether there would be actual coding during the course. There was an audible gasp from everyone else! Once the lecturer said the unfortunatly they wouldn't be you could hear the sigh of relief from the students...

Next up was all the lectures being placed in the freakin' basement of the university in crap, smelly rooms with annoying ticking A/Cs whereas all the social siences, business and other subjects had lecture halls and classrooms above ground. The contempt for CS from the university's direction was palpable.

Then there was the relegation to the theory-only (i.e. abstract with pen/paper) "tutorial" to the hand of T/As with bugger-all teaching experience. In short most were terrible and should've found a way to abscond themselved from this obligation which was part of the terms of their phd grants unfortunatly.

Further into the course there was the "group project". Oh boy! Out of the 5 in the group my now mature student friend and I were the only one commiting to the repo. There was either no code and a lot of bullshit from the others or crap code that didn't even compile despite their assurances it was all good.. Someone clearly never actually coded and pressed "run" in their lives which is fucking surprising since they've managed to graduate with a BSc and get into a MSc somehow. None of the code "made" by the other 3 persons made it into the master branch for release.
The attitude was that of "We (hahahah) wrote loads of code. We'll get a great mark!". At that stage the core wasn't even complete and the software didn't work yet.

Some of the courses where teaching things already 10 years out of date and when lecturer where pressed on that the few mature students that happen to be there the answer was always "yes, we are planning to update it for next year". Complete bullshit. Didn't help that some of the code on the lecture slides was not even correct! I mean these guy are touted as "experts" in their field...

None of the teory during the entire year was linked to any coding. Everything was abstract with no ties to applied software engineering. I.e. nothing like the real world.

The worst is that none of the youger students realised they were being screwed over and getting very little value for their money. Perhaps one reason why these evaluation forms have such high scores given on them. If you haven't had a job and haven't lived outside academia yet there is nothing to compare it to. It tends to also fall into confirmation bias (hey it's a top UK university, it must be worth it afterall! Look how much they ask for).

By the end of the year I couldn't wait to get the hell out. One of the other mature student sumed it quite well: "I will never send my children here."
Keep in mind that the guy had just over a decade of software engineering experience in the industry and was doing this for fun.

In the end universities are not teaching institutions. The lecturers's primary job is research and their priorities match that. Lectures tend to be the most time efficient teaching format for the ones giving them but, on their own, are not for the consumer.

To those contemplating university for CS: Do the BSc. Get your algo/datastructure chops and learn the basic theory. It is interesting. Don't get discouraged by the subject just because it is taught badly.
Avoid the MSc unless you want to do a phd and go for an academic carrer. You are better off using that year and the money to learn more on your own and get into colaborative projects (open source) on top of some personal ones. Build up your portfolio. It will be cheaper and more interesting!

What the hell am I!? I wonder if you guys can help me...

I've been programming most of my life but I've never actually been a developer by title or job role. I thought maybe if I list what I do and have done someone here could help? I'm sure there are more of you in a similar boat.

- C# and VB dev for some quick DBMS projects to help me understand and mine databases and create a nice simple view for project teams to show findings from the data to help make certain decisions.
- Automating a lot of my colleagues work with Python and if very restricted then just VBA macros in Excel and MSP. This did also include creating tools to gather data during workshops and converting the data for input into other systems.
- Brought Linux to the office with most team members now moving over to Linux with the peace of mind to know that though they do need to try solve their own problems, I can help if need be.
- Had to learn AWS and then implement an autoscaling and load balanced data center installation of a few Atlassian toolsets.
- Creating the architecture diagrams documentation needed for things like the above point.
- Having said that, also have ended up setting up all the Jira/Confluence etc. servers we use and have implemented so far whether cloud (Azure/AWS) or on prem and set up scripts to automate where possible.
- Implemented an automated workflow view in SharePoint based on SP list data and though in an ASPX page, primarily built in JS.
- Building test systems in PHP/JS with Laravel and Angular to help manage integration between systems. Having quite a time right looking into how to build middleware to connect between SOAP and REST API's, the trouble caused more by the systems and their reliance on frameworks we're trying to cut out of the picture.
- Working on BI and MI and training a team to help on the report creation so that I can do the fun creative stuff and then set them to work on the detail :)

Actually it seems safe to say that it seems that though I've finally moved into a dev office (beforehand being the only developer around) I seem to be the one they go to when a strategic solution is needed ASAP and the normal processes can't be followed (fun for someone with a CompSci degree and a number of project management courses under the belt... though I honestly do enjoy the challenges)

But I always end up Jack of all but master of, well hopefully some at least. let's not even get started on the tech related hobbies from circuit design and IoT to Andoid / iOS and game dev and enjoying a bit of pen testing to make sure we're all safe at work and at home.

As much as I don't like boxes, I'm interested to know if there is in fact a box for me? By the way, the above is just a snapshot of my last two years minus the project management work...

I know the video editing software LightWorks has its aficionados. I can see how it's powerful. I've been using it since at least version 12. But my gosh how it screws people over. In the latest version, when you import files into a project and then want to delete _just the reference_ to the files in the project, LightWorks says "Nope, imma delete the FILE, too!" So you can never just start over with an import. When you import a bunch of still photos in one shot, no matter how many, it imports them all as an unwatchably fast 1 second video sequence instead of as an individual file. Like...what? And they've dumbed down the interface so much that there's no toolbar. You have to right-click poke at everything to try to find where stuff is. And right clicking is NON-EXISTENT on a Mac. I had to use a pen tablet to achieve it. I'm too cheap to buy Adobe Premiere for the few times I have to edit video in a year, so I guess it's just ShotCut on Windows for the rest of my life.