I just helped one of our cleaners get Internet since the management whitelisted devices that can get WiFi access.

I believe that anyone, regardless of position, must have equal access to the resources in this company.

This company!
Ugh.

Two days ago we had an hour and a half meeting on which projects to focus on, with the result being all seven are top priority. Because of course.

Last night I told my boss why an api he has me hitting always returns 401s; even gave him the line# responsible for the response (in his code). After an hour and sixteen minutes of him debugging, he finally admitted I might be right. zzz. This morning, he tells me it's on my end, and to ask someone else for their project's API code. The problem is that the server is not accepting the new application's key, since that key is not in the allowed list. That other project works just fine. Guess why? Their key has been whitelisted for months. But it's totally my code. Yeah. Bloody brilliant. 🔅

Anyway, today we're discussing "Winning with Accountability," a 100 page book that boils down to "do what you say you'll do, by when you said you'd do it, and take responsibility if you don't." But a huge part that the boss is stressing is: provide the exact date, time, and timezone of when things will be completed by. I mean That's fine for sales calls and reports and such trivial busywork. But dev projects? Not so much.

And that's been my past three days!
Friggin joy.

I don’t know what’s worse:
1) The dev that whitelisted .jpg and throws an exception when .jpeg is used.
2) I’m having to educate business users how to rename a file.

fuckpress.Pi
Yep, thata right. Fuck Wordpress Raspberry Pi. Thanks to my inability to interact with proton mail filtering I just made a script that checks for a new email and if it contains words "wordpress", "help", " hack", "build" and it is not from whitelisted contact, the email is moved to the Fuckpress folder and automatic reply is sent back that I AM NOT FUCKING DOING YOUR GAYPRESS FUCKING SHIT FOR YOUR 5$ CUNT.
rant over

Ever had one of those moments when sites run by cunts (fuck you CNET) autoplays videos at 200% volume?

Use the extension called "Silent Site Sound Blocker" to make sure only whitelisted websites can play sounds.

Fuck yeah!

Once I moved to new flat that had no internet connection yet, so I went to restaurant located under my apartment, that had WiFi secured with password. I asked for it while waiting for the order - it was "A1B2C3D4". After a while I got anoyed that it was so slow, so checked if can acces router admin page and restrict access for their clients. It turned out I can and they used default login and password, so they ended up with only my MAC whitelisted. Seemed they had connected their own business PC ("office PC") via LAN too, so I was curious if they call ISP to check it out. I checked the router settings every day, even after I got my own internet connction and they had it blocked for about 3 weeks. Then they changed WiFi password, so I came again, asked for password (another shitty one), checked router admin page and... still default login and password...

So today was the worst day of my whole (just started) career.

We have a huge client like 700k users. Two weeks ago we migrated all their services to our aws infrastructure. I basically did most of the work because I'm the most skilled in it (not sure anymore).

Today I discovered:
- Mail cron was configured the wrong way so 3000 emails where waiting to be sent.
- The elastic search service wasn't yet whitelisted so didn't work for two weeks.
- The cron which syncs data between production db en testing db only partly worked.

Just fucking end me. Makes me wonder what other things are broken. I still have a lot to learn... And I might have fucked their trust in me for a bit.

A third party manages access to a web application I’m supposed to begin using. While accessible from the Internet, they whitelist IP addresses, so it rejects the login credentials if not coming from a whitelisted address.

I provided my external IP address to their support team but the application was not letting me in, so I called their help desk. A support technician said that my IP address was 10.x.x.x, a private IP address. I’m not on the same network as this application, so I did a quick check and realized they are reading my internal IP address from my X-FORWARDED-FOR (XFF) header (yes, my employer exposes this).

I explain to him that the application is incorrectly reading my external (connection) IP address and is instead reading my internal IP address from my XFF header. I also explain that it’s not a good idea to add a private IP address to their whitelist as it somewhat defeats the point as anyone can assign that IP address within their network and expose it via an XFF header.

After talking to numerous support personnel, I came to the conclusion that not a single support person on their team understands basic networking and private IP address ranges.

I finally just said, “Fine. Go ahead and add my internal IP address but keep in mind it will change a lot.”

He then proceeded to “explain” to me how my IP address is assigned by my ISP and should change very infrequently. I explained to him that the IP address their application is reading is actually assigned by DHCP inside my network, but I was clearly wasting my breath.

We whitelisted IP range X.X.X.X - Y.Y.Y.Y The application works if we connect from within this range but if we use an IP address from Z.Z.Z.Z we can't connect.

(╯°□°）╯︵ ┻━┻

Was doing white listing and asked for the address they need whitelisted. Was given the street address 😐.

What is it with devs (not all, by any means!) who don't understand networks or basic computer operation? I'm not talking about anything complex, but things like the dev who asked if his IP address could be whitelisted so he could remote in from home. We asked what his public IP address is and he said 10.0.0.27.

Or the new dev who started and said her laptop camera didn't work and logged a ticket, only to be asked if she had the camera cover open or closed and said, "oh, that's what that lever is for."

Don't get me wrong - many devs and sysadmins and IT people of all fields are excellent. And there are some who are crap in every field. This is no rant about devs in general, just *these* crap devs that I can only throw my hands in the air and think, well, they scored ok in the SQL test.

Not much of a haxk, just a stupid thing that works.

In my hs videogame programming class, the teacher has this program called LANSchool (most of you have heard of it) which he used to restrict apps/browsers to the point of uselessness . He didn't (and still doesn't) know anything about the stuff he 'teaches', most is tought by TAs.

Here's the dumb part: he WHITELISTED APPS. A friend, one of the TAs, figured out that if you rename something 'Google Chrome', lanschool wouldn't care. So I got Chromium (for unblocked internet) and switched its blue icons in the exe for original chrome icons, then renamed it 'Google Chrime'. Woo.

LANSchool is such a bad program (you can even unblock a site by spamming the F key for refresh).

The teacher did, and still does, treat the TAs like trash. He's a babysitter while students listen to online vids and the TAs.

I was working on email reporting to business customers and in the test phase was mass sending email to my own account. However it suddenly stopped working and it took me a few minutes to realize I had commented out the hardcoded line with my email address. I had to write to each Customer and apologize for the spam after my error. Also had to get whitelisted our email server after the incident with a few.

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

I really, really need some help here.

We have a service provider that is utter shit. Due to their shittyness we have a server to which our customers point their domains and then we forward the request to our shitty provider. This worked well until our provider blocked our server's IP.

They can't come up with a reasonable explanation as to why it's happening, and even though they've whitelisted our IP it keeps happening. I've tried changing the server's IP, but it takes 5 minutes and we're blocked again. Probably some traffic that they deem fishy.

Does anyone have any good or bad idea on how to work around this fuckery? The server at our provider is running PHP, so I'm thinking if I can set up some sketchy tunnel or something, but even then it might be caught on a lower level.

I'm really, really grateful for any ideas or advice. Even of the shitty kind.

2 AIX workloads got messed up during patching. Apparently they had a local database and they were in PROD env.

"Not a biggie - there's always a netbackup to restore the whole workload" - I said and reached out to netbackup folks.

Turns out even though netbackup was configured properly it had never even initiated successfully bcz backup NIC was not whitelisted in network layer. Never ever in 3 years.

Service guys were piiiiiiiiiiiiised big time

Just posted this in another thread, but i think you'll all like it too:

I once had a dev who was allowing his site elements to be embedded everywhere in the world (intentional) and it was vulnerable to clickjacking (not intentional). I told him to restrict frame origin and then implement a whitelist.

My man comes back a month later with this issue of someone in google sites not being able to embed the element. GOOGLE FUCKING SITES!!!!! I didnt even know that shit existed! So natually i go through all the extremely in depth and nuanced explanations first: we start looking at web traffic logs and find out that its not the google site name thats trying to access the element, but one of google's web crawler-type things. Whatever. Whitelist that url. Nothing.

Another weird thing was the way that google sites referenced the iframe was a copy of it stored in a google subsite???? Something like "googleusercontent.com" instead of the actual site we were referencing. Whatever. Whitelisted it. Nothing.

We even looked at other solutions like opening the whitelist completely for a span of time to test to see if we could get it to work without the whitelist, as the dev was convinced that the whitelist was the issue. It STILL didnt work!

Because of this development i got more frustrated because this wasnt tested beforehand, and finally asked the question: do other web template sites have this issue like squarespace or wix?

Nope. Just google sites.

We concluded its not an issue with the whitelist, but merely an issue with either google sites or the way the webapp is designed, but considering it works on LITERALLY ANYTHING ELSE i am unsure that the latter is the answer.

FUCK APPLICATION LEVEL FIREWALLS!

So i cam online today, thought already lets open the shitty outlook webmail client. Holy crap .... thats way to much mails. Many of them are missed teams messages. So i open up teams and holy crap. Like every third dev in my company send me a message screaming "gitab is not working!!!".

Yesterday i updated it so imediately get in panic mode - what the shitty hack have i done?!

So yeah gitlab seems to be working just fine, everything is speedy and responsive, so i call one of my fellow devs and ask him whats wrong? And he is like oh yeah there comes a ldap error saying timeout or something.

I try to login with active directory. Works like a charm. Try another account, same problem?!

Google the problem, search gitlab tickets. Nope there is no open bug or sth. like this.

So alright lets call the network guy. "Yo, can you check if there is something ldap-like getting blocked to the gitlab server?" - He is like oh yeah damn like almost every damn request is getting blocked. Ah wait, there was an firewall update yesterday too. Yeah ldap is no longer ldap. BLOCK THAT SHIT!

After 10 minutes of figuring out what shitty type is detected by the firewall and what needs to be whitelisted to make it fucking work again it seems to work.

But ha no, there is another update rolling on, so same shit like 15 minutes later.

Now it seems to work and i have to inform every damn fcking developer that it works again. And yeah alright you sent a mail, but fuck it, i will call you though! So yeah just answering calls, mails and chat messages. Like why the fuck cant you read your mails like a damn normal person?!

Need advice about protecting ddos via iptables and whitelisting. Currently I launched my gameserver and am fighting against a massive attack of botnets. Problem was solved by closing all ports on my gameserver linux machine and shipping game.exe with injected c++ socket client. So basically only gamers who launch my game exe are being added to firewall iptables via the socket client that is provided in the game exe. If some ddosers still manage to get inside and ddos then my protection is good enough to handle attacks from whitelisted ips from inside. Now I have another problem. Lots of players have problems and for some reason shipped c++ client fails to connect to my socketserver. Currently my solution was to provide support in all contact channels (facebook,skype,email) and add those peoples ips to whitelist manually. My best solution would be to make a button in website which you can click and your ip is whitelisted auromatically. However if it will be so easy then botnets can whitelist themselves as well. Can you advice me how I could handle whitelisting my players through web or some other exe in a way that it cant be replicated by botnets?

Question about linux iptables. I am currently blocking all access and whitelisting only when my users launch my software. When software is launched a socket client is also launched, it connects to socket server, identifies itself with a password and disconnects. If given password by socket client is correct, then socket server whitelists the users IP by executing the following command: " iptables -I INPUT -s userIP -j ACCEPT".

My problem is that now I have lots of duplicates of IP's whitelisted and as far as I've heard I should not go over 25k iptable rules.

So my question is how to check if ip is already whitelisted, in order to avoid duplicate iptable rules for for same IP?

Obvious solution would be to store whitelist somewhere (mysql/txt) and double check before whitelisting ip, but maybe there is an easier way to do this?

When your work machine has some cloud av, with single whitelisted directory.
Moving appData was quite an experience, especially when certain visual studio extensions have absolute paths in registry.