AboutLinux/FOSS, cyber sec, privacy and programming guy. Hardstyle/rawstyle freak.
Joined devRant on 5/14/2016
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
None, for me, but that's why I work as a cybersecurity engineer and not a dev!
But, I do tons of side projects and the reason why I love it: it makes me feel like I'm in God mode. (and helps me solve quite some problems)
Quite ironic, for an atheist ;)4
The hell, why'd I write an add-on for a system I don't know as well while I could just implement a PHP version easily!?
Even if it is just to fucking prove that this can easily be done in PHP!5
Trying to reverse engineer an API.
Who on fucking earth thought it would be a good idea to let the response be JSON but.... THE VALUE OF THE MAIN INFORMATION THING/KEY PLAIN (UGLY AS HELL) HTML WITH EVEN GOOGLE TAGS BULLSHIT...
WHY?! THIS HURTS.
Waaaay too many but let's go with this one for now.
At my previous job there was a web application which was generating about 1gb of log data a second. Server was full and the 'fullstack engineers' we called had zero clue about backend stuff and couldn't fix it.
Me and another engineer worked our asses off to figure this out but eventually the logging stopped and it went back to normal.
For that moment. I was the on-call server engineer and at like 3am I got called awake because this shit was happening again.
Sleep drunk with my phone I ssh'd into the server, not sure about what to do at first but then suddenly: let's chattr the goddamn log file...
$ chattr +i /var/log/logfile
Bam, worked, done, back to sleep.
(this comment + param marks the file in a way that it can only be read until the mark is removed, so you can't write to it or move it or remove it or whatever)14
My family supported me all the way. Not per definition by buying me stuff but they always 'pushed' me to do what I love doing and I am now doing that!
But, I'm a huge privacy/cybersecurity freak and my family mostly migrated to Signal and stuff like that so that's awesome :)1
Hahaha, the DPC (Data Protection Commission) has asked Facebook in a letter to stop transferring Europeans' data to the US.
Since the Privacy Shield agreement is off the table, it's illegal regardless to send any kind of PII data from the EU to the US.
How about we stop nicely asking and start giving fines in the form of millions every time PII data is transferred from the EU to the US by Facebook?
If the EU could grow some balls, that'd be fucking great.19
A better experience? Really?
It looks like you're using more than 100 external parties for whatever fucking reason. It is nearly impossible to disallow these, except for some stuff like analytics, which I don't like since it includes mass surveillance parties like Google and Facebook, but I'd at least, to some extent, understand that better.
But, the amount of dark pattern here is staggering and this kind of 'consent' you're using wouldn't, in a million years, hold up under the GDPR.
You know what would be a better experience? No tracking and no ads.
Go fuck your better experience (would that be a better sex experience....?)5
A lot of docker containers.
I often have to use docker containers while I don't understand it as well yet and quite some containers literally come with zero documentation or bad docs.
This both as for how to set the containers up and how to debug stuff.
This is one of the big reasons why I'm not as big of a fan of docker yet.9
*le me wants to get an icon online*
*le me finds a good icon on a free icon site*
*the icon site does require a free account for downloads but this guy doesn't want to register just for getting an icon*
Inspect element -> copy base64 icon data -> paste into a base64 to file converter online:
Le me has the icon now!8
Jesus fucking christ, entering w3schools.com (don't ask) and I immediately get a cookie consent thing shoved in my face.
WHY?! Please don't tell me it's so I can get the 'best experience' because that's straight out bullshit. I don't need cookies and you fucking name it to get 'the best fucking experience' while looking up again how that one PHP or HTML or CSS or WHAT-THE-FUCK-EVER thing worked.
E-v-e-r-y GODDAMN site has this nowadays, to 'improve my experience' - I block ads anyways so what's the motherfucking point?!
Mother of FUCKING god.
!dev - cybersecurity related.
This is a semi hypothetical situation. I walked into this ad today and I know I'd have a conversation like this about this ad but I didn't this time, I had convo's like this, though.
*le me walking through the city centre with a friend*
*advertisement about a hearing aid which can be updated through remote connection (satellite according to the ad) pops up on screen*
Friend: Ohh that looks usefu.....
Me: Oh damn, what protocol would that use?
Does it use an encrypted connection?
How'd the receiving end parse the incoming data?
What kinda authentication might the receiving end use?
Me: What system would the hearing aid have?
Would it be easy to gain RCE (Remote Code Execution) to that system through the satellite connection and is this managed centrally?
Could you do mitm's maybe?
What data encoding would the transmissions/applications use?
Friend: nevermind.... ._________.
Cybersecurity mindset much...!11
Especially painful being a cybersecurity engineer;
Did something wrong with an if-statement.
Caused authentication to break completely; anyone could login as any user.
Was fixed veeeeeeery quickly 😅 (yes, was already live)9
I think this is both a blessing and a curse for me.
Whenever I'm developing something, I ALWAYS keep coming up with new (good) feature ideas WHILE programming. Now, this isn't as bad because they enrich the software/service mostly but goddamn, it's so fucking annoying when I'm working on a certain function/feature and I change stuff three motherfucking trillion times before finishing it because I keep coming up with fifteen billion new ideas.
In the end it's all worth it but at some moments it gets really fucking annoying.11
Question for people familiar/knowledgeable about hardware keys;
Do you know if the OnlyKey could be considered safe/secure and if not, any idea as for alternatives?
My requirements would be nearly all the features that OnlyKey has, water/shockproof and the system should at least be open source.6
No crazy prep, ever.
I always go in with a 'this is me, these are my skills, that's all you're going to get' mindset.
I of course do some research (about the company, their culture, technologies and stuff like that) but I find it kinda weird to spend a big amount of time on interview prep when there is a chance of rejection. (personal opinion)4
I think I ranted about this before but fuck it.
The love/hate relation I have with security in programming is funny. I am working as a cyber security engineer currently but I do loads of programming as well. Security is the most important factor for me while programming and I'd rather ship an application with less features than with more possibly vulnerable features.
But, sometimes I find it rather annoying when I want to write a new application (a web application where 90 percent of the application is the REST API), writing security checks takes up most of the time.
I'm working on a new (quick/fun) application right now and I've been at this for.... 3 hours I think and the first very simple functionality has finally been built, which took like 10 minutes. The rest of the 3 hours has been securing the application! And yes, I'm using a framework (my own) which has already loads of security features built-in but I need more and more specific security with this API.
Well, let's continue with securing this fucker!10
I suddenly remembered this after being gone from my previous company for nearly a year.
So, I worked there as a tech supporter and Linux engineer.
What would often happen was clients calling with an issue regarding software of some sorts and about half the time, instead of LOOKING AT THE GODDAMN ERROR MESSAGE they'd just click it away fast and complain shit wasn't working.
I specifically remember this one case:
*big client mails complained that one of their clients' email isn't working. Screenshots weren't possible apparently so after emailing back and forth for way too long, we decide to do a screen sharing session (which we never do).*
(for the record, already emailing for hours, client very frustrated, me as well because the behavior of the software sounds impossible)
Me: alright, close everything, then open it again so I can see what happens.
Client: *opens mail client, error appears, client clicks error away faster than an arch user being able to mention they use arch*
Me: uhm.... I assume you already know what that message said and that it has nothing to do with the issue?
Client: it has nothing to do with the issue.
Me: okay... But have you at least looked the message?
Client: no but it has nothing to do with the issue.
Me: but, how'd you know if you won't look at it?
Client: it has nothing to do with the issue, okay?
Me: okay.... so, what's happening here?
Client: the user isn't receiving email anymore at this point!
Me: alright, have you checked the settings and everything?
Client: of course, all good
Me: okay but can we at least restart the software again to at least check the error message?
Client: FINE. *restarts client (pun intended, of course)*
Error message: username or password incorrect, can't connect to the server.
Client:..... Right, I changed the password...
Client: *sets correct password*
*poof, error message gone*
Client:..... Thanks 💀
Me: you're welcome 😄
My current project. Won't reveal anything about it until I've got a usable version (which might take more than a month) but it would be a good way to give a middle finger to a big ass surveillance company.
It won't exactly match with their product since this is impossible for me to do as this would compromise user privacy but it'll come close enough!9
I take a moment for myself and assess the situation from a bird's view.
Then, I objectively look at the current situation and my response/reaction to this and try to change my thinking process/acting to a more rational one.
But, also, my general way of thinking in the cyber security world plus how I'm hardwired to think in a 'paranoid' kind of way makes my current job so fucking perfect for me that i often think about that and the fact that there aren't many people around who have this.1
Was already communicating with a recruiter and made her very clear (a gazillion times) that I don't want a Microsoft related job.
After a few months she calls me telling about this amazing opportunity; a Microsoft related job.
Told her what I told her fifteen quintillion times before and she responded very guilt trippy/offended because she spent so much time on working this out for me.
Fucking retarded and awkward.7
Oh for crying out loud, Github is stopping with the term 'master' due to its 'negative association'.
Can we please not pull everything out of goddamn context and not be a fucking offended special snowflake with ANYTHING that could potentially be thought of in a way that could be associated with slavery?!
If we're gonna do it like this I want to ask people of color not to use white/light themed websites/backgrounds.181
Disclaimer: I can't 'officially' verify this.
I've been using Firefox as main browser with about 5 addons for added privacy for ages now. When googles (fucking) reCaptcha takes more than a few minutes on Firefox (about 90 percent of the time, I'm estimating), I switch to Chromium (with the same amount of (similar) privacy addons) so I can go on with my stuff.
Now, I recently thought 'why not try to do user agent spoofing on Firefox to see if reCaptcha would start working 'normally'?
So, I installed a user agent spoofing addon on Firefox/Chromium, results:
Firefox reCaptcha success rate: 10 percent approx. (mostly 2+ minutes)
Chromium: 90 percent. (mostly instant)
Firefox: 90 percent approx.
Chromium: 10-20 percent approx.
Again, I can't prove any of this yet but mother of fucking god, whenever using Chromium or spoofing Chromium on Firefox the succession rate skyrockets.
Google, what the fuck are you up to?14
I think I have multiple but this guy stands out.
He was a fellow student at my software development study. Used primarily FOSS systems/software, not because he cared about ethics as much but because that way he could tinker with the software as much as he wanted.
He was always searching for new things to tweak, write, explore and so on. And he shared as much as he could with fellow students.
A few examples of what he did:
- wanted to change something about how Linux worked at its core (he mainly used debian based systems) so he learned how to write kernel modules and wrote his solution.
- wanted to be able to monitor his gas/power usage so he hacked an arduino thing into the power/gas meter and got it to send updates to a messenger at command.
- setup and automated mini data center because fuck it, fun to do.
His thinking was always very creative and to this day I still appreciate what he taught me on that!4
Terrible Dutch (!dev) tech pun I just came up with: (posted it earlier under the rant section but removed it due to that)
Wat moet een AMD CPU doen als'ie op vakantie gaat?
So, Facebook is acquiring Giphy. The amount of metadata they're about to get is fucking insane.
And since I refuse to personally use anything Facebook related... I won't be able to use the GIF integration of any messenger and many more products/services anymore, I guess...
Just fucking great. Fucking die, Facebook.41
That moment that you finally decide to buy some bitcoin, purchase it, want to transfer.... aaaaaaand some random error shows up on your web wallet.
Hahahaha, good one.
About 20 side projects by now and quite some projects requiring more frontend skills than I have!2
Not sure if you'd call this an insecurity but regardless; frontend.
Much of the stuff I develop is meant to be user/privacy friendly.
Like, at the moment I'm developing an end-to-end encrypted notes web application. The backend is a fucking breeze, the frontend is hell for me. I'm managing mostly but for example, I need to implement a specific thing/feature right now and while the backend would take me about 15-30 minutes, I've been only just thinking about how I'm going to do this frontend wise for the past few fucking hours.
And before people tell me to just learn it; I. Fucking. Hate. Frontend. Development. My motivation for this is below zero.
But, most of the shit I write depends on frontend regardless!3