Aboutcybersecurity engineer in aerospace
Skillspython, c++, flask, linux, security, containers, docker, container security, kubernetes
Joined devRant on 5/17/2019
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
A conversation that me and my boss had this week:
Boss: "Hey, why is this not progressing"
Arcsector: - "We're waiting on system users to move their destinations"
"We need the system in the database in order to move it"
- "Okay awesome - let's move it, oh wait, I can't do it because I don't have access, here's the stuff that needs to be done: a, b, and c"
"Oh I'm actually not able to help with that"
- "So then how are we supposed to get it done?"
"idk but also this other issue is something missions are complaining about"
- "oh I already am talking to them about it and it should be remedied by the team creating the problem because it's a false positive"
"Well we need to solve it still"
- "We would've solved it already but it has dependencies with other projects that we're still working on because we don't have enough people"
"We cant get you more people because we don't have the budget"
- "Then this stuff will have to wait"
"Get it done"
ACTUALLY SCREAMING! Why cant people understand that there are conesequences for their actions??!!1
ITT: Best/most professional ways to ask your coworker "What the hell are you thinking?!"
I'll start: "Whats the reasoning behind that?"7
"Dad, our fence is down again"
"Sorry sir, we cant install your new furniture until Spectrum turns on your wifi"
"Warning: you have violated twitter's safety rules - we will be unscrewing your bed frame now"
When will they learn6
So with the advent of Docker Desktop going premium we thought we'd buy a couple licenses... What did the HR team say?
"No, you're fine - we can just keep using it - how will they know?"
WHAT??!!! I will NOT be the one who gets brought into a multi-million dollar lawsuit because HR are a bunch of nitwits. I will fight this with everything I have so that when ouch time comes, i can say i didnt participate in the shady bullshit these people are recommending.13
Music. Music teaches you numbers, creativity, patterns, structure, and basically primes your brain for math and creativity in that space. In addition, it teaches you how to think both within a structure and outside the box, as well as the importance of repetition, memorization, and learning a new language.
Music really was my second language, and the ability to read/write it fluently is a skill that takes a long time to master. I really believe that it increases your brain plasticity so much.4
In the pandemic era i have become allergic to delivery fees. Fucking $5 to get pizza delivered? Fuck you I'll take the 15 minutes it takes to go down to the damn restaurant! Pisses me off sometimes.
Maybe it's because i enjoy getting out more since I've started working from home, but tbh i don't even care, because paying $11 to have someone else bring your groceries to you just makes me irate.14
Anyone have the link to that rant where the individual is yelling about how maximum password lengths are retarded? I just really need to read that right now... the max password length on this site is 14 CAHRACTERS7
One of my social interactions for this week just cancelled on me and I'm feeling SO FREE! I can actually take my time with a dish i have been wanting to make, and my girlfriend is going to be so happy that she gets to see me more this weekend. Things are looking up, folks!3
Have idea, lay ground work, get user interface designed, find out someone already had the idea and did that, repeat.1
TL;DR: "Best" job is a dynamic flow, your job or your priorities will change, better to just start.
It depends on your definition of "best": do you mean the job that you think you will enjoy the most? The job that you are the most knowledgeable on? The job that you will have the most upward mobility in terms of opportunity for promotions and salary increases?
All of them at once, i suppose, but you cant have everything at once: my advice would be just start somewhere. Thinking you're going to get your dream job fresh out of college is a bad way to look at the world. The best job may be the best right now, but your priorities will change in life.
The best job today may not be the best tomorrow for a variety of reasons, but if you start somewhere, you will always have the experience generated by your existing occupation to carry you forward and propel you into your next big position.
We literally have Ph.D's here who dont know how to use a Linux CLI... I'm baffled as to how you get into the security industry without understanding actual security. The only thing your Ph.D. counts for is understanding the rules that allow you to ball-bust people into paying your salary.7
Part 1: https://devrant.com/rants/4298172/...
So we get this guy in a meeting and he is now saying "we can't have application accounts because that violates our standard of knowing who accessed what data - the application account anonamizes the user behind the app account data transaction and authorization"
And so i remind him that since it's an application account, no one is going to see the data in transit (for reference this account is for CI/CD), so the identity that accessed that data really is only the app account and no one else.
This man has the audacity to come back with "oh well then thats fine, i cant think of a bunch of other app account ideas where the data is then shown to non-approved individuals"
We have controls in place to make sure this doesnt happen, and his grand example that he illustrates is "Well what if someone created an app account to pull github repo data and then display that in a web interface to unauthorized users"
M******* why wouldnt you JUST USE GITHUB??? WHO WOULD BUILD A SEPARATE APPLICATION FOR THAT???
I swear I have sunk more time into this than it would have costed me to mop up from a whole data breach. I know there are situations where you could potentially expose data to the wrong users, but that's the same issue with User Accounts (see my first rant with the GDrive example). In addition, the proposed alternative is "just dont use CI/CD"!!!
I'm getting pretty pissed off at this whole "My compliance is worth more than real security" bullshit.
User: If we use Oauth2, can we audit exactly where this data is going and who sends it there, and in addition cam we audit who grabs that data from the Authenticating app and make sure it doesn't violate our requirements?
User: Why not?
Me: Because thats like asking us to audit whether or not a user accessed files and then uploaded them to their personal drive instead of corporate. We don't mandate that application owners take responsibility for their data outside of their application, why would we require that in this case???
FFS the lack of understanding of application accounts here boggles my mind. I understand that the security concerns are real but throwing out all permissible contexts based on a mandate that we dont even apply to extremely permissive accounts (i.e. users compared to apps) is folly1
"Dude, you HAVE to check out this meme i saw...
No; of course it's not in the joke/meme category!"1
I'm getting pretty fed up with dependency injection and having to do work in Loopback; why cant it just work!1
I chose Network/Cyber Security because it was my internship experience and they were willing to pay me good money to stay on... No but seriously I am much better at understanding how complex systems work than coding them. This job, as stressful as it is, is a different kind of stressful that the deadline-fraught jobs of software developers worldwide.
And i can do it fully remote.2
Manager: "Can we get an accurate report on how many containers we have on the Kubernetes cluster?"
Me: "Well not really since Kubernetes is designed to be dynamic and agile with the number of resources and containers being created and deleted being subject to change at a moment's notice."
Manager: "I want numbers"
Me: "Okay well if we look at a simple moving average over time, we can see how the number of containers changes and then grab a rough answer from that"
Manager: "These numbers look a little round, are you sure these are exact?"
I'm going to throw myself into a pile of used heroin needles and hope i get stuck with whatever the hell this guy has to somehow be a manager while also being this retarded.15
I really thought i would never run into integer overflow issues, but damn, not being able to set a date as 100 years into the future for comparison is pretty shite. Fuck this bug.2
My pet peeve (for non-anglicanized saxons, essentially something that bothers you a lot): when people get really upset or freaked out for you in order to outdo your own sense of shock or anger at the circumstance you just told them about.
Today i had a rock hit my windshield. Later i told my brother about it and he was EXTRAORDINARILY concerned, and although its just him looking out for me, i cant help but feel noided by it.
Am i an asshole for this or do you guys feel this way sometimes?7
Everybody's coding on the weekend
Everybody needs a new project task
You want a piece of my results
You gotta start from the start
You want to be in the contributors
C'mon baby let's go
Yeah essentially I'm going to be working this weekend due to protect constraints and SME being unresponsive and unhelpful1
Another leetcode interview down. I really appreciate the options to choose your own language nowadays; being forced to use C to figure out byte gaps is like being forced to clean the freeway with a toothbrush!1
Anyone have experience with filterless or chemical-free aquarium ecosystems? Looks like a real neat hobby but i dont want to mess with living things too much for fear they get harmed5
Had to put down my dog today. I've felt real shitty before but this is my closest experience of loss I've had.
I miss her so much you guys. I'm sorry for bringing it down. You guys all feel like a real community so help me feel my feels and not just push it down.12
Replace all the python scripts with Perl file extensions. It wouldn't really do anything because people would still be able to run things if they did things right, it would just be a harmless funny prank
SIEM: Security Information and Event Management system
Within a SIEM there is usually a reporting, alerting, and learning framework wherein you perform investigations and threat hunting. Our SIEM is connected to our data lake through a glorified elastic backend.
Today we were figuring out how to get dynamic data that we store in our SIEM to show up in the regular data lake presentation layer. All the solutions only half worked or had barriers to progress that seemed larger than the proposed solution.
So now we're going with the proposed solution: send static data back into the data lake in order to pull it out on the normal frontend with all the enriched info. We're basically turning this thing into a damn feedback loop.
I hate designing solutions within the confines of COTS products.
The titles - some of these events have the most insufferable titles. If it's not some cringey pop-culture acronym like AVNGRS then it's a super nondescript, mysterious title like "The Bakeoff", which helps nobody and doesnt do the event justice.
I would much prefer "MIT Anual CTF, 2021" than the usual bullshit fanfare referencing the Matrix.1