Aboutcybersecurity engineer in aerospace
Skillspython, c++, flask, linux, security, containers, docker, container security, kubernetes
Joined devRant on 5/17/2019
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
I chose Network/Cyber Security because it was my internship experience and they were willing to pay me good money to stay on... No but seriously I am much better at understanding how complex systems work than coding them. This job, as stressful as it is, is a different kind of stressful that the deadline-fraught jobs of software developers worldwide.
And i can do it fully remote.2
Manager: "Can we get an accurate report on how many containers we have on the Kubernetes cluster?"
Me: "Well not really since Kubernetes is designed to be dynamic and agile with the number of resources and containers being created and deleted being subject to change at a moment's notice."
Manager: "I want numbers"
Me: "Okay well if we look at a simple moving average over time, we can see how the number of containers changes and then grab a rough answer from that"
Manager: "These numbers look a little round, are you sure these are exact?"
I'm going to throw myself into a pile of used heroin needles and hope i get stuck with whatever the hell this guy has to somehow be a manager while also being this retarded.16
I really thought i would never run into integer overflow issues, but damn, not being able to set a date as 100 years into the future for comparison is pretty shite. Fuck this bug.4
My pet peeve (for non-anglicanized saxons, essentially something that bothers you a lot): when people get really upset or freaked out for you in order to outdo your own sense of shock or anger at the circumstance you just told them about.
Today i had a rock hit my windshield. Later i told my brother about it and he was EXTRAORDINARILY concerned, and although its just him looking out for me, i cant help but feel noided by it.
Am i an asshole for this or do you guys feel this way sometimes?7
Everybody's coding on the weekend
Everybody needs a new project task
You want a piece of my results
You gotta start from the start
You want to be in the contributors
C'mon baby let's go
Yeah essentially I'm going to be working this weekend due to protect constraints and SME being unresponsive and unhelpful1
Another leetcode interview down. I really appreciate the options to choose your own language nowadays; being forced to use C to figure out byte gaps is like being forced to clean the freeway with a toothbrush!1
Anyone have experience with filterless or chemical-free aquarium ecosystems? Looks like a real neat hobby but i dont want to mess with living things too much for fear they get harmed8
Had to put down my dog today. I've felt real shitty before but this is my closest experience of loss I've had.
I miss her so much you guys. I'm sorry for bringing it down. You guys all feel like a real community so help me feel my feels and not just push it down.12
Replace all the python scripts with Perl file extensions. It wouldn't really do anything because people would still be able to run things if they did things right, it would just be a harmless funny prank
SIEM: Security Information and Event Management system
Within a SIEM there is usually a reporting, alerting, and learning framework wherein you perform investigations and threat hunting. Our SIEM is connected to our data lake through a glorified elastic backend.
Today we were figuring out how to get dynamic data that we store in our SIEM to show up in the regular data lake presentation layer. All the solutions only half worked or had barriers to progress that seemed larger than the proposed solution.
So now we're going with the proposed solution: send static data back into the data lake in order to pull it out on the normal frontend with all the enriched info. We're basically turning this thing into a damn feedback loop.
I hate designing solutions within the confines of COTS products.
The titles - some of these events have the most insufferable titles. If it's not some cringey pop-culture acronym like AVNGRS then it's a super nondescript, mysterious title like "The Bakeoff", which helps nobody and doesnt do the event justice.
I would much prefer "MIT Anual CTF, 2021" than the usual bullshit fanfare referencing the Matrix.1
Had a meeting with about 5 people, 4 of which showed up, 1 of which did not.
Guess which one was the subject matter expert without whom we spent 55 minutes positing what-if's that could've been easily answered if that individual was there?
Yup. Never rescheduled, and that was the end of that conversation.
Learning from the smart people; in every workplace there are drones and leaders, each have their own selective intelligence. Pick the ones that are the most intelligent to learn from, and you'll be going along happily while learning at breakneck speed from the best.
Just finished moving all my python code documenation from hand-written wikis to API docstrings and set it up to autodeploy to github pages with each commit. Feeling really hopeful about this, although its going to be frustrating going back to other languages that dont have inline docstrings.1
The fact that there's only two characters between "run this job every 10 minutes" and "run this job every hour on the tenth minute" was the fix for the particular problem i just spent 5 hours on :facepalm:8
"I need these permissions that J has"
J has those permissions because he worked on a different team that was granted those, you do not.
"I need it"
"I need it"
Its not within my power to allow you access, you have to talk with R and M.
"Okay well guess what I'm gonna escalate this up thr chain and its gonna come down on you"
*sigh* what do i do when i literally have no authority to give someone something and am clearly doing my jobb right, but someone thinks they can get me... idk... in trouble? Threaten me??? Logic, meet the window6
Loopback 4 really is pulling me out of the expressjs shithole... It really feels like I'm avoiding a lot of tedious work.
"B-b-bbut you have to use typescript and its a slower"
I've preferred typescript ever since angular 2 came out, and the 'slower' comment is invalidated by the fact that, when working on projects that are distributed between multiple devs, are marked by silent errors and serialization issues, and can change datasource types between customers, then the benefits of typescript and loopback's CLI far outweigh any potential slowdowns that may be caused. If you can find me an alternative that does this better, please let me know.1
The best way to get a kid interested in coding is give them legos. If they hate legos, they most likely wont like programming, or anything that requires you to understand how something is designed in order to build a service or product.
Next is just to see what the kid likes and what they're good at.2
Can you guys let me know how microsoft teams is? Is it good, or is it polluted with fluff and garbage?15
So if you recall, my last rant was about last minute, supposed critical-severity, ASAP due date requests being made, and me telling them to fuck off.
So today the boss' boss' boss called down and said a different task needs to be done by end of the month.
So now my current tasks get pushed to next month, and the person who needed their task done ASAP will now more than likely get it by mid june. Amazing.
And if you've been actively following my other rants, this is the same section manager that sends a quirky email out at the end of every night about what she's been fucking with lately.
I WANT OFF MR TOAD'S WILD RIDE
An actual email thread:
G: I need this done
Me: okay. Whats the priority, when's the due date, who are the stakeholders, what's the sensitivity level of the data?
G: Priority is ASAP, due date is ASAP, stakeholders are ALL OF IT, and i want to be able to control the data sensitivity level
Those arent ANSWERS; they're REQUESTS!!!9
About two weeks ago i posted a rant containing an email from the big boss. Today they held a "virtual town hall" where people could ask questions, get answers, and generally just be online. Went fairly well, good info was handed out, and i think people mostly enjoyed themselves (even if it was at the expense of the higher-ups).
Then comes the email. The same person as last time had this quote:
"I’m good at giving advice, so I need to take some of my own. I intend to take it easy this weekend, watch Netflix, do some household chores, play the piano and maybe even read a book! "
Jesus christ. Remember those memes about zuck being a robot because everything he does it looks and feels like it's an alien trying to blend in? That's what this feels like. On a normal workyear i would hear from this person 10 times TOTAL. I have heard from them this amount in the past 2 WEEKS.
Maybe it's the virus, but this is driving me INSANE. If there's any lesson you can learn from this, it would be:
Dont pretend like you care by not knowing or learning anything about the people you work with.
Jesus they even sent out surveys to see what the telework experience is like... THE RESPONSES ARE RECORDED AND PUBLICLY DISPLAYED!!!
Scenario: Enabling yet another python test suite on vscode. No big deal.
I start the test init and discovery. Says it cant find the test files. Okay; usually the issue is there's no __init__.py in the test directory. It's okay we can fix that.
Oh wait it's still not working. Okay well this isnt good... After about an hour of searching, i finally find out that the file that vscode is discovering tests with doesnt exist... In fact the whole testing directory doesnt exist!
Okay so now what do i do... Reinstall? Doesnt work. Reinstall and delete the extension directory? Yes! Victory!
Dont know how i got a half-baked extension download but hey... Could've beem worse.
In order for you to become well-versed at something you cannot study it at a distance.
In addition, most of the time the best way to learn something is to start trying to do stuff. If you wanna learn a language, start trying to program in it. Just go for it.5
Just posted this in another thread, but i think you'll all like it too:
I once had a dev who was allowing his site elements to be embedded everywhere in the world (intentional) and it was vulnerable to clickjacking (not intentional). I told him to restrict frame origin and then implement a whitelist.
My man comes back a month later with this issue of someone in google sites not being able to embed the element. GOOGLE FUCKING SITES!!!!! I didnt even know that shit existed! So natually i go through all the extremely in depth and nuanced explanations first: we start looking at web traffic logs and find out that its not the google site name thats trying to access the element, but one of google's web crawler-type things. Whatever. Whitelist that url. Nothing.
Another weird thing was the way that google sites referenced the iframe was a copy of it stored in a google subsite???? Something like "googleusercontent.com" instead of the actual site we were referencing. Whatever. Whitelisted it. Nothing.
We even looked at other solutions like opening the whitelist completely for a span of time to test to see if we could get it to work without the whitelist, as the dev was convinced that the whitelist was the issue. It STILL didnt work!
Because of this development i got more frustrated because this wasnt tested beforehand, and finally asked the question: do other web template sites have this issue like squarespace or wix?
Nope. Just google sites.
We concluded its not an issue with the whitelist, but merely an issue with either google sites or the way the webapp is designed, but considering it works on LITERALLY ANYTHING ELSE i am unsure that the latter is the answer.2