AboutLinux/FOSS, cyber sec, privacy and programming guy. Hardstyle/rawstyle freak.
Joined devRant on 5/14/2016
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Especially painful being a cybersecurity engineer;
Did something wrong with an if-statement.
Caused authentication to break completely; anyone could login as any user.
Was fixed veeeeeeery quickly 😅 (yes, was already live)9
I think this is both a blessing and a curse for me.
Whenever I'm developing something, I ALWAYS keep coming up with new (good) feature ideas WHILE programming. Now, this isn't as bad because they enrich the software/service mostly but goddamn, it's so fucking annoying when I'm working on a certain function/feature and I change stuff three motherfucking trillion times before finishing it because I keep coming up with fifteen billion new ideas.
In the end it's all worth it but at some moments it gets really fucking annoying.11
Question for people familiar/knowledgeable about hardware keys;
Do you know if the OnlyKey could be considered safe/secure and if not, any idea as for alternatives?
My requirements would be nearly all the features that OnlyKey has, water/shockproof and the system should at least be open source.6
No crazy prep, ever.
I always go in with a 'this is me, these are my skills, that's all you're going to get' mindset.
I of course do some research (about the company, their culture, technologies and stuff like that) but I find it kinda weird to spend a big amount of time on interview prep when there is a chance of rejection. (personal opinion)4
I think I ranted about this before but fuck it.
The love/hate relation I have with security in programming is funny. I am working as a cyber security engineer currently but I do loads of programming as well. Security is the most important factor for me while programming and I'd rather ship an application with less features than with more possibly vulnerable features.
But, sometimes I find it rather annoying when I want to write a new application (a web application where 90 percent of the application is the REST API), writing security checks takes up most of the time.
I'm working on a new (quick/fun) application right now and I've been at this for.... 3 hours I think and the first very simple functionality has finally been built, which took like 10 minutes. The rest of the 3 hours has been securing the application! And yes, I'm using a framework (my own) which has already loads of security features built-in but I need more and more specific security with this API.
Well, let's continue with securing this fucker!10
I suddenly remembered this after being gone from my previous company for nearly a year.
So, I worked there as a tech supporter and Linux engineer.
What would often happen was clients calling with an issue regarding software of some sorts and about half the time, instead of LOOKING AT THE GODDAMN ERROR MESSAGE they'd just click it away fast and complain shit wasn't working.
I specifically remember this one case:
*big client mails complained that one of their clients' email isn't working. Screenshots weren't possible apparently so after emailing back and forth for way too long, we decide to do a screen sharing session (which we never do).*
(for the record, already emailing for hours, client very frustrated, me as well because the behavior of the software sounds impossible)
Me: alright, close everything, then open it again so I can see what happens.
Client: *opens mail client, error appears, client clicks error away faster than an arch user being able to mention they use arch*
Me: uhm.... I assume you already know what that message said and that it has nothing to do with the issue?
Client: it has nothing to do with the issue.
Me: okay... But have you at least looked the message?
Client: no but it has nothing to do with the issue.
Me: but, how'd you know if you won't look at it?
Client: it has nothing to do with the issue, okay?
Me: okay.... so, what's happening here?
Client: the user isn't receiving email anymore at this point!
Me: alright, have you checked the settings and everything?
Client: of course, all good
Me: okay but can we at least restart the software again to at least check the error message?
Client: FINE. *restarts client (pun intended, of course)*
Error message: username or password incorrect, can't connect to the server.
Client:..... Right, I changed the password...
Client: *sets correct password*
*poof, error message gone*
Client:..... Thanks 💀
Me: you're welcome 😄
My current project. Won't reveal anything about it until I've got a usable version (which might take more than a month) but it would be a good way to give a middle finger to a big ass surveillance company.
It won't exactly match with their product since this is impossible for me to do as this would compromise user privacy but it'll come close enough!11
I take a moment for myself and assess the situation from a bird's view.
Then, I objectively look at the current situation and my response/reaction to this and try to change my thinking process/acting to a more rational one.
But, also, my general way of thinking in the cyber security world plus how I'm hardwired to think in a 'paranoid' kind of way makes my current job so fucking perfect for me that i often think about that and the fact that there aren't many people around who have this.1
Was already communicating with a recruiter and made her very clear (a gazillion times) that I don't want a Microsoft related job.
After a few months she calls me telling about this amazing opportunity; a Microsoft related job.
Told her what I told her fifteen quintillion times before and she responded very guilt trippy/offended because she spent so much time on working this out for me.
Fucking retarded and awkward.7
Oh for crying out loud, Github is stopping with the term 'master' due to its 'negative association'.
Can we please not pull everything out of goddamn context and not be a fucking offended special snowflake with ANYTHING that could potentially be thought of in a way that could be associated with slavery?!
If we're gonna do it like this I want to ask people of color not to use white/light themed websites/backgrounds.181
Disclaimer: I can't 'officially' verify this.
I've been using Firefox as main browser with about 5 addons for added privacy for ages now. When googles (fucking) reCaptcha takes more than a few minutes on Firefox (about 90 percent of the time, I'm estimating), I switch to Chromium (with the same amount of (similar) privacy addons) so I can go on with my stuff.
Now, I recently thought 'why not try to do user agent spoofing on Firefox to see if reCaptcha would start working 'normally'?
So, I installed a user agent spoofing addon on Firefox/Chromium, results:
Firefox reCaptcha success rate: 10 percent approx. (mostly 2+ minutes)
Chromium: 90 percent. (mostly instant)
Firefox: 90 percent approx.
Chromium: 10-20 percent approx.
Again, I can't prove any of this yet but mother of fucking god, whenever using Chromium or spoofing Chromium on Firefox the succession rate skyrockets.
Google, what the fuck are you up to?14
I think I have multiple but this guy stands out.
He was a fellow student at my software development study. Used primarily FOSS systems/software, not because he cared about ethics as much but because that way he could tinker with the software as much as he wanted.
He was always searching for new things to tweak, write, explore and so on. And he shared as much as he could with fellow students.
A few examples of what he did:
- wanted to change something about how Linux worked at its core (he mainly used debian based systems) so he learned how to write kernel modules and wrote his solution.
- wanted to be able to monitor his gas/power usage so he hacked an arduino thing into the power/gas meter and got it to send updates to a messenger at command.
- setup and automated mini data center because fuck it, fun to do.
His thinking was always very creative and to this day I still appreciate what he taught me on that!4
Terrible Dutch (!dev) tech pun I just came up with: (posted it earlier under the rant section but removed it due to that)
Wat moet een AMD CPU doen als'ie op vakantie gaat?
So, Facebook is acquiring Giphy. The amount of metadata they're about to get is fucking insane.
And since I refuse to personally use anything Facebook related... I won't be able to use the GIF integration of any messenger and many more products/services anymore, I guess...
Just fucking great. Fucking die, Facebook.42
That moment that you finally decide to buy some bitcoin, purchase it, want to transfer.... aaaaaaand some random error shows up on your web wallet.
Hahahaha, good one.
About 20 side projects by now and quite some projects requiring more frontend skills than I have!2
Not sure if you'd call this an insecurity but regardless; frontend.
Much of the stuff I develop is meant to be user/privacy friendly.
Like, at the moment I'm developing an end-to-end encrypted notes web application. The backend is a fucking breeze, the frontend is hell for me. I'm managing mostly but for example, I need to implement a specific thing/feature right now and while the backend would take me about 15-30 minutes, I've been only just thinking about how I'm going to do this frontend wise for the past few fucking hours.
And before people tell me to just learn it; I. Fucking. Hate. Frontend. Development. My motivation for this is below zero.
But, most of the shit I write depends on frontend regardless!3
You can't even make this shit up.
The British NCSC is stopping with the terms "blacklist" and "whitelist" because it would be racist...
Fucking oversensitive cocksuckers.35
NetBeans by far. Small footprint, open source, not owned/managed by mass surveillance company/party and pretty much everything else I expect from a good IDE.
With the Darcula theme of course!12
"Install through npm"
"Install through gulp"
"Install through compiling"
"Install through x"
"Install through y"
WHY CAN'T I JUST SIMPLY INCLUDE THE MOTHERFUCKING THING IN THE HTML LIKE A FUCKING NORMAL PERSON?!
ALL I WANT IS TO INCLUDE A GODDAMN UI FRAMEWORK.
When I just started web development, this stuff was so fucking easy! Why did it become so motherfucking complicated to include simple shit like this?!
All I want is to start programing this motherfucker, not spend 3 hours on compiling CSS and whatnot (because I'd have to learn this bullshit first).
Mother of god, why did this become so fucking obnoxious?
I. JUST. WANT. TO. INCLUDE. TWO. FUCKING. FILES.77
This weekend I'm going to attempt to write an application that I'm missing right now. (It might exist already but hey, I'm in for a programming challenge)
I'll probably have a stable backend within the hour, the frontend is going to be 'fun', though 😅
And yes, I'll be using a frontend framework because otherwise I could just as well quit right fucking now.
Its been a while, this is going to be fun!20
That moment that you need something but your skillset isn't good enough to make it and your time is too limited to learn it.
I fucking hate those moments.27
Thanks to @C0D4 I rediscovered Folding@Home!
I've been running this on a very powerful server at home at full-speed for a few days now (quite some cores being used to the max right now, it's like I have a vacuum cleaner running full-time in my place 😄)
Then, last night it hit me that I have quite a few servers running close to idle (rented ones).....
I'm now running a total of 4 servers at full capacity with Folding@Home.
I don't think I could give the best advice on this since I don't follow all the best practices (lack of knowledge, mostly) but fuck it;
- learn how to use search engines. And no, not specifically Google because I don't want to drag kids into the use of mass surveillance networks and I neither want to promote them (even if they already use it).
- try not to give up too easily. This is one I'm still profiting from (I'm a stubborn motherfucker)
- start with open source technologies. Not just "because open source" but because open source, in general, gives one the ability to hack around and explore and learn more!
- Try to program securely and with privacy in mind (the less data you save, the less can be abused, compromised, leaked, etc)
- don't be afraid to ask questions
Why me. Why is it always me who has issues with Windows. (The OS)
I HAVE to use windows for a specific thing right now. Fair enough, I have an old system lying around somewhere with not the best specs ever but it'll do. Windows 7, clean install.
Firstly, let's boot up! Booting goes fine, login goes well... "Installing device drivers" (keyboard and mouse combi). I connected this set a gazillion times before so no clue why windows would need to download the drivers YER AGAIN. But, fine, it works.
Let's connect a USB webcam and to to the hardware testing website to see if my setup is right!
(I mostly don't blame this part on windows)
The webcam drivers install successfully, good. Although the page says it isn't working, it displays the live cam footage well so whatever.
Installed Chrome (not chromium too badly) to see if it shows fine there but chrome doesn't detect ANY cam/mic combination at all, not even the integrated one(s).
Annoying so let's reboot and see if it works normally with all checks okay on Firefox.
Rebooted.... aaaaand the USB webcam driver installation fails. I'm weirded out since the drivers were installed BEFORE the reboot already. Firefox now does not display any can/mic.... until it does after a few reloads. Windows is still saying that the driver installation failed.
The testing webpage, however, still says its not working while I'm literally seeing my ugly smug on screen. I contact support which does a remote check and says all is good but there was probably "a glitch with Windows" while the checks are still mostly red, I take a copy of the chat log just to be sure.
Now, I kinda want to shut this system down until the time I'll need it but I'm rather afraid that Windows is going to throw driver conundrums yet again and I simply *CANNOT* have this right now. So, I'm leaving this system on until I need it, and I'll pray windows plays along well.28
Welp. Slightly changed career path and I'm busy as hell now so I've been away for a little.
Hi again, I guess! Did I miss anything?9
Nearly, nearly ready to deploy self-hosted maps, fucking awesome!
Aaaand now comes the goddamn styling since these will be vector tiles..
I fucking hate designing/styling and I fucking suck at it too. 10 attempts which all pretty much look like shit.
Frontender, social media manager and windows (server) admin!
Frontender; being paid to do something I couldn't care less about and find very frustrating (as for developing it)
Social media manager; being paid to use mass surveillance engines 😷
Windows (server) admin; I don't think I have to explain this one...7
A little late but whatever.
About half a year ago, I started working on setting up self hosted (slippy) maps. For one, because of privacy reasons, for two, because it'd be in my own control and I could, with enough knowledge, be entirely in control of how this would work.
While the process has been going on for hours every day for about half a year (with regular exceptions), I'll briefly lay out what I've accomplished.
I started with the OpenMapTiles project and tried to implement it myself. This went well but there were two major pitfalls:
1. It worked postgres database based. This is fine but when you want to have the entire world.... the queries took insanely long (minutes, at lower zoom levels) and quite intimate postgres/tooling knowledge was required, which I don't have.
2. Due to the long queries and such, the performance was so bad that the maps could take minutes to render and when you'd want that in production... yeah, no.
After quite some time I finally let that idea sail and started looking into the MBTiles solution; generating sqlite databases of geojson features. Very fast data serving but the rendering can take quite some time.
After some more months, I finally got the hang of it to the point that I automated 50-70 percent of the entire process. The one problem? It takes a shitload of resources and time to generate a worldwide mbtiles database.
After infinite numbers of trial and error, I figured out that one can devide a 'render' (mbtiles aka sqlite database) into multiple layers (one for building data, one for water, one for roads and so on), so I started doing renders that way.
Result? Styling became way more easy and logical and one could pick specific data to display; only want to display the roads? Its way more simple this way. (Not impossible otherwise but figuring out how that works... Good luck).
Started rendering all the countries, continents and such this way and while this seemed like a great idea; the entire world is at 3-4 percent after about a month. And while 40-70 percent generates 10 times as fast, that's still way too slow.
Then, I figured out that you can fetch data per individual layer/source. Thus, I could render every layer separately which is way faster.
Tried that with a few very tiny datasets and bam, it works. (And still very fast).
So, now, I'm generating all layers per continent. I want to do it world based but figured out that that's just not manageable with my resources/budget.
Next to that, I'm working on an API which will have exactly the features I want/need!14