AboutLinux/FOSS, cyber sec, privacy and programming guy. Hardstyle/rawstyle freak.
Joined devRant on 5/14/2016
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Hello devrant, I have a question:
What can you tell me about cybersecurity? is it worthwhile? I mean, could I get a nice job with it? Where should I begin to start learning about it?10
Should I care about privacy anymore ?
I had to switch to windows from Ubuntu in my laptop because of driver related issues.
Everytime I use Windows , I feel uneasy because of the data it collects but at the same time I am happy that I can play a couple of video games , my battery life is better and my display is better.
I own an Android phone , and no matter how many add ons I use , or VPN , I know that Google gets sufficient amount of data to know a lot about me.
It's getting harder and harder to keep my data private and it's becoming inconvenient as well.
In my country almost everyone I talk to uses Whatsapp. I removed my Whatsapp account for a few days and I barely talked to anyone and it was not a good feeling.
My point is , is fighting for privacy worth it ? How much inconvenience are we ready to accept ? Can I do anything to keep my data private and still use convenient services ? Please enlighten me .21
Title: Google can track your porn history, even in incognito mode
Body(tl;dr version): Pornsites use Google Analytics
You little idiotic motherfucking tech savvy wannabe, most of the websites use some form of user tracking services.
Hell, even the blog/news website you work for probably does.22
Just my shaved pussy in the middle of the work weekend.
(At this point I really hope I'm attaching the right image)31
Devs: We need access to PROD DB in order to provide support you're asking us for.
Mgmt: No, we cannot trust you with PROD DB accesses. That DB contains live data and is too sensitive for you to fuck things up
Mgmt: We'll only grant PROD DB access to DBAs and app support guys
Mgmt: <hire newbies to app support>
App_supp: `update USER set invoice_directory = 54376; commit;`
I have nothing left to say....7
Your most paranoic internet experience?
Several years ago, I was going to watch my first porn movie, and I was so afraid of the porn page publishing on my facebook "Elizadeath liked Xporn.net" or something like that (I had family on my facebook friends) so I:
1.- Used an old tablet (even its screen was crashed)
2.- Removed all email accounts (it has Android)
3.- Uninstalled all the social media apps, including youtube
4.- Put a piece of tape on the frontal camera
5.- Bought new headphones
6.- Navigated at the Android's default browser instead of Chrome, and in "secret" mode
7.- Deleted the cache and history after watching the movie XD
What's your experience?23
Story about an obscure bug: https://twitter.com/mmalex/status/...
"We had a ‘fun’ one on LittleBigPlanet 1: 2 weeks to gold, a Japanese QA tester started reliably crashing the game by leaving it on over night. We could not repro. Like you, days of confirmation of identical environment, os, hardware, etc; each attempt took over 24h, plus time differences, and still no repro.
"Eventually we realised they had an eye toy plugged in, and set to record audio (that took 2 days of iterating) still no joy.
"Finally we noticed the crash was always around 4am. Why? What happened only in Japan at 4am? We begged to find out.
"Eventually the answer came: cleaners arrived. They were more thorough than our cleaners! One hour of vacuuming near the eye toy- white noise- caused the in game chat audio compression to leak a few bytes of memory (only with white noise). Long enough? Crash.
"Our final repro: radios tuned to noise, turned up, and we could reliably crash the game. Fix took 5 minutes after that. Oh, gamedev...."5
What is your story of your first encounter with a Linux Distro?
Here's mine (Slight long version) –
Back in my 8th grade I used to buy Tech magazines that used to have DVDs filled with random updated contents like Audio/Video tools, Wallpapers and other stuff. There used to be this "Linux Distro of the Month" section that I used to ignore because I didn't know what it is.
But one issue of the magazine had a review of this "amazing new" Ubuntu 10.10. I read it and at first I thought it's some kind of theme for Windows (I know). But then I tried it out on my HP Compaq nx6120 which had a pure BIOS. No UEFI shit. Ubuntu came with it's wubi installer and it installed Ubuntu smoothly like a normal software. Later I discovered that it is a completely different operating system that doesn't run anything from my Windows. I was upset about it and I booted back to Windows.
But I never removed it. I felt like exploring what it was and why people use it.
It's almost 9 years later and I'm so glad with what had happened back then.11
I'd really fucking love if somebody developed a browser plugin which puts a red fucking glowing banner over every website which sends data to PRISM.
Users deserve to know what cunty sell-out crapsites they visit.10
!rant but story
My quick and semi-ugly solution to save amazing rants and comments forever and more organized.
What it is and it will be:
- archive of rants and comments from devrant that I found very good
- the original ranters will be informed when their rants are archived
- the original ranters and/or the management team of devRant has the right to request the archive content's total deletion
- every single thing on there will be accessible by anyone anytime anywhere (as log as server is healthy)
What it may become:
- anyone can register and save their archive
- dev content archive from other sources
- dev articles blog
What it will never have/be:
- any form of payment
- tracking (I don't even wanna know how many users are viewing)
- non dev related content
I'm willing to create user accounts for anyone interested in very near future. So please buzz me here if you want one.
So far it's a website of Laravel + Voyager + bulma with very minimal custom codes (I had to write below 100 lines of code in total). It is on Vultr server.
I'm gonna maintain and update as much as I can on my spare time. Hence I don't consider this as a collab. However, the code is on gitlab private repo. I'll make the repo public soon as well. Any contribution is gladly welcome. 😄11
Just found this today in the Terms for a VPN provider...
ARE YOU FUCKING JOKING?!? GO BOIL WHAT SMALL MAN JUNK YOU HAVE AND EAT IT.2
Meeting with asshole partner company CEO at restaurant.
Me: "I'm a bit worried about the bugs in your API. There are some ways to retrieve privacy sensitive info from public endpoints"
CEO: "Well, we're a rapidly growing startup!"
Me: "Uh... so?"
CEO: "So... Move Fast and Break Things! Priority is to improve our API further, and we'll fix bugs as they show up"
Me: "Maybe you should stop trying to emulate Zuckerberg in your management style. You know that even Facebook themselves admitted that their slogan was a retarded mistake"
Waiter shows up at table. CEO orders some overly expensive fish salad.
CEO: "Well, they have done something right... they're worth billions"
Waiter asks me: "And you sir, have you made your choice?"
Me: "Do you serve popcorn?"
CEO: "Popcorn for lunch?"
Me: "No, for your congressional hearing"16
For the privacy freaks of devRant, have a host file that blocks all Facebook owned domains:
Blocklist Facebook domains (2016) - https://github.com/jmdugan/...
(not mine, found on HN)7
As a long-time iPhone user, I am really sorry to say it but I think Apple has completed their transition to being a company that is incompetent when it comes to software development and software development processes.
I’ve grown tired of hearing some developers tell me about Apple’s scale and how software development is hard and how bugs should be expected. All of those are true, but like most rules of law, incompetence and gross negligence trumps all of that.
I’m writing this because of the telugu “bug”/massive, massive security issue in iOS 11.2.5. I personally think it’s one of the worst security issues in the history of modern devices/software in terms of its ease of exploitation, vast reach, and devastating impact if used strategically. But, as a software developer, I would have been able to see past all of that, but Apple has shown their true incompetence on this issue and this isn’t about a bug.
It’s about a company that has a catastrophic bug in their desktop and mobile platforms and haven’t been able to, or cared to, patch it in the 3 or so days it’s been known about. It’s about a company, who as of a view days ago, hasn’t followed the basic software development process of removing an update (11.2.5) that was found to be flawed and broken. Bugs happen, but that kind of incompetence is cultural and isn’t a mistake and it certainly isn’t something that people should try to justify.
This has also shown Apple’s gross incompetence in terms of software QA. This isn’t the first time a non-standard character has crashed iOS. Why would a competent software company implement a step in their QA, after the previous incident(s), to specifically test for issues like this? While Android has its issues too and I know some here don’t like Google, no one can deny that Google at least has a solid and far superior QA process compared to Apple.
Why am I writing this? Because I’m fed up. Apple has completely lost its way. devRant was inaccessible to iOS users a couple of times because of this bug and I know many, many other apps and websites that feature user-generated content experienced the same thing. It’s catastrophic. Many times we get sidetracked and really into security issues, like meltdown/spectre that are exponentially harder to take advantage of than this one. This issue can be exploited by a 3 year old. I bet no one can produce a case where a security issue was this exploitable yet this ignored on a whole.
Alas, here we are, days later, and the incompetent leadership at Apple has still not patched one of the worst security bugs the world has ever seen.82
"You gave us bad code! We ran it and now production is DOWN! Join this bridgeline now and help us fix this!"
So, as the author of the code in question, I join the bridge... And what happens next, I will simply never forget.
First, a little backstory... Another team within our company needed some vendor client software installed and maintained across the enterprise. Multiple OSes (Linux, AIX, Solaris, HPUX, etc.), so packaging and consistent update methods were a a challenge. I wrote an entire set of utilities to install, update and generally maintain the software; intending all the time that this other team would eventually own the process and code. With this in mind, I wrote extensive documentation, and conducted a formal turnover / training season with the other team.
So, fast forward to when the other team now owns my code, has been trained on how to use it, including (perhaps most importantly) how to send out updates when the vendor released upgrades to the agent software.
Now, this other team had the responsibility of releasing their first update since I gave them the process. Very simple upgrade process, already fully automated. What could have gone so horribly wrong? Did something the vendor supplied break their client?
I asked for the log files from the upgrade process. They sent them, and they looked... wrong. Very, very wrong.
Did you run the code I gave you to do this update?
"Yes, your code is broken - fix it! Production is down! Rabble, rabble, rabble!"
So, I go into our code management tool and review the _actual_ script they ran. Sure enough, it is my code... But something is very wrong.
More than 2/3rds of my code... has been commented out. The code is "there"... but has been commented out so it is not being executed. WT-actual-F?!
I question this on the bridge line. Silence. I insist someone explain what is going on. Is this a joke? Is this some kind of work version of candid camera?
Finally someone breaks the silence and explains.
And this, my friends, is the part I will never forget.
"We wanted to look through your code before we ran the update. When we looked at it, there was some stuff we didn't understand, so we commented that stuff out."
You... you didn't... understand... my some of the code... so you... you didn't ask me about it... you didn't try to actually figure out what it did... you... commented it OUT?!
"Right, we figured it was better to only run the parts we understood... But now we ran it and everything is broken and you need to fix your code."
I cannot repeat the things I said next, even here on devRant. Let's just say that call did not go well.
So, lesson learned? If you don't know what some code does? Just comment that shit out. Then blame the original author when it doesn't work.
You just cannot make this kind of stuff up.106
WhatsApp, freaking WhatsApp.
How did this thing become such a standard. How? Why does everyone EXPECT you to have it. They assume that you have it installed on your phone.
'Why don't you respond to my messages? '
'Which messages? '
'The ones I sent you'
'I didn't get any messages. Wait, how did you send them to me? '
'Ah, yeah I don't use that. Wait, where did you even get my phone number from? '
'What? You don't have WhatsApp? Freaking weirdo. '
How did an app(lication) become such a standard and why does everyone automatically assume that you have it? And whenever I explain them why I don't use it (Facebook = bad), they just react with 'install it again' (most ridiculous answer) or 'what is wrong with you' or they just give me a confused look and walk away.
A lot of them also act like there were no alternatives (some even better than whatsapp). One of them and probably also the best one is signal. It has all the necessary features a messaging app needs and is also very secure.
Luckily a few of my friends have installed signal and I am currently trying my best at my parents. They have threatened to 'take my phone away if I don't install WhatsApp again' or 'if you don't use WhatsApp then you also don't need a phone'.
Fuck whatsapp, fuck facebook, fuck ignorance24
After struggling for weeks with SSL settings I finally asked @linuxxx for help.
Guess what, he made it work in about 5 minutes!4
Huge congrats to @linuxxx for being the first ever member of the devRant community to reach 100,000++
This is an awesome accomplishment and @linuxxx earned all of his ++ with awesome stories and has represented everything the devRant community is about while getting there.
So once again, congrats @linuxxx, and thanks for everything you have contributed to devRant!52
So...Today I found an SQLI (sql injection , google if you're not aware) in one of our products , I start exploring it , I get my trusty Kali on me workstation . sqlmap etc. Tell my manager it's a true positive... I start exploring the db , half the devs at my manager's place start staring at his screen as I proper fuck a QA db server... I hear a qa guy mention triangulation as sqlmap dumps a uid table in his face . I hear my manager's manager saying 'this has been in our app for so long and we found it just now ? Who found it ?' *manager proudly saying me name* 'He's still working this late ?' ...apparently now my trip to england is getting covered for both me and me gf by the company...18
It’s been a mother fucking Monday... Couldn’t sleep last night and by the time I did fall asleep it was already 4 A.M.
Then this morning, my fucking car locked me out. When I bought the car, it didn’t come with a spare key or a manual key. I finally was able to unlock the fucking thing and boom, won’t start because “they key isn’t in the vehicle.” Replaced the battery and still the same shit... FUCK!!!!
Walked to work in -12 degree windy ass weather.
Lost my cash somewhere between here and there. Haven’t ate lunch..
An hour late to work.
Get to work, boom server down for our Xray images and we’ve got two patients needing CT scans before we fly them out.... Get another back up computer going and low and behold 168 fucking windows updates!
Fuck today, I’m so far done with this bullshit.... oh and it’s starting to fucking snow.
Spelling and punctuation, I don’t give a rats ass if it’s not correct at this point. If someone would like to come and knock me out, that’d be great.8
Just want to drop you this nice video about surveillance and terrorism, since it's well made and we need a lot convincing content and arguments to make our point.
Today I uninstalled WhatsApp, I mean I haven't had a look at it in over a month and nobody texts me anways.
Writing this makes me realize how sad this is
I don't want to support Facebook or any data mining company, instead I want to support (free) / open source software like Signal34
Me annoying our dev:
Me: “Is your npm watch running?”
Me: “You better go catch it then... 🤣”
I think we gatta let him go :(5
Was getting absolutely crazy about not getting access to phpmyadmin on my server. Tryed 10things. Broke server twice. Asked @linuxxx and he just told me the solution like the cool guy in school jumping on his drink to make the package pop.
So I just wrote a Ruby script to encrypt some files in AES.
I started it, it's designed to show the key when it's finished. It encrypted 7 files, then Kaspersky pops up and deletes my entire Ruby installation.