AboutGraduated uni few years ago, worked in security management, then as a survey technician. Want to get into dev field since I have enjoyed playing around with linux/web dev since I was a kid.
Joined devRant on 11/27/2018
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
its day 4 of updating documentation and consolidating data.
The webclient has broken on average 4 times a day.
The database took 20+ seconds on updating a password entry.
I explained to my boss the real cost of interrupting my attention with these pauses. I figure it's caused my productivity to go from record high last week to being literally losing about 4 hours a day lost, plus extra time in having to go back through and verify things worked.
The technicians and developers who are working on fixing the database system are apparently quitting left right and center; their company acquired it awhile back, so they don't actually have native developers on it. Yet they still are pushing out new integration features rather than fixing anything.
Yesterday, one of the other people on the documentation project lost half a days work due to the angular updating the local cache, but it never reaching the backend. He came back from lunch, reopened his browser, and all his work was gone. (at least thats what we think happened). So we are hard resetting the program every 10 minutes or so just to make sure it is updating the backend.
The good news is that when it is done, we theoretically will be able to use this to cut back onboarding time and update times by about half, and it'll mean our new nano-server deployment project should be able to spin out with standards that can be referenced properly by everyone, not just the guy with the powershell script that he tinkered with for a particular project and never told anyone else what he did.
Oddly enough, i have simultaneously been less busy and more productive since working 66% remotely.
I find myself with more time that feels "wasted" or not busy, but my metrics show that I have more production, better results, and far nicer documentation. A bunch of us also sat down and did a bunch of coursework on really putting together a domain script library for one click onboarding of new servers or new client setups. We spun up a bunch of new virtual environments that literally solved headaches that had existed for years that never got dealt with because of too many other tickets.
Some of our web clients freaked out at us because the business is moving away from doing maintenance of legacy web work (small to midsize businesses). But it didn't matter. Rather than respond with a "make them happy," the response was "well, we will get rid of them as clients. We need to focus our energy on the essential service sectors we support."
Hell, we even got an automated test that has been broken apparently since 2018 to work again.
Granted, the incoming workload has slowed down. But it's still interesting to me to see that despite the slowdown, there isn't any concern; its still paying the bills and we are getting rid of technical debt everywhere. Tbh, this has really been a good reality check.1
Anyone else use ConnectWise? I'm 8hours into my 16hour introduction to it.
I'm honestly unsure if I'm in awe or just terrified, and thats just with Manage. Tomorrow is Automate. Wish me luck.1
Given the Base64 flying around devrant, figured I'd introduce the unknowing to a lovely little tool for dealing with various formats and encodings: CyberChef (online)
I honestly don't remember how I lived without it. Enjoy!4
Phone interview sprung on me in 2 hours from now. It's in devops. Just got called out of the blue.
Wish me luck4
in job application mode; getting really tired of entry level positions wanting 3+ years of experience.
Given that a) no one I have seen with this much experience wants these positions, b) HR says they are getting applicants with this much experience, I can only assume two things:
1: People lie on their resumes.
2: The job market is far more saturated with good applicants than I thought.
Either way, frustrating.4
New Phrack article. Given they release like one a year, figured it warranted posting a link.
Title : Hypervisor Necromancy; Reanimating Kernel Protectors
Author: Aris Thallas
Date: 2020 Feb 14
"In this (rather long) article we will be investigating methods to emulate proprietary hypervisors under QEMU, which will allow researchers to interact with them in a controlled manner and debug them. Specifically, we will be presenting a minimal framework developed to bootstrap Samsung S8+
proprietary hypervisor as a demonstration, providing details and insights on key concepts on ARM low level development and virtualization extensions for interested readers to create their own frameworks and Actually Compile And Boot them ;). Finally, we will be investigating fuzzing implementations under this setup."
Today, I made someones day in 5 minutes by using my phone camera, a picture to pdf converter, and a wireless capable printer to take a sheet of music in a small book, supersize it, and print it so they could read it without squinting.
Sometimes I forget how awesome it is to have this technology on demand, and it takes someone who doesn't have it to realize just how cool it is.3
Cracked my first weak RSA implementation challenge today. Feels pretty awesome.
Involved primes that were very close, which means you can factorize the modulus quickly to get the private key. Normally, you would never use close primes as prime factorization's difficulty relies a certain amount on some distance between the two values.
The reason you can brute force close primes has to do with them being close in value to the square root of the function, meaning that you can search far quicker than if you were to try every combination of primes.2
I had the opportunity to ask some basic security questions of a government system that is rolling out (got invited to a meeting).
So now I am absolutely terrified about any technology that is being rolled out by this particular government agency. Their security model literally ends at "we use HTTPS".
Seriously, how the fuck are these systems not audited before they reach public use? Is this normal??4
Today the struggle was real.
But damn if it isn't days like this where you learn real shit.
Fighting with a debian VM for half the day to make a local development environment. I'm tired, but everything works, the project looks good, and I'm just sorta angry/tired/proud now.
I learned so much, and now want pie. I am going to go eat some pie.3
I bought a computer awhile back off Kijiji (Canada's craigslist) for a really good price. Today, decided I was going to upgrade the ram since I got a sick deal on some corsair vengence 8gb sticks online...
And just before installing it, I realize the fucker decided to use low profile RAM in his build for a reason: he (for some fucking reason) decided to route the airflow for the system by placing the cooling fan directly over the first 2 memory slots.
Guess who's 5 minute memory upgrade just turned into an hour of re-routing all the airflow in the PC and having to redo all the fan wiring.
I shouldn't complain, I mean I got this computer a couple years back for like $400, but still, wtf man...4
Today: FUCK RADARE
5 minutes later: FUCK GHIDRA
2 minutes later: God bless both of these wonderful programs, and I finally think I understand what is going on.
2 minutes later: Fuck this, I hate everything, I'm going back to studying hardware shit.1
Just got an amazing lecture by text from a university mentor of mine on some of the coolest shit to do with cat in linux, and why you can do things like open a shell with cat /bin/sh (or in my case, use it to stall a program and keep open a shell in a simple buffer overflow task).
God bless all you mentors out there who take the time to explain exactly how all this stuff works. It feels so good to have an idea on the mechanisms on "WHY" something works, not just that it does and that you should use it. As someone new, it makes all the difference.5
Today, I found out that the webmaster for the organization I volunteer at is using a security-by-obscurity PHP implemented design for the private data of our members. I've talked with him about it, but for a variety of reasons to do with organization and workload, it won't be changing.
I may have inadvertently gotten my old university's Comp Sci System Services addicted to CTF wargames. oops.
I also just found out that you can prevent a more command from automatically exiting on completion only by limiting the size of the window of your terminal. I lost a good 4 hours of trying literally every ssh command combination I could, when all I had to do was use a small terminal screen. Whoever designed this last challenge should be given an award and then shot.3
Remember kids, passwd is a readable file! You can have a very bad day trying to figure out a user's shell from side-channel attacks and getting nowhere, or you could remember that it LITERALLY SAYS WHAT IT IS PUBLICLY IF YOU DON'T FORGET THAT IT'S THERE.
On the plus side, I learned a ton about what you can do with ssh arguments and debugging logs. Shit's pretty cool.5
Spent over an hour on a shell script that wasn't working properly. I use it, works perfectly. Every time cron executes, does nothing, not even log an error.
It took me that long to realize that the user I was getting the cron to run on didn't have permission to write to my log file... You would think I'd realize this when my error scripts didn't log...
(on that note, the Bandit games at OverTheWire have been awesome refresher on getting back into the swing of linux - highly recommend)
This year has been rough. No programming. 3 great job applications snuffed. Currently unemployed, and all my recent job experience in a field I don't want to continue working in due to not making my 3 career options. (Military and policing sort of thing)
So since I'm off for the holidays, and looking to really get back into computer work, I've come back to devRant. Missed you guys. <3
Now I've got to actually get good at something, and preferably employed in doing it. Any advice or stories are appreciated :D (but my mom said not to listen to strangers on the internet, so...)3
One of the ways I met a girl was helping her program her clubs website. Surprisingly a great way to talk about interests, likes, and dating (making an about page OP)
Today, a few thousand dollars of potential equipment being replaced was prevented by deciding to follow the network cords and finding out that the switchboard had the power cord knocked loose.
Payment was in candy.3
0: Monitors and Graphic's Cards become affordable for us poor graduates
1: Node bloat becomes a thing of the past with WA or has auto-minimize functionality to keep only essential code
2: North American internet companies all go out of business due to free super high speed infrastructure maintained by a trust of communities and elected delegates
not all "dev" related per se, but my current day to day gripes answered7
And fuck whomever decided not to follow programming convention and put that exclamation mark there, may they burn in hell.6
So, I got an iFixIt toolkit with a gift card from xmas. Was excited to tear into my iPhone6 given that it had lasted me a long time, and not that long ago, I had the screen repaired given I didn't know how to at the time and was working stupid long hours. I haven't used the phone in about 6 months now.
I open the device, and immediately 2 screws and a bracket fall out of the device. The inside is filthy, and appears to have corrosion (despite the fact I've never gotten water on it, I was kinda anal with that phone).
Whoever the guy was who "fixed" my screen apparently did so in a way that involved spilling something on my phone, over torquing a screw, breaking a bracket, and the entire thing looks sketch.
All while charging over $100. I can see why he insisted on having an otterbox on the phone now, he fucked up and was worried the one screw pin wouldn't hold the screen on. Motherfucking asshole.1
It is still blowing my mind how a button on my raspberry pi is programmatically functional in the same way as if I was programming a database and web app.
Fucking eh, why haven't I been doing this hardware stuff sooner? You can literally make physical shit happen. That is so cool!4