Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "being hacked"
-
I realized hacking was about being smart when at 14 i hacked into someones computer by guessing his password on the 2nd try.
The dude loved computers more than me and watched matrix all the time.
So i typed “neo”9 -
SSH'd into all the computers in college's lab and edited the bashrc to display "YOU ARE BEING WATCHED / YOU'VE BEEN HACKED" etc.
Everyone freaked out instantly.
Then edited my own bashrc file too so that no one realizes it's me.
I was surprised at how easy it was.8 -
This is super childish but it's the gameserver insidstry and karma is a bitch.
TLDR: I hacked my boss
I was working for a gameserver and I did development for about 3 months and was promised pay after the network was released. I followed through with a bunch of dev friends and the guy ended up selling our work. He didn't know that I was aware of this as he tried to tell people to not tell us but one honest person came forward and said he sold our work for about 8x the price of what he owed ALL OF US collectively.
I proceeded to change the server password and when he asked why he couldn't log in I sent him an executable (a crypted remote access tool) and told him it was an "encryption tunnel" that makes ssh and file transfers secure. Being the idiot that he is he opened it and I snagged all of his passwords including his email and I changed them through a proxy on his machine to ensure I wouldn't get two factored with Google. After I was done I deleted system 32 :337 -
This happened when I was on third semester of the career at university. I had my first boyfriend, the "Python" guy. He has that nickname because he used Python as his main programming language and nobody on the classroom used it.
In a few words, he was a... horrible human being. He talked down to me almost all the time, saying to me that my country was sh*t (he is from United States, and for a reason he never wanted to told me, he cannot go back to his country), that my university was sh*t and he said "you're will be lucky if you rot programming in a chair".
As you might wondering, yes, unfortunately it was a toxic relationship. Once he said he wanted to kill the teacher because he though that he hacked his laptop D:
He claimed that he was going to teach me python and security stuff, bla bla bla, but nothing. I learned python by my own.
I almost lost my faith in dev future because I though that the only ones that could have a real future in programming where people without ethics and only if they have a friend or a relative on a company.
The saddest part was that I dated him because I love smart boys, but he was just an idiot that, furthermore, wanted to change me (he pressured me to have tattoos, dye my hair and have sex, things that, of course, I didn't do).
I found courage to break up with him. I waited until the semester ends (in order not to lose my programming final projects) and, the day after the last day of class, I broke up with him.
I recovered my faith on programming when, next semester, one of the teachers invited me to give a python programming workshop :D and I gave two python workshops, and two of mobile development.
Now I'm working as a junior .NET developer. Thank God I broke up with him before the relationship became even worse. "Python" wanted to marry me after a year! O_O11 -
I hate ZenHub. For those who haven't heard of it, it's an agile project management solution that is hacked (and by hacked I mean really hacked) on top of Github.
It's touted as being convenient because you can have all your issues in Github and then look at them in epics and board format. Sounds awesome. Except it's not. For everything "convenient" it does, it severely lacks the most basic ticket management features that make any ticket management solution usable. Ex., you can't copy tickets. That's right - if you're creating 20 similar tickets, which I've needed to do in the past, you must create each one individually. New ticket -> add labels -> add assignee -> add title -> add description and then submit. 20 times.
ZenHub is so bad and so poorly conceived that many of those who use it have lost sight of project management reality and are blind to the 300 other PM products out there that are better.
True story: a couple of weeks ago people were celebrating because ZenHub added functionality to allow you to define what epic an issue belonged in while you were creating it. For those who aren't familiar with what that means, let me explain: before two weeks ago, when creating an issue in ZenHub, to fill out this "epic" field, you needed to first create the issue and then edit it to fill in the epic.
Let me break that down in devRant terms: it's the equivalent of not being able to add tags to a rant until you create it and then go back and edit it. Complete lunacy is the only way to describe it. And when they added the functionality two weeks ago allowing you to do it all in one step, people praised them!!!
Yeah, ZenHub sucks.11 -
An intern I was supposed to lead (as an intern) and work with. Which sounded kinda crazy to me, but also fun so I rolled with it. But when I met her I quickly found out she didn't even have a coding editor installed and when I advised one she was "scared of virusses". She had Microsoft Edge in her toolbar, and some picture of a cat as a background. We were given some project by our boss, and a freelance programmer helped us set it up on Trello. Great, lets start! Oke maybe first some R&D, she had to reaeach how to use the Twilio API. After catching her on WhatsApp a few times I realised this wasnt gonna go anywere. After a few weeks of coding and posting a initial project to git I asked her if she could show me the code of the API she made so far..
She told me she was using the quickstart guide (the last 3 FUCKING weeks) which contained some test project with specific use cases.
The one that I did 3 weeks ago that same fucking morning.
AND SHE WAS STILL NOT DONE...
A few days later I asked her about the progress (strangly, I wasn't allowed ti give her another task bcs the freelanc already did) and guess what... She got fking pissed at me
Her: "I will come to you when im done, ok?"
Me: "I just want to see how it is going so far and if you are running into any problems!"
Her: "I dont want to show you right now"
She then goes to my fucking boss to tell him I am bothering her.
And omg... Please dear god please kill me now...
Instead of him saying the she probably didn't do shit. He says to me that the girl thinks im looking down on her and she needs a stress free environment to work in. She will show me when its done. ITS A FUCKING QUICKSTART GUIDE YOU DUMB BITCH.
He then procceeded to whine to me about the email template (another project I do at the same time) which didn't look perfect in all of his clients.
Dont they understand that I am not a frontend developer? Can you stop please? I know nothing about email templates, I told you this!!!
Really... the whole fucking internship the only thing the girl did was ask people if they want more tea. Then she starts cleaning the windows, talk to people for an hour, or clean everyone's dask.
all this while I already made 50% of the fucking product and she just finished the quickstart tutorial 😭. Truly 2 months wasted, and the worse thing is I didn't get any apprication. They constantly blamed me and whined at me. Sometimes for being 3 minutes late, the other for smoking too much, or because I drink to much coffee, or that I dont eat healthy. They even forced me to play Ping Pong. While im just trying to do my job. One of the worst things they got mad at me for if when my laptop got hacked bcs it was infected with some virus. He had remote access and bought 5 iPhones 6's with my paypal while I was on break. I had to go home and quickly reset all my passwords and make sure the iPhones wouldnt get delivered. strange this was, this laptop I only used at the company. So it must have been software I had to download there. Probably phpstorm (torrent). Bcs nobody would give me a license. And the freelancer said I * have to *.
the monday after I still had to reinstall windows so I called them and said I would be late. when I came they were so disrepectfull and didn't understand anything. It went a little like this:
Boss: why u late?
Me: had to reinstall my laptop, sorry.
Boss: why didnt you do this in your own time?
Me: well, I didn't have any time.
Boss: cant you do this in the weekend or something? Because now we have to pay you several hours bcs you downloaded something at home.
Me: I am only using this laptop for work so thats not possible.
Boss: how can that even be possible? You are not doing anything at home with your laptop? Is that why you never do anything at home?
Me: uhm, I have desktop computer you know. Its much faster. And I also need to rest sometimes. Areeb (freelancer) told me to torrent the software. He gave me the link. 2 days later this happends
Boss: Ahh okeee I see.. Well dont let it happen again.
After that nobody at the compamy trusted me with anything computer related. Yes it was my own fault I downloaded a virus but it can happen to anyone. After that I never used Windows again btw, also no more auto login apps.8 -
Let me preface this by saying I'm not a designer.
While I can make individual bits of a site look good, and I'm actually pretty skilled with CSS/Sass, overall design completely escapes me. I can't come up with good designs, nor do I really understand *why* good designs are good. It's just not something I can do, which feels really weird to say. but it's true.
So, when I made the Surfboard site (that's the project's internal name), I hacked everything together and focused on the functionality, and later did a branding and responsive pass. I managed to make the site look quite nice, and made it scale well across sizes/devices despite being completely new to responsiveness. (I'm proud, okay? deal.)
After lots of me asking (in response to people loudly complaining that the UI doesn't have X feature, scale properly on Y device, and doesn't look as good as Z site), the company finally reached out to its UI contractor who does their design work. After a week or two, he sent a few mockups.
The mockups consisted of my existing design with a darker background, much better buttons, several different header bars (a different color) with different logo/text placements, and several restyled steppers. He also removed a couple of drop shadows and made some very minor styling changes (bold text, some copy edits). Oh, he also changed the branding colors. Nothing else changed. It's basically the same exact site but a few things look a little better. and the branding is different.
My intermediary with the designer asked for "any feedback before finalizing the designs" -- which I thought odd because he sent mocks for two out of the ten pages (nine plus a 404 page). (Nevermind most of the mocks showed controls from the wrong page...).
So, I typed up a full page of feedback. Much of it was asking for specifics such as responsive sizing on the new header layout, how the new button layout would work for different button counts, asking for the multitude of missing pages/components, asking why the new colors don't match the rest of our branding, etc. I also added a personal nitpick about flat-looking controls because I fucking hate them. Everything I wrote was very friendly and professional.
... His response was full of gems. Let me share a few.
1. "Everything about the current onboarding site looks like a complete after-thought." (After submitting a design basically identical to mine! gg!)
2. "Yes [the colors match our current branding]." (No. They don't. I checked. The dark grey is different, the medium grey is different, the silver is different, the light blue is different. He even changed the goddamn color of the goddamn LOGO for fuck's sake! How the fuck is that "matching"?!)
3. "Appreciate the feedback [re: overlapping colored boxes, aka 'flat'], design is certainly subjective. However, this is the direction we are going." (yet it differs from the rest of our already-redesigned sites you're basing this off. and it's ugly as shit. gg again :/)
4. "Just looked at the 404 page. It looks pretty bad, and reflects very poorly on the [brand name] brand. Definitely will make a change here!" (Hey! I love that thing. It's a tilted, dotted outline of a missing [brand product] entirely drawn with CSS. It has a light gray "???" underlay and some 404 text inside. Everyone I showed it to, coworkers and otherwise, loved it. "Looks pretty bad". fuck you.)
I know I shouldn't judge someone so quickly, but what the fuck. This guy reminds me of one of those pompous artists/actors who's better than everyone and who can never be wrong, even while they're contradicting themselves.
just.
asfjasfk;ajsg;klsadfhas;kldfjsdl.undefined surfboard another rant about the same project long rant pompous designer apples and asteroids design8 -
> 3 hour long mandatory online cybersecurity training
> Preaches that the company is very secure and the only risk of being “hacked” is if employees post company data on social media
> oksure.tar.gz
> Bored out of my mine
> Open dev console
> JSON continually getting sent to backend
> Simple structure and human readable fields including {complete: false}
> Open postman
> {complete: true}
> Send
> 200 response
> Refresh page
> Course complete
> :’ )
Muppets.4 -
Nearing the end of my internship I got to sit in with a few interviews for new interns. We asked them in advance to take some of their code with them if possible.
So this guy walks in a suit and with briefcase puts his briefcase on the table and takes out a few laminated A4 printouts. That was his code. He didn't want to take a USB or laptop because he might be hacked by the company.
The whole interview only took 4 minutes from the moment he walked in.7 -
Just got a brand new car coming from a 1999 Honda CRV and holy shit the tech in these things is insane.. basically drives itself on HWY's, can start it from an app, does all sorts of weird stuff.. obviously it comes with risks of being hacked and all that but damn new cars are wicked these days.7
-
There was a time I made an update on one of our client's e-commerce website sign-up page. The update caused a bug that allowed new users to create an account without actually creating an account.
The code block meant to save user credentials (i.e email address and password) to the database was commented out for some reasons I still can't remember to this day. After registration new users had their session created just as normal but in reality they have no recorded account on the platform. This shit went on like this for a whole week affecting over 350 new customers before the devil sent me a DM.
I got a call from my boss on that weekend that some users who had made purchases recently can't access their account from a different device and cannot also update their password. Nobody likes duty calls on a weekend, I grudgingly and sluggishly opened up my PC to create a quick fix but when I saw what the problem was I shut down my PC immediately, I ran into the shower like I was being chased by a ghost, I kept screaming "what tha fuck! what tha fuck!!" cus I knew hell was about to break loose.
At that moment everything seemed off as if I could feel everything, I felt the water dripping down my spine, I could hear the tiniest of sound. I thought about the 350 new customers the client just lost, I imagined the raving anger on the face of my boss, I thought about how dumb my colleagues would think I was for such a stupid long running bug.
I wondered through all possible solutions that could save me from this embarrassment.
-- "If this shitty client would have just allowed us verify users email before usage things wouldn't have gotten to this extent"
-- "Should I call the customers to get their email address using their provided telephone?... No they'd think I'm a scammer"
-- "Should I tell my boss the database was hacked? Pffft hack my a**",
-- "Should I create a page for the affected users to re-verify their email address and password? No, some sessions may have expired"
-- "Or maybe this the best time to quit this f*ckn job!"
... Different thoughts from all four corners of the bathroom made it a really long bath. Finally, I decided it was best I told my boss what had happened. So I fixed the code, called my boss the next day and explained the situation on ground to him and yes he was furious. "What a silly mistake..!" he raged and raged. See me in my office by Monday.
That night felt longer than usual, I couldn't sleep properly. I felt pity for the client and I blamed it all on myself... yeah the "silly mistake", I could have been more careful.
Monday came boss wasn't at the office, Tuesday, Wednesday, Thursday, Friday not available. Next week he was around and when we both met the discussion was about a different project. I tried briefing him about last week incident, he seems not to recall and demands we focus on the current project.
However, over three hundred and fifty customers swept under the carpet courtesy of me. I still felt the guilt of that f*ck up till this day.1 -
So this story is from my University days. I was in the 6th semester back then, studying CS.
My University website was pretty shitty. Basically it was one of those old ass website that said "Best viewed in IE8". Anyway, I was snooping about the website, trying to find some news regarding an event.
I logged into my account, and randomly browsed into the leave request portal. This was a basic HTML form where students could apply for leaves from the classes and see the status of the leaves, if they have been granted or not. I noticed that the link to the request portal from the student login welcome page was actually something like http://univ.com/student/index.php/..., here 1234567 was my student ID. Yep, it was hardcore into the page, and sent as a GET request on being clicked. That was their idea of authentication I guess. I change the student ID to someone else's, and it let me login as that person.
Long story short, I wrote a little python script to login as every person from the starting of student IDs, till the end, then submit a leave request with a random dumb reason like "can't come, at the strip club" or "going for sex change operation". What I did not know was that when a request is submitted, a text message is also sent to the student's guardians phone number. I ran the script.
That day, over 1000 parents received text messages from the University saying that their kids have applied for a leave from random date to random date for some retarded reason. It was a blast. Students were talking about how someone had "Hacked" into the system.4 -
Dear Luis,
If you are an anonymous hacker, please do not include your name in the mail.
Sincerely,
cursemeslowly a.k.a the person who has visited a porn site and supposedly being hacked by an Anonymous Hacker named Luis18 -
!dev but actual long rant - about the students in my grade.
TL;DR: 1 asshole in 10 people can ruin everything. Mobbing sucks. I dislike parties.
There's the word "Jahrgang" in Germany which means the people in the same school year as you. I'll refer to it as "my (collective) classmates" although we don't have classes anymore, rather courses and I also mean those I do not have courses with.
With that out of the way, let the rant begin.
It's often the case that people with high logical and intellectual skills (no being arrogant, other people categorize me like that) have a lack of social skills - or empathy.
I'm a kind of an outsider in a way that since 10th grade I stopped trying to attach myself to certain groups since I do not fit in there. I'm fine with that now. Nowadays I can at least socialize with other nerds.
Here's why I dislike the collective of my classmates. This year is my last school year and as always, a big group forms a spirit. They have a theme (superheroes - super boring). I didn't go to any party they threw and I don't plan to go to the graduation ceremony as well since it's an unofficial party and not a school event. I hate parties. I hate alc and drunken teenagers. I didn't attend the "Kursfahrt" - a kind of excursion that's like holidays with your course - mainly because I dislike my "Stammkurs" (main course).
Why? I had a friend in this course. She was short, geeky and I could actually talk to her. Yet some jerks (not intensely) bullied her because "she was awkward" and in the end, she switched school - also because of other reasons.
When she was gone, even those who didn't bully her and who are considered "nice" made fun of her and talked badly about her - and me hanging around with her. So since then, I avoid anything with them that's not 100% school related.
Now they're planning what we call "Abigag" - it's a joke/prank the graduates pull on the school and younger students, something funny like an entrance room full of balloons and many other things. Also, the "Abizeitung", the yearbook the graduates put out with articles about their courses, teacher ranking and quotes etc. Also, a cabaret evening from the graduates to collect money for the graduation party. Cool stuff actually. I thought about taking part.
I'd say my talents are creativity and computer stuff. So a friend chatted with me about nerdy pranks like a school-wide wallpaper change. Or releasing a fake password list of the teachers - claiming we hacked them - with puns and insiders about the teaches. He said he gotta invite me into the WhatsApp group of the Abi prank. Disclaimer: He's one of those people who are socialized but still able to talk with me. He's fine.
Well guess what he told me later:
They don't want me on the team since I distance myself from my classmates. I should either be fully one of them or not at all.
That's enough. Who distances whom? I thought they were happy to have me on board but horse shit! Stuck with ideologies from the 19th century.
They can lick my ***. I don't have anything against most of them in person but as a collective, they're just fucking stupid. I guess it wasn't even the majority saying they don't want me to help. It was probably just the small crew of leading and loud jerks. And no one would disagree with them saying "Why not? He wants to help?" (even if it was their opinion) - they don't have the brain or balls to say anything against the strong idiot leaders. They'll do great later in politics as an adult - they wouldn't criticize Hitler if they were under his "protection".
So I won't take part in making Abi pranks, - but also not the Paper and cabaret eve. They can go jerk off to being part of a huge collection of assholes - which I, in all my pride, am not part of other than on paper.
(Disclaimer: No critics to other outsiders but those who were engaged and responsible for the choice of not letting me help)
If anyone actually read this:
Who were/are you in school times?
A proud outsider like me? Party boi/girl? Engaged striver?25 -
The worst thing about being a dev is explaining to these fucktards that facebook can't be hacked.
But what is even worse, is when these dipshits say that i am a bad dev for not hacking facebook for them.
Use that big stupid head to sometimes think straight and stop being a little twat.3 -
Watch out for these fucking bug bounty idiots.
Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.
Might be useful for some people but not so much for me.
It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.
It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.
I had another one recently though that was a total disgrace.
"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."
It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.
The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.
In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.
It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.
It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.
These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.
The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.4 -
TLDR: crappy api + idiot ex client combo rant // devam si duška
I saw a lot of people bitching about APIs that don't return proper response codes and other stuff..
Well let me tell you a story. I used to work on a project where we had to do something like booking, but better..crossbreed with the Off&Away bidding site (which btw we had to rip off the .js stuff and reverse engineer the whole timer thingy), using free versions of everything..even though money wasn't an issue (what our client said). Same client decided to go with transhotel because it was sooooo gooood... OK? Why did noone heard of them then?
Anyhow, the api was xml based.. we had to send some xml that was validated against a schema, we received another that was supposed to be validated againts another schema.. and so on and so on..
...
...
supposed..
The API docs were nonexistent.. What was there, was broken English or Spanish.. Even had some comments like Add This & that to chapter xy.. Of course that chapter didn't even exist yet. :( And the last documentation they had, was really really old..more than a year, with visible gaps, we got the validation schemas not even listed in the docs, let alone described properly.
Yaaay! And that was not everything.. besides wrong and missing data, the API itself caused the 500 server error whenever you were no longer authenticated.
Of course it didn't tell you that your session was dead.. Just pooof! Unhandled crap everywhere!
And the best part?! We handled that login after inspecting what the hell happened, but sent the notification to the company anyways.. We had a conf call, and sent numerous emails explaining to them what a 'try catch' is and how they should handle the not authenticated error <= BTW they should have had a handled xml response for that, we got the schema for it! But they didn't. Anyhow, after two agonizing days talking back and forth they at least set up the server to be available again after the horrified 500 error. Before, it even stopped responding until reset (don't ask me how they managed to do that).
Oh yeah, did I mention this was a worldwide renown company?! Where everybody spoke/wrote English?! Yup, they have more than 700 people there, of course they speak English! <= another one of my ex clients fabulous statements... making me wanna strangle him with his tie.. I told him I am not talking to them because no-one there understood/spoke English and it would be a waste of my time.. Guess who spent almost 3 hours to talk to someone who sounded like a stereotypical Indian support tech guy with a flue speaking Italian?! // no offence please for the referenced parties!!
So yeah, sadly I don't have SS of the fucked up documentation..and I cannot post more details (not sure if the NDA still holds even though they canceled the project).. Not that I care really.. not after I saw how the client would treat his customers..
Anywayz I found on the interwebz some proof that this shitty api existed..
picture + link: https://programmableweb.com/api/...
SubRant: the client was an idiot! Probably still is, but no longer my client..
Wanted to store the credit card info + cvc and owner info etc.. in our database.. for easier second payment, like on paypal (which he wanted me to totally customize the payment page of paypal, and if that wasn't possible to collect user data on our personalized payment page and then just send it over to paypal api, if possible in plaintext, he just didn't care as long as he got his personalized payment page) or sth.... I told the company owner that they are fucking retards if they think they can pull this off & that they will lose all their (potential) clients if they figure that out.. or god forbid someone hacked us and stole the data.. I think this shit is also against the law..
I think it goes without saying what happened next.. called him ignorant stupid fucktard to his face and told him I ain't doing that since our company didn't even had a certificate to store the last 4 numbers.. They heard my voice over the whole firm.. we had fish-tank like offices, so they could all see me yelling at the director..
Guess who got laid off due to not being needed anymore the next day?! It was the best day of my life..so far!! Never have I been happier to lose my job!!
P.S. all that crap + test + the whole backand for analysis, the whole crm + campaign emails etc.. the client wanted done in 6 months.. O.o
P.P.S. almost shat my pants when devRant notified my I cannot post and wanted to copy the message and then everything disappeard.. thank god I have written this in the n++ xDundefined venting big time issues no documentation idiot xml security api privacy ashole crappy client rant11 -
"four million dollars"
TL;DR. Seriously, It's way too long.
That's all the management really cares about, apparently.
It all started when there were heated, war faced discussions with a major client this weekend (coonts, I tell ye) and it was decided that a stupid, out of context customisation POC had that was hacked together by the "customisation and delivery " (they know to do neither) team needed to be merged with the product (a hot, lumpy cluster fuck, made in a technology so old that even the great creators (namely Goo-fucking-gle) decided that it was their worst mistake ever and stopped supporting it (or even considering its existence at this point)).
Today morning, I my manager calls me and announces that I'm the lucky fuck who gets to do this shit.
Now being the defacto got admin to our team (after the last lead left, I was the only one with adequate experience), I suggested to my manager "boss, here's a light bulb. Why don't we just create a new branch for the fuckers and ask them to merge their shite with our shite and then all we'll have to do it build the mixed up shite to create an even smellier pile of shite and feed it to the customer".
"I agree with you mahaDev (when haven't you said that, coont), but the thing is <insert random manger talk here> so we're the ones who'll have to do it (again, when haven't you said that, coont)"
I said fine. Send me the details. He forwarded me a mail, which contained context not amounting to half a syllable of the word "context". I pinged the guy who developed the hack. He gave me nothing but a link to his code repo. I said give me details. He simply said "I've sent the repo details, what else do you require?"
1st motherfucker.
Dafuq? Dude, gimme some spice. Dafuq you done? Dafuq libraries you used? Dafuq APIs you used? Where Dafuq did you get this old ass checkout on which you've made these changes? AND DAFUQ IS THIS TOOL SUPPOSED TO DO AND HOW DOES IT AFFECT MY PRODUCT?
Anyway, since I didn't get a lot of info, I set about trying to just merge the code blindly and fix all conflicts, assuming that no new libraries/APIs have been used and the code is compatible with our master code base.
Enter delivery head. 2nd motherfucker.
This coont neither has technical knowledge nor the common sense to ask someone who knows his shit to help out with the technical stuff.
I find out that this was the half assed moron who agreed to a 3 day timeline (and our build takes around 13 hours to complete, end to end). Because fuck testing. They validated the their tool, we've tested our product. There's no way it can fail when we make a hybrid cocktail that will make the elephants foot look like a frikkin mojito!
Anywho, he comes by every half-mother fucking-hour and asks whether the build has been triggered.
Bitch. I have no clue what is going on and your people apparently don't have the time to give a fuck. How in the world do you expect me to finish this in 5 minutes?
Anyway, after I compile for the first time after merging, I see enough compilations to last a frikkin life time. I kid you not, I scrolled for a complete minute before reaching the last one.
Again, my assumption was that there are no library or dependency changes, neither did I know the fact that the dude implemented using completely different libraries altogether in some places.
Now I know it's my fault for not checking myself, but I was already having a bad day.
I then proceeded to have a little tantrum. In the middle of the floor, because I DIDN'T HAVE A CLUE WHAT CHANGES WERE MADE AND NOBODY CARED ENOUGH TO GIVE A FUCKING FUCK ABOUT THE DAMN FUCK.
Lo and behold, everyone's at my service now. I get all things clarified, takes around an hour and a half of my time (could have been done in 20 minutes had someone given me the complete info) to find out all I need to know and proceed to remove all compilation problems.
Hurrah. In my frustration, I forgot to push some changes, and because of some weird shit in our build framework, the build failed in Jenkins. Multiple times. Even though the exact same code was working on my local setup (cliche, I know).
In any case, it was sometime during sorting out this mess did I come to know that the reason why the 2nd motherfucker accepted the 3 day deadline was because the total bill being slapped to the customer is four fucking million USD.
Greed. Wow. The fucker just sacrificed everyone's day and night (his team and the next) for 4mil. And my manager and director agreed. Four fucking million dollars. I don't get to see a penny of it, I work for peanut shells, for 15 hours, you'll get bonuses and commissions, the fucking junior Dev earns more than me, but my manager says I'm the MVP of the team, all I get is a thanks and a bad rating for this hike cycle.
4mil usd, I learnt today, is enough to make you lick the smelly, hairy balls of a Neanderthal even though the money isn't truly yours.4 -
I really wanna share this with you guys.
We have a couple of physical servers (yeah, I know) provided by a company owned by a friend of my boss. One of them, which I'll refer to as S1, hosted a couple of websites based on Drupal 7... Long story short, every php file got compromised after someone used a vulnerability within D7's core to inject malicious code. Whatver, wasn't a project of mine, and no one bothered to do anything about it... The client was even happy about not doing anything about it. We did stop making backups of such websites however, to avoid spreading the damage (right?). So, no one cared about this for months!
But last monday? The physical server was offline. I powered it on again via its web management interface... Dead after less than an hour. No backups. Oh well, I guess I couls keep powering it on to check what's wrong with it and attempt to fix it...
That's when I've learned how the web management interface works: power on/reboot requests prompted actual workers to reach the physical server and press the power on/reboot buttons.
That took a while to sink in. I mean, ok, theu are physical servers... But aren't they managed anyhow? They are just... Whatever. Rebooting over and over wasn't the solution, so I asked if they could move the HDD to another of our servers... The answer was it required to buy a "server installation" package. In short, we'd have had to buy a new physical server, or renew the subscription of one we already owned for 6 months.
So... I've literally spent the rest of the day bothering their emoloyeea to reboot S1, until I've reached the "daily reboot reauests limit" (which amounts to 3 reauests. seriously), whicj magically opened a support ticket where a random guy advised to stop using VNC as "the server was responsive" and offeres to help me with the command line.
Fiiine, I sort of appreciate it. My next message has been a kernel log which shows how the OS dying out was due to physical components becoming unavailable after a while, and how S1 lacked a VNC server, being accessible only via ssh. So, the daily reboot limit was removes for S1. Yay.
...What to do though? S1 was down, we had no backups, and asking for manual rebooting every time was slow as Hell. ....Then I went insane. I asked for 1 more reboot. su. crontab -e. */15 * * * * /sbin/shutdown -r +5. while true; do; rsync --timeout=20 --append S1:/stuff .; sleep 60; done.
It worked. We have now again access to 4 hacked, shitty Drupal 7 websites. My boss stopped shouting. I can get back to my own projects.
Apparently, those D7 websites got back online too, still with malicious php code within them. Well, not my problem (for now).
Meanwhile, S1 is still rebooting.3 -
Being the only tech savvy person in class can be the worst. If someone gets hacked they all blame you...6
-
Not a Story about an actual hack, but a story about people being dumb and using hacks as an excuse.
A few weeks ago my little cousin would reach out to me because "his Account was hacked...". Supposedly his League of Legends account was hacked by a guy of his own age (14) and this guy was boasting about it.
So i asked the usual things: "Has the email account been hijacked? Did anyone know about details to your acvount access? Etc..."
Turns out that one if his "friends" knew his password and username, but suppsedly erased these Informationen. And that was the part i didn't buy.
This was the point where he lost. Just because i am a programmer does not mean i can retrieve an account he lost because of a dumb mistake that could have easily been avoided. And that guy who was boasting about hacking LoL Account was coincidentally freinds with the friend who had the user credentials and password.
Moral of the Story? The biggest security weakness is almost always the user or a human in between... -
May 2020, for me, was still a massively shit month. All of my tech has eaten some amount of shit:
- Spare PC: Board and last spare PSU up in literal smoke all at once.
- PS3: Suddenly rejects *just* the OEM HDD. Also refuses all CFW for seemingly no reason despite being hacked.
- Xbox One: External HDD is having more and more corrupt reads and is taking longer and longer to serve data.
- Wii: Nearly ate shit as the OS disappeared mid-game for fucking no reason but thanks to my 5-year-ago forethought, saved. (God bless pre-boot homebrew menus)
- Phone: grabbed it to read an overheat warning with cold-ass hands, screen exploded.
- Desktop: Literally just now, PSU and possibly GPU fucking died mid-game.
Anything else? You still got like 4 days, you still got time to fucking kill me, May, you fucking bitch8 -
why people around me act like dump. i have recently worked with this site, which is written in php.
customer: (yelling) my website is hacked, fix it immediately
me : ok sir, we will restore your site immediately
after finishing talk with customer. i have checked website, there is no sign of website being hacked. i have checked server logs and website for security breach, there is no sign.
me: your website is not hacked, sir. can you please tell me where you have seen hacked page.
customer: look at those pages
after seen that page i facepalmed myself. it's a bug, person who created that page just splitted string without using any multibyte function, so page is showing with corrupted characters. i fixed it and problem solved. i have told about that bug, to the person who created that page.
me: hey you have used this function which is not able to handle multibyte characters, you should use multibyte character functions for that one.
person: every characters are the same. we shouldn't need to handle that way.
he is actually a senior developer. who don't even know the difference between unicode and ascii characters.1 -
Annoys me so much how obviously lazy my department has been with one of its products. We have an iPad app that does document management and eForms and stuff. Its not perfect but not the worst. Then they decide they need to build an app to handle a specific kind of eForm. They just went "well this app already does eForms so lets just adapt it".
Worst. Decision. Ever.
the app is simply a branch off the original app. despite being a completely different product which isnt even concerned with the same business objects. it has been hacked until it does what it needs to. And i have to somehow maintain this trainwreck.
As a result we have a branch in our main Git repo that contains a completely different product, which is basically an iOS wrapper for an HTML eForm with ~5000 lines of jQuery to further hack on the functionality that the eForm provides.
And they wonder why iOS developers have been leaving and some keep threatening to leave. Even the Delivery Manager wants us to just do what is needed and get it out the door and never look at it again. How are we supposed to care when thats the attitude of the people who are supposed to be invested in it. Im surprised the client hasnt told us to get lost the app is so hideously broken and unmaintainable. Performing an action on the form can break a completely unrelated section somewhere else. We have lost control.
And they just keep adding more scope, ignoring our concerns cos hey its too late to just start changing the whole approach of the solution. -
Throwback - don forget when CSI showed us how to protect us from being hacked!
https://youtube.com/watch/...6 -
I love my adhd kicks. My webstorm trial ended, I downloaded vscode, hated the bindings, I then used thr intellij extension. Everything ok expect autocomplete, not a fan of tab, couldn't use enter to enter enter as a binding. Hacked that binding.json, idk how i ended up installing a json sorter extension, ow theres a imports sorter. Okay what exactly i wanted to do? Right, do my niche site. Bad idea, i had written it in kotlin js, (missing intellij already) so i searched for almost non-scripting framework. Idk what happened...i ended up being interested in tailwind. Tried it a bit, ow they have tailwind ui. Thinking about buying the sweet shit. Ow i see headless UI... Pause, threw tailwind out. Thinking about react, met Solid, loved it, yarned and npmed it. Extension time, auto tag rename, more emmet like shit, rainbow and fira fonts, theme, scheme, ow colors whaaaw. Okay, its not gonna look like or feel like intellij, more like IDEA community if i had made the ide. What was i making again? Ah my webcrapp. still (idea)less... I went to codepen, grew a beard, came out, still feeling powerfully uncreative. Last stop: awwwards.. ow that awesome 7up nl site, imma see it, they nuked the animations, everything. This is where the rant actually ends, because THANK GOD I DONT FULLSTACK FOR A LIVING!!! Swift, Kotlin, XML and unpredictable Gradle is good enough for me to stop me from going wild. Stay safe. Genetic.🙋♂️2
-
Rant considering the latest Cyber attack and the news around it.
(A recap: a lot of Windows computers were infected with ransomware (due to security hole on Windows), which demanded 300$ in bitcoins to unlock data. After 3 days the price would double, and after 7 days the data was to be deleted)
1) In our country, one of the biggest companies was attacked (car factory). The production stopped and they got for around 1 000 000€ damage in less than 24h (1300 people without work). The news said that they were attacked because they are such a big company and were charged more, as the hackers "knew who they were dealing with" - another reason being the fact that the text was in croatian (which is our neighbor country), but noone realized that it is just a simple google translate of english text - which is obviously not true. The hackers neither know nor care who is hacked, and will charge everyone the same. They only care about the payment.
2) In UK whole (or large part) of medical infrastructure went down. The main thing everyone was saying was: "Nobody's data is stolen". Which, again, is obvious. But noone said anything about data being deleted after a week, which includes pretty much whole electronic medical record of everyone and is pretty serious.
And by the way, the base of the ransomware is code which was stolen from NSA.
All that millions and millions of dollars of damage could be avoided by simply paying the small fee.
The only thing that is good is that (hopefully) the people will learn the importance of backups. And opening weird emails.
P.S. I fucking hate all that 'hacky thingys' they have all over the news.5 -
Interesting: how to hack websites right upon installation. Basically, monitoring issued TLS certificates and trying to access e.g. WordPress installations before the user was able to configure a password.
That relies on a sloppy deployment process, of course - like making a live installation that is online immediately.
Source: https://portswigger.net/daily-swig/...10 -
Way back, 20 or so years ago, when I went to the university, every student got an account so that we could work with the Unix machines. Every user got the same default password, -apollo-, still remember it until today, and one day I felt a little bit evil and I tried to login to the administrator account, of course the first password I tried was the default password and it worked!!! I got super scared and told an older student about it, who was brave enough to scare the administrators a little bit by leaving a message like "you have been hacked!!!" or something similar. I was just too scared to do anything about it. All I wanted to do was see IF I could login ☺️ my few minutes of being Mr. Robot... Guess hacking was not for me 😃
-
fuck wordpress... Got a request to improve wordpress site speed + pagespeed score. 20-30 plugins, 15 or more additional ones off. Improved the score and noticed that my adblocker is blocking a lot of urls. Sure enough theres a hidden iframe in the bottom with 10 ad network scripts and bidding get requests. Someone is making ad revenue from this shit.. wtf. I've only had problems with shitty wordpress sites being hacked for some reason. It's always a shitty experience. Any tips on fixing hacked wordpress sites?5
-
How the hell are you going to have a WebDev degree and not know what SSL is in 2022.
I also shouldn't be the one to notice your CPanel has a ton of unnecessary extra files and folders, and when you go to a subdomain corresponding to some random folders we find a "hacked by some dude" message. : |
I get your mom paid for the domain and hosting for you but you should really fucking know that information yourself.
And I don't care if your mom says 'everything is fine' on her side. You were hacked you need that information so you can tell when things are added that shouldn't be and in this case notify the host site in case the issue is on them while also knowing how to reset everything properly site specifically
Fuck. I should start charging my friends for being stupid and taking my time with things they should know how to do.
My degree is an associates of 'General Programming'. They have a degree in specifically 'Web Development'
90% of my web development knowledge is self taught. If her program didn't cover fucking ssl she needs her money back8 -
These ignorant comments about arch are starting to get on my nerves.
You ranted or asked help about something exclusive to windows and someone pointed out they don't have that problem in arch and now you're annoyed?
Well maybe it's for good.
Next comes a very rough analogy, but imagine if someone posts "hey guys, I did a kg of coke and feeling bad, how do I detox?"
It takes one honest asshole to be like "well what if you didn't do coke?".
Replace the coke with windows.
Windows is a (mostly) closed source operating system owned by a for profit company with a very shady legal and ethical history.
What on earth could possibly go wrong?
Oh you get bsod's?
The system takes hours to update whenever the hell it wants, forces reboot and you can't stop it?
oh you got hacked because it has thousands of vulnerabilities?
wannacry on outdated windows versions paralyzed the uk health system?
oh no one can truly scrutinize it because it's closed source?
yet you wonder why people are assholes when you mention it? This thing is fucking cancer, it's hundreds of steps backwards in terms of human progress.
and one of the causes for its widespread usage are the savage marketing tactics they practiced early on. just google that shit up.
but no, linux users are assholes out to get you.
and how do people react to these honest comments? "let's make a meme out of it. let's deligitimize linux, linux users and devs are a bunch of neckbeards, end of story, watch this video of rms eating skin off his foot on a live conference"
short minded idiots.
I'm not gonna deny the challenges or limitations linux represents for the end user.
It does take time to learn how to use it properly.
Nvidia sometimes works like shit.
Tweaking is almost universally required.
A huge amount of games, or Adobe/Office/X products are not compatible.
The docs can be very obscure sometimes (I for one hate a couple of manpages)
But you get a system that:
* Boots way faster
* Is way more stable
* Is way way way more secure.
* Is accountable, as in, no chance to being forced to get exploited by some evil marketing shit.
In other words, you're fucking free.
You can even create your own version of the system, with total control of it, even profit with it.
I'm not sure the average end user cares about this, but this is a developer forum, so I think in all honesty every developer owes open source OS' (linux, freebsd, etc) major respect for being free and not being corporate horseshit.
Doctors have a hippocratic oath? Well maybe devs should have some form of oath too, some sworn commitment that they will try to improve society.
I do have some sympathy for the people that are forced to use windows, even though they know ideally isn't the ideal moral choice.
As in, their job forces it, or they don't have time or energy to learn an alternative.
At the very least, if you don't know what you're talking about, just stfu and read.
But I don't have one bit of sympathy for the rest.
I didn't even talk about arch itself.
Holy fucking shit, these people that think arch is too complicated.
What in the actual fuck.
I know what the problem is, the arch install instructions aren't copy paste commands.
Or they medium tutorial they found is outdated.
So yeah, the majority of the dev community is either too dumb or has very strong ADD to CAREFULLY and PATIENTLY read through the instructions.
I'll be honest, I wouldn't expect a freshman to follow the arch install guide and not get confused several times.
But this is an intermediate level (not megaexpert like some retards out there imply).
Yet arch is just too much. That's like saying "omg building a small airplane is sooooo complicated". Yeah well it's a fucking aerial vehicle. It's going to be a bit tough. But it's nowhere near as difficult as building a 747.
So because some devs are too dumb and talk shit, they just set the bar too low.
Or "if you try to learn how to build a plane you'll grow an aviator neckbeard". I'll grow a fucking beard if I want too.
I'm so thankful for arch because it has a great compromise between control and ease of install and use.
When I have a fresh install I only get *just* what I fucking need, no extra bullshit, no extra programs I know nothing about or need running on boot time, and that's how I boot way faster that ubuntu (which is way faster than windows already).
Configuring nvidia optimus was a major pain in the ass? Sure was, but I got it work the way I wanted to after some time.
Upgrading is also easy as pie, so really scratching my brain here trying to understand the real difficult of using arch.22 -
It was more of "Hate story" with a guy whose mere presence would irritate me very much. He was also close to the girl I liked a bit (not very huge crush or something).
So he was very active on two of his social networks one being fb and second directly connected to fb so basically getting hold of fb would mean that I could control his other one too.
It was Oct 2016 and that time you could easily hack an account using social hacking (not asking OTP out something mere details did it for few accounts).
I hacked his account and wrote curse words and all. As I had already changed the email and password, he couldn't till date retrieve it.
However as he reported to fb, his account was held and I could no longer access it but till then everything was over.
I couldn't still spot him on FB or the other social network.
And this was one of the most evil act I have performed in my life.1 -
1. It's gonna be more and more specialized - to the point where we'll equal or even outdo the medical profession. Even today, you can put 100 techs/devs into a room and not find two doing the same job - that number will rise with the advent of even more new fields, languages and frameworks.
2. As most end users enjoy ignoring all security instructions, software and hardware will be locked down. This will be the disadvantage of developers, makers and hackers equally. The importance of social engineering means the platform development will focus on protecting the users from themselves, locking out legitimate tinkerers in the process.
3. With the EU getting into the backdoor game with eTLS (only 20 years after everyone else realized it's shit), informational security will reach an all-time low as criminals exploit the vulnerabilities that the standard will certainly have.
4. While good old-fashioned police work still applies to the internet, people will accept more and more mass surveillance as the voices of reason will be silenced. Devs will probably hear more and more about implementing these or joining the resistance.
5. We'll see major leaks, both as a consequence of mass-surveillance (done incompetently and thus, insecurely) and as activist retaliation.
6. As the political correctness morons continue invading our communities and projects, productivity will drop. A small group of more assertive devs will form - not pretty or presentable, but they - we - get shit done for the rest.
7. With IT becoming more and more public, pseudo-knowledge, FUD and sales bullshit will take over and, much like we're already seeing it in the financial sector, drown out any attempt of useful education. There will be a new silver-bullet, it will be useless. Like the rest. Stick to brass (as in IDS/IPS, Firewall, AV, Education), less expensive and more effective.
8. With the internet becoming a part of the real life without most people realizing it and/or acting accordingly, security issues will have more financial damages and potentially lethal consequences. We've already seen insulin pumps being hacked remotely and pacemakers' firmware being replaced without proper authentication. This will reach other areas.
9. After marijuana is legalized, dev productivity will either plummet or skyrocket. Or be entirely unaffected. Who cares, I'll roll the next one.
10. There will be new JS frameworks. The world will turn, it will rain.1 -
I've been offline from devrant for a while now but damn, I need to vent this shit
One of my colleagues can't describe tickets well enough, so I often have to speak to my colleague about it what he/she ments with their description (usually the ticket description is one line… that's all)
But yesterday the ticket was quite ok, I got were he/she was going for
Conveniently my colleague walked by at the end of yesterday and asked me how it was going
I responded quite energetic 'quite well, ticket is almost done'
And when I showed my colleague the result he/she said, well I got some feedback this morning, and we need to move X to Y with Z data
But you don't get the full story, this project exists of a very old abandoned framework (2013). Hacked together to work for more than one customer (but still copied over to run standalone) with the last year of development being focused on fast results (no time given to workout bugs or refactoring for cleaner/readable code)
So now I have to (on a feature that already took me 3 days to build) remove roughly 25% of the code and hacks, and hack a solution together..
This shit is demotivating as fuck...1 -
Oh my dear internet,
FUCK THIS FUCKING SHIT
I AM SICK AND TIRED OF IT, WHO BUILT THIS HACKED TOGETHER ORWELLIAN SWAMP PIT?
Fuck the same fucking Envato template on every content page with 70 layers of sidebars, inline ads, popups, cookies and content shifting as if I was playing CATCH UP WITH YOUR FUCKING CONTENT.
FUCK the same fucking annual upselling 'plans' on every 7-day trial overengineered scam app that requires me to sign up for 1 fucking, falsely advertised task where my fucking password generator doesn't even recognize the input as a password field so I have to cmd+, to my FUCKING BABYLONIAN PASSWORD ARCHIVES PROMPTING ME FOR THE MASTER PASSWORD.
Thank god I can at least CREATE A BURNER CREDIT CARD THAT FREEZES ITSELF BECAUSE I CANNOT BE BOTHERED TO UNSUBSCRIBE FROM YOUR FUCKING STEAMING CRAP.
FUCK every fucking step I take being recorded by our CYBERPUNK OVERLORDS REQUIRING ME to sign up for 5 different fucking privacy protection tools' annual plan or duct tape some open source shit onto my browser just for some BASIC PRIVACY WHILE TRYING TO NAVIGATE ALL THE OTHER 5000 annuals plan naval mines like A FUCKING FRENCH SUBMARINE IN 1940 GERMAN WATERS.
FUCK my walled garden scam ecosystem not being compatible with your walled garden scam ecosystem prompting me to reactivate my old SATANIC GOOGLE DON'T BE EVIL ACCOUNT from 2012 sending me on a DANTE ALIGHIERI STYLE ODYSSEY THROUGH THE 9 LAYERS OF PASSWORD RESET QUESTIONS, UNEXPECTED ERROR, 2FA MY PHONE DIED HELL to come out on the other side as a broken man.
Thank GOD I have your useless SUPPORT PAGE to aid with my signup problems that is actually just an FAQ with a hidden EASTER EGG HUNT for your support form CRISP AI BOT THAT IS ALSO 'currently experiencing high demand due to COVID' which is peculiar since that has been 3 years ago, but fortunately for you enabled you to fire ALL YOUR SUPPORT STAFF AND REPLACE IT WITH THIS BANNER.
I might as well just SCRAPE your fucking content, it'd be faster.
And although it is quite funny, FUCK THIS PAGE TOO for having me create another of 10.000 accounts to write this shit, where my browser firmly placed a newly created burner email into the PASSWORD FIELD.
I do not know how we managed to create something that is even more unwieldy than 56k DIAL-UPS, but I know that if this shit continues I'll have to train my own AGI to proudly interact with of all this STUPID SHIT on my behalf or I'll have to move into THE FUCKING MOUNTAINS AND LIVE WITH THE DEER.1 -
Typical insurance company BS approach.
Listening to xmas music, Spotify ad kicks in about 'just being "hacked"':
Buy our cyber security insurance product to quickly recover and retain liquidity in case of a cyber security beach.
Not a single word about preventing the incidents in the first place...
Lucky to work in a place that doesn't skimp on IT.5 -
Early on in my freelancing career I learned something important. Even with seemingly tame nerdy stuff, sh*t can get real, real quick. This story describes the very start of my career in web development and hopefully will serve as a warning to newbies out there.
A young teen, I had just learned some basics of wordpress, I was confident I could hack together something that worked and looked okay with minimal effort and knowledge. One day I was approached by a guy who wanted a job board board site. Knowing there were already clones out there I figured this would be an easy gig, man was I wrong.
In addition to the fact I didn't know about contracts or the scope creep from hell, I had somehow gotten myself involved with a criminal business front.
These guys operated a scam business to rip off investors. Me and my designer buddy were used to make the business look legit. What they would do is hold job fairs where people are supposed to pay to rent a booth, but instead they would give everyone a booth for free and then lie about what all businesses were coming. They would then show this info, along with the website and marketing materials to investors. They would take the money from the investors and launder it for drugs.
The real story starts the day of one of the worst hangovers I had ever had. I was at a random friends house sleeping for most of the day.
Apparently one of the guys who was operating the scam business was about to strike a deal with one of the investors when something on the website didn't work (it was working as designed). This guy, Manny we'll call him, had been blowing up my phone all morning. I check my voicemails and there are threats on my life; saying I will be sleeping with the fishes, or if they ever find me, they'll fuck me up. Needless to say this really freaked me out, either way I decided to head back to my dorm.
When I come back home, my designer buddy tells me that some guys were in the house looking for stuff. Apparently this guy hired two nerds to "break into my computer and steal the website", fortunately they didn't know what they were doing.
After a while I got another call, Manny wanted to sit down and "talk things out". Being naive I accepted and we met up. The two nerds were there with one of his body guards. He said he wanted to have those two nerds take over the project. While this was going on, his bodyguard flashed his gun at me several times making eye contact. I agreed to, but I still wanted to get paid. I asked about getting paid and he said we never signed a contract and that he owned the host and domain. I was pretty much screwed.
This is where the story should end, but I wasn't a very smart guy back then. I gave up the site but I created a back door into it. Every week or so, they would get "hacked". Because the two nerds didn't know what to do, they ended up coming back to me for help. This is when I finally got paid. Totally not worth it. -
Who actually started the reign of mixed character passwords? because seriously it sucks to have an unnecessarily complex password! Like websites and apps requesting passwords to contain Upper/Lower case letter, numeric characters and symbols without considering the average user with low memory threshold (i.e; Me).
Let's push the complaint aside and return back to the actual reason a complex password is required.
Like we already know; Passwords are made complex so it can't be easily guessed by password crackers used by hackers and the primary reason behind adding symbols and numbers in a password is simply to create a stretch for possible outcome of guesses.
Now let's take a look into the logic behind a password cracker.
To hack a password,
1) The Password Cracker will usually lookup a dictionary of passwords (This point is very necessary for any possible outcome).
2) Attempts to login multiple times with list of passwords found (In most cases successful entries are found for passwords less than 8 chars).
3) If none was successful after the end of the dictionary, the cracker formulates each password on the dictionary to match popular standards of most website (i.e; First letter uppercase, a number at the end followed by a symbol. Thanks to those websites!)
4) If any password was successful, the cracker adds them to a new dictionary called a "pattern builder list" (This gives the cracker an upper edge on that specific platform because most websites forces a specific password pattern anyway)
In comparison:
>> Mygirlfriend98##
would be cracked faster compared to
>> iloveburberryihatepeanuts
Why?
Because the former is short and follows a popular pattern.
In reality, password crackers don't specifically care about Upper-Lowercase-Number-Symbol bullshit! They care more about the length of the password, the pattern of the password and formerly used entries (either from keyloggers or from previously hacked passwords).
So the need for requesting a humanly complex password is totally unnecessary because it's a bot that is being dealt with not another human.
My devrant password is a short story of *how I met first girlfriend* Goodluck to a password cracker!6 -
Ok... so I have a unique question/opportunity. I can't give all the details but here's the jist:
3yrs ago I was hired to consult a now prominent(still decently well known then) web-based company with many thousands of users, dealing with a lot of money and leveraging a social environment. They had several issues but initially they really needed me to find/train chat mods.
I did not take the offer for monetary reasons, like all consulting I've done, I had additional reason and/or fondness to fix the issues. In this case it was an interesting challenge and I knew several customers and some support staff so it'd be worthwhile.
They (without request) reduced their typical 2mo probationary period to 2wk for me. With less than a day left of that period, I was 'hacked' via a pushed telegram update, on the account they made me create for work purposes (they had control of the phone number not me).
During this 'hack' one of the 2, currently active, culprits sent a message to his tg account from the 'hacked' one and quickly deleted the entire convo. The other pretended (poorly) to be me in the chat with the mods in training (at least a few directly witnessed this and provided commentary).
Suddenly, I was fired without any rationale or even a direct, non-culprit, saying anything to me.
The 'hack' also included some very legit, and very ignorantly used, Ukrainian malware.
This 'hack' was only to a 2nd gen lenovo yoga I got due to being a certified refurbisher... just used for small bs like this chat mod/etc job. I even opened up my network, made honey pots, etc., waiting for something more interesting... nope not even an attempt at the static ip.
I started a screen recording program shortly after this crap started (unfortunately after the message sent be 'me' to the dude who actually sent it happened... so i still dont know the contents).
I figured I'd wait it out until i was bored enough or the lead culprit was at a pinnacle to fall from...
The evidence is overwhelming. This moron had no clue what he was doing (rich af by birth type)... as this malware literally created an unhidden log file, including his info down to the MAC id of his MacBook... on my desktop in real time (no, not joking... that stupid)
Here's my quandary... Due to the somewhat adjacent nature of part of our soon to be public start-up... as i dont want it to turn into some coat tail for our tech to ride on for popularity... it's now or never.
Currently im thinking, aside from any revenge-esq scheme, it'd be somewhat socially irresponsible to not out him to his fellow investors and/or the organisation that is growing with him as one of few at the forefront... ironically all about trust/safety/verification of admins in the industry.
I tried to reach out to him and request a call... he's still just as immature. Spent hours essentially spamming me while claiming it wasnt him but hed help me find whoever it was... and several other failed attempts to know what i had. When i confirmed he wasnt going to attempt a call, i informed him id likey mute him because i don't have time for back and forth bs. True to form he deleted the chat (i recorded it but its of no value).
So... any thoughts?7 -
some call
- yo bro do you have some time ?
- quick cause I'm taking a dump
- I think I have been hacked, got black screen kernel panick, linux freeze seldomly I have to reboot, no internet connexion
- save your stuff and reinstall linux
- I don't have enough stockage to backup
- Then buy one and save, probably either OS is fcked up or you have some hdd problems
Time that it will take: ~30min to reinstall whole shit
Peace duration: ~2years
Later on the same day
aunt
- I can't log into windows
- Did you change the password ?
- Yes but it does not work anymore
* looking at shit
* logs successfully. Reason: interface changed after automatic update.
* wait.
* wait some more so fucking windows fucking starts
* Desktop is ugly as fck.
* Some stupid settings messed up (like high contrast set, black theme or so)
aunt (the same)
- I can't log into my (other) laptop either
* logs
* wait more more more
Guess what: automatic updaaaates. Freezes 100%cpu
* Being a very experienced user: wait before reboot because this suckass os will probably fail to boot otherwise
* Blackscreen with a percentage: Installing updates...
* reboots
* Blackscreen with a percentage: Installing updates continuing...
* finally boot (feels like a miracle windows succeeds lol)
* still slow
aunt now sleeps
* look at running process and install programs
* sees shits like camera recognition (vendor installed), candycrush
* occasionnaly get adds
time lost: 2h
peace duration: ~3month
FFS I am a dev, not a fucking trash lover
It is already pain to fix someone os, but windows is the cream of cream
It brings no ease of use for novice user
It is so insanely slow
It has stupid settings set up by default!!!!!!!! Who FFS wants candycrush and ads
The maj are so fcking hazardous. It is 2022 pretty much the same as 15y back then. Updates take fucking eternity. And needs reboot. and are not even finished!!!
I swear I am gonna stretch my ass and install linux and any fckin other toolsuite needed so they can use Micro$$ word, which is the only fucking usecase they need windows for in the first case anyway
I SO wish this OS would die
I mean, even more than safari7 -
I am traumatized a bit by seeing so many web applications being "hacked" together by WP integrators.
We see a lot of shit applications when companies knock on our door to have a look at their "sick" systems built on shit like that.
Usually when we feel sorry for the company we stage it up. If freak WP applications had a proper debug log, the first line would read: [WARNING] Put me out of my misery. 😵
Worst of all is that usually we could've built the webapp for half the price the customer spent originally with a proper framework and architecture.3 -
I'm just fed up with the industry. There are so much stupidity and so much arrogance.
My professional experience comes mainly from the frontend and I feel like it's not as bad on the backend but I'm still convinced it's not really different:
I'm now about to start my 3rd job. It's always the same. The frontend codebase is complete shit. It's not because some juniors messed up not at all. It's always some highly paid self-proclaimed full-stack developer that didn't really care somehow hacked together most of the codebase.
That person got a rediculous salary considering the actual skill and effort that went into the code, at some point things became difficult, issues started to occur and that person left. If I search for that person I find next to the worst code via gitlens on Linkedin it's somebody that has changed companies at least two times after leaving and works now for a lot of money as tech-lead at some company.
There's never any tests. At the same time the company takes pride in having decent test coverage on the backend. In the end this only results in pushing a lot of business logic to the frontend because it would just take way to long to implement it on the backend.
Most of the time I'm getting told on my first day that the code quality is really high or some bullshit.
It's always a redux app written by people, that just connect everything to the store and never tried to reflect about their use of redux.
Usually it's people, that never even considered or tried not using redux, even if it's just to learn and experiment.
At the same time you could have the most awesome projects on github but people look at your CV, sum up the years and if you invested a lot of time, worked way harder to be better than other developers with the same amount of experience, it's totally irrelevant.
At the same time all companies are just the worst crybabies about not being able to find enough developers.
HR and recruiters are generally happy to invite somebody for an interview, even if that person does not have any code available to the public, as long as that person somehow was in some way employed in the industry for a couple of years. At the same time they wouldn't even notice if you're core contributor for some major open-source product if you do not have the necessary number of years in the industry.
I'm just fed up.
By the way, I got my first real job about two years ago. Now I'm about to start my third position because my last job died because of the corona crisis. I didn't complain for some time because I didn't want to look like I'm just complaining about my own situation. With every new job I made more money, now I'm starting for the first time at a position that is labeled "lead" in the contract.
So I did okay. But I know that lots of talented people that worked hard gave up at some point and even those that made it had to deal with way too much rejection.
At the same time there are so many "senior" people in the industry, that don't care, don't even try to get better, that get a lot of money for nothing.
It's ridiculously hard to get a food in the door if you don't have any experience.
But that's not because juniors are actually useless. It's because the code written by many seniors is so low quality, that you need multiple years of experience just to deal with all the traps.
Furthermore those seniors are so busy trying to put out the fires they are responsible for to actually put time into mentoring juniors.
It's just so fucked up.3 -
Just came home to cook supper at 11am again before I go back to the office to pull an all nighter to implement last minute changes thanks to a hosting provider in south africa getting hacked last Friday.
I love being a dev but this is one of those moments I really think to myself "your the moron that chose to do this for your career you twit" 😑6 -
I wonder if crypto exchanges are so damn vulnerable or just so transparent.
I mean, it is impossible to scroll tech articles for more than a few seconds before stumbling on a report of yet another crypto exchange being nicked a couple hundred mil USD.
- It could be that their security severely sucks (wouldn't blame them for it, most businesses do suck at securing shit).
- It could be that the entire black hat community is putting it's might on stealing money that is so fucking easy to launder.
- It could be that is damn nigh impossible to cover up a crypto hack since the evidence of coins drifting away is forever on display in the public ledger, and in that case crypto companies are not hacked more often than regular companies, they are just much more often publically shamed for it.
- It could be a mix of all the above, but my intuition is that one factor is more relevant.
Which would be the most relevant factor? One of the above or yet another attack vector to the stupidest value conduit ever?5 -
This is not a developer-related rant, but honestly, I'm annoyed, and this felt like the best place to vent.
My Twitter account has been suspended/restricted. I can still log in, but I can't tweet, follow people, anything.
No reason was given to me at all for my restriction, other than an automated reply when I attempted to appeal it stating they suspected my account of being hacked - an account I hadn't used in about a month, has a randomly generated 12 character password and has 2FA.
Here's the thing - I didn't grow up with Twitter, I've never really taken an interest in it, I only have my account to post dev stuff now and then as I know some over devs do - It felt like a good place to easily log what I'm currently working on and show off my work that I was proud of.
There aren't any other platforms I know of where I can do that, other than here (but my work consists of things that are also not dev related, so...)
I have no idea if I will get my Twitter account back; it's been over a week now since I attempted to appeal it with absolutely no response.
If anyone knows decent platforms where I can share my work and progress (dev, art, level design, etc.) and can use it sort of like a dev blog, I would greatly appreciate it.4 -
Found a little magazine when I was 12 which talked about HTML.
Then later, a friend talked about VBS and VB.NET and I just started making prank shit in that...
Then later back to making websites and basically just grew from there really...
Only followed a formal education on programming once... Which I got kicked out off because I ended my first year with a splendid 2 (that 1 point for adequate attendance).
The fun part? I failed because I was too good :^)
All my grades where a 1 or a 2 because my code was made using tools and libraries that they didn't want me to touch or even know about until 3rd of 4th year...
So yea, I failed everything with the reason being: "Not according to the exercise".
Another fun part: We had to make a personal blog in the 1st year using the techniques we had learned.
Sites were published on a *public* server...
Someone hacked all sites... except mine :^) -
I feel like some evil bastard NTP hacked the world.
on that note, seeing revision "12' wandering around.
I wandered by an apartment I remember from the old days today, in that apartment a woman wandered in, and left the door unlocked, you walked upstairs and she was already hidden inside one of the sub apartments, all of which had their doors unlocked.
if you wandered into the correct one a sexy chick was waiting, the one you followed, if you wandered in the wrong one you either got screamed at by an angry dude or looked at curiiously by an old guy cooking dinner.
the room changed across the years.
however i was warned away from this even before I remembered the events that followed and were buried indicating that this is not something i should be doing.
because now a woman in gray wanders in, meaning something awful is up there instead of some lighthearted game of chance where i coud either be looked at as an idiot, screamed out, or bonk someone for several hours.
I am really missing being young.3