Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
more buzzword translations with a story (because the last one was pretty well liked):
"machine learning" -> an actual, smart thing, but you generally don't need any knowledge to use it as they're all libraries now
"a bitcoin" -> literally just a fucking number that everyone has
"powerful" -> it's umm… almost working (seriously i hate this word, it really has a meaning of null)
"hacking" -> watching a friend type in their facebook password with a black hoodie on, of course (courtesy of @GeaRSiX)
"cloud-based service" -> we have an extra commodore 64 and you can use it over the internet for an ever-increasing monthly fee
"analysis" -> two options: "it's not working" or "its close enough"
"stress-free workplace" -> working from home without pants
now for a short story:
a few days ago in code.org "apscp" class, we learnt about how to do "top down design" (of course, whatever works before for you was not in option in solving problems). we had to design a game, as the first "step" of "top down design," we had to identify three things we needed to do to make a game.
they were:
1. characters
2. "graphics"
3. "ai"
graphics is literally a png, but what the fuck do you expect for ai?
we have a game right? oh wait! its getting boring. let's just sprinkle some fucking artificial intelligence on it like i put salt on french fries.
this is complete bullshit.
also, one of my most hated commercials:
https://youtu.be/J1ljxY5nY7w
"iot data and ai from the cloud"
yeah please shut the fuck up
🖕fucking buzzwords6 -
Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.
That time when...
He wrote a social media network with end-to-end encryption before it was cool.
He wrote custom 64kb encryption for his academic HDD.
He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.
He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).
He used only hashes of passwords as passwords (which isn't actually good).
He kept a drill on the desk ready to destroy his HDD at a moments notice.
He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.
He set up a new email account for each individual online service.
He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).
He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).
He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).
He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.
He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.
He bought a burner phone to visit the capital city.
He bought a burner phone whenever he left his hometown come to think of it.
He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).
He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.
(You might be noticing it's all he's. Maybe it is, maybe it isn't).
He ate a sim card.
He brought a balaclava to pentesting training (it was pretty meme).
He printed out his source code as a manual read-only method.
He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).
He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).
He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.
I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.
26 -
opened up my laptop at the car dealership where I am chilling at rn while I wait on my car's service to be done.
I open my laptop and start working on some small fix that I had forgotten about for work.
OMG guess what? no one is looking at me doing shit in the computer because in reality no one gives a flying fuck like most of you attention whores wanna make it sound like.
No one thinks you are hacking because you opened up a terminal in public.
Bola de jotos ridiculos.15 -
"Our Data Service comes PRE-P0WN'D"
Those SHIT-FOR-BRAINS data service providers GLOAT that their data can be natively integrated into most BI platforms, no code required.
How? Because they will EXPOSE THE ENTIRE FUCKING THING ON THE INTERNET.
LITERALLY.
UNAUTHENTICATED URL WITH THE ENTIRE DATASET.
STATIC. WON'T EVER FUCKING CHANGE.
NO VPN REQUIRED. NO AUTHENTICATION HEADERS. NO IN-TRANSIT ENCRYPTION.
"It is safe! No one will know the secret token that is a parameter in the url"
BLOODY BYTE BUTTS, BATMAN! IT IS A FUCKING UNAUTHENTICATED URL THAT DOES NOT REQUIRES RENEWAL NOR A VPN, IT WILL LEAK EVENTUALLY!
That is the single fucking worst SELF-P0WN I have ever seen.
Now I know why there are fucking toddlers "hacking" large scale databases all over the globe.
Because there are plenty of data service providers that are FUCKING N00BS.4 -
Im ranting in progress of the issue so i dont get the urge to do any of the things not seem as acceptable to fix this issue.
Issue: yesterday i activated a device i havent had any (even prepaid) service on in years, and had a 'new'(to me) number assigned...
Today, after being sick so muting nuisances immediately for rest, i check, 3missed calls from the same, less spammy looking number. I havent use this number for even a txt code verification at all... aside from 1 call to comcast (for the blissful irony of seeing if its an option (they need to survey physically) since im suing my current isp who didnt take my VERY NICE and explictly required in their business t&c, refund for the issue's duration.. after months of tryjng to directly get a message (not using my not technically hacking expertise like just scrubbing for email formatting and popped up in their inbox (calling them is more frowned upon)...
Their conclusion as to "why" (they nvr solved the issue... dhcpv6 was in aggressive lease mode(no response per lease(NOT batches) of about 60 for about 20 devices which i ofc use my /28 static ipv4 block... not ipv6 (they also claimed there was no logs til i dug and found verbose, long history high/med high debug level logs in their prop. dev's gui... which they forced me to use, has 2 separate cores/stacks which is done for 1 reason only... constant simultaneous ipv4 and ipv6 (so ofc was auto enabled)...
Basically it was spamming do to a config issue with their scripts, and their WAN6 dev/script's config. Have found a single person who knows what ipv6 (or v4) or wan6 device actually means... their conclusion from multiple "specialist departments " ..."we dont support ipv6 so if u had issues caused by using something we dont support it's your fault... sooooo ludacris.
.... ok back to main point.
callback options
1 schedule a call back for "later"
2 dont schedule and hang up/try some other time
3. cancel callback and join the end of the cue(from previous message it told me a callback in 6-10m or lose your place in line and go to the end... hours later no call and they definitely have the number as it reiterated -.-
...
answer to wait in line>
experiencing extremely high wait time
>your current wait time 31-60m
2.5sec later.. let me connect you to a rep ...etc (identical as in callback options intro)
> your current wait time is 30sec
waiting nearly 25min whilst typing this.(i did make sweet potato stuff, propagated a rose, fed JSON some of his new, in closure buffet of things he previously never encounted and bought a literal ton of rubber mulch)40min to a rep 5more to solve (last guy at same position didnt know this option exited, despite me decribing it verbosely to him.
Everything the automated syst asks is about account numer... there is none ive never even had a burner that was at&t brand.
Wzf.3 -
Getting started with my dissertation project for my degree. Using Java and Dropwizard for a backend service with a nice iOS client in Swift. Will make such a refreshing change from hacking crappy eForms together with jQuery and an Objective-C native bridge.1
Top Tags
Weekly Rant
View