Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Tonight I was getting ready to pay my monthly apartment maintenance bill so I Googled my property management company's name because I always forget the url. It's always the first result, but I noticed Google placed a little "This site may be hacked." line of text on their listing.
Seeing that before and knowing what it means, I went into the source for their index page, and to my suspicion, their WordPress installation was hacked with the standard invisible spam links.
I realize this happens to a lot of WordPress blogs, but this is an NYC property management company that is responsible for a lot of buildings and has millions of dollars in contracts. Normally I would inform them, but having dealt with them in the past I don't like them very much, but more importantly, I don't think they'd understand what I was saying because they are so technically inept. They might even think that because I found this, that I had something to do with it.
So devRant, it is up to you. What should I do?
22 -
I hate ZenHub. For those who haven't heard of it, it's an agile project management solution that is hacked (and by hacked I mean really hacked) on top of Github.
It's touted as being convenient because you can have all your issues in Github and then look at them in epics and board format. Sounds awesome. Except it's not. For everything "convenient" it does, it severely lacks the most basic ticket management features that make any ticket management solution usable. Ex., you can't copy tickets. That's right - if you're creating 20 similar tickets, which I've needed to do in the past, you must create each one individually. New ticket -> add labels -> add assignee -> add title -> add description and then submit. 20 times.
ZenHub is so bad and so poorly conceived that many of those who use it have lost sight of project management reality and are blind to the 300 other PM products out there that are better.
True story: a couple of weeks ago people were celebrating because ZenHub added functionality to allow you to define what epic an issue belonged in while you were creating it. For those who aren't familiar with what that means, let me explain: before two weeks ago, when creating an issue in ZenHub, to fill out this "epic" field, you needed to first create the issue and then edit it to fill in the epic.
Let me break that down in devRant terms: it's the equivalent of not being able to add tags to a rant until you create it and then go back and edit it. Complete lunacy is the only way to describe it. And when they added the functionality two weeks ago allowing you to do it all in one step, people praised them!!!
Yeah, ZenHub sucks.11 -
Long rant ahead.. so feel free to refill your cup of coffee and have a seat 🙂
It's completely useless. At least in the school I went to, the teachers were worse than useless. It's a bit of an old story that I've told quite a few times already, but I had a dispute with said teachers at some point after which I wasn't able nor willing to fully do the classes anymore.
So, just to set the stage.. le me, die-hard Linux user, and reasonably initiated in networking and security already, to the point that I really only needed half an ear to follow along with the classes, while most of the time I was just working on my own servers to pass the time instead. I noticed that the Moodle website that the school was using to do a big chunk of the course material with, wasn't TLS-secured. So whenever the class begins and everyone logs in to the Moodle website..? Yeah.. it wouldn't be hard for anyone in that class to steal everyone else's credentials, including the teacher's (as they were using the same network).
So I brought it up a few times in the first year, teacher was like "yeah yeah we'll do it at some point". Shortly before summer break I took the security teacher aside after class and mentioned it another time - please please take the opportunity to do it during summer break.
Coming back in September.. nothing happened. Maybe I needed to bring in more evidence that this is a serious issue, so I asked the security teacher: can I make a proper PoC using my machines in my home network to steal the credentials of my own Moodle account and mail a screencast to you as a private disclosure? She said "yeah sure, that's fine".
Pro tip: make the people involved sign a written contract for this!!! It'll cover your ass when they decide to be dicks.. which spoiler alert, these teachers decided they wanted to be.
So I made the PoC, mailed it to them, yada yada yada... Soon after, next class, and I noticed that my VPN server was blocked. Now I used my personal VPN server at the time mostly to access a file server at home to securely fetch documents I needed in class, without having to carry an external hard drive with me all the time. However it was also used for gateway redirection (i.e. the main purpose of commercial VPN's, le new IP for "le onenumity"). I mean for example, if some douche in that class would've decided to ARP poison the network and steal credentials, my VPN connection would've prevented that.. it was a decent workaround. But now it's for some reason causing Moodle to throw some type of 403.
Asked the teacher for routers and switches I had a class from at the time.. why is my VPN server blocked? He replied with the statement that "yeah we blocked it because you can bypass the firewall with that and watch porn in class".
Alright, fair enough. I can indeed bypass the firewall with that. But watch porn.. in class? I mean I'm a bit of an exhibitionist too, but in a fucking class!? And why right after that PoC, while I've been using that VPN connection for over a year?
Not too long after that, I prematurely left that class out of sheer frustration (I remember browsing devRant with the intent to write about it while the teacher was watching 😂), and left while looking that teacher dead in the eyes.. and never have I been that cold to someone while calling them a fucking idiot.
Shortly after I've also received an email from them in which they stated that they wanted compensation for "the disruption of good service". They actually thought that I had hacked into their servers. Security teachers, ostensibly technical people, if I may add. Never seen anyone more incompetent than those 3 motherfuckers that plotted against me to save their own asses for making such a shitty infrastructure. Regarding that mail, I not so friendly replied to them that they could settle it in court if they wanted to.. but that I already knew who would win that case. Haven't heard of them since.
So yeah. That's why I regard those expensive shitty pieces of paper as such. The only thing they prove is that someone somewhere with some unknown degree of competence confirms that you know something. I think there's far too many unknowns in there.
Nowadays I'm putting my bets on a certification from the Linux Professional Institute - a renowned and well-regarded certification body in sysadmin. Last February at FOSDEM I did half of the LPIC-1 certification exam, next year I'll do the other half. With the amount of reputation the LPI has behind it, I believe that's a far better route to go with than some random school somewhere.25 -
A few weeks before, my neighbor came to me saying his wifi is hacked and someone is abusing it.
So I tried the wifi and found out there is no password. And the one who was abusing a simple open wifi was me XD.
So I set a password for her and disabled wps. But hopefully no one (expect devrant) will know I used that much bandwidth.2 -
Building a business can hamper one's development urges!
I have been building stuff since 2008. Took my first job in 2012, won a hackathon at Yahoo right after that. Got an amazing team to work with! Our team converted the hacked product into a proper product using Django and AngularJS. Those were the fun days. At that time AngularJS had just come out and I was under the dilemma to use Angular, Ember or backbone. But with all this came the responsibility to build a business out of our product. It didn't happen eventually though.
So I moved on to cure my entrepreneural itch and went on to start up an e-commerce startup along with my day job. It started getting good traction and I finally left my day job to focus completely on it. It's a sticker marketplace and I had to focus a lot on the actual physical product, improve the quality, tackle business development and stuff etc. In all this, my habit of creating stuff with code kind of got the back seat. Everyday, I see such exciting technologies come up and I want to try them out. I have been itching to create a native app using react native. Try to build a skill for Amazon Alexa.
On one side I am happy that I have been able to build a brand and become the largest sticker marketplace in India providing super awesome reusable stickers, but on the other hand, managing the business on a daily basis is killing the developer in me :(
Does anyone else building a business which involves a physical product also face a similar problem? I think I should just take up weekend hackathon type problems and try to solve them using the technologies I want to learn. Example, I have been meaning to build an app for our company. I think I will start with that!
I have been following devRant for quite sometime now and it has been awesome. Finally, signed up and ranted today! 😊😊5 -
Hoping so much that the new devRant store has official devRant caps.
In the meanwhile I hacked this and wore it backwards during my last 4 race walks including the NY State Empire Game Championships so my opponents could watch 'little devvie' stare them down for 30+ minutes. It worked!
-
TLDR: crappy api + idiot ex client combo rant // devam si duška
I saw a lot of people bitching about APIs that don't return proper response codes and other stuff..
Well let me tell you a story. I used to work on a project where we had to do something like booking, but better..crossbreed with the Off&Away bidding site (which btw we had to rip off the .js stuff and reverse engineer the whole timer thingy), using free versions of everything..even though money wasn't an issue (what our client said). Same client decided to go with transhotel because it was sooooo gooood... OK? Why did noone heard of them then?
Anyhow, the api was xml based.. we had to send some xml that was validated against a schema, we received another that was supposed to be validated againts another schema.. and so on and so on..
...
...
supposed..
The API docs were nonexistent.. What was there, was broken English or Spanish.. Even had some comments like Add This & that to chapter xy.. Of course that chapter didn't even exist yet. :( And the last documentation they had, was really really old..more than a year, with visible gaps, we got the validation schemas not even listed in the docs, let alone described properly.
Yaaay! And that was not everything.. besides wrong and missing data, the API itself caused the 500 server error whenever you were no longer authenticated.
Of course it didn't tell you that your session was dead.. Just pooof! Unhandled crap everywhere!
And the best part?! We handled that login after inspecting what the hell happened, but sent the notification to the company anyways.. We had a conf call, and sent numerous emails explaining to them what a 'try catch' is and how they should handle the not authenticated error <= BTW they should have had a handled xml response for that, we got the schema for it! But they didn't. Anyhow, after two agonizing days talking back and forth they at least set up the server to be available again after the horrified 500 error. Before, it even stopped responding until reset (don't ask me how they managed to do that).
Oh yeah, did I mention this was a worldwide renown company?! Where everybody spoke/wrote English?! Yup, they have more than 700 people there, of course they speak English! <= another one of my ex clients fabulous statements... making me wanna strangle him with his tie.. I told him I am not talking to them because no-one there understood/spoke English and it would be a waste of my time.. Guess who spent almost 3 hours to talk to someone who sounded like a stereotypical Indian support tech guy with a flue speaking Italian?! // no offence please for the referenced parties!!
So yeah, sadly I don't have SS of the fucked up documentation..and I cannot post more details (not sure if the NDA still holds even though they canceled the project).. Not that I care really.. not after I saw how the client would treat his customers..
Anywayz I found on the interwebz some proof that this shitty api existed..
picture + link: https://programmableweb.com/api/...
SubRant: the client was an idiot! Probably still is, but no longer my client..
Wanted to store the credit card info + cvc and owner info etc.. in our database.. for easier second payment, like on paypal (which he wanted me to totally customize the payment page of paypal, and if that wasn't possible to collect user data on our personalized payment page and then just send it over to paypal api, if possible in plaintext, he just didn't care as long as he got his personalized payment page) or sth.... I told the company owner that they are fucking retards if they think they can pull this off & that they will lose all their (potential) clients if they figure that out.. or god forbid someone hacked us and stole the data.. I think this shit is also against the law..
I think it goes without saying what happened next.. called him ignorant stupid fucktard to his face and told him I ain't doing that since our company didn't even had a certificate to store the last 4 numbers.. They heard my voice over the whole firm.. we had fish-tank like offices, so they could all see me yelling at the director..
Guess who got laid off due to not being needed anymore the next day?! It was the best day of my life..so far!! Never have I been happier to lose my job!!
P.S. all that crap + test + the whole backand for analysis, the whole crm + campaign emails etc.. the client wanted done in 6 months.. O.o
P.P.S. almost shat my pants when devRant notified my I cannot post and wanted to copy the message and then everything disappeard.. thank god I have written this in the n++ xD
11 -
Might be nothing for others, but I finally published my Vue website with the following setup:
1. Vue inside docker
2. Nodejs API inside docker
3. MongoDB inside docker
4. Nginx as reverse proxy
5. Let's Encrypt
6. NO I WILL NOT SHARE THE LINK, don't want to be hacked lol and it is for personal use only.
But I'd love to thank devRant members who have helped me reach this point, two months ago I was a complete noob in Vue and a beginner in NodeJs services, now I have my own todo website customized for my needs.
Thank you :)
26 -
Fucking christ this year is a fucking shitfest:
- wpa2 krack
- "DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions"
- "Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites"
- "Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe"
My fucking router didn't yet get patched, my fucking phone is outdated and I can't change to my patched one because devrant just shits the bed in extended desktop mode. Windows 8.1 loses support in 3 months, rendering my last chance of using it on my surface pro done, making me use windows 10 with its fucking shit ass not optimized tablet interface. I have just fucking constant paranoia what else could be hacked tomorrow, nothing is fucking safe anymore for fucks sake. I even went as far as implement 3 step auth and intrusion detection on my shitty ass VPS nodes, fucking give me a break you fucking assholes.5 -
I've been offline from devrant for a while now but damn, I need to vent this shit
One of my colleagues can't describe tickets well enough, so I often have to speak to my colleague about it what he/she ments with their description (usually the ticket description is one line… that's all)
But yesterday the ticket was quite ok, I got were he/she was going for
Conveniently my colleague walked by at the end of yesterday and asked me how it was going
I responded quite energetic 'quite well, ticket is almost done'
And when I showed my colleague the result he/she said, well I got some feedback this morning, and we need to move X to Y with Z data
But you don't get the full story, this project exists of a very old abandoned framework (2013). Hacked together to work for more than one customer (but still copied over to run standalone) with the last year of development being focused on fast results (no time given to workout bugs or refactoring for cleaner/readable code)
So now I have to (on a feature that already took me 3 days to build) remove roughly 25% of the code and hacks, and hack a solution together..
This shit is demotivating as fuck...1 -
I understand the muggles on Facebook saying it was Apple and Amazon that were hacked, but here on devrant where people know WTF is up, I'm still not seeing people say where the hack actually took place, and what makes the news truly terrifying: SMC.4
-
Who actually started the reign of mixed character passwords? because seriously it sucks to have an unnecessarily complex password! Like websites and apps requesting passwords to contain Upper/Lower case letter, numeric characters and symbols without considering the average user with low memory threshold (i.e; Me).
Let's push the complaint aside and return back to the actual reason a complex password is required.
Like we already know; Passwords are made complex so it can't be easily guessed by password crackers used by hackers and the primary reason behind adding symbols and numbers in a password is simply to create a stretch for possible outcome of guesses.
Now let's take a look into the logic behind a password cracker.
To hack a password,
1) The Password Cracker will usually lookup a dictionary of passwords (This point is very necessary for any possible outcome).
2) Attempts to login multiple times with list of passwords found (In most cases successful entries are found for passwords less than 8 chars).
3) If none was successful after the end of the dictionary, the cracker formulates each password on the dictionary to match popular standards of most website (i.e; First letter uppercase, a number at the end followed by a symbol. Thanks to those websites!)
4) If any password was successful, the cracker adds them to a new dictionary called a "pattern builder list" (This gives the cracker an upper edge on that specific platform because most websites forces a specific password pattern anyway)
In comparison:
>> Mygirlfriend98##
would be cracked faster compared to
>> iloveburberryihatepeanuts
Why?
Because the former is short and follows a popular pattern.
In reality, password crackers don't specifically care about Upper-Lowercase-Number-Symbol bullshit! They care more about the length of the password, the pattern of the password and formerly used entries (either from keyloggers or from previously hacked passwords).
So the need for requesting a humanly complex password is totally unnecessary because it's a bot that is being dealt with not another human.
My devrant password is a short story of *how I met first girlfriend* Goodluck to a password cracker!6 -
AHHAHAHAHHAHAHAH Not only did my StarSpace got "hacked" i would say abused , but I had my password in clear text so did he GOT MY DevRant account now aswell!!
I just implemented encrypted passwords yesterday but not fully since im still testing ...
( hacked by @tallasianman )
:(47 -
Not my 'first' but the first outside of stupid little toy projects.
I got an internship back in 2016 while I was in 11th grade. Mine was sort of a college doing community outreach, so yeah, not really impressive of an internship.
But my manager handed me a Micro:Bit. At the time, there were like 1000 in the U.S. the U.K. was brainstorming, including them in school curriculums. My manager just told me to experiment and see what I could do with it.
Minimal requirements Minimal guidance outside of ideas now and then (he had doctorate students to manage so I get it lol), so I started just doing stupid small things with the micro python, the language the minimal back then documentation reccomended, like a 'lowest of poly' crazy taxi thing.
But by the end, I hacked together some HORRIBLY written C++ to get 2 of them to communicate. 1 always powered and gets a state from the other at regular intervals. The other is powered by a hand crank and sending the direction of the crank to the other.
I forget what the end goal was. But it was fun to learn, and thinking back, I did a lot in just 8 weeks
My manager gave me the first Micro:Bit on my last day. I don't do anything with it anymore. But it's a fun memory.
It was also around that time I found DevRant and needed you guys to knock my ego down a few pegs when my head over inflated, lol. -
In my dream my devRant account was hacked 😐 and i thought it was something usual recently on devRant. I was typing my (email?) and like i was hacked on my computer too the input was something like this ے2
-
Anyone playing the 'hacked' game on android ? despite the name, It's just about logic and I have been kind of addicted to it for the past week ( the plot seems purposely built off every bullshit hollywood producers thrown at us for decades regarding hacking) just wanted to thanks the dev for it, maybe they ' ll pass by devRant and see this ;)2
Top Tags
Weekly Rant
View