!rant

This was over a year ago now, but my first PR at my current job was +6,249/-1,545,334 loc. Here is how that happened... When I joined the company and saw the code I was supposed to work on I kind of freaked out. The project was set up in the most ass-backward way with some sort of bootstrap boilerplate sample app thing with its own build process inside a subfolder of the main angular project. The angular app used all the CSS, fonts, icons, etc. from the boilerplate app and referenced the assets directly. If you needed to make changes to the CSS, fonts, icons, etc you would need to cd into the boilerplate app directory, make the changes, run a Gulp build that compiled things there, then cd back to the main directory and run Grunt build (thats right, both grunt and gulp) that then built the angular app and referenced the compiled assets inside the boilerplate directory. One simple CSS change would take 2 minutes to test at minimum.

I told them I needed at least a week to overhaul the app before I felt like I could do any real work. Here were the horrors I found along the way.

- All compiled (unminified) assets (both CSS and JS) were committed to git, including vendor code such as jQuery and Bootstrap.
- All bower components were committed to git (ALL their source code, documentation, etc, not just the one dist/minified JS file we referenced).
- The Grunt build was set up by someone who had no idea what they were doing. Every SINGLE file or dependency that needed to be copied to the build folder was listed one by one in a HUGE config.json file instead of using pattern matching like `assets/images/*`.
- All the example code from the boilerplate and multiple jQuery spaghetti sample apps from the boilerplate were committed to git, as well as ALL the documentation too. There was literally a `git clone` of the boilerplate repo inside a folder in the app.
- There were two separate copies of Bootstrap 3 being compiled from source. One inside the boilerplate folder and one at the angular app level. They were both included on the page, so literally every single CSS rule was overridden by the second copy of bootstrap. Oh, and because bootstrap source was included and commited and built from source, the actual bootstrap source files had been edited by developers to change styles (instead of overriding them) so there was no replacing it with an OOTB minified version.
- It is an angular app but there were multiple jQuery libraries included and relied upon and used for actual in-app functionality behavior. And, beyond that, even though angular includes many native ways to do XHR requests (using $resource or $http), there were numerous places in the app where there were `XMLHttpRequest`s intermixed with angular code.
- There was no live reloading for local development, meaning if I wanted to make one CSS change I had to stop my server, run a build, start again (about 2 minutes total). They seemed to think this was fine.
- All this monstrosity was handled by a single massive Gruntfile that was over 2000loc. When all my hacking and slashing was done, I reduced this to ~140loc.
- There were developer's (I use that term loosely) *PERSONAL AWS ACCESS KEYS* hardcoded into the source code (remember, this is a web end app, so this was in every user's browser) in order to do file uploads. Of course when I checked in AWS, those keys had full admin access to absolutely everything in AWS.
- The entire unminified AWS Javascript SDK was included on the page and not used or referenced (~1.5mb)
- There was no error handling or reporting. An API error would just result in nothing happening on the front end, so the user would usually just click and click again, re-triggering the same error. There was also no error reporting software installed (NewRelic, Rollbar, etc) so we had no idea when our users encountered errors on the front end. The previous developers would literally guide users who were experiencing issues through opening their console in dev tools and have them screenshot the error and send it to them.
- I could go on and on...

This is why you hire a real front-end engineer to build your web app instead of the cheapest contractors you can find from Ukraine.

Here skiddie skiddie... a collection of obviously fake "hacking tools" that bait skids into doxing themselves.

So I've been looking for a Linux sysadmin job for a while now. I get a lot of rejections daily and I don't mind that because they can give me feedback as for what I am doing wrong. But do you know what really FUCKING grinds my FUCKING gears?

BEING REJECTED BASED ON LEVEL OF EDUCATION/NOT HAVING CERTIFICATIONS FOR CERTAIN STUFF. Yes, I get that you can't blindly hire anyone and that you have to filter people out but at least LOOK AT THEIR FUCKING SKILLSET.

I did MBO level (the highest sub level though) as study which is considered to be the lowest education level in my country. lowest education level meaning that it's mostly focused on learning through doing things rather than just learning theory.

Why the actual FUCK is that, for some fucking reason, supposed to be a 'lower level' than HBO or Uni? (low to high in my country: MBO, HBO, Uni). Just because I learn better by doing shit instead of solely focusing on the theory and not doing much else does NOT FUCKING MEAN THAT I AM DUMBER OR LESS EDUCATED ON A SUBJECT.

So in the last couple of months, I've literally had rejections with reasons like
- 'Sorry but we require HBO level as people with this level can analyze stuff better in general which is required for this job.'. - Well then go fuck yourself. Just because I have a lower level of education doesn't FUCKING mean that I can't analyze shit at a 'lower level' than people who've done HBO.

- 'You don't seem to have a certificate for linux server management so it's a no go, sorry!' - Kindly go FUCK yourself. Give me a couple of barebones Debian servers and let me install a whole setup including load balancers, proxies if fucking neccesary, firewalls, web servers, FUCKING Samba servers, YOU FUCKING NAME IT. YES, I CAN DO THAT BUT SOLELY BECAUSE I DON'T HAVE THAT FUCKING CERTIFICATE APPEARANTLY MEANS THAT I AM TOO INCOMPETENT TO DO THAT?! Yes. I get that you have to filter shit but GUESS WHAT. IT'S RIGHT THERE IN MY FUCKING RESUME.

- 'Sorry but due to this role being related to cyber security, we can't hire anyone lower than HBO.' - OH SO YOUR LEVEL OF EDUCATION DEFINES HOW GOOD YOU ARE/CAN BE AT CYBER SECURITY RELATED STUFF? ARE YOU MOTHERFUCKING RETARDED? I HAVE BEEN DOING SHIT RELATED TO CYBER SECURITY SINCE I WAS 14-15 FUCKiNG YEARS OLD. I AM FAMILIAR WITH LOADS OF TOOLS/HACKING TECHNIQUES/PENTESTING/DEFENSIVE/OFFENSIVE SECURITY AND SO ON AND YOU ARE TELLING ME THAT I NEED A HIGHER LEVEL OF FUCKING EDUCATION?!?!? GO FUCKING FUCK YOURSELF.

And I can go on like this for a while. I wish some companies I come across would actually look at skills instead of (only) study levels and certifications. Those other companies can go FUCK THEMSELVES.

After a nice clean reinstall.. some partitions didn't wanna play nice so I got my hacking tools and hacked away.

preface: swearing.
because anger.

So. I'm trying to use Material Design with Material UI. The components and UI look *great*.

It's from google, though, which really pisses me off. but I like what I can do with the UI.

HOWEVER.
I really want a grid system for responsiveness. because obviously. besides, i really hate doing all the responsive shit myself. it sucks and i hate it.

Material Design does not include a grid system. okay, it includes a grid component, but it's not for site layout. it's for making a grid of images. or something.

What it does include is a lot of very lengthy documentation on what you should do, complete with fancy graphics saying "THIS IS HOW YOU MUST DO IT OR YOU'RE DOING IT ALL WRONG" -- but they don't actually support it! you must do it all yourself.

Why oh why would they tell you how you must do things if they don't provide the tools to make it possible? fucking google.

You might decide it's a grand idea to interject at this moment and say: "there are plenty of tools out there that allow you to do this!" And sure, you'd be right. however -- and i think this might just barely might be worth mentioning -- THEY REALLY FUCKING SUCK. Hey, let's look at some of the classes! So clear and semantic! This one was nice and simple: "xs4" -- but wtf does that mean? okay, it apparently means 4 columns as they'd appear on an extra-small layout. How does that work on a large layout? Who knows. Now, how about "c12"? okay, maybe 12 columns? but how does that display on a phone with a layout small enough to only have 4 columns? i don't know! they don't know! nobody knows!

oh oh oh oh. and my particular favorite: "mdc-layout-grid__cell mdc-layout-grid__cell--align-bottom" WHAT. THE. FUCK. I'm not writing a goddamn novel! and that one claims to be from google itself. either they've gone insane or someone's totally lying. either way, fuck them.

SO. TERRIBLENESS ASIDE.

Instead of using Material Design v0.fuckoff that lacks any semblance of a grid layout, I figure I'll try v1.0 alpha that actually has one supported natively. It's new and supports everything I need. There's no way this can't be a good idea.

The problem is, while it's out and basically usable, none of the React component libraries fucking work with it. Redux-Form doesn't work with it either because it doesn't understand nested compound controls, and hacking it to work at least triples the boilerplate. So, instead, I have to use some other person's "hey, it's shitty but it works for me" alpha version of someone else's project that works as a wrapper on top of Redux-Form that makes all of this work. yeah, you totally followed that. Kind of like a second-cousin-twice-removed sort of project adding in the necessary features and support all the way down. and ofc it doesn't quite work. because why would things ever be easy?

like seriously, come on.
What i'm trying to do isn't even that bloody hard.

Do I really have to use bootstrap instead?
fuck that.

then again, fuck this significantly more.

UGH.

Worst fight I've had with a co-worker?

Had my share of 'disagreements', but one that seemed like it could have gone to blows was a developer, 'T', that tried to man-splain me how ADO.Net worked with SQLServer.

<T walks into our work area>
T: "Your solution is going to cause a lot of problems in SQLServer"
Me: "No, its not, your solution is worse. For performance, its better to use ADO.Net connection pooling."
T: "NO! Every single transaction is atomic! SQLServer will prioritize the operation thread, making the whole transaction faster than what you're trying to do."
<T goes on and on about threads, made up nonsense about priority queues, on and on>
Me: "No it won't, unless you change something in the connection string, ADO.Net will utilize connection pooling and use the same SPID, even if you explicitly call Close() on the connection. You are just wasting code thinking that works."

T walks over, stands over me (he's about 6.5", 300+ pounds), maybe 6 inches away

T: "I've been doing .net development for over 10 years. I know what I'm doing!"

I turn my chair to face him, look up, cross my arms.

Me: "I know I'm kinda new to this, but let me show you something ..."

<I threw together a C# console app, simple connect, get some data, close the connection>

Me: "I'll fire up SQLProfiler and we can see the actual connection SPID and when sql server closes the SPID....see....the connection to SQLServer is still has an active SPID after I called Close. When I exit the application, SQLServer will drop the SPD....tada...see?"
T: "Wha...what is that...SQLProfiler? Is that some kind of hacking tool? DBAs should know about that!"
Me: "It's part of the SQLServer client tools, its on everyone's machine, including yours."
T: "Doesn't prove a damn thing! I'm going to do my own experiment and prove my solution works."
Me: "Look forward to seeing what you come up with ... and you haven't been doing .net for 10 years. I was part of the team that reviewed your resume when you were hired. You're going to have to try that on someone else."

About 10 seconds later I hear him from across the room slam his keyboard on his desk.

100% sure he would have kicked my ass, but that day I let him know his bully tactics worked on some, but wouldn't work on me.

Go to Defcon.
Buy Hak5 hacking tools.
Afraid to try them out.

Setup WIFI Pineapple.
Figure out how to use it.
Start seeing everyone hitting my captive portal instead of the hotels captive portal.
Immediately turn it off.
Feel like an asshole.

Why did I buy these?

I starten when I was 12 years old. I got bullied and got interested in computers. One day I crashed my dads computer and he reinstalled it. After that my dad made two accounts. The regular user (my account) and the Administrator user (my dads account). He also changed the language from Dutch to English. Gladly I could still use the computer by looking at the icons :')

Everytime I needed something installed I had to ask my dad first (for games mostly because there was no cable internet at that time). Then I noticed the other user account while looking over my dads shoulders. So I tried to guess the password and found out the password was the same as the label next to the password field "password".

At that point my interest in hacking had grown. So when we finally got cable internet and my own computer (the old one) MSN Messenger came around. I installed lots of stuff like flooders etc. Nobody I knew could do this and people always said; he is a hacker. Although it is not.

I learned about IP-address because we sometimes had trouble with the internet. So when my dad wasn't home he said to me. Click on this (command prompt) and type in; ipcondig /all. If you don't see an IP-address you should type in; ipconfig /renew.

Thats when I learned that every computer has a unique address and I started fooling around with hacking tools I found on internet (like; Subseven).

When I got older I had a new friend and fooled around with the hacking tools on his computer. Untill one day I went by my friend and he said; my neighbor just bought my old computer. The best part was that he didn't reinstall it. So we asked him to give us the "weird code on the website" his IP-Address and Subseven connected. It was awesome :'). (Windows firewall was not around back then and routers weren't as popular or needed)

At home I started looking up more hacking stuff and found a guide. I still remember it was a white page with only black letters like a text file. It said sometime like; To be a hacker you first need to understand programming. The website recommended Visual Basic 6 for beginners. I asked my parents to buy me a book about it and I started reading in the holliday.

It was hard for me but I really wanted to hack MSN accounts. When I got older I just played around and copy -> pasted code. I made my own MSN flooders and I noticed hacking isn't easy.

I kept programming and learned and learned. When I was 16/17 I started an education in programming. We learned C# and OOP (altho I hated OOP at first). I build my own hacking tool like "Subseven" and thats when I understood you need a "server" and "client" for a successful connection.

I quit the hacking because it was getting to difficult and after another education I'm now a fulltime back-end developer in C#.

That's my story in short :)

So earlier today as I was walking out of class, I overheard some people talking.
One of them said “Oh I hacked google”
Then the other one said “Oh yeah I hacked google aswell. I made it say (something I forgot)”
They were thinking that using the dev tools to make one of the tags say stuff was hacking.
😤😤😤😤😤😤😤😤😤😤😤
I had to run away
It was t o o m u c h

Hoe about this.. Instead of a 'literal' game..

My co-developer suggested we make a minimal Linux OS (based off of Debian) and set it up to simulate fake hacking.

How does that sound?

It would still be a game, but would be so much cooler. >:3

The OS would be SOOPER light. And wpuld come with a custom set of 'hacking' tools. These 'tools' could also be installed on any other Linux os.

This is all theoretical, but we would love to hear your opinions.

mangodb's rant reminded me of smth.. Folks from my country might remember this story.

So we have a national e-health system. Millions have been invested, half of the money have never reached the project [disappeared smwhr in between] and its quality is not shiny. It works, sometimes even fast enough. But boy does it have bugs... Let's not get into that. It's politics.

So some time ago one IT guy spotted a bug that allowed him to get sensitive info of other patients. He informed e-health folks and waited for a fix. He waited for a few weeks but the fix had never been released. So he published his findings in soc media [yepp.. Stupid move]. That caused a national scandal. Not to mention he had been pressed with charges.

That guy and our health minister were invited in one of the tv debates. The guy was asked to explained how he found all this sensitive data. And he explained that he hit f12 in his browser, opened a network tab, issued a network request by clicking smth in the webpage analysed received data in the dev tools.

The minister looked somewhat happy, maybe a lil proud of himself - a person who has a "gotcha!" moment has that very glow he had. And he said: "what you did there was obvious hacking. I reckon you should know that true developers do not do those things you have just explained to us" [he was talking about dev tools].

I died inside a little bit.

About 3 years ago, my girlfriend had this laptop that she got from her University. She had to give the laptop back to get reset, but didn't want to lose all of her data on it, and a backup would be around 750GB.

So I suggested that I would backup the laptop (was thinking to just dd an image and go from there). So I plugged in my mobile USB and external hard drive, and started the imaging process. Given the amount of data and setup, the process should have taken about 5hours. So we left it there for 5h.

Please be mindful that at this stage in my life I knew very little about boot processes, oses, and hardware.

5h after. The laptop screen is black and it ain't responsive. Not sure what happened, the dd process was completed, but the laptop refused to boot into windows. Tried a number of boot tools, and spent a crazy night hacking at the machine. But the university had some of sort of fail safe to not allow anyone to boot into windows if someone opened bios without entering a password. Whatever this was, I spent over 12h trying to either open mount the windows partition with a Ubuntu usb or mount the corrupt dd image on my laptop.

Long story short, after throwing at it a number of fixes. I was able to mount the image, copy out all of her personal data, and reinstall a new version of Windows on her laptop. The university didnt understand why the laptop was already reset. She still mentions this to me anytime I want to take a "custom approach" to software lol

Worst Hackathon experience:
Taking an API built by a junior dev team with minimal specs and "hacking for two pointless days" to make it work in production...

The whole Hackathon idea was an experiment to see if they could make the dev team stay late if they bought pizza and said "have fun".

We all spent 2 days cursing at the shoddy tools and lamenting that you can't run a Hackathon with a single directive and "production ready goal" yet remove any choice the developers have to actually contribute.

Anyone knows some good network penetration suite for Android?
I got cSpoit 'cause dSploit is dead. And cSploid seems to be broken - for me, too.

Has hacking become a hobby for script-kiddies?

I have been thinking about this for a while know, I went to a class at Stanford last summer to learn penetration-testing. Keep in mind that the class was supposed to be advanced as we all knew the basics already. When I got there I was aggravated by the course as the whole course was using kali linux and the applications that come with it.

After the course was done and I washed off the gross feeling of using other peoples tools, I went online to try to learn some tricks about pen-testing outside of kali-linux tools. To my chagrin, I found that almost 90% of documentation from senior pen-testers were discussing tools like "aircrack-ng" or "burp-suite".

Now I know that the really good pen-testers use their own code and tools but my question is has hacking become a script kiddie hobby or am I thinking about the tools the wrong way?

It sounds very interesting to learn https and network exploits but it takes the fun out of it if the only documentation tells me to use tools.

So recently i got a message from aa person asking how to (these are exact words) ,
:break into insta's database using Sqlmap"
I then proceeded to tell them to "f*ck of ya c*nt ".
Afterwords it inspired me to write this rant

annoying classmates:" hahaha GuYS bEtER wAtcH OuT he's GonnaA hack Us"

me: " yea I can program I also do some ethical hacking and cybersecurity "

annoying classmates: "hahaH Bro your a Hacker OhHHhHHOOO BrO CaN yoU hACk inSta FoR mE I NEEd MoRe FolloWeRs "

me:" tf no one that's illegal and two it's waste of my time "

annoying classmates: "BrOooo CaN yoU gEt Me SoMe HacKs fOr CsGo"

me: "can you just please f*ck off , i'm not hacking for you everything you've asked me is extremely unethical and a huge waste of time, Also if you suck so bad at a game you need to cheat I recommend just stopping "
annoying classmates: "DUdE whAt ToolS dO i HVAE to DownLOad To Be A haCkEr"
me: *trying hard not to murder them* " I told you to f*ck off"

being a hackers isn't downloading tools it isn't typing at 90wpm into a terminal with green font its not about games or fame or anything its about coming up with creative solutions to problems , thinking outside the box its about individuality and breaking from the heard , looking at things from a different viewpoint,
it's about endlessly seeking knowledge.
It's about freedom though creation that's what being a hacker originally was. But because of big media and movie company's (and script kiddies) people now confuse hacker with cracker and think of us as jobless fat kids sitting in a dark room in there parents house breaking into bank accounts and buying drugs on the dark web (which people see to think there a hacker just because they can open tor browser. they then proceed to use google to look up "fresh onion links 2020") .
My classmates and really my generation has a huge case of smooth brain. They a think we can just look at someone and hack them they also seem to think using a gratify link to get a persons up is hacking and using the inspect element is hacking and that opening a terminal is hacking ! AHHHHHHHHHHHHHHHHHHHHH"

Anyways ima end this here thanks for reading :)

There is no fucking holy grail of programming. It's better to use the right tools for each task instead of wasting hours to make the wrong tool do a horrible job. But noooooo. Even since this co-worker got here, he bragged how good Drupal 7 is for everything, and he never even ised it once before! Now we have 2 fucking projects beyond schedule and a new one coming ing, each of which tries to use a fucking CMS as if it was a fucking framework. Fucking idiots who believe setting a couple of options via gui to generate random code means programming. Fucking bosses who believe using 3rd party community modules and hacking around them to have them do different stuff is better than coding what we need. I fucking gave up and started using raw php to be able to finish this fucking project, but my damn co-worker refuses to. He keeps swearing and punching the desk, saying it's our clients' fault for asking stupid features, and if you dare to mention how it may because we're using a cms like it was a framework, he just goes full bigot about Drupal. Bloody Hell, it would have taken lass than 3 weeks in Rails. I could just headbutt a kitten right now.

Is the ransomware attack using leaked NSA hacking tools affecting 99 countries is seriously serious or should be categorized as fake news

Talking about software engineering. probably everyone has a slightly different understanding of it, but I wonder who is still using UML or similar tools.
I'm asking cause I see only few who are capable of using it.
There might be tons of other ways of achieving things for what UML is meant for, but I got the impression that software designing /architecture isn't a thing at all. It's not only that I see a lack of collaboration efficiency, but I'm also afraid that it's more about hacking things together (maybe even by just smashing SO comments together)

Thanks, looking forward to read your opinions !

PS: if my suspicion was correct, than this would have been a rant 😁

Does anyone have experince with UPnP audit/hacking tools like miranda? I need to show my prof how to do it and either show it live or record it and show the video. Do you know some good tutorials or sites?