devRant - A fun community for developers to connect over code, tech & life as a programmer

Search - "incident report"

24

PaperTrail

10743

7y

SM = Scrum Master

SM: "Card #130, you added a comment saying you aren't going to do update the report?"
Me:"Yea, I explained why in the comment"
SM: "Product owner wants it."
Me: "Product owner isn't the manager using it. I talked with Steve, he said the data is accurate and they have to go to the database anyway to verify the error. That report has no way of knowing the message logged could be a false positive."
SM: "That's not our job to decide. If the Product Owner wants the feature, we add the feature."
Me: "It is absolutely is our job. Steve is the user of the report. I could really care less what the product owner said. The only reason he created the card was because Steve told him a specific error logged could be a false positive, and only happens, maybe, once a month. I'm not wasting my time, Steve's time, or this project's time on wild goose chases."
SM: "I'll schedule a meeting this afternoon to discuss the issue with the product owner. Don't worry, if you can't figure out how to filter out the false positives, I'll assign the ticket to me."

fracking fracking kiss ass. I swear, if he goes behind my back again ....I... deep breath....ahhh...OK..Thanks devrant. Work place incident diverted.

undefined

6
23

Condor

32496

6y

Long rant ahead.. 5k characters pretty much completely used. So feel free to have another cup of coffee and have a seat 🙂

So.. a while back this flash drive was stolen from me, right. Well it turns out that other than me, the other guy in that incident also got to the police 😃

Now, let me explain the smiley face. At the time of the incident I was completely at fault. I had no real reason to throw a punch at this guy and my only "excuse" would be that I was drunk as fuck - I've never drank so much as I did that day. Needless to say, not a very good excuse and I don't treat it as such.

But that guy and whoever else it was that he was with, that was the guy (or at least part of the group that did) that stole that flash drive from me.
Context: https://devrant.com/rants/2049733 and https://devrant.com/rants/2088970

So that's great! I thought that I'd lost this flash drive and most importantly the data on it forever. But just this Friday evening as I was meeting with my friend to buy some illicit electronics (high voltage, low frequency arc generators if you catch my drift), a policeman came along and told me about that other guy filing a report as well, with apparently much of the blame now lying on his side due to him having punched me right into the hospital.

So I told the cop, well most of the blame is on me really, I shouldn't have started that fight to begin with, and for that matter not have drunk that much, yada yada yada.. anyway he walked away (good grief, as I was having that friend on visit to purchase those electronics at that exact time!) and he said that this case could just be classified then. Maybe just come along next week to the police office to file a proper explanation but maybe even that won't be needed.

So yeah, great. But for me there's more in it of course - that other guy knows more about that flash drive and the data on it that I care about. So I figured, let's go to the police office and arrange an appointment with this guy. And I got thinking about the technicalities for if I see that drive back and want to recover its data.

So I've got 2 phones, 1 rooted but reliant on the other one that's unrooted for a data connection to my home (because Android Q, and no bootable TWRP available for it yet). And theoretically a laptop that I can put Arch on it no problem but its display backlight is cooked. So if I want to bring that one I'd have to rely on a display from them. Good luck getting that done. No option. And then there's a flash drive that I can bake up with a portable Arch install that I can sideload from one of their machines but on that.. even more so - good luck getting that done. So my phones are my only option.

Just to be clear, the technical challenge is to read that flash drive and get as much data off of it as possible. The drive is 32GB large and has about 16GB used. So I'll need at least that much on whatever I decide to store a copy on, assuming unchanged contents (unlikely). My Nexus 6P with a VPN profile to connect to my home network has 32GB of storage. So theoretically I could use dd and pipe it to gzip to compress the zeroes. That'd give me a resulting file that's close to the actual usage on the flash drive in size. But just in case.. my OnePlus 6T has 256GB of storage but it's got no root access.. so I don't have block access to an attached flash drive from it. Worst case I'd have to open a WiFi hotspot to it and get an sshd going for the Nexus to connect to.

And there we have it! A large storage device, no root access, that nonetheless can make use of something else that doesn't have the storage but satisfies the other requirements.

And then we have things like parted to read out the partition table (and if unchanged, cryptsetup to read out LUKS). Now, I don't know if Termux has these and frankly I don't care. What I need for that is a chroot. But I can't just install Arch x86_64 on a flash drive and plug it into my phone. Linux Deploy to the rescue! 😁
It can make chrooted installations of common distributions on arm64, and it comes extremely close to actual Linux. With some Linux magic I could make that able to read the block device from Android and do all the required sorcery with it. Just a USB-C to 3x USB-A hub required (which I have), with the target flash drive and one to store my chroot on, connected to my Nexus. And fixed!

Let's see if I can get that flash drive back!

P.S.: if you're into electronics and worried about getting stuff like this stolen, customize it. I happen to know one particular property of that flash drive that I can use for verification, although it wasn't explicitly customized. But for instance in that flash drive there was a decorative LED. Those are current limited by a resistor. Factory default can be say 200 ohm - replace it with one with a higher value. That way you can without any doubt verify it to be yours. Along with other extra security additions, this is one of the things I'll be adding to my "keychain v2".

rant information security reconnaissance problem solving

11
19

ctnqhk

1147

2y

I’m LOLing at the audacity of one of our vendors.

We contract with a vendor to build and maintain a website. Our network security team noticed there was a security breach of the vendor’s website. Our team saw that malicious users gained access to our Google Search console by completing a challenge that was issued to the vendor’s site.

At first, the vendor tried to convince us that their site wasn’t comprised and it was the Google search Console that was compromised. Nah dude. Our Search Console got compromised via the website you maintain for us. Luckily our network team was able to remove the malicious users from our search console.

That vendor site accepts credit card payments and displays the user’s contact info like address, email, and phone. The vendor uses keys that are tied to our payment gateway. So now my employer is demanding a full incident report from the vendor because their dropping the ball could have compromised our users’ data and we might be responsible for PCI issues.

And the vendor tried to shit on us even more. The vendor also generates vanity urls for our users. My employer decided to temporarily redirect users to our main site (non vendor) because users already received those links and in order to not lose revenue. The vendor’s solution is to build a service that will redirect their vanity urls to our main site. And they wanted to charge us $5000 usd for this. We already pay them $1000 a month already.

WTAF we are not stupid. Our network service team said we could make the argument that they do this without extra charge because it falls in the scope of our contract with them. Our network team also said that we could terminate the contract because the security breach means they didn’t render the service they were contracted to do. Guess it’s time for us to get our lawyer’s take on this.

So now it looks like my stakeholders want me to rebuild all of this in house. I already have a lot on my plate, but I’m going to be open to their requests because we are still in the debrief phase.

rant the audacity of this vendor we’re not stupid don’t shit on us

2
13

bjorngi

3874

8y

Poor YT.

undefined incident report gitlab

4
12

gitlog

6206

6y

Git ransom attack
https://github.blog/2019-05-14-git-...

rant github bitbucket gitlab git ransom

15
8

Demolishun

34964

241d

So I am driving home and stop at a light. Some dude in a truck behind me starts flipping me off at the light. The road is 45mph and 2 lanes. I am in the right lane. So when the light changes I speed up to 35mph so he can pass me. He decides to tailgate me and honk at me. So I stay steady and he eventually goes around me. I keep my distance. But it looks like he is going to the same place as me. Before I get to the road I want to park for my destination he takes the same road and parks his truck and trailer where I normally park facing the wrong direction. Okay, wtf, but okay. So I go further down the road to turn around and park somewhere else. He guns his truck to cut me off from that parking spot. I have to hit my brakes to prevent hitting him. I raise my hands in the are like "why?" I then finish turning around and head back to my parking spot and park. So this guy tried to cause a car accident. At this point I took my stuff inside and put it away. Came back out and called the police to report the incident. They said they cannot identify a crime, but I can fill out a police report. While I am on the phone with the police this guy leaves that street giving me this bizarre deranged smile. I refuse to engage. I spent the next hour filling out the police report. In the process I find out he lives on that street a few houses down. I am nowhere near his house, but he seems to not like me parking on that street. This guy must have seen my car on that street before and decides to randomly road rage. I gave his name and address to the police. My intent to build a case file if he doesn't knock this shit off.

So now I gotta buy a fucking dash cam and put it in my car because of some nutjob plumber. I have nothing against plumbers, but this guy fits the definition of knuckle dragger. His name isn't even Mario or Luigi, bummer.

Another thing that might be related is that during the winter somebody dumped a ton of snow onto my car when it was parked there. It looked like it was on purpose. If this is the same guy this guy drove his snow plow 4 houses down. Definitely has mental problems.

rant retards

10
6

JoshBent

25480

7y

Some interesting reads I came across yesterday:

- Github got DDOSd with 1.35Tbps via memcached
-- https://githubengineering.com/ddos-...

- Troy Hunt, the creator of https://haveibeenpwned.com/ released "Pwned Passwords" V2 and talks about his partnership with cloudflare, how he handles traffic, why he chose SHA1 for the passwords, how he together with a cloudflare engineer thought of a solution to anonymize password checks and more
-- https://troyhunt.com/ive-just-launc...

undefined ddos haveibeenpwned v2 github troy hunt

1

Top Tags

rant linux code windows fuck i java c programming android dev the is javascript js life joke a python

Weekly Rant

View

Most unrealistic deadline you've had?