Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "internet security"
-
Some guy my girlfriend knows, heard I'm a software developer. He had this 'great' idea on how he wanted to start a new revolutionary way of paying on the internet. He wanted to create a service like paypal but without having the hassle of logging in first and going through a transaction. He wanted a literal "buy now" button on every major webshop on the internet. When I asked him how he thought that would work legally and security wise, he became a bit defensive and implied that since I'm the tech guy I should work out that kind of stuff. When the software was ready, he would have clients lined up for the service and his work would start.
I politely declined this great opportunity14 -
Consultant: "you should deploy a website. Use wordpress and have a draft ready in a few days. It's easy."
Me: "It's a static website, a one-pager even. I think we would be better served with something light-weight without a database."
Consultant: "99% of the websites in the entire internet are powered by wordpress. It's state of the art, you should use it"
Me: 😢 "Nooo, it needs mainentance and stuff. Look, XY is much simpler. You can even version the static site with git"
Consultant: 😤
We ended up with wordpress for our static website now. I am so proud. I absolutely love wordpress. It is amazing. Now my static one-pager can have plugins, multiple users, security issues and all that. The future is now!17 -
Another story on the spirit of wk93. TL;DR I DOS'd the whole campus network for some beers.
In highschool teachers had this blackboard system (a sort of moodle) and we used to have really lazy teachers who only read the PowerPoint presentations and made us take notes. One day I was fed up with their bullshit and figured these lazy ass professors wouldn't "teach" crap as soon as there was no internet connection...so the race was on...
10 minutes before the bell rang a friend and I managed to break in into a computer lab, I booted up Kali and searched for the access points, 3 routers through the building all with CISCO OS.
I figured they had all the default configs, time was running out so I decided to Smurf the three access points with the lab's IP range, scheduled an automatic shutdown in 2 hours and blocked the PC. The bell rang and as predicted, no internet, no class, my friends and I used that free time to go to a bar (on a Monday afternoon).
Funny side note, since the 3 routers were down the whole network collapsed, no cameras, no access control, no faculty network or any network. We kept doing it and every time we did campus security would be desperately searching for someone with a black hoodie.6 -
This is so true (not for me).
People (normies) bitch about security, but they click on any and every link, while putting all their information all over the internet.7 -
And here comes the last part of my story so far.
After deploying the domain, configuring PCs, configuring the server, configuring the switch, installing software, checking that the correct settings have been applied, configuring MS Outlook (don't ask) and giving each and every user a d e t a i l e d tutorial on using the PC like a modern human and not as a Homo Erectus, I had to lock my door, put down my phone and disconnect the ship's announcement system's speaker in my room. The reasons?
- No one could use USB storage media, or any storage media. As per security policy I emailed and told them about.
- No one could use the ship's computers to connect to the internet. Again, as per policy.
- No one had any games on their Windows 10 Pro machines. As per policy.
- Everyone had to use a 10-character password, valid for 3 months, with certain restrictions. As per policy.
For reasons mentioned above, I had to (almost) blackmail the CO to draft an order enforcing those policies in writing (I know it's standard procedure for you, but for the military where I am it was a truly alien experience). Also, because I never trusted the users to actually backup their data locally, I had UrBackup clone their entire home folder, and a scheduled task execute a script storing them to the old online drive. Soon it became apparent why: (for every sysadmin this is routine, but this was my first experience)
- People kept deleting their files, whining to me to restore them
- People kept getting locked out because they kept entering their password WRONG for FIVE times IN a ROW because THEY had FORGOTTEN the CAPS lock KEY on. Had to enter three or four times during weekend for that.
- People kept whining about the no-USB policy, despite offering e-mail and shared folders.
The final straw was the updates. The CO insisted that I set the updates to manual because some PCs must not restart on their own. The problem is, some users barely ever checked. One particular user, when I asked him to check and do the updates, claimed he did that yesterday. Meanwhile, on the WSUS console: PC inactive for over 90 days.
I blocked the ship's phone when I got reassigned.
Phiew, finally I got all those off my chest! Thanks, guys. All of the rants so far remind me of one quote from Dave Barry:7 -
!dev !rant - only very sad
I have been through the worst and saddest week of my life.
Sadly, it's getting worse every day.
I've been travelling around the world in my RV for years and haven't seen my parents for several years. Since I recently successfully completed a huge project and now have some spare time, I thought it would be nice to visit my parents. Everything went well. We were glad to see each other after a long time and had a nice day together. My father works as a security guard and had to go to work early in the evening. So I stayed alone with my mother.
In the evening my mother went to bed earlier than usual because she didn't feel well. I wished her a good night and wanted to surf the internet. But somehow I had a strange feeling (maybe a premonition) and after 5 minutes I went into her bedroom to bring her a glass of water and at this very moment she suffered a heart attack. I threw it all away and called 911 immediately. I shouted the address into the phone, screamed emergency, heart failure, unconscious while trying to start resuscitation at the same time. Fortunately, the ambulance was nearby, arrived in just a few minutes, pushed me aside and started the resuscitation procedure. It took more than an hour and dozens of electric shocks to even get a pulse.
The ambulance took her to the hospital for further medical treatment. I was in the hospital all night until at least she had a stable pulse.
As soon as I returned to my parents' house (the car was still warm, hardly 3 minutes have passed), my father, who had returned from work a few minutes earlier, suddenly suffered a thrombosis in his leg. The whole leg was slowly turning black. I immediately dragged him into the car and drove him as fast as I could to the hospital.
It's Sunday now. I haven't slept since Thursday and I've been in the hospital all the time. Both are in a coma, fighting for their lives. I thought it couldn't get any worse, my mother got sepsis and pneumonia today.
Now I have returned to my parents' house and pray that both of them will survive. Can't sleep even though I'm tired to death. Can't work, try to distract me somehow. Maybe I'll be able to sleep at least two hours. Then I'll go back to the hospital.
What a damn fuckin' week.46 -
First internship (ranted about it before).
- Had to google translate their entire internal crm.
- pointed out major security flaws and got a speech saying that "I shouldn't think so high of myself and I didn't have the fucking right to criticize their products"
- every time the boss came to the office after a failed sales presentation, we (interns) got called the most nasty stuff. Yes. We didn't have anything to do with that at all.
- I had "hygiene issues": window to the south with 35-40 degrees (Celsius) feeling temperature and no airco. Deo didn't really make a difference but wasn't allowed to use it there anyways. Details: I have a transpiration issue so I sweat shitloads more than other people, that didn't help at all.
- nearly got fired because I had to to to the doctor in company time for a serious health issue.
- was (no kidding) REQUIRES to use internet explorer and we were monitored constantly.
Self esteem dropped through the fucking ground there.12 -
This is kind of a horror story, with a happing ending. It contains a lot of gore images, and some porn. Very long story.
TL;DR Network upgrade
Once upon a time, there were two companies HA and HP, both owned by HC. Many years went by and the two companies worked along side each one another, but sometimes there were trouble, because they weren't sure who was supposed to bill the client for projects HA and HP had worked on together.
At HA there was an IT guy, an imbecile of such. He's very slow at doing his job, doesn't exactly understand what he's doing, nor security principles.
The IT guy at HA also did some IT work for HP from time to time when needed. But he was not in charge of the infrastructure for HP, that was the jobb for one developer who didn't really know what he was doing either.
Whenever a new server was set up at HP, the developer tried many solutions, until he landed on one, but he never removed the other tested solutions, and the config is scattered all around. And no documentation!!
Same goes with network, when something new was added, the old was never removed or reconfigured to something else.
One dark winter, a knight arrived at HP. He had many skills. Networking, server management, development, design and generally a fucking awesome viking.
This genius would often try to cleanse the network and servers, and begged his boss to let him buy new equipment to replace the old, to no prevail.
Whenever he would look in the server room, he would get shivers down his back.
(Image: https://i.bratteng.xyz/Ie9x3YC33C.j...)
One and a half year later, the powerful owners in HA, HP and HC decided it was finally time to merge HA and HP together to HS. The knight thought this was his moment, he should ask CEO if he could be in charge of migrating the network, and do a complete overhault so they could get 1Gb interwebz speeds.
The knight had to come up with a plan and some price estimates, as the IT guy also would do this.
The IT guy proposed his solution, a Sonicwall gateway to 22 000 NOK, and using a 3rd party company to manage it for 3000 NOK/month.
"This is absurd", said the knight to the CEO and CXO, "I can come up with a better solution that is a complete upgrade. And it will be super easy to manage."
The CEO and CXO gave the knight a thumbs up. The race was on. We're moving in 2 months, I got to have the equipment by then, so I need a plan by the end of the week.
He roamed the wide internet, looked at many solutions, and ended up with going for Ubiquiti's Unifi series. Cheap, reliable and pretty nice to look at.
The CXO had mentioned the WiFi at HA was pretty bad, as there was WLAN for each meeting room, and one for the desks, so the phone would constantly jump between networks.
So the knight ended up with this solution:
2x Unifi Securtiy Gateway Pro 4
2x Unifi 48port
1x Unifi 10G 16port
5x Unifi AP-AC-Lite
12x pairs of 10G unifi fibre modules
All with a price tag around the one Sonicwall for 22 000 NOK, not including patch cables, POE injectors and fibre cables.
The knight presented this to the CXO, whom is not very fond of the IT guy, and the CXO thought this was a great solution.
But the IT guy had to have a say at this too, so he was sent the solution and had 2 weeks to dispute the soltion.
Time went by, CXO started to get tired of the waiting, so he called in a meeting with the knight and the IT guy, this was the IT guys chance to dispute the solution.
All he had to say was he was familiar with the Sonicwall solution, and having a 3rd party company managing it is great.
He was given another 2 weeks to dispute the solution, yet nothing happened.
The CXO gave the thumbs up, and the knight orders the equipment.
At this time, the knight asks the IT guy for access to the server room at HA, and a key (which would take 2 months to get sorted, because IT guys is a slow imbecile)
The horrors, Oh the horrors, the knight had never seen anything like this before.
(Image: https://i.bratteng.xyz/HfptwEh9qT.j...)
(Image: https://i.bratteng.xyz/HfptwEh9qT.j...)
(Image: https://i.bratteng.xyz/hmOE2ZuQuE.j...)
(Image: https://i.bratteng.xyz/4Flmkx6slQ.j...)
What are all these for, why is there a fan ductaped to on of the servers.
WHAT IS THIS!
Why are there cables tied in a knot.
WHY!
These are questions we never will know the answers too.
The knight needs access to the servers, and sonicwall to see how this is configured.
After 1.5 month he gains access to the sonicwall and one of the xserve.
What the knight discovers baffles him.
All ports are open, sonicwall is basically in bridge mode and handing out public IPs to every device connected to it.
No VLANs, everything, just open...10 -
Lads, I will be real with you: some of you show absolute contempt to the actual academic study of the field.
In a previous rant from another ranter it was thrown up and about the question for finding a binary search implementation.
Asking a senior in the field of software engineering and computer science such question should be a simple answer, specifically depending on the type of job application in question. Specially if you are applying as a SENIOR.
I am tired of this strange self-learner mentality that those that have a degree or a deep grasp of these fundamental concepts are somewhat beneath you because you learned to push out a website using the New Boston tutorials on youtube. FOR every field THAT MATTERS a license or degree is hold in high regards.
"Oh I didn't go to school, shit is for suckers, but I learned how to chop people up and kinda fix it from some tutorials on youtube" <---- try that for a medical position.
"Nah it's cool, I can fix your breaks, learned how to do it by reading blogs on the internet" <--- maintenance shop
"Sure can write the controller processing code for that boing plane! Just got done with a low level tutorial on some websites! what can go wrong!"
(The same goes for military devices which in the past have actually killed mfkers in the U.S)
Just recently a series of people were sent to jail because of a bug in software. Industries NEED to make sure a mfker has aaaall of the bells and whistles needed for running and creating software.
During my masters degree, it fucking FASCINATED me how many mfkers were absolutely completely NEW to the concept of testing code, some of them with years in the field.
And I know what you are thinking "fuck you, I am fucking awesome" <--- I AM SURE YOU BLOODY WELL ARE but we live in a planet with billions of people and millions of them have fallen through the cracks into software related positions as well as complete degrees, the degree at LEAST has a SPECTACULAR barrier of entry during that intro to Algos and DS that a lot of bitches fail.
NOTE: NOT knowing the ABSTRACTIONS over the tools that we use WILL eventually bite you in the ASS because you do not fucking KNOW how these are implemented internally.
Why do you think compiler designers, kernel designers and embedded developers make the BANK they made? Because they don't know memory efficient ways of deploying a product with minimal overhead without proper data structures and algorithmic thinking? NOT EVERYTHING IS SHITTY WEB DEVELOPMENT
SO, if a mfker talks shit about a so called SENIOR for not knowing that the first mamase mamasa bloody simple as shit algorithm THROWN at you in the first 10 pages of an algo and ds book, then y'all should be offended at the mkfer saying that he is a SENIOR, because these SENIORS are the same mfkers that try to at one point in time teach other people.
These SENIORS are the same mfkers that left me a FUCKING HORRIBLE AND USELESS MESS OF SPAGHETTI CODE
Specially to most PHP developers (my main area) y'all would have been well motherfucking served in learning how not to forLoop the fuck out of tables consisting of over 50k interconnected records, WHAT THE FUCK
"LeaRniNG tHiS iS noT neeDed!!" yes IT fucking IS
being able to code a binary search (in that example) from scratch lets me know fucking EXACTLY how well your thought process is when facing a hard challenge, knowing the basemotherfucking case of a LinkedList will damn well make you understand WHAT is going on with your abstractions as to not fucking violate memory constraints, this-shit-is-important.
So, will your royal majesties at least for the sake of completeness look into a couple of very well made youtube or book tutorials concerning the topic?
You can code an entire website, fine as shit, you will get tested by my ass in terms of security and best practices, run these questions now, and it very motherfucking well be as efficient as I think it should be(I HIRE, NOT YOU, or your fucking blog posts concerning how much MY degree was not needed, oh and btw, MY degree is what made sure I was able to make SUCH decissions)
This will make a loooooooot of mfkers salty, don't worry, I will still accept you as an interview candidate, but if you think you are good enough without a degree, or better than me (has happened, told that to my face by a candidate) then get fucking ready to receive a question concerning: BASIC FUCKING COMPUTER SCIENCE TOPICS
* gays away into the night53 -
Clearly Mozilla is the villain here for prioritising privacy and personal freedom over censorship, control, and surveillance. Oh, our parental controls don't work! WON'T SOMEBODY THINK OF THE CHILDREN! wtf18
-
!rant
So it turns out that my dad accidentally took my spare laptop on a work trip. He's about as non-tech as you can get, and that laptop runs...Arch Linux. Yeah.
(call from dad)
M: hi dad
D: what's your desktop password?
M: (confused) {Password}
D: okay.
(cuts the call)
M: *shrug*
(call from dad)
M: hi dad
D: so where is PowerPoint?! where's the Windows button?! I've been at this for half an hour now and I have to edit a presentation for tomorrow!!
M: (realizes what's happened) oh...uh...dad...that's.. Linux...
D: don't you people do anything the way it's supposed to be done?
M: uh...
D: ugh! So you can't edit PPTs on this?
M: (processing...LibreOffice isn't installed on the laptop, and he will have to use the command line to connect to the internet to use Office Online or Google Slides since the Deepin WiFi module keeps fucking up for some reason)
D: well?
M: (internal sigh) No, you can't edit PPTs on that.
D: wow.
(cuts the call)
He either thinks we're all useless or that we have godlike computer skills to be able to edit PPTs on Linux. Oh well.
(He managed to use the hotel's "workstation" to get it done, so all is well. I should tell him to change his password though, hotel computers have rubbish security.)14 -
This was at my first internship (was fired later for other bs reasons).
They got me as a programming intern but very soon I felt very conflicted with multiple things:
1. Got to google translate their internal CRM into five languages. After two weeks (the estimate I gave them) I discovered that I overlooked the second half, apologized and got a whole shitstorm at my face.
2. Was only allowed to use Internet Explorer for everything *cry face*.
3. Saw multiple security flaws in their main product, told my boss (also my internship manager) about it because hey, I'm security oriented and it might help them. Next day he called me into his office and I got a huge speech about who the fuck I am to criticize their product and that I was a security wannabee who doesn't know shit.
4. Boss came home after a product presentation went sideways. The interns didn't have anything to do with that but he called (or, yelled big time) us every dirty word he could think of and blamed us.
Luckily I was fired after like five weeks. I literally cried of happiness when I walked home. I was too shy to stand up for myself by that time (even only 2-3 years ago)14 -
"Hey nephew, why doesn't the FB app work. It shows blank white boxes?"
- It can't connect or something? (I stopped using the FB app since 2013.)
"What is this safe mode that appeared on my phone?!"
- I don't know. I don't hack my smartphone that much. Well, I actually do have a customised ROM. But stop! I'm pecking my keyboard most of the time.
"Which of my files should I delete?"
- Am I supposed to know?
"Where did my Microsoft Word Doc1.docx go?"
- It lets you choose the location before you hit save.
"What is 1MB?"
- Search these concepts on Google. (some of us did not have access to the Internet when we learned to do basic computer operations as curious kids.)
"What should I search?"
- ...
"My computer doesn't work.. My phone has a virus. Do you think this PC they are selling me has a good spec? Is this Video Card and RAM good?"
- I'm a programmer. I write code. I think algorithmically and solve programming problems efficiently. I analyse concepts such as abstraction, algorithms, data structures, encapsulation, resource management, security, software engineering, and web development. No, I will not fix your PC.7 -
First rant, please take pity on the noob! 😐
Recently I've secured many of my user accounts spread throughout the internet. Using the same old password for everything is bad for security and for mental health! 😫
Since I was on the mood, I've tried to do a 'break glass' scenario, simulating an attacker that possessed my Gmail account credentials. "How bad can it be?" I've thought to myself...
... Bad. Very bad. Turns out not only I use lots of oauth based services, I also wasn't able to authenticate back to Google without my pass.
So when you get home today, try simulating what would happen if someone got to your Google or Facebook account.
Makes you consider the amount of control these big companies have over your life 😶15 -
Fuck me, big fucking security flaw with a UK internet service provider, my head has gone through my desk and hit the floor it’s that bad.23
-
The stupid stories of how I was able to break my schools network just to get better internet, as well as more ridiculous fun. XD
1st year:
It was my freshman year in college. The internet sucked really, really, really badly! Too many people were clearly using it. I had to find another way to remedy this. Upon some further research through Google I found out that one can in fact turn their computer into a router. Now what’s interesting about this network is that it only works with computers by downloading the necessary software that this network provides for you. Some weird software that actually looks through your computer and makes sure it’s ok to be added to the network. Unfortunately, routers can’t download and install that software, thus no internet… but a PC that can be changed into a router itself is a different story. I found that I can download the software check the PC and then turn on my Router feature. Viola, personal fast internet connected directly into the wall. No more sharing a single shitty router!
2nd year:
This was about the year when bitcoin mining was becoming a thing, and everyone was in on it. My shitty computer couldn’t possibly pull off mining for bitcoins. I needed something faster. How I found out that I could use my schools servers was merely an accident.
I had been installing the software on every possible PC I owned, but alas all my PC’s were just not fast enough. I decided to try it on the RDS server. It worked; the command window was pumping out coins! What I came to find out was that the RDS server had 36 cores. This thing was a beast! And it made sense that it could actually pull off mining for bitcoins. A couple nights later I signed in remotely to the RDS server. I created a macro that would continuously move my mouse around in the Remote desktop screen to keep my session alive at all times, and then I’d start my bitcoin mining operation. The following morning I wake up and my session was gone. How sad I thought. I quickly try to remote back in to see what I had collected. “Error, could not connect”. Weird… this usually never happens, maybe I did the remoting wrong. I went to my schools website to do some research on my remoting problem. It was down. In fact, everything was down… I come to find out that I had accidentally shut down the schools network because of my mining operation. I wasn’t found out, but I haven’t done any mining since then.
3rd year:
As an engineering student I found out that all engineering students get access to the school’s VPN. Cool, it is technically used to get around some wonky issues with remoting into the RDS servers. What I come to find out, after messing around with it frequently, is that I can actually use the VPN against the screwed up security on the network. Remember, how I told you that a program has to be downloaded and then one can be accepted into the network? Well, I was able to bypass all of that, simply by using the school’s VPN against itself… How dense does one have to be to not have patched that one?
4th year:
It was another programming day, and I needed access to my phones memory. Using some specially made apps I could easily connect to my phone from my computer and continue my work. But what I found out was that I could in fact travel around in the network. I discovered that I can, in fact, access my phone through the network from anywhere. What resulted was the discovery that the network scales the entirety of the school. I discovered that if I left my phone down in the engineering building and then went north to the biology building, I could still continue to access it. This seems like a very fatal flaw. My idea is to hook up a webcam to a robot and remotely controlling it from the RDS servers and having this little robot go to my classes for me.
What crazy shit have you done at your University?9 -
The coolest project I've worked on was for a certain country's Navy. The project itself was cool and I'll talk about it below but first, even cooler than the project was the place were I worked on it.
I would go to this island off the coast where the navy had its armoury. Then to get into the armoury I'd go through this huge tunnel excavated in solid rock.
Finally, once inside I would have to go thru the thickest metal doors you've ever seen to get to crypto room, which was a tiny room with a bunch of really old men - cryptographers - scribbling math formulae all day long.
I can't give a lot of technical details on the project for security reasons but basically it was a bootable CD with a custom Linux distro on it. Upon booting up the system would connect to the Internet looking for other nodes (other systems booted with that CD). The systems would find each other and essentially create an ad-hoc "dark net".
The scenario was that some foreign force would have occupied the country and either destroyed or taken control of the Navy systems. In this case, some key people would boot these CDs in some PC somewhere not under foreign control (and off the navy grounds.) This would supposedly allow them to establish secure communications between surviving officers. There is a lot more to it but that's a good harmless outline.
As a bonus, I got to tour an active aircraft carrier :)8 -
Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".
You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.
Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.
So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.
Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.
There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.8 -
On my first day at work i was given the task to rewrite some code. I pulled the code, started the server and was greeted with a login-page. Instead of asking for credentials i tried good ol' " OR 1=1;#. Instand login, admin account. My boss was baffled, but instead of fixing this he decided other tasks had "higher priority". 3 years later, this still exists. I also heard some client runs the application open on the internet.
Everyone wants security, but some people decide to pull out the bottommost card in the fragile house of cards of security6 -
For fucks sack I just created my server and fail2ban already blocked 6 IP addresses dafuq is going on on the internet 😓19
-
The solution for this one isn't nearly as amusing as the journey.
I was working for one of the largest retailers in NA as an architect. Said retailer had over a thousand big box stores, IT maintenance budget of $200M/year. The kind of place that just reeks of waste and mismanagement at every level.
They had installed a system to distribute training and instructional videos to every store, as well as recorded daily broadcasts to all store employees as a way of reducing management time spend with employees in the morning. This system had cost a cool 400M USD, not including labor and upgrades for round 1. Round 2 was another 100M to add a storage buffer to each store because they'd failed to account for the fact that their internet connections at the store and the outbound pipe from the DC wasn't capable of running the public facing e-commerce and streaming all the video data to every store in realtime. Typical massive enterprise clusterfuck.
Then security gets involved. Each device at stores had a different address on a private megawan. The stores didn't generally phone home, home phoned them as an access control measure; stores calling the DC was verboten. This presented an obvious problem for the video system because it needed to pull updates.
The brilliant Infosys resources had a bright idea to solve this problem:
- Treat each device IP as an access key for that device (avg 15 per store per store).
- Verify the request ip, then issue a redirect with ANOTHER ip unique to that device that the firewall would ingress only to the video subnet
- Do it all with the F5
A few months later, the networking team comes back and announces that after months of work and 10s of people years they can't implement the solution because iRules have a size limit and they would need more than 60,000 lines or 15,000 rules to implement it. Sad trombones all around.
Then, a wild DBA appears, steps up to the plate and says he can solve the problem with the power of ORACLE! Few months later he comes back with some absolutely batshit solution that stored the individual octets of an IPV4, multiple nested queries to the same table to emulate subnet masking through some temp table spanning voodoo. Time to complete: 2-4 minutes per request. He too eventually gives up the fight, sort of, in that backhanded way DBAs tend to do everything. I wish I would have paid more attention to that abortion because the rationale and its mechanics were just staggeringly rube goldberg and should have been documented for posterity.
So I catch wind of this sitting in a CAB meeting. I hear them talking about how there's "no way to solve this problem, it's too complex, we're going to need a lot more databases to handle this." I tune in and gather all it really needs to do, since the ingress firewall is handling the origin IP checks, is convert the request IP to video ingress IP, 302 and call it a day.
While they're all grandstanding and pontificating, I fire up visual studio and:
- write a method that encodes the incoming request IP into a single uint32
- write an http module that keeps an in-memory dictionary of uint32,string for the request, response, converts the request ip and 302s the call with blackhole support
- convert all the mappings in the spreadsheet attached to the meetings into a csv, dump to disk
- write a wpf application to allow for easily managing the IP database in the short term
- deploy the solution one of our stage boxes
- add a TODO to eventually move this to a database
All this took about 5 minutes. I interrupt their conversation to ask them to retarget their test to the port I exposed on the stage box. Then watch them stare in stunned silence as the crow grows cold.
According to a friend who still works there, that code is still running in production on a single node to this day. And still running on the same static file database.
#TheValueOfEngineers2 -
Wrost security fix ever seen?
encode that passwords in base64 is safe enough.
And keep the password.txt accessible from internet it's safe because nobody know that it exists...6 -
Remember Apple's initiative to scan photos on user's devices to find child pornography?
Today I finally decided to research this.
The evidence is conflicting.
For context, the database of prohibited material is called CSAM (child sexual abuse material).
“If it finds any CSAM, it will report the user to law enforcement.”
— Futurism
“Apple said neither feature would compromise the security of private communications or notify police.”
— NPR
CSAM initiative is dead. It won't scan photos in iCloud. It won't scan photos on your device. It will be a feature that only works in some countries, only on children's devices, and it will be opt-in. It will only work for iMessage attachments.
This is what Apple actually said at https://www.apple.com/child-safety:
- “Features available in Australia, Belgium, Brazil, Canada, France, Germany, Italy, Japan, Netherlands, New Zealand, South Korea, Spain, Sweden, UK, and U.S.”
- “The Messages app includes tools to warn children when receiving or sending photos that contain nudity. These features are not enabled by default. If parents opt in, these warnings will be turned on for the child accounts in their Family Sharing plan.”
News outlets telling people they will be automatically reported to authorities, and then telling there can be false-positives is a classic example of fearmongering. I hate this. Remember, anger and fear are the most marketable emotions. They make you click. News are and will always be worded to cause these emotions — it brings in money.
When presented with good news, people think they're not being told the truth. When presented with bad news, even when they're made up, people think it's the truth that's being hidden from them. This is how news works.
Now, a HUGE but:
Apple is a multi-billion dollar corporation. There is no such thing as good billionaires. Corporations will always wait for chances to invade privacy. It's like boiling the frog — one tiny measure here, one there, and just like this, step by step, they will eliminate the privacy completely. It's in their interest to have all the data about you. It brings control.
This is not the first time Apple tries to do shit like this, and it definitely won't be the last. You have to keep an eye on your privacy. If you want your privacy in the digital age, it's necessary to fight back. If you live in Europe, take the action and vote for initiatives that oppose corporate tyranny and privacy invasions.
Privacy on the internet is one thing, but scanning people's devices is a whole another thing. This is unacceptable no matter the rationale behind it. Expect more measures like that in the near future.
Research Linux. Find a distro that suits you. The notion that you can't switch because of apps/UI/etc. may be dictated by our brain's tendency to conserve energy and avoid the change.
Take a look at mobile distros like Graphene OS and LineageOS. The former only supports Pixel devices, the latter supports a wide range of devices including OnePlus and Xiaomi. They'll have FAR better privacy than iPhones.
Consider switching. It's easier than you think. Yes, it's me who's saying this. I do and will always protect people/companies from unjust criticism, and I consider myself an Apple fangirl for personal reasons related to my childhood, yet I won't fight blindly. CSAM initiative is a valid criticism, and there's nothing preventing me from saying this is unacceptable, and Apple deserves the backlash they got.11 -
Hi guys, this is my first rant so bear with me..
Stupid Indian fucking institutes doesn't give a shit about the things we learn in the institute. This curriculum is like from the 90's. I learnt NodeJS recently and I thought wow a new concept, not even my professor knows about it. I must be on top of the world or at least any way near it and then I see these video tutorials on the internet which are posted 2 years ago. OH MY GOD!! The thing is that my department's HOD doesn't know about that and the funny thing is that I'm doing a project under him "SECURITY OF WEB APPLICATIONS" and the only thing he knows is PHP. And FYI I'm not studying in an institute which is oblivious to the outside world. It's called an NIT, an institute of national fucking importance. At the end, I blame myself though. I should have been on myself not being completely dependent on the professors for knowledge.
I could fill the entire text area with the rant.
But then people will start ranting about the rant.
I will be posting more Indian-devRant soon so.. peace till then.
( I bet they don't know about Git/Github too)24 -
So... Some fake accounts on Twitter claimed to be Elon Musk and to give shitloads of Bitcoin to those who sent a little amount first. They stole... Wait for it... 180 grand.
That's basically your everyday 419 scam. Existing since before the internet, done with the names of Gates, Buffet, Bush, Obama...
They say "the big bad evil criminals and the poor little innocent victims" I say natural selection. Sorry, in those lion vs gazelle scenarios I always thought that it was fair, no matter how it went.
Just when did humanity get so brainless? Have we always been, is the internet just a catalyst for stupidity?
Just why the fuck must I be an infosec sheepdog instead of a wolf? Man, I could live the life, drink beer and smoke herb while working... Get up at 12, don't give a shit, no boss, no taxes, no social security payments that I don't see jack shit from, and the pay would be better to.
Damn.13 -
Devrant has a big security hole... Just post "Which is better, Linux, Windows or Mac os?"
The internet will crash13 -
Can someone explain to me why the fuck I should even care about the fact, that some companies collect, use and sell my data? I'm not famous, I'm not a politician and I'm not a criminal, I think most of us aren't and won't ever be. We aren't important. So what is this whole bullshittery all about? I seriously don't get it and I find it somewhat weird that especially tech guys and IT "experts" in the media constantly just make up these overly creepy scenarios about big unsafe data collecting companies "stealing" your "private" information. Welcome to the internet, now get the fuck over it or just don't be online. It's your choice, not their's.
I honestly think, some of these "security" companies and "experts" are just making this whole thing bigger than it actually is, because it's a damn good selling point. You can tell people that your app is safe and they'll believe you and buy your shit app because they don't understand and don't care what "safe" or "unsafe" means in this context. They just want to be secure against these "evil monster" companies. The same companies, which you portrayed them as "evil" and "unfair" and "mean" and "unrepentant" for over a decade now.
Just stop it now. All your crappy new "secure" messenger apps have failed awesomely. Delete your life now, please. This isn't about net neutrality or safety on the internet. This is all about you, permanently exaggerating about security and permanently training people to be introverted paranoid egoistic shit people so that they buy your elitist bullshit software.
Sorry for my low english skills, but please stop to exist, thank you.64 -
God damn it.. Yet another night lost to the exciting world of cryptography and Internet security. Why is this shit so damn interesting?5
-
My company just migrated our mail servers over to office365. My boss has been excited and could barely contain himself when the migration was done he was having the best day ever after he got a good deal on some new toys...Then I ruined it.
Me (setting up) > WTF!? um...well I guess I don't have email on my phone anymore. These permissions are fucked.
Him > Oh why?
Me > They are ridiculous, I won't give away this much control just to read email.
Him (panicking) > and if buy you a company phone?
Me > Not a fuck it's still a personal device. I'll just sandbox the web version.
Him > Your over reacting, they obviously need them for security blah blah...
Me (sends him the pic) > The minimum system requirement is internet.
(...silence...)
I feel kinda bad for killing his vibe - he's a nice guy and he's only trying to do right by us but now he seems down like his toy isn't shiny anymore because he respects me. I wasn't beating on the stack or his choice (mines running on thunderbird). I just can't support this trend of GOD mode permissions for email / calculator and other single feature apps. I'll use the web app instead. You have to draw the line somewhere...
On the other hand I can't deny that I'm loving the irony that Microsoft just made my life easier and have a deep sense of satisfaction that for the first time ever I got fuck up his Friday :/18 -
IE is dead ?!
NOT SO FAST.
The whole singin in Visual 2022 uses... Internet explorer renderer and... doesn't work on a Windows Server 2022 because of... "Enchanced internet explorer security policy".
I'm dying inside.5 -
Years ago I used to work a guvmant site. They had really strict security rules for internet and how you spent your time. Makes sense considering what that site did. I was a support engineer for some of their process control equipment.
I was approached by an operator supervisor to install dvd player software on a business machine (non process related). Basically just a general purpose PC with no function other than time cards and general office use. I was fine with the request, but the reason was for watching movies during a holiday period by the operators. Not for anything official. So I made some noise about my dislike of this request feigning moral superiority. But the supervisor swore up and down it was for "training" dvds.
So I wrote a simple windows script. The script basically popped up a window that said:
"Security has detected unauthorized media inserted into this machine. Please state the reason for this infraction." It provided a dialog to enter a justification. After you entered the justification it said: "Security has been contacted and your user logged. You will be contacted shortly."
This script was then attached to the supervisors Start folder so it ran when he, and only he logged in. We made sure the "training" video (some movie) was already inserted at this point.
He logged in. He just about shit his pants when reading this. He promptly logged and left the building to walk somewhere else in the site. We called him and let him know it was a gag. His response: That son of a bitch Demolishun!2 -
First year at university, prepared to set up multiple electronics.
rPi, arduino Ethernet shield, laptop, and desktop.
Brand new netgear switch to satisfy my internet surfing needs....
After setting up my devices, I realized none of them have internet. Hm. The feed port on my switch wasn't blinking either. So I tell the front desk, and a short 7 days later the port is back on. Yay, problem solved.
One morning I arise to see the port dark and inactive. Furious I use my laptop to share an internet connection while my actual port is "broken".
Support ticket is reopened and this time I get an email saying the port was disabled due to a security issue.
Me: what's the issue?
IT: there was more than two devices connected to the port
(OnLy TwO dEvIcEs PeR port???)
Me: oh okay I will only connect two.
The next day the port is disabled, again.
Me: can you tell me why it was disabled?
IT: a switch was detected being used, security error.
Me: how do I connect more than one device to the port without a switch???
IT: ...
IT: Please only connect one device.
🤔10 -
So I can see everything thinks CS should be taught differently this week.
Based on all of the ways we could change it, something no one seems to be mentioning much is security.
Everyone has many ways of learning logical processors and understanding how they work with programming, but for every line of code taught, read or otherwise learnt you should also learn, be taught how to make it less vulnerable (as nothing is invulnerable on the internet)
Every language has its exploits and pitfalls and ways of overflowing but how you handle these issues or prevent them occurring should be more important than syntaxually correct code. The tools today are 100000x better then when I started with notepad.exe, CMD and Netscape.
Also CS shouldn’t be focused on tools and languages as such, seeing as new versions and ideals come out quicker then CS courses change, but should be more focused on the means of coming to logical decisions and always questioning why or how something is the way it is, and how to improve it.
Tl;dr
Just my two cents. -
Had my hairdresser tell me she thought her phone number was a great password for all her online accounts.
Just smiled and nodded, I feel there’s a time and a place for lectures on internet security.11 -
Thank God the week 233 rants are over - was getting sick of elitist internet losers.
The worst security bug I saw was when I first started work as a dev in Angular almost year ago. Despite the code being a couple of years old, the links to the data on firebase had 0 rules concerning user access, all data basically publicly available, the API keys were uploaded on GitHub, and even the auth guard didn't work. A proper mess that still gives me the night spooks to this day.3 -
Someone at work asking me about whether the controller system for our door security can access the Internet. I'm explaining that the reason they can't access Google on it is that it is on an isolated network for security. They wanted to install some remote desktop software on it that some idiot had recommended.
Then I actually get asked: "If it can't see Google... Maybe can it see Firefox?"
*headdesk*5 -
Two prisoners built two computer from recycled parts, hacked into the security system and also gained access to the Internet. They got caught because they probably downloaded too much porn.
http://gizmodo.co.uk/2017/04/...2 -
The Cloud Of Bullshit
Every day I wake, and I think of my one true mission in life. To mock and ridicule paint huffing idiots. Something recently that drew my ire, like the hemorrhoids on my ass is this idea of 'the cloud', THE CLOUD and the buzzword lingo-bingo bullshit that providers use to hype and sell it.
For example, airtable is an amazing service. I love that I can insert just about anything into a row, create any of my own row datatypes, that it's flexible as all hell.
I love it.
And I hate that I'm essentially locked in to the cloud.
I fucking hate how if my internet goes down (thanks you pie eating inbred dipshits at comcast) I have no access.
If the company is bought, they'll shut down like all the rest , to be "relaunched at a later time" (or never).
I hate that if the company doesn't make enough money, or it's investors change their mind, woopsie, service is shut down.
I hate that the cloud is synonymous with massive data leaks and IOT-levels of stupidity in security practices.
Every time someone says "but its in the cloud! Isn't it amazing!"
I always think 1. YEAH IF IM AN INVESTOR I GET TO MILK LOW BROW FINGER PAINTING FUCKWITS EVERY MONTH like Adobe sucking the blood from infants who are still in college.
2. Why? So I can get locked into their platform, have them segment off previously free features (fucking youtube and the 'subscribe so you can continue playing audio with your screen off' bullshit), and then have fees increase month over month?
3. Why, so every four years during the presidential selection, if I piss off some fuckstick braindead lemming literally sucking his girlfriends BFs cock, they can potentially shut me out from my own data completely?
The Cloud is built on shit-colored hype sold to knob gobbling idiots, controlling idiots, profiting at the expense of idiots, and later fucking them for buyout payola. The Cloud is a Cloud of Bullshit shat out by huckster messiahs straight into the lapping mouths of fanatics worshiping slavishly like toilet drinking scum at the porcelain alter of a neon god, invisible, untouchable, and like a spigot, easily shut off without anyone noticing. And when it happens, I'll be there, shouting "WHERE IS YOUR CLOUD NOW?"
Native any day. 100% native or I don't fucking want it
None of this node.js-gone-native bullshit either with notetaking apps taking up hundreds of megabytes of ram, where everything is bootstrap or react, in a browser, in a window container, because people are so fucking incompetent we have to hold their hand WHILE they give themselves a reach around.
Native or nothing.
For my favorite notetaking app, I use Microsoft OneNote. "OH god, a heathen, quick, stick his body up on a stake!"
But hear me out. I'll be the first one in a crowd to kick bill gates in the nuts (not because I particularly hate microsoft, just because I think hes kind of a cunt).
So when I say onenote is good, I really fucking mean it. Sure they did some cunty things like 'dumbed down' the interface, and cut out some options. But you know what they can't do?
Shut down the damn service (short of a system update completely removing the whole app, which, frankly, wouldn't surprise me).
It's so god damn good it waxed my balls, cured my cancer, fixed my relationship with my father, found my long lost brother, and replaced ALL my irl notebooks.
It's so good that if it was cocaine I'd be hospitalized for overusing it.
So god damn good it didn't just replace all my notebooks, it even replaced and sped up my mockup process three to five times. Want layers?
Built in. Just drag an image on to the notebook to import instantly.
Want to rearrange layers? Right click select "send forward/back/bring to front/send to back".
Everything snaps to grid by default and is easily resizeable.
I had all the elements for a UI sliced and diced. Wanted to try a bunch of layouts. Was gonna take me two damn days.
Did it in three hours with the notebook features of onenote.
After I started using onenote, me and my bodypillow finally conceived even.
Sweet marries mammaries I just fucking jizzed. Thank you onenote.
P.s. It really did speed up my UI design, allows annotated images, highlighted text. Shit, it can even do kanban.
And all I can think is "good job microsoft making an awesome product for free, being dumb as fuck for not charging for it, and then not marketing it at ALL."
It was sheer fucking luck that I discovered it while was I was looking for vendor STD bloatware to blast off my new install.
OneNote: Worth a try even for the kick-gates-in-the-nuts fan club.
The cloud can suck my balls.18 -
Network Security at it's best at my school.
So firstly our school has only one wifi AP in the whole building and you can only access Internet from there or their PCs which have just like the AP restricted internet with mc afee Webgateway even though they didn't even restrict shuting down computers remotely with shutdown -i.
The next stupid thing is cmd is disabled but powershell isn't and you can execute cmd commands with batch files.
But back to internet access: the proxy with Mcafee is permanently added in these PCs and you don't havs admin rights to change them.
Although this can be bypassed by basically everone because everyone knows one or two teacher accounts, its still restricted right.
So I thought I could try to get around. My first first few tries failed until I found out that they apparently have a mac adress wthitelist for their lan.
Then I just copied a mac adress of one of their ARM terminals pc and set up a raspberry pi with a mac change at startup.
Finally I got an Ip with normal DHCP and internet but port 80 was blocked in contrast to others like 443. So I set up an tcp openvpn server on port 443 elsewhere on a server to mimic ssl traffic.
Then I set up my raspberry pi to change mac, connect to this vpn at startup and provide a wifi ap with an own ip address range and internet over vpn.
As a little extra feature I also added a script for it to act as Spotify connect speaker.
So basically I now have a raspberry pi which I can plugin into power and Ethernet and an aux cable of the always-on-speakers in every room.
My own portable 10mbit/s unrestricted AP with spotify connect speaker.
Last but not least I learnt very many things about networks, vpns and so on while exploiting my schools security as a 16 year old.8 -
Today I learned that bugs in Proxmox aren't bugs because they're not *exactly* within the scope of le fancy PVE web UI.
Today I also learned that running Samba on the PVE host is stupid. No real reasons but let's assume security. Well it's decently secured, has good passwords, and the killer is.. it isn't even fucking accessible to the internet! And even if it was, privilege separation is no secret to me.
But clearly I'm an idiot for even thinking about running Samba on PVE. Well guess what?! PVE is aimed at sysadmins that want to deploy a virtualization server. It's not a big stretch to imagine that those sysadmins might be halfway competent and want to run external services on the PVE host, is it.
But apparently it is. I'm an idiot and bugs aren't bugs anymore. Go fucking kill yourself, motherfuckers in the ##proxmox IRC channel. I really hope that your servers will go down on Friday when you're on call. Fucking cunts 😑
Edit: IRC chatlog @ https://clbin.com/nU9Fu13 -
I wanna make you feel what you have brought into my house!!
I was working with security cameras once in a home automation project. One of those camera particularly stand out by offering a cgi without password request to view and change the current passwort and username.
Seriously wtf is wrong with you? I mean this thing automatically connects to an internet service offering everyone to connect to it with that passwort and username. And I know some of you might say "hey chill the cgi is only available on the wifi" - dammit no. Security is a lifestyle do it complete or get the fuck out. God knows what other mistakes there might be hidden in that thing screaming out to everyone to watch me taking a shit.
But that's not the end of it. My company arranged a call to the technical support of that camera so that I can explain the problem and a patch gets released. Those guys didn't give a shit about it and were even laughing at me. Fuck you!
So whoever is responsible - I will find you - and you will never see me coming.4 -
Please stop putting critical infrastructure to the internet. Security on the internet is a joke, and we won't be laughing the time when someone dies from a cyber attack on another pipeline/dam/weapons factory.23
-
I don't understand privacy advocators.
Am I the only one who wouldn't give up practicality in exchange for "potentially more secure"?
I don't understand so much what the deal is with people who avoid Facebook, or don't trust Google or Microsoft, just in the basis of "privacy" or "security".
Websites tracking you to serve ads? Well, it's pointless because I very rarely buy something from the internet or let myself be influenced, ads are waste of time, just use an adblocker.
I can pretty much upload my whole life or documents on Google drive, even if I made it public no one would really care or read it all. It's like that GitHub project you uploaded but never documented, so no one cares. I usually use alternative software not because of "privacy" but because it has features other software doesn't have.
In reality you realize people aren't that interested in your life more than their own life.24 -
I freelanced for a startup one time, and found out they had ten of thousands of records stored in their DB about dental patients, inducing name, address, social security #, some medical history, etc. All in plain text. Worst part is they hired me after a 20 min phone call, and didn't even sign a NDA!
Makes me paranoid to use the Internet knowing what some of these companies do.2 -
Client doesn't want me to use internet, while connecting to their vpn to code. It's a security 'violation', it seems. Do they think I am Denise Richie to code without internet? And the catch is I code for OpenFlow with OpenNetworkLinux+OpenNIE. I mean, do they even understand what Open means in all these?11
-
My university has a internal developed system, where everything is managed from e-mails, exams to personal data.
What I'd like most about it, they talk all day about Internet Security and store our passwords in plain text and if you press the "I've forgott my Password button", they even send your password unencrypted, plaintext via e-mail. (Hello Wiresharks)
I don't know how to feel about this, it just hurts :(1 -
Why does email suck so much oh my god, I don't want a fucking lesson in the kinds of domain records, I can set a TXT to prove that I control the DNS record, I have a TLS certificate, what the fuck else would I possibly need to prove!? None of this is contributing anything to security! Just fucking figure it out, it's the internet, not an international border, jesus.6
-
rant = Rant.STORY_TIME
<<<Story
This is still something funny me and my friends often remember.
There was once upon a time we were young and stupid, playing on the internet with fake credit card numbers, sometimes we had luck and the orders passed.
We were on the living room, checking who could put an order for a coffee machine, while another friend of mine was talking about the deep web and what he found there.
Suddenly, someone knocks really hard on the door... We went silent...
Me: "Who's there?"
Voice: Federal Police, open up!
Me: *shiiiit*
I went blank, close my laptop as fast as possible, I thought of throwing it away through the window. My friends panicked, I had my laptop upside down, opening the lid to remove the HDD.
One of my friends stood up and went to the door, looked through the eyehole.
Friend: *whispering* The eyehole's covered!
We quickly stood up and looked at each other, like we were acknowledging our wrong doing and getting ready to face the consequences.
I took a deep breath and put the key in the door to open it. Sudden heavy knock again. I jumped and yelled "I'm on it, wait a minute!".
Slowly I opened the door... And there they were, another two of my friends.
F1: hey...what, what happened? Why are you so scared.
They stepped in while we told them what we were doing and they laughed their asses off.
We were shit scared, and those two were laughing.
Story;
So, nowadays, I don't even think about doing that kind of stuff again and I'm hoping to make a Master's degree in security...or electronics, whatever happens first. -
My project manager one time called me while I was waiting in the bank. He told me that the latest changes in the project I was working on were not deployed to production and they were having a meeting to demo those changes to the client later that day.
I had my laptop with me but it wasn't charged. I asked the security guys if I could use the socket used to power up the cleaning/sweeping machines and they didn't mind.
So it was me sitting on the floor in the bank hall using a side socket to power up my laptop holding my cellphone so I can use the hotspot and get internet connection deploying yesterday's changes to a production server.
Eventually, the client didn't attend the meeting that day!4 -
In a universe where JavaScript was never invented, the world of programming might look vastly different. Perhaps another programming language would have taken its place, or multiple languages would have coexisted in a more harmonious ecosystem.
Without the challenges posed by JavaScript, web development may have been smoother and more streamlined. Websites could have been faster and more responsive, without the need for complex optimization techniques. There might have been fewer security vulnerabilities to worry about, and the web could have been a safer place for users.
In this utopian world, developers would have had more time to focus on building great user experiences and innovative features, rather than battling with cross-browser compatibility issues and JavaScript quirks. The internet would have been a more accessible and inclusive place, with fewer barriers to entry for those who want to build and create.
Overall, a world without the horrors of JavaScript would have been a world with less frustration and more possibilities.
(Fooling around with ChatGPT)15 -
Is it me or is password security is a giant mess right now?
Everyone has a gazillion ways to sign in.
Everything needs an account so eventually you get a password manager to keep track.
After reauthenticating passwordword manager, then you get to the next screen that requires you to enter a code from 2FA. Internet isn't fun to use any more.12 -
Ideal dev job would be teaching kids code. Probably a side-gig at a local school.
Main gig would be writing code to exploit the "push to prod" Internet of Things things. Security on that is garbage. 🚮5 -
TLDR; Default admin login on WEP encrypted WLAN router for getting free stuff at my hair stylist studio.
Free WLAN in my hair stylist studio: They had their WEP key laying around in the waiting area. Well, I am not very happy with WEP, thought that they never heard of security. Found the default GW address, typed it into my browser and pressed Enter, logged in with admin/1234 and voila, I was root on their ADSL router 😌 Even more annoyed now from such stupidity I decided to tell the manager. All I told him was: You use a default login on your router, you give the WiFi password for free, WEP is very very insecure and can be hacked in seconds, and do you know what criminals will do with your internet access? He really was shocked about that last question, blank horror, got very pale in just one sec. I felt a little bit sorry for my harsh statement, but I think he got the point 😉 Next problem was: he had no clue how to do a proper configuration (he even didn't knew the used ISP username or such things). Telled me that 'his brother' has installed it, and that he will call him as soon as possible. Told him about everything he should reconfigure now, and saw him writing down the stuff on a little post-it.
Well, he then asked me what he can pay me? Told him that I don't want anything, because I would be happy when he changes the security settings and that is pay enough. He still insisted for giving me something, so I agreed on one of a very good and expensive hairwax. Didn't used it once 😁
Some weeks later when I was coming back for another hair cut: Free WLAN, logged in with admin/1234, got access and repeated all I did the last time once more 😎
HOW CAN YOU NOT LEARN FROM FAILS??2 -
1. It's gonna be more and more specialized - to the point where we'll equal or even outdo the medical profession. Even today, you can put 100 techs/devs into a room and not find two doing the same job - that number will rise with the advent of even more new fields, languages and frameworks.
2. As most end users enjoy ignoring all security instructions, software and hardware will be locked down. This will be the disadvantage of developers, makers and hackers equally. The importance of social engineering means the platform development will focus on protecting the users from themselves, locking out legitimate tinkerers in the process.
3. With the EU getting into the backdoor game with eTLS (only 20 years after everyone else realized it's shit), informational security will reach an all-time low as criminals exploit the vulnerabilities that the standard will certainly have.
4. While good old-fashioned police work still applies to the internet, people will accept more and more mass surveillance as the voices of reason will be silenced. Devs will probably hear more and more about implementing these or joining the resistance.
5. We'll see major leaks, both as a consequence of mass-surveillance (done incompetently and thus, insecurely) and as activist retaliation.
6. As the political correctness morons continue invading our communities and projects, productivity will drop. A small group of more assertive devs will form - not pretty or presentable, but they - we - get shit done for the rest.
7. With IT becoming more and more public, pseudo-knowledge, FUD and sales bullshit will take over and, much like we're already seeing it in the financial sector, drown out any attempt of useful education. There will be a new silver-bullet, it will be useless. Like the rest. Stick to brass (as in IDS/IPS, Firewall, AV, Education), less expensive and more effective.
8. With the internet becoming a part of the real life without most people realizing it and/or acting accordingly, security issues will have more financial damages and potentially lethal consequences. We've already seen insulin pumps being hacked remotely and pacemakers' firmware being replaced without proper authentication. This will reach other areas.
9. After marijuana is legalized, dev productivity will either plummet or skyrocket. Or be entirely unaffected. Who cares, I'll roll the next one.
10. There will be new JS frameworks. The world will turn, it will rain.1 -
First day of a new job.
Just found out that I am locked in to using Internet explorer on an ancient desktop running Windows 7 and I can't download any text editors that I want (atom, sublime, Android studio).
All because they are "security focused".
probably gonna die from smashing my head on the keyboard before the week is over.12 -
whenever i tell my dad about a technology that is going way beyond our imagination and tell him about the consequences of it and how we should worry about that
then he watches some random tv show about internet security/cyber security and various algorithms (very abstract) which are currently changing the world and how we should care about our data and what the consequences of X technology is...
he be like: "oh is that true? that's interesting, how does that work?"
i'm like😑 dad, i already told you about that😩
ever had similar experience?1 -
Companies really need to re-evaluate what they ask as security questions.
If I know your name and your approximate date of birth (to the month) then, here in the UK at least, I have a very good chance of being able to find out your parents names, your mother's maiden name, your address, your parents address (i.e. probably where you grew up and what school you went to), your parents ages, when they got married, etc. - and all from publicly available info, not illegal crap you find on Tor or social media stalking.
This isn't hard to find if you know where to look - the problem is that people think that it's all private, and behave as such - and companies encourage it. The typical "internet safety courses" don't even touch on it, and even more tech savvy people I know often don't have a clue this is possible.2 -
Soooooo, why is it that so often 'security' just means bloody mindedly getting in your way for no reason?
Coz I fail to see how whitelisting a subnet of private IPs that are already only accessible through company VPN presents any kind of security risk, especially since the blocking software is literally only on our company laptops and can be easily bypassed by being on the VPN on *any other device*. But nooooooo, we have to go to the this other company our umbrella company owns (who by the way are making every dev at our company redundant in six months) and beg them to change each individual IP address every time we create a service.
Really does feel like security often means either 'our parent company doesn't understand security so we just need to go through the motions and *look* like we are doing things properly' or 'we just want to get in your way enough that we win in the who gets made redundant fight because you can't actually get any work done and we can'.
Bonus points: on the website for the blocking software they use, it literally recommends using Internet Explorer for everything. I'm surprised they haven't tried to enforce that on us as well.1 -
So I was like "imma be smart with my internet security and put 2 factor on my GitHub" only to find out I'm getting authenticating errors on trying to push. Disabling 2FA makes it work again.
GitHub y u do dis D:5 -
I absolutely hate software to the point where I started converting from sysadmin to becoming more like a dev. That way I could just write my own implementations at will. Easier said than done, that's for sure. And it goes both ways.
I think that in order to be a good dev, you need these skills the most:
- Problem solving skills
- Creativity, you're making stuff
- Logical reasoning
- Connecting the dots
- Reading complex documentation
- Breaking down said documentation
- A strong desire to create order and patterns
- ...
If you don't have the above, you may still be able to become a dev.. but it would be harder for sure, and in some cases acceptance will be lower (seriously, learn to Google!)
One thing I don't think you need in development is mathematics. Sure there's a correlation between it and logic reasoning, but you're not solving big mathematical monsters here. At most you'd probably be dealing with arrays and loops (well.. program logic).
Also, written and spoken English! The language of the internet must be known. If it's not your first language, learn it. All the good (and crucial) documentation out there is in English after all.
One final thing would be security in my opinion, since you're releasing your application to the internet and may even run certain services, and deal with a lot of user data. Making those things secure takes some effort and knowledge on security, but it's so worth it. At the most basic level, it requires a certain mindset: "how would I break this thing I just made?"4 -
So, the Network I was on was blocking every single VPN site that I could find so I could not download proton onto my computer without using some sketchy third-party site, so, being left with no options and a tiny phone data plan, I used the one possible remaining option, an online Android emulator. In the emulator running at like 180p I once again navigated to proton VPN, downloaded the windows version, and uploaded it to Firefox send. Opened send on my computer, downloaded the file, installed it, and realized my error, I need access to the VPN site to log in.
In a panic, I went to my phone ready to use what little was left of data plan for security, and was met with no signal indoors. Fuck. New plan. I found a Xfinity wifi thing, and although connecting to a public network freaked me out, I desided to go for it because fuck it. I selected the one hour free pass, logged in, and it said I already used it, what? When?, So I created a new account, logged in, logged into proton, and disconnected, and finally, I was safe.
Fuck the wifi provider for discouraging a right to a private internet and fuck the owner for allowing it. I realize how bad it was to enter my proton account over Xfinity wifi, but I was desperate and desperate times call for desperate means. I have now changed my password and have 2fa enabled.1 -
Dev industry develop so fast. This is because information available anywhere in the internet and people try to learn any programming language they want . But only few know whether they following secure coding practice or not
But the thing is most of Dev people dosent care about security. They focus just to develop a application but not to secure it?2 -
It is map of various devices connected over public IP to internet. Any interesting insights or comments that you can infer from this map?15
-
Anybody else feel like their Internet traffic constanty being monitored after downloading pen testing tools?
Have our identities been added to lists of potential cyber criminals :/
Thoughts?
(For ethical purposes - involving your own site's security!!)2 -
We support a system we inherited from another company, it’s an online document store for technical specifications of electronic devices used by loads of people.
This thing is the biggest pile of shite I’ve ever seen, it wasn’t written by developers but rather by civil engineers who could write vb...so needless to say it’s classic asp running on iis, but it’s not only written in vbscript oh god no, some of it is vb other parts is jscript (Microsoft’s janky old JavaScript implementation) and the rest is php.
When we first inherited it we spent the best part of 2 months fixing security vulnerabilities before we were willing to put it near the internet - to this day I remain convinced the only reason it was never hacked is that everything scanning it thought it was a honeypot.
We’ve told the client that this thing needs put out of its misery but they insist on keeping it going. Whenever anything goes wrong it falls to me and it ends up taking me days to work out what’s happening with it. So far the only way I’ve worked out how to debug it is to start doing “Response.AddHeader(‘debug’, ‘<thing>’) on the production site and looking at the header responses in the browser.
I feel dirty doing that but it works so I don’t really care at this point
FUCK I hate this thing!3 -
Ibwish I had remembered this when the weekly theme was office pranks.
In the first or second year of high school we covered basic internet security. Stuff like don't follow suspicious urls, don't open suspicious emails and such.
Our teacher let us play around with some sort of simulated desktop environment, where we could execute some hacks like ad popups and such on each other's environment, if we fell for the trap.
Anyways, one hack I found interesting was a hack, that lockes a user out of their virual desktop, until he enters a password, that will be displayed on his environment.
Yes, a very interesting hack, because it contains two obvious yet major design flaws, which I could exploit 😈
1. It's case sensitive
In itself not a problem, but combined with #2, it's fatal.
2. "IlIlllIlI"
Depending on your font, you probably have no idea what exactly I just typed.
Let's just say, the font displayed uppercase i and lowercase L completely undifferentiable.
Guess whom I let suffer.
It was our teacher, who had to demonstrate us some things and who was connected to the same network.
I swear, nothing beats that feeling when your tearcher has go come to you and embarrassingly ask you to "unhack" them, because they can't type it 😂1 -
Start with it at age 4, learn children to protect themselves on the internet, but also show them the possibilities. It's not something I expect this generation to properly teach the next one
And name it something like Computer Security -
Salesforce lightning web components have such bullshit limitations that they claim is because of security but it's just because it's overengineered garbage.
Want to use web components? Nope.
Want to pass in a value to a function in a click listener expression? Nope.
Want to use scss? Nope, compile it to css yourself.
Want to use the fucking document object? Guess what it's overridden except for very specific third party frameworks.
Who in the fuck thought it was a good idea to override the document object? Your app isn't more secure, literally the entire internet uses the document object and it still becomes available in runtime anyway so what the fuck??
LWC is the biggest garbage I've ever seen, you know a framework's a big red flag when there are developers solely for the framework.
There is a new security release coming out that apparently removes some of these nuances (understatement) so there might be some light at the end of the tunnel.4 -
Multi User, One Account, and other shit
I'm gonna rant about something as a user, and someone who makes stupid web stuff.
My bank has been updating their web banking over time and they decided that every individual on an account, should have their own login. They really want to push this on their users, I suspect specifically folks like me and my wife who share one login for the joint accounts we have at the bank together.
Why share one login, because it's the only sure fire way I know that I and my wife can see all the same shit no doubt about it.
The banks never tell you what you can see or can't with joint accounts, I doubt it is even documented on their end, but in every damn case something is hidden or different in some weird way.
Messages to the bank people? If I send it, my wife often can't. I get that for security reasons that's a thing, but it makes no sense for a joint account.
ANY difference to me breaks online banking ENTIRELY. Joint accounts are supposed to be... well one account that is the same.
Other banks we used where we had different logins for the joint account, each login actually had separate bill pay accounts per user. So if I went to bill pay and scheduled something to be paid, my wife had no idea, same if she did.
Right fucking there, banking is just broken entirely!
So no Mr. Bank, fuck you we're both logging in via the same login.
Fast forward to N00bPancakes making a thing.
So my employer has a customer (Direct Customer). Direct Customer wants a thing that makes communication with their customer (Indirect Customer) easier.
The worst thing about making something for your customer's customer is that Direct Customer always imagines that Indirect Customer is gonna be super ninja power users....
But no, that's not the case... in fact almost nobody is a power user, and absolutely nobody WANTS to be a power users.
Worse yet in my case the only reason this tool exists is because Direct Customer and Indirect Customer can't communicate well enough anyway... that should tell you something about the amount of effort Indirect Customer is willing to expend.
So with that tool, this situation constantly comes up:
Direct Customer thinks it would be great if every user from Indirect Company had some sort of custom messaging, views, and etc in of Cool Communication Tool. The reason is because that's what Direct Customer loves about Ultra Complex Primary Tool that they use ....
Then I have to fight the constant fight of:
NOBODY WANTS TO BE A POWER USER, NOBODY EVEN WANTS TO DO MUCH OF ANYTHING ON THE INTERNET THAT ISN'T SCREAMING AT OTHER PEOPLE OR POST MEMES OR WATCH SHITTY VIDEOS. THE MOMENT ANYONE AT INDIRECT COMPANY LOGS IN AND SEES ANY INFO THAT IS DIFFERENT FROM THEIR COWORKER THEY'LL SHIT THEMSELVES, FLOOD EVERYONE WITH 'OH GAWD SOME NON SPECIFIED THING IS WRONG' AND RESPOND TO EMAILS LIKE A JELLYFISH DROPPED OFF IN NEW MEXICO... AND NOTHING WILL GET DONE!!!
God damn it people.
Also side rant while I'm busy fighting the good fight to keep shit simple and etc:
People bitch about how horrible the modern web is and then bitch at web devs like we're rulers of the internet or something.... What really pisses me off about that is other devs who do that.... like bro, do you make policy at your company? You decide not to sell some info or whatever shit your company sells? Like fuck off with your 'man I miss html' because you got scared by some shitty JS error and ran back to your language of choice and just poked your head out of the the basement and got scared... and you shit on another developer about that? Fuck you.1 -
FUCKING CHINESE SUPOSED IP CAMERAS...
First, they aren't Ip cameras, they are p2p cameras with different settings and more limited...
then took me 3 days to open 5 ports for 2 cameras, config the cameras, till they work.
YEY they finally work, can see them over the Internet (no default settings, even changed the Alias), have my Ip camera viewer on the Phone... but one doesn't activate on moviment.. in this 3 days only took 2 pictures with motion detection on and people passing in front of them... the other was working for like 5 minutes... giving black and white 7kb jpgs... after a few teeks... can't make it work again.
Now I have two cameras that I can see if my house is being robbed but no motion detection to warm me, or at least save some pictures on the server to serve as evidence (and maby finally get the team that is robbing one house a day, If they try to rob my house again...).
The cameras are very good as baby monitors or to play around, for 14$ and 20$... (love the 360º ball) , but as security cameras... Unless you have them connected to a security station and with a repeater close by... worthless...
Oh, and they may give me 1 good frame a second or lag to 10+seconds a frame...6 -
Not only is the default password they set a piece of shit, the password field actually shows the password even after you save it, why even bother with security?
Hash your fucking passwords!
The internet kills my insides.4 -
For what fucking reason the ability to set the date and time programatically has been blocked on Android?!
Why you can create fucking invisible apps that work in the background, mine cryptos, steal your data but they decided that something like that is considered dangerous?
Can anyone give me a logical explanation?
P.S.
There are cases (big pharma companies) where the users don't have access to internet nor a ntp server is available on the local network, so the ability for an app to get the time of a sql server and set it in runtime is crucial, expecially when the user, for security reasons, can't have access to the device settings and change it by himself.
"System apps" can do it, but you would have to change the firmware of a device to sideload an external "System app" and in that case it would lose the warranty.
So, yeah, fucking Google assholes, there are cases where your dumb decisions make the others struggle every other day.
Give more power to third party developers, dumb motherfuckers.
It's not that difficult to ask the user, once, to give the SET_TIME permission.
It was possible in the past...
P.S.2
Windows Mobile 6.5 was a masterpiece for business.
It still could be, just mount better CPUs on PDAs and extend the support. But no, "Android is the future". What a fucking bad future.11 -
Some internet security officers (working for the government on internet privacy related stuff) tells the media that they can decrypt your Facebook credentials in less than 7 seconds.
Everyone let's take a break to laugh at these morons hahaha4 -
So, my network security faculty thinks s/mime is secure multipurpose internet message encryption. And ssh is secure socket header.
Time to leave the class. 😭1 -
I’d been working event based and freelance jobs in the security and entertainment fields for years, with odd stints as a bartender sprinkled in. My pay was mostly decent, but I had no job security, and I was more on the road than at home. A few years before this job search experience I had already realised I can’t continue on this path for ever, especially if I ever want a serious relationship (e.g. 16 weeks straight touring Europe with on avg. 16h work days pretty much every day isn’t ideal in that regard, and also really though on both body and mind). So I decided to study. As I applied in autumn, not every line of study accepted students. The closest to my interest I found was BBA in Business IT.
Fast forward 1,5 years. After moving away from my previous base due to then-gfs studies, I had also been able to accept less work. Well, there were really two reasons: I didn’t want to go on weeks long big tours anymore, and I’d had to price up on my freelance job due to reasons. I still managed to keep our household going, but not knowing when the next paycheck would be available was becoming a little too stressful. I wanted job security. So a few weeks after my wedding I scoured the internetz for positions I could apply to, and applied to a dozen or so places. They were a variety of positions I had a vague understanding of from what I’d learned at UAS: from sales to data analytics to dev… I was aware pretty much all of the applications were a long shot by best, so I expected to be ghosted…
Two of the organizations I applied to wanted to go forward with me. Both dev jobs. I can’t even remember the specifics of the other one anymore, but I do remember the interview: I got in to their office (which was ridiculously open), and got marched into a tiny conference room. The interviewer was passive-aggressive and really bombarded me with questions, not really leaving a socially awkward introvert with any time to answer. I started to get really anxious and twitchy, sweating like a pig. Just wanted out. But nooo, they wanted me to do a coding test live. So they sat me on a computer with Eclipse open, gave me an assignment and told me not to use the internet. What’s even worse is that I could literally feel the interviewer breathing down my neck when I tried to do the test. Well, didn’t happen cause I was under so much pressure that I couldn’t think at all… yeah, that was horrible.
Anyhow, the other position I really applied to because it was in my hometown and I recognised the company name from legendary commercials from the 90s - everyone in this country who watched TV in mid-to-late 90s remembers those. Anyway, to my surprise, my present day manager contacted me and wanted me to do a coding test. At the time he asked I was having a bout of fevers after fevers, not really able to get healthy. I told him that I’d do it as soon as I’m healthy. A month went by, maybe more. He asked again. Again I replied that as soon as I get healthy, but promised to do it next week the latest. I didn’t deliver on that, but the next week after that, even if I was the most feverish I had been, I did the tests. I could only finish half of them, cause I couldn’t look at a screen for long at a time and had to visit the loo every 10min or so, but apparently that was enough. Next week I was already going to the interview… oh I also googled what is PHP on the way there, since it was mentioned as a requirement and I had no idea what it was. Imagine that…
The interview itself couldn’t have been more different from the other one. We were sitting in a nice conference room with my manager and the product’s lead dev, drinking coffee, our feet on the table and talking smack. Oh, and we did play a game of NHL<insertNumber> on PS4 during the interview… it was relaxed. Of course the more serious chat was there, too, but I can only really remember how relaxed it was. When I left the interview, I had been promised the position and that I would be sent the contract to be signed as soon as the CEO had reviewed and approved it. Next day, I had signed it and some time later I started at my current job (I gave a date when I was available to start, since there was a tour still agreed upon between the interview and the start).
Oh, and the job’s pretty much like the interview. Relaxed. It’s a good place to be in, even though the pay could be better (I regularly get offers for junior positions with more pay, and mid level positions with double the pay). I do value a pleasant working environment and the absence of stress more than big munny, what can I say?1 -
Cybersecurity firm Sophos announced that it has open-sourced the Sandboxie Windows sandbox-based isolation utility. According to the reports of Bleeping Computer: Sandboxie was developed by Ronen Tzur and released on June 26, 2004, as a simple utility to help run Internet Explorer within a secure and isolated sandbox environment. Later, Tzur upgraded Sandboxie to also support sandboxing any other Windows applications that required a secure virtual sandbox.
Sophos Director of Product Marketing Seth Geftic said "We are thrilled to give the code to the community. The Sandboxie tool has been built on many years highly-skilled developer work and is an example of how to integrate with Windows at a very low level. The Sandboxie user base represents some of the most passionate, forward-thinking, and knowledgeable members of the security community, and we hope this announcement will spawn a fresh wave of ideas and use cases."
You can download Sandboxie and its source code here.
https://www.sandboxie.com/1 -
in the workplace, i have no access to internet, am not admin to my own computer and am not allowed to install anything (due to security reasons). i also happen to have quite some spare time so i'm writing nokia's good old snake game in visual studio and opengl so i can amuse myself both coding and playing. in a way, company pushes creativity and productivity even for slacking.6
-
BT "We'll give you BT Virus Protect, which protects against viruses, phishing and other online attacks."
Or... For a start, let your users provide a good secure password when signing up? More than 8 characters is a bit ambiguous. 20 minutes later and several attempts to find out it can't be longer than 20 characters, only upper and lower case letter and numbers aaaand must start with a letter is a bit s**t. Not to mention LatPass doesn't like it as you can't copy and paste.1 -
Want to use Http-VPN. Now I have to use Internet Explorer and Java and have to disable all security on my system. Fml
-
For one of my exams, from a couple of meager code snippets and hints, without any prior domain knowledge, we had to find and carefully describe a vulnerability, as well as suggest a fix.
Well, I wouldn't complain, but what the actual fuck, it turns out that we had to come up with and "carefully describe" this whole shit: https://googleprojectzero.blogspot.co.uk/...
No, we did not study it in class, nor have seen it before in the recommended reading or provided links. Also, according to the point distribution, we only had 20 minutes for this part.
I don't usually complain about stuff and take it my lack of preparation or something, but fuck all now. I never want to look at another security-related piece of code ever again. -
Is it all worth it? We feel its freedom, We feel it's just me and my phone or my PC. Is it? Is it that private? That camera you have on your phone, what if someone is watching you right now? That microphone you have, what if someone is listening to you right now? Those stuffs you Google, Those sites you visit, you're tracked, you're tapped. Ohh Incognito, Good Luck, there's no such thing called Incognito. Is it all worth it? In fact you're getting so much out of it. Is it all worth it? Or Am I just too obsessed? Is this Internet really that free?
It's freedom but you're compelled to use. Its freedom!
#internet_vibes9 -
I always hated in school computing lessons when the teachers pet students would snitch on you for getting around the school network stuff.
Many people in the lesson would always play games instead of doing what they were meant to. So the teacher turned off the internet in the room using the admin control stuff. Then when I found a way around it all so I could watch some educational YouTube videos, the stupid teachers pet would snitch on me. Luckily the teacher knew I wasn’t using it to mess around, always felt good when he said that I could access it because I’m the biggest security threat to the school.
Did you ever have issues with snitches in computing lessons?6 -
Sometimes wondered how the avalanche effect works on hashing a message,tried making mine but was shit, I guess I need a PhD in maths lol
-
In nearby county to mine, coder was arrested for 3 months for nickname matching leaked terrorist nickname "grower" by coincidence. His coding education was enough reason for arrest.
All hdd/ssd/usb/mobile devices were confiscated for thorough analysis right from the morning by police.
Feeding my security paranoia. Encrypting fully filesystem(LUKS) and my internet traffic (self raised open vpn), wiping fully usbs. I ll be protected from my ISP recording my traffic, and from unauthorised access to my data.6 -
"There are people so important to maintaining code that the internet would break if they were hit by a bus. (Computer security folks literally call this the “bus factor.”) "
https://hbr.org/2017/07/...
What do you all think of these ?
(Personally I think there is fluff to what he says. But there are loop holes to his argument. Not entirely true. And HBR should run stories through experts in field before publishing tho)3 -
- I love blowing my mind. Even if it is the most confusing thing. Things like security mechanisms, neurons' behaviors, mathematics (even tho I hate it when I fail lol), electronics, medical terminology and chemistry.
- I love collecting rare coins, personally never-seen stones and put them into my collection. I love to be a designer. Not only on my laptop. I have a book shelf and within that book shelf I put stones that create the yin yang sign while pushing the books to two sides. That makes them look like they are levitating. I have stones (including obsidian) that create a triangle and a knife hanging down the wall of my room.
- I love visiting touristic, historic, naturally-beautiful but also non-touristic (non-touristic? yes. by that I mean visiting e.g. the areas of touristic cities which are dangerous, because you can easily fall down off of a slippery ground and take serious injuries) places around the globe, talk to complete strangers in public (I am trying to be an extrovert), take pictures with my camera and collecting antiquities.
- I love taking risks (no. I don't play any poker games etc on the internet) without trying to put other people in risk. Driving insanely with whatever I have. Car, bike, you name it.
- I love reading books. Books that are about human psychology, fantasy novels and books about programming languages.
- I love to cook (I am at the beginning).
- I love to use the konMari method of tidying up my room.
- I love plants.
- I love having everything in my room tidied up (even if I am too busy with other stuff and skip this cleaning process for a week upto a month sometimes. Sorry, room.).
- I love doing sports. But mostly sport that I have never tried before. This can be, because of my greedy wish for an adrenaline kick. That led me into taking a balloon flight at 4 am (sunrise) and to paragliding at sunset above Mediterranean sea btw. (I am normally afraid of flying, but paragliding was awesome).
- I love swimming. Like, you cannot pull me out of the sea for a minimum of 2 hours, if it is not important.
- I love laying above the sea water and let the sea carry me to somewhere else.
- I love being alone. I love the silence. I love to be free in my thoughts.
- I love watching the sunset, the light that shines through the forest, the moonlight and the stars at night.
- I love dreaming. No, like, lucid dreaming for example.
- I love being open to any opinions.
- I love to learn about other people's views about the world and their religion.
- I love pets and would do anything to keep them alive when they are ill. It hurts my heart seeing them like this.
- I love watching demonic "A: Holy shit! Did you see this thing, too?! B: Yes!" YouTube videos just for the fun of it, but I hate horror movies and games.
- I love trying out new things. The creation of music and video for example.
- I love to give my hair and beard a shape, if I am too lazy to go to the barbershop lol. By that I don't mean just going to the barbershop, but taking an electric razor and cutting my hair myself even if I get bad results from time to time that can be corrected by letting any family member tell me in which area of of my head the hair problem is.
- I don't like disco clubs.
- I don't like toxic people even though I can be a quite toxic person myself without realizing it. If I appear toxic to you, inform me about it. Having so much testosterone in that moment, can make me do things that I don't want to do.
- I don't like drugs even tho I have to admit that I am trying a few from time to time (maybe 6 months in-between) to have a dopamine kick. I am not an addict.
- I hate myself for things that I did in the past.
- I used to watch MMA videos etc.
- I used to use a telescope, but I can't find it anymore.
- I used to have a microscope, but I can't find it anywhere and besides of that the seller did literally piss in it before selling it to me many years ago. Don't want to touch it tbh.
- I used to play games, but I don't enjoy games anymore. That makes me feel sad.
- I miss the old moments of my life.
In conclusion:
I like how things went and go so far. It changed me so much. It made me a good and a bad person. I became more open and confident, but it also particularly made me a leader who can say "fuck off" in a bad way to his family. I would like to undo this particular part of me.5 -
Was told the following by an "Information Security Professional"...
"RFC 1918 addresses will not follow a default route, default routes are only for internet bound traffic and RFC 1918 addresses are dropped by any router without an explicit route."
I honestly do not get paid enough for this.2 -
Security experts have discovered hundreds of fake websites which are being used to spread dangerous malware for Android and Windows devices. A "vast" network of over 200 internet pages, which impersonate 27 brands such as household names like TikTok, PayPal and Snapchat, are being used to spread a vicious bug which can empty out bank accounts. These bogus websites feature the notorious ERMAC banking trojan which is capable of stealing sensitive login details for 467 online banking and cryptocurrency apps.9
-
so i did this convenient download script that worked like a charm at home only to find out internet is blocked for these kind of things at work. adding a port results in a single connection success that will be blocked on the next attempt. i get it with all the security concerns but am curious which way it-department tells me to download 3k+ files with likely dynamic filenames otherwise...2
-
My uncle is interestes in security, but personal security, he wants to be more peivate. So he told me he had installed Kali linux and got a course it, so I tried to explain him that this is more of a professional thing... that he needs something else.. and so he asked me: "What do I need, which book can I buy?"
I didn't really know. For me it's common sense to get a NAS, maybe have a laptop that is never connected to the internet, or maybe encrypt trafic encrypt hard disks.
But is there a book for that? You have 30 seconds to shine, how would u respond?6 -
So hypothetically I have a friend who wants to get a job in cyber security but has no formal education or means to afford one, at the moment. He knows enough about computers to navigate and execute most common tasks, and certainly has the drive, common sense, and brains to succeed but can't afford to in this almost cutthroat field...
How would he begin to teach himself?
He has a laptop, Kali Linux, The BTFM and RTFM books, The Hacker's Playbook 3; and the internet.
Make his day with your two cents.1 -
Being in the WEB office, but management doesn't allow you to have internet. Therfore needing to carefully SSH behind their backs and have an eye to in the neck for the doors1
-
Two security researchers have published details about a vulnerability in the Windows Printing Service which impacts all Windows versions.
According to a Report of ZDNet : The vulnerability codenamed 'PrintDemon' which is located in Windows Print Spooler (Windows component responsible for managing print operations). The service sends data to be printed to a USB port for physically connected printers. In a report published, security researchers Alex Ionescu & Yarden Shafir said they found a bug in this old component that can be abused to hijack the Printer Spooler internal mechanism. The bug can not be used to break into a Windows client remotely over the internet, so it's not something that could be exploited to hack Windows systems over the internet.4 -
Trying to change security settings for Internet Explorer in a Windows Server is so 😫.
I just want to download a simple file from email.
What would I do that on a server you may ask.
Well is just a virtual machine in a testing environment, so it doesn't matter.1 -
So as a personal project for work I decided to start data logging facility variables, it's something that we might need to pickup at some point in the future so decided to take the initiative since I'm the new guy.
I setup some basic current loop sensors are things like gas line pressures for bulk nitrogen and compressed air but decided to go with a more advanced system for logging the temperature and humidity in the labs. These sensors come with 'software' it's a web site you host internally. Cool so I just need to build a simple web server to run these PoE sensors. No big deal right, it's just an IIS service. Months after ordering Server 2019 though SSC I get 4 activation codes 2 MAK and 2 KMS. I won the lottery now i just have to download the server 2019 retail ISO and... Won't take the keys. Back to purchasing, "oh I can download that for you, what key is yours". Um... I dunno you sent me 4 Can I just get the link, "well you have to have a login". Ok what building are you in I'll drive over with a USB key (hoping there on the same campus), "the download keeps stopping, I'll contact the IT service in your building". a week later I get an install ISO and still no one knows that key is mine. Local IT service suggests it's probably a MAK key since I originally got a quote for a retail copy and we don't run a KMS server on the network I'm using for testing. We'll doesn't windows reject all 4 keys then proceed to register with a non-existent KMS server on the network I'm using for testing. Great so now this server that is supposed to connected to a private network for the sensors and use the second NIC for an internet connection has to be connected to the old network that I'm using for testing because that's where the KMS server seems to be. Ok no big deal the old network has internet except the powers that be want to migrate everything to the new more secure network but I still need to be connected to the KMS server because they sent me the wrong key. So I'm up to three network cards and some of my basic sensors are running on yet another network and I want to migrate the management software to this hardware to have all my data logging in one system. I had to label the Ethernet ports so I could hand over the hardware for certification and security scans.
So at this point I have my system running with a couple sensors setup with static IP's because I haven't had time to setup the DNS for the private network the sensors run on. Local IT goes to install McAfee and can't because it isn't compatible with anything after 1809 or later, I get a message back that " we only support up to 1709" I point out that it's server 2019, "Oh yeah, let me ask about that" a bunch of back and forth ensues and finally Local IT get's a version of McAfee that will install, runs security scan again i get a message back. " There are two high risk issues on your server", my blood pressure is getting high as well. The risks there looking at McAfee versions are out of date and windows Defender is disabled (because of McAfee).
There's a low risk issue as well, something relating to the DNS service I didn't fully setup. I tell local IT just disable it for now, then think we'll heck I'll remote in and do it. Nope can't remote into my server, oh they renamed it well that's lot going to stay that way but whatever oh here's the IP they assigned it, nope cant remote in no privileges. Ok so I run up three flights of stairs to local IT before they leave for the day log into my server yup RDP is enabled, odd but whatever let's delete the DNS role for now, nope you don't have admin privileges. Now I'm really getting displeased, I can;t have admin privileges on the network you want me to use to support the service on a system you can't support and I'm supposed to believe you can migrate the life safety systems you want us to move. I'm using my system to prove that the 2FA system works, at this rate I'm going to have 2FA access to a completely worthless broken system in a few years. good thing I rebuilt the whole server in a VM I'm planning to deploy before I get the official one back. I'm skipping a lot of the ridiculous back and forth conversations because the more I think about it the more irritated I get.1 -
Though I’ve seen devices like the following I’ve only ever seen them used for horrible purposes.
I was envisioning facility control being made capable by the use of a larger tablet device or tablet computer. The device would have no internet connection. It would not attach to the outside world at all.
It would not receive non manual software updates
It could view all air flow, temperature, lights, locks, electrical outlets, power draw, water usage, heaters, air conditioners, computer statins etc
And control and report statistics on them all.
Impractical you people said last time. But I would say cool if the device is kept super secure . That being said who knows how to do that since everything sucks once someone who knows what they’re doing has physical access lol
Personally all I don’t know how to break into is smart phones
Comps I could always figure out even if they had disk encryption given enough time.
The only reason phones are hard is you’re limited to network attacks and the boot loader is on the chip page.
Cause in the end a computer is just it’s hard drive in terms of security lol1 -
While using Spyder the python kernel died(not that rare), so I restarted the kernel and... It kept dying over and over and over again.
So I restart the IDE... can't even connect to the kernel anymore.
#Fast forward an hour
Comodo internet security was blocking stuff.
Ffs, I had given up and I was ready to reinstall the whole damn environment if not Anaconda.
I still love Comodo.1 -
!rant question:
How does military level security can be achieved in a software company?
Do we really need two computers for each dev, one local and one for using internet? Is there any standard on setting up an infrastructure like that? Point me if you have any info please.4 -
Thinking to start smoking 🚬
Never tried it once in 26 years not even a sip even refused temptations from school friends
Now by starting a job, i have no security, ironically. I feel like i stepped at the leap of a bottomless pit and tomorrow i jump into it and fall... and fall....and fall..... No end.
I have no idea how to use ansible and rexify.org and thats what I'll need to use. I have no idea how to do devops with Azure, and thats what ill do. I only build devops with terraform on Aws.
The unknown of 9-5 is frightening me more than starting a business. Paradoxically, i think it would come as a relief to get fired within the first week from failing to complete literally everything
On top of that my blonde gf disappeared yesterday for 3-4 hours. No texts no phone calls. Called for 2 times no answer. Called 3rd time and got a voice message the phone was shut down. 3-4 hours later she said she was with mom at shopping and didnt have internet
I also caught her texting some random guy on instagram. They both have vanish mode enabled (texts delete themselves as soon as you leave the conversation). Confronted her today. She wont tell me the truth. Likes his pics on ig. Keeps lying. On a question "why do you have vanish mode enabled with him?" her answer is "well i guess married men always use vanish mode"
Im tired
Too much shit unraveling. The opening of 2024 already doesnt look good
Why do good people die in accidents or diseases but i dont and i live? Shits unfair. Why doesnt nature/God fucking kill me? I beg to die. I hope to die. I pray for something to kill me. It would come as such a relief.
This life is meaningless and empty to me. typeof(life) yields a void. I dont value it. Its shit. Whether succeed or fail its meaningless. Nihilism was right
I am literally a walking dead. Physically moving but spiritually dead. Mentally lost. I am the captain of a ship in the middle of the ocean who no longer knows where the ship is going
Why cant i just get cancer or something. Can cigarettes help me get it? Cause I'll start consuming that shit right away to speedrun that process
End it17 -
That moment the client want the job done with php with lots of advanced features and security.
In no time, I just claim to be an internet marketer.1 -
Is this a justified code review comment or a bully?
Code reviews are weakness of this industry which has the potential to attract bullies. Abuse of the comment box in a pull request and bombarding the employee with hundreds of comments can cause stress, frustration, burnout and finally resignation and costs of fulfillment for the organization. While companies should find and stop bullying in the work place, what kind of code review comment is considered a bully and why? Any of below traits can mean you are dealing with a bully:
1. Claims the code needs to be changed but doesn't say how. So no matter how many times you change your code, he can repeat the same comment: "Your code is still bad due to blah blah and it needs to be changed".
2. Provides how the code should be changed, but the change doesn't add up to quality, security, performance, readability, etc. i.e. "Why did you use a for loop here? Use a while loop instead". Or "Why did you write it using three classes A, B and C? Instead write it using 4 classes D, E, F and G which does blah blah". In the later case, not following the review comment, you won't get approval. Following the comment means you need to rewrite your whole code. After which, you might again receive more comments to change other parts of your code!
3. Claims the requested change is due to standards but claimed standard does exist anywhere. Internet, company wiki, university course books, anywhere. In more severe cases of psychopathy, the bullying person refers you to a link which hours later turned out to be written by himself! Have fun describing what has happened to your manager or team leader... .
4. Asks the code to be changed in a way that supposedly is closer to standard or of better quality, security, performance, etc. But the proposed way will not work and is the main reason you didn't do that in the first place. So you start arguing forever in the comment box over why his method won't work!
If you cannot see any of the above traits, then keep calm, take a breath, fix your code. Otherwise you might be victim of a bully.3 -
BITCOIN RECOVERY REDEFINED: RAPID DIGITAL RECOVERY EXPERT APPROACH
What began as a tragic loss quickly turned into a story of healing and success. I had accumulated a substantial digital fortune over the years as an experienced Bitcoin fan, keeping my private keys safe and safeguarding my digital assets. But destiny had other ideas, as a thoughtless error caused the unimaginable—my whole Bitcoin holdings to vanish into thin air. I struggled with the notion that my years of hard-earned savings had been completely destroyed in an instant, and I felt panic and sorrow. However, I resisted giving up. I set out on a mission to find my lost Bitcoin, searching the internet for any semblance of hope, driven by an unrelenting determination. It was then that I discovered the legendary Rapid Digital Recovery – a shadowy figure renowned for their uncanny ability to retrieve even the most elusive of digital assets. Mustering my courage, I reached out, entrusting this enigmatic expert with the daunting task of restoring my lost fortune. The Wizard, with their vast knowledge and unparalleled skills, delved into the intricate tapestry of the blockchain, meticulously tracing the path of my missing Bitcoin. Through a series of complex maneuvers and ingenious strategies, they managed to locate and recover every last satoshi, returning my digital wealth to me with a triumphant flourish. In the aftermath of this harrowing ordeal, I found myself overwhelmed with a profound sense of gratitude and joy. Not only had I regained my financial security, but I had also gained a newfound appreciation for the resilience of the Bitcoin network and the dedication of those who safeguard its integrity. This experience has forever transformed my relationship with cryptocurrency, instilling in me a deeper respect for the power of decentralized finance and the extraordinary individuals who work tirelessly to protect it. From the depths of despair to the heights of jubilation, my recovery tale stands as a testament to the unwavering spirit of the Bitcoin community and the transformative power of the Rapid Digital Recovery prowess. The delight I felt was beyond description, and the relief I felt was incredible. In a moment, all of the worry and the restless nights were gone. Rapid Digital Recovery and the skilled staff who made the impossible possible have my sincere gratitude. They really made my worst become a reality. I highly recommend their services if you find yourself in a similar circumstance. Dial:
Web site Info: https: // ra pi ddigit alrecove ry .o rg
What sapp Info: +1 41 4 80 7 14 85
Email Info: rap iddi gital recov ery @ exe cs. com2 -
I have a couple of "at risk" teens (I won't say what) who need an extra level of Internet filtering and restriction for their own protection against their use of really bad judgment. I've already enabled the OpenDNS parental control URL/content filters on my Netgear R8000 router but one of the teens has figured out how to install a VPN on mobile. I want to enable the router's OpenVPN feature for better overall security for all of us. But is there a way to block the use of an "unauthorized" VPN, like on a mobile device, without also effectively blocking my router's OpenVPN as well? I was looking at this post (https://community.netgear.com/t5/...) but wondered if anyone here has experience with this.6
-
I am developing an app for industrial automation that requires frequent user input. I am exploring the idea of using voice input to input data. The problem is the application will never have access to the internet during use. This is due to being in the middle of nowhere and security requirements. So I am looking for voice control libraries/systems to control an app that can be installed on a Windows 7/10 machine.
Has anyone had any success with a completely self-hosted voice control system?1 -
Bwhahahah! Even after the excitement, business disruption, unpleasantness and pain, GDPR fails at its one job
https://newstatesman.com/science-te...1