Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "much protection"
-
Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜
Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.
First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.
Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.
Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.
Dealing with attacks and getting hacked.
Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.
linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)
How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!
One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)
Dealing with different kinds of attacks:
Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.
So yah, hereby :P39 -
So, as everyone knows on here by now (or, a lot of ranters), I am a fervid privacy person.
Appearantly a new surveillance law in my country is about to extend mass surveillance/hacking a lot. So here a rundown of what they are about to be allowed to do (stuff that is not okay imo and this is the reason I am so pro-privacy):
- Mass Data Gathering: The intelligence agency over here (lets call it IA from now) can pretty much record everything send through the country.
- Extra Protection: If they want to conduct surveillance on journalists/lawyers, they have to go through extra channels first at least.
- Data/survaillance sharing: The IA is allowed to share their raw/filtered data with foreign intelligence agencies without limits. Also, they're allowed to conduct surveillance based on foreign requests.
- Secret DNA database: A secret DNA database will be created which can store the DNA profiles of any person who has commited any kind of crime. These profiles are allowed to be stored for a maximum of 30 years. This database is allowed to be shared with any foreign intelligence agency.
- Hacking: Unlimited power to hack any device deemed neccesary to hack in relation to crime. From computers to smartphones and so on. Also, it's allowed to use zero-days without reporting them to the vendor (we have seen what can go wrong with that through the ShadowBrokers scandal).
- Automatic Database Collection: They are allowed to directly tap into any database they see required (banks, healthcare, messaging services and so on). Practically this can lead to backdoors being build in because if you don't cooperate, you can go to prison. (mother of god I am not using anything closed source anymore if possible).
So yeah, this is pretty much the reason why I am so privacy consious. This country is fucked.57 -
Security decided to update our PCs with endpoint protection. It's blocking all connections to and from localhost.
It's been a productive day.
Such enterprise. Much security.3 -
Although it might not get much follow up stuffs (probably a few fines but that will be about it), I still find this awesome.
The part of the Dutch government which keeps an eye on data leaks, how companies handle personal data, if companies comply with data protection/privacy laws etc (referring to it as AP from now on) finished their investigation into Windows 10. They started it because of privacy concerns from a few people about the data collection Microsoft does through Windows 10.
It's funny that whenever operating systems are brought up (or privacy/security) and we get to why I don't 'just' use windows 10 (that's actually something I'm asked sometimes), when I tell that it's for a big part due to privacy reasons, people always go into 'it's not that bad', 'oh well as long as it's lawful', 'but it isn't illegal, right!'.
Well, that changed today (for the netherlands).
AP has concluded that Windows 10 is not complying with the dutch privacy and personal data protection law.
I'm going to quote this one (trying my best to translate):
"It appears that Microsofts operating system follows every step you take on your computer. That gives a very invasive image of you", "What does that mean? do people know that, do they want that? Microsoft should give people a fair chance for deciding this by themselves".
They also say that unless explicit lawful consent is given (with enough information on what is collected, for what reasons and what it can be used for), Microsoft is, according to law, not allowed to collect their telemetrics through windows 10.
"But you can turn it off yourself!" - True, but as the paragraph above said, the dutch law requires that people are given more than enough information to decide what happens to their data, and, collection is now allowed until explicitly/lawfully ok'd where the person consenting has had enough information in order to make a well educated decision.
I'm really happy about this!
Source (dutch, sorry, only found it on a dutch (well respected) security site): https://security.nl/posting/534981/...8 -
Why do people say "Well, I don't know about that" to voice disagreement?
If you admit your own naivety on a subject compared to your peers, if you admit that you do not have the required knowledge to have formed an opinion, how can you disagree?
So it can either be expressed with genuine innocence, like 'Well, I don't know about that, tell me more!', which is never the case.
Or it means "Well I don't know anything about that... and I'm ashamed of the fact that I can't find any counter argument, so I refuse to trust your fucking expertise, shut the fuck up until I give you the right to voice your knowledge"
Which is a bit rude.
Now that we're on the topic of annoying expressions and platitudes...
"It's not rocket science" -- Rocket science, understanding how a rocket works, is surprisingly simple. You fill a cylinder with fuel and oxygen, add a pump or two, put some sparks underneath. Chemical reaction equals energy, direct energetic particles using a nozzle, Newton's first law does the rest. It's so simple that people don't actually study rocket science. They study aerospace engineering, or astrodynamics, which are difficult topics.
So if someone says "Devops is not rocket science", they're right, but for the wrong reason. It's actually harder than rocket science. Maybe easier than developing thermal protection system materials or solving n-body orbital problems with a slide ruler though.
"Great minds think alike" -- No, great minds actually think creatively and generate unique thoughts, if two minds think alike, the solution was just fucking obvious.
"Don't reinvent the wheel" -- First of all, pretty much nothing in code looks or even remotely functions like a simple wheel. Even metaphorically, all existing code equates to oval or square wheels. If you said "Hey, don't bother making better wheels, I like my ride to be bumpy because it stimulates my asshole", say no more, who am I to come between a product manager and their anal stimulation.
Anyway, those were four coworkers who I would've strangled with an Ethernet cable if it weren't for a certain pandemic and the risk of infection which comes with choke-coughing.
What are your linguistic pet peeves you get homicidal over?23 -
5 stages of failing WIFI connectivity on Linux
This morning I woke up my laptop to start my work day. I have 2 very important meetings today, so I better get all prepared.
"Wifi connection failed"
Syslog says:
- wpa_supplicant: wlp9s0: SME: Trying to authenticate with <MAC>
- kernel: wlp9s0: authenticate with <MAC>
- kernel: wl9s0: send auth to <MAC> (try 1/3)
- kernel: wl9s0: send auth to <MAC> (try 2/3)
- kernel: iwlwifi: Not associated and the session protection is over already...
- kernel: wl9s0: send auth to <MAC> (try 3/3)
- kernel: wl9s0: authentication with <MAC> timed out
#### DENIAL #####
No biggie, let's try another AP (I have 3). All 3 failed to connect. Fine, let's try my phone's hotspot! FAILED!!!!!
w00t.... okay, let's restart the router... but failing to connect to a phone hotspot is already a worrying sign.
Wifi connection failed
wtf.. disable and re-enable wifi
Wifi connection failed
#### ANGER #####
the fuuuuuuck. Maybe my router is dead. But my phone connects to it, no fuss. My personal lappy also connects there easily.
wtf... Does that mean I'm about to lose my uptime?? Come one!! It's Linux - there MUST be something I could do! I don't see processes hanging in D state so the radio must be fine - it's gotta be a software issue!
ChatGPT – type all the log entries manually, via phone (that took a while...). Nothing useful there: update firmware, restart NetworkManager, etc.
#### BARGAINING #####
Alright... How about a USB dongle? Plug it in and wifi connects immediately! Yayyy!!! But that's only b/g/n and I'd very much like to have ac. It works well as a limping backup, but not something I'd use for the meetings.
rfkill block/unblock all the radios. No change. USB dongle connects right away but the PCIe adapter keeps throwing notifications at me with failure messages. It's annoying, to say the least.
So I've already tried
- restarting the router(s)
- disabling/reenabling the radios
- multiple APs
- suspending/waking again several times
- praying
#### DEPRESSION #####
The only thing I haven't tried yet is the most cruel one - restarting the laptop. But that's unfair... It's LINUX! How could it disappoint me. I have so many tmux sessions open, so many unsaved leafpad notes, terminal histories with oh so comfy ^r and ! retriggers all ready and waiting to be executed...
#### ACCEPTANCE #####
But I can't miss the meeting. So I slowly start closing off apps, starting with the least important ones, trying to preserve as much history and recent commands as I can. I'm gonna lose my uptime, that's the inevitable obvious truth... Linux has failed me. Or maybe it's a hardware issue... I can't be sure until I restart.
I must reboot.
#### A NEW HOPE #####
Hold on.. What if... What if before restarting I try to reload the Intel wifi kernel module? Just for the giggles. I've got nothing to lose anyway...
rmmod iwlmvm
rmmod iwlwifi
modprobe iwlwifi
modprobe iwlmvm
*WiFi Connected*
YESSSS!!!!!!!!! My uptime is saved!
403 days and counting! YEAH BABY!!!
Linux is the best!rant sysadmin 5 stages of grief wifi reboot or not reboot reboot uptime network-manager wpa_supplicant linux8 -
"Some settings are managed by your organisation"
I understand the necessity for companies to be able to remotely manage their devices, but my god, I hate working on company laptops sooo much!!
Fun fact, even Chrome can be managed! The can manage everyting. It's called Microsoft Intune. It sucks!! And fucking 45 day PW change policy! And fuck you, Windows Defender Real-time protection which I can't turn off and It's high CPU consumption. Also fuck you Microsoft Teams for scanning. Every. Single. Link. I. Click. On. From. A. Chat. Before. Redirecting. Me. To. The. Actual. Website. Always takes a couple of seconds. Waste of time. Those accumulate over time you know! AND to Windows Update! You already know what is coming next: stop force-updating while I'm in the middle of fucking meeting! I have shit to do! Another fun fact: you can postpone Windows Update by turning the clock back. LIKE PLAYING AN OLD TIME-BASED STRATEGY GAME ON PC IN 1999. (12h work best.) And this fucking weak ass VPN. WHY I PAY FOR 1Gbps WHEN COMPANY VPN ONLY 10Mbps?!! What Am I? A fucking snail! Go faster!! pls!
But, thank god, we can email shit and open attachments in Outlook.9 -
I wrote a node + vue web app that consumes bing api and lets you block specific hosts with a click, and I have some thoughts I need to post somewhere.
My main motivation for this it is that the search results I've been getting with the big search engines are lacking a lot of quality. The SEO situation right now is very complex but the bottom line is that there is a lot of white hat SEO abuse.
Commercial companies are fucking up the internet very hard. Search results have become way too profit oriented thus unneutral. Personal blogs are becoming very rare. Information is losing quality and sites are losing identity. The internet is consollidating.
So, I decided to write something to help me give this situation the middle finger.
I wrote this because I consider the ability to block specific sites a basic universal right. If you were ripped off by a website or you just don't like it, then you should be able to block said site from your search results. It's not rocket science.
Google used to have this feature integrated but they removed it in 2013. They also had an extension that did this client side, but they removed it in 2018 too. We're years past the time where Google forgot their "Don't be evil" motto.
AFAIK, the only search engine on earth that lets you block sites is millionshort.com, but if you block too many sites, the performance degrades. And the company that runs it is a for profit too.
There is a third party extension that blocks sites called uBlacklist. The problem is that it only works on google. I wrote my app so as to escape google's tracking clutches, ads and their annoying products showing up in between my results.
But aside uBlacklist does the same thing as my app, including the limitation that this isn't an actual search engine, it's just filtering search results after they are generated.
This is far from ideal because filter results before the results are generated would be much more preferred.
But developing a search engine is prohibitively expensive to both index and rank pages for a single person. Which is sad, but can't do much about it.
I'm also thinking of implementing the ability promote certain sites, the opposite to blocking, so these promoted sites would get more priority within the results.
I guess I would have to move the promoted sites between all pages I fetched to the first page/s, but client side.
But this is suboptimal compared to having actual access to the rank algorithm, where you could promote sites in a smarter way, but again, I can't build a search engine by myself.
I'm using mongo to cache the results, so with a click of a button I can retrieve the results of a previous query without hitting bing. So far a couple of queries don't seem to bring much performance or space issues.
On using bing: bing is basically the only realiable API option I could find that was hobby cost worthy. Most microsoft products are usually my last choice.
Bing is giving me a 7 day free trial of their search API until I register a CC. They offer a free tier, but I'm not sure if that's only for these 7 days. Otherwise, I'm gonna need to pay like 5$.
Paying or not, having to use a CC to use this software I wrote sucks balls.
So far the usage of this app has resulted in me becoming more critical of sites and finding sites of better quality. I think overall it helps me to become a better programmer, all the while having better protection of my privacy.
One not upside is that I'm the only one curating myself, whereas I could benefit from other people that I trust own block/promote lists.
I will git push it somewhere at some point, but it does require some more work:
I would want to add a docker-compose script to make it easy to start, and I didn't write any tests unfortunately (I did use eslint for both apps, though).
The performance is not excellent (the app has not experienced blocks so far, but it does make the coolers spin after a bit) because the algorithms I wrote were very POC.
But it took me some time to write it, and I need to catch some breath.
There are other more open efforts that seem to be more ethical, but they are usually hard to use or just incomplete.
commoncrawl.org is a free index of the web. one problem I found is that it doesn't seem to index everything (for example, it doesn't seem to index the blog of a friend I know that has been writing for years and is indexed by google).
it also requires knowledge on reading warc files, which will surely require some time investment to learn.
it also seems kinda slow for responses,
it is also generated only once a month, and I would still have little idea on how to implement a pagerank algorithm, let alone code it.4 -
It began when I was tasked with creating a better and more engaging experience for our new Facebook page. This was in Facebook's early days, so there were not really any "best practices". We were making it up as we went along. I decided one way would be to game-ify things, since gaming, at the time, was a Big Deal on Facebook and people were starting to use it to build customer funnels.
Grasping for low-hanging fruit, I decided a Tetris variant around our topic would be fun. I had to hire a dev because at the time I was a static HTML web developer just getting into social media management. I knew nothing about game development or how to use Facebook's API for such things.
Long story short, we got about $10,000 (FB app devs came at a premium then) into the project when I came across a very recent article about the history of Tetris games. It said that even though Tetris had once been considered for all intents to be public domain due to it being created by a Russian coder during the Cold War, it had just been acquired by an IP protection entity that was charging royalties for any variant of Tetris created from a specific date onward and paying the original developer. So, even though I thought I had been thorough in my initial permissions checking, it turned out we were gonna be in deep doo-doo with licensing fees and restrictions if we released this game to the public.
I had to call my boss and admit my error. She was FURIOUS and really gave me an ass-chewing over it. I then had to call the marketing person whose budget I'd been slaving away at wasting. She was a bit more forgiving (her budget was in the millions). Then I had to call the corporate legal department and explain what was going on. They told me to immediately pay any outstanding hours, then fire the dev but not before getting him to send me all code and assets, deleting his copy, and then, upon my receipt of those assets, deleting MY copy so that nothing of it ever existed. And I was supposed to say _nothing_ to the dev about why he was being let go, so that there would be no "trail" leading back to this fiasco. (The dev hounded me for weeks asking what he'd done wrong. It killed me that I was bound and gagged by corporate legal and couldn't tell him.)
I was in so much trouble. I was literally in tears over it. I'd never wasted that much money in my life. That incident pretty much sealed my fate as far as any trust my bosses ever put in me again (not much at all). I was a bit of a pariah in a lot of ways for the next 5 years whereas I had come onto the team as a young social media rockstar at first.
After that, and a couple of other bad scenarios that were less my fault and more due to a completely dysfunctional management and reporting structure, they eventually "transferred" me to another team. Which was really just a way of getting rid of me by sending me to a department that was already starting to outsource overseas and lay people off. It was less messy that way. I was in the first set of layoffs.
Since then, I've had a BIG fear of EVER joining a large corporation EVER again. I prefer to work for small businesses now, even if I get paid less. Much less stressful from an office politics and impact of mistakes standpoint.3 -
Ya'll know what... If humans weren't such annoying vulnerability-searching little shits then we wouldn't have had to implement any protection against them and think of all the performance that would be saved on that. Take branch prediction vulnerability mitigation in the Linux kernel for example, that's got to make a performance hit of least 10% on basically everything.
Alas, I do get why security is important and why we keep such vulnerability mitigation running despite the performance hit. I get why safe code is necessary but still... if these people weren't such annoying little bastards.
Yeah, I was just kind of set off by the above. So much would be faster and easier if only the programmers wouldn't have to plan for people exploiting their software. Software would be written much faster and humans would progress to stuff that actually matters like innovation.8 -
Mozilla has announced that it's rolling out changes under the California Consumer Privacy Act (CCPA) to all Firefox users worldwide.
According to report of ZDNet: The CCPA (America's privacy legislation) came into effect on January 1, 2020, offering Californian users data-protection rules. Much like Europe's GDPR, the CCPA gives consumers the right to know what personal information is collected about them and to be able to access it. While the law technically only applies to data processed about residents in California, US. But Mozilla notes it was one of the few companies to endorse CCPA from the outset. Mozilla has now outlined the key change it's made to Firefox, which will ensure CCPA regulations benefit all its users worldwide. The main change it's introducing is allowing users to request that Mozilla deletes Firefox telemetry data stored on its servers. That data doesn't include web history, which Mozilla doesn't collect anyway, but it does include data about how many tabs were opened and browser session lengths. The new control will ship in the next version of Firefox on January 7, which will include a feature to request desktop telemetry data be deleted directly from the browser.6 -
I hate silicon valley.
They enable so much of the state's and federal government's bullshit, the corporations and the banks subversion and destruction of society.
It's time to pop their fucking tech bubble.
From here on out, any time you hear or read the words 'startup', be sure to comment with "you mean speculative marketing investments?"
Because most tech runs on shit-tier semi-polished iterations of glorified CRUD anyway, thats all most of it is. And it 100% relies on grabbing network share through massive advertising and presence campaigns. A lot of vc money is being flushed straight down the toilet and this is a point to emphasize. Crash the fucking tech sector. Do it.
It'll have a knock on effect to the advertising space, which will put the hurt on google's bottom line when they and their ilk are already under pressure for all the poisonous, monopolist shit they pull like helping china build their surveillance tech.
Extra points for emphasizing "pot-fueled ideas sketched out on napkins while sitting in fucking chipotle, in unwashed sweater vests, originated by guys who are fresh out of college and never ran a business in their life. 90% of them fail in the first year. VCs and investor are losing their shirts." etc.
The entire dishonest fucking trade relies on other people's money, being bought out in either techno land-grabs or turf-protection e.x. atlassian acquiring trello, a **glorified todo app**.
Thats the business model. Hell go build your own and make a buck.
Build your own. Build something better and most of all... *fuck silicon valley*.
Let it burn, let burn, let it burn.10 -
*right click on image*
[nothing happens]
*spams right click, thinking about getting a new mouse*
[small modal shows up: "this content is protected!"]
*laughs in developer's console*
I never thought I'd get to see a website that "protects" its content by disabling right click, I'm moved :')3 -
I just found a vulnerability in my companies software.
Anyone who can edit a specific config file could implant some SQL there, which would later be executed by another (unknowing) user from within the software.
The software in question is B2B and has a server-client model, but with the client directly connecting to the database for most operations - but what you can do should be regulated by the software. With this cute little exploit I managed to drop a table from my test environment - or worse: I could manipulate data, so when you realize it it's too late to simply restore a DB backup because there might have been small changes for who knows how long. If someone was to use this maliciously the damages could be easily several million Euros for some of our customers (think about a few hundred thousand orders per day being deleted/changed).
It could also potentially be used for data exfiltration by changing protection flags, though if we're talking industry espionage they would probably find other ways and exploit the OS or DB directly, given that this attack requires specific knowledge of the software. Also we don't promise to safely store your crabby patty recipe (or other super secret secrets).
The good thing is that an attack would only possible for someone with both write access to that file and insider knowledge (though that can be gained by user of the software fairly easily with some knowledge of SQL).
Well, so much for logging off early on Friday.5 -
ZNC shenanigans yesterday...
So, yesterday in the midst a massive heat wave I went ahead, booze in hand, to install myself an IRC bouncer called ZNC. All goes well, it gets its own little container, VPN connection, own user, yada yada yada.. a nice configuration system-wise.
But then comes ZNC. Installed it a few times actually, and failed a fair few times too. Apparently Chrome and Firefox block port 6697 for ZNC's web interface outright. Firefox allows you to override it manually, Chrome flat out refuses to do anything with it. Thank you for this amazing level of protection Google. I didn't notice a thing. Thank you so much for treating me like a goddamn user. You know Google, it felt a lot like those plastic nightmares in electronics, ultrasonic welding, gluing shit in (oh that reminds me of the Nexus 6P, but let's not go there).. Google, you are amazing. Best billion dollar company I've ever seen. Anyway.
So I installed ZNC, moved the client to bouncer connection to port 8080 eventually, and it somewhat worked. Though apparently ZNC in its infinite wisdom does both web interface and IRC itself on the same port. How they do it, no idea. But somehow they do.
And now comes the good part.. configuration of this complete and utter piece of shit, ZNC. So I added my Freenode username, password, yada yada yada.. turns out that ZNC in its infinite wisdom puts the password on the stdout. Reminded me a lot about my ISP sending me my password via postal mail. You know, it's one thing that your application knows the plaintext password, but it's something else entirely to openly share that you do. If anything it tells them that something is seriously wrong but fuck! You don't put passwords on the goddamn stdout!
But it doesn't end there. The default configuration it did for Freenode was a server password. Now, you can usually use 3 ways to authenticate, each with their advantages and disadvantages. These are server password, SASL and NickServ. SASL is widely regarded to be the best option and if it's supported by the IRC server, that's what everyone should use. Server password and NickServ are pretty much fallback.
So, plaintext password, default server password instead of SASL, what else.. oh, yeah. ZNC would be a server, right. Something that runs pretty much forever, 24/7. So you'd probably expect there to be a systemd unit for it... Except, nope, there isn't. The ZNC project recommends that you launch it from the crontab. Let that sink in for a moment.. the fucking crontab. For initializing services. My whole life as a sysadmin was a lie. Cron is now an init system.
Fortunately that's about all I recall to be wrong with this thing. But there's a few things that I really want to tell any greenhorn developers out there... Always look at best practices. Never take shortcuts. The right way is going to be the best way 99% of the time. That way you don't have to go back and fix it. Do your app modularly so that a fix can be done quickly and easily. Store passwords securely and if you can't, let the user know and offer alternatives. Don't put it on the stdout. Always assume that your users will go with default options when in doubt. I love tweaking but defaults should always be sane ones.
One more thing that's mostly a jab. The ZNC software is hosted on a .in domain, which would.. quite honestly.. explain a lot. Is India becoming the next Chinese manufacturers for software? Except that in India the internet access is not restricted despite their civilization perhaps not being fully ready for it yet. India, develop and develop properly. It will take a while but you'll get there. But please don't put atrocities like this into the world. Lastly, I know it's hard and I've been there with my own distribution project too. Accept feedback. It's rough, but it is valuable. Listen to the people that criticize your project.9 -
!dev
For a long time, I thought that the most annoying people on the ski slope are kids overestimating their abilities on a difficult piste or speeding down the slope ignoring others. Boy was I wrong; those kids are nothing compared to all the fucking morons who think that buying the most expensive gear at a local sports store makes them better at skiing.
For the love of god, if you ever consider skiing, just buy some reasonably cheap all-mountain gear, and if you think you need something better, do proper research or find a fucking expert. I'm not talking about those "experts" they have at your local sports store, I'm talking someone who provides gear and support for actual ski clubs and teams, or at least someone working at a dedicated outdoors store who actually owns some of the gear they're selling.
"Oh, but I'm an advanced skier" - right, then why don't you tell me what turning radius, width profile, and flex would best fit you? Thought so.
Look, it's clear just by looking at your $1000 "racing" skis that they have a way shorter turning radius than any competition-level skis, and if you were really going as fast as you think you are, you'd probably spin out on every other turn with such a short radius. Your curved skiing poles aren't fooling anyone either; professionals only use those in super-g and downhill because you need to go insanely fast to notice any advantage over regular poles. And people who race that fast use way more protection than I can see on you.
Okay, it's your gear, it's your body; if you're going to buy overpriced stuff that doesn't make sense or neglect protection, that's up to you. Do you know what's not up to you? Being a fucking moron and ruining skiing for everyone else. Just because you got the most expensive "expert-level" gear, you can't just use it for powder, park, or moguls when you feel like it because you don't fucking know how to ride any of these, even if your gear claims to be good for all types of skiing. And let me tell you, that expensive gear you have is much less forgiving than some entry-level gear if you decide to try other styles of skiing.
I'm fucking tired of people like that. If I go to the resort with lots of powder, I want to ride the powder, not spend most of my time avoiding groups of morons who clearly don't have the right gear and skills for the powder. If I go to the resort with a huge park, I want to ride the park, and I can't do anything if the place is covered by dipshits speeding past the objects and braking in front of the jumps. And if I want to race down the piste, I want to race, I don't want to have a bunch of morons constantly switching side in front of me to avoid "rough" parts they can't ride on. -
Here, a full retrospective of my Apple products ownership.
iPhone SE – after Android, I was absolutely amazed by how fast it worked. No UI lags, camera works absolutely instantly no matter the light conditions, all the GPU-heavy games work butter smooth.
After camera and charging port failures on Xperia flagship and CPU literally melting through screen rendering it unusable on Meizu, it was enough to make me interested in Apple products.
When I was using Meizu, I actually got a twitching eye which was triggered by UI lags. After two months of using iPhone, I noticed that something was missing – my eye wasn't twitching anymore.
iPhone actually cured me.
MacBook 12 – a 900 grams laptop with passive-cooled mobile CPU running many Chrome tabs, heavy Webpack HMR build, VSCode and Slack just fine. Yes, you can't play games, but I don't even require it from a laptop this tiny.
Butterfly keyboard that internet hates so much actually increased my typing speed and comfort compared to MX Red mechanical keyboard, and ForceTouch trackpad made me forget about mouse. I learned how to disassemble the Butterfly keyboard if I ever need this but the keyboard never failed.
I use this laptop to this day and it still even smells like the day one, a beautiful smell of a new Apple product.
iPhone X – got it because of the camera, stayed for great battery life and amazing OLED display. I use telephoto lens exclusively and it made me lay off my Canon DSLR with Helios lens which stays on my bookshelf covered in dust to this day.
True black of OLED display which is undistinguishable from the screen bezel is stunning. To this day, battery surely works for one and a half days and I watch youtube really often.
I sometimes struggled to unlock iPhone SE with wet fingers, but with FaceID, as soon as I look at the screen the phone is unlocked. Works perfect every time, never had an issue with this.
Stainless steel body feels premium compared to aluminum. Stereo sound is a major selling point if you're like watching videos and playing games on your phone. Overall amazing product and a huge improvement over SE.
Apple Watch series 4 – really comfortable fit. Nice battery life, once I forgot about it for like ten days during lockdown and it was still working, even though on power reserve mode. Really reliable in terms of battery life and liquid protection. Very satisfying Taptic Engine crown clicks. I run every day and Apple watch always measure my heart rate correctly, and the running app is well designed and a pleasure to use. Overall a nice accessory to have if you use iPhone.
Powerbeats Pro – great sound and battery life. I switched from Shure SE215 which was great, but it had wires. I listen to a lot of music so the sound quality is important for me. When I was choosing earphones I visited a store where you can listen to them all. I listened through earphones like Noble Audio Kaiser Encore and JH Audio Layla, and of course $4000 Laylas sound better than $249 bluetooth earphones, but the difference in sound doesn't justify the difference in price to me.
Powerbeats pro is the Apple H1 chip true wireless earphones with largest driver of them all which makes them sound better than AirPods Pro – it's just physics. Bass in Powerbeats is amazing, which is also true for my Shures, but Powerbeats also win in clarity.
It connects seamlessly to both my MacBook and my iPhone, and everyone in voice chats can hear me really good.
Huge case is a major throwback compared to AirPods, but the battery life of earphones themselves is so great that I just leave the case at home and only carry earphones and it works for me.
Apple Link bracelet in space black – really better than I expected. Intricate detailing, literally the steel that Rolex uses, top-notch finishing and polishing – all that for just 450 dollars. I only used it for several days now, but it already feels like a really satisfying product.
Before all that I was using Linux. It took a year for elementaryos devs to fix wifi for my laptop. Ubuntu looks and feels ugly. Pop OS felt like garbage. Manjaro was also just that – garbage. KDE Plasma – I don't even want to talk about that. A monstrocity where you accidentally click a wrong switch in the settings and your system won't boot up again. Also, PulseAudio. Struggles with proprietary drivers and software updates.
Windows? I serviced a lot of Windows PCs through my career and it never, never worked as intended. I'm no dumbass, I always managed the rights correctly and never installed sketchy apps. My latest ryzen gaming build with a lot of ram also lags somehow even in Windows 10 UI.
Before I switched, I defended Linux.
My life was a lie.
I'm sorry to everyone who I offended based on their opinion on Linux.33 -
I work full time in the data protection field for healthcare whilst investing all my free time into coding as a career change.
I've discovered that despite people telling you how much you need to spend every hour you get free to learn to code, you also need to consider the people closest to you. I was ignoring my partner who I live with because I thought this was more important and that she should be able to see that. But what's the point in being in a relationship if you aren't making an effort with each other?
It's OK to slow down and invest time into the people you have in your life. Give yourself a break. -
[Seeking Advice / Legal / Opinion]
Hello world, (TLDR at the bottom)
I'm the co-founder of a small startup and looking for advice from people of legal background or similar situations. (Any help making the reddit post more active will also help a lot: https://reddit.com/r/legaladvice/...)
Just as a backstory for better understanding:
a couple of years ago, me (early twenties, male) and another guy (late thirties, male) started an entrepreneurial journey, got in an accelerator program and some investment, and things always looked well.
We opened the company and started working / selling our services. Step by step we started recruiting, and getting some clients, and business is going well... ("well" as in, small revenues but not spending more than we earn).
The thing is that me and my co-founder's relationship has been degrading over time and I think it would be better for us and the company to split up and go our own way. He has the majority of the shares and I don't mind leaving it all behind for the sake of the company and mental health.
This is in US, if it helps, and we both have At-Will employment contracts.
My main question is, *if I do sign a termination contract*, from what I read, I'm obliged to remain reachable for a period of 12 months (plus all those IP related stuff, not sharing confidential info, etc).
[1] Is there anything I should be careful about and get some kind of protection or get some more information before resigning?
I'm afraid that if I leave the company it affects the business negatively, as we both work 16 / 20 hour shifts many times and my work would not be easily replaced by anyone in the current team. We are hiring more people right now, and some seniors, and I was thinking on staying one month dedicated only to training them... [2] Could this be specified in some contract that I am resigning from "today", but stay 30 days focusing on training new people, or anything similar?
I don't mind staying in touch and help whenever they could need, but I will not be available 24/7 and I will obviously need a job to pay living expenses, so I don't want to affect negatively my time in other jobs or personal life and be kind of protected against anything that he could do to make me stay continuously connected or compromised.
I'm interested in knowing any opinions and advice you guys may have, and feel free to ask some questions if you need extra details.
I just want the best for the startup but cannot hold much time in the current environment.
TLDR: Relationship between me and co-founder is getting worse, thinking on resignating but want to keep some sort of protection against anything that could make me keep compromised to the company.7 -
ASP.NET Core (MVC) is frustrating me.
I’m a big fan of ASP so far but I’m just struggling to understand a lot.
First off to use it you have to fucking memorize every class in the fucking framework and the functions within them. It just expects that I automatically know which classes I need to implement or inherit from and why, but if I don’t? I can fuck off. But this is also just a C# problem in general.
And it does so much for you and that bothers me so much. I was so excited to actually implement protection against SQL Injections, using HTTPS, validating logins, interacting with the SQL for the database but FUCKING NOPE BECAUSE IT DOES IT FOR YOU.
I don’t want my hand held I want to feel like I’m actually doing things and I want to learn how shit works and how it’s made. It’s just disappointing. I appreciate that it wants me to focus on the app and I will appreciate it a lot more when I’m done learning how everything works but I won’t actually get to understand how those features work or how I can implement them myself because it’s spoiling me too fucking much.
I guess I’m just gonna have to practice more. And don’t bother telling me to look at the documentation, I’ve never seen such a fucking piece of shit mess before I laid eyes upon the docs for C# & ASP21 -
While fucking my hot blonde gf this morning the Fucking DUREX condom BROKE and i creampied her. Here are the reasons why its not my fault:
1--Im not retarded
- 4 years of fcking my hot blonde gf with no protection and nothing ever happened cos im !retarded. Its a bigger risk to fuck with condom than without, how is this fucking normal???
2--I use condom the right way
- i was holding the tip so air comes out, just like it was explained on the box, but while rolling it down i was still holding the tip to make sure the air doesnt come back up
3--She was wet
- she wasnt dry. My hot blonde gfs pussy was so wet from how horny she was so its impossible that it got torn due to dryness
4--First verification
- it wasnt torn or ripped. It was normal. Everything looked absolutely fine
5--Second verification
- when i put it inside my hot blonde gf and fk her i pull it out in the first 10 seconds just to make sure it isnt torn--it was good and nothing was ripped so i slowly put it back inside
6--Condom is not thin
- i took the regular durex one (fuck this fucking dead fraud company I'll piss and shit on their grave) so it wasnt the thin bullshit one
7--Dont got a big black dick
- its normal. Average. Not small nor big. So latex elasticity isn't my problem
8--50-50%
- every FUcking time when i fked my hot blonde gf with a condom i always stressed if it'll break or not. This is not the first time it broke. FUCK the product that is THIS MUCH unreliable, unsafe and fragile! I'll fuck the whole durex company up. Im not the only one who had this problem. DUREX IS THE BIGGEST OVERRATED SCAM COMPANY SPENDING BILLIONS ON MARKETING FOR A LOW QUALITY SHIT PRODUCT THAT DOESNT EVEN WORK
9--Package didnt expire
- i bought a new box in the store on 8th march for womens day (modern women value having gifted with condoms more than flowers). It wasnt bought in a shit china quality shop. I fked her in the car at night and also creampied her but the condom did NOT break. Then i fked her this morning in bed with condom from the SAME BOX, and now it DID break. Are you Fucking kidding me???
10--Emergency contraception
- i died from high adrenaline of running so fast to the store to buy her contraception. Had to run to 4 fucking stores cause all of them don't work before 7:30am. Finally found one in the 4th store and she drank Escapelle within 20 minutes of incident, as soon as it was physically possible
11--And now what
- now what. What do i do. I did everything i could. Nothing is my fault. My hot blonde gf wanted me to creampied her it was her idea so shes at fault partially. She will get tested in 15 days while this contraception lasts. Dont know what else to try. This bullshit never happened before21 -
tldr: I am looking for recommendations for a basic website for my parents. GOTO question;
Pre-Story:
My parents have a small (offline) business. They have a website to give some general information and list their weekly offers.
When I felt that what has come out of the website-building tool (you know, clicky clicky stuff) looked a bit too early 2000's and is a total ripoff for what you get (almost 20€ per month), I created something with Google Sites for them. Feel free to roast me, but web development is not my field and now it looks much more modern, is mobile friendly and does what it is supposed to do. Weekly offers are edited in a google sheets file, which is embedded in the website. Not great, but this way my mom doesn't have to deal with editing a tables on the page - trust me, it won't look good. This also meant they could downgrade the hosting package to discard the clicky-tool and just the domain (maybe 1€ per month). The website itself is hosted for free by Google.
Some time ago GDPR became a thing and then I was tasked to have a look at it. (side note: I don't want to rant about being responsible for it, that's fine. My parents don't really ask me to do a lot for them.) You can't enter any data on the website, it's just very basic stuff and data protection wise there's just the "usual" stuff (cookies, embedded tools, logs). I added another site with a halfway complete privacy policy. Regarding the whole cookie issue (do not enforce unnecessary cookies) I couldn't find an easy solution. It's not 100%, but what can you really expect from a small business like this? I've seen worse.
Now to the question:
Can you recommend a good alternative to the current solution (Google Sites)?
It should be cheap (<3€/month incl. domain) and my parents should be able to make some basic changes (just text in predefined locations). I am not afraid to get my hands dirty - I can deal with some HTML, CSS, JS - but I don't want to sink a lot of time into this. No need for analytics or the like. Maybe a newsletter would be cool (with the weekly offers), but that's just a random thought of mine and definitely not necessary.
Thanks for reading :)18 -
What does devrant think about custom IDs?
Instead of:
- "d2ac9db1-3222-4e99-97cb-e14fb4240f43"
Something like this:
- "user-d2ac9db1-3222-4e99-97cb-e14fb4240f43"
- "document-34ea29ce-6022-40d4-821d-95b240633ba9"
They can be saved as binary in DB (like in the old days before native UUID support), have basic protection against being confused with IDs of another prefix and are pretty much self-documenting (better debugging/logging experience).
Plus, every ID would have their own value object (increased type safety) and if required, prefix can be omitted for 3rd party systems.
I think, it would be well worth it... 🤔23