Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
https://blackhat.com/eu-17/...
https://theregister.co.uk/2017/12/...
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there
19 -
+++ Thank you for 1000+'s! +++
So guys we did it! We've reached our first big milestone!
This account was created about a month ago, and we are already this far!
Thanks to all authors (@DLMousey, @filthyranter, @baewulff) who are putting a lot of work and time into their articles and help this account to further grow in size!
To make this article at least a bit informative, here's how we publish our posts:
When I started this account, I hadn't thought of how articles were going to be published. Should I give the password to all writers? Should I post the articles manually?
Well, after I've started the devNews Discord Server, @olback suggested making a Discord Bot, that helps us to publish our stuff.
After surprisingly few hours, @olback already got a prototype working.
We have a special channel and whoever writes stuff in it, updates the current article. Later, I took on the work, @olback has done and switched to LowDB, to be able to let multiple users have their own articles they are working on and much more. (Like special signatures)
And that's how it is now.
We have a channel for draft, where we write our stuff and a channel for publishing, where the bot listens to what we write and then publishes the articles with a command.
That's all of it.
Thank you for reading!
7 -
Hey all! It's a me, Skayo, you might know me from the very early years of devRant, my highlight bot, my random quote bot, the devRant-Community on GitHub or any of the dumb rants and things that I've posted during my time.
Since I'm currently doing a cleanup of my old GitHub repos and this platform is still somewhat active, I have decided to pass on or publish all my projects and things I've created for this community back in the days.
Firstly, I have just published and transferred the source codes for the @highlight bot, the @RandomQuote bot, the @here bot, and some weird bot framework to the devRant-Community GitHub organization (https://github.com/devRant-Communit...).
Feel free to check them out if you've ever wondered what awful, awful code was running in the background all these years!
Secondly, I am offering any of the following to anyone who's interested:
- Ownership of the "devRant-Community" organization on GitHub (https://github.com/devRant-Communit...)
- Credentials for the @RandomQuote devRant user
- Credentials for the @highlight devRant user
- Credentials for the @here devRant user
- Credentials for the @devNews devRant user
- Ownership of the "devNews" Discord server
- Ownership of the "Community Programming Book" Discord server
- Anything else that I've forgotten about, maybe check the comments
If you're interested, message me on Discord "@skayodev" or anywhere else I am active under that alias (f.e. Telegram).
I might do a little background check to prevent abuse and I AM NOT SELLING THEM, just giving them away.
Thank you devRant for all the fun we had together and for introducing me to some of my current best friends :)
A thank you especially to @dfox and @trogus, who have created this amazing platform! (and sorry for all of the bullshit I did back then lol)
I wish you all the best <3
~ Skayo11 -
I’m back for a fucking rant.
My previous post I was happy, I’ve had an interview today and I felt the interviewer acted with integrity and made the role seem worthwhile. Fuck it, here’s the link:
https://www.devrant.io/rants/889363
So, since then; the recruiter got in touch: “smashed it son, sending the tech demo your way, if you can get it done this evening that would be amazing”
Obviously I said based on the exact brief I think that’s possible, I’ll take a look and let them know if it isn’t.
Having done loads of these, I know I can usually knock them out and impress in an evening with no trouble.
Here’s where shit gets fucked up; i opened the brief.
I was met with a brief for an MVP using best practice patterns and flexing every muscle with the tech available...
Then I see the requirements, these fucking dicks are after 10 functional requirements averaging an hour a piece.
+TDD so * 1.25,
+DI and dependency inversion principle * 1.1
+CI setup (1h on this platform)
+One ill requirement to use a stored proc in SQL server to return a view (1h)
+UX/UI design consideration using an old tech (1-2h)
+unobtrusive jquery form post validation (2h)
+AES-256 encryption in the db... add 2h for proper testing.
These cunts want me to knock 15-20h of Work into their interview tech demo.
I’ve done a lot of these recently, all of them topped out at 3h max.
The job is middling: average package, old tech, not the most exciting or decent work.
The interviewer alluded to his lead being a bit of a dick; one of those “the code comes first” devs.
Here’s where shit gets realer:
They’ve included mock ups in the tech demo brief’s zip... I looked at them to confirm I wasn’t over estimating the job... I wasn’t.
Then I looked at the other files in the fucking zip.
I found 3 of the images they wanted to use were copyright withheld... there’s no way these guys have the right to distribute these.
Then I look in the font folder, it’s a single ttf, downloaded from fucking DA Font... it was published less than 2mo ago, the license file had been removed: free for Personal, anything else; contact me.
There’s no way these guys have any rights to this font, and I’ve never seen a font redistributed legally without it’s accompanying licence files.
This fucking company is constantly talking about its ethical behaviours.
Given that I know what I’m doing; I know it would have taken less time to find free-for-commercial images and use a google font... this sloppy bullshit is beyond me.
Anyway, I said I’d get back to the recruiter, he wasn’t to know and he’s a good guy. I let him know I’d complete the tech demo over the weekend, he’s looked after me and I don’t want him having trouble with his client...
I’ll substitute the copyright fuckery with images I have a license for because there’s no way I’m pushing copyright stolen material to a public github repo.
I’ll also be substituting the topic and leaving a few js bombs in there to ensure they don’t just steal my shit.
Here’s my hypotheses, anyone with any more would be greatly welcomed...
1: the lead dev is just a stuck up arsehole, with no real care for his work and a relaxed view on stealing other people’s.
2: they are looking for 15-20h free work on an MVP they can modify and take to market
3: they are looking for people to turn down this job so they can support someone’s fucking visa.
In any case, it’s a shit show and I’ll just be seeing this as box checking and interview practice...
Arguments for 1: the head told me about his lead’s problems within 20mn of the interview.
2: he said his biggest problem was getting products out quickly enough.
3: the recruiter told me they’d been “picky”, and they’re making themselves people who can’t be worked for.
I’m going to knock out the demo, keep it private and protect my work well. It’s going to smash their tits off because I’m a fucking great developer... I’ll make sure I get the offer to keep the recruiter looked after.
Then fuck those guys, I’m fucking livid.
After a wonderful interview experience and a nice introduction to the company I’ve been completely put off...
So here’s the update: if you’re interviewing for a shitty middle level dev position, amongst difficult people, on an out of date stack... you need people to want you, don’t fuck them off.
If they want my time to rush out MVPs, they can pay my day rate.
Fuuuuuuuuck... I typed this out whilst listening to the podcast, I’m glad I’m not the only one dealing with shit.
Oh also; I had a lovely discriminatory as fuck application, personality test and disability request email sent to me from a company that seems like it’s still in the 90s. Fuck those guys too, I reported them to the relevant authorities and hope they’re made to look at how morally reprehensible their recruitment process is. The law is you don’t ask if the job can be done by anyone.6 -
So, myself an a friend are working on a project together. I leave for a weekend trip, I come back and find out the changelog is out of date like... six versions. I’m the type of person that likes to keep things like this. I had to manually go to the commit history and check when the package.json version was bumbed.
Yesterday, he updated it twice and pushed the versions to server, without updating the changelog. Turns out we accidentally skipped a version and decided to combine the two.
Now I have to find the dates each version was published since I like to do that too. Great fun. -
Fair / Not Fair
I hate when an interviewer would ask me to code something for them for technical interview.( happy to show non propitiatory previous work) So now that I am the one doing the interviewing, I am doing what I would have wanted, and I have to say it is working out. I thought I would share my experience so far and find out if the community at large sees this practice as fair or not fair.
People reply to the job post then I call and do quick phone interview ask a few key questions. After I find somone I think should go the next level I direct them to freelancer site and give them a paid project.
most recent project: Build simple(i mean really simple) ASP.net Core MVC web application (code first) that remotely connects to SQL server and can be published in linux ubuntu.
bla bla user accounts/ subscription bla bla. But it must me completed in 10 days. reward $1000.00 us dollars.
I build the SQL server for them and put blank database in and provide connection details.
To be fair
I have already built this app my self it and it took me 5 days.
So, Fair / not Fair11 -
AWS Contractor
I've been putting a web application together that I'm looking to have published on AWS. Not having too much experience with AWS, I am looking to hire a contractor. I've had a number of quotes from different AWS admin's ranging from $40 an hour to $200 an hour, from 1-days worth of work to 2-months worth of work!
I'm not really sure what to make of it or to whom to trust. I believe they’re using my ignorance to overcharge me. I've listed my requirements below, could you guys use your professional experiences to let me know what you think is reasonable charge and where best I could find someone to help me.
My application is a US shopping website where people can set up an online shop and upload their products and maintain an inventory of the items.
This is what I’m looking for setup and configuration with the following two areas:
1) AWS SYSTEMS…
* AIM - Set up my server admin users.
* EC2 - Web Hosting.
* RDS - Fast DB.
* SES - To send emails.
* S3 Buckets - Uploaded image hosting.
Route 53 - I don’t know but someone said I should have this.
* Elastic Load Balancing - For, well, load balancing.
2) SCRIPTS…
* A script that would back up the database once a day and save it to a private S3 Bucket.
* A script that will run once a day that calls an internal API, and POST a query to it.
* A script that runs once every 90 days, to refresh the SSL using ZeroSSL.com
Is there anything that I've missed such as security systems, firewalls, auto scaling and CDNs?
The quotes that I've received arranged from $320 to $64,000. I know I am being abused because of my ignorance. I would never overcharge someone because the customer doesn't know the efforts of the work. I hope someone here can help to understand the efforts needed and can tell me the true cost.
Thank you6 -
It's not a big deal but I feel proud, a teen in my neighborhood was asking me to teach him some Android dev, I was like why not.
He published his first app (free and paid versions)
It's a simple app about broadcasting audio (from MIC or calls) to a radio server like shoutcast.
I have to put it here for support the guy :)
https://play.google.com/store/apps/...4 -
Found a little magazine when I was 12 which talked about HTML.
Then later, a friend talked about VBS and VB.NET and I just started making prank shit in that...
Then later back to making websites and basically just grew from there really...
Only followed a formal education on programming once... Which I got kicked out off because I ended my first year with a splendid 2 (that 1 point for adequate attendance).
The fun part? I failed because I was too good :^)
All my grades where a 1 or a 2 because my code was made using tools and libraries that they didn't want me to touch or even know about until 3rd of 4th year...
So yea, I failed everything with the reason being: "Not according to the exercise".
Another fun part: We had to make a personal blog in the 1st year using the techniques we had learned.
Sites were published on a *public* server...
Someone hacked all sites... except mine :^)
Top Tags
Weekly Rant
View