Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Some of the penguin's finest insults (Some are by me, some are by others):
Disclaimer: We all make mistakes and I typically don't give people that kind of treatment, but sometimes, when someone is really thick, arrogant or just plain stupid, the aid of the verbal sledgehammer is neccessary.
"Yeah, you do that. And once you fucked it up, you'll go get me a coffee while I fix your shit again."
"Don't add me on Facebook or anything... Because if any of your shitty code is leaked, ever, I want to be able to plausibly deny knowing you instead of doing Seppuku."
"Yep, and that's the point where some dumbass script kiddie will come, see your fuckup and turn your nice little shop into a less nice but probably rather popular porn/phishing/malware source. I'll keep some of it for you if it's good."
"I really love working with professionals. But what the fuck are YOU doing here?"
"I have NO idea what your code intended to do - but that's the first time I saw RCE and SQLi in the same piece of SHIT! Thanks for saving me the hassle."
"If you think XSS is a feature, maybe you should be cleaning our shitter instead of writing our code?"
"Dude, do I look like I have blue hair, overweight and a tumblr account? If you want someone who'd rather lie to your face than insult you, go see HR or the catholics or something."
"The only reason for me NOT to support you getting fired would be if I was getting paid per bug found!"
"Go fdisk yourself!"
"You know, I doubt the one braincell you have can ping localhost and get a response." (That one's inspired by the BOFH).
"I say we move you to the blockchain. I'd volunteer to do the cutting." (A marketing dweeb suggested to move all our (confidential) customer data to the "blockchain").
"Look, I don't say you suck as a developer, but if you were this competent as a gardener, I'd be the first one to give you a hedgetrimmer and some space and just let evolution do its thing."
"Yeah, go fetch me a unicorn while you're chasing pink elephants."
"Can you please get as high as you were when this time estimate come up? I'd love to see you overdose."
"Fuck you all, I'm a creationist from now on. This guy's so dumb, there's literally no explanation how he could evolve. Sorry Darwin."
"You know, just ignore the bloodstain that I'll put on the wall by banging my head against it once you're gone."2 -
!dev - cybersecurity related.
This is a semi hypothetical situation. I walked into this ad today and I know I'd have a conversation like this about this ad but I didn't this time, I had convo's like this, though.
*le me walking through the city centre with a friend*
*advertisement about a hearing aid which can be updated through remote connection (satellite according to the ad) pops up on screen*
Friend: Ohh that looks usefu.....
Me: Oh damn, what protocol would that use?
Does it use an encrypted connection?
How'd the receiving end parse the incoming data?
What kinda authentication might the receiving end use?
Friend: wha..........
Me: What system would the hearing aid have?
Would it be easy to gain RCE (Remote Code Execution) to that system through the satellite connection and is this managed centrally?
Could you do mitm's maybe?
What data encoding would the transmissions/applications use?
Friend: nevermind.... ._________.
Cybersecurity mindset much...!11 -
Anyone hear about the emergency patch that Microsoft just released? Its a RCE vulnerability CVE-2017-11937 which ironically targets all of Microsoft's security products.
Basically when Windows defender scans a specially crafted file the attacker can run code as the LocalSystem. Nice one Microsoft!1 -
Pet-peeve: fellow devs who think scoffing/dismissing/not-my-probleming before actually understanding the issue is a sign of intelligence; newsflash: you are being lazy, disagreeable and unprofessional.1
-
That log4j RCE is some fucking nasty business!!! Its exploits have already been observed multiple times in our company scope.
Time for some unplanned Saturday evening hot-patches :/
P.S. Why the fuck leave such a feature enabled as default??? I mean really, whose brilliant idea was "let's leave the message parser enabled as well as the LDAP query hooks... BY FUCKING DEFAULT!!!"
I mean really, is anyone using that? ANYONE?
And then they laugh at me when I say "stay away from frameworks", "use as little libraries as possible", "avoid foreign code in your codebase",...
you know what.... JOKE'S ON YOU!10 -
Holy fucking shit.
I just read an article about Barton Gellman, one of the journalists that wrote the snowden articles for the Washington Post and one of the 3 that got contacted directly by snowden.
It seams like several intelligence agencies tried/succeeded to compromise his infrastructure.
His iPad got compromised through an RCE exploit.
The turkish intelligence service tried to compromise his laptop by tricking him into installing a customized RAT.
Like fuck man, I can't imagine how it is to be targeted by pretty much every government there is.15 -
1. a client asks you to create an API for their system
2. you do what's requested
3. a year later you are curious how's that API doing. Client's devs decided to
[
"com.client.app.some.Datamodel$Subclass",
{
"someField": [
"java.util.ArrayList",
["SMTH","SMTH_ELSE"]
]}
]
sure, why not, right.....?9 -
+++ Sudo team adopting Adobe's Flash player, uniting security with design +++
Could we please stop pretending, that the choice of language has no security impact:
https://sudo.ws/alerts/...25 -
That moment when: you lift your gaze from your phone to understand the sudden quiet is because your expert opinion is needed in the meeting.
-
To you who enjoyed the Gif/Jiff, Sequel/EsQueEll, Git/Jeet grandiose debates, comes the new phonetic conundrum: DevREnt vs. DevRUnt. Soon, in monitors near you.6
-
Microsoft C/C++ code keeps on giving:
https://msrc.microsoft.com/update-g...
Too sad, that Microsoft is too poor to afford good devs. As a lot of devs here are sure, that good devs surely can code safe and secure in C/C++, Microsoft probably just lacks the resources to get such devs to work for them.13 -
Y'all might wanna update your Win7, Win8 amd Win Server 2008.
RDP RCE with a CVSS pf 9.8.
https://blogs.technet.microsoft.com/...2 -
What is DevRant's business model? It's a really great community, and I'm interested about how it's monetized (or plans for the future)4
-
That moment when: you realize your team has introduced a fatal flaw and lacks the foresight to understand it. The countdown has begun.2
-
Screw Scrum, screw it very much. Is it a task or a story? Oh let's make it a story to track points. What are points, really? *20 minute grilling always follows* Well they're kind of a roundabout way of talking about time without talking about time, mkay? But last time 2 points took you a day, what gives now? What do you mean points are for internal use, but how will management plan ahead for next quarter? Ok, let's mix in all those new people, and propotionately bump the expectation for the sprint, mkay? Yeah, they did 34 points per sprint over there, we'll just add those in. Oh, and by the way, after the 4-day estimation session we had where everyone was seizuring, I scheduled us at 645 points for the coming quarter, mkay? Don't worry, I added 15% for the "unexpected dtuff" so you're safe. Fuck you scrum, scrum-fall, whatever you are. Lost a dev lead role once for being honest about it after a year with a team that loved me, and projects completed more or less on time. Been reconsidered for a dev lead role for being honest about it in another place. Somebody else peddle this kool-aid, this one prefers a walk-on role in the wall to a lead role in the cage.5
-
When your peers lack the technical depth to promote their ideas, you bet they're honing their social skills in those confidential 1-on-1s.
-
my old game had this flow every time a client places an object:
Client A creates a new generic object, and attaches texture paths (yep, global paths are allowed), and... lua code as strings to it.
Client A sends the entire object list to the server
Server receives it, replaces it's own object list
Server copies the entire object list and sends it to all clients
Client A and Client B both receive the object list and replace their versions.
All clients see that the object contains some code as strings
They compile and store it, and then run every frame. UNSANDBOXED.
any client could make all other ones execute any code and i was proud of my idea! -
vBulletin Zero-Day with Remote Code Execution. If you have a server with this, make sure it's running over 5.5.4 (or under 5.0, but that would mean you have security problems to fix).
https://zdnet.com/article/... -
Not a rant, but was wondering:
If I undervolt Ryzen 5 3600 using Ryzen Master from windows, do I get the changes when I boot into my Linux distro? 🤔9
Top Tags
Weekly Rant
View