Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "root did a thing"
-
I just gave a 20 minute presentation in front of fifty people, and apparently did well enough that I got five private compliments afterwards, including one from the vice president. 🥳
And all of that without a single drop of rum!17 -
Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜
Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.
First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.
Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.
Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.
Dealing with attacks and getting hacked.
Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.
linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)
How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!
One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)
Dealing with different kinds of attacks:
Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.
So yah, hereby :P39 -
I am bloody sick of being on my own.
I was the sole dev at the last few jobs I've held, with the exception of API Guy -- who didn't really help much, and who got fired / quit six months after I started. Every other job I've either been the only dev, or the only web dev. (Exception:My boss at my previous job was a Rails dev, but he has zero time to code, and was significantly less experiened so he could only rarely help anyway.)
But now I'm in a company with a bunch of other devs, and they're all ostensibly senior devs, so you'd think I should be able to ask questions, right? And get answers? that actually help? like "Hey, you built this; how does it work?" No bloody way.
So far every time I've asked someone for help, they've been incompetent. I asked about what a few flags did, and got an answer that basically said "you just gotta know. oh, and the labels aren't up to date, so don't trust what they say." I asked the head of the "product team" about a ticket that he wrote, and he changed what it meant four times within two days. I asked about another, and he said "oh, that isn't reproduceable." Thanks. I asked about mailers, and got two very different, very incompete walkthroughs from the more senior devs (9+ years on this codebase) that didn't help. I asked two people about how users and roles work, and still have no idea what kind of user (there are like twelve?) is what, what roles even exist, or how to check for permissions. `@current_user` is a thing, but idfk what it holds since that can change considerably, and there's an impersonation feature that changes how it works, too. I ask the product guy again about where to link something, and he has no idea. I ask said product guy about what this feature needs to do, and he doesn't know. I ask what the legal team needs, and i get nothing. I ask the designer where the goddamn CSS lives, and he doesn't know; he apparently just puts it wherever he feels like, even if it's a completely unrelated stylesheet. As long as it works, right?
I ask very simple and straighforward questions, and it takes them forever to get back to me saying what amounts to "idk, ask someone else."
This feels like the same crap all over again, except now there are a bunch of devs I can ask that give me basically the same answers as the sales people always did. Always "idk" or a confusing mess of an 'answer' that skips most/all of the important bits. At least these people don't [usually] contradict themselves.
So, @Root is all alone, again.
And currounded by incompetence.
Again.
For fuck's sake.
Can't I catch a break?19 -
One comment from @Fast-Nop made me remember something I had promised myself not to. Specifically the USB thing.
So there I was, Lieutenant Jr at a warship (not the one my previous rants refer to), my main duties as navigation officer, and secondary (and unofficial) tech support and all-around "computer guy".
Those of you who don't know what horrors this demonic brand pertains to, I envy you. But I digress. In the ship, we had Ethernet cabling and switches, but no DHCP, no server, not a thing. My proposition was shot down by the CO within 2 minutes. Yet, we had a curious "network". As my fellow... colleagues had invented, we had something akin to token ring, but instead of tokens, we had low-rank personnel running around with USB sticks, and as for "rings", well, anyone could snatch up a USB-carrier and load his data and instructions to the "token". What on earth could go wrong with that system?
What indeed.
We got 1 USB infected with a malware from a nearby ship - I still don't know how. Said malware did the following observable actions(yes, I did some malware analysis - As I said before, I am not paid enough):
- Move the contents on any writeable media to a folder with empty (or space) name on that medium. Windows didn't show that folder, so it became "invisible" - linux/mac showed it just fine
- It created a shortcut on the root folder of said medium, right to the malware. Executing the shortcut executed the malware and opened a new window with the "hidden" folder.
Childishly simple, right? If only you knew. If only you knew the horrors, the loss of faith in humanity (which is really bad when you have access to munitions, explosives and heavy weaponry).
People executed the malware ON PURPOSE. Some actually DISABLED their AV to "access their files". I ran amok for an entire WEEK to try to keep this contained. But... I underestimated the USB-token-ring-whatever protocol's speed and the strength of a user's stupidity. PCs that I cleaned got infected AGAIN within HOURS.
I had to address the CO to order total shutdown, USB and PC turnover to me. I spent the most fun weekend cleaning 20-30 PCs and 9 USBs. What fun!
What fun, morons. Now I'll have nightmares of those days again.9 -
Well, here's the OS rant I promised. Also apologies for no blog posts the past few weeks, working on one but I want to have all the information correct and time isn't my best friend right now :/
Anyways, let's talk about operating systems. They serve a purpose which is the goal which the user has.
So, as everyone says (or, loads of people), every system is good for a purpose and you can't call the mainstream systems shit because they all have their use.
Last part is true (that they all have their use) but defining a good system is up to an individual. So, a system which I'd be able to call good, had at least the following 'features':
- it gives the user freedom. If someone just wants to use it for emailing and webbrowsing, fair enough. If someone wants to produce music on it, fair enough. If someone wants to rebuild the entire system to suit their needs, fair enough. If someone wants to check the source code to see what's actually running on their hardware, fair enough. It should be up to the user to decide what they want to/can do and not up to the maker of that system.
- it tries it's best to keep the security/privacy of its users protected. Meaning, by default, no calling home, no integrating users within mass surveillance programs and no unnecessary data collection.
- Open. Especially in an age of mass surveillance, it's very important that one has the option to check the underlying code for vulnerabilities/backdoors. Can everyone do that, nope. But that doesn't mean that the option shouldn't be there because it's also about transparency so you don't HAVE to trust a software vendor on their blue eyes.
- stability. A system should be stable enough for home users to use. For people who like to tweak around? Also, but tweaking *can* lead to instability and crashes, that's not the systems' responsibility.
Especially the security and privacy AND open parts are why I wouldn't ever voluntarily (if my job would depend on it, sure, I kinda need money to stay alive so I'll take that) use windows or macos. Sure, apple seems to care about user privacy way more than other vendors but as long as nobody can verify that through source code, no offense, I won't believe a thing they say about that because no one can technically verify it anyways.
Some people have told me that Linux is hard to use for new/(highly) a-technical people but looking at my own family and friends who adapted fast as hell and don't want to go back to windows now (and mac, for that matter), I highly doubt that. Sure, they'll have to learn something new. But that was also the case when they started to use any other system for the first time. Possibly try a different distro if one doesn't fit?
Problems - sometimes hard to solve on Linux, no doubt about that. But, at least its open. Meaning that someone can dive in as deep as possible/necessary to solve the problem. That's something which is very difficult with closed systems.
The best example in this case for me (don't remember how I did it by the way) was when I mounted a network drive at boot on windows and Linux (two systems using the same webDav drive). I changed the authentication and both systems weren't in for booting anymore. Hours of searching how to unfuck this on windows - I ended up reinstalling it because I just couldn't find a solution.
On linux, i found some article quite quickly telling to remove the entry for the webdav thingy from fstab. Booted into a root recovery shell, chrooted to the harddrive, removed the entry in fstab and rebooted. BAM. Everything worked again.
So yeah, that's my view on this, I guess ;P31 -
Worst thing you've seen another dev do? So many things. Here is one...
Lead web developer had in the root of their web application config.txt (ex. http://OurPublicSite/config.txt) that contained passwords because they felt the web.config was not secure enough. Any/all applications off of the root could access the file to retrieve their credentials (sql server logins, network share passwords, etc)
When I pointed out the security flaw, the developer accused me of 'hacking' the site.
I get called into the vice-president's office which he was 'deeply concerned' about my ethical behavior and if we needed to make any personnel adjustments (grown-up speak for "Do I need to fire you over this?")
Me:"I didn't hack anything. You can navigate directly to the text file using any browser."
Dev: "Directory browsing is denied on the root folder, so you hacked something to get there."
Me: "No, I knew the name of the file so I was able to access it just like any other file."
Dev: "That is only because you have admin permissions. Normal people wouldn't have access"
Me: "I could access it from my home computer"
Dev:"BECAUSE YOU HAVE ADMIN PERMISSIONS!"
Me: "On my personal laptop where I never had to login?"
VP: "What? You mean ...no....please tell me I heard that wrong."
Dev: "No..no...its secure....no one can access that file."
<click..click>
VP: "Hmmm...I can see the system administration password right here. This is unacceptable."
Dev: "Only because your an admin too."
VP: "I'll head home over lunch and try this out on my laptop...oh wait...I left it on...I can remote into it from here"
<click..click..click..click>
VP: "OMG...there it is. That account has access to everything."
<in an almost panic>
Dev: "Only because it's you...you are an admin...that's what I'm trying to say."
Me: "That is not how our public web site works."
VP: "Thank you, but Adam and I need to discuss the next course of action. You two may go."
<Adam is her boss>
Not even 5 minutes later a company wide email was sent from Adam..
"I would like to thank <Dev> for finding and fixing the security flaw that was exposed on our site. She did a great job in securing our customer data and a great asset to our team. If you see <Dev> in the hallway, be sure to give her a big thank you!"
The "fix"? She moved the text file from the root to the bin directory, where technically, the file was no longer publicly visible.
That 'pattern' was used heavily until she was promoted to upper management and the younger webdev bucks (and does) felt storing admin-level passwords was unethical and found more secure ways to authenticate.5 -
Imagine, you get employed to restart a software project. They tell you, but first we should get this old software running. It's 'almost finished'.
A WPF application running on a soc ... with a 10" touchscreen on win10, a embedded solution, to control a machine, which has been already sold to customers. You think, 'ok, WTF, why is this happening'?
You open the old software - it crashes immediately.
You open it again but now you are so clever to copy an xml file manually to the root folder and see all of it's beauty for the first time (after waiting for the freezed GUI to become responsive):
* a static logo of the company, taking about 1/5 of the screen horizontally
* circle buttons
* and a navigation interface made in the early 90's from a child
So you click a button and - it crashes.
You restart the software.
You type something like 'abc' in a 'numberfield' - it crashes.
OK ... now you start the application again and try to navigate to another view - and? of course it crashes again.
You are excited to finally open the source code of this masterpiece.
Thank you jesus, the 'dev' who did this, didn't forget to write every business logic in the code behind of the views.
He even managed to put 6 views into one and put all their logig in the code behind!
He doesn't know what binding is or a pattern like MVVM.
But hey, there is also no validation of anything, not even checks for null.
He was so clever to use the GUI as his place to save data and there is a lot of parsing going on here, every time a value changes.
A thread must be something he never heard about - so thats why the GUI always freezes.
You tell them: It would be faster to rewrite the whole thing, because you wouldn't call it even an alpha. Nobody listenes.
Time passes by, new features must be implemented in this abomination, you try to make the cripple walk and everyone keeps asking: 'When we can start the new software?' and the guy who wrote this piece of shit in the first place, tries to give you good advice in coding and is telling you again: 'It was almost finished.' *facepalm*
And you? You would like to do him and humanity a big favour by hiting him hard in the face and breaking his hands, so he can never lay a hand on any keyboard again, to produce something no one serious would ever call code.4 -
To those that think they can't make it.
To those that are put down by those that don't understand you.
And to those that have never had a dream come true.
Not a rant, but the story of how I got into programming
I've always been into tech/electronics. I remember being told once that when I was 3, I used to take plug sockets to pieces. When I was 7, I built a computer with my dad.
There isn't a thing in my room that hasn't been dismantled and put back together again. Except for the things that weren't put back together again ;)
When I was 15, I got a phone for Christmas. It was a pretty crappy phone, the LG P350 (optimus ME). But I loved it all the same.
However I knew it could do a lot more. It ran a bloated, slow version of Android 2.2.
So I went searching, how can I make it faster, how to make it do more. And I found a huge community around Android ROMs. Obviously the first thing I did was flashed this ROM. Sure, there were bugs, but I was instantly in love with it. My phone was freed.
From there I went on to exploring what else can be done.
I wanted to learn how to script, so over the weekend I wrote a 1000 line batch (Windows cmd) script that would root the phone and flash a recovery environment onto it. Pretty basic. Lots of switch statements, but I was proud of it. I'd achieved something. It wasn't new to the world, but it was my first experience at programming.
But it wasn't enough, I needed more.
So I set out to actually building the roms. I installed Linux. I wanted to learn how to utilise Linux better, so I rewrote my script in bash.
By this time, I'd joined a team for developing on similar spec'd phones. Without the funds to by new devices, we began working on more radical projects.
Between us, we ported newer kernels to our devices. We rebased much of the chipset drivers onto newer equivalents to add new features.
And then..
Well, it was exam season. I was suffering from personal issues (which I will not detail), and that, with the work on Android, I ended up failing the exams.
I still passed, but not to the level I expected.
So I gave up on school, and went head first into a new kind of development. "continue doing what you love. You'll make it" is what I told myself.
I found python by contributing to an IRC bot. I learnt it by reading the codebase. Anything I didn't understand, I researched. Anything I wanted to do, google was there to help me through it.
Then it was exam season again. Even though I'd given up on school, I was still going. It was easier to stay in than do anything about it.
A few weeks before the exams, I had a panic attack. I was behind on coursework, and I knew I would do poorly on exams.
So I dropped out.
I was disappointed, my family was disappointed.
So I did the only thing I felt I could do. I set out to get a job as a developer.
At this stage, I'd not done anything special. So I started aiming bigger. Contributing to projects maintained by Sony and Google, learning from them. Building my own projects to assist with my old Android friends.
I managed to land a contract, however due to the stresses at home, I had to drop it after a month.
Everything was going well, I felt ready to get a full time job as a developer, after 2 years of experience in the community.
Then I had to wake up.
Unfortunately, my advisors (I was a job seeker at the time) didn't understand the potential of learning to be a developer. With them, it's "university for a skilled job".
They see the word "computer" on a CV, they instantly say "tech support".
I played ball, I did what I could for them. But they'd always put me down, saying I wasn't good enough, that I'd never get a job.
I hated them. I'd row with them every other day.
By God, I would prove them wrong.
And then I found them. Or, to be more precise, they found me. A startup in London got in contact with me. They seemed like decent people. I spoke with their developers, and they knew their stuff, these were people that I can learn from.
I travelled 4 hours to go for an interview, then 4 hours back.
When I got the email saying they'd move me to London, I was over the moon.
I did exactly what everyone was telling me I couldn't do.
1.5 years later, I'm still working with them. We all respect each other, and we all learn from each other.
I'm ever grateful to them for taking a shot with me. I had no professional experience, and I was by no means the most skilled individual they interviewed.
Many people have a dream. I won't lie, I once dreamed of working at Google. But after the journey I've been through, I wouldn't have where I am now any other way. Though, in time, I wish to share this dream with another.
I hope that all of you reach your dreams too.
Sorry for the long post. The details are brief, but there are only 5k characters ;)23 -
Week 278: Most rage-inducing work experience — I’ve got a list saved! At least from the current circle of hell. I might post a few more under this tag later…
TicketA: Do this in locations a-e.
TicketB: Do this in locations e-h.
TicketC: Do this in locations i-k.
Root: There’s actually a-x, but okay. They’re all done.
Product: You didn’t address location e in ticket B! We can’t trust you to do your tickets right. Did you even test this?
Root: Did you check TicketA? It’s in TicketA.
Product guy: It was called out in TicketB! How did you miss it?!
Product guy: (Refuses to respond or speak to me, quite literally ever again.)
Product guy to everyone in private: Don’t trust Root. Don’t give her any tickets.
Product manager to boss: Root doesn’t complete her tickets! We can’t trust her. Don’t give her our tickets.
Product manager to TC: We can’t trust Root. Don’t give her our tickets.
TC: Nobody can trust you! Not even the execs! You need to rebuild your reputation.
Root: Asks coworker a simple question.
Root: Asks again.
Root: nudges them.
Root: Asks again.
Coworker: I’ll respond before tomorrow. (And doesn’t.)
Root: Asks again.
Root: Fine. I’ll figure it out in my own.
TC: Stop making it sound like you don’t have any support from the team!
Root: Asks four people about <feature> they all built.
Everyone: idk
Root: Okay, I’ll figure it out on my own.
TC: Stop making it sound like you don’t have any support from the team!
Root: Mentions multiple meetings to discuss ticket with <Person>.
TC: You called <Person> stupid and useless in front of the whole team! Go apologize!
Root: Tells TC something. Asks a simple question.
Root: Tells TC the same thing. Asks again.
TC: (No response for days.)
TC: Tells me the exact same thing publicly like it’s a revelation and I’m stupid for not knowing.
TC: You don’t communicate well!
Root: Asks who the end user of my ticket is.
Root: Asks Boss.
Root: Asks TC.
Root: Fine, I’ll build it for both.
Root: Asks again in PR.
TC: Derides; doesn’t answer.
Root: Asks again, clearly, with explanation.
TC: Copypastes the derision, still doesn’t answer.
Root: Asks boss.
Boss: Doesn’t answer.
Boss: You need to work on your communication skills.
Root: Mentions asking question about blocker to <Person> and not hearing back. Mentions following up later.
<Person>: Gets offended. Refuses to respond for weeks thereafter.
Root: Hey boss, there’s a ticket for a minor prod issue. Is that higher priority than my current ticket?
Root: Hey, should I switch tickets?
Root: Hey?
Root: … Okay, I’ll just keep on my current one.
Boss: You need to work on your priorities.
Everyone: (Endless circlejerking and drama and tattling)6 -
From my work -as an IT consultant in one of the big 4- I can now show you my masterpiece
INSIGHTS FROM THE DAILY LIFE OF A FUNCTIONAL ANALIST IN A BIG 4 -I'M NOT A FUNCTIONAL ANALYST BUT THAT'S WHAT THEY DO-
- 10:30, enter the office. By contract you should be there at 9:00 but nobody gives a shit
- First task of the day: prepare the power point for the client. DURATION: 15 minutes to actually make the powerpoint, 45 minutes to search all the possible synonyms of RESILIENCE BIG DATA AGILE INTELLIGENT AUTOMATION MACHINE LEARNING SHIT PISS CUM, 1 hour to actually present the document.
- 12:30: Sniff the powder left by the chalks on the blackboards. Duration: 30 minutes, that's a lot of chalk you need to snort.
13:00, LUNCH TIME. You get back to work not one minute sooner than 15.00
- 15:00, conference with the HR. You need to carefully analyze the quantity and quality of the farts emitted in the office for 2 hours at least
- 17:00 conference call, a project you were assigned to half a day ago has a server down.
The client sent two managers, three senior Java developers, the CEO, 5 employees -they know logs and mails from the last 5 months line by line-, 4 lawyers and a beheading teacher from ISIS.
On your side there are 3 external ucraininans for the maintenance, successors of the 3 (already dead) developers who put the process in place 4 years ago according to God knows which specifications. They don't understand a word of what is being said.
Then there's the assistant of the assistant of a manager from another project that has nothing to do with this one, a feces officer, a sys admin who is going to watch porn for the whole conference call and won't listen a word, two interns to make up a number and look like you're prepared. Current objective: survive. Duration: 2 hours and a half.
- 19:30, snort some more chalk for half an hour, preparing for the mail in which you explain the associate partner how because of the aforementioned conference call we're going to lose a maintenance contract worth 20 grands per month (and a law proceeding worth a number of dollars you can't even read) and you have no idea how could this happen
- 20:00, timesheet! Compile the weekly report, write what you did and how long did it take for each task. You are allowed to compile 8 hours per day, you worked at least 11 but nobody gives a shit. Duration: 30 minutes
- 20:30, update your consultant! Training course, "tasting cum and presenting its organoleptic properties to a client". Bearing with your job: none at all. Duration: 90 minutes, then there's half an hour of evaluating test where you'll copy the answers from a sheet given to you by a colleague who left 6 months ago.
- 22:30, CHANCE CARD! You have a new mail from the HR: you asked for a refund for a 3$ sandwich, but the receipt isn't there and they realized it with a 9 months delay. You need to find that wicked piece of paper. DURATION: 30 minutes. The receipt most likely doesn't even exist anymore and will be taken directly from your next salary.
- 23:00 you receive a message on Teams. It's the intern. It's very late but you're online and have to answer. There's an exception on a process which have been running for 6 years with no problems and nobody ever touches. The intern doesn't know what to do, but you wrote the specifications for the thing, 6 years ago, and everything MUST run tonight. You are not a technician and have no fucking clue about anyhing at all. 30 minutes to make sure it's something on our side and not on the client side, and in all that the intern is as useful as a confetto to wipe your ass. Once you're sure it's something on our side you need to search for the senior dev who received the maintenance of the project, call him and solve the problem.
It turns out a file in a shared folder nobody ever touches was unreachable 'cause one of your libraries left it open during the last run and Excel shown a warning modal while opening it; your project didn't like this last thing one bit. It takes 90 minutes to find the root of the problem, you solve it by rebooting one of your machines. It's 01:00.
You shower, watch yourself on the mirror and search for the line where your forehead ends and your hair starts. It got a little bit back from yesterday; the change can't be seen with the naked eye but you know it's there.
You cry yourself to sleep. Tomorrow is another day, but it's going to be exactly like today.8 -
Yesterday (or the day before that depending on your timezone and day-night schedule - this Friday) my OnePlus 6T arrived. After only 2 days of time between placing the order and actually getting the phone, quite impressive!
The DHL guy asked me upon receipt - is it the OnePlus 6T? - Yes it is!! - "An amazing device it is!", he said. And honestly.. he couldn't be more right.
I might be a bit biased on this because after all I did just spend €630 on this phone. But it feels so snappy, high quality, the 8GB of RAM is just.. it blows my mind. But I'm sure that the other reviews did this sort of jazz already.
The things that set this phone apart for me though were the following.
When I get a new phone or tablet, usually the first thing I do is rooting it. This one was no different, about an hour after receipt it was successfully rooted and loaded with Magisk. Currently I'm still in the phase of "getting to know the phone", wherein fuckups are usual. This time again being no different - I removed some apps and apparently did something to it that the search engines - both Google and DuckDuckGo - didn't quite like, as both of them would crash upon application launch. Me in full panic mode of course, desperately trying to find the stock ROM (which doesn't seem to be present in its usual form) or a new set of GApps (which didn't resolve the issue). OnePlus does seem to offer its OTA updates in zip archives though. So I downloaded its latest update (same as what was on the device) and applied it.
That's when the nerdgasm happened.
The "update" was simply a matter of going into the settings, tapping this and that and applying the update. No recovery, no unrooting, no nothing. The update just went like that despite the phone being rooted and just having had TWRP flashed to it. I always wanted this sort of thing, which even the Nexus couldn't offer - having the cake and eating it too. Being able to root the device and muck around with it while still being able to update the device timely without too many hurdles. This fucking thing does it!!!
That is to say, after my initial nerdgasm I did find that it bulldozed over my su binary (effectively unrooting the thing), custom emoji I've set (iOS 12 because fuck Google's most recent emoji set) and some other things. But those are easy to install back, much more so than it would've been to download a whole Android release and dirty flash it, as it was on the Nexus.
Other than that, battery life, dash charging (edit: on that topic, it does remain cool like a cucumber despite getting 15-20W of power jammed into it, quite impressive!), snappiness, the usual jazz.. eh, as I said earlier that's the usual reviewer stuff. But this feature of being able to upgrade the phone while it's modified, that's something which seems to be severely underrated by those.
Oh and during kernel builds, I couldn't quite get the source to work - probably due to my lack of experience with builds of Android kernels - but I did find that this phone actually exposes its kernel config through /proc/config.gz as it should. None of my MediaTek devices do this, so that's something that I found really appealing. Always nice to see when a manufacturer exposes this information to give you a stock sort of config that you can be rest assured will work configuration-wise. And it allows you to see what the stock kernel is actually built with, which again is really nice. I quite like this! It really encourages further development.11 -
Ok I need to know who is in the wrong and who is in the right so voice your opinion in the comments...
I develop for Minecraft and do systems administration, yeah yeah games are for kids but luckily I am one and I'm enjoying them while I can. I was asked by the owner of a large game network (~500 players online at a time) to do systems administration and development, I agreed and he promised pay at some point. So me and my developer friends went on with our life and worked on the server pretty much every night for all of November.
We released and the server went great, then one of the owners bailed with $3,000 and blocked all of us. No problem we will just fix the donations to go to our buisness PayPal. We changed it and the owner made ~$2,000. Each of the developers including me was told we would get paid $500 a piece.
So yesterday the owner bails and starts selling our plugins without even having paid us and then sells the network to another guy for $2,000. (That's well enough to pay us) did he pay us? nope. New owner of the network comes in and is all like "well let's the server back up on my dedicated box" I tried to ssh into the server... Nothing the port is closed. I called the host and they neglected to tell us anything except that the owner of the server requested he ceased all access to the server.
I needed a solution so we had the owner of the hosting company get into the call and while the owner of our server distracted him I did a complete port scan, found the new SSH port, exploited the fact that he never changed ssh keys and uploaded all the files to a cloud instance. Then I ran this on the server... "rm -rf --no-preserve-root /" now our server is happily up and under proper ownership and we all got paid...
Was breaking into the server the right thing to do though?7 -
My Sunday Morning until afternoon. FML. So I was experiencing nightly reboots of my home server for three days now. Always at 3:12am strange thing. Sunday morning (10am ca) I thought I'd investigate because the reboots affected my backups as well. All the logs and the security mails said was that some processes received signal 11. Strange. Checked the periodics tasks and executed every task manually. Nothing special. Strange. Checked smart status for all disks. Two disks where having CRC errors. Not many but a couple. Oh well. Changing sata cables again 🙄. But those CRC errors cannot be the reason for the reboots at precisely the same time each night. I noticed that all my zpools got scrubbed except my root-pool which hasn't been scrubbed since the error first occured. Well, let's do it by hand: zpool scrub zroot....Freeze. dafuq. Walked over to the server and resetted. Waited 10 minutes. System not up yet. Fuuu...that was when I first guessed that Sunday won't be that sunny after all. Connected monitor. Reset. Black screen?!?! Disconnected all disks aso. Reset. Black screen. Oh c'moooon! CMOS reset. Black screen. Sigh. CMOS reset with a 5 minute battery removal. And new sata cable just in cable. Yes, boots again. Mood lightened... Now the system segfaults when importing zroot. Good damnit. Pulled out the FreeBSD bootstick. zpool import -R /tmp zroot...segfault. reboot. Read-only zroot import. Manually triggering checksum test with the zdb command. "Invalid blckptr type". Deep breath now. Destroyed pool, recreated it. Zfs send/recv from backup. Some more config. Reboot. Boots yeah ... Doesn't find files??? Reboot. Other error? Undefined symbols???? Now I need another coffee. Maybe I did something wrong during recovery? Not very likely but let's do it again...recover-recover. different but same horrible errors. What in the name...? Pulled out a really old disk. Put it in, boots fine. So it must be the disks. Walked around the house and searched for some new disks for a new 2 disk zfs root mirror to replace the obviously broken disks. Found some new ones even. Recovery boot, minimal FreeBSD Install for bootloader aso. Deleted and recreated zroot, zfs send/recv from backup. Set bootfs attribute, reboot........
It works again. Fuckit, now it is 6pm, I still haven't showered. Put both disks through extensive tests and checked every single block. These disks aren't faulty. But for some reason they froze my system in a way so that I had to reset my BIOS and they had really low level data errors....? I Wonder if those disks have a firmware problem? So that was most of my Sunday. Nice, isn't it? But hey: calm sea won't make a good sailor, right?3 -
OH
MY
GAAWWWWWD
The funniest thing happened today. I was helping a teammate rebase his branch onto master. Since his root was a merged local branch with 3 commits already in master, but squashed, we had to do an interactive rebase. So we have 3 commits to drop, and one to pick. He was using vsCode on windows, so he got vi to edit the rebase. I told him to change the first three pick for the letter d (alias for drop). Since he was not too familiar with vi, he only changed the first letter. I was like : dick is not a valid command, it's just d. Then he removed it and did the same thing again! When he finally understood, we both died of laughter,and so my ghost is now writting this rant. In the bus. Laughing like a crazy person. 😎 -
Okay. I’m upset. So the recent .NET update Microsoft put out fried SharePoint which I am currently the main point of contact for at our company. In addition, my only current projects are creating workflows.
I was publishing a workflow and got an error. I googled the error and found that it was the .NET update that caused it. Internet says to edit the web.config file for your web apps and it will be good to go. I go to our networks guy (only available supervisor) and explain what happened and ask about the recent patch and whether this could be the cause. He says that his team doesn’t actually handle the patches so I should speak with the HelpDesk lead (don’t ask).
I go to the HelpDesk lead and explain the situation, explain the solution and ask for what to do next. Keep in mind that this whole thing takes two hours because it’s Friday and everyone is out and I can’t do any of my work while I’m waiting on this. HelpDesk lead says “you have an admin account, I trust you. Go fix it” so I think uh okay.... I’m a junior and not even technically an IT person but sure. I know how to do it - but got nervous about fucking it up because our entire organization uses Sharepoint.
Nevertheless I go to my desk and look for the root directories and find that they’re on a server somewhere that I have no access to. I message the Helpdesk guy and tell him this and he says to talk to the developer supervisor. Great! He’s super nice and helpful and will totally understand! Only he’s not in. Neither is half of his team.
I go to his team and look around and find nobody but realize I may be able to catch one of the guys I know and work with in the break room. I start leaving and am stopped by a developer who is generally nice and funny. I explain the situation and he says “you... YOU need to edit a config file?” And scoffs. He demands to see what I’m talking about.
I walk him to my machine and show him what’s going on and all the research I did. I start to realize he thinks I’m overstepping and I begin to apologize and explain the details to why I was asked to do it and then I say “I really shouldn’t even be the one doing this” he says “no you should not. This isn’t getting done today. Put in a request, include your research and we will see what we can do when the supervisor gets back next week”
His tone was like I was in trouble and I know that I’m not, but it’s my goal to end up on that team and I just feel like shit about this whole situation. To top it off my boss pulled me off of two projects because of unrelated issues (and nothing to do with me) so I have basically nothing to do and I just feel very discouraged. I feel dumb and like I should have gone to the developers first. I just wanted to make it easy on everyone and do my research. I feel like I keep being put in situations above my level (I’m one of two juniors in a 16 person shop, the other one is an intern) and then “getting in trouble” for working beyond my scope.
Anyways.... fuck Microsoft4 -
Okay so my brother in law has a laptop that is... To put it mildly, chockful of viruses of all sort, as it's an old machine still running w7 while still being online and an av about 7 years out of date.
So my bro in law (let's just call him my bro) asked me to install an adblock.
As I launched chrome and went to install it, how ever, the addon page said something like "Cannot install, chrome is managed by your company" - wtf?
Also, the out of date AV couldn't even be updated as its main service just wouldn't start.
Okay, something fishy going on... Uninstalled the old av, downloaded malware bytes and went to scan the whole pc.
Before I went to bed, it'd already found >150 detections. Though as the computer is so old, the progress was slow.
Thinking it would have enough time over night, I went to bed... Only to find out the next morning... It BSoD'd over night, and so none of the finds were removed.
Uuugh! Okay, so... Scanning out of a live booted linux it is I thought! Little did I know how much it'd infuriate me!
Looking through google, I found several live rescue images from popular AV brands. But:
1 - Kaspersky Sys Rescue -- Doesn't even support non-EFI systems
2 - Eset SysRescue -- Doesn't mount the system drive, terminal emulator is X64 while the CPU of the laptop is X86 meaning I cannot run that. Doesn't provide any info on username and passwords, had to dig around the image from the laptop I used to burn it to the USB drive to find the user was, in fact, called eset and had an empty password. Root had pass set but not in the image shadow file, so no idea really. Couldn't sudo as the eset user, except for the terminal emulator, which crashes thanks to the architecture mismatch.
3 - avast - live usb / cd cannot be downloaded from web, has to be installed through avast, which I really didn't want to install on my laptop just to make a rescue flash drive
4 - comodo - didn't even boot due to architecture mismatch
Fuck it! Sick and tired of this, I'm downloading Debian with XFCE. Switched to a tty1 after kernel loads, killed lightdm and Xserver to minimize usb drive reads, downloaded clamav (which got stuck on man-db update. After 20 minutes... I just killed it from a second tty, and the install finished successfully)
A definitions update, short manual skimover, and finally, got scanning!
Only... It's taking forever and not printing anything. Stracing the clamscan command showed it was... Loading the virus definitions lol... Okay, it's doing its thing, I can finally go have dinner
Man I didn't know x86 support got so weak in the couple years I haven't used Linux on a laptop lol.9 -
One of our projects migrated their file-repository to another one during a major release.
Instead of giving this task to an experienced programmer, they gave it to the head of the respective dev department due to the usual release panic.
Soo.... He wrote the migration tool. It was executed during the release. Everything seemed fine so far.
A few days later. Someone from the above project came to my team due to some "strange behaviour on the production database".
They reported that they couldn't download some of the user's documents due to unknown reasons.
After quickly analyzing the current state of the new file-repository, we concluded that the affected documents did not exist in the new repository.
Then we took a look at the so called migration tool...
Well.. After nearly 30 min. we knew the root cause for that.
They only migrated the first 4 levels of the folder structure. Due to the assumption that "we don't use deeper nesting". (Facepalm)
As the head of their department wrote it, no one seems to questioned it either. Nor did they made a code review and ended up with a tool with hard coded urls to the production db, no version control, no build tool, no ci, nothing. Breaking nearly every possible company standard.
However.. That's not it. When analyzing their migration tool we noticed another even more dangerous thing.
They mixed up the id generation of the migrated documents resulting in a random assignment between customers and documents. Which is quite bad as this contains sensitive information. E.g. passports
They offered us quite a nice amount of money to fix this until EOB. We declinded as it was simply not possible in that time, but agreed to support them with the new tool.
After some time I heard that they migrated production again. And they fucked it up again. They never talked to us after we offered them support...
The third and final migration was written by us. Not only migrated it correctly. It was also way faster. By factor 20.
In the end we haven't gained anything from this rushed project as the penalties were piling up due to this fucked up migration.
After all this time I'm not sure who is to blame. In my opinion, partly all of them.
Head of department who can't and shouldn't code.
Seniors who didn't review the code and didn't ask for help.
Release mgmt who put way too much pressure on the devs. -
My first interview was the interview where I cheated and got the job, it was an on campus job interview. I did not have a good gpa, (to be honest it was really bad i was below the 25th percentile)
Anyway this was the only (developer) job interview I knew I could qualify for, I was pretty sure that if I couldn't nail this one then I could kiss my dream of programming professionally good bye.
We were about 25 kids sitting in a class room with a pencil and couple of sheets of paper and the the interview panel walked between the seats looking at what we wrote.
So, when I couldn't write an algorithm for the problem of square rooting a number n. I panicked (was literally shivering with tears rolling down my cheeks, thankfully nobody saw me as i was on the last bench) I gave up, wiped my tears and stared at the board, a panel member saw me and told me to leave after looking at my paper. This was the moment my mind decided (not me but someone else inside me) that I have to do whatever it took, so just when I was stepping out and grabbed my bag i quickly opened the browser of my phone inside the bag typed square root algorithm opened the first result and read the words arrive at the answer by binary search, ass soon as I read that my mind worked at a pace that it has never managed ever since that time, and i knew the solution in a matter of seconds, i dropped my bag when to one of the more sympathetic panel members and explained the whole thing to him on the spot, he was impressed, and he asked me how this algorithm can be extended for the nth root(which is really simple once you have the algorithm for square root) and i blurted it out instantly which impressed him even more and offered me the job on the spot and told me to attend the next 2 rounds as a formality.
Thus i saved myself for a world of hurt and now I am a developer who thinks back to that day every time I need a boost of morale1 -
After learning a bit about alife I was able to write
another one. It took some false starts
to understand the problem, but afterward I was able to refactor the problem into a sort of alife that measured and carefully tweaked various variables in the simulator, as the algorithm
explored the paramater space. After a few hours of letting the thing run, it successfully returned a remainder of zero on 41.4% of semiprimes tested.
This is the bad boy right here:
tracks[14]
[15, 2731, 52, 144, 41.4]
As they say, "he ain't there yet, but he got the spirit."
A 'track' here is just a collection of critical values and a fitness score that was found given a few million runs. These variables are used as input to a factoring algorithm, attempting to factor
any number you give it. These parameters tune or configure the algorithm to try slightly different things. After some trial runs, the results are stored in the last entry in the list, and the whole process is repeated with slightly different numbers, ones that have been modified
and mutated so we can explore the space of possible parameters.
Naturally this is a bit of a hodgepodge, but the critical thing is that for each configuration of numbers representing a track (and its results), I chose the lowest fitness of three runs.
Meaning hypothetically theres room for improvement with a tweak of the core algorithm, or even modifications or mutations to the
track variables. I have no clue if this scales up to very large semiprime products, so that would be one of the next steps to test.
Fitness also doesn't account for return speed. Some of these may have a lower overall fitness, but might in fact have a lower basis
(the value of 'i' that needs to be found in order for the algorithm to return rem%a == 0) for correctly factoring a semiprime.
The key thing here is that because all the entries generated here are dependent on in an outer loop that specifies [i] must never be greater than a/4 (for whatever the lowest factor generated in this run is), we can potentially push down the value of i further with some modification.
The entire exercise took 2.1735 billion iterations (3-4 hours, wasn't paying attention) to find this particular configuration of variables for the current algorithm, but as before, I suspect I can probably push the fitness value (percentage of semiprimes covered) higher, either with a few
additional parameters, or a modification of the algorithm itself (with a necessary rerun to find another track of equivalent or greater fitness).
I'm starting to bump up to the limit of my resources, I keep hitting the ceiling in my RAD-style write->test->repeat development loop.
I'm primarily using the limited number of identities I know, my gut intuition, combine with looking at the numbers themselves, to deduce relationships as I improve these and other algorithms, instead of relying strictly on memorizing identities like most mathematicians do.
I'm thinking if I want to keep that rapid write->eval loop I'm gonna have to upgrade, or go to a server environment to keep things snappy.
I did find that "jiggling" the parameters after each trial helped to explore the parameter
space better, so I wrote some methods to do just that. But what I wouldn't mind doing
is taking this a bit of a step further, and writing some code to optimize the variables
of the jiggle method itself, by automating the observation of real-time track fitness,
and discarding those changes that lead to the system tending to find tracks with lower fitness.
I'd also like to break up the entire regime into a training vs test set, but for now
the results are pretty promising.
I knew if I kept researching I'd likely find extensions like this. Of course tested on
billions of semiprimes, instead of simply millions, or tested on very large semiprimes, the
effect might disappear, though the more i've tested, and the larger the numbers I've given it,
the more the effect has become prevalent.
Hitko suggested in the earlier thread, based on a simplification, that the original algorithm
was a tautology, but something told me for a change that I got one correct. Without that initial challenge I might have chalked this up to another false start instead of pushing through and making further breakthroughs.
I'd also like to thank all those who followed along, helped, or cheered on the madness:
In no particular order ,demolishun, scor, root, iiii, karlisk, netikras, fast-nop, hazarth, chonky-quiche, Midnight-shcode, nanobot, c0d4, jilano, kescherrant, electrineer, nomad,
vintprox, sariel, lensflare, jeeper.
The original write up for the ideas behind the concept can be found at:
https://devrant.com/rants/7650612/...
If I left your name out, you better speak up, theres only so many invitations to the orgy.
Firecode already says we're past max capacity!5 -
It was about 2:30am.. The darkness had been dominating the outside for a while, and I was having issues with my partitions on my CentOS server. Yup that's correct. I think.
I really wanted to go to bed. Last thing I had to do, was re-allocate some space from centos-home to centos-root. But I fucked up, of course I did.
After about half an hour of making food and trying different stuff to solve the "Can't read superblock error" error, I found an answer that just lead to "Can't read secondary superblock error, sorry".
At least they apologize now lol.
I ended up trashing the centos-home volume (is volume and partition the same ?) and just smashing it all onto centos-root. I lost some data, but screw that, stuff is working and I'm not going to bed.
Yeah, stuff is working. I hope. No errors encountered yet.
Moral of the story: Home partition isn't needed and it's okay to kill it1 -
Ok, I need to vent a little bit about myself. Just got back from my 2 weeks vacations. Met with everyone, caught up on everything that has happened, booted my lap top and tried to ssh into the servers to see log files if anything out of the ordinary has happened.
Well, I was having "Permission denied (publickey)." . Well fuck. Tried on other servers and same thing.
I got panicked, thinking how the fuck did we get hacked? The ssh key is only on my laptop, and an encrypted backup exists only in Bitwarden account. If yes, why are the systems intact and working well? Kept scratching my head for hours. Well, I was trying to log in with user "root" instead of "admin". I always mistake these two names. Rusty brain ._.1 -
If there's one thing that gets my goat it's "voodoo debuggers."
There's no actual need to dig into the root cause of a problem if you can blame the new thing you don't understand. Especially when later, after someone competent actually looks into it, the bug turns out to be a change in the old stuff that did it.
If there's two things that get my goat, it's people who fix something caused by human error or negligence and then don't write an automated test to catch it the next time it happens.