Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "school security"
-
Got caught using linux terminal by school security. They took my laptop away and drove me across campus in their security carts to take me to the office.
It took a long time to explain that I wasn't maliciously hacking the school.
This is the third time I've been in trouble for tech-related activity.
On the bright side, one of the security guards said, "I'm done dealing with teenagers. Next time I won't work for a high school."
I think he's going to quit. :)13 -
My little brother (still in school , learning security and pen testing): i found a bug in a website , it returns an xml file instead of the web page , i reported it to them and i think i'm gonna get rewarded like 2k $ for it .
Me : cool ! Show me .
Him : shows me his phone ...
Me : wait , gotta rant this .9 -
Lads, I will be real with you: some of you show absolute contempt to the actual academic study of the field.
In a previous rant from another ranter it was thrown up and about the question for finding a binary search implementation.
Asking a senior in the field of software engineering and computer science such question should be a simple answer, specifically depending on the type of job application in question. Specially if you are applying as a SENIOR.
I am tired of this strange self-learner mentality that those that have a degree or a deep grasp of these fundamental concepts are somewhat beneath you because you learned to push out a website using the New Boston tutorials on youtube. FOR every field THAT MATTERS a license or degree is hold in high regards.
"Oh I didn't go to school, shit is for suckers, but I learned how to chop people up and kinda fix it from some tutorials on youtube" <---- try that for a medical position.
"Nah it's cool, I can fix your breaks, learned how to do it by reading blogs on the internet" <--- maintenance shop
"Sure can write the controller processing code for that boing plane! Just got done with a low level tutorial on some websites! what can go wrong!"
(The same goes for military devices which in the past have actually killed mfkers in the U.S)
Just recently a series of people were sent to jail because of a bug in software. Industries NEED to make sure a mfker has aaaall of the bells and whistles needed for running and creating software.
During my masters degree, it fucking FASCINATED me how many mfkers were absolutely completely NEW to the concept of testing code, some of them with years in the field.
And I know what you are thinking "fuck you, I am fucking awesome" <--- I AM SURE YOU BLOODY WELL ARE but we live in a planet with billions of people and millions of them have fallen through the cracks into software related positions as well as complete degrees, the degree at LEAST has a SPECTACULAR barrier of entry during that intro to Algos and DS that a lot of bitches fail.
NOTE: NOT knowing the ABSTRACTIONS over the tools that we use WILL eventually bite you in the ASS because you do not fucking KNOW how these are implemented internally.
Why do you think compiler designers, kernel designers and embedded developers make the BANK they made? Because they don't know memory efficient ways of deploying a product with minimal overhead without proper data structures and algorithmic thinking? NOT EVERYTHING IS SHITTY WEB DEVELOPMENT
SO, if a mfker talks shit about a so called SENIOR for not knowing that the first mamase mamasa bloody simple as shit algorithm THROWN at you in the first 10 pages of an algo and ds book, then y'all should be offended at the mkfer saying that he is a SENIOR, because these SENIORS are the same mfkers that try to at one point in time teach other people.
These SENIORS are the same mfkers that left me a FUCKING HORRIBLE AND USELESS MESS OF SPAGHETTI CODE
Specially to most PHP developers (my main area) y'all would have been well motherfucking served in learning how not to forLoop the fuck out of tables consisting of over 50k interconnected records, WHAT THE FUCK
"LeaRniNG tHiS iS noT neeDed!!" yes IT fucking IS
being able to code a binary search (in that example) from scratch lets me know fucking EXACTLY how well your thought process is when facing a hard challenge, knowing the basemotherfucking case of a LinkedList will damn well make you understand WHAT is going on with your abstractions as to not fucking violate memory constraints, this-shit-is-important.
So, will your royal majesties at least for the sake of completeness look into a couple of very well made youtube or book tutorials concerning the topic?
You can code an entire website, fine as shit, you will get tested by my ass in terms of security and best practices, run these questions now, and it very motherfucking well be as efficient as I think it should be(I HIRE, NOT YOU, or your fucking blog posts concerning how much MY degree was not needed, oh and btw, MY degree is what made sure I was able to make SUCH decissions)
This will make a loooooooot of mfkers salty, don't worry, I will still accept you as an interview candidate, but if you think you are good enough without a degree, or better than me (has happened, told that to my face by a candidate) then get fucking ready to receive a question concerning: BASIC FUCKING COMPUTER SCIENCE TOPICS
* gays away into the night53 -
Navy story time again. Grab that coffee and fire up Kali, the theme is security.
So, when I got promoted to Lieutenant Jr. I had to attend a 1-year school inside my nostalgic Naval Academy... BUT! I was wiser, I was older... and I was bored. Like, really bored. What could go wrong? Well, all my fellow officers were bored too, so they started downloading/streaming/torrenting like crazy, and I had to wait for hours for the Kali updates to download, so...
mdk3 wlan0mon -d
I had this external wifi atheros card with two antennae and kicked all of them off the wifi. Some slightly smarter ones plugged cables on the net, and kept going, enjoying much faster speeds. I had to go to the bathroom, and once I returned they had unplugged the card. That kind of pissed me off, since they also thought it would be funny to hide it, along with the mouse.
But, oh boy, they had no idea what supreme asshole I can be when I am irked.
So, arpspoof it is. Turns out, there were no subnetworks, and the broadcast domain was ALL of the academy. That means I shut EVERYONE off, except me. Hardware was returned in 1 minute with the requested apologies, but fuck it, I kept the whole academy off the net for 6 hours. The sysadmin ran around like crazy, because nothing was working. Not even the servers.
I finally took pity on the guy (he had gotten the duties of sysadmin when the previous sysad died, so think about that) and he almost assaulted me when I told him. As it turned out, the guy never had any training or knowledge on security, so I had to show him a few things, and point him to where he could study about the rest. But still, some selective arp poison on select douchebags was in order...
Needless to say, people were VERY polite to me after that. And the net speed was up again, so I got bored. Again. So I started scanning the net.
To be continued...3 -
It was fun to watch my entire high school (~1200 people) freak out when I ran "net send * Big brother is watching you..." on what I found to be an insecure computer in my high school's library. Every single computer in the building displayed the pop up message. The town's IT director even showed up to figure out what happened.
I was caught, but they were more happy it wasn't a hacker, and that I discovered that the IT firm the town hired totally botched properly implementing network security, so I was let off the hook.5 -
So just recently my school blocked the following for unknown reasons websites
Github
Gitlab
Amazons aws
stack exchange
Bitbucket
Heroku
The hacker news
DuckDuckGo
The Debian package repositories yea all of em
And all domains that end in .io
Now some of you out there are probably just saying "well just use a vpn" the answer to that is I can't the only device I have a locked down school iPad can't install apps cannot delete apps cannot change vpn or proxy setting's I cannot use Safari private tab they have google safe search restricted to "on" they even have "safari restricted mode which lets safari choose what it wants to block" and even when I'm on my home wifi it's s still blocked as they use Cisco security connector THIS IS HELL
Also this is my first post :)30 -
My wife was going to school for a business degree but likes what I do as an engineer. She spent a month or so debating engineering or information security.
Yesterday she changed to a degree in information security.
Today she opens a GitHub and starts learning to program and I'm in love all over again.7 -
Alias coworker = high school classmate
This kid wore a trench coat to school every single day and I guess he had a chronic masturbation problem because the guy was caught 3 different times IN CLASS jerking off.
Most people would catch a sexual harassment / indecent exposure / public masturbation charge, but this kid was breaking all these national math competition records and was working with a local university doing research and had a 4.5+ GPA (in high school in U.S. that's possible) so the school decided to do 2 things.
1. Not punish the kid, and in fact nothing of this was ever put on any record at all.
2. Write him a note from school administrators saying that this student can leave class whenever he would like no questions asked, and that the teacher must notify the office so they could send a security guard in order for this masturbation obsessed student to literally occupy a bathroom as his jerk off chamber uninterrupted.
So if in the past 6-7 years you've been in a high caliber university studying computer science and there was a kid in a trench coat "feeding some geese" near you, you can thank my high school.6 -
Sooooo me and the lead dev got placed in the wrong job classification at work.
Without sounding too mean, we are placed under the same descriptor and pay scale reserved for secretaries, janitors and the people that do maintenance at work(we work for a college as developers) whilst our cowormer who manages the cms got the correct classification.
The manager went apeshit because the guidelines state that:
Making software products
Administration of dbs
Server maintenance and troubleshooting
Security (network)
And a lot of shit is covered on the exemption list and it is things that we do by a wide fucking margin. The classification would technically prohibit us from developing software and the whole it dptmnt went apeshit over it since he(lead developer) refuses (rightfully so) to touch anything and do basically nothing other than generate reports.
Its a fun situation. While we both got a substantial raise in salary(go figure) we also got demoted at the same time.
There is a department in IT which deals with the databases for other major applications, their title is "programmers" yet for some reason me and the lead end up writing all the sql code that they ever need. They make waaaaay more money than me and the lead do, even in the correct classification.
Resolution: manager is working with the head of the department to correct this blasphemy WHILE asking for a higher pay than even the "programmers"
I love this woman. She has balls man. When the president of the school paraded around the office asking for an update on a high priority app she said that I am being gracious enough to work on it even though i am not supposed to. The fucking prick asked if i could speed it up to where she said that most of my work I do it on my off time, which by law is now something that I cannot do for the school and that she does not expect any of her devs to do jack shit unless shit gets fixed quick. With the correct pay.
Naturally, the president did not like such predicament and thus urged the HR department(which is globally hated now since they fucked up everyone's classification) to fix it.
Dunno if I will get above the pay that she requested. But seeing that royal ammount of LADY BALLS really means something to me. Which is why i would not trade that woman for a job at any of my dream workplaces.
Meanwhile, the level of stress placed my 12 years of service diabetic lead dev at the hospital. Fuck the hr department for real, fuck the vps of the school that fucked this up royally and fuck people in this city in general. I really care for my team, and the lead dev is one of my best friends and a good developer, this shit will not fucking go unnoticed and the HR department is now in low priority level for the software that we build for them
Still. I am amazed to have a manager that actually looks out for us instead of putting a nice face for the pricks that screwed us over.
I have been working since I was 16, went through the Army, am 27 now and it is the first time that I have seen such manager.
She can't read this, but she knows how much I appreciate her.3 -
The stupid stories of how I was able to break my schools network just to get better internet, as well as more ridiculous fun. XD
1st year:
It was my freshman year in college. The internet sucked really, really, really badly! Too many people were clearly using it. I had to find another way to remedy this. Upon some further research through Google I found out that one can in fact turn their computer into a router. Now what’s interesting about this network is that it only works with computers by downloading the necessary software that this network provides for you. Some weird software that actually looks through your computer and makes sure it’s ok to be added to the network. Unfortunately, routers can’t download and install that software, thus no internet… but a PC that can be changed into a router itself is a different story. I found that I can download the software check the PC and then turn on my Router feature. Viola, personal fast internet connected directly into the wall. No more sharing a single shitty router!
2nd year:
This was about the year when bitcoin mining was becoming a thing, and everyone was in on it. My shitty computer couldn’t possibly pull off mining for bitcoins. I needed something faster. How I found out that I could use my schools servers was merely an accident.
I had been installing the software on every possible PC I owned, but alas all my PC’s were just not fast enough. I decided to try it on the RDS server. It worked; the command window was pumping out coins! What I came to find out was that the RDS server had 36 cores. This thing was a beast! And it made sense that it could actually pull off mining for bitcoins. A couple nights later I signed in remotely to the RDS server. I created a macro that would continuously move my mouse around in the Remote desktop screen to keep my session alive at all times, and then I’d start my bitcoin mining operation. The following morning I wake up and my session was gone. How sad I thought. I quickly try to remote back in to see what I had collected. “Error, could not connect”. Weird… this usually never happens, maybe I did the remoting wrong. I went to my schools website to do some research on my remoting problem. It was down. In fact, everything was down… I come to find out that I had accidentally shut down the schools network because of my mining operation. I wasn’t found out, but I haven’t done any mining since then.
3rd year:
As an engineering student I found out that all engineering students get access to the school’s VPN. Cool, it is technically used to get around some wonky issues with remoting into the RDS servers. What I come to find out, after messing around with it frequently, is that I can actually use the VPN against the screwed up security on the network. Remember, how I told you that a program has to be downloaded and then one can be accepted into the network? Well, I was able to bypass all of that, simply by using the school’s VPN against itself… How dense does one have to be to not have patched that one?
4th year:
It was another programming day, and I needed access to my phones memory. Using some specially made apps I could easily connect to my phone from my computer and continue my work. But what I found out was that I could in fact travel around in the network. I discovered that I can, in fact, access my phone through the network from anywhere. What resulted was the discovery that the network scales the entirety of the school. I discovered that if I left my phone down in the engineering building and then went north to the biology building, I could still continue to access it. This seems like a very fatal flaw. My idea is to hook up a webcam to a robot and remotely controlling it from the RDS servers and having this little robot go to my classes for me.
What crazy shit have you done at your University?9 -
Every single one of them, and every one that will come after them.
Google, it started out as 2 people in their garage, wanting to make a search engine that was better than the others. Nothing else, nothing evil. Just make the world a little bit better. And look what it's become now. A megacorporation with little to no regards for their user base. Because who cares about users anyway?
Microsoft, it started out with Bill Gates - young high school computer nerd - who wanted to make an operating system for the world to use. Something that's better than the competition. And boy did he do so. Well "better than the competition" aside, he did make it for the world to use. And the world adopted it. And look what it's become now. A megacorporation with little to no regards for their user base. Because who cares about users anyway?
See where I'm going here?
Apple, it started out with Steve Jobs and Steve Wozniak in their garage, just like Google did, wanting to make hardware that was better than the others. Nothing else, nothing evil. Just to make the world a little bit better. And look what it's become now. Planned obsolescence has been baked into it, just like it is in every other piece of technology. Quality control and thinking through the design has become a thing of the past. User choice, yeah who cares about that.
Samsung, it started out centuries ago actually, and I don't really remember the details of it.. ColdFusion has a video on it if memory serves me right. Do watch it if you're interested. Anyway, just like all the others they started out as a company which wanted to make the world a little bit better. And damn right did they do so.. initially. Look what they've become now. Forcing their stupid TouchWiz UI upon their customers (or products?), a Bixby button that can't even be reprogrammed.. and the latest thing.. Knox, advertised as a security feature, but as everyone who likes rooting their devices and mucking with it knows, it is an anti-feature that only serves for lockdown. Why shouldn't you be able to turn in a phone for RMA when a hardware error occurs, when all you've personally modified is the software? Why should changing the software blow that eFuse, so that you can be sure that you can't replace it without specialized equipment and a very steady hand?
I could go on and on forever about more of the tech giants out there, but I feel like this suffices for now. Otherwise I won't have anything else left for future rants! But one thing I know for sure. Every tech company started, starts, and will start out with a desire to make the world a better place, and once they gain a significant customer base, they will without exception turn into the same kind of Evil Megacorp., just like the ones before them. Some may say that capitalism itself is to blame for this, the greed for more when you already have a lot. Who knows? I'd rather say that the very human nature itself is to blame for it. We're by design greedy beings, and I hate it. I hate being human for that. I don't want humans to be evil towards one another, and be greedy for ever more. But I guess that that's just the way it is, and some things do actually never change...17 -
The last year my school installed MagicBoards (whiteboard with beamer that responses to touch) in every class room and called itself "ready for the future of media". What they also got is A FUCKING LOW SPEC SERVER RUNNING DEBIAN 6 W/O ANY UPDATES SINCE 2010 WHICH IS DYING CONSTANTLY.
As I'm a nice person I asked the 65 y/o technician (who is also my physics teacher) whether I could help updating this piece of shit.
Teacher: "Naahh, we don't have root access to the server and also we'll get a new company maintaining our servers in two years. And even if we would have the root access, we can't give that to a student."
My head: "Two. Years. TWO YEARS?! ARE YOU FUCKING KIDDING ME YOU RETARDED PIECE OF SHIT?! YOU'RE TELLING ME YOU DON'T HAVE TO INSTALL UPDATES EVEN THOUGH YOU CREATE AN SSH USER FOR EVERY FUCKING STUDENT SO THEY CAN LOGIN USING THEIR BIRTH DATE?! DID YOU EVER HEAR ABOUT SECURITY VULNERABILITIES IN YOUR LITTLE MISERABLE LIFE OR SOUNDS 'CVE-2016-5195' LIKE RANDOM LETTERS AND NUMBERS TO YOU?! BECAUSE - FUNFACT - THERE ARE TEN STUDENTS WHO ARE IN THE SUDO GROUP IF YOU EVEN KNOW WHAT THAT IS!"
Me (because I want to keep my good grades): "Yes, that sounds alright."13 -
My school stores everyone's username and passwords (including admins) in plain text on a Windows 2007 server that they remote desktop into.8
-
I'm working on a project with a teacher to overview the project at my school to be responsible for the confidential student data...
Teacher: How are we going to authenticate the kiosk machines so people don't need a login?
Me: Well we can use a unique URL for the app and that will put an authorized cookie on the machine as well as local IP whitelisting.
Teacher: ok but can't we just put a secret key in a text file on the C drive and access it with JavaScript?
Me: well JavaScript can't access your drive it's a part of the security protocol built into chrome...
Teacher: well that seems silly! There must be a way.
Me: Nope definately not. Let's just make a fancy shortcut?
Teacher: Alright you do that for now until I find a way to access that file.
I want to quit this project so bad4 -
The school I went to...
Grade 1:
*GTA and minecraft to let student familiarize with cheating command and console
*Student should find and read the damn documentation him/herself about items, mobs and quests in every game. Be self motivated!
Grade 2:
*Contribute to community for myth hunting, map creation and glitch
*Solve personal networking, graphics problem and understanding hardware limitation.
*Solving game compability problem after Windows update
*Introduction to cracking and hacking
Grade 3:
*Motivation to host a game server
*Custom server scripting => start To really code the first time, Perl, python, etc
*Introduction to Linux server and Debian
Grade 4:
*From DDoS to server security
*Server maintenance and GitHub
*Game Server web development
*Motivation into non-gaming discipline by a random YouTube geek
*Set up mincraft with raspberry pi and Arduino
*Switch to Linux or Mac and just dual boot for gaming
Prepared for the real world.
Congratz for the graduation in the Pre-school of Developers (11-14 yrs old) :)5 -
When I was in college, our email was on a Unix server. We would login via serial connection or telnet over the network, and get a korn shell. The server was poorly secured. Everyone's login device was world writable. So people would just see who was online, see the username of someone they wanted to mess with, take note of the pts(network) or tty(serial) device their connection used, and cat ASCII penises to it.
cat animated_dong.txt > /dev/pts/4
It was a simpler time.2 -
Long rant ahead.. so feel free to refill your cup of coffee and have a seat 🙂
It's completely useless. At least in the school I went to, the teachers were worse than useless. It's a bit of an old story that I've told quite a few times already, but I had a dispute with said teachers at some point after which I wasn't able nor willing to fully do the classes anymore.
So, just to set the stage.. le me, die-hard Linux user, and reasonably initiated in networking and security already, to the point that I really only needed half an ear to follow along with the classes, while most of the time I was just working on my own servers to pass the time instead. I noticed that the Moodle website that the school was using to do a big chunk of the course material with, wasn't TLS-secured. So whenever the class begins and everyone logs in to the Moodle website..? Yeah.. it wouldn't be hard for anyone in that class to steal everyone else's credentials, including the teacher's (as they were using the same network).
So I brought it up a few times in the first year, teacher was like "yeah yeah we'll do it at some point". Shortly before summer break I took the security teacher aside after class and mentioned it another time - please please take the opportunity to do it during summer break.
Coming back in September.. nothing happened. Maybe I needed to bring in more evidence that this is a serious issue, so I asked the security teacher: can I make a proper PoC using my machines in my home network to steal the credentials of my own Moodle account and mail a screencast to you as a private disclosure? She said "yeah sure, that's fine".
Pro tip: make the people involved sign a written contract for this!!! It'll cover your ass when they decide to be dicks.. which spoiler alert, these teachers decided they wanted to be.
So I made the PoC, mailed it to them, yada yada yada... Soon after, next class, and I noticed that my VPN server was blocked. Now I used my personal VPN server at the time mostly to access a file server at home to securely fetch documents I needed in class, without having to carry an external hard drive with me all the time. However it was also used for gateway redirection (i.e. the main purpose of commercial VPN's, le new IP for "le onenumity"). I mean for example, if some douche in that class would've decided to ARP poison the network and steal credentials, my VPN connection would've prevented that.. it was a decent workaround. But now it's for some reason causing Moodle to throw some type of 403.
Asked the teacher for routers and switches I had a class from at the time.. why is my VPN server blocked? He replied with the statement that "yeah we blocked it because you can bypass the firewall with that and watch porn in class".
Alright, fair enough. I can indeed bypass the firewall with that. But watch porn.. in class? I mean I'm a bit of an exhibitionist too, but in a fucking class!? And why right after that PoC, while I've been using that VPN connection for over a year?
Not too long after that, I prematurely left that class out of sheer frustration (I remember browsing devRant with the intent to write about it while the teacher was watching 😂), and left while looking that teacher dead in the eyes.. and never have I been that cold to someone while calling them a fucking idiot.
Shortly after I've also received an email from them in which they stated that they wanted compensation for "the disruption of good service". They actually thought that I had hacked into their servers. Security teachers, ostensibly technical people, if I may add. Never seen anyone more incompetent than those 3 motherfuckers that plotted against me to save their own asses for making such a shitty infrastructure. Regarding that mail, I not so friendly replied to them that they could settle it in court if they wanted to.. but that I already knew who would win that case. Haven't heard of them since.
So yeah. That's why I regard those expensive shitty pieces of paper as such. The only thing they prove is that someone somewhere with some unknown degree of competence confirms that you know something. I think there's far too many unknowns in there.
Nowadays I'm putting my bets on a certification from the Linux Professional Institute - a renowned and well-regarded certification body in sysadmin. Last February at FOSDEM I did half of the LPIC-1 certification exam, next year I'll do the other half. With the amount of reputation the LPI has behind it, I believe that's a far better route to go with than some random school somewhere.25 -
I had a coworker that was an Air Force pilot (99% certain he was telling the truth as I was working for a government contractor and he had security clearance so I'd be a little surprised if he fooled HR and our whole team). Thing is... He genuinely believed the earth is flat. Whenever anybody would ask "haven't you seen the curvature of the earth? Like... More than once?" He'd respond with "yes I have, what's your point?". Uh.... Okay.
Didn't help that he also was convinced cpp is the only language you ever need for any project. Like, "what if instead of building a web API and two separate native mobile app frontends (Swift/Java)... We instead build our own proprietary C++ framework that somehow runs on IOS and Android and we can also use it for our Backend instead of .Net?"
I'm not saying I love Java or Swift or that at some point I haven't thought about why we can't just use cpp in both, but you're supposed to grow out of that kind of thinking. I think every noobie or college students thinks "oh there's got to be a way". But at some point in your career you realize even if you could, it wouldn't be any easier to use and the performance gain would crazy small compared to amount of effort and you'd be playing catch up with both IOS/Android forever.
But no matter how many times we'd shoot it down, he'd keep bringing it up. And he wasn't straight out of school or something. He had like 20 years of programming experience.
I don't have a lot of memorable co-workers that were positive but honestly I think that's because usually if they're good at what they do I don't have to interact with them a bunch or spend time thinking "Jesus what am I going to have to fix next from this guy". I definitely have worked with good/great programmers, they just don't stand out as much as the shitty ones.1 -
Rant about a german problem in english
I think we as the people should just sue the german government for neglect of progress and neglect of the education system. If your not familiar with the state of german IT we have worse internetspeeds than uganda or the notoriously shitty australia, our neighbourstates look at us in disbelief while laughing in optic fibre. Our school system seperates all students after 4th grade in 3 tiers, the lowest one gives you the future perspective as a social security case. The second and highest tier require masses of useless knowledge, so called "competences"(Kompetenzen) which are totally useless skills with no real world application because they are derived from real skills, a median ground between all possible applications of that skill. And while doing that they terribly insist on doing everything the "proper" way, meaning handwritten. Most people you would expect to have basic computer literacy, meaning age 40 and below, are incapable of using basic functions of a non-smartphone computer and do not understand the slightest of what they are actually doing or supposed to do. And I mean nothing technical. Germans are the reasons they still put word as a job requirement for devjobs because this disqualifies half of our population. This leads to many people having the archaeic "we versus the machines" mentality, thinking that if they ever let the computer do parts of the job, they will then lose all of it to the machines. Thats why you never strive past basic mathematical principles in mathematics, which is a big misnomer because you never do actual mathematics, only calculating and basic calculus and statics. If you get to use your calculator, its some basic casio with no actual functionality then standard operations. And even using that is shunned upon. How is this country ever supposed to become something more than it was in the 90's, if we teach people nothing of use and kill all progress in its root.14 -
My school just tried to hinder my revision for finals now. They've denied me access just today of SSHing into my home computer. Vim & a filesystem is soo much better than pen and paper.
So I went up to the sysadmin about this. His response: "We're not allowing it any more". That's it - no reason. Now let's just hope that the sysadmin was dumb enough to only block port 22, not my IP address, so I can just pick another port to expose at home. To be honest, I was surprised that he even knew what SSH was. I mean, sure, they're hired as sysadmins, so they should probably know that stuff, but the sysadmins in my school are fucking brain dead.
For one, they used to block Google, and every other HTTPS site on their WiFi network because of an invalid certificate. Now it's even more difficult to access google as you need to know the proxy settings.
They switched over to forcing me to remote desktop to access my files at home, instead of the old, faster, better shared web folder (Windows server 2012 please help).
But the worst of it includes apparently having no password on their SQL server, STORING FUCKING PASSWORDS IN PLAIN TEXT allowing someone to hijack my session, and just leaving a file unprotected with a shit load of people's names, parents, and home addresses. That's some super sketchy illegal shit.
So if you sysadmins happen to be reading this on devRant, INSTEAD OF WASTING YOUR FUCKING TIME BLOCKING MORE WEBSITES THAN THEIR ARE LIVING HUMANS, HOW ABOUT TRY UPPING YOUR SECURITY, PASSWORDS LIKE "", "", and "gryph0n" ARE SHIT - MAKE IT BETTER SO US STUDENTS CAN ACTUALLY BROWSE MORE FREELY - I THINK I WANT TO PASS, NOT HAVE EVERY OTHER THING BLOCKED.
Thankfully I'm leaving this school in 3 weeks after my last exam. Sure, I could stay on with this "highly reputable" school, but I don't want to be fucking lied to about computer studies, I don't want to have to workaround your shitty methods of blocking. As far as I can tell, half of the reputation is from cheating. The students and sysadmins shouldn't have to have an arms race between circumventing restrictions and blocking those circumventions. Just make your shit work for once.
**On second thought, actually keep it like that. Most of the people I see in the school are c***s anyway - they deserve to have half of everything they try to do censored. I won't be around to care soon.**undefined arms race fuck sysadmin ssh why can't you just have any fucking sanity school windows server security2 -
Forgot my password at school, say so, they tell me the password. Have they never heard about security?9
-
Taking IT classes in college. The school bought us all lynda and office365 accounts but we can't use them because the classroom's network has been severed from the Active Directory server that holds our credentials. Because "hackers." (The non-IT classrooms don't have this problem, but they also don't need lynda accounts. What gives?)
So, I got bored, and irritated, so I decided to see just how secure the classroom really was.
It wasn't.
So I created a text file with the following rant and put it on the desktop of the "locked" admin account. Cheers. :)
1. don't make a show of "beefing up security" because that only makes people curious.
I'm referring of course to isolating the network. This wouldn't be a problem except:
2. don't restrict the good guys. only the bad guys.
I can't access resources for THIS CLASS that I use in THIS CLASS. That's a hassle.
It also gives me legitimate motivation to try to break your security.
3. don't secure it if you don't care. that is ALSO a hassle.
I know you don't care because you left secure boot off, no BIOS password, and nothing
stopping someone from using a different OS with fewer restrictions, or USB tethering,
or some sort malware, probably, in addition to security practices that are
wildly inconsistent, which leads me to the final and largest grievance:
4. don't give admin priveledges to an account without a password.
seriously. why would you do this? I don't understand.
you at least bothered to secure the accounts that don't even matter,
albeit with weak and publicly known passwords (that are the same on all machines),
but then you went and left the LEAST secure account with the MOST priveledges?
I could understand if it were just a single-user machine. Auto login as admin.
Lots of people do that and have a reason for it. But... no. I just... why?
anyway, don't worry, all I did was install python so I could play with scripting
during class. if that bothers you, trust me, you have much bigger problems.
I mean you no malice. just trying to help.
For real. Don't kick me out of school for being helpful. That would be unproductive.
Plus, maybe I'd be a good candidate for your cybersec track. haven't decided yet.
-- a guy who isn't very good at this and didn't have to be
have a nice day <3
oh, and I fixed the clock. you're welcome.2 -
I need advice from my coding elders:
A bit of background:
So I'm a highschooler and I have made a program for my school called Passport. It's being implemented as we speak.
Take a look:
https://github.com/poster983/...
It is basically a program that helps to manage and distribute digital Library passes. (We used to go through stacks of paper passes).
It was sorta my first major project, so it is probably filled with bugs and other security vulnerabilities. Just FYI.
_______
So a guy approached me tonight and was acting very interested in what I did. (it's literally a fancy database). He wanted my to unopen-source it and sell it to a company. (Probably his or a friend of him). I politely declined because I feel this program is
1. Not up to my standards; so if I was to sell it, I would rewrite it is something more modern like node, or Python.
2. I love open source.
3. A way for my to give back to my school and maybe help other schools.
After hearing that, he started calling opensourse a failure, and he said that I will one day be wise and write code for money (which I know I will, just I want to sell GOOD code).
My question is, how do I deal with people who want my to dich the opensourse model in the future?7 -
Two years ago, I developed an security app for Android as a school project. I didn't like teamwork at school (you know, you do all the work and everyone else is getting the same grade you receive, specially if you are the nerd of the class), actually I hated it, so I made it alone.
Its name was "Alex" and was a simple "panic button". You can configure two emergency emails and phone numbers (contacts only, not police) and, if you're in danger, you just have to press the button and the app is gonna send two messages/emails to your contacts: the first one, to tell where are you (GPS, only the name of the place) and that you're in problems. The second one with an audio/photo file of the situation.
Sounds like a great app, and I tested it few times. The reason I didn't continue with this is that I got my first job and I had not time, and that, tree or four months later, the government (of the city) launched a similar app. Less sophisticated, but I think it's still useful: "No estoy sola"(I'm not alone). I haven't tested it cause I don't trust on the authorities, I'd preffer to send my location to a friend through messenger app instead.
I don't know if I should re-work this app (I didn't released it, I just have the beta) or work on something else. I'm afraid that, if I release it, someone could die or get kidnapped because of a bug or something going wrong with the app :c What do you think?5 -
Got a math exam tomorrow but learning about it-security and pen-testing is a lot more interesting.
Building a remote for the projectors in your school can also be a source of fun :P2 -
I """""accidentally"""'" found some security holes in my school's Windows public computer setup.
Every student and teacher has a personal Active Directory, obviously they should be able to only see their own right?
oh wait the directory up button in explorer shows me all of them and I have r/w access to teacher and student ADs.
That's cool.
Also, the command prompt, Run prompt ad Explorer path bar are disabled...
...but batch scripts work.
Sweet.
Surely I can't do something dumb like--- oh, regedit's blocked but not the reg command.
They use the-- WHY IS GPEDIT NOT BLOCKED
Well what the fuck.
(All of this was responsibly handled by emailing the tech department. They have an email just for this! ...got a bounceback "this person is no longer employed at XYZ School.")6 -
This is a server in my school and I was wondering... Is it okay to have a server everyone can access? There's no key or other security need to the room needed.17
-
I tweeted a silly story about how I accidentally hacked my principal's email account when I was in middle school. (Yes, I did say "accidentally". The school network's security was that bad.)
Within minutes I had four replies telling me to contact people on Instagram to get my hacked account back. I guess I said the magic words and triggered some bots.
https://twitter.com/EmberQuill/...4 -
!rant but help?
I currently have Kali (for labs I'm working on to teach myself the things I didn't learn in school), Ubuntu (downloaded for school), and Fedora (downloaded for my database class)... other than Kali already having Metasploit in it, I don't see a difference between these and I know there are more versions of Linux.
What would be a good starting place for every day use, that'll support Citrix receiver (required for work no idea what its requirements are but I can find out, if i can't use it in Linux, I'll dual boot) and virtual box (or other virtual software, don't mind learning new systems), and that i can also have room to grow for security learning?18 -
I found this old printout of my username and password for my school account from ca 2008. I really like how the password are the same as the username except for some capitalization 😂😅
“sECurItY”10 -
School's windows installations had the UAC set to lowest.
Anyone could install malware or fiddle with important settings.
Oh by the way, the same school who's gData found it funny to go through my USB drive and delete all executables and all my code because it was "possibly malicious".
Started installing random crap and messing with people in retaliation.
Was fun.
Until I got caught.
Good thing I compiled a list of security flaws earlier on.
From that day on, everytime I messed up, I sold them two security vulnerabilites to let me off the hook.
These included access to all kinds of drives in the windows network, accessing other PCs desktop, literally uninstalling random printers from the network etc..
Fun time.3 -
The security on my school computers is a joke.
The standard student accounts have no user rights, but the "guest" account has admin rights???
The teachers private data is not secured, it's just hidden from explorer, so if you manually type in the folder location into the explorer bar, you can access the teacher's data. Not to mention everything is running on Windows 7 machines from 10 years ago.1 -
Rant
So a couple months ago, my dad called me to try and solve a problem he was having in his work.
You see, my dad owns a driving school and he was teaching 14 and 15yo kids how to ride mopeds and their theory exams are made in the school's facility, by going to this website of the entity that rules the moped teaching thing. When the time to have the exams came, they couldn't even see the exams and one of the kids had one of his attempts wasted (they had 3 attempts). We mailed and called the entity multiple times, to no avail, as they told us to "check the website, the instructions are all there". They were also trying to get it together but they couldn't. Here's the "funny" part: the software in which the exams were done ran on XP and there was no way in hell we could make it work on our W10 PCs. Not to mention this is a natiowide problem.
We reinstalled Java to v.7.9 (I think...?) as the "instructions" told us, with no results whatsoever.
So my dad decided to call me and asked me to bring a PC that didn't run W10. The closest thing to XP I could think of was my uncle's Toshiba, that had Vista, so I went to his house and grabbed it and drove to my dad's school. Even in compatibility mode, it didn't work. Everyone was in despair LoL. I was even put on the phone with the entity's technician, who didn't know how to solve it either but was trying, as well with our tech guy.
After a bit of running around and crying inside, our secretary remembered we still had a tower on site that ran XP. We went for the thing and connected it and booted it up. After reinstalling Java and setting security to "medium" (required), and meddling with zoom (the window was too small to show the whole exam and if the window showed up before we set the zoom to 75% or so we couldn't choose the answers) it was finally set to do the exams.
I've never felt so relieved for solving tech stuff LoL. It took me 3h to get it done and I feel it would have been easier if we had remembered about the tower earlier but oh well what can one do.8 -
Network Security at it's best at my school.
So firstly our school has only one wifi AP in the whole building and you can only access Internet from there or their PCs which have just like the AP restricted internet with mc afee Webgateway even though they didn't even restrict shuting down computers remotely with shutdown -i.
The next stupid thing is cmd is disabled but powershell isn't and you can execute cmd commands with batch files.
But back to internet access: the proxy with Mcafee is permanently added in these PCs and you don't havs admin rights to change them.
Although this can be bypassed by basically everone because everyone knows one or two teacher accounts, its still restricted right.
So I thought I could try to get around. My first first few tries failed until I found out that they apparently have a mac adress wthitelist for their lan.
Then I just copied a mac adress of one of their ARM terminals pc and set up a raspberry pi with a mac change at startup.
Finally I got an Ip with normal DHCP and internet but port 80 was blocked in contrast to others like 443. So I set up an tcp openvpn server on port 443 elsewhere on a server to mimic ssl traffic.
Then I set up my raspberry pi to change mac, connect to this vpn at startup and provide a wifi ap with an own ip address range and internet over vpn.
As a little extra feature I also added a script for it to act as Spotify connect speaker.
So basically I now have a raspberry pi which I can plugin into power and Ethernet and an aux cable of the always-on-speakers in every room.
My own portable 10mbit/s unrestricted AP with spotify connect speaker.
Last but not least I learnt very many things about networks, vpns and so on while exploiting my schools security as a 16 year old.8 -
Installs Ubuntu 16.04
Try to put my favorite software installed.
Reboot failed, drops to BusyBox shell.
Me thinking : I fucked up.
Friend walks by, couldn't read shit.
Friend: Look at his kid, he's trying to hack into someone's computer.
Me: (Agrees just for reputation) Yeah, damn teachers been giving me bad grades.
Friend: Could you help me too?
Me: (Don't have hacking experience, making shit up) NO, because your not my best friend. And school security is hard to crack.
Got away safely1 -
tldr; Windows security sucks. You as a org-admin cant do anything about it. Encrypt your device. Disable USB Live boot in the bios and protect it with a STRONG password.
First of i just want to say that i DO NOT want to start the good ol' Linux VS Windows debate. I'm just ranting about Windows Security here...
Second, here's why i did all of this. I did all of this mainly becuase i wanted to install some programs on my laptop but also to prove that you can't lock down a Windows pc. I don't recomend doing this since this is against the contract i signed.
So when i got my Laptop from my school i wanted to install some programs on it, sush as VS Code and Spotify. They were not avalible in the 'Software Center' so i had to find another way. Since this was when we still used Windows 7 it was quite easy to turn sticky keys in to a command prompt. I did it this way (https://github.com/olback/...). I decided to write a tutorial while i was at it becuase i didn't find any online using this exact method. I couldn't boot from a USB cause it's disabled in the bios wich is protected by a password. Okey, Sticky keys are now CMD. So let's spam SHIFT 5 times before i log in? Yeah, thanks for the command promt. Running 'whoami' returned 'NT SYSTEM'. Apparantly NT System has domain administator rights wich allowed me to make me an Administrator on the machine. So i installed Everything i wanted, Everything was fine untill it was time to migrate to a new domain. It failed of course. So i handed my Laptop to the IT retards (No offense to people working in IT and managing orgs) and got it back the day after, With Windows 10. Windows 10 is not really a problem, i don't mind it. The thing is, i can't use any of the usual Sticky keys to CMD methods since they're all fixed in W10. So what did i do? Moved the Laptop disk to my main PC and copied cmd.exe to sethc.exe. And there we go again. CMD running as NT System on Windows 10. Made myself admin again, installed Everything i needed. Then i wanted to change my wallpaper and lockscreen, had to turn to PowerShell for this since ALL settings are managed by my School. After some messing arround everything is as i want it now.
'Oh this isnt a problem bla bla bla'. Yes, this is a problem. If someone gets physical access your PC/Laptop they can gain access to Everything on it. They can change your password on it since the command promt is running as NT SYSTEM. So please, protect your data and other private information you have on your pc. Encypt your machine and disable USB Live boot.
Have a good wekend!
*With exceptions for spelling errors and horrible grammar.4 -
So someone decides that the employees need to do these stupid Web-based training's that not even high school kids should be looking into.
What is about ?
Security and Cryptography, and now event the real stuff.
What it covers?
Alice and Bob, Bob and Alice.
Alice wants Bob some pics/messages that she suspects someone else will see. DDDDDDAAAAAAAFFFFFFFAAAAAAAAAKKKKKK
A total of 7 useless time wasting interactive and annoying training's, 20+ min each.
But someone forgot that please do not send this shit to engineers of your company, specially Software/Network engineers. Oh another subset, specially not to those who work deeper into the domain.
I'm getting paid to do this time wasting activity, and still.
I also may come back and remove this BUT FOR NOW I NEED TO RANT.rant alice time_waste boolsheet web_training useless fake_security demotivators bob corporate_crap foo -
A team at school spent 3-4months on an eStore web app, for selling items. The title was "Securing your eStore".
When they were done with their presentation, the examinator asked: "But... You haven't said a thing about the security part."
"Oh, sure we did, as we showed you, we added validation on the email address and credit card text fields etc. If you press the Pay button here, you will get an alert()-dialog telling you which fields are invalid..."2 -
Alright lads here is the thing, have not been posting anything other than replies to things cuz I have been busy being miserable at school and dealing with work stuff.
Our manager left us back in February. Because she was leaving I decided that I wanted to try a different path and went on to become a programmer analyst for my institution, if anything I knew that it was going to be pretty boring work, but it came with nice monetary compensation and a foot in the door for other data science related jobs in the future. Thing is, the department head asked me to stay in the web technologies department because we had a lack of people there and hiring is hard as shit, we do not do remote jobs since our work usually requires a level of discretion and security. Thus I have been working in the web tech department since she left albeit with a different title since I aced the interview for the analyst position and the team there were more than happy to have me. I have done very few things for them, some reports here and there and mostly working directly with the DBA in some projects. One migration project would have costed my institution a total of 58k and we managed to save the cost by building the migration software ourselves.....honestly it was a fucking cake walk, if you had any doubts about the shaddyness of enterprise level applications regarding selling overpriced shit with different levels of complexity, keep them, enterprise is shaddy af indeed. But I digress.
I wrote the specification for the manager position along the previous manager, we had decided that the next candidate needed to be strong with development knowledge as well as other things as to properly understand and manage a software team, we made the academic requirement(fuck you, yes we did ask for academic requirements) to be either in the Computer Science/software engineering area or at least on the Business Administration side. We were willing to consider BA holders in exchange for having knowledge of the development process of different products and a complete understanding of what developers go through. NOT ONE SINGLE motherfucker was able to satisfy this, some of them were idiots that I knew from before that had ABSOLUTELY no business even considering applying to the position, the courage it took for some of these assholes to apply would have hurt their mothers, their God if they had one, and their country, they were just that fucking bad in their jobs as well as being overall shit people.
Then we had 1 candidate actually fall through the cracks enough to get an interview. My dude here was lying out of his ass through the interview process. According to him he had "lots of Laravel experience and experience managing Laravel projects" and mentioned repeatedly how it would be a technology that we should consider for our products. I was to interview him alongside the vice president of our institution due to the head of my department and the rest of the managers for I.T being on vacation leave all at the same bloody time.
Backstory before the interview:
Whilst I was going over the interview questions with the vice president literally offered me the job instead. I replied with honesty, reflecting how I did not originally wanted him but feeling that our institution was ready to settle on any candidate due to the lack of potentials. He was happy to do it since apparently both him and the HOD were expecting me to step up sooner or later. I was floored.
Regardless, out of kindness he wanted to go through the interview.
So, going back to the interview. As soon as the person in question referenced the framework I started to ask him about it, just simple questions, the first was "what are your thoughts on the Eloquent ORM? I am not too fond of it and want to know what you as a full time laravel dev think of it"
his reply: "I am sorry I am not too familiar with it, I don't know what that is" <--- I appreciated his honesty in this but thought it funny that someone would say that he was a Laravel developer whilst not knowing what an ORM was since you can't really get away from using it on the initial stages of learning about Laravel, maybe if one wanted to go through the hurdle of switching to something like doctrine...but even then, it was....odd.
So I met with the hod when he came back, he was stoked at the prospect of having me become the manager and I happily accepted the position. It will be hell, but I don't even need to hit the ground running since I have been the face of the department since ages. My team were ecstatic about it since we are all close friends and they have been following my directions without complaints(but the ocational eat a dick puto) for some time, we work well together and we are happy to finally have someone to stop the constant barrage that comes from people taking advantage of a missing manager.
Its gonna get good, its gonna get fun, and i am getting to see how shit goes.7 -
OKAY BUT WHY THE FUCK DO PEOPLE HAVE TO ACT LIKE THEY'RE SOME KIND OF GOD WHEN THEY CAN'T EVEN PASS AN INTRO CLASS. Some background: I go to an early college in high school program which offers computer science where you take two college classes a semester starting you junior year in high school. AND THIS GIRL TALKS ABOUT THIS PROGRAM LIKE IT'S AWFUL AND SHE HATES IT AND HOW THE PROFESSORS DON'T TEACH AND SHE FAILED AN INTRO TO PROGRAMMING CLASS WHICH TEACHES JAVA BUT THEN SHE ACTS LIKE SHE'S WAY ABOVE THE OTHER KIDS IN MY CLASS BECAUSE SHE'S RETAKING IT. SHE'S ALSO A STUDENT ASSISTANT IN MY CYBER SECURITY CLASS BUT DOESN'T KNOW WHAT THE localhost IP IS. I UNDERSTAND THAT I DON'T KNOW EVERYTHING BUT AT LEAST I DON'T ACT LIKE I DO. IT'S SO INFURIATING!!!!!!
-
Following on from my school having terrible passwords. Turns out they stored all our passwords in plain text somewhere - so some script kiddie (Do you even need to be a script kiddie to find this - probably not, but the guy who did this was a script kiddie) could just remote log me out twice, log in as me, be a twat, and have a conversation in Notepad.1
-
At school...
Antivirus protects you from all the bad things on the internet. If you download an antivirus, your computer is safe. I recommend one like McAfee or FreeAntivirus. Also, there aren't virus for Mac.
(Then they ask how things like The Podesta Emails happen)4 -
Just finished a large write up on a security flaw I found and disclosed in an exam spyware vendor's "zero knowledge encryption" - derived keys that were generated from incrementing integers, discussion on obfuscation and more.
It was a hell of a time writing this up; not sure if linking my personal blog here would be bad practice, but here it is: https://proctor.ninja/wave-rake-pro...
It's been something else, but hopefully I can keep fighting against tech like this on school campuses.4 -
Who thought Lua was a good idea for extending gameplay functionality??
It's weakly typed, has no OOP functionality and no namespace rules. It has no interesting data structures and tables are a goddamn mystery. Somebody made the simplest language they could and now everybody who touches it is given the broadest possible tools to shoot themselves in the foot.
Lua's ease of embedding into C++ code is a fool's paradise. Warcraft 3's JASS scripting language had way more structure and produced much better games, whilst being much simpler to work with than Lua.
All the academics describing metatables as 'powerful extensionality' and a fill-in for OOP are digging the hole deeper. Using tables to implement classes doesn't work easily outside school. Hiding a self:reference to a function inside of syntactic sugar is just insanity.
Nobody expects to write a triple-A game in lua, but they are happy to fob it off to kids learning to program. WoW made the right choice limiting it to UI extensions.
Fighting the language so you can try and understand a poorly documented game engine and implement gameplay features as the dev's intend for 'modders', is just beyond the pale. It's very difficult to figure out what the standard for extending functionality is, when everybody is making it up as they go along and you don't have a strongly-typed and structured language to make it obvious what the devs intended.
If you want to give your players a coding sandbox, make the scripting language yourself like JASS. It will be way better fit for purpose, way easier to limit for security and to guarantee reasonable performance. Your players get a sane environment to work in and you just might get the next DOTA.
Repeatedly shooting yourself in the foot on invisible syntax errors and an incredibly broad language is wasted suffering for kids that could be learning the programming concepts that cross all languages way quicker and with way more satisfying results.
Lua is hot garbage for it's most popular application, I really don't get it. Just stop!24 -
fuck my school. all i had to do was log in to see my grades and what do i get? the fucking stack trace. security? i think not. seriously though, why the fuck would my county want to make their own grading website when the one we had worked just fine? it looks like it was written terribly, the cause was just a bad socket connection and it even gave me the server name and version. i copied it to a google doc (it was already shortened) and it took up seven pages. jesus.2
-
The Windows vista laptop running in the driving school with unpaid Kaspersky Security, offline 24/7, not updated since ever. Windows Update won't even open.4
-
Google Maps put me on the other side of the freeway, so rushing to get there I was stopped by a security guard who told me to slow down and directed me to a spot. I hit the car next to me, I then interviewed and exchanged insurance information with the other car's owner. I went to school to defend my capstone and got the offer. A year later I sat next to the guy whose car I hit.
-
So my brother went back to school today. Now, during the 5 years I was there they had the most shit security on their IT systems, but aparently now they have fucked up their ssl. If you try to load the https page it comes up with the warning saying its an invalid certificate, but once you click it, it doesn't even load the school website, it loads this random page. Clicking on the buttons then take you to a page under their domain provided by another school. Going to this schools website, the https seems to be broken in the exact same way. It wouldnt be so bad, but it can confuse the hell out of people who type https before a url, and thos who dont realise and end up on the insecure site will need to provide passwords over an insecure connection. I am so glad im out of that place, they had such crap IT and everything was so easy to break.1
-
Our school had for an open source way of dealing with home schooling and managing the school network and so on.
Now the government forced a "proprietary" system on our school and everyone hates it. The teachers didn't want it the pupils didn't want it but who cares "what we do is the best".
Btw the proprietary system costs a fuck load of money even though they just mixed many open source projects and made it their own proprietary thing.
And this company now get's loads of money for their shitty system that never really worked once since we got it.
They blocked so many ip's that we can't even access google and it's services on the school wifi and the bandwith dropped severely with the new system.
Oh and many random ip's e.g. one of my vps is accessible but the other one not.
Discord is blocked.
Web whatsapp.
And so on...
Now....
I need to learn for tests next week and need to access that stuff on the portal but...
Now they decided to switch the LDAP server to the new system and since a few hours i can't access this fucking thing.
It seems like the platform now contacts the new server which isn't even up and running....
Never change a fucking running system....
Oh and we got smart boards and it runs on android and they didn't block adb. Now i installed clash of clans on one of those things. Haha whoops.
These boards cost 7000€ and have security patches from 2 years ago....and Android 87 -
Let's talk about the cargo cult of N-factor authentication. It's not some magic security dust you can just sprinkle onto your app "for security purposes".
I once had a client who had a client who I did server maintenance for. Every month I was scheduled to go to the site, stick my fingerprint in their scanner, which would then display my recorded face prominently on their screens, have my name and purpose verified by the contact person, and only then would the guards let me in.
HAHA no of course not. On top of all of that, they ask for a company ID and will not let me in without one.
Because after all, I can easily forge my face, fingerprints, on-site client contact, appointment, and approval. But printing out and laminating a company ID is impossible.
---
With apologies to my "first best friend" in High School, I've forgotten which of the dozens of canonicalisations of which of your nicknames I've put in as my answer to your security question. I've also forgotten if I actually listed you as my first best friend, or my dog - which would actually be more accurate - and actually which dog, as there are times in my High School life that there were more tails than humans in the house.
I have not forgotten these out of spite, but simply because I have also forgotten which of the dozen services of this prominent bullshit computer company I actually signed up for way back in college, which itself has been more than a decade ago. That I actually apparently already signed up for the service before actually eludes me, because in fact, I have no love for their myriad products.
What I have NOT forgotten is my "end of the universe"-grade password, or email, or full legal name and the ability to demonstrate a clear line of continuity of my identity from wherever that was to now.
Because of previous security screwups in the past, this prominent bullshit company has forced its users to activate its second, third, and Nth factors. A possibly decade-old security question; a phone number long lost; whatever - before you can use your account.
Note: not "view sensitive data" about the account, like full name, billing address, and contact info. Not "change settings" of the account, such as changing account info, email, etc. Apparently all those are the lowest tier of security meant to be protected by mere "end of the universe"-grade passwords and a second factor such as email, which itself is likely to be sold by a company that also cargo cults N-factor auth. For REAL hard info, let's ask the guy who we just showed the address to "What street he lived in" and a couple others.
Explaining this to the company's support hotline is an exercise in...
"It's for your security."
"It's not. You're just locking me out of my account. I can show you a government ID corroborating all the other account info."
"But we can't, for security."
"It's not security. Get me your boss."
...
"It's for security."8 -
Ideal dev job would be teaching kids code. Probably a side-gig at a local school.
Main gig would be writing code to exploit the "push to prod" Internet of Things things. Security on that is garbage. 🚮5 -
When I was in 11th class, my school got a new setup for the school PCs. Instead of just resetting them every time they are shut down (to a state in which it contained a virus, great) and having shared files on a network drive (where everyone could delete anything), they used iServ. Apparently many schools started using that around that time, I heard many bad things about it, not only from my school.
Since school is sh*t and I had nothing better to do in computer class (they never taught us anything new anyway), I experimented with it. My main target was the storage limit. Logins on the school PCs were made with domain accounts, which also logged you in with the iServ account, then the user folder was synchronised with the iServ server. The storage limit there was given as 200MB or something of that order. To have some dummy files, I downloaded every program from portableapps.com, that was an easy way to get a lot of data without much manual effort. Then I copied that folder, which was located on the desktop, and pasted it onto the desktop. Then I took all of that and duplicated it again. And again and again and again... I watched the amount increate, 170MB, 180, 190, 200, I got a mail saying that my storage is full, 210, 220, 230, ... It just kept filling up with absolutely zero consequences.
At some point I started using the web interface to copy the files, which had even more interesting side effects: Apparently, while the server was copying huge amounts of files to itself, nobody in the entire iServ system could log in, neither on the web interface, nor on the PCs. But I didn't notice that at first, I thought just my account was busy and of course I didn't expect it to be this badly programmed that a single copy operation could lock the entire system. I was told later, but at that point the headmaster had already called in someone from the actual police, because they thought I had hacked into whatever. He basically said "don't do again pls" and left again. In the meantime, a teacher had told me to delete the files until a certain date, but he locked my account way earlier so that I couldn't even do it.
Btw, I now own a Minecraft account of which I can never change the security questions or reset the password, because the mail address doesn't exist anymore and I have no more contact to the person who gave it to me. I got that account as a price because I made the best program in a project week about Java, which greatly showed how much the computer classes helped the students learn programming: Of the ~20 students, only one other person actually had a program at the end of the challenge and it was something like hello world. I had translated a TI Basic program for approximating fractions from decimal numbers to Java.
The big irony about sending the police to me as the 1337_h4x0r: A classmate actually tried to hack into the server. He even managed to make it send a mail from someone else's account, as far as I know. And he found a way to put a file into any account, which he shortly considered to use to put a shutdown command into autostart. But of course, I must be the great hacker.3 -
Companies really need to re-evaluate what they ask as security questions.
If I know your name and your approximate date of birth (to the month) then, here in the UK at least, I have a very good chance of being able to find out your parents names, your mother's maiden name, your address, your parents address (i.e. probably where you grew up and what school you went to), your parents ages, when they got married, etc. - and all from publicly available info, not illegal crap you find on Tor or social media stalking.
This isn't hard to find if you know where to look - the problem is that people think that it's all private, and behave as such - and companies encourage it. The typical "internet safety courses" don't even touch on it, and even more tech savvy people I know often don't have a clue this is possible.2 -
Fuck you Crapple.
I have to reset my password again just because I cant remember that one security question.
How the fuck am I supposed to know who my favourite primary school teacher is?11 -
Ranting kinda
I'm studying for a CEH certification so I can enter a computer security competition that my school is holding, and I have to cram the whole subject in my head.
Before anyone asks why, I have a great interest in the subject and its fun to learn the problem is the amount I have to learn in such little time
My teacher also wanted me to enter so I could go up against the guy who almost placed in nationals last year, and he thinks I can do it, many people do. looking at it realistically if I crammed it all and reviewed I could place in regionals which is the goal.
Wish me luck if you read all of that!..2 -
Cant believe this shit happened in my country today
A mass school shooting where a 13 year old kid shot and killed 9 kids, teachers and a security guard. Several other kids wounded and one girl having brain surgery
All of this because he got an F in history class
He was a quiet kid, well behaved, got straight A's and very intelligent. But he was reportedly bullied and no one did shit about it
This the type of shit you see in america daily. But now Serbia marks #1 country in europe with a school shooting
The kid planned all of this attack for 1 whole month. He drew a sketch on the paper of the school's pathway so he can know where to go, from enter door to exit door. Even wrote the names of kids he planned to kill, sorted from high to low priority
Due to Serbia's law, no one under 14 will be held accountable or go to jail for any crime, and this 13 year old kid was so intelligent of knowing this dumbass law that he executed on this plan Now in May because he turns 14 in July this year
Ironically, his dad was a well known doctor, and now the dad is fucked. Dad's gonna go to jail. Because the kid stole his dad's gun with 5-6 clips of magazine
Very bizarre21 -
Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!
System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.
Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.
Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.
That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.
We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.
Hella excited about this!
If you guys have any suggestions let us know. We are utter noobs when it comes to this.6 -
I found xss on the software the my school and many other schools use it. The bug is on every page of their website.
I reported the bug to their team, they fixed it and didnt even reward me.
What do you ranters advice me to?7 -
Of course, I just swiped the wrong way on my fucking laptop trackpad and list everything I just typed. FUCKING MARVELOUS.
TL;DR: Teacher stopped me from being productive. Principal almost called cops on me. Nearly threw chair at librarian.
So I'm at school yesterday, and we have a presenter in 2nd hour, so naturally, I'm gonna be on my computer doing things for other classes at the same time. Efficiency. Teacher doesn't like it, I refuse to put the computer away telling her that I'll be more productive and still pay attention, which HAS BEEN PROVEN MIND YOU, but she ends up calling security on me and I get sent down to the principal's office.
I talk to him, and he says 'Yeah, I know it's in the way, but you have to follow the directive given by the teachers.' Fine, fuck it. Won't go to her class for third hour. (I have her twice in a row for two different classes.) Next day.
I walk in, asking her if she's gonna do the same thing she did yesterday, hoping that she realized her error and will fix it, but no. She says I STILL can't have the computer out. I'm sorry, do you not realize I have 6 other fucking classes, most of which are required to graduate, unlike YOURS, as well as a FUCKING COLLEGE CLASS TONIGHT?! She gives the ultimatum. 'Obey or leave.' Fine, I'll leave. I go to the principal's office again, he must have a stick up his ass or something today because he's not budging. We argue for a while and he gives a WORSE ultimatum: 'Obey, Go to the Library, In House Suspension, or I'll call the police.' What the actual FUCK MAN?! You're gonna call the POLICE on a NONVIOLENT STUDENT?! Are you fucking MAD? I keep trying to tell him that there's an easy solution to this, but as he's getting up to call the cops, I say 'Fine! I'll go to the library!' He follows me over to make sure I don't kill anyone on the way.
I slam the door to the library open, and when I walk in, the librarian is there at her computer, and she asks 'Where are you coming from?' 'Principal!' 'I need a pass-' 'Well, I'm sorry, I can't exactly get anything for you right now, I was just sent down here.' She says 'Either way, I need some kind of note or pas-' 'Listen, I'm not in the mood for any of this right now. Please, just leave me be.' She then tries to say something, but I cut her off quickly, 'Just back off and leave me alone right now. The more you push it, the more you're gonna make me want to throw this chair!' Imagine the volume just gradually getting louder on that last one. She quickly runs out and talks to the security desk or something, which is right outside the library door, but she's the only one who comes in, thankfully. I was expecting to be fucking dragged out for no good reason. I'm loud, not violent. I have no history of violence.
So yeah. Here I am in the school library, angrily tapping away at my keyboard, trying not to throw the entire table to the fucking moon. All because this broken-ass public school system has no idea how to deviate from the norm when it's actually productive and efficient to do so. And now, the obligatory:
FUCKING PIECES OF SHIT WHY DON'T YOU REALIZE THAT YOU ARE COMPLETELY WRONG IN EVERY SINGLE THING YOU ARE DOING YOU IDIOTIC SCUM-FILLED MEAT SACKS OF NO FORSEEABLE VALUE! FUCK!1 -
So my software engineering school which cannot run their intranets correctly just failed and our emails were used to sign up to a dating site targeted to a most peculiar community. (I won't disclose the nature of the site)4
-
I feel like 75% of stories here are about high schools. Maybe it’s because of the younger user base but also I think school security is beyond woeful.
I can’t even tell if my school just botched the setup or if the vendor thought it’d be a sick joke but we had software that the teacher would use to remotely look at everyone doing work but we found that if you press the help button it opens the same window where you see everyone’s desktops and can mess with them (how trivial, I know).4 -
Ibwish I had remembered this when the weekly theme was office pranks.
In the first or second year of high school we covered basic internet security. Stuff like don't follow suspicious urls, don't open suspicious emails and such.
Our teacher let us play around with some sort of simulated desktop environment, where we could execute some hacks like ad popups and such on each other's environment, if we fell for the trap.
Anyways, one hack I found interesting was a hack, that lockes a user out of their virual desktop, until he enters a password, that will be displayed on his environment.
Yes, a very interesting hack, because it contains two obvious yet major design flaws, which I could exploit 😈
1. It's case sensitive
In itself not a problem, but combined with #2, it's fatal.
2. "IlIlllIlI"
Depending on your font, you probably have no idea what exactly I just typed.
Let's just say, the font displayed uppercase i and lowercase L completely undifferentiable.
Guess whom I let suffer.
It was our teacher, who had to demonstrate us some things and who was connected to the same network.
I swear, nothing beats that feeling when your tearcher has go come to you and embarrassingly ask you to "unhack" them, because they can't type it 😂1 -
just found out a vulnerability in the website of the 3rd best high school in my country.
TL;DR: they had burried in some folders a c99 shell.
i am a begginer html/sql/php guy and really was looking into learning a bit here and there about them because i really like problem solving and found out ctfs mainly focus on this part of programming. i am a c++ programmer which does school contest like programming problems and i really enjoy them.
now back on topic.
with this urge to learn more web programming i said to myself what other method to learn better than real life sites! so i did just that. i first checked my school site. right click. inspect element. it seemed the site was made with wordpress. after looking more into the html code for the site i concluded all the images and files i could see on the site were from a folder on the server named 'wp-content/uploads'. i checked the folder. and here it got interesting. i did a get request on the site. saw the details. then i checked the site. bingo! there are 3 folders named '2017', '2018', '2019'. i said to myself: 'i am god.'
i could literally see all the announcements they have made from 2017-2019. and they were organised by month!!! my curiosity to see everything got me to the final destination.
with this adrenaline i thought about another site. in my city i have the 3rd most acclaimed high school in the country. what about checking their security?
so i typed the web address. looked around. again, right click, inspect element and looked around the source code. this time i was more lucky. this site is handmade!!! i was soooo happy because with my school's site i was restricted with what they have made with wordpress and i don't have much experience with it.
amd so i began looking what request the site made for the logos and other links. it seemed all the other links on the site were with this format: www.site.com/index.php?home. and i was very confused and still am. is this referencing some part of the site in the index.php file? is the whole site written inside the index.php file and with the question mark you just get to a part of the site? i don't really get it.
so nothing interesting inside the networking tab, just some stylesheets for the site's design i guess. i switched to the debugger tab and holy moly!! yes, it had that tree structure. very familiar. just like a project inside codeblocks or something familiar with it. and then it clicked me. there was the index.php file! and there was another folder from which i've seen nothing from the network tab. i finally got a lead!! i returned in the network tab, did a request to see the spgm folder and boooom a site appeared and i saw some files and folders from 2016. there was a spgm.js file and a spgm.php file. there was a contrib, flavors, gal and lang folders. then it once again clicked me! the lang folder was las updated this year in february. so i checked the folder and there were some files named lang with the extension named after their language and these files were last updated in 2016 so i left them alone. but there was this little snitch, this little 650K file named after the name of the school's site with the extension '.php' aaaaand it was last modified this year!!!! i was so excited! i thought i found a secret and different design of the site or something completely else! i clicked it and at first i was scared there was this black/red theme going on my screen and something was a little odd. there were no school announcements or event, nononoooo. this was still a tree structured view. at the top of the site it's written '!c99Shell v. 1.0...'
this was a big nono. i saw i could acces all kinds of folders. then i switched to the normal school website and tried to access a folder i have seen named userfiles and got a 403 forbidden error. wopsie. i then switched to the c99 shell website and tried to access the userfiles folder and my boy showed all of its contents. it was nakeeed naked. like very naked. and in the userfiles folder there were all, but i mean ALL files and folders they have on the server. there were a file with the salary of each job available in the school. some announcements. there was a list with all the students which failed classes. there were folders for contests they held. it was an absolute mess and i couldn't believe it.
i stopped and looked at the monitor. what have i done? just to learn some web programming i just leaked the server of the 3rd most famous high school in my country. image a black hat which would have seriously caused more damage. currently i am writing an email to the school to updrage their security because it is reaaaaly bad.
and the journy didn't end here. i 'hacked' the site 2 days ago and just now i thought about writing an email to the school. after i found i could access the WHOLE server i searched for the real attacker so if you want to knkw how this one went let me know in the comments.
sorry for the long post, but couldn't held it anymore13 -
Why didn't I know about devrant when I was working on my motion detecting security system for school... Would have had lots to rant about2
-
Honestly, school is useless for me as of right now. I know I should be well rounded and stuff, but do I honestly need to know the symptoms of cervix cancer while going into a tech career? My eyes have been set on tech for my whole life, ever since I left the womb, and I know that if I do switch careers, it'll be from comp sci to cyber security not from IT to med school...
I feel like I could really be devoting my time towards something better than writing a 5 page essay on a healthy food choice.
Every night I think to myself, "You know what, I'm going to lock myself in a room and write bash scripts all day" but then I wake up in the morning, and remember I have to take a quiz on reproductive systems, learn about the procedure of organ donations for driver's ed, write 2 paragraph definitions of vocab words, and read a book about communism.
The most useful thing I learned last year, was how to efficiently navigate the java API, and that's something you don't even learn, you just encounter it. Schools need to start having more specific specialties and stop enforcing knowledge of pointless topics.
I'm not saying to remove all core classes and stuff, I'm saying why waste space in our brains with something we won't use ever again? I get it, some people don't know what career they're looking for yet so you can't make them choose, but it honestly sucks some serious ass that I can't learn what I want to at school, and as a matter of fact, I can't even learn at home, because they're filling my schedule with pointless work because they feel that they have to fill our time somehow.
Point of this long ass rant is: Why lock yourself in a room and learn about something if it isn't something you want to learn about? The space in our brain is finite enough, why can't it be filled with things we're interested in rather than things that will only be used to get good grades in the future then overwritten with useful knowledge. Same thing with time. We have a very finite amount of time in a day, and now that I think of it, a lifetime. Why spend it on something that doesn't, and never will, make your life enjoyable?7 -
!!rant life toptags bottags
My tags seem to be okay. Let's go.
I'm 14. I live in a place where nobody smart lives, and the school I go to has no coders.
Last year, all my friends moved. The only friend I had left now hates me, simply because they yelled at me everyday and I yelled at them once.
I am in the middle of my exams. I also have the flu, but thankfully it's not the e-flu, otherwise you guys should prepare for 24/7 headaches.
Due to the medications I am taking, I'm half-asleep all the time, and I probably am messing up all of my grades.
My entire extended family is in India, and I go there 2 times a year. I miss them so much right now :(.
At the same as doing exams, I am trying to keep my laptop (primary) and PC (secondary, desk) configuration and setup approximately synchronized. In order to do that, I am setting up my dotfiles repository.
Except that all my laptop config (which works) is written horribly, and I need to rewrite it all.
At the same time, I have 3 other projects going on: An OS written in D, a source-based package management system written in D, a small website (not online), and a whatever's cooking in my mind at this moment.
Right now, I'm supposed to be studying for my French exam.
Instead, I'm here, typing this out on my phone.
I have a classmate in school who can type QWERTY at 80WPM. I'm learning Dvorak (Programmer's!) and my current speed is 33WPM, after about 2 months of half-hearted practise during work time and at school.
Sometimes, I look at the world we have here, and what we're doing to it, and I wish that sometimes we could simply be content with life. Let's just live, for once.
I find ~60 random songs in one go, simply by finding a song I know on YouTube and going to the 'Mix - <song>' playlist. I download them all (youtube-dl), and I listen to them. Sometimes, I find this little part in a song (Mackelmore & Ryan Lewis - Can't Hold Us beginning instrumentals, or Safe and Sound chorus instrumentals) that make me feel so happy I feel like all's good in the world. Then the song moves on and with it, my happiness.
I look at Wayland, and X, and I think - Why can't we have one way of doing things - a fixed interface to express anything, so that one common API exists for everything of that type? And I realise it's because they feel that they're missing something from the others. Perhaps it's a bug nobody's solved or functionality that's missing, and they think that they can do better than that. And I think - Well, that's stupid. Submit a fucking bug report or pull request instead of reinventing the wheel. And then I realise that all the programming I've ever done in my life IS simply reinventing the wheel. And some might say, "Well, that guy designed it with spokes and wood. I designed it with rubber and steel," but that doesn't work, because no matter what how you make it, it's just a wheel. They both do the same thing. Both have advantages and disadvantages, because nothing's perfect. We're not perfect because we all have agendas and wants and likes and dislikes and hates and disgusts and all kinds of other crap, and our DNA's not perfect because it manages to corrupt copy operations (which is basically why we die of old age, I think).
And now I've lost my train of thought and this is too large to scroll over so I'm just going to move on to the next topic. At this point (.), I have 1633 letters left.
I hate the fact that the world's become so used to QWERTY because of stuff that happened 100 years ago that Dvorak is enough of a security to stop most people from being able to physically use my laptop.
I don't understand why huge companies like Google want to know about me. What would you do with this information? Know how to take over my stuff when the corporation-opocalypse comes around? Why can't they leave me alone? Why do I have to flash a ROM onto my phone so that Google cannot track me? What do you want, Google?
I don't give a shit any more, so there's my megarant.
Before anybody else (aside from myself) tells me that this is too big, all these topics are related simply because my train of thought went this way. There's a connection between each of these things, but I just don't know what it is.
Goodnight, world. 666 is the number of characters I have left. So is 42, for that matter (thanks, Douglas Adams!). Goodbye.rant life story current project ugh megarant why are you doing this to me life schrodinger's tags 🐈 life3 -
School decided to shut down their WiFi for "security" reasons (Everyone used a VPN and they were dumb fucks at networking, blocking sites like Google for having an invalid SSL certificate).
Now I'm forced to use my mobile data to keep using my Arch Linux laptop D:3 -
Going back to school to get my degree for Network Security/ Administration.
Which I'm doing right now -
So.. I'm doing this 2 week long internship at a pretty big corporation that was looking for high school students for a security training program, and they're having us utilize Splunk (which I've heard about, but never used). Any opinions and/or tips on this tool? :)1
-
Best: take a job as a data analyst. 1 year later, re-write and re-deploy the entire backend following correct security concentions and well-hashed-out data models.
Worst: attempt to backup a hard drive using dd, just to accidentally brick the laptop (because it had some security layer the school put to prevent just that)
Bestest: use knowledge acquired at my "best" story to nuke windows on bricked laptop. Then extract the leftover data using dd and a series of recovery tools. -
First job while in college... Was working for web dev team lamp set up before lamp was lamp (year was 2000).
Had deadline one week after summer vacation. Worked non stop a couple of days to get shit done and didn't make it. Got in a conflict with my manager in front of the team and I blew my steam off. Quit on the spot.
Lessons learned:
1. Don't be a fucking idiot when estimating work.
2. Be cool with other teammates, nobody cares about drama and nobody has to feel sorry for you.
3. Uhm, plan? Had entire fucking vacation to get work done. I was a fucking moron.
4. Burning out is stupid and unproductive.
5. Your manager can be as poor in management as you are. Your job is to try to make them better at it, as they have less visibility in the details.
Next job in grad school. Worked for a security company. Direct manager had the bright idea to make execs sign the change requests. WTF. Code was in Perl/php, a mess. Team rewrote back end DB access , taking over six months, or more, failing twice the deadline. After a final 48 hour burn out, we ship and get laid off the week after.
Lessons learned:
1. Don't work for dicks.
2. Don't be a dick yourself.
3. Don't work for dicks.
Third job was in silicon valley. It was a great company, and I stayed there for five years. -
I know maaannny rants like this exist, but it's just sad that so many devices run 1. windows and 2. an very old version of windows.
This is an info display in school, we managed to reboot it and have seen it's IP. I'm not gonna post it because I don't want to get into trouble. -
The first dev project, like real dev project, I participated in was a school one and it was double.
The class was meant to make us learn about the software's life cycle, so the teacher wanted us to develop a simple, yet complicated, thing: a Web platform to help tutors send/refer students to the university services (psychologist, nutriologist, etc) and to keep track of them visits.
We all agreed on it being easy.
Boy were we so wrong.
I was appointed as dev leader as well as some others (I was the programming leader, the other ones were the DB guy and the security guy) and as such I was in charge of the technology used (well, now we all know that the client is the one in charge of that as well as the designer) and I chose Django because we had some experience with it. We used it for the two projects the teacher asked us to do (the second one was to find a little shop and develop something for it, obviously with the permission and all that), but in the second one I decided to use React on top of Djangl, which ended being a really good combination tho.
So, in the first project, the other ones (all the classroom) started to discuss and decided to use some other stuff like unnecessary carousel for images, unnecessary functions, they created mock ups for stuff that was never there to begin with, etc. It was really awful, we had meetings with the client (the teacher) with updates on the project, and in not a single one he was satisfied with the results. But still, we continued with the path the majority chose and it was the worst: deadlines were not met, team members just vanished until the end of the semester, one guy broke his leg (and was a dev leader) and never said a word not did anything about the project. At the end, we presented literal garbage, the UI was awful, its colors were so ugly because we had to use the university official colors, the functionality was not there, there literally was a calendar to make appointments for the services (when did the client ask for that? No one knows), but hey, you could add services and their data to it, was it what the client wanted? Of course not! What do you think we are? Devs?
Suffice to say that, although we passed with good grades, the project and the team was shit (and I'm counting me in)
The good part is that the second project was finished by me and it looked really good, yet it didn't matter, the first project was supposed to be used by the university, but that thing was unusable.
Then, in the subsequent vacations I tried to make pretty and functional/usable, yet I failed because I had a deadline for another thing I had to do, but hey, the login screen looked amazing! -
My school is awesome, their network infrastructure is so secure (not),
that you can easily control other people's desktops with Windows' basic tools. -
The near future is in IOT and device programming...
In ten years most of us will have some kind of central control and more and more stuff connected to IOT, security will be even a bigger problem with all the Firmware bugs and 0-day exploits, and In 10 years IOT programmers will be like today's plumbers... You need one to make a custom build and you must pay an excessive hour salary.
My country is already getting Ready, I'm starting next month a 1-year course on automation and electronics programming paid by the government.
On the other hand, most users will use fewer computers and more tablets and phones, meaning jobs in the backend and device apps programming and less in general computer programs for the general public.
Programmers jobs will increase as general jobs decrease, as many jobs will be replaced by machines, but such machines still need to be programmed, meaning trading 10 low-level jobs for 1 or 2 programming jobs.
Unlike most job areas, self-tough and Bootcamp programmers will have a chance for a job, as experience and knowledge will be more important than a "canudo" (Portuguese expression for the paper you get at the end of a university course). And we will see an increase of Programmer jobs class, with lower paid jobs for less experienced and more well-paid jobs for engineers.
In 10 years the market will be flooded with programmers and computer engineers, as many countries are investing in computer classes in the first years of the kids, So most kids will know at least one programming language at the end of their school and more about computers than most people these days. -
My school has a completely open SMTP server. A friend today who works for the tech department just showed me how anyone could fake an email. He did this by sending me an email as the president of the school, it looked legit. He told the security dudes but they can't secure it due to legacy systems. This is madness surely!?! Is open SMTP as bad as I think? (It is at least only accessible on the schools network).3
-
I know I'm a bit late with this, but I thought I'd share it anyway.
A few years ago me and my friend were messing around in computer class and I decided to look at the network devices.
I couldn't believe, what I saw. All of the school security cameras were there, and the best part: when I connected to their ip addresses, they were just showing the live feed, no password or anything.
I didn't really do anything with it since I couldn't think of any great ideas and it has since been fixed.
Technically not hacking but still somewhat related. -
So I decided to install a third OS on my laptop and oh boy, I never thought I'd have to deal with so many issues!
First, I had to make space for the new OS, so I did the only feasible thing - Shrunk a windows partition (Used for gaming only), then installed the third OS into it. (For clarification, one OS was Windows, the second Debian for work and the new one was Kali for a course at school about security and ethical hacking)
Well... After I installed and tried out that the Kali worked... My Debian began to make problems. It would hang for almost a minute during start as it tried to mount a (for some reason) no longer existing Swap partition.
After it gave up and I found out... I, fortunately, fixed it after just a bit of googling. At least I learned to repack the ramfs.
It worked all fine and dandy... Only... My Debian now shared the swap with Kali.
Few weeks forward, last friday, I tried to boot up Kali at class... Only for it to... Stop at a black screen, weird.
Some minor detective work later, I found out nothing was... Wrong really.
But... For some mysterious reason, my complete GDM just.... No longer worked.
One LightDM and XFCE instal later (Thanks god that at least TTY still worked fine), it finally worked again, and this time, I booted back into Debian, shrunk the Kali partition a little more and dedicated it's own swap there. Setting and resetting everything, and finally had a working triple-boot laptop...
My only question is... Why?
Does sharing Swap really affect the system so much, besides hibernation ofc.3 -
DREAM 1
(my comments look like this)
A kikiland metro system. It's extradimensional and shapeshifting. When you enter it, it adapts to your needs. The people inside (they're probably just vinyl shells), the social circumstances, all generated for you.
When you enter it, it knows where you want to go. It spawns exactly one train just for you. It will be the first, it will be the last. You have to catch it to go where you need. If you miss it, there will be no more trains, and you have to wait till the metro station closes for the night and reopens.
It's always you entering, catching the train that arrives just in time, going to where you need to go and exiting.
Because of its extradimensional nature, you cannot agree to meet someone there — every person has their own personal metro generated just for them every time, with exactly one train going exactly to the station you need.
It's used by BLA as a form of control. When they don't want you to go somewhere, the train won't spawn. Or, it might diverge and get you to some other place. It isn't known whether the map can be altered on the fly or not. So far, the consensus is that the map is persistent and is a public knowledge, and it's just the metro itself that is extradimensional. But, no one ever saw the real metro in its real form, and not the top layer that protrudes into the three-dimensional world you can interact with. It might be the case that they can make people disappear by creating ad-hoc stations that don't intersect with the real world, trapping them in places that are nowhere in particular.
(it took seeing BLA once in one dream to make all the following dreams include them. Sigh.)
Kikiland also has a school, and it always had it. I befriended a chemistry teacher there. His classroom is small — exactly as deep as other classrooms, but really narrow. There are no desks there, just his desk and some bookshelves. Chemistry isn't a priority there — his class exists only because it should. No one attends it. This is why he was so pleased to meet me. Despite his classroom being located on a busy floor, its door is overlooked by students, and NO ONE ever enters it. He just sits there, waiting for students to arrive, but they never do.
He has a secret, though, because of course he does. In the game Control, if you complete the main storyline before you complete some side quests, one of the main characters will be sitting in the C-suit hall, doing her things, waiting for you to come and talk to her. But at the same time, she will be waiting for you deep down the oldest house's mines, again, just sitting there, waiting for you to take the quest. This teacher is the same.
If you have a good relationship with him, and you attend his class, the classroom will change to a tunnel entrance, with him being the security guard. He's your friend, he'll let you in. It looks like Fallout's vault entrance. THIS is how you enter the REAL kikiland metro. (Dream 1 ends here.)
Episode 2
Tiny waterborne rat puppies whose mouth is their entire face unfolding like a piece of paper with teeth covering it as a grid. (I wrote about them already, but here they are again.) They are _tiny_, a bit like tadpoles. Also, like tadpoles, they die if you touch them out of water. As I was flying over some mountain resort (I routinely fly in my dreams, but it feels more like a very low gravity falling I can control, like using a parachute in GTA San Andreas), I dumped them to a location that resembled the garden level of Prince of Persia: Warrior Within for my cat to eat. It didn't want to. -
I always hated in school computing lessons when the teachers pet students would snitch on you for getting around the school network stuff.
Many people in the lesson would always play games instead of doing what they were meant to. So the teacher turned off the internet in the room using the admin control stuff. Then when I found a way around it all so I could watch some educational YouTube videos, the stupid teachers pet would snitch on me. Luckily the teacher knew I wasn’t using it to mess around, always felt good when he said that I could access it because I’m the biggest security threat to the school.
Did you ever have issues with snitches in computing lessons?6 -
I think the thing that sucks about high school (or school in general, really) is that they don't really have many opportunities for the people that like to program or do anything with computers.
The only classes that have to do with computers at all (In my high school) is Intro to Programming (Which is what I'm taking, which has HTML, CSS and JavaScript), some computer science classes and finally the Cyber-patriot team. (Which is for Navy ROTC and it consists of Cyber Security, competitions and actual Linux computers).
The only few of eight classes I find actually interesting is Intro to Programming, NJROTC, and Plant Science. (Because not only the subjects, but the teachers (and Sergeant) actually make it fun, interesting and easy to understand, while the rest don't feel like they're doing a good job.)4 -
Hey I need some advice
if i'm planning on going into IT Security with like ethical hacking and stuff like that and I already am learning Python + have a decent knowledge of CSS & HTML what should I start learning next while I'm bored at internship
(just incase it matter i'm using my school laptop, not the best but hasn't let me down so far and I have the basic admin rights since i'm on my high school's tech team)6 -
I am back with one fresh and hot
my school doesnt allow libre office
the most ACTUAL security they have is windows defender and all the rest is restrictions smh7 -
The NPC has stated that the personal data of atleast 2000 people was leaked after the attacks on the websites of the philippinian goverment on april 1, the data contains; names,adresses,passwords and school data.
Over 7 administrators of schools, universities and other goverment structures have been called out for not reporting on the leakage of personal info on public facebook groups and violaton of the NPC in under 72 hours.
The representatives of the next structures stood before the comission on the 23 and 24 of april
- Taguig City University
- Department of Education offices in Bacoor City and Calamba City
- the Province of Bulacan
- Philippine Carabao Center
- Republic Central Colleges in Angeles City
- Laguna State Polytechnic University
The agency has reported that none of the organisations had notified about the personal info leakage yet.
This is a good reminder that you should inform about security/personal info breaches everyone that might be related to it as soon as possible, even if it seems unecessary. -
In my school it is possinle(after a system update) to use the taskmanager at out windows pcs.
I could send any installed security/content restricion application to hell -
So I have hitman pro alert, malwarebytes, spybot anti Beacon and,shut up windows 10. Yet I feel so vulnerable using my pc, I know Linux is better, but it's a gaming/school rig. I'm also forced to use Google for school. I dunno what to do, maybe I'm just too worried. While just those stupid security nut things I guess. Lol.3
-
Follow up my last rant which people thought it was my fault
The school called, the manager apologized and said the security guards are not trained that way and they were suppose to tell me multiple ways I can prove that I am a student. He promised me that this is not gonna happen anymore.
I did not fuck up, people5 -
Just discovered someone I told about a hack for the computers in school (nothing difficult just booting from a USB) had a link to C2K the company that provides the system and told them about it and now they've patched it up, so in a way, it's my first security vulnerability report, in another way, I can no longer play games and program in free
-
Thinking to start smoking 🚬
Never tried it once in 26 years not even a sip even refused temptations from school friends
Now by starting a job, i have no security, ironically. I feel like i stepped at the leap of a bottomless pit and tomorrow i jump into it and fall... and fall....and fall..... No end.
I have no idea how to use ansible and rexify.org and thats what I'll need to use. I have no idea how to do devops with Azure, and thats what ill do. I only build devops with terraform on Aws.
The unknown of 9-5 is frightening me more than starting a business. Paradoxically, i think it would come as a relief to get fired within the first week from failing to complete literally everything
On top of that my blonde gf disappeared yesterday for 3-4 hours. No texts no phone calls. Called for 2 times no answer. Called 3rd time and got a voice message the phone was shut down. 3-4 hours later she said she was with mom at shopping and didnt have internet
I also caught her texting some random guy on instagram. They both have vanish mode enabled (texts delete themselves as soon as you leave the conversation). Confronted her today. She wont tell me the truth. Likes his pics on ig. Keeps lying. On a question "why do you have vanish mode enabled with him?" her answer is "well i guess married men always use vanish mode"
Im tired
Too much shit unraveling. The opening of 2024 already doesnt look good
Why do good people die in accidents or diseases but i dont and i live? Shits unfair. Why doesnt nature/God fucking kill me? I beg to die. I hope to die. I pray for something to kill me. It would come as such a relief.
This life is meaningless and empty to me. typeof(life) yields a void. I dont value it. Its shit. Whether succeed or fail its meaningless. Nihilism was right
I am literally a walking dead. Physically moving but spiritually dead. Mentally lost. I am the captain of a ship in the middle of the ocean who no longer knows where the ship is going
Why cant i just get cancer or something. Can cigarettes help me get it? Cause I'll start consuming that shit right away to speedrun that process
End it17 -
I've come to my first real fork in my career. I currently work as a web developer for a medical software company. The pay is pretty abysmal but they're flexible and not super demanding. However, my formal education (take this with a grain of salt obviously) is in game development and I've been trying to build my portfolio and what not. I was offered a part-time internship, because I'm still in grad school, I haven't held a part time position since high school. But not only is the position a job I actually want, but the company is pretty great. I'd have to stay part time tell graduation (Next December). But they said they are already interested in transitioning me to full time once I graduate. Another note, I have to get some security clearance for the job, which is another reason they want me to start part time.
So I truly don't like web development and the company I'm at has been very up front that I'm going to stay at this pay rate for a while. But it's possible that they offer me a contract/part time position after I leave (mostly because I'm the one and only web developer and they're already on a hiring freeze). However, if they don't I'd have to scramble to find something else to pay bills for the next year.
Long rant. tl;Dr: should I stay or should I go?6 -
I'm currently learning assembly in school and...I acctually kinda like it. (To my surprise). I was wondering if there were any good resources for learning about security at the assembly/system level?1
-
For the old school gamers out there, today I realized that the method by which the Temporal Security Annex detects temporal disturbances in the game The Journeyman Project is, effectively, unit testing time itself.
-
!rant
Looking for help starting with DevOps.
Does anyone know of a site or forum where you can talk about general coding/scripting patterns rather than just asking specific questions?
Bear with me, this may be a bit longer than most posts here.
I'm a self-taught admin/tech working with one colleague (who's also mostly self taught) at a high school, managing both clients and servers.
We've been doing most things manually bit I'm looking into converting as much work as possible into more of a DevOps setup, with Powershell-scripts for multi step tasks.
I want to do this for a number of reasons. Having a script doing a number of steps would cut down on time spent on individual tasks and minimize the risk that a step is missed or, perhaps even worse, mistyped. Also it's important that I actually learn what I'm doing, why something works and why something fails.
As and example, I have a powershell-script which moves a student from one year to another (basically they have user names with a two-digit prefix based on the year they started and a suffix with two letters from their first names and four from their last names) if they need to repeat a grade.
It basically renames the account in the AD with the correct year-prefix, changes the samAccountName, renames Home and Profile-directories on disk and changes paths on the profile-tab in AD, moves the user into a new OU and security group etc.
It works as intended if the user account to be renamed exists and there's no name conflict with the new name. But I'd like for the script to validate that there's no problem with user names, source and target security groups and OUs etc. and eventually split the script up into smaller clearly defined functions for better readability.
However, I don't want someone to just write the script for me, I'd prefer to be able to discuss script flow and come to my own conclusions and solutions.1 -
I’m currently in school and halfway done my bachelors in SE and I need a PT job.
I used to work as a server and security guard, but I want to do something PT that’s somewhat related to dev. My focus is game programming and most game studios generally take only full timers.
What are some industries in the dev field that can be good to work in on a part time basis? Any tools/languages I should pick up?
Or even better - something that I could do on a PT basis related to dev from home?