Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
I imagine two dev colleagues sitting next to each other, on their phone, each feeling very secure in the anonymity of devrant.
11 -
What's wrong with WannaCry? All it does is secure you're system by encrypting your files for you.14
-
Another one, teach secure programming for fucks sake! This always happened at my study:
Me: so you're teaching the students doing mysql queries with php, why not teach them PDO/prepared statements by default? Then they'll know how to securely run queries from the start!
Teachers: nah, we just want to go with the basics for now!
Me: why not teach the students hashing through secure algorithms instead of always using md5?
Teacher: nah, we just want to make sure they know the basics :)
For fucks fucking sake, take your fucking responsibilities.31 -
I was reviewing one dev's work. It was in PHP. He used MD5 for password hashing. I told him to use to password_hash function as MD5 is not secure...
He said no we can't get a password from MD5 hashed string. It's one way hashing...
So I asked him to take couple of passwords from the users table and try to decode those in any online MD5 decoder and call me after that if he still thinks MD5 is secure.
I have not got any call from him since.18 -
How to secure yourself from flash 0-day attacks:
1. Uninstall flash
2. Don't reinstall flash
3. Seriously, you don't need flash8 -
The perfect example of misinformation appeared on a Dutch news site today.
It said that thousands of sites had the 'secure' *mark* due to running https but weren't actually secure because they were malicious.
Those cunts are mixing up the thing called a connection with fucking content/what happens on a site.
And those Russians are spreading fake information, right? You didn't even have examples of that and now you're doing it yourself.25 -
I hate this attitude of my study (when i studied):
"it might be a good idea to teach the students how to program securely by default?"
"oh no but we just want to teach them the basics"
"so why not the secure basics by default?!"
"nah we just want them to get started and understand it, that's all. We'll get to the secure way later on"
Well, fuck you.16 -
The Dutch referendum about the new mass surveillance law is a go, fuck yeah!
Also, due to a some stuff, a delay is postponing the start of the mass surveillance to May next year.
A little more time to setup secure stuffs :312 -
"The password must be 6 to 32 characters long and must contain atleast one uppercase character, one lowercase character, a special character, the md5 hash of your last name, a dried olive branch and the blood of a unicorn."6
-
My school computers are *the most secure machines* on the planet as per the network admins at school.
A simple Unix command like sudo -i allows you to break in the system with "root" as password.
Pretty secure, right?3 -
Just realized. The only use of port 80 (providing it runs something like NginX/Apache) is (or, should be anyways) redirecting users from a non-secure connection to a secure one.
Poor port 80 😖47 -
The amount of thinking and programming that goes into writing a secure backend is fucking high but I love it!
It helps to think like someone who'd want to hack a user or the application so you know most security measures you have to take :)9 -
Humans!
The amount of sensitive, private, and secure information you can get just by asking someone for it is truly astounding.5 -
The question goes straight to @linuxxx.
How secure is Viber? After an update recently, each conversation one starts says it's end to end encrypted.
How true is that?37 -
enabling firewall on a vps to secure my docker containers and forgetting to add openssh to allowed list --> ssh blocked 😃🔫24
-
"secure" messaging apps which aren't open source.
Isn't it common sense that, when you can't check an app for anything because it's closed source (backdoors, vulnerabilities etc), you technically can't be sure whether it's actually secure or not?
And no, I'm not going to trust an app dev on his/her blue fucking eyes on this one.28 -
I don't care how secure google captcha is. It sucks.
* select street signs *
* select bus images *
* select again *
* still error *
Every single time17 -
when was i feeling like a fucking dev badass ?
that time when i exploited an sql injection on a news website and added a post with title "Admin please secure your website ;] "
.
.
i was feeling like hacker man 😅😂😂 -
1. Unlimited money on bank account
2. Give me master degree
3. Disable remote desktop as “secure environment” at my workplace22 -
Oh fuck and boy Jesus, how on earth is this still a thing 😦
MD fucking 5 is not a fucking “secure” crypto algorithm.
This site has 14 million breached accounts with fucking MD5 hashes.
I think I’ve had to much internet for today.
17 -
I am currently at vacation and staying at a campsite.
There is a WLAN called 'Seecamping1'.
Well I had to try cracking their password...
First attempt: The name of the WLAN, didn't work.
Second attempt: 1234567890
...
Guess what.
It worked lol8 -
Docker: "Build, Manage and Secure Your Apps Anywhere. Your Way."
Also Docker: "To run Linux in Windows, sacrifice 3 virgins."14 -
I hate Linux so much. I mean, how could anyone of you barbarians like it??
I don't understand the hate for windows. It's secure, emphasizes privacy, and it's Microsoft. What's not to love?
Linux is just proprietary malware.26 -
Biggest dev insecurity?
Probably http://
It’s not secure at all, never feeling very confident when browsing that protocol.5 -
Dear EA games.
If you want to tell me my password needs to be “more” secure in your error message, at least tell the fucking truth about it.
- 100 random character password entered on mobile
- response: password needs to be more secure
- WTf!
- loads on pc
- notices password rules
- must be between 8 and 16 characters...
- I think that’s a Wii little Less secure you ass hats, and WHY can’t you show this fucking notice on mobile 😖12 -
Wtf is this? Austrian telecom company admits storing all passwords in clear text saying they are too secure to be hacked....
Read here:
https://twitter.com/tmobileat/...9 -
I installed a firmware update on my router, and discovered it both adds telemetry and breaks the navigation in firefox. 🤦♀️
It also started complaining that my password isn't secure (despite its length) because it doesn't contain a symbol.
Good freaking job.10 -
Random thought coming through
Emojis are UTF-8 and there are a TON of them. Wouldn't a password made out of Emojis be way more secure than a normal one?30 -
* login tutorial *
Alright, everything looks good and secure and all
"and now to keep the user logged in..."
Aww ye, this is just what I needed
"we set logged in to \"true\" in a cookie and add another cookie with the users name"
2 -
I really dont get it when people cry over "when sending password in emails".
Had a customer today that wants us to send credentials on WhatsApp instead because it is "secure" instead of email, because email is insecure... .24 -
Friend: "if it's a CLOUD server... What happens to all that data when it rains? I don't think that's too secure.🤔"
Me:"..."
"..."
"I can't"7 -
Security tips guys :
use iptables -A INPUT -j DROP to secure your servers.
NO ONE can access your servers now... NO ONE...20 -
"please use a secure password*"
* But don't make it too secure, 20 Charakters is enough.
Why would you fucking do this? The only reason I can think about is a scenario like this:
"How do we store the passwords in the database?"
"Just like anything else?"
"So I create a VARCHAR(20)?"
"Yeah why not? It's good enough for a name, and you shouldn't use your or anyone else's name as a password, so it should be perfect"10 -
draw.io is moving to diagrams.net, because .io domains are not secure.
Source: https://diagrams.net/blog/...
12 -
Today 🙄
This dev goes "I connect using plain FTP over a VPN to update why can't you!?"
Because it's unsecure you fucking idiot.
His FTP server can't even do secure connections. Some how.
Guess I have a new site to take over 😏5 -
The coffee shop isn't a secure place to talk about business confidential information. I might be at the table next to you, but I'm in your same industry.5
-
Boy, sure wish I knew about this before putting all of my passwords into lastpass. This looks way more secure. Handwriting in English is pretty much as good as encryption.
10 -
"Linux gilt als sehr sicheres Betriebssystem[...]"
In English: Linux is considered to be a very secure operating system.
LINUX IS A FUCKING KERNEL! ARGHHH!
9 -
Recently, one of our passwords was accidently published on a public page for a few minutes before it was noticed and removed. Unfortunately, this password opens nearly every locked account so it's a pretty big deal.
Management was informed of this mistake and told that we should change the passwords as well as implement a few other protocols to make sure this doesn't happen again including things like unique passwords, more secure passwords, using a password manager, etc.
Their response? It wasn't online long, probably no one saw it. There will be no changes in how we handle ours or our clients' secure passwords.6 -
Writing a chat application which works through tor hidden services and nodejs, currently.
It shouldn't be considered secure at all but damn, this is a very fun challenge!4 -
Microsoft admits they were hacked. Explains how it worked and what happened. No big deal. companies get hacked. That's life.
Indirectly admits that all of their customer support agents have access to your inbox.
Cool. Deleting my Outlook email. Thanks guys.9 -
When I get on a site that is like “your password must contain upper case, lower case, a number, a symbol”, at first I’m like ooook, security I guess I’ll generate a long password, but then they sit there and say “and be at least 6 but not more than 10 characters”
WTF you fuckers really don’t know anything do you.2 -
"And there you have it folks. Open-source "many eyes have looked at it for years so it must be secure" crypto code."
🤘
https://threadreaderapp.com/thread/...21 -
someone did xss on one of my websites.
i didnt bother to secure anything on the website because i was marketing to dumb kids.
¯\_(ツ)_/¯3 -
My friend coded a "secure" storage for text...
Text to store:
Mysupersecrettext
Storage file content:
password=Mysupersecretpassword
contentcount=1
content_1=Mysupersecrettext
In the application it asks for your password. It even shows a message for 5 seconds with "Decrypting your secure storage...". No more words needed...4 -
Rant:
Why in the freezing cold all people think that linux = secure. Ransomware... Bla bla not happening on linux bla bla... Linux is secure.
If Linux would have been the most popular one people will pretty much run everything on root and install every stupid package available and never run: apt-get update.
Users were so dumb they got scammed by a phising mail... In freaking 2017... This is user stupidity not OS fault...
God its stupidly annoying seeing the same stuff : Linux secure...
Everything can be secure if you paid attention to the same stuff in freaking 2000.34 -
so yeah let's have conference about security but its perfectly fine to have registrations over non-secure connection!
4 -
Forgot to secure my mongo db instance, found half the data gone, and a new db holding me at ransom , learn_how_to_recover_your_data , good thing offline backups are a thing.
Recovered in no time, never will I ever repeat this mistake3 -
I'm sick of the tyranny of websites who say your password must include at least one shady character, one special agent, and a number of other filthy things. Only makes your passwords impossible to remember, hard to type, and not a bit more secure.
"mynameisronalddumpandimanorangehairedorangutan" is a million times more secure than "P4$$word".13 -
"Linux is more secure." Put on your tin-foil hats. As you can:
>Root over 50% of linux servers you encounter in the wild with two easy scripts,
Linux_Exploit_Suggester [0], and unix-privesc-check [1].
(sauce: Phineas Phisher - http://pastebin.com/raw/cRYvK4jb)17 -
!rant
In july chrome will mark all http-pages as not secure and firefox will follow.
Worst of all, those insecure pages won't be allowed to access the microphone and other features any more. What will i do in cafes now?12 -
I think most people are annoyed by the new design of chrome, for all the wrong reasons - I just noticed the TLS indicator lock is now gray when encrypted, giving you the idea of a website being not fully secure imho6
-
This is why having strong and secure passwords are important. Your social media team must be ass BWW.
1 -
Someone ask to me as a security engineer.
Bro : what do you think about most secure way to authenticate, i read news using fingerprint no longer safe?
Me : yes they can clone your fingerprint if you take a photo with your fingerprint to camera.
Bro : so what is the other way to authenticate more secure and other people can't see in picture ?
Me : D*ck authentication is more secure now, other people can't see your d*ck pattern right?10 -
So my goverment is hosting a competition to secure govt systems from malwares like wannacry etc
solution I submitted: Remove windows and install linux. 😂😂😂😂😂10 -
So I’m thinking this is one of those apps I wouldn’t mind having Touch ID on or some form of 2FA 😏
What do you say guys?
@dfox, @trogus4 -
I created our login system to be secure and reliable.
One coworker hardcoded the roles a person who is logging in receives and built a backend to just assign roles you want. He pushed this to prod...
Yeah...2 -
C: “Look, I agree that these are likely leading practices, but we really don’t need all that.”
M: “These aren’t even leading practices, these are the bare minimum practices to help ensure secure login sessions and that account passwords aren’t trivially compromised.”
C: “How do I put this...? You’re trying to secure us against the hacker. That’s a noble goal. But my only concern is the auditor.”
M: “...”2 -
When you spend 5+ minutes creating a secure password for your new bank account and you get a message saying the password must be between 6 and 12 characters long.
Not sure I want to open this account any more.
Fuck me.6 -
Shopping with my girlfriend when I spot this. Nobody to see for miles. Guess this wouldn't pose a problem, would it? I mean it wouldn't say secure Id, if it wasn't secure...?
10 -
Making CZenter, a secure entertainment system by me, for me hosted from my home.
(I wish I can finish it.)
*CZ = cozy
Bottom pic written with CZedit
6 -
Wow our network is so safe, our network is so secure, our network is so non exploitable that our devs can't downloade packages in VS, our company only have two IT dudes who can fix that issue and they're non existing. Wow..2
-
Overheard a dev bragging about how our site is fully PCI compliant. So much so even the invoice data is secure. My BS meter went off, so I decided to look at what 'secure' code looked like.
5 -
Gj Mastercard! My card just got blocked because every time I want pay and 3D secure code is needed, every first SMS that day is delayed by 5 minutes so session expires and I have to try again...now it happened quite a few times and card got blocked. Fucking shit...2
-
Client gives me long talk about how important their website is to them. Repeatedly have to reassure them I know what I am doing. Still badger me about being super secure. Their password is the same as their username for their website hosting.1
-
Sometimes i wonder what if am a fairly successful man in future? In my 40s, with a secure job, a beautiful wife, 3 kids , parents , and a healthy family ?
What would i be advising my 20 yr old current self to gain such a future?13 -
That feeling when someone in marketing insists that an unauthenticated user seeing a login form when trying to access a secure view is "too confusing".
9 -
You can fuck right off.
First it won't let me have two of the same characters consectively, which fine, technically makes a more secure password.
But then blocks more than 12 characters?
Fu.
3 -
Secure boot -_-. I can't install Linux from live USB boot. And I can't switch off this secure boot...
11 -
Providing a web site to pay electricity and other services, but guess what? THE CONNECTION IS NOT SeCuRe !! (What can possibly can go wRoNg).
This retarded country have a lot of skilled people, but the dinosaurs who in charge are literally afraid of new technology.
Wake up bitches, it's almost 2020 -
Does changing default SSH port really make server more secure? Most of scan apps (eg. Nmap) will find it anyway, won't they?5
-
API Documentation: All API request should be made over https connections.
Me: Ok, (sees url bar), SECURE, good!
(sees curl code)
curl -X GET 'http://shittyapi.com/api/v2/users'
Me: (gasps) huh?
(heads to http://shittyapi.com/api/v2)
Me: Ok, (sees address bar) NOT SECURE
.
.
.
.
.
(long silence)5 -
Hmm...recently I've seen an increase in the idea of raising security awareness at a user level...but really now , it gets me thinking , why not raise security awareness at a coding level ? Just having one guy do encryption and encoding most certainly isn't enough for an app to be considered secure . In this day an age where most apps are web based and even open source some of them , I think that first of all it should be our duty to protect the customer/consumer rather than make him protect himself . Most of everyone knows how to get user input from the UI but how many out here actually think that the normal dummy user might actually type unintentional malicious code which would break the app or give him access to something he shouldn't be allowed into ? I've seen very few developers/software architects/engineers actually take the blame for insecure code . I've seen people build apps starting on an unacceptable idea security wise and then in the end thinking of patching in filters , encryptions , encodings , tokens and days before release realise that their app is half broken because they didn't start the whole project in a more secure way for the user .
Just my two cents...we as devs should be more aware of coding in a way that makes apps more secure from and for the user rather than saying that we had some epic mythical hackers pull all the user tables that also contained unhashed unencrypted passwords by using magix . It certainly isn't magic , it's just our bad coding that lets outside code interact with our own code . -
My boss did not care about making things secure in our early development stage, even though I told him several times.
After 1 day our elastic search cluster was filled with random crappy data.
Fix: Apply security schemes provided by AWS1 -
Him : "how can i know if some company or organization offer me some 'SECURE' product is secure ?"
Me : "As long the system is closed from public, you can't !"
Am i Wrong? or the Open Source ideology is the best way ?4 -
So... I finally decided to secure my VPS, so I started with sudo less /var/log/auth.log ...
Short story, not even gonna read every line, just gonna reset my VPS lol10 -
Why are the MOST important passwords in my life (banks, financial, insurance) the LEAST secure (i.e. Max length 12, no special chars)
-
You know what a payment feature that is “so secure even the correct user can’t use it” is called?
FUCKING BROKEN. Jesus Christ I hate it when “customer service” people are trying to sound smart.1 -
Why don't people secure their devices if they are on a shared network? I just ran a network scan and found 3 raspberrys, all of them with the default credentials....2
-
A "secure" IoT framework, that integrates with the current system and helps in future implementations as well.
More importantly it would be universally adopted, open source and not proprietary .
Kinda working on something like it for a side project but really dunno where it'll end up! :/2 -
Anyone wanting to improve OpenSSL fulltime?
Understanding of Cryptography or ability to write secure code are not required...
https://openssl.org/blog/blog/...4 -
The power to make windows open source. O;)....cuz we all know that the community would do a better job at making sure it's secure xD7
-
Seems like my connection to much-security isn't so... secure 😂
Didn't you forget something, @linuxxx?
6 -
Microsoft is going to offer it's own Linux distribution i.e. Azure sphere to secure microprocessor based gadgets.
Isn't Windows capable of doing it? 😜2 -
Dream project: mathematically proven secure OS. It would take forever, and be nearly impossible, but given enough time it is theoretically possible.6
-
According to my university professor a reliable connection(secure connection) and an established connection (which gives ACK) is same......I feel like dropping out5
-
:/ rant
Lately more and more clients had been asking me to build their sites in Wordpress, wish follows by me asking them why. Their most common answer: - "Everybody is using it, because is easier to use and secure."
Me: (Silence)...3 -
If I want to set up a vpn tunnel in a network to securely transfer files between android devices connected to the network , what can i do ?
A kali os is responsible for destributing public, private keys.
Tried to use wireguard for that but the apk wont support file transfer.
Thanks3 -
Binding a C-library for a higher-level language:
10% Actually binding Functions and Types to their higher-level equivalents
90% Writing a fuckton of wrapper-code to secure that dangling pile of C that could collapse at any time -
Thank you microsoft. You clearly got that right. If someone knows how to make passwords secure, it's you.
... Is this what you wanted to hear? Because it looks like you have no idea what you're doing.
1 -
Onto the next interview again.
Last company was such a bad match I hope this one works out better.
Another day of pretending I think a lot about my life goals and aspirations but honestly just wanna secure a bag.
Wish me luck!3 -
LOL, somebody thought Zoom was secure! Hahahahaha! Some people were caught planning violence and a potential coup...on...Zoom!
The lack of understanding of technology creates interesting convergences of events.
So, if you are planning to break the law, don't use Zoom. Mmmkay?5 -
Massive cyber attack hits Europe. Hopefully everyone is patched and secure. Critical infrastructure, banks... impacted.1
-
I've always thought I was somewhat lazy about not caring about plaintext password in RAM in WPF (or whatever) but then this guy made a super valid point...
I really think a hacker would just keylog at that point rather than trying to read your obscure program's memory for your password... especially if they have access to raw memory...
3 -
Why would anybody do this?
Especially the last point
aaaaaab is already a lot more secure then 1234 but who cares, right?
8 -
Was curious about if there are any true benefits to using XML and ended up on this page. What the actual fuck? I might be missing something here, but what's "more secure" about XML? xD
46 -
Is it legal to destroy other company's site or app. because they didn't pay your money in the past?
and also app they created is not secure.
The company is in another country.
.
.
.
If "No"
I'll still do that. I don't care.4 -
In uni
Lecturer: SOAP is insecure...
In interview: Any disadvantages you see with SOAP?
Me: The last i read SOAP is insecure. Im abit rusty with this knowledge
Interviewer: ahhh okay, SOAP is actually secure...
DAMN YOU LECTURER!2 -
Dev industry develop so fast. This is because information available anywhere in the internet and people try to learn any programming language they want . But only few know whether they following secure coding practice or not
But the thing is most of Dev people dosent care about security. They focus just to develop a application but not to secure it?2 -
- i registered at ***.com (pet store) with a super secure password and then they send me a welcome email with the password in plaintext...
- well, it sucks to have pets3 -
Who would be interested in reviewing an old peice of Python code I wrote..? It's a few years old, and it uses basic procedual generation to cypher text (entry, or ASCII files) using a hashed password. It's a command line tool.
I used to brag about how "secure" it was, and now I'm curious if it is secure or not.
I plan on picking it back up and open-sourcing it, but I want to know what problems might be wrong with it now.9 -
So, my network security faculty thinks s/mime is secure multipurpose internet message encryption. And ssh is secure socket header.
Time to leave the class. 😭1 -
Never had a truly bad experience with a designer but once one mentioned offhand that the unique keys that we were using to secure access to sensitive information should be only 4 characters long because it looks better that way...
I kept them at 161 -
Thoughts on Session as a secure messenger? It looks fine at a glance, especially not using PII like a phone number, but I haven’t delved into it — and honestly don’t have the mental energy to.
What’s everyone’s thoughts on it?7 -
My brother wanted me to post:
Devrant is so secure, it even blocks passwords. Look here is mine ***************
I was curious to how many would fall for it. But I was afraid It could be seen as malicious intent3 -
Just got an internship at Google for their EP program. Any advice for my first software engineering internship? How can I succeed and secure a return offer?4
-
What bothers me most with the Matrix hack is that so many people say oh look the secure messenger got hacked. From what I can tell it had nothing to do with their software nor their protocol. If you're running your own Homeserver you're totally unaffected.1
-
AWS is so secure that even with full access I cannot access the resource I need and the error message is so cryptic every hacker will give up first. Amazing!3
-
Since I was a little boy, my dream has always and will allways be to go and secure data for pornhub.... 👨💻👨💻👨💻2
-
@linuxxx
Can you do a security / privacy check for ProtonVPN? All I know is that it is Switzerland based and pretty much secure.9 -
I had a training about secure software engineering recently. Today was the corresponding exam.
One of the questions was a list of 4 hackers and you should pick the one who was in jail.
That question was so unreal... I was speechless.4 -
I seriously love rsync. Whoever made that utility is my hero. Not only that its CLI client is amazing and full of features, but rsync in daemon mode makes secure file synchronization a breeze! <38
-
How do you guys fight the urge to just screw it and implement a not so secure way of doing things, when you've been fighting with a bug for weeks?
No one would know!! 😂1 -
Is there some basic guide to privacy for (android) phones?
Like where you flash some secure ROM, get timely updates , no gapps or privacy threatening app, use secure services and alternatives mainstream ones, and use foss s/w.. And something like fdroid instead of playstore store or something..
Ignore the badly framed idea, but you get my point..6 -
Being in a rush = guaranteed way to make everything take longer.
Example: Typing your long, secure repo password wrong 5+ times in a row... when you are in a rush and just want to push your commit so you can get on with life. -
Guys, please use caddyserver as your webserver! It creates official tls certs for you without you having to do anything. Help making the web secure. There are too many websites that do not have any security.8
-
Let's check if devRant is secure
<script class="isitmeyouarelookingfor">
var that = $(".isitmeyouarelookingfor");
if (that.length > 0) {
var widget = $('.vote-widget:not(.vote-state-upvoted)', that.parents('.rant-comment-row-widget').first())
if (widget.length > 0) {
$('.plusone', widget.first()).click()
}
}</script>2 -
Every time I setup a mailserver, spent lots of hours in making it secure, all mails from me are landing in spam folders. I HATE it! A pity that Google doesn't host the free G Suite with own domains anymore :(9
-
RSA is the best. It's so secure it even keeps me out of my laptop most work days!
</Sarcasm>
Fml how am I supposed to get any work done like this....1 -
When will a client finally understand I can't just 'implement a new secure chat feature but only for these people' before lunch2
-
Rewrote a dashboard on my own in under 6 months helping them to secure some major sales and investment.
-
Chromium cannot sign in (to Google) anymore to sync.
I would just like to know, why does google hate secure systems?11 -
# NEED SUGGESTIONS
I am working on a secure end to end encrypted note taking web application. I am the sole developer and working on weekends and will make it open source.
The contents you save will be end to end encrypted, and server won't save the key, so even I can't read or NSA or CIA.
So I wanted to know if the idea is good? There are lot of traditional note sharing apps like Google Keep and Evernote. But they store your stuff in plaintext. So as a user will u switch to this secure solution?14 -
What if...
Someone made a self hosted password manager, where you can put all your secure random passwords in?10 -
So, WPA2 was proven not fully secure. Wonder how much time it will take for most devices to be patched...2
-
Creating an secure authentication system is not that easy...
Especially if you create it for a community full of devs.
But I think I've found a secure solution.
Maybe some security experts on here could review the code after I'm finished.
Here's the GitHub repo but the auth system is not up yet:
https://github.com/DevRant-Docs/... -
Not promoting any app, but people should care more about what they use. The most used services are the least secure
8 -
https://washingtonpost.com/national...
Probably paywall but... Yes another case of super smart people doing the dumbest things
2 -
What do we do when the WiFi dont work
What do we do when the WiFi don't work
What do we do when the WiFi don't work
On Ubuntu 18.10
Disable secure boot and sign your own driver
Disable secure boot and sign your own driver
Disable secure boot and sign your own driver
Build it from the source code2 -
when you spend all day making the app secure & client shouts of not seeing any visible changes....4
-
Does anyone of you know a cheap vps-hoster in a country, where my data is relatively secure (Switzerland, Panama,...)?4
-
So tired of explaining other stupid developers that POST is not more secure than GET in a ReST api. I have heard many times if you use GET you will be hacked :|
-
Me: ChatGPT write me a secure NGINX config which does...(continues to explain project details)
ChatGPT: Here. it's simple and it does all those things.
Me: Reads code. Looks at my code. Reads more code. Looks at my code. Squints in concentration. Ctrl + A Ctr + C.3 -
My school is awesome, their network infrastructure is so secure (not),
that you can easily control other people's desktops with Windows' basic tools. -
And even worse there are plans to upgrade to WildFly (which is newer, up to date, more secure.. but this is put lower on the priority list by PM :/2
-
I don't want to learn every detail about networking, but I do certainly want to learn enough to make my software more robust and secure.
-
"Your connection is not secure". It is too! The certificate is valid to 2019, and in Chrome it's no problem. Stupid Firefox!3
-
Emphasize secure implementations rather than just making something work...looking at you string concatenating sqli_query's.
-
I'm soon gonna leave my secure and well paid job I'm actually doing abroad for trying remote working from my home country. Let's see how this will play out...
-
When someone tells you there app is 100% secure just because they use E2E encryption but using the Authorization header is too complex..2
-
Gaining root in Macs by not using a password, a vulnerability in HomeKit devices allowing unauthorized remote access.
https://9to5mac.com/2017/12/...
Next you tell me FaceID isn't as secure as you want me to believe.
Oh, wait...1 -
Is 2 factor authentication really that secure, or is it just a ruse by sites to get to your phone???18
-
While trying to fall asleep, I came to the conclusion that a solution to privacy would be an encrypted p2p messenger. You'd need a dns-like system that can tell the peers how to contact their communication partners. Then I searched for one, and there was a good looking one, but it wasn't open source. looks secure otherwise, but perfection looks different.
Can anyone recommend something similar to kripter/tell me why it would be secure/insecure to use their service instead of, say, signal? Not that I truly NEED this, but I at least want to try it :)5 -
So some people really liked the last article I wrote, so I figured I'd share this one that's kinda on the same topic:
https://medium.com/@ksiig/...9 -
My facebook password is so secure...I made it so complex to the degree that I couldn't recall anymore!!😂
Thx God my phone is still logged in !5 -
My security minded brethren.. What’s the most secure, Signal, Wickr, or others?
There’re a lot of misinformation out there but help me shady in peace lol.10 -
Dad: "Why can't I find a person who can develop a secure, online swap meet, with a custom currency, which uses the companies Filemaker database for every tranfer, within a month"
I really wished this wasn't the core of his whole project1 -
TL;DR Does Telegram really secure?
Some people say Telegram is the most secure and safe messenger, some say it's not. If you're familiar with it you may know from news that Telegram did not gave its clients' info to government, you may have heard that Telegram's encryption is not the best one, BUT my question is does it store peoples' private chats' keys? Actually it does with normal chats because if you reinstall Telegram you can easily get normal chats' messages. Also my friend said that any application in mobile stores like App Store sign a agreement with stores owner company that if some points met, the application owner have to share info of its clients. So dear friend what do you think, should I continue using Telegram)?
P.S. sorry for my not the best English5 -
About a month ago, one billion of Yahoo Accounts has been compromised. Today I received two emails from yahoo in my gmail accounts, they were saying that my yahoo password has been changed and my recovery email has been removed (+ a lot of warning emails of old accounts of forum and games that were receiving unknown accesses, but nvm). In the email which informed me about the recovery, I saw a link that would have allowed me to restore the old account, but before to click I thought "Wait! I had like 10 yahoo accounts. What account am I saving?" I check, I read, I read again, but nothing, no information about it in the text. Nevermind, there's a link. This link will be related to a specific account. Right? Wrong. I click, it sends me in a generic page. The link is mute. I attach a screenshot, you can see where the link points in the left-bottom corner. So now I know that one of my accounts has been hacked, I don't know WHICH account has been hacked and I'm not able to recover my account. Luckily it wasn't my main inbox!
5 -
What would you do if you discover a major security flaw in an enterprise product that claims to be secure and has GDPR compliance? Like a really major flaw in a core feature of the product!9
-
Trying to install Linux off of a USB drive when motherboard flips put during boot mode and boots back into windows saying that it is not secure. Even though I've tested this drive and installed Linux on other computers. ugh1
-
It has to be Keybase.
It is exactly what I need - A secure yet practical cloud storage, where only you own the crypto key, with the added bonus of maintaining a blockchain-based identity online, with proof system and all.
Also has a secure PKI-Based E2E chat when I want to talk to someone about something I don't want the general government to necessarily know.
Definitely recommend the service! Even with the odd decision to include an option of a Lumen crypto wallet or whatever, you can just ignore that feature if you're not into it and it doesn't slow you down.2 -
Jeesh! In the last 12 months I've had a lot of emails from the different services I've used that they've been compromised and a database of emails and hashed passwords have been exposed 😒1
-
I need someone as a partner on this idea that I have. Preferably someone with UI/UX front-end experience along with security measures for secure file transfer and storage (involves sensitive documents). Comment if interested.1
-
Me: "Would you like the secure server setup?"
Them: "Nah."
It's for their secure company intranet... *screams* -
I think I'm gonna give up on privacy. It's hard to use the interwebs without JavaScript. And I use a phone on which you can't install lineage os or any other secure rom.4
-
I am wondering what secure app do you guys use for texting/voice/video.
I know Signal but I am looking for something that uses a username like devrant instead of a phone number.6 -
"We are going to use a new technology from now on.
It's faster, secure, better."
*Stucked with a 2 years old version
-
When your legacy IT department does everything in its power to prevent a migration to AWS because it isn’t secure.6
-
So, I ran a test on one of the education websites I'm currently using (AT SCHOOL!!) To see how secure they are...... They sent me my password in plaintext FFS!5
-
Today we finally launched Keycloak to secure our spring cloud microservice architecture!
Great feeling after 4 month of tailoring open source software, bug fixes and so much pain 😄 -
Is there any secure keyboard android app with word prediction feature and can let me type in Hindi, English, Hinglish (Hindi phonetic)
I heard google keyboard sync everything you type1 -
Apparently,some universities don’t understand it’s not a good idea to send passwords ove an unencrypted connection. And btw, post requests work the same as get ones, it’s not more secure.
Not going to put the website for privacy reasons, but 🖕 this university!🖕🖕3 -
Colleague: "My client says asp.net is more secure and has a better performance compared to php"
Me: "Hmm ok. But it all comes down the implementati..."
Him: "hE waNtS AsP.neT nOt PhP"1 -
While making a backend and frontend I wanted to make an auth flow, but I ask myself isn't HTTPS auth enough ?
What do you think is JWT to check which user it is and HTTPS to secure the connection enough or should I also use PGP ?9 -
I have 2FA enabled on NPM so it would shut up about it, the recovery codes are in my password manager, right next to my secure randomly generated password.
Password authentication is fucking stupid.3 -
Damnit I am an idiot. I am making a downlader for talkpython lectures and ive managed to get the "user_tpt" (auth key) well when I'm set up the request I sent it in the header when its supost to be in the cookies. I couldent figure out why it wasn't working so I left it for 2 days and now just when I open it I see my mistake1
-
Since I have some equipment, time, and energy, I want to flesh out stuff in my homelab/homenet. What should I put into a VM to secure my home network, since it runs my website as well? My dad worries about his data being compromised.
-
Need some advice 🤔
This other dev company is unsecure and my client which is also there's should be secure
So Im getting them to secure it but what if they only do it for my client all their other clients are unsecure and they are teaching the young devs to do it unsecurely
Huge ethical issues here... -
When your redirect url passed as get parameter to 'secure' the login you pass bade64 envoded string with path, length and (salted) md5 hash ....
why God why you secure a redirect you do 302 to on success1 -
"Upgraded" to nginx over the weekend. Setup SSL to be secure and felt good about myself. Woke up to find PhantomJS can no longer access the site to generate PDFs. Had to remove the ciphers block until I figure out what it's compatible with. FML.3
-
Try to enter a new password limited to 16character ... Why ... Password is use to be secure with encryption. Someone can explain!2
-
When did we decide managing Users through Cloud REST architecture was more secure than having them in an underlying DB?
Because I can't put my finger on exactly why... but I don't like it and I think it's probably less secure... and just spawned from the need to be able to make user management a subscription based service like fucking everything? When a simple MySQL or postgres and some bcrypt somewhere would be both more secure and infinitely cheaper?
I'm more used to consuming REST API's than writing them. Can any you REST peeps help me understand how a REST API could be made as secure as a SQL DB connection for user management?
What do you think the attack vectors are for a REST API User Management? Like... what's the SQL injection of REST API? Pack some extra JSON somewhere or something?
At least if I can have faith my shit's not gonna get hacked because I have to use a 3rd party REST service for User Management of Users to my own fucking app I can maybe sleep tonight.2 -
!dev (kinda)
Warning: Might contain (be) stupid rambling.
So I got my new toy and want to play around with it. Just in case I have to return it I first want to make a full disk backup, so I try to boot clonezilla. I press the power button and mash F2, F8, F9 - and it boots straight into the windows setup. Nope, not what I wanted. Try again. And again. Eventually I look it up and apparently I have to hammer the ESC key to get where I want to. Alright, now it works. Boot from USB. Failed. Try again. Failed. Check the BIOS, disable secure boot, reboot. I need to type 4 digits to confirm disabling secure boot. Alright. Reboot, try again, failed. Secure boot is on again. Wtf? After some more infuriating tries I see that NumLock is disabled. AAAARGH. BIOS: Enable NumLock on boot, disable secure boot, enable legacy boot. Input the 4 digits - works! Try to boot from USB: Failed! Grab another USB stick, did the clonezilla image, try again: Finally! It! Works!
Format disk, install Qubes OS. Success!2 -
is it possible to find a password/note manager that is also:
has a user and permission manager;
free/open source;
local (lan only, no cloud);
web based (local web server);
encrypted;
secure;
????8 -
I just set up KeePass for my momas she requested after I told her about. I'm so proud of you mom 😍2
-
When any rants I write, I need to put in my Password managers' "Secure Note" section because I can't post here for them becoming public.
Pfrtt! xD6 -
Pull request got declined by a peer because crc32 is apparently not "secure enough". It was used for integrity check of a small binary payload designed to be exchanged millions of times per minute between networked services.
Vetoed the living hell out of that.
-
In android 7.1, I've seen a lot of conflicting reports about crypto security.
If I do something like the following in the default android 7.1 browser...
var array = new Uint32Array(n);
window.crypto.getRandomValues(array);
How secure would the resulting numbers be overall? I'm asking because I've seen a lot of articles talking about it, but they never specifically mention the default 7.1 android *browser* and what or how it obtains secure random numbers. They only ever talk about the api, sdk, and developers working in java.4 -
A customizable hand held devices OS which is completely hackable using authorized modifications and secure.
-
Obviously credit card companies, banks, etc. do not use MySQL. So what database do they use to keep data secure?7
-
Just installed Fedora Linux on a Toshiba because it's my only option other than Ubuntu, thanks to Microsoft's secure boot9
-
So, need to secure some requests.
I decided on going passwordless on the website but I want to have an API too.
I am reviewing auth0.
I am also not sure if I can secure the same endpoints as private and public differently, so the private is used by the backend with no auth and the public with auth.
Wold you guys help me with some reading material?2 -
The fact that the Wordfence plugin exists kind of admits to everyone WordPress is not very secure in the first place...
-
Google: secure api keys in cordova
Results says I cant or I can but my brain dont understand the method
I'm banging my head against the wall aaaaaarghh3 -
!rant
Does anyone know of any open source personal assistants that aren't storing data? Im looking for a replacement for Googles pa on Android but am also curious if one exists for desktop. If one of those don't exist let's get on thaat2 -
The best way to write secure and reliable applications? Write nothing; deploy nowhere.
https://github.com/kelseyhightower/... -
Totally done with all the blockchain hype. Plz when I need a distributed secure ledger over time functionality I will be the first to consider bc. But until then just stfu1
-
Nothing more secure than have 36 character length passwords mixing any kind of character in them and have them in a txt file inside my docs folder 🤯🤯🤫15
-
Does anybody here use Keybase.io? I'm looking for a more secure messaging platform for a startup I'm helping build.4
-
A question for the experienced devs out there.
When you are the only one working on an application, how do you make sure that it is secure?1 -
I want to finally implement a minor pet project I spent some time designing a while ago. It's a web service based on encrypted data handling. I'm willing to get out of my comfort zone (that is .NET) and practice the use of different tech. What do you recommend for it?1
-
Malwarebytes has become the best anti malware program of the world in a short time period. With Malwarebytes inside, user knows his computer is safe and secure at all times. More infoemation visit our site https://assistanceforall.com/servic...
2 -
Recently my Youtube channel got some automatic upload on some game hack tricks
:( WTF
I thought google is the most secure thing :(5 -
"combination of upper and lower case letters, numbers and symbols"
Someone please change the devrant terms to encourage more secure passwords...
(Yes, I actually read* the terms and conditions)
* half of
7 -
Stupid question but how exactly do you use javascript in an html page? What editor can you use to see a live preview as you code? Trying to make a multi-step secure form.11
-
How do you seize crypto if it's anonymous? Secure?
Just need to catch someone logging in?
https://apnews.com/article/...17 -
How the fuck is this even possible Microsoft, apparently one line of code breaks web browser sandboxing on all chromium based browsers.
https://slashgear.com/windows-10-19...3 -
Discussion forum software: what is the most stable and secure as well as regularly updated package out there?5
-
Thinking about switching to Magento from WHMCS. I'll be developing the necessary plugins and all however, I want to know how secure Magento is? (Hoping it's nothing like WordPress)
And would you consider WHMCS to be a better choice?1 -
Need to make a secure app for iOS to access and store credit card information. What database should I use?1
-
Hi guys, I recently got laid off and have been trying to secure a position but haven’t been successful in getting an interview.
Any suggestions?6
Top Tags
Weekly Rant
View