Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
!Story
The day I became the 400 pound Chinese hacker 4chan.
I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.
They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...
And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.
So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.
I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.
After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.
I then minify the whole thing and stash it in the minified jquery file.
So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.
Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.
So we GIVE the penetration team login credentials... they log in and start trying to crack it.
I sit and wait. Grinning as fuck.
Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.
We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.
"We think you may have been compromised by a Chinese hacker!"
I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.
My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.
If only it was more common to use video in these calls because I WISH I could have seen their faces.
Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.
Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.
9 -
OK.
1. So i tindered.
2. I got a really nice girl.
3. We chatted really long and good.
4. We tried to meetup it did not work because of our schedule. New
job on my end, she is a student.
5. I thought its over. Fine whatever.
6. She gives me her number.
7. We continue chat on whatsapp
8. Blablabla 3 days long, she gets bored and tries to friendzone me
9. I revert the shit and state i wanna be serious and there wont be a
friendzone/nice guy comin from me.
10. She happy and continues to chat.
11. I get emtionally invested in her.
12. We exchange thoughts dreams and music.
13 We want to meetup at weekend. I cant. Got a family wedding all
weekend.
14. We want to meetup the second week.
I cant. Im off on a company trip. Again new job here.
15. So we say in the week after I get back.
15a. Before the weekend we need to deliver an rc and go all out to hold
the deadline.
15b. We deliver, but shit happens on the customer side. His fault but we
get the blame.
15c I go onto the company trip.
16. We chat and i send her pictures of the trip over the weekend so she
sees I care.
17. She seems fine. And happy.
18. I come back from the trip late night and need to work the next day
jetlag style.
19. I work jetlag style. And try to fix the shit from last week.
20. I come home really tired and looking forward to date day tomorrow.
21. I cant do anything. My home looks like shit and the bag still
unpacked. I just eat and fall asleep.
I feel bad bcs my home will turn her down instantly if we make it to my
place.
Need to hope that it does not come to this.
22. Date day comes. Today.
23. I wake up at 6 early to plan ahead to make sure my clothes are fine
and i arrive on time in the office to exit early.
24. I expect to check what goes on today in the city and give her the
location to meet and time.
25. I enter office and immeadetly get caught up in meeting planning, dev
questions and the meeting itself because the project is on edge.
26. We have a 5hours long meeting where people go on and on and on.
27. 3h later in the meeting:
my brain was fried and around 12 i go to lunch with some people.
28. Meanwhile the city is turning into a rainy mess of a shitty day. No
way I can have a nice walk with her like that. Bars and coffeshops are
just to boring.
29. So i eat to regain some sense and we go back to the office.
Meanwhile I am thinking all kinds of locations and stuff in my head.
30. Havent given her any update since a good morning in the morning.
31. We reenter the meeting. Things continue like before. The project is
on impossible demands and impossible timelines. Still we try to do our
best.
32 3h later on 3pm I tell her i am in a long meeting and working on a
meetingspot.
33. shes not happy.
34. I get a call from a relative
35. i need to go out and take the call. not good for the collegues.
again new job here.
36. family trouble, money trouble, goverment demands. I promise to
handle that tomorrow. Before work.
37. i get back into the meeting.
38. still super slow and no results.
39. need to focus but start to check for locations on my phone.
40. she asks me where i am
41. I send her my location.
42. she thinks i am saying she should pick me up!
43 i joke and say no definitly not.
44. shes pissed.
45. I decide for a coffeeshop. after work. and send her the location
46. She says to call it off.
47. I go all in and go romance style. I say ill wait there even if she
does not come to show her how much i care.
U know to avoid the lets do it some other time fuckery and then it never
happens.
47. She goes quiet.
48. 2h later we finish the meeting. Meanwhile QA foudn a bug we need to
fix because why not.
49. I got 30 minutes to find the bug and fix it before I need to go to
uphold my word.
50. I find out what to do, but it might break a lot of other things
without careful test and implementation. Collegues says he takes it.
51 I feel bad but I need to go. I even leave earlier because otherwise I
would not be on time.
52. I arrive 15 minutes early. I grab two coffee2go and wait outside,
53. Shitty weather, sometimes rain, sometimes sunny, cant decide what it
wants.
54. The weather is just like how I feel.
55. I wait 1 1/2h
56. I think I should feel stupid, For gods sake its tinder. People dont
give a crap, Enough people around why should I Invest so much into this?
But I dont feel stupid. Because this is how I want it. I dont want
appointments, I dont want safety. I decided for her and I went all in.
57. I send her pics from the sceneray as proof that I waited,
58. I think I blew it. She is still quiet.
59. Friends are asking me for plans for the weekend. I wish I could say
I already have some with her.
60. I feel lost right now. But my head says I put too much stress on
her, And i fucked up with the planning. I should have been more precise.
My head also says that i am putting myself into the victim role, which
is wrong always. Should I continue to reach out to her? Is there
something I could do still?68 -
TLDR; Go to bottom of post.
Around this time two years ago was the start of my group project in University. The project was to write an app in android and have a web side to it too. The group was to be overseen by a member of staff. The first meeting was introductions and to look at the spec, during the second we were to decide a group leader (PM) and other positions.
A person I shall call BD and I volunteered for PM. I didn't have experience with leadership but wanted some, and was the only one with confidence in android, the biggest part of the system. I got four of the votes.
BD, with his scouts experience, not being afraid to breathe down people's necks and bash some heads together, and having been PM last year, with his group receiving 69% (he failed the year and was resitting), earned 5. One guy was missing.
When it came to sorting out roles and responsibilities, BD confessed to not being a strong coder but that he'd help here and there. His role was planning our deadlines, doing our Gantt chart for deliverables, and was supposed to write a really detailed spec. He didn't have it at the meeting of the next week, as it was still in the works, and never messaged anyone. Next week he turned up with a Gantt chart of 1A4 page that only included the deadlines and deliverables in the spec, with three colours. One for android team, one for DB guy, and one for web team.
The guy who didn't turn up for voting got a girlfriend, a job at mcdonalds and did barely a thing. One guy in the web team did everything, carrying his friend who wouldn't do work (and also got swept out to see in a rubber boat with one of his bros lol (he was rescued)), and even though I'd done android dev I wasn't as quick a learner as two others in the team. Out of 10 people, 6 did real work.
The web guys stopped coming to meetings as they were taken over by android talk, and as we were quite behind, BG tried yellow carding them. They turned around with the website pretty much done, this one guy doing more than the 4 of us on android had. Yellow card lifted. We'd already complained about BD and his lack of everything (except screen brightness as he sat at the front of the lecture theatres with his wide brimmed hat looking at 9gag and videos (remembering he said he was resitting that year)) but grew a stronger dislike. Found out that he spent most of his time with his gf at our secretary/fellow android dev's house. Come coding week, he disappears entirely, only to attend meetings. He gave us a shell of the android code used for his previous year's project (along with documentation, complete with names and dates of updates, most of them (including the planning ones BD was supposed to do) bearing either one of two names. It was behind where we were at the time and had a lot of differences to our spec, and if we had used it BD may have used that to pull us down with him if things went wrong. He resurfaced at the end with the final documentation of how we'd all done, including reports on how each member had performed, which we were supposed to have reviewed. Our main, most proficient dev he accused of being irritable and brash, and a bad communicator. He was Norwegian, his voice was just a bit gruff, and he was driven and didn't waste time. He bashed the web team for not turning up, and had already been rude and unhelpful to everyone who voted for him in the first place.
In our own reports we all devoted paragraphs to delicately describing his contributions, excluding his suggestion that we use the code he gave us. Before we had our results and our work was completed, he individually kicked us from our group's facebook group and unfriended us.
Our 43% mark at the end, coupled with his -40% penalty from the red card we had him on, felt good, but not as good as a better result would have, especially as the fool that was BD would be inflicted on a group a third time. He changed to some other course after that year finished, so he must have failed his resit of second year.
During third year, a friend of mine who was PM for a group that passed well passed other things with too slim a margin to be happy, so chose to resit the year. He didn't have to do the group project again, and had that time free. But BD had to resit. His group had 69%. A yellow card with a 20% deduction wouldn't do it, so he MUST have had a red card as PM his previous year. Well that didn't come up when he claimed credit for his team's 69% during elections... My housemate's compsci boyfriend 2 years up overheard me talking about him, he was in 1st year with BD. BD failed and resat 1st year too. 4 years and he couldn't make anything stick. I feel bad for him through understanding the pains lack of work and internet distraction bring, and unfortunately I can't wish bad things on him because he brings them on himself. I wish I never see his face again though.
TLDR; Guy in group project lies and is dishonest from start to finish, getting PM pos by 1 vote. Gets what he earns.2 -
I want to start a new website that I can use as a hub for all my side projects.
Will double as a portfolio site but mostly it will just let me share my ideas with friends.3 -
!rant
Rant from my previous work as a consultant Data Engineer (wish I had known this site back then).
During my stay at the place, we have a big client whose contact with us was an incompetent stressful fellow.
I single-handedly build a humongous automated data pipeline using Airflow. I am very proud of my baby as my first massive project and check it obsessively for every possible flaw, especially when writing down documentation for the poor soul that would take my place.
Luckily for me, everything is working as intended, until of course on my last day of work, shit hits the fan, and everything breaks down.
After a moment of initial panic: it was Thursday morning, we had a Machine Learning model to run over the weekend, predictions to make and reports to write and a very lovely next week deadline, I calm down.
"I won't be dealing with this shit anymore, starting from 18:00 PM and anyway Fear Is The Mind Killer."
Quite sure that it couldn't have been my code, I start looking at various logs when the culprit was clear. The B(ig) S(tupid) C(lient) changed the whole schema of the data he was feeding to us.
I call him: he has no idea of what was done to the data. Hell, at first he doesn't seem to remember what the deal with schema, data, and SQL is (the guy was supposed to be a big shot in the IT department). It turns out he hired one of our competitors to do his side of the collection pipeline. He tries to get mad at me, but everything he throws bounces back to him. I am calm yet ruthless pointing out how every major hiccup had been his fault and that I could quickly reach to his board of directors explaining why their Machine Learning model was late.
Result: he apologizes, extends our deadline, and I get a round of applause from other juniors who would have to deal with me had I failed.
Never am I happier to not work as an underpaid cannon fodder apprentice in a shitty consultant firm.
Luckily for me, everything is working as intended, until of course on my last day of work, shit hits the fan, and everything breaks down.
After a moment of initial panic: it was Thursday morning, we had a Machine Learning model to run over the weekend, predictions to make and reports to write and a very lovely next week deadline, I calm down.
"I won't be dealing with this shit anymore, starting from 18:00 PM and anyway Fear Is The Mind Killer."
Quite sure that it couldn't have been my code, I start looking at various logs when the culprit was clear. The B(ig) S(tupid) C(lient) changed the whole schema of the data he was feeding to us.
I call him: he has no idea of what was done to the data. Hell, at first he doesn't seem to remember what the deal with schema, data, and SQL is (the guy was supposed to be a big shot in the IT department). It turns out he hired one of our competitors to do his side of the collection pipeline. He tries to get mad at me, but everything he throws bounces back to him. I am calm yet ruthless pointing out how every major hiccup had been his fault and that I could quickly reach to his board of directors explaining why their Machine Learning model was late.
Result: he apologizes, extends our deadline, and I get a round of applause from other juniors who would have to deal with me had I failed.
Never am I happier to not work as an underpaid cannon fodder apprentice in a shitty consultant firm.
Top Tags
Weekly Rant
View