Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Backstory: A few months ago, I wrote an inventory management web app for internal use by the sales team, logistics, and whoever else might need to use it.

Earlier this week: A few minutes before I usually leave, my phone rings. It's some dude I've never heard of. No idea what his function at the company is, still don't, probably never will, don't care. He's never used the app before, and says he's having problems. His cube's on my way out, so I swing by.

I'm not making this next part up. This dude is probably 60 years old, and he's using a very old looking gateway desktop (with the cow print logo thing on the chassis), running Windows XP (not a typo), using IE7.

I don't know what to say, so I just stare at the desktop, look at dude, laugh, and eventually explain that he's never going to be able to use the system via the web app until his rig is replaced.

What the fucking fuck is this. How could this have happened. How do our it people still fucking have jobs. Better question, how did this thing survive the y2k bug?

Sorry I haven't been as active lately, however this is one of the better prompts, so I feel I should have it in my track record. Beware, it's a long one...

Let's trace the roots: My uncle was building desktops and he told my dad he'd build him one if my dad paid him for the components. These days I know builds aren't rocket science, but back then my parents didn't do their research. So my dad paid him.

Give or take some time, and most of the parts are complete. He underestimated the prices of a few things and had to ask for $200 more to complete the build. This...caused my dad to explode.

Later, I heard my dad ranting to my stepmom in January 2017 about how the last convo he had with his brother was a "Fuck-you conversation" - it was the last because my uncle had died in 2003.

Flash forward to March 2017. My mom and I are sitting in a Fazoli's, a nice sunset out of the full-length windows. I had to probe. HAD TO.

"You promise you won't tell your dad I told you this?" she asked.

"You know Kellie and I can't stand to be around him." I replied.

As the story goes, that last "Fuck-you conversation"? Over a fucking measly $200. Yup, the last conversation between my dad and his brother to ever happen was a shouting match over a relatively short amount of money. I wish I could say my dad had remorse, but he doesn't. He still talks shit. He's also technologically illiterate, so I doubt there was a way his brother was going to be able to reason with him.

In late 2003, my uncle, who had been a smoker, passed away due to cardiac arrest. The build was still not finished. This was one of the OTHER things that I have mixed feelings about.

After my uncle passed, my aunt paid someone to finish the build and get it shipped to my dad. We'll get back to why I feel this is fucked up, stay tuned...

---------

It's Spring 2004. I'm in the last half of what I think is Kindergarten or some shit...too lazy to do the math. Anyway, my dad announces we have a family computer - however, I couldn't read yet. That didn't stop the waste of oxygen that is my father from going in the Windows XP screensavers and putting text in that said "GAGE MORGAN WILL NOT TOUCH THIS COMPUTER." He's such a fuckin' dick, now AND back then.

My mom had an issue with this. I don't know why, but she did. Later, I was slowly taught how to use the mouse, under heavy supervision. Then I went to my grandma's house. She taught me one very specific thing on her old Win98 (386, maybe? IDK my old hw shit man), and because I know you guys are gonna love this one:

"The blue "e" opens up your games!"
The blue "e" does not open up your games, it opens something that can lead to your games.

I went home and tried this...without permission. My dad came down and discovered my lollygagging on the homepage - this is fucking weird. It was before Nextel, IIRC, so Sprint's logo was red still. Yes, we had broadband from Sprint. I don't know what saga led to that going the way of the dodo, but...

Back on track, I literally got my pants pulled down and had my bare bottom beat. He was gonna drag my ass upstairs and lock me in my room, but before he could, he accidentally slammed MY FUCKING RIGHT TEMPLE into the corner of a hardwood table at the bottom of the staircase.

The wailing that resulted probably was different than the previous form, which is probably what got my mom involved. My dad had a way of going too far, and in retrospect I'm more terrified now of what could've happened than I was then.

Later, I was given access to games in the form of my own account and bookmarks bar. That wasn't the end of the madness/drama from my use of that machine, but it was the earliest form.

Ever since Kindergarten, that one fateful day, I've been defying any/all imposed limitations on tech set on me by my parents...well, not anymore, but literally grades K-12. I'm living on my own, aka "adulting" now. It sucks more than you think, man.

---------

Let's tie this up before I reach the limit. I said I thought it was fucked up when my aunt paid to have the build finished and shipped to us after my uncle's death.

Yes, my aunt's intervention led to me ultimately majoring in computer science.

That doesn't change the fact that she shouldn't have done it.

My dad was an asshole to her husband, who passed. She is ultimately too caring. I don't think my jackass father should've been able to get by with that, he didn't deserve the freebie. Someone else should've told him his brother did in fact need that $200.

I haven't seen her IRL since the funeral when my grandpa passed in 2005. 2006 spelled the end of my parents' marriage.

Hope you guys enjoyed this - it's only a small segment of how I got to where I am now - tiny, actually.

I often read articles describing developer epiphanies, where they realized, that it was not Eclipse at fault for a bad coding experience, but rather their lack of knowledge and lack of IDE optimization.

No. Just NO.

Eclipse is just horrendous garbage, nothing else. Here are some examples, where you can optimize Eclipse and your workflow all you like and still Eclipse demonstrates how bad of an IDE it is:

- There is a compilation error in the codebase. Eclipse knows this, as it marks the error. Yet in the Problems tab there is absolutely nothing. Not even after clean. Sometimes it logs errors in the problems tab, sometimes t doesn't. Why? Only the lord knows.

- Apart from the fact that navigating multiple Eclipse windows is plain laughable - why is it that to this day eclipse cannot properly manage windows on multi-desktop setups, e.g. via workspace settings? Example: Use 3 monitors, maximize Eclipse windows of one Eclipse instance on all three. Minimize. Then maximize. The windows are no longer maximized, but spread somehow over the monitors. After reboot it is even more laughable. Windows will be just randomly scrabled and stacked on top of each other. But the fact alone that you cannot navigate individual windows of one instance.. is this 2003?

- When you use a window with e.g. class code on a second monitor and your primary Eclipse window is on the first monitor, then some shortcuts won't trigger. E.g. attempting to select, then run a specific configuration via ALT+R, N, select via arrows, ALT+R won't work. Eclipse cannot deal with ALT+R, as it won't be able to focus the window, where the context menus are. One may think, this has to do with Eclipse requiring specific perspectives for specific shortcuts, as shortcuts are associated with perspectives - but no. Because the perspective for both windows is the same, namely Java. It is just that even though Shortcuts in Eclipse are perspective-bound, but they are also context-sensitive, meaning they require specific IDE inputs to work, regarldless of their perspective settings. Is that not provided, then the shortcut will do absolutely nothing and Eclipse won't tell you why.

- The fact alone that shortcut-workarounds are required to terminate launches, even though there is a button mapping this very functionality. Yes this is the only aspect in this list, where optimizing and adjusting the IDE solves the problem, because I can bind a shortcut for launch selection and then can reliably select ant trigger CTRL+F2. Despite that, how I need to first customize shortcuts and bind one that was not specified prior, just to achieve this most basic functionality - teminating a launch - is beyond me.

Eclipse is just overengineered and horrendous garbage. One could think it is being developed by people using Windows XP and a single 1024x768 desktop, as there is NO WAY these issues don't become apparent when regularily working with the IDE.

Software engineering doesn't evolving the way you think of it.

There are no new big patterns. There are no new big concepts and ideas to bring that evolution to us. Rob Pike thinks that the concepts he used twenty years ago are the best possible way of implementing everything and he creates Golang.

The evolution of software engineering, and maybe the whole evolution as a concept is a tick-tock. Software engineering had its latest tick at nineties, when the concepts we call modern were developed. And the latest tock was the rise of the internet, and it given the single-computer-centered Von Neumann architecture really hard challenges. I mean ticks are theoretical inventions and patterns and ideas and etc, while tock is more of some practical, business-oriented implementations.

PHP is still in use. We have troubles with scaling and deployment. Banking systems still run old Java, Windows XP and even COBOL. We had persistence really, really long time ago, and now frontenders reinvent it and call it 'immutability'!

We had our tick many, many years ago. It's time for tock. With not only scientific but commercial use of things such as Clojure, CRDTs and maybe Rust lang, we are heading straight to our new big tock, which'll bring us new great problems to solve.

That's how any evolution goes.

"Reflective" programming...

In almost every other language:
1. obj.GetType().GetProperties()
or
for k, v in pairs(obj) do something end
or
fieldnames(typeof(obj))
or
Object.entries(obj)

2. Enjoy.

In C++: 💀
1. Use the extern keyword to trick compilers into believing some fake objects of your chosen type actually exist.

2. Use the famous C++ type loophole or structured binding to extract fields from your fake objects.

3. Figure out a way to suppress those annoying compiler warnings that were generated because of your how much of a bad practice your code is.

4. Extract type and field names from strings generated by compiler magic (__PRETTY_FUNCTION__, __FUNCSIG__) or from the extremely new feature std::source_location (people hate you because their Windows XP compilers can't handle your code)

5. Realize your code still does not work for classes that have private or protected fields.

6. Decide it's time to become a language lawyer and make OOPers angry by breaking encapsulation and stealing private fields from their classes using explicit template instantiation

7. Realize your code will never work outside of MSVC, GCC or CLANG and will always be reliant on undefined behaviors.

8. Live forever in doubt and fear that new changes to the compiler magic you abused will one day break your code.

9. SUFFER IN HELL as you start getting 5000 lines worth of template errors after switching to a new compiler.

!rant from a support guy

I was tasked to migrate an Exchange 2003 server (yes, those are still used) for an upcoming Office 365 deployment. There are no direct upgrade path from one another, as far as we know

My task was to export PSTs from mailboxes. Great, a native tool exist for that in 2003 (exmerge). But only for less than 2 GB mailboxes because ANSI/Unicode! Half of our mailbox busts that limit. Oh, it seems Exchange 2007 has a PowerShell command for exporting to PST as well! But pre-SP3, that command relies on a local installation of Outlook on the server (DAFUQ), and has been superseded by another "standalone" powershell command. So I install a bogus Windows 2012 server only for that purpose, with Exchange Management Tools (which, by the way, is bundled with the Exchange installation setup and REQUIRES to have IIS installed on the target machine. Also, if you install ONLY the Exchange 2007 Management Tools and wish to uninstall them afterwards, you can't because the uninstaller wants me to select an Exchange Role to remove, which are all unchecked in my tools-only setup). Never worked, and Google-fu says that the newer Exchange 2007 New-MailboxExportRequest command seems to have removed Exchange 2003 support.

So i'm back to installing a pre-SP3 Exchange 2007. Then the older Export-Mailbox powershell command whines about 64bits and 32bit incompatiblity-- actually I ***HAVE*** to have the whole OS/software stack 32bit ONLY. Don't ask me why!

Some article I found says I could fire up an XP virtual machine for that, I go for Win 7 x86. "Sorry, Microsoft Exchange won't be installed on a workstation environment because reasons." All right then, let's go for an old Windows Server 2003 x86. Have you tried to boot this up in an Hyper-V environment where mouse and keyboard support for Windows Server 2003 are apparently optional? No keyboard AND mouse events sent to the guest machine at all.

* Sigh *, let's use a Windows Server 2008, but WATCH OUT! Microsoft has discontinued x86 support on their W2008 R2 release, so non-R2 for me. Even then, mouse event wasn't sent until I installed guest additions.

After all, export-mailbox ended up working, but that costed me two days of banging my head against the wall. (Oh, and I take internal calls inbetween as well...)

And that's why I aspire to be a programmer. Thank you for nothing, Microsoft!

I was always into computers, ever since I was a kid. Played a lot of videogames on Windows 98 and XP, and a lot of my earliest drawings were level ideas for those games. My first encounters with code were with game creation software like GameMaker, but I barely touched the code proper outside of editing a few variables from other people's code. After that I basically forgot all about it and spent most of my teen years being a shutin.

Skip ahead to my last year of high school without much idea on what to do. I was good at math when I wasn't being a lazy shit, so between that and what my parents expected of me, I was prepared to go to university for civil engineering. However, two things changed that decision, the first being a great IT professor, when me and a friend were so far ahead, he started assigning us some harder work, and suggested we study computer science at university. The second was a super jank and obscure open-source early 2000's game that somehow still has a thriving community and is actively being developed. I stumbled upon it by chance, and after playing for a while, I submitted a balance change on the GitHub repo. Even though it was just a single variable change, that time I got it. That time I saw how powerful programming could be and what could be done with it. I submitted PR after PR of new features, changes and bugfixes, by the time I left there I had a somewhat solid grasp of the fundamentals of programming, and decided to enrol in the computer science degree.

Enrolling was possibly the best decision I ever made (not america; debt isn't an issue), as well as giving me actual social skills, every course I took just clicked. The knowledge I already somewhat intuitively had a vague grasp on from videogames, general computer use and collaborating with russian coders who produced the jankiest shit that was still somehow functional was expanded upon and consolidated with a high-quality formal education. Four years later and I'm fresh out of uni, it was a long road between when the seed was first planted in my mind and now, but I've finally found out what I want to do with my life.

won't know for sure until i find a job though ffs

Never change a running system!

Not a rant, just a story.

We never had a computer, maybe one for a few months, and the only thing I remember about it is playing "brick breaker". My next encounter with a computer was when my dad bought a laptop in 2007, but I didn't use it since I was young and had no idea about it. We still have the laptop (Compaq) but it has some battery issues. Then the next and last until now is my first ever proper computer, my XPS 13. As for interaction with computers, we had computer class in 11th and 12th grade in my school, but they had the crappy old computers with pirated Windows XP running on every machine. (This is 2015-16).

So, I never had a proper interaction with computers in my childhood.

The first computer I ever had interaction with is my XPS 13.