!Story

The day I became the 400 pound Chinese hacker 4chan.

I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.

They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...

And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.

So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.

I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.

After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.

I then minify the whole thing and stash it in the minified jquery file.

So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.

Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.

So we GIVE the penetration team login credentials... they log in and start trying to crack it.

I sit and wait. Grinning as fuck.

Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.

We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.

"We think you may have been compromised by a Chinese hacker!"

I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.

My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.

If only it was more common to use video in these calls because I WISH I could have seen their faces.

Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.

Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.

Working from home. That time you spend commuting is spent on working. That random guy showing up at your desk breaking your concentration doesn't exist. If there's a bullshit meeting you have to go to, you can dial in, put yourself on mute and continue to work while listening and just unmute as needed.

Seriously so much more productive.

* online meeting *

Why are ya'll muted? We can't have a conversation if you're all muted. Just unmute yourselves.

* someone had a lot of background noise *

Huh? What's happening? What's that noise? I think someone is in a very noisy place. You know what? Just mute yourselves until you want to talk.

THATS WHAT WE WERE DOING YOU PRICK

Today is sprint demo day. As usual I'm only half paying attention since being a Platform Engineer, my work is always technically being "demoed" (shit's running ain't it? There you go, enjoy the EC2 instances.)

One team presents a new thing they built. I'm still half paying attention, half playing Rocket League on another monitor.

Then someone says

"We're storing in prod-db-3"

They have my curiosity.

"Storing x amount of data at y rate"

They now have my attention. I speak up "Do you have a plan to drop data after a certain period of time?"

They don't. I reply "Okay, then your new feature only has about 2 months to live before you exhaust the disk on prod-db-3 and we need to add more storage"

I am asked if we can add more storage preemptively.

"Sure, I say." I then direct my attention to the VP "{VP} I'll make the change request to approve the spend for additional volume on prod-db-3"

VP immediately balks and asks why this wasn't considered before. I calmly reply "I'm not sure. This is the first time I'm learning of this new feature even coming to life. Had anyone consulted with the Platform team we'd have made sure the storage availability was there."

VP asks product guy what happened.

"We didn't think we'd need platform resources for this so we never reached out for anything".

I calmly mute myself, turn my camera back off and go back to Rocket League as the VP goes off about planning and collaboration.

"CT we'll reach out to you next week about getting this all done"

*unmute, camera stays off* "Sounds good" *clears ball*

"Time to listen to some music"
* Puts on headphones and searches my favorite death metal *
* No sound *
"Silly me, I muted it"
* Unmute *
* 108% death metal brainfucking me from both ears *

I think I lost 5 years worth of hearing this instant

Lately I'm running into quite some negative atmosphere in meetings. Raise your hand if you think we all should improve our soft skills.

For example, we had a meeting with our client the other day. It was supposed to be only with the two most senior guys in the team and a couple of the less senior (just because one of us knows better the maths of it and the other one knows better about the limitations of the hardware), but in the end some other team members also joined.

In this meeting, we wanted to discuss an issue that had to be fixed. Quite a complex one. The main speaker from the clients, even though also technical, was having a hard time trying to explain properly to us what the issue was about. He was doing quite well, but it was complex enough. Well, one of the guys in my team kept interrupting him to ask very detailed questions (that would not help us understand it better, not until we got first the big picture). When I say "interrupting" I mean that the guy would half shout a question in the middle of a word from the client.

The client was patient and tried to answer, but our nice guy would keep answering back in a "gosh you really don't have a clue" tone.

We muted our microphone and one of the senior Devs asked the guy to please let them conduct the meeting, and that if he had such questions, he could mute the micro and ask them to us, so we knew we might have to ask about that.

Good. We unmute the microphone and 2 minutes after, our star guy goes in again and he even directs his question to someone else than who was talking (from the client).

Client gets pissed - I mean, I taught 12-16 year old teenagers for years and I don't think I would have hold it together for as long as the client did - and from then on all the meeting went in a really negative tone. Ending up with a call from the client to our senior guy to finish explaining in private the thing.

Well, our friend the interrupting guy not only got amazingly mad at the senior guy that (in private and constructively) gave him some advice on this kind of meetings. No, he also ended up spiraling into a close to insulting chain of emails towards the client -with his and our colleagues in copy- when he needed some specification.

Interrupting guy is 35yo and has been working with clients quite long. Our HR department still doesn't think we all should get communication workshops or something

Why doesn't Slack have an option to mute an entire workspace? It can only mute individual channels in the workspace, like sure, I want to manually mute every single fucking channel when I'm no vacation, and then unmute them when I come back. Who the fuck thought that was a good idea? For fucks sake, Discord can do it, but the most popular enterprise chat lacks such a basic feature.

So I installed the JACK audio connection kit on my Linux box, set up drivers, configured routings properly, etc etc.

Tried playing basic sounds. No output. Panic.

Redid configuration, tried again. No output. Panic++

Reinstalled JACK, tried again. No output. Panic++

Reinstalled drivers and checked ALSA (audio subsystem). All good. Tried again. No output. Panic++

Hit the Mute shortcut on my keyboard to unmute my speakers, tried again. Worked. :facepalm:

I am such an idiot, fml.

My pc has this weird glitch where anytime I install or uninstall a Steam game my headset microphone (Logitech G933) mutes, and I can only unmute it again after a couple of seconds. It's been this way for the longest time (though not always) and I have not the slightest fucking clue what could be causing it. Anyone else ever heard of something like this?