Today my classmate came up to me and said he was a hacker.

I told him to prove it, and guess what? HE ACTUALLY HACKED GOOGLE!

It was amazing! He impressed so many kids in the class with his skills of pressing F12! How impressive is that?

He even wore a black hoodie and can spell his name in binary code. Not to mention, he changed google doc's page color to black and the font to green as he typed his essay.

I need to be careful... This 1337 h4x0r is really scary.

83w4r3

Sitting on the bus updating my system.
Random girl: What are you using?
Me: Linux :).
Random girl: Ohh I use Mac, because that doesn't have viruses and can't get hacked!

*me waiting for a cliff to jump off*

TL;DR: I “hacked” my thermostat.

I’m stuck with an annoying roommate in college dorms who apparently always keeps the FUCKING thermostat at 80F. LIKE WHAT THE ACTUAL FUCK IS WRONG WITH HIM. Every time I change it to like 73F, he changes it back to 80F Heat.
Getting tired of his shit for over a semester, I decided to do something about it. I looked up the thermostat made by HoneyWell and downloaded the product manual of it. Turns out, they have a system override ability to remove the heating mode and change the maximum and minimum values of temperature.
BOOM! I removed the heating mode and changed the minimum value to 70 and max to 74.
It’s 2AM here and I can finally go to sleep without sweating my balls off. I’ll keep you guys updated on his reaction hahahaha.

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Started talking with someone about general IT stuff. At some point we came to the subject of SSL certificates and he mentioned that 'that stuff is expensive' and so on.

Kindly told him about Let's Encrypt and also that it's free and he reacted: "Then I'd rather have no SSL, free certificates make you look like you're a cheap ass".

So I told him the principle of login/registration thingies and said that they really need SSL, whether it's free or not.

"Nahhh, then I'd still rather don't use SSL, it just looks so cheap when you're using a free certificate".

Hey you know what, what about you write that sentence on a whole fucking pack of paper, dip it into some sambal, maybe add some firecrackers and shove it up your ass? Hopefully that will bring some sense into your very empty head.

Not putting a secure connection on a website, (at all) especially when it has a FUCKING LOGIN/REGISTRATION FUNCTION (!?!?!?!!?!) is simply not fucking done in the year of TWO THOUSAND FUCKING SEVENTEEN.

'Ohh but the NSA etc won't do anything with that data'.

Has it, for one tiny motherfucking second, come to mind that there's also a thing called hackers? Malicious hackers? If your users are on hacked networks, it's easy as fuck to steal their credentials, inject shit and even deliver fucking EXPLOIT KITS.
Oh and you bet your ass the NSA will save that data, they have a whole motherfucking database of passwords they can search through with XKeyScore (snowden leaks).

Motherfucker.

When you were growing up to be a developer and your mom brags about what a genius you were and has literally no idea what she was bragging about...

#IJustInstalledLinuxMomChill...

Funny story my step dad was bragging about me hacking Google to a group of his guys a few months ago (mind you I'm 21, he's a roofing contractor) and he calls me over and is like "yo, Jimmy. Tell them how you hacked google. (Obviously I never "hacked google", whatever that means) and this guy he's talking to say:

"Oh shit. You can do that shazz".

For my own amusement I replied:
"Yeah I hacked google last week. I HTML'd into their json databases to pull out an ASP in order to bash attack on their .Net services using only CSS"

Of course the man's only response at this point was to ask me how much it would cost me to build him a site...

So back story... I opened up my own company a while back. I provide not only general IT and phone repair etc but I also do ethical penetration testing and patch the holes.

Before opening my own business me and some buddy's went out to a bowling ally and bar to have a few drinks. I wanted to see what their network was like... I hacked into their entire network in less than two minutes. From my iPhone. I was in their switches, I was configuring their printers and fax machines. Lord knows what I could have done if I had my laptop.

Anyways, back to the rant... I got this text today. 😂😩🔫

A while ago (few months) I was on the train back home when I ran into an old classmate. I know that he's a designer/frontend/wordpress guy and I know that he'll bring anyone down in order to feel good. I also know that he knows jack shit about security/backend.
The convo went like this:

Me: gotta say though, wordpress and its security...
Him: yeah ikr it's bad. (me thinking 'dude you hardly know what the word cyber security means)
Me: yeah, I work at a hosting company now, most sites that get hacked are the wordpress ones.
Him: yeah man, same at my company. I made a security thing for wordpress though so we can't get hacked anymore.
Me; *he doesn't know any backend NOR security..... Let's ask him difficult stuff*
Oh! What language did you use?
Him: yeah it works great, we don't get hacked sites anymore now!
Me: ah yeah but what language did you use?
Him: oh it's not about what language you use, it's about whether it works or not! My system works great!
Me: *yeah.....right.* oh yeah but I'd like to know so I can learn something. What techniques did you use?
Him: well obviously firewalls and shit. It's not about what techniques/technology you use, it's about whether it works or not!

That's the moment I was done with it and steered the convo another way.

You don't know shit about backend or security, cocksucker.

Our company got attacked last month by what i believe was a code time bomb from a ex employee. And it was brutal, website hacked, email server not responding, locked out from database servers. The IT department asked for my help and I was more than happy to do it. Long story short I got every thing back working smoothly. The IT guys ask for a favor to not include this in my monthly progress report. Fine by me. But then they went out and tokd the top management that they are teaching me about the networks and servers so thats why I was working with them last month. Fucking assholes. Not going to help them any more.

This is super childish but it's the gameserver insidstry and karma is a bitch.

TLDR: I hacked my boss

I was working for a gameserver and I did development for about 3 months and was promised pay after the network was released. I followed through with a bunch of dev friends and the guy ended up selling our work. He didn't know that I was aware of this as he tried to tell people to not tell us but one honest person came forward and said he sold our work for about 8x the price of what he owed ALL OF US collectively.

I proceeded to change the server password and when he asked why he couldn't log in I sent him an executable (a crypted remote access tool) and told him it was an "encryption tunnel" that makes ssh and file transfers secure. Being the idiot that he is he opened it and I snagged all of his passwords including his email and I changed them through a proxy on his machine to ensure I wouldn't get two factored with Google. After I was done I deleted system 32 :3

What seems to be the problem? Oh, is your wordpress site hacked/infected with malware?

So I guess you decided to disable updates because it might break your shitty little site? And I guess you thought those warnings you got from me and multiple colleagues about what could happen when you didn't update your wordpress bullshit weren't that serious?

Hold on, you want *US* to restore *YOUR* hosting backups?

Hahahahahaha-no.

Go clean up your own fucking bullshit. But, before you click that restore button, please take a cactus, carve 'I am a stupid wordpress cunt' into it, dip it in a bathtub of with blood mixed-infected cum and shove it up your ass.

Oh yeah I'm aware that that won't help your situation but it might keep you from reproducing and at least it'll give me some satisfaction.

Tonight I was getting ready to pay my monthly apartment maintenance bill so I Googled my property management company's name because I always forget the url. It's always the first result, but I noticed Google placed a little "This site may be hacked." line of text on their listing.

Seeing that before and knowing what it means, I went into the source for their index page, and to my suspicion, their WordPress installation was hacked with the standard invisible spam links.

I realize this happens to a lot of WordPress blogs, but this is an NYC property management company that is responsible for a lot of buildings and has millions of dollars in contracts. Normally I would inform them, but having dealt with them in the past I don't like them very much, but more importantly, I don't think they'd understand what I was saying because they are so technically inept. They might even think that because I found this, that I had something to do with it.

So devRant, it is up to you. What should I do?

I hate ZenHub. For those who haven't heard of it, it's an agile project management solution that is hacked (and by hacked I mean really hacked) on top of Github.

It's touted as being convenient because you can have all your issues in Github and then look at them in epics and board format. Sounds awesome. Except it's not. For everything "convenient" it does, it severely lacks the most basic ticket management features that make any ticket management solution usable. Ex., you can't copy tickets. That's right - if you're creating 20 similar tickets, which I've needed to do in the past, you must create each one individually. New ticket -> add labels -> add assignee -> add title -> add description and then submit. 20 times.

ZenHub is so bad and so poorly conceived that many of those who use it have lost sight of project management reality and are blind to the 300 other PM products out there that are better.

True story: a couple of weeks ago people were celebrating because ZenHub added functionality to allow you to define what epic an issue belonged in while you were creating it. For those who aren't familiar with what that means, let me explain: before two weeks ago, when creating an issue in ZenHub, to fill out this "epic" field, you needed to first create the issue and then edit it to fill in the epic.

Let me break that down in devRant terms: it's the equivalent of not being able to add tags to a rant until you create it and then go back and edit it. Complete lunacy is the only way to describe it. And when they added the functionality two weeks ago allowing you to do it all in one step, people praised them!!!

Yeah, ZenHub sucks.

This is dedicated to all Webdevs, especially those WordPress fanboys.

I was reflecting on some things since I do more frequent freelance jobs at the time. And I have to admit: people are fucking crazy.

I had some serious talk with customers and some serious talk for people I work as subsidiary.

The average customer thinks a nice webpage costs I'm 9-50 bucks. They got some shitty Webhosting for 1-5$/month including domain and think they are set.

They have unclear visions about what they actually want, it all boils down to "I like the design". I made a page for someone who just posted images, no text nothing and I told him a trillion times NEEDS some text, even a fucking picture description would be sufficient, else he'll never score anything at google.

Ofc it got denied, now he's bitching how nobody finds the site when they google his name. The other thing is that Wordpress became the solution for everything.

I'm a fucking certified magento developer and I hate magento with a passion. Magento is an overabstracted clusterfuck and believe me, I did the certification I had to learn more than average about the core. But damn, don't slap woocommerce on everything.

Narrowninded fucktards, the cheap out of the box solution isn't always the best.

Don't cry if you got hacked because you were too dumb to upgrade your wordpress. Don't tell me to do some "enhancements" on a server you probably share with 100 other uses. I can't fix your Webserver with your shitty ftp account.

I also hate WordPress with a burning passion. Cum guzzling cavetroll it is. It has it usages, but don't rely on a core So small every kind of extra functionality has to somehow tinkered on it and then expect it to work flawlessly and for 10$ price.

Of course you can buy a theme that, if it would have been special made for you cost 800$ or more, but it wasn't. It just looks like it from the outside. If you want customization you are at the mercy of the option it provides. I can't even tell how many times i spent whole evenings explaining how their shiny template works. Just to do some crazy shit with JavaScript like rearranging domelements because it didn't work as expected.

I still stay to my word. Nothing great has been nor will be created with a Wordpress core. Don't tell me how some great stuff has been achieved. Or wait, please do so. But before you do think about if that wouldn't been faster, cheaper, more reliable , etc... if done with a framework like symphony or laravel... or even zend or cake.

And that brings me back to the point:
Is cheap and "out of the box" really what you need and desire? As customer and as developer?

Conversation between some kind of executives on the table next to mine:

A: do you know this app that'll let you hack into any Wi-Fi? You just click here, copy that and paste it here... and I hacked the restaurant's Wi-Fi. **laughs**

B: oh, only X? Bought. Wait... what is this "allow app to access your location"?

A: yeah, click "allow". You should also install a VPN.

B: what? BPN?

A: no, no. VPN. When you use a VPN you have a secure internet connection. You're protected from tracking, hacking and virus.

Hello!
I'm a member of an international hacker group.

As you could probably have guessed, your account [cozyplanes@tuta.io] was hacked, because I sent message you from it.

Now I have access to you accounts!
For example, your password for [cozyplanes@tuta.io] is [RANDOM_ALPHABET_HERE]

Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.

We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...

Transfer $700 to our Bitcoin wallet: 13DAd45ARMJW6th1cBuY1FwB9beVSzW77R
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.

I guarantee that after that, we'll erase all your "data" :)

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.

>> RE >>
Well f### you, thanks for telling my password which is obviously fake. I have sent your details to the local police department, shall rest in peace. Don't earn money by this kind of action. STUPID!

An intern I was supposed to lead (as an intern) and work with. Which sounded kinda crazy to me, but also fun so I rolled with it. But when I met her I quickly found out she didn't even have a coding editor installed and when I advised one she was "scared of virusses". She had Microsoft Edge in her toolbar, and some picture of a cat as a background. We were given some project by our boss, and a freelance programmer helped us set it up on Trello. Great, lets start! Oke maybe first some R&D, she had to reaeach how to use the Twilio API. After catching her on WhatsApp a few times I realised this wasnt gonna go anywere. After a few weeks of coding and posting a initial project to git I asked her if she could show me the code of the API she made so far..

She told me she was using the quickstart guide (the last 3 FUCKING weeks) which contained some test project with specific use cases.

The one that I did 3 weeks ago that same fucking morning.

AND SHE WAS STILL NOT DONE...

A few days later I asked her about the progress (strangly, I wasn't allowed ti give her another task bcs the freelanc already did) and guess what... She got fking pissed at me

Her: "I will come to you when im done, ok?"
Me: "I just want to see how it is going so far and if you are running into any problems!"
Her: "I dont want to show you right now"

She then goes to my fucking boss to tell him I am bothering her.

And omg... Please dear god please kill me now...

Instead of him saying the she probably didn't do shit. He says to me that the girl thinks im looking down on her and she needs a stress free environment to work in. She will show me when its done. ITS A FUCKING QUICKSTART GUIDE YOU DUMB BITCH.

He then procceeded to whine to me about the email template (another project I do at the same time) which didn't look perfect in all of his clients.

Dont they understand that I am not a frontend developer? Can you stop please? I know nothing about email templates, I told you this!!!

Really... the whole fucking internship the only thing the girl did was ask people if they want more tea. Then she starts cleaning the windows, talk to people for an hour, or clean everyone's dask.

all this while I already made 50% of the fucking product and she just finished the quickstart tutorial 😭. Truly 2 months wasted, and the worse thing is I didn't get any apprication. They constantly blamed me and whined at me. Sometimes for being 3 minutes late, the other for smoking too much, or because I drink to much coffee, or that I dont eat healthy. They even forced me to play Ping Pong. While im just trying to do my job. One of the worst things they got mad at me for if when my laptop got hacked bcs it was infected with some virus. He had remote access and bought 5 iPhones 6's with my paypal while I was on break. I had to go home and quickly reset all my passwords and make sure the iPhones wouldnt get delivered. strange this was, this laptop I only used at the company. So it must have been software I had to download there. Probably phpstorm (torrent). Bcs nobody would give me a license. And the freelancer said I * have to *.

the monday after I still had to reinstall windows so I called them and said I would be late. when I came they were so disrepectfull and didn't understand anything. It went a little like this:

Boss: why u late?
Me: had to reinstall my laptop, sorry.
Boss: why didnt you do this in your own time?
Me: well, I didn't have any time.
Boss: cant you do this in the weekend or something? Because now we have to pay you several hours bcs you downloaded something at home.

Me: I am only using this laptop for work so thats not possible.

Boss: how can that even be possible? You are not doing anything at home with your laptop? Is that why you never do anything at home?

Me: uhm, I have desktop computer you know. Its much faster. And I also need to rest sometimes. Areeb (freelancer) told me to torrent the software. He gave me the link. 2 days later this happends

Boss: Ahh okeee I see.. Well dont let it happen again.

After that nobody at the compamy trusted me with anything computer related. Yes it was my own fault I downloaded a virus but it can happen to anyone. After that I never used Windows again btw, also no more auto login apps.

I've had my share of incompetent coworkers. In order of appearance:

1. A full stack dev. This one guy never, and I mean NEVER uses relationships in their tables. No indexing, no keys, nada. Couple of months later he was baffled why his page took ten seconds to load.

2. The same dev as (1). Requirement was to create some sort of "theme" feature for a web app. Hacked it by putting !important all over the place.

3. The same dev again. He creates several functions that if the data exists returns a view, and if it doesn't, "echo '0'". No, not return 0 or return false or anything, but fucking echo. This was PHP. If posted a rant about this a few months ago.

4. Same dev, has no idea what clean code is. No, not just reusable functions, he doesn't even get indenting right. Some functions have 4 spaces, some 2 tabs, some 6 tabs! And this is inside the same function. God wait until he tries Python...

5. Same dev now suggests that he become the PM. GM approves (very small company). Assigns me to travel to a client since they needed "technical assistance about the API". Was actually there to lead a UAT session.

Intermezzo, that guy went from fullstack dev to PM to sales (yes, one who calls clients to offer products) to business development, to product analyst in the span of two years.

After a year and a half there, I quit.

6. New company, a "QA engineer" who also assumes the role as the product owner. Does absolutely no tests other than "functional tests" in which he NEVER produces any form of documentation. Not even a set of test cases. He goes by "intuition".

7. Same guy as (6), hands me requirements for a feature. By "hands me" I mean he did that verbally. No spec documents, no slack chat, no Trello card. I ended up writing it as a card in Trello. Fast forward to the due date, he flips out because that wasn't what he wanted. Showed him the card. He walked away, without thinking of a solution how this mess should be handled.

Despite all this, I really don't want him (6&7) to leave the company. The devs get really stressed out at this job and he does make a really good person to laugh with/at.

Site (I didn't build) got hacked, lots of data deleted, trying to find out what happened before we restore backup.

Check admin access, lots of blank login submissions from a few similar IPs. Looks like they didn't brute force it.

Check request logs, tons of requests at different admin pages. Still doesn't look like they were targeting the login page.

We're looking around asking ourselves "how did they get in?"

I notice the page with the delete commands has an include file called "adminCheck".

Inside, I find code that basically says "if you're not an admin, now you are!" Full access to everything.

I wonder if the attack was even malicious.

When you see what is clearly a hacked together prototype running as production code.

Waking up, feeling like I have a cold I sit down at my computer and see that my biggest client has asked for a minor change. I haven't had my coffee yet, but I can do what they're asking for in a minute. The site is *gone*. Just a permissions error. Have they been hacked?! Why hasn't the client called me?! The files are there and no changes have been made. It doesn't come up on any browser. 10 panicked minutes later I check it on my phone. It comes up. Wait a minute ... While editing /etc/hosts yesterday I'd accidentally uncommented a line for this site that I'd foolishly left in there. One character later my false alarm is solved. I'm getting my damned coffee now.

Let me preface this by saying I'm not a designer.

While I can make individual bits of a site look good, and I'm actually pretty skilled with CSS/Sass, overall design completely escapes me. I can't come up with good designs, nor do I really understand *why* good designs are good. It's just not something I can do, which feels really weird to say. but it's true.

So, when I made the Surfboard site (that's the project's internal name), I hacked everything together and focused on the functionality, and later did a branding and responsive pass. I managed to make the site look quite nice, and made it scale well across sizes/devices despite being completely new to responsiveness. (I'm proud, okay? deal.)

After lots of me asking (in response to people loudly complaining that the UI doesn't have X feature, scale properly on Y device, and doesn't look as good as Z site), the company finally reached out to its UI contractor who does their design work. After a week or two, he sent a few mockups.

The mockups consisted of my existing design with a darker background, much better buttons, several different header bars (a different color) with different logo/text placements, and several restyled steppers. He also removed a couple of drop shadows and made some very minor styling changes (bold text, some copy edits). Oh, he also changed the branding colors. Nothing else changed. It's basically the same exact site but a few things look a little better. and the branding is different.

My intermediary with the designer asked for "any feedback before finalizing the designs" -- which I thought odd because he sent mocks for two out of the ten pages (nine plus a 404 page). (Nevermind most of the mocks showed controls from the wrong page...).

So, I typed up a full page of feedback. Much of it was asking for specifics such as responsive sizing on the new header layout, how the new button layout would work for different button counts, asking for the multitude of missing pages/components, asking why the new colors don't match the rest of our branding, etc. I also added a personal nitpick about flat-looking controls because I fucking hate them. Everything I wrote was very friendly and professional.

... His response was full of gems. Let me share a few.

1. "Everything about the current onboarding site looks like a complete after-thought." (After submitting a design basically identical to mine! gg!)

2. "Yes [the colors match our current branding]." (No. They don't. I checked. The dark grey is different, the medium grey is different, the silver is different, the light blue is different. He even changed the goddamn color of the goddamn LOGO for fuck's sake! How the fuck is that "matching"?!)

3. "Appreciate the feedback [re: overlapping colored boxes, aka 'flat'], design is certainly subjective. However, this is the direction we are going." (yet it differs from the rest of our already-redesigned sites you're basing this off. and it's ugly as shit. gg again :/)

4. "Just looked at the 404 page. It looks pretty bad, and reflects very poorly on the [brand name] brand. Definitely will make a change here!" (Hey! I love that thing. It's a tilted, dotted outline of a missing [brand product] entirely drawn with CSS. It has a light gray "???" underlay and some 404 text inside. Everyone I showed it to, coworkers and otherwise, loved it. "Looks pretty bad". fuck you.)

I know I shouldn't judge someone so quickly, but what the fuck. This guy reminds me of one of those pompous artists/actors who's better than everyone and who can never be wrong, even while they're contradicting themselves.

just.
asfjasfk;ajsg;klsadfhas;kldfjsdl.

I can't believe this company.

They want to stop using Certificates because it bothers the customer.

I had to use https because we were using service workers for a PWA.

I tried explaining we need them for the product to work, and also it's a basic security measure.

They were removing the certificates without my knowledge.

I found out because a colleague wanted a way to disable the service worker and asked me for help.

The manager said your not the boss of the company, it's not your company to make decisions.

Just do what they say, he tried to justify the decision from above, I said ok when was the last time you installed a certificate? he said never.
Ok, then what the fuck are you talking about, its 10 minutes to get a certificate letscrypt HELLO.

This company is very hierarchical 1900 style, I'm the person who does innovation in the organization, that's the most fucked up part, they say no to everything.
OMG, I'm going to quit.

There just asking to get hacked, this is just the tip of the iceberg.

Is this common or are they morons?

In few hours I was with client showing his website after long time coding and designing.

Client: I think this is it, here your final $$

Me: Me thanks sir and bye

A guy came in.

Client: Oh! Wait, this guy is our it expert let see if he have any advise.

Me: Oops! Okay

Guy: So this website will showcase our products

Me: Yes,

Guy: What about security because I just got news that Russian hacked one big company.

Me: I don’t think Russian have time to hack your one page website

Out of the door...

Boss comes in and gives me some js code for syncing data (he hacked it together the other day, really messy with like 5 callback lamdas stacked into each other)

Boss: Make it faster and more reliable and add some progress indicator

So i look at the code and he literally pulls all the data as one json (20+ MiB). Server needs multiple minutes to generate the response (lots of querys), sometimes even causing timeouts....

So i do what everyone would do and clean up the code, split the request into multiple ones, only fetching the necessary data and send the code back to my boss.

He comes in and asks me what all this complexity is about. And why i need 5 functions to do what he did in one. (He didn't -.-). He says he only told me to "make it faster and show progress" not "to split everything up".
So I ask him how he wants to do this over HTTP with just one request...
His response: "I don't care make it work!".

Sometimes i hate my job -.-

I made a website for a guy, been keeping a casual eye on it and it's fine, if boring.

Then he calls in a panic to tell me it's been hacked, there is porn everywhere and funny underlined words and I must fix it right now!

So I drop what I'm doing and access the site and it's fine. I use a few different devices and even a couple of different networks and can't see a thing wrong with it.

Then I spent half an hour on the phone trying to convince him that his own shady surfing habits are causing this on his computer only.

I get the feeling he didn't believe me because he hasn't paid the latest invoice..

For an ostensibly security-focused financial company, these people really don't know what they're doing. Everything I've seen thus far is so hacked-together that I feel like i'm looking at code written by high schoolers.

Seriously, some of API Guy's code is better than this.

And they even make a point to remind me of ultra basics like `.to_a`, `.map`, or "a good command to keep on hand is `rake db:migrate`" -- like seriously? Those are in bloody "Intro to Rails" tutorials (and it's `rails db:migrate` as of Rails 5). For an ostensibly all-senior team, these devs are awfully junior.

Had a discussion with a developer about security. His software transfers all user data (password and files) unencrypted, so anyone can grab them with wireshark. I told him that this is a severe issue. He said no its no problem because if you get hacked its your own fault, because you probably used an insecure network. NO ! YOU FUCKING MALADJUSTED SHEEP-MOLESTING OBJECT OF EXECRATION, YOU SHOULD ALWAYS ENCRYPT SENSITIVE USERDATA NO MATTER WHAT NETWORK YOU USE. FUCKING KILL ME ALREADY.
Not implementing encryption is one thing but then acting like its no problem is a fucking nother one. Why do people not understand that security of userdata is important???

ESTIMATING FUCKING HOURS.

Well not literally, that only takes 10 minutes.

But software estimation... anyone pretending to be good at it is a dirty liar. Adding a button? Uh, let's say 2 hours, I mean I gotta poop in between as well, and it's probably some broken bootstrap theme with hacked custom margins.

Building a commenting system coupled to an ancient CRM? Uh... maybe one day? Maybe a month? I don't even know what the CRMs looks like? You won't show me because "that's irrelevant"?

WELL THEN I DON'T FUCKING HAVE A CLUE.

And in the time we spent on discussing time estimations, I could have written like half of the feature... or zero... because you still haven't fucking shown me what the CRM API looks like.

YOU KNOW WHAT I'LL GIVE YOU AN ESTIMATION. ME. VACATION. DONE IN 6 WEEKS.

I worked at a startup. They wanted to "save" money. So they hired a relative of "Fred" named "Bubba". Bubba made a custom website. Like hand built gifs and who knows how hand crafted html. It was fine for a time. Then somebody was wondering why nobody was calling us at the company. No customers. Another relative named "George" (who was actually a business major) looked at the website. It had been hacked and replaced with Jedis fighting Sith Lords. Me and another engineer named "Zeus" said "fuck this shit" and said "we are redoing this shit".

So I logged into godaddy (I know, shitty) and installed Wordpress (kinda shitty). I proceeded to turn wordpress into a half decent page. Wiped out the shit that was there, reused images as it made sense. Created more images. Reduced images to 80% quality to take loading size from 10MB to <1MB. Then I also proceeded to do SEO work and get the website listed properly within about a month. Customers started calling all the time. I had a simple contact form that barely gets any shit on it due to captcha. The was 5 years ago. I left 3 years ago (still help them on weekends) and nobody has done shit with the website. They are still getting calls and it hasn't been hacked.

We don't talk to Bubba. He didn't know what the fuck he was doing. I wonder if he still does websites for his relatives. I honestly had no clue what I was doing, but my take on the approach was easier to maintain and even George and Zeus and the new manager "Ralph" can maintain it, kinda. Went from shitty static website to full on dynamic and interactive. Yeah, I know, "dynamic". But the manager was happy.

Sometimes you just do what you gotta do in addition to doing all the electrical and software engineering for a company.

My wifi was hacked two times last year, so I decided to change the factory credentials. Some months ago a tree fell on top of the cables on the street, cutting my internet connection. I call the ISP and when they get here they say I have no right for costumer support as I have altered my own connection.
WHAT. THE. FUCK
I had to revert the credentials to admin/admin in order get my internet back. These ISPs live in the fucking stone age. How the fuck do they force me to fucking have my router exposed with a fucking "admin/admin".
Fuck them.
I hope some day we have a cable revolution and finally have some rights over the networks we pay for with both tax money and excesive fees with low fucking speeds. Fuck them. Really.

Well, just remembered a fuck up one of my friends and me did. Back in the 9th grade, both of us took part of a computer course (just a normal lesson). He got me into programming. So after half a year we "hacked" into the school server. Tbh it was quite simple. The server did a backup each week in a specific folder. The problem was, the backup file had no proper rights set. Everyone had access to it. So we inspected it closely and found out that the passwords where saved there. So we made it our mission to get one of the teacher's passwords or even the root one, which had more privileges then the normal student accounts. After about 2 days we managed to crack one of them (using a hash table available for download). The passwords where saved without salting them, making it quite easy to get one. Now we were sitting there, having access to a teacher's account. So we logged in and tried to figure out what to do next. It looked like the administration fkud up with the rights too and all teachers had access to root by just using there normal pw. Well, the Grand final is coming. We put a script into the startup of the server (which restarted at 4:30 AM each Friday). The only line that was written in it was "./$0|./$0&"

We never got caught. And it was a heck of fun ^^

There was a time I made an update on one of our client's e-commerce website sign-up page. The update caused a bug that allowed new users to create an account without actually creating an account.

The code block meant to save user credentials (i.e email address and password) to the database was commented out for some reasons I still can't remember to this day. After registration new users had their session created just as normal but in reality they have no recorded account on the platform. This shit went on like this for a whole week affecting over 350 new customers before the devil sent me a DM.

I got a call from my boss on that weekend that some users who had made purchases recently can't access their account from a different device and cannot also update their password. Nobody likes duty calls on a weekend, I grudgingly and sluggishly opened up my PC to create a quick fix but when I saw what the problem was I shut down my PC immediately, I ran into the shower like I was being chased by a ghost, I kept screaming "what tha fuck! what tha fuck!!" cus I knew hell was about to break loose.

At that moment everything seemed off as if I could feel everything, I felt the water dripping down my spine, I could hear the tiniest of sound. I thought about the 350 new customers the client just lost, I imagined the raving anger on the face of my boss, I thought about how dumb my colleagues would think I was for such a stupid long running bug.

I wondered through all possible solutions that could save me from this embarrassment.
-- "If this shitty client would have just allowed us verify users email before usage things wouldn't have gotten to this extent"
-- "Should I call the customers to get their email address using their provided telephone?... No they'd think I'm a scammer"
-- "Should I tell my boss the database was hacked? Pffft hack my a**",
-- "Should I create a page for the affected users to re-verify their email address and password? No, some sessions may have expired"
-- "Or maybe this the best time to quit this f*ckn job!"
... Different thoughts from all four corners of the bathroom made it a really long bath. Finally, I decided it was best I told my boss what had happened. So I fixed the code, called my boss the next day and explained the situation on ground to him and yes he was furious. "What a silly mistake..!" he raged and raged. See me in my office by Monday.
That night felt longer than usual, I couldn't sleep properly. I felt pity for the client and I blamed it all on myself... yeah the "silly mistake", I could have been more careful.

Monday came boss wasn't at the office, Tuesday, Wednesday, Thursday, Friday not available. Next week he was around and when we both met the discussion was about a different project. I tried briefing him about last week incident, he seems not to recall and demands we focus on the current project.

However, over three hundred and fifty customers swept under the carpet courtesy of me. I still felt the guilt of that f*ck up till this day.

So I looked at our dashboard and noticed a banner mentioning scheduled maintenance set for 7:00 AM. And I thought to myself, "I never released an update, and even if I had, the maintenance would be performed 15 minutes after the build finished, not at 7:00 AM." So I emailed my coworkers, asking if they had put up the banner, no, no. I started pulling my hair out trying to figure out what caused this banner to be created. Was there some old job that was just now running? I combed through the server logs, thousands of entries later, and I found the banner was installed by some user with the IP 172.18.0.1...which was the local machine. I went through all the users on the system, running atq to see if anyone had jobs scheduled. And there was one job scheduled, under the root user. At that moment, I legit thought to myself, "have we been hacked? How is that possible?" It's wasn't! Then I looked under /var/spool/atjobs to see what the job actually was. And then I saw it. My weekly updater cron job had installed updates and had scheduled a maintenance window to reboot the system. And I smiled, realizing that my code was now sentient.

"I just hacked your website"

Me: Oh really? What did you do?

"Ran DDos attack using this third party website haha"

Me: 😃

Every time I encounter "404 Not Found - nginx" when I was really young, I thought the website was hacked by Nginx(ngingks). When I got to uni and found out what it was and how to say it, I just facepalmed. Even until now, every time I read it on job posts, I still say ngingks in my head and laugh hahaha

Let me tell you a story:
One upon a time poor lil PonySlaystation received a call. It was a nice guy who cried about his WordPress website had been hacked. So the clusterfuck began...

He gave me the login credentials for the hosting back-end, DB, FTP and CMS.
A hacked WP site was not new for me. It was probably the 6th of maybe 10 I had to do with.
What I didn't expect was the hosting back-end.
Imagine yourself back in 1999 when you tried to learn PHP and MySQL and all was so interesting and cool and you had infinite possibilities! Now forget all these great feelings and just take that ancient technology to 2018 and apply it to a PAID FUCKING HOSTING PROVIDER!
HOLY FUCKING ASSRAPE!
Wanna know what PHP version?
5.3.11, released the day before gomorrah was wiped.
The passwords? Stored in fucking plaintext. Shown right next to the table name and DB user name in the back-end. Same with FTP users.
EXCUSE ME, WHAT THE FUCK?!

I have to call Elon Musk and order some Boring Company Flame Throwers to get rid of this.

Long story long, I set up a new WP, changed all passwords and told the nice guy to get a decent hoster.

I bought flowers for my date. Online.
When I registered, the website send me via email my 30 character long password.

😥

So I try "forgot password". The genius website sent me, guess what, my 30 character long password...

For fuck sakes!!!! You had one job.... Hash the fucking password!!!!

I'm afraid these people will probably get hacked soon (murphy law).

Sha256.. Guys please...

So, the other day a friend of mine called me. It's been years that I haven't talked to this girl. She says "can you do me a favour?". I asked "what?". To which she replies "My Facebook account has been hacked. Can you do something and destroy the guys pc? Don't let him create any other account or even let him use the internet. Ban him from the internet or do something.
And I was like

Wordpress does not suck. If you know how to work it.

Past period I saw so many rants on WP. My rant is that it is not 100% WP fault. Yes there are seriously structural problems in WP but that does not mean you cannot create top-notch websites.

At my work we create those top-notch WP sites. Blazing fast and manageable. Seriously we got a customer request to make the site slower because it loaded pages to fast (ea; you hardly could see you switched pages).

- We ONLY use a strict set of plugins that we think are stable, useful.
- We have everything in composer (and our own Satis) for plugins.
- We use custom themes & classes. Our code is MVC with Twig.
- In our track history we have 0 hacked websites for the past 2 years.
- Everything runs stable 24/7
- We have OTAP (testing, acceptance & production environments)
- We patch really fast

These are sites going from $15k++ and we know our shit.

Don't hate on WP if you have no clue what you are doing yourself.

That is my rant.

Can people just fucking stop using "hacked" as a synonym for "my password has been found out"? Even devs do this shit! Devs should know better about what a "hacked" account is.

So my previous alma mater's IT servers are really hacked easily. They run mostly in Microsoft Windows Server and Active Directory and only the gateway runs in Linux. When I checked the stationed IT's computer he was having problems which I think was another intrusion.

I asked the guy if I can get root access on the Gateway server. He was hesitant at first but I told him I worked with a local Linux server before. He jested, sent me to the server room with his supervision. He gave me the credentials and told me "10 minutes".

What I did?

I just installed fail2ban, iptables, and basically blocked those IP ranges used by the attacker. The attack quickly subsided.

Later we found out it was a local attack and the attacker was brute forcing the SSH port. We triaged it to one kid in the lobby who was doing the brute forcing connected in the lobby WiFi. Turns out he was a script kiddie and has no knowledge I was tracking his attacks via fail2ban logs.

Moral of lesson: make sure your IT secures everything in place.

Microsoft admits they were hacked. Explains how it worked and what happened. No big deal. companies get hacked. That's life.

Indirectly admits that all of their customer support agents have access to your inbox.

Cool. Deleting my Outlook email. Thanks guys.

So this happened last week.

Last week I went as a volunteer to give an introduction class basic programming to some guys and gals who are going to attend computer science soon next year.

The class lasted one week and we had done some basic algorithms and programming in Python.
Besides that we also did some very basic websites (html, css and javascript).

Obviously all those people were very enthusiastic.
Some were a little bit too enthusiastic...

There were these 2 guys who were best friends. They already knew everything apparently. Even though they just finished high school they had been programming for over 10 years, had already made countless of websites, applications, 'hacked Windows', RATs and some amazing games.

So there were some people there who never had programmed before. I started giving the lecture and warned people who already knew some basics of programming the first day might be a quite boring but I could not simply skip it obviously.

Those 2 dickheads acted like the biggest childs ever, started screaming in class, making sure everyone knew they were bored, and were constantly complaining to me that they know what print, for, while and strings were. I stayed calm and tried to explain them again I simply couldn't skip parts of the lecture for them.

Every hour and every day it started getting worse and worse with them. Not only but the whole class were furiously mad at them. Some other students even started screaming at them. They screamed back insulting everyone they even didn't what php was and stupid stuff like that.

At some point they interrupted me AGAIN and asked me how long I programmed. I told him little them over 5 years or something. They started laughing at me. Those 2 dickheads looked at me like they were so much better than me because they programmed over 10 years.

At some point, almost the last day, I had enough of their bullshit, interruption, screaming, insulting other students who asked questions, ... I said you know what, you give the lecture!

They refused because they felt too good for all these other 'noobs' (the other students). They would never become good and blah blah more bullshit.

I said alright, we're doing websites, you've made some websites, show me your most impressive website.

He was happy and felt honered.

He sent me the whole folder and I showed his website on code on the big screen in the room.

Then I said: "Everyone, pay close attention to this!"

That dickhead smiled and felt good

Me: "This is how NOT to make a website"

I started explaining to everyone all things that were complete shit and all things that were straight up sins.

That one friend of the dickhead stayed quiet. The other dickhead became as red as a tomato. At some points you even saw tears in his eyes. At some point he insulted me I was a scriptie and simply left.

The class started clapping.

One of the weirdest but also best moments of my life

Moral: Don't act like a complete bigheaded dickhead, don't feel better than everyone and show some respect

Thank you for reading

Have a nice day!

Spammer just called me saying my windows computer was hacked and that I needed his assistance, I agreed and let him download free malware remover tool and other random shit, apparently the terminal commands were not working so he asked what version of Windows I was on, I said XP, and he continued and gave up on the terminal. tried to ruin whatever malware he put on the thing, finally he went to find what version I was running, and found out I was on Linux.

!dev but actual long rant - about the students in my grade.

TL;DR: 1 asshole in 10 people can ruin everything. Mobbing sucks. I dislike parties.

There's the word "Jahrgang" in Germany which means the people in the same school year as you. I'll refer to it as "my (collective) classmates" although we don't have classes anymore, rather courses and I also mean those I do not have courses with.

With that out of the way, let the rant begin.

It's often the case that people with high logical and intellectual skills (no being arrogant, other people categorize me like that) have a lack of social skills - or empathy.

I'm a kind of an outsider in a way that since 10th grade I stopped trying to attach myself to certain groups since I do not fit in there. I'm fine with that now. Nowadays I can at least socialize with other nerds.

Here's why I dislike the collective of my classmates. This year is my last school year and as always, a big group forms a spirit. They have a theme (superheroes - super boring). I didn't go to any party they threw and I don't plan to go to the graduation ceremony as well since it's an unofficial party and not a school event. I hate parties. I hate alc and drunken teenagers. I didn't attend the "Kursfahrt" - a kind of excursion that's like holidays with your course - mainly because I dislike my "Stammkurs" (main course).

Why? I had a friend in this course. She was short, geeky and I could actually talk to her. Yet some jerks (not intensely) bullied her because "she was awkward" and in the end, she switched school - also because of other reasons.
When she was gone, even those who didn't bully her and who are considered "nice" made fun of her and talked badly about her - and me hanging around with her. So since then, I avoid anything with them that's not 100% school related.

Now they're planning what we call "Abigag" - it's a joke/prank the graduates pull on the school and younger students, something funny like an entrance room full of balloons and many other things. Also, the "Abizeitung", the yearbook the graduates put out with articles about their courses, teacher ranking and quotes etc. Also, a cabaret evening from the graduates to collect money for the graduation party. Cool stuff actually. I thought about taking part.

I'd say my talents are creativity and computer stuff. So a friend chatted with me about nerdy pranks like a school-wide wallpaper change. Or releasing a fake password list of the teachers - claiming we hacked them - with puns and insiders about the teaches. He said he gotta invite me into the WhatsApp group of the Abi prank. Disclaimer: He's one of those people who are socialized but still able to talk with me. He's fine.

Well guess what he told me later:

They don't want me on the team since I distance myself from my classmates. I should either be fully one of them or not at all.

That's enough. Who distances whom? I thought they were happy to have me on board but horse shit! Stuck with ideologies from the 19th century.
They can lick my ***. I don't have anything against most of them in person but as a collective, they're just fucking stupid. I guess it wasn't even the majority saying they don't want me to help. It was probably just the small crew of leading and loud jerks. And no one would disagree with them saying "Why not? He wants to help?" (even if it was their opinion) - they don't have the brain or balls to say anything against the strong idiot leaders. They'll do great later in politics as an adult - they wouldn't criticize Hitler if they were under his "protection".

So I won't take part in making Abi pranks, - but also not the Paper and cabaret eve. They can go jerk off to being part of a huge collection of assholes - which I, in all my pride, am not part of other than on paper.

(Disclaimer: No critics to other outsiders but those who were engaged and responsible for the choice of not letting me help)

If anyone actually read this:
Who were/are you in school times?
A proud outsider like me? Party boi/girl? Engaged striver?

I’m pretty terrible at soldiering and small electronics in general, but I’m kind of okay with how this turned out.

Back story:
That helmet is my sister-in-law’s, she drives a polaris slingshot. (It’s technically a motorcycle here in the US because it has three wheels.) and she hooked up some EL wire to her helmet and the larger black rectangle in the picture is what the battery pack looked like before. (It takes two AA batteries.) and doesn’t have anyway to recharge them natively.

I did some research and found a neat little charging board (TP4056) and got her a small single cell li-ion battery for it. Now it’s not only less than half the length of the original, but it has a rechargeable battery and a charging circuit built in. The battery is 500mAh and lasts about 65-70mins on a charge. Personally, I feel like that’s not a good enough battery life on a charge, but my sis-in-law says that her and her slingshot friends usually only run with the EL lights on for 30 minute stretches at time so they should be able to get two to three uses before needing a recharge. Which btw, only takes about 35-40 minutes from completely dead.

The box looks like shit cause I literally hacked away at the original casing with a pocket knife and then crammed all the pieces back in and hot-glued the casing together. But I took measurements of the final-ish design and will try to find a small electronics box that will be able to house everything internally. (L: 1-3/4” W: 1-1/4” H: 1-1/4”)

The worst thing about being a dev is explaining to these fucktards that facebook can't be hacked.
But what is even worse, is when these dipshits say that i am a bad dev for not hacking facebook for them.
Use that big stupid head to sometimes think straight and stop being a little twat.

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

I started attending this IoT class in some computer training school. During my first class, I was early because I had the raspberry pi class earlier in the day. A guy came up to me and started chatting to me, he was bragging about how he created some big projects, how he works in his dad's company which develops IoT products (he codes it). Later on in class he talked about how he hacked his school's server or something and changed his marks. Whenever he brags, he has a tendency to use a deeper voice (which is pretty annoying).

Anyways so I thought he is pretty good and maybe I can learn a thing or two from him. A few class later, I started having my doubts, why? Because he doesn't know how to debug code, he copies the lecturer's code and still copies it wrong, and he doesn't know what variables and constants are. He uses IE and doesn't know about GitHub.

Now he asks me or the guy in front for help in class. He makes the class more fun, it's funny listening to him brag. Love it.

User where I work is convinced someone hacked her iPhone and is remotely changing settings all the time. And it’s not us (the company), the phone isn’t managed and there are no remote profiles installed.

User: I’m telling you. Things are always changing without me doing it!

Me: Alright. Do you have an exemple?

User: Yes. When I swipe here [control center] and tap the WiFi toggle, it always gets back on by itself later.

Me: Yep. That’s actually a “feature”. You don’t have to worry.

User: Alright then, this morning I couldn’t get Google Maps to work.

Me: Well. Since you turned off your cellular and WiFi, it’s normal you couldn’t look up an adress.

User: okay then what about that Bluetooth icon in the top that always appears? I know that means the hacker is on my phone through Bluetooth. See!?

Me: That’s actually just a status indicator. Don’t worry about it. It’ll always come back there it’s normal. You know, your phone can do a lot of stuff by itself.

User: Yeah right. It does it by itself. I’m not stupid you know!! *storms off*

What the hell?

"four million dollars"

TL;DR. Seriously, It's way too long.

That's all the management really cares about, apparently.

It all started when there were heated, war faced discussions with a major client this weekend (coonts, I tell ye) and it was decided that a stupid, out of context customisation POC had that was hacked together by the "customisation and delivery " (they know to do neither) team needed to be merged with the product (a hot, lumpy cluster fuck, made in a technology so old that even the great creators (namely Goo-fucking-gle) decided that it was their worst mistake ever and stopped supporting it (or even considering its existence at this point)).

Today morning, I my manager calls me and announces that I'm the lucky fuck who gets to do this shit.

Now being the defacto got admin to our team (after the last lead left, I was the only one with adequate experience), I suggested to my manager "boss, here's a light bulb. Why don't we just create a new branch for the fuckers and ask them to merge their shite with our shite and then all we'll have to do it build the mixed up shite to create an even smellier pile of shite and feed it to the customer".

"I agree with you mahaDev (when haven't you said that, coont), but the thing is <insert random manger talk here> so we're the ones who'll have to do it (again, when haven't you said that, coont)"

I said fine. Send me the details. He forwarded me a mail, which contained context not amounting to half a syllable of the word "context". I pinged the guy who developed the hack. He gave me nothing but a link to his code repo. I said give me details. He simply said "I've sent the repo details, what else do you require?"

1st motherfucker.

Dafuq? Dude, gimme some spice. Dafuq you done? Dafuq libraries you used? Dafuq APIs you used? Where Dafuq did you get this old ass checkout on which you've made these changes? AND DAFUQ IS THIS TOOL SUPPOSED TO DO AND HOW DOES IT AFFECT MY PRODUCT?

Anyway, since I didn't get a lot of info, I set about trying to just merge the code blindly and fix all conflicts, assuming that no new libraries/APIs have been used and the code is compatible with our master code base.

Enter delivery head. 2nd motherfucker.

This coont neither has technical knowledge nor the common sense to ask someone who knows his shit to help out with the technical stuff.

I find out that this was the half assed moron who agreed to a 3 day timeline (and our build takes around 13 hours to complete, end to end). Because fuck testing. They validated the their tool, we've tested our product. There's no way it can fail when we make a hybrid cocktail that will make the elephants foot look like a frikkin mojito!

Anywho, he comes by every half-mother fucking-hour and asks whether the build has been triggered.

Bitch. I have no clue what is going on and your people apparently don't have the time to give a fuck. How in the world do you expect me to finish this in 5 minutes?

Anyway, after I compile for the first time after merging, I see enough compilations to last a frikkin life time. I kid you not, I scrolled for a complete minute before reaching the last one.

Again, my assumption was that there are no library or dependency changes, neither did I know the fact that the dude implemented using completely different libraries altogether in some places.

Now I know it's my fault for not checking myself, but I was already having a bad day.

I then proceeded to have a little tantrum. In the middle of the floor, because I DIDN'T HAVE A CLUE WHAT CHANGES WERE MADE AND NOBODY CARED ENOUGH TO GIVE A FUCKING FUCK ABOUT THE DAMN FUCK.

Lo and behold, everyone's at my service now. I get all things clarified, takes around an hour and a half of my time (could have been done in 20 minutes had someone given me the complete info) to find out all I need to know and proceed to remove all compilation problems.

Hurrah. In my frustration, I forgot to push some changes, and because of some weird shit in our build framework, the build failed in Jenkins. Multiple times. Even though the exact same code was working on my local setup (cliche, I know).

In any case, it was sometime during sorting out this mess did I come to know that the reason why the 2nd motherfucker accepted the 3 day deadline was because the total bill being slapped to the customer is four fucking million USD.

Greed. Wow. The fucker just sacrificed everyone's day and night (his team and the next) for 4mil. And my manager and director agreed. Four fucking million dollars. I don't get to see a penny of it, I work for peanut shells, for 15 hours, you'll get bonuses and commissions, the fucking junior Dev earns more than me, but my manager says I'm the MVP of the team, all I get is a thanks and a bad rating for this hike cycle.

4mil usd, I learnt today, is enough to make you lick the smelly, hairy balls of a Neanderthal even though the money isn't truly yours.

My dad got this scammy E-Mail today...
The strange thing was, the sender and recipient were the same address, but I'll get back to that.
Unfortunately, I can't show it to you, but it said something like this:
"As you can see, I wrote this E-Mail from *YOUR* address. I have hacked your Account. Please pay me 300$ in bitcoin to this address: (address here) ..."
You get the point.
Now... my dad was pretty worried about the Account actually beeing hacked. One of his coworkers also got the same E-Mail. I told him that it's easy to fake the 'From' Header of an E-Mail, at least with the mail command on Linux. So I ssh'd into one of my Servers and sent him an E-Mail from lol@lol.de. Obviously, he didn't expect it to be that easy. Now he believes me that this is a scam and will tell his coworkers tomorrow.

From what I read in that E-Mail there was no part about recipient specific stuff, so I guess someone just wrote one text and made a simple bash Script for that... as you can see, people really do fall for this shit.

Now one question: is there a way to track down the Servers the E-Mail went through? Or is there anything one can do, apart from ignoring it?

What was your moment of realization that you picked the right profession?

I didn't grow up building computers or loving code... I was a lazy piece of shit until I hit college when I finally got my act together (a late start, if you will).

My moment of realization happened when I was asked to rewrite an old C program to blacklist IPs of "hacked" emails based on email logs. I was the only one in the office who could read C, so it was kind of a spotlight moment for me lol. Anyways, the script I wrote to replace it turned out to catch more cases than the original script. We kicked it back to our email filtering service since they allowed us access to the source code and they were impressed. That was my moment for knowing I'm I'm the right industry 🙃

Sorta dev related.
I work at a service desk for an automotive supplier.
We've once hab out entire mobile phone system crash and for whatever reason, it won't let the phones connect, if there are more than 50 phones trying to connect at the same time. Kind of a problem if there are 400+ phones trying to connect.
My colleagues showed me what to do in order to get one phone to connect to our system.
It was basically: enter some invalid data on out webinterface, save, enter the correct data again and safe again.

It was too stupid for me. So i hacked an AutoIt script together in about 15 minutes, and let it run for the next half an hour. Showed it to my colleagues, they were excited and I went and got a coffee.

Annoys me so much how obviously lazy my department has been with one of its products. We have an iPad app that does document management and eForms and stuff. Its not perfect but not the worst. Then they decide they need to build an app to handle a specific kind of eForm. They just went "well this app already does eForms so lets just adapt it".
Worst. Decision. Ever.
the app is simply a branch off the original app. despite being a completely different product which isnt even concerned with the same business objects. it has been hacked until it does what it needs to. And i have to somehow maintain this trainwreck.
As a result we have a branch in our main Git repo that contains a completely different product, which is basically an iOS wrapper for an HTML eForm with ~5000 lines of jQuery to further hack on the functionality that the eForm provides.
And they wonder why iOS developers have been leaving and some keep threatening to leave. Even the Delivery Manager wants us to just do what is needed and get it out the door and never look at it again. How are we supposed to care when thats the attitude of the people who are supposed to be invested in it. Im surprised the client hasnt told us to get lost the app is so hideously broken and unmaintainable. Performing an action on the form can break a completely unrelated section somewhere else. We have lost control.
And they just keep adding more scope, ignoring our concerns cos hey its too late to just start changing the whole approach of the solution.

Do arcade games (Pac-Man, Donkey Kong, Berserk) count? I got my allowance in quarters.

Atari 2600? Ti/99 with a tape drive to play a game at my friend's house?

Having to buy a 5.25" floppy in the HS bookstore for typing class on the TRaSh-80s and finding a way to put a break in the program and save it to disk so I got top score on assignments?

Tron. That's what really did it for me. To this day, I like to imagine there is a vast world inside the computer.

After a BASIC programming class in HS, I got an Apple IIGS and started writing my own load menus for these little games I'd find around FIDO and newsgroups. Instead of "PR#6, brun gumball" a nice styled menu would show where you could press the number of the game you wanted to play.

I bought a book on Apple assembler and promptly got disillusioned with full blown programming (in 1988), instead sticking to BASIC and, later, JavaScript, HTML, PHP, CSS, and Python.

Who remembers sharing hacked PCP accounts to dial out of state BBSes?

Applied Engineering customers and 300 baud chatroom lurkers represent.

User #243, God's Country chat

I love my adhd kicks. My webstorm trial ended, I downloaded vscode, hated the bindings, I then used thr intellij extension. Everything ok expect autocomplete, not a fan of tab, couldn't use enter to enter enter as a binding. Hacked that binding.json, idk how i ended up installing a json sorter extension, ow theres a imports sorter. Okay what exactly i wanted to do? Right, do my niche site. Bad idea, i had written it in kotlin js, (missing intellij already) so i searched for almost non-scripting framework. Idk what happened...i ended up being interested in tailwind. Tried it a bit, ow they have tailwind ui. Thinking about buying the sweet shit. Ow i see headless UI... Pause, threw tailwind out. Thinking about react, met Solid, loved it, yarned and npmed it. Extension time, auto tag rename, more emmet like shit, rainbow and fira fonts, theme, scheme, ow colors whaaaw. Okay, its not gonna look like or feel like intellij, more like IDEA community if i had made the ide. What was i making again? Ah my webcrapp. still (idea)less... I went to codepen, grew a beard, came out, still feeling powerfully uncreative. Last stop: awwwards.. ow that awesome 7up nl site, imma see it, they nuked the animations, everything. This is where the rant actually ends, because THANK GOD I DONT FULLSTACK FOR A LIVING!!! Swift, Kotlin, XML and unpredictable Gradle is good enough for me to stop me from going wild. Stay safe. Genetic.🙋‍♂️

I don't understand how is possible that programmers today are developing applications that are storing plain password in the database.

I know it's kinda boring topic since everybody here is talking about it this week, but it's really confusing to me.

Every now and then some DB gets hacked, millions of passwords are leaked and then you have developers, who should be smart and logical people, who decide to do that.

Ok, maybe the project deadline was close or something similar, but I think there is no excuse for something like that. No matter how close or behind deadline project is, you should always be able to explain to your boss/client what could happen.

I think I have multiple but this guy stands out.

He was a fellow student at my software development study. Used primarily FOSS systems/software, not because he cared about ethics as much but because that way he could tinker with the software as much as he wanted.

He was always searching for new things to tweak, write, explore and so on. And he shared as much as he could with fellow students.

A few examples of what he did:
- wanted to change something about how Linux worked at its core (he mainly used debian based systems) so he learned how to write kernel modules and wrote his solution.
- wanted to be able to monitor his gas/power usage so he hacked an arduino thing into the power/gas meter and got it to send updates to a messenger at command.
- setup and automated mini data center because fuck it, fun to do.

His thinking was always very creative and to this day I still appreciate what he taught me on that!

Today was a good day.

I was told to use in-house BitBucket runners for the pipelines. Turns out, they are LinuxShellRunners and do not support docker/containers.

I found a way to set up contained, set up all the dependencies and successfully run my CI tasks using dagger.io (w/o direct access to the runner -- only through CI definition yaml and Job logs in the BitBucket console).

Turns out, my endeavour triggered some alerts for the Infra folks.

I don't care. I'm OOO today. And I hacked their runners to do what I wanted them to do (but they weren't supposed to do any of it). All that w/o access to the runners themselves.

It was a good day :)))))
Now I'll pat myself on my back and go get a nice cup of tea for my EOD :)

That new devlead that just joined and is bad mouthing everything we did and introducing his own state management library he hacked together without understanding our architecture (Clean Architecture) nor what layers are supposed to do and what the sense behind layers is. Also we learned from him that apparently Android deprecated ProGuard, LiveData is deprecated and Lifecycles in Android are broken.

I have been hacked with cross-site request forgery and I don't know what to do. I have been up all night trying to fix.

At the institute I did my PhD everyone had to take some role apart from research to keep the infrastructure running. My part was admin for the Linux workstations and supporting the admin of the calculation cluster we had (about 11 machines with 8 cores each... hot shit at the time).

At some point the university had some euros of budget left that had to be spent so the institute decided to buy a shiny new NAS system for the cluster.

I wasn't really involved with the stuff, I was just the replacement admin so everything was handled by the main admin.

A few months on and the cluster starts behaving ... weird. Huge CPU loads, lots of network traffic. No one really knows what's going on. At some point I discover a process on one of the compute nodes that apparently receives commands from an IRC server in the UK... OK code red, we've been hacked.

First thing we needed to find out was how they had broken in, so we looked at the logs of the compute nodes. There was nothing obvious, but the fact that each compute node had its own public IP address and was reachable from all over the world certainly didn't help.
A few hours of poking around not really knowing what I'm looking for, I resort to a TCPDUMP to find whether there is any actor on the network that I might have overlooked. And indeed I found an IP adress that I couldn't match with any of the machines.

Long story short: It was the new NAS box. Our main admin didn't care about the new box, because it was set up by an external company. The guy from the external company didn't care, because he thought he was working on a compute cluster that is sealed off behind some uber-restrictive firewall.

So our shiny new NAS system, filled to the brink with confidential research data, (and also as it turns out a lot of login credentials) was sitting there with its quaint little default config and a DHCP-assigned public IP adress, waiting for the next best rookie hacker to try U:admin/P:admin to take it over.

Looking back this could have gotten a lot worse and we were extremely lucky that these guys either didn't know what they had there or didn't care.

So fuck this. Fucking fuckers fuck this.

We've been having massive performance issues with a nested drag and drop component. I built this abomination about a year ago and had to rush through it due to my colleague not thinking the change was necessary, even though the previous revision was even worse. It's been going strong for a while, but since a month ago it has started to perform badly. Makes sense, because it was hacked together, and wasn't made for the amount of data that it's handling now.

So the other day I presented the issue to my colleague, telling him exactly what the problem was, and that we'll have to rewrite quite a bunch of the code to get it working. Today when I bring it up again he is really negative towards the changes because they are so big, and don't really want me to do them. He is, however, super stressed about the performance issues and starts digging around in the code himself. Code that he's never touched, don't understand how it works, and has said he's not interested in learning about. He even says he sucks at frontend and Vue himself. So we sit there from morning to lunch, digging through the code together (I had to do it as well because he came nowhere). And what do you think the conclusion was? The same thing I told him a few days ago.

So what now then? He still don't want me to do the changes, but still wants it solved! How the fuck is that supposed to happen?!?

Worst part is that we're the only two developers in the company, and our boss has little IT experience. That puts me and my colleague at the same hierarchical level, so all decisions has to be cool with the both of us.

So fuck this. Fucking fuckers fuck this.

These ignorant comments about arch are starting to get on my nerves.

You ranted or asked help about something exclusive to windows and someone pointed out they don't have that problem in arch and now you're annoyed?

Well maybe it's for good.

Next comes a very rough analogy, but imagine if someone posts "hey guys, I did a kg of coke and feeling bad, how do I detox?"

It takes one honest asshole to be like "well what if you didn't do coke?".

Replace the coke with windows.
Windows is a (mostly) closed source operating system owned by a for profit company with a very shady legal and ethical history.

What on earth could possibly go wrong?

Oh you get bsod's?
The system takes hours to update whenever the hell it wants, forces reboot and you can't stop it?
oh you got hacked because it has thousands of vulnerabilities?
wannacry on outdated windows versions paralyzed the uk health system?

oh no one can truly scrutinize it because it's closed source?

yet you wonder why people are assholes when you mention it? This thing is fucking cancer, it's hundreds of steps backwards in terms of human progress.

and one of the causes for its widespread usage are the savage marketing tactics they practiced early on. just google that shit up.

but no, linux users are assholes out to get you.

and how do people react to these honest comments? "let's make a meme out of it. let's deligitimize linux, linux users and devs are a bunch of neckbeards, end of story, watch this video of rms eating skin off his foot on a live conference"

short minded idiots.

I'm not gonna deny the challenges or limitations linux represents for the end user.

It does take time to learn how to use it properly.
Nvidia sometimes works like shit.
Tweaking is almost universally required.
A huge amount of games, or Adobe/Office/X products are not compatible.
The docs can be very obscure sometimes (I for one hate a couple of manpages)

But you get a system that:
* Boots way faster
* Is way more stable
* Is way way way more secure.
* Is accountable, as in, no chance to being forced to get exploited by some evil marketing shit.

In other words, you're fucking free.
You can even create your own version of the system, with total control of it, even profit with it.

I'm not sure the average end user cares about this, but this is a developer forum, so I think in all honesty every developer owes open source OS' (linux, freebsd, etc) major respect for being free and not being corporate horseshit.

Doctors have a hippocratic oath? Well maybe devs should have some form of oath too, some sworn commitment that they will try to improve society.

I do have some sympathy for the people that are forced to use windows, even though they know ideally isn't the ideal moral choice.
As in, their job forces it, or they don't have time or energy to learn an alternative.

At the very least, if you don't know what you're talking about, just stfu and read.

But I don't have one bit of sympathy for the rest.

I didn't even talk about arch itself.
Holy fucking shit, these people that think arch is too complicated.

What in the actual fuck.

I know what the problem is, the arch install instructions aren't copy paste commands.
Or they medium tutorial they found is outdated.

So yeah, the majority of the dev community is either too dumb or has very strong ADD to CAREFULLY and PATIENTLY read through the instructions.

I'll be honest, I wouldn't expect a freshman to follow the arch install guide and not get confused several times.
But this is an intermediate level (not megaexpert like some retards out there imply).

Yet arch is just too much. That's like saying "omg building a small airplane is sooooo complicated". Yeah well it's a fucking aerial vehicle. It's going to be a bit tough. But it's nowhere near as difficult as building a 747.

So because some devs are too dumb and talk shit, they just set the bar too low.

Or "if you try to learn how to build a plane you'll grow an aviator neckbeard". I'll grow a fucking beard if I want too.

I'm so thankful for arch because it has a great compromise between control and ease of install and use.

When I have a fresh install I only get *just* what I fucking need, no extra bullshit, no extra programs I know nothing about or need running on boot time, and that's how I boot way faster that ubuntu (which is way faster than windows already).

Configuring nvidia optimus was a major pain in the ass? Sure was, but I got it work the way I wanted to after some time.

Upgrading is also easy as pie, so really scratching my brain here trying to understand the real difficult of using arch.

How the hell are you going to have a WebDev degree and not know what SSL is in 2022.

I also shouldn't be the one to notice your CPanel has a ton of unnecessary extra files and folders, and when you go to a subdomain corresponding to some random folders we find a "hacked by some dude" message. : |

I get your mom paid for the domain and hosting for you but you should really fucking know that information yourself.

And I don't care if your mom says 'everything is fine' on her side. You were hacked you need that information so you can tell when things are added that shouldn't be and in this case notify the host site in case the issue is on them while also knowing how to reset everything properly site specifically

Fuck. I should start charging my friends for being stupid and taking my time with things they should know how to do.

My degree is an associates of 'General Programming'. They have a degree in specifically 'Web Development'

90% of my web development knowledge is self taught. If her program didn't cover fucking ssl she needs her money back

Fucking christ this year is a fucking shitfest:

- wpa2 krack
- "DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions"
- "Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites"
- "Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe"

My fucking router didn't yet get patched, my fucking phone is outdated and I can't change to my patched one because devrant just shits the bed in extended desktop mode. Windows 8.1 loses support in 3 months, rendering my last chance of using it on my surface pro done, making me use windows 10 with its fucking shit ass not optimized tablet interface. I have just fucking constant paranoia what else could be hacked tomorrow, nothing is fucking safe anymore for fucks sake. I even went as far as implement 3 step auth and intrusion detection on my shitty ass VPS nodes, fucking give me a break you fucking assholes.

Fuck the feelings of powerlessness and helplessness. when a friend comes crying for you for help with their hacked account and you keep asking them about what they did to protect it in the first place and they reply with nothing, no recovery email, no recover phone, no secondary verification, NOTHING. and you can do nothing but stand there and watch them cry while you can literally do nothing because there literally nothing you can do to retrieve their stolen accounts. FUCK BLACK HAT HACKERS.

TLDR; Default admin login on WEP encrypted WLAN router for getting free stuff at my hair stylist studio.

Free WLAN in my hair stylist studio: They had their WEP key laying around in the waiting area. Well, I am not very happy with WEP, thought that they never heard of security. Found the default GW address, typed it into my browser and pressed Enter, logged in with admin/1234 and voila, I was root on their ADSL router 😌 Even more annoyed now from such stupidity I decided to tell the manager. All I told him was: You use a default login on your router, you give the WiFi password for free, WEP is very very insecure and can be hacked in seconds, and do you know what criminals will do with your internet access? He really was shocked about that last question, blank horror, got very pale in just one sec. I felt a little bit sorry for my harsh statement, but I think he got the point 😉 Next problem was: he had no clue how to do a proper configuration (he even didn't knew the used ISP username or such things). Telled me that 'his brother' has installed it, and that he will call him as soon as possible. Told him about everything he should reconfigure now, and saw him writing down the stuff on a little post-it.

Well, he then asked me what he can pay me? Told him that I don't want anything, because I would be happy when he changes the security settings and that is pay enough. He still insisted for giving me something, so I agreed on one of a very good and expensive hairwax. Didn't used it once 😁

Some weeks later when I was coming back for another hair cut: Free WLAN, logged in with admin/1234, got access and repeated all I did the last time once more 😎

HOW CAN YOU NOT LEARN FROM FAILS??

Alright, server got hacked a week ago. Bad enough on its own but okay, perfect time to change the server infrastucture completely instead of doing it later this year. Since Saturday we are working on setting everything up (game server, apache, etc.pp.) while making sure to configure everything correctly to be safer this time.

We are finally at the point where we could go back online. And what happens? One team member _now_ (6 days after the hack) suggests that it might be a good idea to format the hacked server and configure just what we need to patch the clients with it.

Great fucking idea, why didn't you have that idea 5 days earlier?! There was more than enough time already to format the old server and configure it. Another day delay, yay. X_X

Aaah, ranting really helps in those situations. Oh and Hi, I'm new here. Nice place, I like it. ^_^

I've been offline from devrant for a while now but damn, I need to vent this shit

One of my colleagues can't describe tickets well enough, so I often have to speak to my colleague about it what he/she ments with their description (usually the ticket description is one line… that's all)

But yesterday the ticket was quite ok, I got were he/she was going for

Conveniently my colleague walked by at the end of yesterday and asked me how it was going

I responded quite energetic 'quite well, ticket is almost done'

And when I showed my colleague the result he/she said, well I got some feedback this morning, and we need to move X to Y with Z data

But you don't get the full story, this project exists of a very old abandoned framework (2013). Hacked together to work for more than one customer (but still copied over to run standalone) with the last year of development being focused on fast results (no time given to workout bugs or refactoring for cleaner/readable code)

So now I have to (on a feature that already took me 3 days to build) remove roughly 25% of the code and hacks, and hack a solution together..

This shit is demotivating as fuck...

Don't you just love customers?

It al began when they showed us the flyers they were printing for their new products, an some one at our company who doesn't work here anymore had the brilliant idea of copying it to their webshop, as a fucking gimmick... Ooohh man the customer didn't seem to understand it was only visually

They wanted the 3d layering effect to be dynamic, so each product would have its own with custom colours

So it was made

A few weeks later they didn't want the informational text, they wanted links to each product that the layer uses

Sounded like logical so it was made

Again some time later, they noticed that the layers were not textured, but just plain

I argued against it because it would add unnecessary loading time for some 300 by 400 px element but they insisted

So they got what they wanted

A few days later they said that the textures were of low quality, and that we had to create ones with higher quality

Again our management said, yes

We made ~ twice the size of the element in image pixels to create a higher definition image

Then the customer wanted that the layers should change based on some selection menu above it

(At this point we realized that it would no longer be just a fun little gimmick)

So we tried to refactor/rebuild it to remove most if not all the hacks we did just to make the customer happy, that took too long for them (the customer) so we had to revert back to the hacked together version because otherwise we would not be done on time (commanded by management)

But again, we ... I say 'we' as in the company but realistically I've been the only one who has worked on the fucking abomination

But I digress...

A few stupid requests later, some layer images are almost fully transparent PNG images that are almost 1mb in Filesize each (some products have 5 or even more layers) and the god damn thing now has to account for optional layers...

I AM FUCKING SPENT... I'VE JUST CAME BACK FROM VACATION BUT I ALREADY NEED IT AGAIN... FUCKING WORKING 60 HOURS A WEEK JUST TO KEEP ONE CUSTOMER HAPPY WHILE OTHER PROJECTS BREATH ON MY NECK

How to Hire the Best Crypto Recovery Expert - CONSULT OMEGA CRYPTO RECOVERY SPECIALIST

In the ever-evolving landscape of cryptocurrency, the risk of losing funds due to various factors such as hacking, scams, or simple human error is a growing concern for investors. In such precarious situations, the choice of a reliable and experienced crypto recovery specialist becomes paramount. One such standout in America is OMEGA CRYPTO RECOVERY SPECIALIST, renowned for its expertise, high success rate, and satisfied client testimonials.

How can I recover my stolen bitcoin from an investment scam? 
What is the best recovery company to help me recover my stolen Bitcoins? 
How to Hire a Hacker to Recover Stolen Crypto/Bitcoin? 
Can a hacked crypto be recovered? Yes, Go to OMEGA CRYPTO RECOVERY
Best Cryptocurrency Recovery Company

Webpage (omegarecoveryspecialist .c om
Contact Mail; omegaCryptos@consultant .c om
SMS or Call: +1 (701, 660 (04 75

Yeah so I quickly hacked stuff together. Why make it beautiful before I know whether it will actually do? Hack now, refactor later!

Yeah and then that moment in refactoring where main() gets under 700 lines and I don't know whether what I'm feeling is joy or despair. Gaaaahhhh!

At least I have also written automatic tests so that I can see when something breaks.

Manager encounters problem, hacks a load of stuff together to "get around" the problem. Asks me to fix the issue. I spend a week tidying up what he'd hacked together, then change it so I encounter the problem.

A morning of probing later, the problem?

One of our servers is running 2 firewalls, so we were having network connection issues on just that server.

Email from a department mgr regarding a sharepoint site we inherited (lots of custom javascript, XLS, etc, stuff we didn't write)

Dan: "The department filter isn't showing up when I select the 'Logistics and Support' department. Was this caused by the changes you guys made? Its causing a major disruption in our processes and need it fixed ASAP."
Me: "Those changes went out almost two months ago and all the filters were working fine, at least that is what you told me when you tested it."
Dan: "I thought so, but its not working. It has probably been broken ever since you made those changes so I filed a corrective action ticket against your department for not following the documented deployment and testing processes"
Me: "Really? We've been over this. Its your department that is responsible for that sharepoint site. Previous developers hacked javacript together to make it all work, but I'm sure its something simple."
Dan: "Great. I'll start putting together a root-cause analysis to determine which of your processes we need to address."

Start looking at the javascript and found the issue..

if (dept === "Logistics & Support") {
$('deptFilter').show();
}
else {
$('deptFilter').hide();
}

Me: 'Found the issue. Did you rename the logistics department?'
Dan: 'No'
Me: 'To show or hide the filter, the code was looking for "Logistics & Support", someone changed the title to "Logistics and Support"'
Dan: "Well...I guess I did that yesterday...but I didn't change the name, just that stupid character. That shouldn't make any difference."
Me: "I can fix that right now. Are you going to need more information for your root cause analysis?"
Dan: "No, I think we're good. Thanks."

I really wish I had worked somewhere that was hacked, so as to know how it was done, how it was found out, and what measures were taken, from the inside.

The problem is that I worked at a lot, and big places. We were never successfully attacked or hacked as far as I know. Was our security so good, that nobody succeeded? Or was it so bad, that we didn't even notice?

A "portal" built on Drupal 7. Started by someone who cannot do anything outside Drupal, and overseen by someone who believes JS to be "low level programming" (he literally said that).

What normally would be a table with 7 columns is instead 7 tables joined together. That goes for each data structure.

Each page, built in a separate module, either manually includes the same css files, or simply copy/pastes them.

Old, legacy modules have been hacked, and now depend on newer modules... Which, in turn, depend on the same old ones.

The theme contains huge, hardcoded parts of logic, so it can never be updated.

Worst part of it? It's only 3 years old. And there are people buying it as SaS. Already hitting bottlenecks at 2k users.

Early on in my freelancing career I learned something important. Even with seemingly tame nerdy stuff, sh*t can get real, real quick. This story describes the very start of my career in web development and hopefully will serve as a warning to newbies out there.

A young teen, I had just learned some basics of wordpress, I was confident I could hack together something that worked and looked okay with minimal effort and knowledge. One day I was approached by a guy who wanted a job board board site. Knowing there were already clones out there I figured this would be an easy gig, man was I wrong.

In addition to the fact I didn't know about contracts or the scope creep from hell, I had somehow gotten myself involved with a criminal business front.

These guys operated a scam business to rip off investors. Me and my designer buddy were used to make the business look legit. What they would do is hold job fairs where people are supposed to pay to rent a booth, but instead they would give everyone a booth for free and then lie about what all businesses were coming. They would then show this info, along with the website and marketing materials to investors. They would take the money from the investors and launder it for drugs.

The real story starts the day of one of the worst hangovers I had ever had. I was at a random friends house sleeping for most of the day.

Apparently one of the guys who was operating the scam business was about to strike a deal with one of the investors when something on the website didn't work (it was working as designed). This guy, Manny we'll call him, had been blowing up my phone all morning. I check my voicemails and there are threats on my life; saying I will be sleeping with the fishes, or if they ever find me, they'll fuck me up. Needless to say this really freaked me out, either way I decided to head back to my dorm.

When I come back home, my designer buddy tells me that some guys were in the house looking for stuff. Apparently this guy hired two nerds to "break into my computer and steal the website", fortunately they didn't know what they were doing.

After a while I got another call, Manny wanted to sit down and "talk things out". Being naive I accepted and we met up. The two nerds were there with one of his body guards. He said he wanted to have those two nerds take over the project. While this was going on, his bodyguard flashed his gun at me several times making eye contact. I agreed to, but I still wanted to get paid. I asked about getting paid and he said we never signed a contract and that he owned the host and domain. I was pretty much screwed.

This is where the story should end, but I wasn't a very smart guy back then. I gave up the site but I created a back door into it. Every week or so, they would get "hacked". Because the two nerds didn't know what to do, they ended up coming back to me for help. This is when I finally got paid. Totally not worth it.

So for my school's annual interschool symposium, I hacked together an app to scan QR codes and keep track of who's taken their refreshments (It was pizza.) If it's been scanned once, it'll show an error. Easy enough, right? Wrong.

So the team at the counter took a screenshot when my app showed "Approved" and whenever they wanted a pizza, they showed the guys their screenshot. Result? Over 70 pizzas weren't counted. And I bore the wrath of my teacher *sigh*.

What the hell could I have done?

What bothers me most with the Matrix hack is that so many people say oh look the secure messenger got hacked. From what I can tell it had nothing to do with their software nor their protocol. If you're running your own Homeserver you're totally unaffected.

I understand the muggles on Facebook saying it was Apple and Amazon that were hacked, but here on devrant where people know WTF is up, I'm still not seeing people say where the hack actually took place, and what makes the news truly terrifying: SMC.

Ok... so I have a unique question/opportunity. I can't give all the details but here's the jist:

3yrs ago I was hired to consult a now prominent(still decently well known then) web-based company with many thousands of users, dealing with a lot of money and leveraging a social environment. They had several issues but initially they really needed me to find/train chat mods.

I did not take the offer for monetary reasons, like all consulting I've done, I had additional reason and/or fondness to fix the issues. In this case it was an interesting challenge and I knew several customers and some support staff so it'd be worthwhile.

They (without request) reduced their typical 2mo probationary period to 2wk for me. With less than a day left of that period, I was 'hacked' via a pushed telegram update, on the account they made me create for work purposes (they had control of the phone number not me).

During this 'hack' one of the 2, currently active, culprits sent a message to his tg account from the 'hacked' one and quickly deleted the entire convo. The other pretended (poorly) to be me in the chat with the mods in training (at least a few directly witnessed this and provided commentary).

Suddenly, I was fired without any rationale or even a direct, non-culprit, saying anything to me.

The 'hack' also included some very legit, and very ignorantly used, Ukrainian malware.

This 'hack' was only to a 2nd gen lenovo yoga I got due to being a certified refurbisher... just used for small bs like this chat mod/etc job. I even opened up my network, made honey pots, etc., waiting for something more interesting... nope not even an attempt at the static ip.

I started a screen recording program shortly after this crap started (unfortunately after the message sent be 'me' to the dude who actually sent it happened... so i still dont know the contents).

I figured I'd wait it out until i was bored enough or the lead culprit was at a pinnacle to fall from...

The evidence is overwhelming. This moron had no clue what he was doing (rich af by birth type)... as this malware literally created an unhidden log file, including his info down to the MAC id of his MacBook... on my desktop in real time (no, not joking... that stupid)

Here's my quandary... Due to the somewhat adjacent nature of part of our soon to be public start-up... as i dont want it to turn into some coat tail for our tech to ride on for popularity... it's now or never.

Currently im thinking, aside from any revenge-esq scheme, it'd be somewhat socially irresponsible to not out him to his fellow investors and/or the organisation that is growing with him as one of few at the forefront... ironically all about trust/safety/verification of admins in the industry.

I tried to reach out to him and request a call... he's still just as immature. Spent hours essentially spamming me while claiming it wasnt him but hed help me find whoever it was... and several other failed attempts to know what i had. When i confirmed he wasnt going to attempt a call, i informed him id likey mute him because i don't have time for back and forth bs. True to form he deleted the chat (i recorded it but its of no value).

So... any thoughts?

Blindsided by a project meeting 5 mins to end of day when I was super busy and I've spent all day dealing with shitty hacked together legacy code, requirements changing everyday and still no business solutions to some areas of the project. We already have one booked in for tomorrow at 10. What the fuck. Needless to say I pretty much shouted about everything to everyone. Fucking joke. Now I'm just mad at me for letting my blood boil externally

Not my 'first' but the first outside of stupid little toy projects.

I got an internship back in 2016 while I was in 11th grade. Mine was sort of a college doing community outreach, so yeah, not really impressive of an internship.

But my manager handed me a Micro:Bit. At the time, there were like 1000 in the U.S. the U.K. was brainstorming, including them in school curriculums. My manager just told me to experiment and see what I could do with it.

Minimal requirements Minimal guidance outside of ideas now and then (he had doctorate students to manage so I get it lol), so I started just doing stupid small things with the micro python, the language the minimal back then documentation reccomended, like a 'lowest of poly' crazy taxi thing.

But by the end, I hacked together some HORRIBLY written C++ to get 2 of them to communicate. 1 always powered and gets a state from the other at regular intervals. The other is powered by a hand crank and sending the direction of the crank to the other.

I forget what the end goal was. But it was fun to learn, and thinking back, I did a lot in just 8 weeks

My manager gave me the first Micro:Bit on my last day. I don't do anything with it anymore. But it's a fun memory.

It was also around that time I found DevRant and needed you guys to knock my ego down a few pegs when my head over inflated, lol.

some call
- yo bro do you have some time ?
- quick cause I'm taking a dump
- I think I have been hacked, got black screen kernel panick, linux freeze seldomly I have to reboot, no internet connexion
- save your stuff and reinstall linux
- I don't have enough stockage to backup
- Then buy one and save, probably either OS is fcked up or you have some hdd problems

Time that it will take: ~30min to reinstall whole shit
Peace duration: ~2years

Later on the same day
aunt
- I can't log into windows
- Did you change the password ?
- Yes but it does not work anymore
* looking at shit
* logs successfully. Reason: interface changed after automatic update.
* wait.
* wait some more so fucking windows fucking starts
* Desktop is ugly as fck.
* Some stupid settings messed up (like high contrast set, black theme or so)

aunt (the same)
- I can't log into my (other) laptop either
* logs
* wait more more more

Guess what: automatic updaaaates. Freezes 100%cpu

* Being a very experienced user: wait before reboot because this suckass os will probably fail to boot otherwise
* Blackscreen with a percentage: Installing updates...
* reboots
* Blackscreen with a percentage: Installing updates continuing...
* finally boot (feels like a miracle windows succeeds lol)
* still slow
aunt now sleeps
* look at running process and install programs
* sees shits like camera recognition (vendor installed), candycrush
* occasionnaly get adds

time lost: 2h
peace duration: ~3month

FFS I am a dev, not a fucking trash lover
It is already pain to fix someone os, but windows is the cream of cream

It brings no ease of use for novice user
It is so insanely slow
It has stupid settings set up by default!!!!!!!! Who FFS wants candycrush and ads
The maj are so fcking hazardous. It is 2022 pretty much the same as 15y back then. Updates take fucking eternity. And needs reboot. and are not even finished!!!

I swear I am gonna stretch my ass and install linux and any fckin other toolsuite needed so they can use Micro$$ word, which is the only fucking usecase they need windows for in the first case anyway
I SO wish this OS would die

I mean, even more than safari

Okay this is my first time posting on this site. I've browsed it (definitely not in class) and the community looks beautiful, so I'm going to just kind of slide in here. Anyways this is the part where I use my caps lock button and type lots of naughty words I guess...

<rant type = 'school'>
Our programming classes are fucking DISMAL uuugh... Okay so we have four technology classes: Tech Exploration, Coding 1, Coding 2, and Intro to CS (a 'high school' level class)... So this means a fuck ton of kids in programming classes, mostly because I WANNA MAKE MINCERAFT AND BE A KEWL BOI LIKE GAME DEV BUT I'M ALSO A FUCKING IDIOT AND WILL NOT LEARN ANYTHING YAAAAAAY but that's a mood and so there's a fucking tidal wave of dumb kids in these classes. So right we're dealing with like 80 kids per class period. Sorry if I'm repeating myself but there are a FUCKTON of students. Now, we have... wait for it... ONE FUCKING TEACHER. ONE. I fucking swear this district does not give a SINGLE SHIT about possibly THE SINGLE FUCKING MOST IMPORTANT SUBJECT WHYYYYYY... Okay so the teacher is kinda overworked as fuck lol. She can't really teach eighty kids at once so she mostly gives us exercises from websites but when she can she teaches us shit herself and actually knows a good bit about her field of study. She's usually pretty grumpy, understandably, but if you ask her a good question that makes her think you can see the passion there lol. So anyways that's a mood. Now at the other school it's even worse. They have this new asshole as a teacher that knows NOTHING about ANYTHING IT IS SO FUCKING REDICULOUS OH MY UUUUUGH... THEY STILL DON'T EVEN KNOW WHAT A FUCKING LOOP IS LIKE OKAY YOU'VE BEEN TEACHING PROGRAMMING FOR A YEAR AND YOU'RE THE ONLY ONE TEACHING IT AT THAT DISTRICT SO MAYBE YOU SHOULD AT LEAST FUCKING TRY WHAT IS WRONG WITH YOU... so he just makes them do shit from a website and obviously can't do half of the shit he assigns it's so fucking sad... I swear this district is supposed to be good but maybe not for the ONE THING I WANT IT TO BE GOOD FOR. Funny story: in elementary school once I wrote down school usernames for people I didn't really know and shared them a google doc that said "you have been hacked make a more secure password buddy" etc etc and made them the owner and these dull shits report it to the principal... So I'm in the principles office... Just a fucking dumb elementary school kid lol and the principal is like hAcKiNg Is BaD yOu ShOuLd NoT dO iT and I'm like how did you know it was me... so he goes on to say some bullshit about 'digital footprint' and 'tracing' me to it... he obviously has no clue what he's saying but anyways afterwards he points to where it says last change made by MY SCHOOL ACCOUNT... HOW DULL CAN YOU FUCKING POSSIBLY BE IT WAS FROM MY ACCOUNT THAT LITERALLY PROVED THAT I DID --NOT-- 'HACK' INTO THEIR ACCOUNT YOU DUMB FUCK. Okay so basically my school is a burning pile of garbage but it's better than most apparently but it's GARBAGE MY GOD... Please fucking tell me it gets better...

okay lol that was longer than I thought it would be guess I just needed to vent... later I guess
</rant>

Questions that are bothering me:
When a function that returns void returns, is any value from the stack frame copied into the register?
Is the return address in the stack frame even allocated, or is it nullptr?
Could a void function theoretically return a value if you hacked one into the frame?
Does the register even know to expect a value from a void function? If so, where is the logic for this and what is difference between a void and non-void function return at the stack frame & register level?
Any good books on this stuff?

Lately, I've been working in a web security company (mainly as a Support guy).
Going through tickets, I've found one golden gem, which helped me realising how dum customers are.

Since he's our customer, we try to keep stuff up-and-running at all times. If something goes bad, we fix it, and we need their passwords for stuff.
After the customer (somehow) got hacked again, he changed the password in panic.
Note the initial password was really, really good.
He emailed us the new password for "just in case".

The password is "hard-to-guess".

What. The. Actuall. Fuck.

What's next?
Setting the password "12345", activating 2-step-authentication and sending his phone in, along with his finger so we can unlock it with touch id?

Follow-up rant to my company. Today's day is fairly good, so let's talk about infra.

We're building upon an existing open-source project which is not intended to be extended (e.g. plugins).

Our backend-team somehow hacked symfony into the app, which made the actual work a little bit less annoying. But on the other side, there is absolutely no automation. Everything is setup by hand and I need to upload my sources to my dev-server and watch what files exactly are overwritten. Because if not, I accidentally overwrite core sources which will break the whole app, no matter what. If I forget what file I wrongly overwrote, I have no choice but to setup the core from scratch and apply our sources on-top, AGAIN.

The first time setup took me almost five days.
Oh yeah and the team shares one dev server, so whenever I feel like fucking with a mate, I can easily fuck up his system, since everyone has root-rights.

We're required to use windows, but our dev is linux and I am the only knowledgable linux guy. They need cheatsheets (to be fair, I need my powershell-cheatsheet).

We market the same app with some additional functionality, but we also have clients which require their own stuff. This case has never been thought-out, since for these specific clients, we also modify some core-parts. Which makes it a real hassle to add a basic new feature to that special customer.

At least our frontend is somewhat decent. Simple and without critical thinking, but it works and is decently understandable. I'll rant about that for another day, it's still tedious.

I know I won't stay there for long since I start my own stuff, but it's sad. Nothing is perfect and they _do_ want to make it better, but it's the usual "there is no time, client first" talk. On the other hand, they tell that we should be more efficient, but there is no way to be without looking back at the fundamental structure and what takes us so long.

I don't think I am able to change anything here and as I heard from co-workers, they already look for something new.

cheers

Back in the early noughties I had an interview for the new job. A couple days before the interview I've visited that company's website. There was search input. Of cause I've entered some hacky things into it. And after several attempts I hacked it. The site was down in an infinite loop.
Two days later I told interviewer about the bug and what I did to reproduce it. He was surprised and checked the website. It was still down the same way.
I was totally ashamed. I was supposed to report that problem somehow.
BTW I got the job:)

The it manager said that the site on my private vps where we are using a small tool as reference, is a security issue and what if it may be hacked... Well, from this point of perspective all the websites shall be switched off. The tool lovered the problem resolution from 30 to 2 minutes.. I have asked for on premise server before but noone gave a shit so I hosted on my private vps. I wont give it back for free, its a sure thing. Soon they will start to get the complains that its offline because the customer is using it for debugging too. I feel like IT and dev is really moving appart. They act as bunch of pathetic jelous guys who couldn't learn programming and ended up in installing windows on machines...

About a month ago, one billion of Yahoo Accounts has been compromised. Today I received two emails from yahoo in my gmail accounts, they were saying that my yahoo password has been changed and my recovery email has been removed (+ a lot of warning emails of old accounts of forum and games that were receiving unknown accesses, but nvm). In the email which informed me about the recovery, I saw a link that would have allowed me to restore the old account, but before to click I thought "Wait! I had like 10 yahoo accounts. What account am I saving?" I check, I read, I read again, but nothing, no information about it in the text. Nevermind, there's a link. This link will be related to a specific account. Right? Wrong. I click, it sends me in a generic page. The link is mute. I attach a screenshot, you can see where the link points in the left-bottom corner. So now I know that one of my accounts has been hacked, I don't know WHICH account has been hacked and I'm not able to recover my account. Luckily it wasn't my main inbox!

This is not a developer-related rant, but honestly, I'm annoyed, and this felt like the best place to vent.

My Twitter account has been suspended/restricted. I can still log in, but I can't tweet, follow people, anything.
No reason was given to me at all for my restriction, other than an automated reply when I attempted to appeal it stating they suspected my account of being hacked - an account I hadn't used in about a month, has a randomly generated 12 character password and has 2FA.

Here's the thing - I didn't grow up with Twitter, I've never really taken an interest in it, I only have my account to post dev stuff now and then as I know some over devs do - It felt like a good place to easily log what I'm currently working on and show off my work that I was proud of.

There aren't any other platforms I know of where I can do that, other than here (but my work consists of things that are also not dev related, so...)

I have no idea if I will get my Twitter account back; it's been over a week now since I attempted to appeal it with absolutely no response.

If anyone knows decent platforms where I can share my work and progress (dev, art, level design, etc.) and can use it sort of like a dev blog, I would greatly appreciate it.

I probably knew I wanted to be a dev/programmer in late highschool. I was fascinated by the underlying structure to what I see on a computer screen, and idolized those who "hacked" as a form of political rebellion.

Now I'm in my senior year in college as a Computer Engineering major because CS was ridiculously competitive at this college. I'm actually quite happy about this, because I feel I know more about computers in general by taking this path rather than CS.

When did we decide managing Users through Cloud REST architecture was more secure than having them in an underlying DB?

Because I can't put my finger on exactly why... but I don't like it and I think it's probably less secure... and just spawned from the need to be able to make user management a subscription based service like fucking everything? When a simple MySQL or postgres and some bcrypt somewhere would be both more secure and infinitely cheaper?

I'm more used to consuming REST API's than writing them. Can any you REST peeps help me understand how a REST API could be made as secure as a SQL DB connection for user management?

What do you think the attack vectors are for a REST API User Management? Like... what's the SQL injection of REST API? Pack some extra JSON somewhere or something?

At least if I can have faith my shit's not gonna get hacked because I have to use a 3rd party REST service for User Management of Users to my own fucking app I can maybe sleep tonight.

I could swear that the World Cup has been hacked.
What kind of attack you think it is ?

Anyone Know what the 'fixer for java' chrome extension does. How bad is it?

My boss had an extension called 'fixer for java' on her chrome browser. Now to me that sounds sketchy so I'm trying to find it online to see if the description or website can alleviate my worries about the boss getting hacked but I can't, does anyone know what the hell it is for, She's out of the office tomorrow so I'm gonna run all the virus scans but if i can get some information sooner that would be great.

thank you for your time.

I am so fucking done with Webstekker. This is one bad fucked up webhosting company in The Netherlands. In the past we had so many issues: managed hosting websites getting hacked (you can brute force.ftp etc they don't monitor anything), not restoring db views after they migrate a db server, week down time because they fucked something up etc. Last 2 years were ok but today I discovered that one of my money making adsense websites is running on a cms database from another website!! What the fuck?!! I haven't touched that site for at least 2 years and it was running fine.

No Webstekker I don't want to check all of ny websites every day to see if everything works properly. I want to trust you to do a proper managed hosting job. But you retards have proven to be incapable over and over again.

That said, anyone here can recommend a good, solid, trustable Dutch webhosting company for asp.net hosting on Windows?

I do run other sites on VPS but that is much more work for me and don't want to manage all (small) websites myself but unstead rely on a solid company with competent people to do that for me.

So... What's with SO?