Details
-
AboutI hope that people see me as a noble count or at least a vampire count I'm an electronics programmer (not the hardware that programs chips) and a Web developer ( usually editing than building nightmares)
-
SkillsC C++ basic php Html css
-
Locationbetween heaven and hell
Joined devRant on 11/8/2017
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Just before you, my fellow system programmer, scroll past this, let me say this:
🍬 The web is actiually simple. 🍬
Both HTML and CSS is declarative. It's all easy when you understand the concepts, learn how to be idiomatic and quit trying to do that imperative bullshit in languages that aren't imperative.
HTML is simple. You know the boilerplate: doctype, head, body, that's all. Just mark it up and do NOT look at it before you end, mark it up as it were article or something. The appearance is up to css.
CSS is simple. You may even forget bem or rscss, you're already a skilled software developer. Use common sense and your code-splitting and naming skills you gained reading The Code Complete or doing software development for years.
Forget mockups. Forget absolute positioning, forget setting width and height in pixels. Go to awwwards, find some inspiration. Draw some buttons and fields on paper with your good old pencil. Then go and write some css. Feel free to steal some shadows and transitions from codepen.
Read about 8-pixel grid system. Let every element push away from others by setting something like margin: 16px; and whoops! You've just got fully responsive and got great vertical rhythm without even using media queries!
Oh my god, do NEVER set width and height explicitly! Type something like button { width: 120px; } and bang! The entire web page is broken. Quit that shit. Let it resize as it should. It will resize itself to fit its contents.
HTML is by default ready for your template engine. That's how you receive data from server — as server-side rendered, plain old HTML page. On the other hand, the form element is the most axiomatic and simple way to send the data to server. That's how you send it — as plain old GET or POST that every webserver can handle.
All of there are true:
1. It's easy to get great 100% responsiveness without media queries.
2. It's easy to align items in row, it's just one line of css. Maybe two, if you still want elements to wrap, but want to use flexbox:
.parent {
display: flex;
flex-wrap: wrap;
}
3. HTML and CSS are fast by default.
4. You don't need mockups to achieve great visual experience. Mockups is imperative, web is declarative.
5. You may not even need JavaScript to make great website.
Go on, ask me a question about web! I'll ready to answer everything.21 -
Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜
Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.
First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.
Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.
Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.
Dealing with attacks and getting hacked.
Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.
linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)
How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!
One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)
Dealing with different kinds of attacks:
Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.
So yah, hereby :P39 -
I hope I'll be able to release the new/refreshed version of the security/privacy blog today.
Feel free to test stuff out and report back when it breaks!
Also, feel free to pentest it. The only thing I ask is to, if you find any vulnerabilities, report them instead of passing them to malicious people/abusing them.
And yes, post sorting will be fixed ;)24 -
I recently met a young fella (14yo) playing League of Legends. He asked:
- What do you do for a living?
- I'm a programmer, do you know anything about programming?
- I don't, actually.
Apparently he was playing from a LAN Gaming center 'cause he didn't have a computer at home (his computer had broken and these Lan centers are pretty affordable).
I figured I could explain to him what was it and what super powers you could get from it. Turns out I recommended a JS course in codecademy and now he goes to the LAN center every day to study programming (he got really into it!).
Now he always pings me with questions about JS and apparently he's learning a ton! He had almost no English skills too (we're Brazilian), and because most of the material in the internet is in English he found himself some free English courses and he's now taking them!
Knowledge is free on the internet and I guess he's just realized that.
Not exactly a rant guys, just figured it was a nice story to tell :)
#TeachAKidHowToCode57 -
Hello! Is this Gordon’s Pizza?
No sir, it’s Google’s Pizza.
Did I dial the wrong number?
No sir, Google bought the pizza store.
Oh, alright - then I’d like to place an order please.
Okay sir, do you want the usual?
The usual? You know what my usual is?
According to the caller ID, the last 15 times you’ve ordered a 12-slice with double-cheese, sausage, and thick crust.
Okay - that’s what I want this time too.
May I suggest that this time you order an 8-slice with ricotta, arugula, and tomato instead?
No, I hate vegetables.
But your cholesterol is not good.
How do you know?
Through the subscribers guide. We have the results of your blood tests for the last 7 years.
Maybe so, but I don’t want the pizza you suggest – I already take medicine for high cholesterol.
But you haven’t taken the medicine regularly. 4 months ago you purchased from Drugsale Network a box of only 30 tablets.
I bought more from another drugstore.
It’s not showing on your credit card sir.
I paid in cash.
But according to your bank statement you did not withdraw that much cash.
I have another source of cash.
This is not showing on your last tax form, unless you got it from an undeclared income source.
WHAT THE HELL? ENOUGH! I’m sick of Google, Facebook, Twitter, and WhatsApp. I’m going to an island without internet, where there’s no cellphone line, and no one to spy on me …
I understand sir, but you’ll need to renew your passport … it expired 5 weeks ago.16 -
I introduced git with hope that our team gets better
I introduced trello in hope that our team get better
I introduced gitlab in hope our team gets better
I introduced scrum in hope our team gets better
I'm losing hope...17 -
To all young freelancers in low-income countries: I want to share my experience, of 6 years working for a piss-poor country, and 6 years working in freelance, and then emigrating. Here's what you should watch out for, and what to expect:
My first salary was barely 1.5$ per hour. I lived in a piss-poor country that taught me a lot (like why it's piss-poor).
The main thing to note when you're a developer in such a country, is that you're being fucked. Your employer might scream at you and tell you how bad you are, while barely paying you. That is you ... being ... fucked. Gain some confidence with the help of friends and family, and a great effort from yourself, look at what freelance gigs you can find, and ditch anything related to jobs in your country.
Being a somewhat able developer, but with modest experience, I started my freelance gigs for 5$ per hour. Because I was lazy, and freelance gigs weren't exactly being thrown at me, I was making 100$ per week, AFTER the companies I worked for appreciated what I did and offered themselves to up my pay to 12$ per hour. Yep. I was lazy. You will likely get lazy in freelance too, so be prepared for this.
My luck changed when one of my clients became a full-time employer, at 15$ per hour, with a well organized team where I actually worked for 40 hours per week (I had already amassed 8 years of experience...). For people in first world countries that will seem laughable, but in my country I was king of the hill, getting paid more than government CEOs that ended up in the news as the "most well paid".
That was the top of the pyramid for international indie freelance, as I would later find out.
I didn't do stuff that was very difficult. In fact, I felt like my abilities were rotting while I worked there. I had to change something. So I started looking for better offers. I contacted many companies that were looking for a senior developer, and the interviews went well, and all was fine, except for my salary demands. I was asking for 25$ per hour. Nobody was willing to pay more than 15$ per hour. That's because of my competition - tons of developers in cheap-to-live countries that had the same, or more to offer, for the same rates. Globalization.
So I moved to Germany. As soon as I was legally able to work, I was hunted down by everybody. I was told that it takes a month to pass the whole hiring process in Germany. My experience demonstrated that 2-5 days is enough to get a signed contract with "Please start ASAP".
There is freelance in Germany as well. And in the US. And everywhere else. A "special" kind of freelance, where you have to reside locally. The rates that this freelance goes for is much, much higher than international freelance. I'd say that 100€ per hour is ok-ish. Some people (newbies, or foreigners who don't speak the language well) get less, around 60 or so. Smart experienced locals get around 150-200 or even more.
It's all there. Companies want good developers to solve their business problems with IT solutions, and they'll beg you to take their money if you can deliver that.
So code!
Learn!
Accummulate experience!
Screw the scumbags that screw you for 1-2$ per hour!
Anyone able to write something more than "Hello World!" deserves more.
Do the climb! There's literally room for everybody up there! There is so much to do, that I feel like there will never be too many developers.
Thank you for bearing with my long story. I hope it will help you make it shorter and more pleasant for you.11 -
Wan't your own personal devBanner?
Now you can have one!
We're building a powerful banner generator over here: https://devrant.com/collabs/...
The first version is up and running, still basic tho.
You can generate your own by calling this URL:
https://devrant.nuernberger.kim/api...
You'll have to replace "Kimmax" with your devrant name and the value after subtext with the extra text.
A cool domain is already on it's way!
We'll be working on a frontend and a ton of extra features to make this banner even more awesome.
If you got any nice ideas add them to the issue tracker here: https://github.com/cozyplanes/...
Have fun!95 -
When people talk about traveling to the past, they worry about changing the present by doing small things, but pretty much no one in the present thinks that they can change the future by doing something small.11
-
I want to pay respects to my favourite teacher by far.
I turned up at university as a pretty arrogant person. This was because I had about 6 years of self-taught programming experience, and the classes started from the ansolute basics. I turned up to my first classes and everything was extremely easy. I felt like I wouldn't learn anything for at least a year.
Then, I met one of my lecturers for the first time. He was about 50~60 years old and had been programming for all of his career. He was known by everyone to be really strict and we were told by other lecturers that it could be difficult for some people to be his student.
His classes were awesome. He was friendly, but took absolutely no shit, and told everything as it was. He had great stories from his life, which he used to throw out during the more boring computer science topics. He had extremely strict rules for our programming style, and bloody good reasons for all of them. If we didn't follow a clear rule on an assignment, he'd give us 0%. To prove how well this worked, nobody got 0%.
We eventually learned that he was that way because he used to work on real-time systems for the military, where if something didn't work then people could die.
This was exactly what I needed. In around one semester I went from a capable self-taught kid, to writing code that was clear, maintainable and fast, without being hacky.
I learned so much in just that small time, and I owe it all to him. So often when I write code now I think back to his rules. Even if I disagree with some, I learned to be strict and consistent.
Sadly, during the break between our first and second year, he passed away due to illness. There was so many lessons still to be learned from him, and there's now no teachers with enough knowledge to continue his best modules like compiler writing.
He is greatly missed, I've never had greater respect for a teacher than for him.21 -
To all Juniors here(myself included):
If you ever feel discouraged just remember that a few thousand irrelavant mongolian horse nomads managed to conquer half of the known world in less than a hundred years, destroying countless empires and cultures far more sophisticated than their own using nothing but their wits and their brutal willpower.
If they could build a realm from Korea to Poland usibg horses, you can build some software using keyboards.10 -
So... the US Govt. just released a shit ton of files on JFK assasination, and being the data hoarder that I am, I promptly requested a bulk download link...
Apparently I underestimated the "shit ton" part, coz each of these files is around 2.4GBs... and I dont have the data to download them :-D :-D
FML28 -
*Now that's what I call a Hacker*
MOTHER OF ALL AUTOMATIONS
This seems a long post. but you will definitely +1 the post after reading this.
xxx: OK, so, our build engineer has left for another company. The dude was literally living inside the terminal. You know, that type of a guy who loves Vim, creates diagrams in Dot and writes wiki-posts in Markdown... If something - anything - requires more than 90 seconds of his time, he writes a script to automate that.
xxx: So we're sitting here, looking through his, uhm, "legacy"
xxx: You're gonna love this
xxx: smack-my-bitch-up.sh - sends a text message "late at work" to his wife (apparently). Automatically picks reasons from an array of strings, randomly. Runs inside a cron-job. The job fires if there are active SSH-sessions on the server after 9pm with his login.
xxx: kumar-asshole.sh - scans the inbox for emails from "Kumar" (a DBA at our clients). Looks for keywords like "help", "trouble", "sorry" etc. If keywords are found - the script SSHes into the clients server and rolls back the staging database to the latest backup. Then sends a reply "no worries mate, be careful next time".
xxx: hangover.sh - another cron-job that is set to specific dates. Sends automated emails like "not feeling well/gonna work from home" etc. Adds a random "reason" from another predefined array of strings. Fires if there are no interactive sessions on the server at 8:45am.
xxx: (and the oscar goes to) fuckingcoffee.sh - this one waits exactly 17 seconds (!), then opens an SSH session to our coffee-machine (we had no frikin idea the coffee machine is on the network, runs linux and has SSHD up and running) and sends some weird gibberish to it. Looks binary. Turns out this thing starts brewing a mid-sized half-caf latte and waits another 24 (!) seconds before pouring it into a cup. The timing is exactly how long it takes to walk to the machine from the dudes desk.
xxx: holy sh*t I'm keeping those
Credit: http://bit.ly/1jcTuTT
The bash scripts weren't bogus, you can find his scripts on the this github URL:
https://github.com/narkoz/...56