AboutLinux/FOSS, cyber sec, privacy and programming guy. Hardstyle/rawstyle freak.
Joined devRant on 5/14/2016
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
I managed to get a group of people to use an open source and privacy respecting service instead of its proprietary (surveillance) competitors today.
The experience was good for everyone and I wouldn't be surprised if at least some people who participated will remember this good working FLOSS solution.
My work is done here for the day :)12
Microsoft motherfucking Windows. (even though its an OS, it's software)
It's always brought me tons of issues and I'm starting to think that Microsoft built in some AI system which identifies when a Windows disliker uses it and starts acting weird/producing issues since (I have to use windows for some stuff at work) I'm always getting issues that nobody else gets in my team, and I've had this since I started using it at all.
And the fact that it has a frontdoor (I don't even think this is a backdoor anymore) built in... I mean, I definitely did NOT give consent to reinstall Microsoft Edge and I don't want it either (it appeared without any updates).
Then, you cannot fully disable telemetry anymore which is kind of a hard requirement for my job, most of the time.
Yes, Microsoft (and) Windows can go die in a fucking fire.13
As for programming: (will do a cyber one later)
Don't *ALWAYS* only study/learn programming solely for learning it as this can be demotivating at times, find a cool project to do and learn while developing that!
This is how I learned programming in a fun way :)5
Managed to get a fucking meterpreter shell without human help for the first time today!
It was a VulnHub challenge, for the record, but damn that felt good!
For those who don't know; this is a remote command execution thing ran on compromised systems by (malicious) attackers using the Metasploit framework.
I have done tons of pentesting but not on system level so this is quite an accomplishment for me 😊4
None, for me, but that's why I work as a cybersecurity engineer and not a dev!
But, I do tons of side projects and the reason why I love it: it makes me feel like I'm in God mode. (and helps me solve quite some problems)
Quite ironic, for an atheist ;)4
The hell, why'd I write an add-on for a system I don't know as well while I could just implement a PHP version easily!?
Even if it is just to fucking prove that this can easily be done in PHP!5
Trying to reverse engineer an API.
Who on fucking earth thought it would be a good idea to let the response be JSON but.... THE VALUE OF THE MAIN INFORMATION THING/KEY PLAIN (UGLY AS HELL) HTML WITH EVEN GOOGLE TAGS BULLSHIT...
WHY?! THIS HURTS.
Waaaay too many but let's go with this one for now.
At my previous job there was a web application which was generating about 1gb of log data a second. Server was full and the 'fullstack engineers' we called had zero clue about backend stuff and couldn't fix it.
Me and another engineer worked our asses off to figure this out but eventually the logging stopped and it went back to normal.
For that moment. I was the on-call server engineer and at like 3am I got called awake because this shit was happening again.
Sleep drunk with my phone I ssh'd into the server, not sure about what to do at first but then suddenly: let's chattr the goddamn log file...
$ chattr +i /var/log/logfile
Bam, worked, done, back to sleep.
(this comment + param marks the file in a way that it can only be read until the mark is removed, so you can't write to it or move it or remove it or whatever)14
My family supported me all the way. Not per definition by buying me stuff but they always 'pushed' me to do what I love doing and I am now doing that!
But, I'm a huge privacy/cybersecurity freak and my family mostly migrated to Signal and stuff like that so that's awesome :)1
Hahaha, the DPC (Data Protection Commission) has asked Facebook in a letter to stop transferring Europeans' data to the US.
Since the Privacy Shield agreement is off the table, it's illegal regardless to send any kind of PII data from the EU to the US.
How about we stop nicely asking and start giving fines in the form of millions every time PII data is transferred from the EU to the US by Facebook?
If the EU could grow some balls, that'd be fucking great.17
A better experience? Really?
It looks like you're using more than 100 external parties for whatever fucking reason. It is nearly impossible to disallow these, except for some stuff like analytics, which I don't like since it includes mass surveillance parties like Google and Facebook, but I'd at least, to some extent, understand that better.
But, the amount of dark pattern here is staggering and this kind of 'consent' you're using wouldn't, in a million years, hold up under the GDPR.
You know what would be a better experience? No tracking and no ads.
Go fuck your better experience (would that be a better sex experience....?)4
A lot of docker containers.
I often have to use docker containers while I don't understand it as well yet and quite some containers literally come with zero documentation or bad docs.
This both as for how to set the containers up and how to debug stuff.
This is one of the big reasons why I'm not as big of a fan of docker yet.9
*le me wants to get an icon online*
*le me finds a good icon on a free icon site*
*the icon site does require a free account for downloads but this guy doesn't want to register just for getting an icon*
Inspect element -> copy base64 icon data -> paste into a base64 to file converter online:
Le me has the icon now!7
Jesus fucking christ, entering w3schools.com (don't ask) and I immediately get a cookie consent thing shoved in my face.
WHY?! Please don't tell me it's so I can get the 'best experience' because that's straight out bullshit. I don't need cookies and you fucking name it to get 'the best fucking experience' while looking up again how that one PHP or HTML or CSS or WHAT-THE-FUCK-EVER thing worked.
E-v-e-r-y GODDAMN site has this nowadays, to 'improve my experience' - I block ads anyways so what's the motherfucking point?!
Mother of FUCKING god.
!dev - cybersecurity related.
This is a semi hypothetical situation. I walked into this ad today and I know I'd have a conversation like this about this ad but I didn't this time, I had convo's like this, though.
*le me walking through the city centre with a friend*
*advertisement about a hearing aid which can be updated through remote connection (satellite according to the ad) pops up on screen*
Friend: Ohh that looks usefu.....
Me: Oh damn, what protocol would that use?
Does it use an encrypted connection?
How'd the receiving end parse the incoming data?
What kinda authentication might the receiving end use?
Me: What system would the hearing aid have?
Would it be easy to gain RCE (Remote Code Execution) to that system through the satellite connection and is this managed centrally?
Could you do mitm's maybe?
What data encoding would the transmissions/applications use?
Friend: nevermind.... ._________.
Cybersecurity mindset much...!11
Especially painful being a cybersecurity engineer;
Did something wrong with an if-statement.
Caused authentication to break completely; anyone could login as any user.
Was fixed veeeeeeery quickly 😅 (yes, was already live)8
I think this is both a blessing and a curse for me.
Whenever I'm developing something, I ALWAYS keep coming up with new (good) feature ideas WHILE programming. Now, this isn't as bad because they enrich the software/service mostly but goddamn, it's so fucking annoying when I'm working on a certain function/feature and I change stuff three motherfucking trillion times before finishing it because I keep coming up with fifteen billion new ideas.
In the end it's all worth it but at some moments it gets really fucking annoying.9
Question for people familiar/knowledgeable about hardware keys;
Do you know if the OnlyKey could be considered safe/secure and if not, any idea as for alternatives?
My requirements would be nearly all the features that OnlyKey has, water/shockproof and the system should at least be open source.6
No crazy prep, ever.
I always go in with a 'this is me, these are my skills, that's all you're going to get' mindset.
I of course do some research (about the company, their culture, technologies and stuff like that) but I find it kinda weird to spend a big amount of time on interview prep when there is a chance of rejection. (personal opinion)4
I think I ranted about this before but fuck it.
The love/hate relation I have with security in programming is funny. I am working as a cyber security engineer currently but I do loads of programming as well. Security is the most important factor for me while programming and I'd rather ship an application with less features than with more possibly vulnerable features.
But, sometimes I find it rather annoying when I want to write a new application (a web application where 90 percent of the application is the REST API), writing security checks takes up most of the time.
I'm working on a new (quick/fun) application right now and I've been at this for.... 3 hours I think and the first very simple functionality has finally been built, which took like 10 minutes. The rest of the 3 hours has been securing the application! And yes, I'm using a framework (my own) which has already loads of security features built-in but I need more and more specific security with this API.
Well, let's continue with securing this fucker!10
I suddenly remembered this after being gone from my previous company for nearly a year.
So, I worked there as a tech supporter and Linux engineer.
What would often happen was clients calling with an issue regarding software of some sorts and about half the time, instead of LOOKING AT THE GODDAMN ERROR MESSAGE they'd just click it away fast and complain shit wasn't working.
I specifically remember this one case:
*big client mails complained that one of their clients' email isn't working. Screenshots weren't possible apparently so after emailing back and forth for way too long, we decide to do a screen sharing session (which we never do).*
(for the record, already emailing for hours, client very frustrated, me as well because the behavior of the software sounds impossible)
Me: alright, close everything, then open it again so I can see what happens.
Client: *opens mail client, error appears, client clicks error away faster than an arch user being able to mention they use arch*
Me: uhm.... I assume you already know what that message said and that it has nothing to do with the issue?
Client: it has nothing to do with the issue.
Me: okay... But have you at least looked the message?
Client: no but it has nothing to do with the issue.
Me: but, how'd you know if you won't look at it?
Client: it has nothing to do with the issue, okay?
Me: okay.... so, what's happening here?
Client: the user isn't receiving email anymore at this point!
Me: alright, have you checked the settings and everything?
Client: of course, all good
Me: okay but can we at least restart the software again to at least check the error message?
Client: FINE. *restarts client (pun intended, of course)*
Error message: username or password incorrect, can't connect to the server.
Client:..... Right, I changed the password...
Client: *sets correct password*
*poof, error message gone*
Client:..... Thanks 💀
Me: you're welcome 😄
My current project. Won't reveal anything about it until I've got a usable version (which might take more than a month) but it would be a good way to give a middle finger to a big ass surveillance company.
It won't exactly match with their product since this is impossible for me to do as this would compromise user privacy but it'll come close enough!9
I take a moment for myself and assess the situation from a bird's view.
Then, I objectively look at the current situation and my response/reaction to this and try to change my thinking process/acting to a more rational one.
But, also, my general way of thinking in the cyber security world plus how I'm hardwired to think in a 'paranoid' kind of way makes my current job so fucking perfect for me that i often think about that and the fact that there aren't many people around who have this.1
Was already communicating with a recruiter and made her very clear (a gazillion times) that I don't want a Microsoft related job.
After a few months she calls me telling about this amazing opportunity; a Microsoft related job.
Told her what I told her fifteen quintillion times before and she responded very guilt trippy/offended because she spent so much time on working this out for me.
Fucking retarded and awkward.6
Oh for crying out loud, Github is stopping with the term 'master' due to its 'negative association'.
Can we please not pull everything out of goddamn context and not be a fucking offended special snowflake with ANYTHING that could potentially be thought of in a way that could be associated with slavery?!
If we're gonna do it like this I want to ask people of color not to use white/light themed websites/backgrounds.174
Disclaimer: I can't 'officially' verify this.
I've been using Firefox as main browser with about 5 addons for added privacy for ages now. When googles (fucking) reCaptcha takes more than a few minutes on Firefox (about 90 percent of the time, I'm estimating), I switch to Chromium (with the same amount of (similar) privacy addons) so I can go on with my stuff.
Now, I recently thought 'why not try to do user agent spoofing on Firefox to see if reCaptcha would start working 'normally'?
So, I installed a user agent spoofing addon on Firefox/Chromium, results:
Firefox reCaptcha success rate: 10 percent approx. (mostly 2+ minutes)
Chromium: 90 percent. (mostly instant)
Firefox: 90 percent approx.
Chromium: 10-20 percent approx.
Again, I can't prove any of this yet but mother of fucking god, whenever using Chromium or spoofing Chromium on Firefox the succession rate skyrockets.
Google, what the fuck are you up to?12
I think I have multiple but this guy stands out.
He was a fellow student at my software development study. Used primarily FOSS systems/software, not because he cared about ethics as much but because that way he could tinker with the software as much as he wanted.
He was always searching for new things to tweak, write, explore and so on. And he shared as much as he could with fellow students.
A few examples of what he did:
- wanted to change something about how Linux worked at its core (he mainly used debian based systems) so he learned how to write kernel modules and wrote his solution.
- wanted to be able to monitor his gas/power usage so he hacked an arduino thing into the power/gas meter and got it to send updates to a messenger at command.
- setup and automated mini data center because fuck it, fun to do.
His thinking was always very creative and to this day I still appreciate what he taught me on that!4