Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "hacked the fucking system"
-
TL;DR: I “hacked” my thermostat.
I’m stuck with an annoying roommate in college dorms who apparently always keeps the FUCKING thermostat at 80F. LIKE WHAT THE ACTUAL FUCK IS WRONG WITH HIM. Every time I change it to like 73F, he changes it back to 80F Heat.
Getting tired of his shit for over a semester, I decided to do something about it. I looked up the thermostat made by HoneyWell and downloaded the product manual of it. Turns out, they have a system override ability to remove the heating mode and change the maximum and minimum values of temperature.
BOOM! I removed the heating mode and changed the minimum value to 70 and max to 74.
It’s 2AM here and I can finally go to sleep without sweating my balls off. I’ll keep you guys updated on his reaction hahahaha.27 -
I was registering for a website, and on a whim, I used this as my username:
null'); PRINT('Hello');--
And sure enough, the login system went down. The next day it was still down, so I went to Twitter to tell the people running the site that this was why, but to my surprise, I see them saying they had been hacked.
Based on the timing, I'm pretty sure they're referring to this, but they are saying user info was stolen. *facepalm*
They later said they stored passwords salted with a fixed salt and hashed with fucking md5, at which point I was glad not to have done any more business with them.
How incompetent can these fucking people be?!14 -
ESTIMATING FUCKING HOURS.
Well not literally, that only takes 10 minutes.
But software estimation... anyone pretending to be good at it is a dirty liar. Adding a button? Uh, let's say 2 hours, I mean I gotta poop in between as well, and it's probably some broken bootstrap theme with hacked custom margins.
Building a commenting system coupled to an ancient CRM? Uh... maybe one day? Maybe a month? I don't even know what the CRMs looks like? You won't show me because "that's irrelevant"?
WELL THEN I DON'T FUCKING HAVE A CLUE.
And in the time we spent on discussing time estimations, I could have written like half of the feature... or zero... because you still haven't fucking shown me what the CRM API looks like.
YOU KNOW WHAT I'LL GIVE YOU AN ESTIMATION. ME. VACATION. DONE IN 6 WEEKS.6 -
Watch out for these fucking bug bounty idiots.
Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.
Might be useful for some people but not so much for me.
It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.
It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.
I had another one recently though that was a total disgrace.
"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."
It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.
The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.
In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.
It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.
It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.
These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.
The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.4 -
A friend of mine got an account hacked on Crunchyroll. Whenever he tried to login, the website told him that no account with his email existed. As I had two accounts, I tried something real quick. I logged in to the account I'm not using and tried to change the email address to a 10 minute mail. I logged into my own email account patiently waiting for a confirmation email. After 10 minutes I still hadn't received it. So I checked the 10 minute mail, and there it was. I can't describe how furious I got with Crunchyroll at that point. Are you for real? It's that easy? Fucking idiots. I hope the guy responsible for that system dies in a fire with a thousand rubber penises up his ass!7
-
Supervisor has me making a web app in this badass new stack called the LAP (linux, apache, php) stack because he would he would like the app to be "simple". He's spot on though.. having a three letter acronym saves so much time.... and then we don't need to worry about a database... or querying.... or efficiency.... or even the web app itself because clearly he expects the fucking code gods to come down and turn this piece of shit web app into a fucking masterpiece if he thinks this shit can be done based on a hacked together file management system. Please save me code gods4
-
These ignorant comments about arch are starting to get on my nerves.
You ranted or asked help about something exclusive to windows and someone pointed out they don't have that problem in arch and now you're annoyed?
Well maybe it's for good.
Next comes a very rough analogy, but imagine if someone posts "hey guys, I did a kg of coke and feeling bad, how do I detox?"
It takes one honest asshole to be like "well what if you didn't do coke?".
Replace the coke with windows.
Windows is a (mostly) closed source operating system owned by a for profit company with a very shady legal and ethical history.
What on earth could possibly go wrong?
Oh you get bsod's?
The system takes hours to update whenever the hell it wants, forces reboot and you can't stop it?
oh you got hacked because it has thousands of vulnerabilities?
wannacry on outdated windows versions paralyzed the uk health system?
oh no one can truly scrutinize it because it's closed source?
yet you wonder why people are assholes when you mention it? This thing is fucking cancer, it's hundreds of steps backwards in terms of human progress.
and one of the causes for its widespread usage are the savage marketing tactics they practiced early on. just google that shit up.
but no, linux users are assholes out to get you.
and how do people react to these honest comments? "let's make a meme out of it. let's deligitimize linux, linux users and devs are a bunch of neckbeards, end of story, watch this video of rms eating skin off his foot on a live conference"
short minded idiots.
I'm not gonna deny the challenges or limitations linux represents for the end user.
It does take time to learn how to use it properly.
Nvidia sometimes works like shit.
Tweaking is almost universally required.
A huge amount of games, or Adobe/Office/X products are not compatible.
The docs can be very obscure sometimes (I for one hate a couple of manpages)
But you get a system that:
* Boots way faster
* Is way more stable
* Is way way way more secure.
* Is accountable, as in, no chance to being forced to get exploited by some evil marketing shit.
In other words, you're fucking free.
You can even create your own version of the system, with total control of it, even profit with it.
I'm not sure the average end user cares about this, but this is a developer forum, so I think in all honesty every developer owes open source OS' (linux, freebsd, etc) major respect for being free and not being corporate horseshit.
Doctors have a hippocratic oath? Well maybe devs should have some form of oath too, some sworn commitment that they will try to improve society.
I do have some sympathy for the people that are forced to use windows, even though they know ideally isn't the ideal moral choice.
As in, their job forces it, or they don't have time or energy to learn an alternative.
At the very least, if you don't know what you're talking about, just stfu and read.
But I don't have one bit of sympathy for the rest.
I didn't even talk about arch itself.
Holy fucking shit, these people that think arch is too complicated.
What in the actual fuck.
I know what the problem is, the arch install instructions aren't copy paste commands.
Or they medium tutorial they found is outdated.
So yeah, the majority of the dev community is either too dumb or has very strong ADD to CAREFULLY and PATIENTLY read through the instructions.
I'll be honest, I wouldn't expect a freshman to follow the arch install guide and not get confused several times.
But this is an intermediate level (not megaexpert like some retards out there imply).
Yet arch is just too much. That's like saying "omg building a small airplane is sooooo complicated". Yeah well it's a fucking aerial vehicle. It's going to be a bit tough. But it's nowhere near as difficult as building a 747.
So because some devs are too dumb and talk shit, they just set the bar too low.
Or "if you try to learn how to build a plane you'll grow an aviator neckbeard". I'll grow a fucking beard if I want too.
I'm so thankful for arch because it has a great compromise between control and ease of install and use.
When I have a fresh install I only get *just* what I fucking need, no extra bullshit, no extra programs I know nothing about or need running on boot time, and that's how I boot way faster that ubuntu (which is way faster than windows already).
Configuring nvidia optimus was a major pain in the ass? Sure was, but I got it work the way I wanted to after some time.
Upgrading is also easy as pie, so really scratching my brain here trying to understand the real difficult of using arch.22 -
Fucking shit for brains authors that think the digital world is a fantasy realm where everything can happen just to aid their story. Out of boredom i watched "scorpion" today, a tv series about a group of geniusses which are a special case task force.
They got a visitor from the government saying the servers from the federal reserve bank were encrypted with ransomware. I already twitched when they said the economic system would collapse if the servers were left inoperational for a few days. Then one guy got to his desk and "hacked" the fed network to check... he then tried to remove the malware but "it changed itself when observed". But they got the magical fingerprint of the device that uploaded it. In the end some non-programmers created the malware, but it is super fast and dangerous because it runs on a quantum computer which makes it hyper fast and dangerous. They got to the quantum computer which was a glowing cube inside another cube with lasers going into it and they had to use mirrors to divert the lasers to slow down that quantum thingy. And be careful with that, otherwise it explodes. In the end the anti-malware battled the malware and won, all in a matter of minutes.
This is a multimillion hollywood production. How can a movie this abusive to computer science even air on television? Shit like this is the reason people still think the cyberworld is some instable thing that can explode any second. It's not, it's an instable thing that can break down any second. I remember "ghost in the wires" and people had surreal imaginations about the internet already. Shit like this is why people stay dumb and think everything can be done in seconds. If i ever should encounter one of these idiots i tell him i have an app that can publish his browser history by taking a picture of his phone and watch his reaction.
Time to shuw down the tv and learn vim again.11 -
>Working on code
>Shit works as intended first try, nice
>Goes to play strange bootleg Gameboy Color ROM sent by a friend
>ROM immediately fucking dies
wtf.svg
>Pop emulator's debugger
we're executing from VRAM, stack's firmly embedded in ROM
>why
>Add execution breakpoint to entrypoint of game, restart emulated system (because i'm actually using the legit bios i hacked so it allows null/corrupted games to run)
>Step through everything, everything goes well until all of a sudden we call a function and shit hits the goddamn fan
well we have the culprit
>step through subroutine
if <unused_byte_in_HRAM> != 0 then stackPointer+=32;tryAgain();else return
>***y***
>Realize this is using a bootleg Memory Bank Controller with hard-backed encryption so none of the bytes executed or read as data are the right byte
>Find emulator that'll handle the jank MBC
>read code to try and figure out how it works
if checksumExtendedLogoBlob == some_number then set MBC_Bootleg1 else if checksumExtendedLogoBlob == some_other_number then set MBC_Bootleg2 else if...
>of course
>Spend 10 minutes finding the right bootleg MBC
>code shows 8 possible tables for real bit order based on some value in the cart header
>look for code that gets this value
>not in the header
>not in ANY header in this 1000+ file emulator
>not in any related cpp files???
>get desperate
>email author
>"Delivery failed: email doesn't exist"
fuck me i guess2 -
Clueless child thinks he got hacked.
So me and my friend were just messing around in class and he says to this other guy that he "hacked him" as a joke. He showed him a CMD shortcut of the file saying "[guys name] OS SYSTEM." He fucking fell for it. He actually thought a cmd renamed shortcut was his OS system and my friend could access it. He tried to grab his computer and delete it. My friend thought he was joking so he opened it and the kid actually screamed. We burst out laughing and make a scene. The teacher got kinda triggered so we stopped haha.9 -
Follow-up rant to my company. Today's day is fairly good, so let's talk about infra.
We're building upon an existing open-source project which is not intended to be extended (e.g. plugins).
Our backend-team somehow hacked symfony into the app, which made the actual work a little bit less annoying. But on the other side, there is absolutely no automation. Everything is setup by hand and I need to upload my sources to my dev-server and watch what files exactly are overwritten. Because if not, I accidentally overwrite core sources which will break the whole app, no matter what. If I forget what file I wrongly overwrote, I have no choice but to setup the core from scratch and apply our sources on-top, AGAIN.
The first time setup took me almost five days.
Oh yeah and the team shares one dev server, so whenever I feel like fucking with a mate, I can easily fuck up his system, since everyone has root-rights.
We're required to use windows, but our dev is linux and I am the only knowledgable linux guy. They need cheatsheets (to be fair, I need my powershell-cheatsheet).
We market the same app with some additional functionality, but we also have clients which require their own stuff. This case has never been thought-out, since for these specific clients, we also modify some core-parts. Which makes it a real hassle to add a basic new feature to that special customer.
At least our frontend is somewhat decent. Simple and without critical thinking, but it works and is decently understandable. I'll rant about that for another day, it's still tedious.
I know I won't stay there for long since I start my own stuff, but it's sad. Nothing is perfect and they _do_ want to make it better, but it's the usual "there is no time, client first" talk. On the other hand, they tell that we should be more efficient, but there is no way to be without looking back at the fundamental structure and what takes us so long.
I don't think I am able to change anything here and as I heard from co-workers, they already look for something new.
cheers