Post Ak7GDOVAB5tDsXbH3Q by vxo@digipres.club
(DIR) More posts by vxo@digipres.club
(DIR) Post #Ak78qg2O7A05vSMSxM by foone@digipres.club
2024-07-20T06:59:50Z
14 likes, 17 repeats
good lord. I pulled a microSD card out of a Raspi inside an IoT product and it appears they had some developer use a raspi to develop/test some software, and then they just yanked the SD card out of that machine and duped it on to all of their deployed products.it's got .bash_history of the development process! there's git checkouts of private repos! WHY WOULD YOU DO THIS?
(DIR) Post #Ak790MswB4XpQBYuAK by otte_homan@theblower.au
2024-07-20T07:02:12Z
0 likes, 0 repeats
@foone because lowest bid on Fiverr ?
(DIR) Post #Ak7966bXca9sfKA2TY by foone@digipres.club
2024-07-20T07:03:02Z
2 likes, 0 repeats
I've also been able to de-stealth a "stealth startup" on linked in.because this has commits from different users, and I can just look up on linkedin what stealth-startup all those people work/worked at and then look at the name on the IoT box I'm holding
(DIR) Post #Ak79E85A0k9xZ6qD8y by askareth@mastodon.social
2024-07-20T07:04:57Z
0 likes, 0 repeats
@foone I'm very curious what it is now
(DIR) Post #Ak79N1PQBulFTVYfiq by foone@digipres.club
2024-07-20T07:06:28Z
4 likes, 0 repeats
also, you punks are writing python 2 code in 2021? come on, who does that?I mean, I do all the time, but I'm a known retrocomputerist. I run Windows 95 and MS-DOS regularly. of course I'm using a wildly outdated programming language. I'm not making a product I sell to customers!
(DIR) Post #Ak79TZmVJCSlofTq4G by foone@digipres.club
2024-07-20T07:07:15Z
2 likes, 0 repeats
oh cool you can pull the GPS history of a truck from azure without any login, you just need to know the device ID.
(DIR) Post #Ak79b0HFCENO1DOsqW by foone@digipres.club
2024-07-20T07:09:08Z
0 likes, 0 repeats
this might be UPS trucks. I should probably not query any of these GPS histories
(DIR) Post #Ak79gr3eO0BtAApeYS by foone@digipres.club
2024-07-20T07:10:04Z
1 likes, 0 repeats
also they're spamming 9 lines to syslog every minute.this is a microsd card in a raspi, guys! you are going to fry your fucking card by running out of write cycles. That's not a good idea in any raspi application, especially not an IoT one
(DIR) Post #Ak79miZ4sO1AYlKNRA by weargoggles@mastodon.social
2024-07-20T07:10:37Z
0 likes, 0 repeats
@foone One way to deal with “it works on my machine” is to make the developer write the code on the prod hardware, I suppose.
(DIR) Post #Ak79vGHLPckXRF6hNY by syn@ohai.social
2024-07-20T07:12:33Z
0 likes, 0 repeats
@foone is there browser history?
(DIR) Post #Ak7A2tf7NroZbwrrbU by GerhardD@olching.social
2024-07-20T07:14:12Z
0 likes, 0 repeats
@foone Please stop. It's too damn depressing. Or wait .... SHARE IT!
(DIR) Post #Ak7A99gcidYt2yYXom by charfish@mastodon.social
2024-07-20T07:14:56Z
0 likes, 0 repeats
@foone does it have a Bruno Mars mp3 on the filesystem? https://x.com/OverSoftNL/status/1357298938907353088
(DIR) Post #Ak7AGCG9YD2t3QX4jI by foone@digipres.club
2024-07-20T07:16:12Z
2 likes, 1 repeats
oh sweet jesus they logged into slack from this machine('s image)I have their chrome profile, with history and cookies and shit!
(DIR) Post #Ak7AMLEv4lRUdvsyCe by stevendbrewer@wandering.shop
2024-07-20T07:16:29Z
0 likes, 0 repeats
@foone The S in IoT is for "security".
(DIR) Post #Ak7AUrSfA0AEtSNOvg by cadey@pony.social
2024-07-20T07:17:59Z
0 likes, 0 repeats
@foone do you need an OVE?
(DIR) Post #Ak7AbM1ISOjHPHfjiy by foone@digipres.club
2024-07-20T07:18:32Z
0 likes, 1 repeats
this is deeply embarrassing. I have lists of their duckduckgo and google searches for the programming problems they were having building this product. no programmer should ever have that personal shame shared with the world. let alone included on every microSD card your company ships!
(DIR) Post #Ak7AiGmELga9AmvGIi by foone@digipres.club
2024-07-20T07:18:53Z
0 likes, 0 repeats
@cadey a what?
(DIR) Post #Ak7AvhjtPmfMYlEeo4 by xorn@mastodon.social
2024-07-20T07:19:22Z
0 likes, 0 repeats
@foone I work in video games and the products we make at my studio are generally considered to be held together with tape, glue, and broken promises. And then I look at people who are working on things like appliances and cars and their software is SO MUCH WORSE than our bad software.
(DIR) Post #Ak7B29hwLEmF2XOkIS by puck@mastodon.nz
2024-07-20T07:20:56Z
0 likes, 0 repeats
@foone ... saved passwords?
(DIR) Post #Ak7B8IqdGt777pOZF2 by cadey@pony.social
2024-07-20T07:21:32Z
0 likes, 0 repeats
@foone diet CVE
(DIR) Post #Ak7BKo5IxaLFTlDjCy by corbin@toot.community
2024-07-20T07:22:53Z
0 likes, 0 repeats
@foone bruh
(DIR) Post #Ak7BUqIFbQHLE23qk4 by foone@digipres.club
2024-07-20T07:23:31Z
3 likes, 0 repeats
oh sweet jesusthey automatically scp up some logs to a server somewhere. Did they set up keys so that authorized devices could log in automatically without passwords?NOPE THEY USED SSHPASS
(DIR) Post #Ak7BevprqrX7JHb1Pc by gsuberland@chaos.social
2024-07-20T07:24:54Z
0 likes, 0 repeats
@foone oh jeeeeez
(DIR) Post #Ak7BnQmuehItcjGbTM by foone@digipres.club
2024-07-20T07:27:21Z
2 likes, 2 repeats
I have a file here with multiple lines like:sudo sshpass -p PASSWORDHERE scp /path/system/network.log USERNAME@IPADDRESS:/home/manufacturing/
(DIR) Post #Ak7BnTonO9an1RAeK8 by foone@digipres.club
2024-07-20T07:30:03Z
3 likes, 2 repeats
well I'm putting this away so I don't accidentally hack them.
(DIR) Post #Ak7BvGc4MxP2Npvo2q by brezelradar@norden.social
2024-07-20T07:27:50Z
0 likes, 0 repeats
@foone "leave it so and mark the 'planned obsolescence' checkbox"
(DIR) Post #Ak7C16ie4FkzR3nAYK by t3rminus@calamity.world
2024-07-20T07:28:26Z
0 likes, 0 repeats
@foone holy dang that sounds… so bad. Just really, really bad. And Python 2??Damn. Whatever you’re looking at I pray I don’t own one…
(DIR) Post #Ak7CCCN9OBMQ9d1iZE by rakslice@mastodon.social
2024-07-20T07:30:37Z
0 likes, 0 repeats
@foone just an utter lack of people in the organization who knew what they were doing and I'm not even joking
(DIR) Post #Ak7CCEEiSVnnw360hM by rakslice@mastodon.social
2024-07-20T07:35:09Z
0 likes, 0 repeats
@foone like the proverbial project done by one precocious somebody's-relative or resourceful generalist grad student who doesn't know what they don't know and everyone else in the organization responsible for delivering the project as a product knows even less
(DIR) Post #Ak7CHq5t8HW4nRdsFk by foone@digipres.club
2024-07-20T07:30:39Z
0 likes, 0 repeats
@cadey nah. I didn't get this device legitimately, so I can't really report any security holes in it.
(DIR) Post #Ak7CVDXtFdUbIM7RUe by glyph@mastodon.social
2024-07-20T07:32:05Z
0 likes, 0 repeats
@foone this is truly amazing. it's very unfortunate that you can't just post it all because the individual engineers will get blamed, rather than their incandescently irresponsible management
(DIR) Post #Ak7CW39ZNIw5Lz8knw by joakimfors@mastodon.green
2024-07-20T07:32:07Z
0 likes, 0 repeats
@foone
(DIR) Post #Ak7CmPngwPWyE3i77Y by moreentropy@chaos.social
2024-07-20T07:38:20Z
0 likes, 0 repeats
@foone Raspbian could and should be so much better imho. They should have build their distribution into something more of a Debian based read only firmware image building system, disable almost all logging to sd by default etc. and educate about best practices.Now the internet is full of nice projects built on sd trashing ext4 r/w filesystems that should really be immutable firmware images.
(DIR) Post #Ak7CuF9mOkNTX0m6Ns by foone@digipres.club
2024-07-20T07:42:19Z
0 likes, 0 repeats
@panda could have individual keys per device and revoke them as the devices leave service. as it is, they can't do that without changing the passwords on every device
(DIR) Post #Ak7D1sZgF58zoJWxvM by MishaVanMollusq@sfba.social
2024-07-20T07:42:28Z
0 likes, 0 repeats
@foone Sweet Simian Zaius
(DIR) Post #Ak7D8FSE5YsqVa55e4 by truh@shark.community
2024-07-20T07:42:36Z
0 likes, 0 repeats
@foone had a coworker rewrite my python3 app in python2 so it runs on google app engine, in 2020 or so.Had to port it back to python3 later of course.
(DIR) Post #Ak7DFvj1KD9FdVbDuK by foone@digipres.club
2024-07-20T07:42:43Z
3 likes, 0 repeats
this is one of the many reasons I'm not a security researcher.it's a target rich environment.
(DIR) Post #Ak7DOdxYkJdX8yYSXY by dashasierra@mastodon.social
2024-07-20T07:42:56Z
0 likes, 0 repeats
@foone You know, I never get bored of your tech adventures. Stay awesome. 💜
(DIR) Post #Ak7DVqCBeSLJ7UpRGC by Sylvhem@eldritch.cafe
2024-07-20T07:43:38Z
0 likes, 0 repeats
@foone Hate it when my employer share my Slack session with hundred of customers.
(DIR) Post #Ak7DVuFWZzOBh0QA1A by lanodan@queer.hacktivis.me
2024-07-20T07:51:37.768932Z
1 likes, 0 repeats
@foone Kind of thing that is so bad I kind of wonder if it's a really weird attempt at an honeypot.
(DIR) Post #Ak7DcPII4M3biHoYmO by kirby@lab.nyanide.com
2024-07-20T07:54:38.448999Z
3 likes, 1 repeats
@foone LOG IN TO THEIR EMAIL AND START SENDING TONS OF SPAM YOU PUSSY
(DIR) Post #Ak7DkWCgGPRZSY3gMy by GroberUnfug2@mastodon.social
2024-07-20T07:48:16Z
0 likes, 0 repeats
@foone you botched a cool solution to a problem, Boss of course sells it and now you have to deliver something that an unwilling non Computer scientist can work with. NEXT WEEK.Now the dev System Image goes on live production computers everyone agrees and swears to kill of the botchwork with the next Update.Guess what. There won't be Updates cause production policies.First year goes good, second year comes nothing happens. Everything is fine. And now you dismantle that botchwork! 🤪🤣
(DIR) Post #Ak7DqR9VxLyZX0Opt2 by ciredutempsEsme@mamot.fr
2024-07-20T07:49:07Z
0 likes, 0 repeats
@foone i don't really understand completely what is explained but i read the thread as an excellent investigation and thriller movue. Thank you.🍿
(DIR) Post #Ak7DwTBZJHqLZgEl0q by randagodron@piaille.fr
2024-07-20T07:50:53Z
0 likes, 0 repeats
@foone lol better not talk about a company who sells emmbedded circuits for satellites, a friend checked two recently, boards where dirty as ***, covered in flux residue, lots of solder microballs hanging around (meaning they used too much solder paste and didn't follow their supplier's recommendations on solder masks) and bad solders making the board not functional without rework. Top space-grade shit, everything is fine 😅If we find products this bad on aerospace devices, I am not surprised that it's even worse in IoT ...
(DIR) Post #Ak7E5J6CBJ9othwCie by foone@digipres.club
2024-07-20T07:54:55Z
0 likes, 0 repeats
@randagodron they've got the excuse that no one will be able to tell, because their shit will be hiding in orbit
(DIR) Post #Ak7EUQa9UpGJLUvc4u by foone@digipres.club
2024-07-20T07:57:55Z
1 likes, 0 repeats
@kirby their company is only two cities over it would be trivial for them to find and arrest me!
(DIR) Post #Ak7EfP47TXHFpMB9CC by foone@digipres.club
2024-07-20T08:04:30Z
0 likes, 0 repeats
@thememesniper who needs a docker image? just clone the drive of the developer and ship that!
(DIR) Post #Ak7Egmoqe4A3mthAKe by m0xee@social.librem.one
2024-07-20T08:07:00Z
1 likes, 0 repeats
@foone People forget to clean up all the time! And shit makes it into repos and sometimes even into production images as in your case.This client was featured just yesterday on "This week in Fedi" and I'm not familiar with the whole Node.js ecosystem, but it seems to me that this is still just a log file that should have been added to .gitignore from the get go and thus never make it into the repo: https://github.com/Xyphyn/photon/blob/main/yarn-error.log
(DIR) Post #Ak7Ekr9STmNiNnHBRY by ozzelot@mstdn.social
2024-07-20T08:04:49Z
0 likes, 0 repeats
@foone The choice paralysis alone is insane!
(DIR) Post #Ak7EsP2CtwetUpU07E by ArneBab@rollenspiel.social
2024-07-20T08:06:12Z
0 likes, 0 repeats
@foone that’s why we need protection for people who report this stuff.You may want to talk to folks from @CCC to find the right process to get this off the road before it causes bodily harm.@cadey
(DIR) Post #Ak7F5ZP7etqFQCTp7g by jens@social.finkhaeuser.de
2024-07-20T08:07:41Z
1 likes, 1 repeats
@foone @kirby Share this info with someone and let them do the hack? No, no, that'd be a criminal conspiracy, I cannot recommend this.
(DIR) Post #Ak7FBTAvjLxZqAeeoa by randagodron@piaille.fr
2024-07-20T08:07:55Z
0 likes, 0 repeats
@foone and a general rule of thumb is to NEVER EVER use a raspi in production. These boards are notoriously unreliable. I regularly hear about startups that have outage problems because their IoT devices have faulty raspis. These were designed for education purposes, nothing more.
(DIR) Post #Ak7FK5KdkV1KUvIx5U by foone@digipres.club
2024-07-20T08:09:58Z
1 likes, 0 repeats
Also I'm a reverse engineer. There's no reverse engineering here!I unscrewed the box, pulled out the raspi, pulled the SD card out, put it in my laptop, and it automounted. I then looked at some files while making a disgusted face.That's not reverse engineering! That's just lookin'
(DIR) Post #Ak7FVXNhnnLGg2CQRE by VD15@pl.valkyrie.world
2024-07-20T08:16:02.386456Z
0 likes, 0 repeats
@foone it worked on his machine, so they shipped his machine
(DIR) Post #Ak7FnRQwedTZRWFgau by elronxenu@mastodon.cloud
2024-07-20T08:16:35Z
0 likes, 0 repeats
@foone I have done that. It was not pretty.
(DIR) Post #Ak7G26ZuTbl76YRBGi by foone@digipres.club
2024-07-20T08:17:49Z
0 likes, 0 repeats
Also this isn't the only opsec failure they've made but if I say what the other one is, you might be able to figure out what company this is. And if you can do that, they can too, and they might get mad at me
(DIR) Post #Ak7G3AbczGLhszkU6q by lanodan@queer.hacktivis.me
2024-07-20T08:21:40.854070Z
0 likes, 0 repeats
@punissuer @foone Yeah but it's a particularly strange kind of incompetence to end up using sshpass instead of keys, like how would you even end up doing this.
(DIR) Post #Ak7GDOVAB5tDsXbH3Q by vxo@digipres.club
2024-07-20T08:20:31Z
0 likes, 0 repeats
@foone way back when I was trying to fix a first generation Harris Broadcast HD radio exporter and found a bunch of rather revealing .bash_history and home directory entries. I found it pretty hilarious. Rushed to market? Neeeeeverrrrr
(DIR) Post #Ak7Grd0beyvsSHUbJo by elbosso@mastodon.social
2024-07-20T08:30:00Z
0 likes, 0 repeats
@foone #terrypratchett : it is not spying if you have to take few steps back in order not to turn deaf!
(DIR) Post #Ak7HJH0B4h1CJITSc4 by lanodan@queer.hacktivis.me
2024-07-20T08:35:47.716922Z
0 likes, 0 repeats
@punissuer @foone Nah, you could have a single key being cloned to all devices and it being fine, authorized_keys allows to set restrictions, for example only allowing certains commands, forbidding port forwards, … https://manned.org/sshd#head7Although that would mean competence on the sysadmin side of things, and it probably still would be a good idea to regenerate a new key once in a while (like say each image having it's own key).
(DIR) Post #Ak7HMtiZaNcxFqy4uW by timixretroplays@digipres.club
2024-07-20T08:33:05Z
0 likes, 0 repeats
@foone obverse engineering
(DIR) Post #Ak7HVHfiPSJfrZd8eO by foone@digipres.club
2024-07-20T08:34:47Z
0 likes, 0 repeats
@elronxenu yeah me too, how do you think I know this? :)
(DIR) Post #Ak7IQCFVFBDdYDVXF2 by PurpleBooth@hachyderm.io
2024-07-20T08:47:50Z
0 likes, 0 repeats
@foone oh my god, this is the real life example of the old joke "it works on my machine" "ok box it up and send it to the data center"
(DIR) Post #Ak7Is9Ei2TIoJbSs6a by janet_catcus@hachyderm.io
2024-07-20T08:52:53Z
0 likes, 0 repeats
@foone sounds like a classic "hey guys, im done with the prototype/proof of concept, how is your prese- why is there a desk _between_ our chairs?" scenario
(DIR) Post #Ak7JHYGy5hwlChdPn6 by grishka@friends.grishka.me
2024-07-20T08:57:22Z
0 likes, 0 repeats
WHY WOULD YOU DO THIS?Because you don't have enough experience in this field to know any better. And your self-esteem prevents you from looking for advice from those who do.
(DIR) Post #Ak7JNdf6xyGXekpWGO by tony@toot.hoyle.me.uk
2024-07-20T08:58:15Z
0 likes, 0 repeats
@fooneCompanies get mad because their security failings are pointed out all the time.. doesn't mean we shouldn't do it.
(DIR) Post #Ak7Jliv14f6QuQknpo by skyr@chaos.social
2024-07-20T09:02:56Z
0 likes, 0 repeats
@foone is it a hack if they willingly hand over the passwords? 🤔
(DIR) Post #Ak7Juyi5jNpCUZ7aNc by m@martinh.net
2024-07-20T09:04:24Z
0 likes, 0 repeats
@foone Galaxy brain take: Massive screwup or highly distributed redundant backup? :blobfoxwink:(had similar experience exploring the monitoring appliance for my solar panels)
(DIR) Post #Ak7KBHOu0YC55ov2Ke by Elwell@mast.hpc.social
2024-07-20T09:07:33Z
0 likes, 0 repeats
I suspect @foone is running a stealth marketing campaign here - I'm now wondering if I can buy one of whatever this is *just* to see how badly they've fucked up!
(DIR) Post #Ak7KIJOH0YkpI7ygsq by nini@bitbang.social
2024-07-20T09:08:17Z
0 likes, 0 repeats
@foone Cult of Good Enough.
(DIR) Post #Ak7KZ4L0E8UfWrRFXE by hp@mastodon.tmm.cx
2024-07-20T09:11:24Z
0 likes, 0 repeats
@foone half of reverse engineering is thinking to look though! 😄
(DIR) Post #Ak7KygPrmzwirnvYaO by erik@mastodon.infrageeks.social
2024-07-20T09:16:11Z
0 likes, 0 repeats
@foone This is the low-tech completely clueless version of « it worked on my machine »
(DIR) Post #Ak7L8D060jUgX1Poy8 by robelix@chaos.social
2024-07-20T09:18:19Z
0 likes, 0 repeats
@foone It works on Dave's computer.OK, let's deploy Dave's computer.
(DIR) Post #Ak7LF4qwhZIRI0PWqm by icedquinn@blob.cat
2024-07-20T09:20:24.452532Z
0 likes, 0 repeats
well this thread was cyberpunk as fuck and then they just gave up :neocat_laptop_owo: :blobfoxcomputerowonotice:
(DIR) Post #Ak7LWbJBHpAEs3yPdQ by foone@digipres.club
2024-07-20T09:21:52Z
0 likes, 0 repeats
@stibbons that's always a good step: asking for help!
(DIR) Post #Ak7LjF1ZRuutWTlQ24 by Ryanteck@fosstodon.org
2024-07-20T09:24:58Z
0 likes, 0 repeats
@foone This is rather common and annoying.RasPi actually did provide a tool to generate a fresh image with all of your changes too.
(DIR) Post #Ak7MTtZx06nEca5i88 by chikim@mastodon.social
2024-07-20T09:33:01Z
0 likes, 0 repeats
@FreakyFwoof @foone Maybe they're trying to shorten the duration of working condition, so people buy it again. lol
(DIR) Post #Ak7MdgvCulSuGHhl2G by JLab8@mastodon.gamedev.place
2024-07-20T09:33:25Z
0 likes, 0 repeats
@foone try 2024. 😭😭😭😭Really is a combination fault of the language- WHY BREAK EXISTING CODE WITH A NEW VERSION? WHY?And the team that decided that using a language that is happy to break your codebase for a massive engineering project with an expected long lifespan of active development.
(DIR) Post #Ak7N0UYP41OkZ1uVns by f4grx@chaos.social
2024-07-20T09:38:57Z
0 likes, 0 repeats
@foone àaaaaaaaaaaaaaaaa
(DIR) Post #Ak7NPmy9jVfyuy1DdY by f4grx@chaos.social
2024-07-20T09:43:35Z
0 likes, 0 repeats
@foone the "find out" phase
(DIR) Post #Ak7Naukt7p36Fd7Mki by category@eattherich.club
2024-07-20T09:45:38Z
0 likes, 0 repeats
@foone Developer: "it works on my machine"Manager: "yes, but we can't sell your computer to every customer"Developer: "can't we?" [[SD card cloning intensifies]]
(DIR) Post #Ak7OfL6DDkwx4GlXiC by henryk@chaos.social
2024-07-20T09:57:44Z
0 likes, 0 repeats
@foone *shrug* "It works on my machine." "Ok, let's ship your machine."
(DIR) Post #Ak7RHKIWqfB1UklgjA by firefly@frogs.lgbt
2024-07-20T10:27:04Z
0 likes, 0 repeats
@foone idk, *un*screwing boxes? that sounds like engineering in reverse to me,
(DIR) Post #Ak7Rf9rLJHdG4RPqYC by NormanDunbar@mastodon.scot
2024-07-20T10:31:05Z
0 likes, 0 repeats
@foone Good thread, thanks. Have you, by any chance, advised the company in question, and offered your services for a decent fee? 😉
(DIR) Post #Ak7RmZwuhtPd0vYn68 by Shrigglepuss@godforsaken.website
2024-07-20T10:32:25Z
0 likes, 0 repeats
@foone :blimey:
(DIR) Post #Ak7RyRTy0pZmEHg4A4 by foone@digipres.club
2024-07-20T10:34:44Z
0 likes, 0 repeats
@NormanDunbar nah! I don't do security stuff professionally. Plus I don't want them to know I exist
(DIR) Post #Ak7SD4xm1LLGjNbB2m by NormanDunbar@mastodon.scot
2024-07-20T10:35:25Z
0 likes, 0 repeats
@foone Seems a fair point. Cheers.
(DIR) Post #Ak7SJiMSS6IQexJC52 by NormanDunbar@mastodon.scot
2024-07-20T10:36:24Z
0 likes, 0 repeats
@foone Mind you, it sounds like this company doesn't do security either!
(DIR) Post #Ak7SSvmluTcgtv0ls0 by mekkermuis@troet.cafe
2024-07-20T10:40:01Z
0 likes, 0 repeats
@foone was this from a device supplied by #crowdstrike ?
(DIR) Post #Ak7SjDetE7RUxx5jo8 by christopherbrown@mastodon.social
2024-07-20T10:43:24Z
0 likes, 0 repeats
@foone Thank you for writing this up. Even in the more abstract, it’s still instructional on what not to do.
(DIR) Post #Ak7SsB9DvmThmkYIds by odoruhako@mastodon.social
2024-07-20T10:44:17Z
0 likes, 0 repeats
@foone That's my kind of open source. Not 'provided as is' but 'provided with an extensive audit trail'. :D
(DIR) Post #Ak7T4facZgI5frK6nw by Seruko@mstdn.social
2024-07-20T10:46:43Z
0 likes, 0 repeats
@foone these are the same people who want to replace employees with auto complete. Checks out
(DIR) Post #Ak7U1HVHllHY3emA0u by ch2500@chaos.social
2024-07-20T10:57:48Z
0 likes, 0 repeats
@foone maybe they are... not making a product to sell to customers? :)
(DIR) Post #Ak7UIpFdY9EdeBp1fs by Steveg58@aus.social
2024-07-20T11:00:00Z
0 likes, 0 repeats
@foone Because Devs have absolutely no idea about building a release. They tend to give the job to the most junior person because "it isn't proper dev work" and "how hard can it be". I once went into a Medical Software company ans their first professional Configuration Manager. This is software with a high litigation value. The last release build by the devs took 3 days and they were not able to tell the testers what changes were included. I got it down to 3 hours including comprehensive release notes. Didn't stop one of the directors (an ex dev himself) telling me to "throw out your process we need this done as soon as possible".
(DIR) Post #Ak7UXjZ4yRoOM41bGK by mxk@hachyderm.io
2024-07-20T11:03:37Z
0 likes, 0 repeats
@foone 😂 I thought 9 lines to syslog isn't that bad, but then I forgot, that not everyone uses a handwritten pure in memory syslogd
(DIR) Post #Ak7Ue81Sx9oZwmLrUG by ppxl@social.tchncs.de
2024-07-20T11:04:06Z
0 likes, 0 repeats
@foone yeah I did that once measuring temperature and while being on vacation I remembered that I left it on. On the 3rd vac day the raspis died and I only thought of a house fire 😅
(DIR) Post #Ak7UlvG2ITSYfpsokq by viq@social.hackerspace.pl
2024-07-20T11:06:22Z
0 likes, 0 repeats
@fooneThere are jokes about "it works on my laptop" "we'll just ship your laptop to production then"Well, apparently someone didn't realise it wasn't supposed to be serious advice.
(DIR) Post #Ak7VKU9l3ClqkwQYzY by chris_bloke@mastodon.acm.org
2024-07-20T11:12:24Z
0 likes, 0 repeats
@foone “look when we said it wanted to make this open source this wasn’t what we meant”
(DIR) Post #Ak7Vo0CB0e3kWNdKpU by lvl3k@mastodon.social
2024-07-20T11:17:59Z
0 likes, 0 repeats
@foone Raspi? I have no clue. Nvidia Jetson? I totally understand.
(DIR) Post #Ak7XILzOe27qktgysS by sen@gnulinux.social
2024-07-20T11:34:09Z
0 likes, 0 repeats
@foone There are 2 kinds of Embedded Linux developers, those that know about the initramfs, and those that will be buried in the ashes of eternity. 🫠
(DIR) Post #Ak7XjBoyYcVf2Rc9ei by fink@chaos.social
2024-07-20T11:39:16Z
0 likes, 0 repeats
@foone Features, features, Features! Customers ain't paying for this quality thingy!
(DIR) Post #Ak7YvTMBHoHUqxZCFM by gadgetoid@fosstodon.org
2024-07-20T11:51:05Z
0 likes, 0 repeats
@foone this entire thread summarises why I try very hard not to deploy anything that isn’t CI automatable in a public git repo. I could *easily* be this incompetent!
(DIR) Post #Ak7dso2sPRzFv65L9c by dragonarchitect@rubber.social
2024-07-20T12:48:00Z
0 likes, 0 repeats
@foone My guess is they didn't even know about .bash_history
(DIR) Post #Ak7fCdvXq30KHhg8Aq by carbontwelve@notacult.social
2024-07-20T12:59:28Z
0 likes, 0 repeats
@foone its threads like this that keep my imposter syndrome in check.
(DIR) Post #Ak7fUEOdV3vwJZfkqe by sci_photos@troet.cafe
2024-07-20T13:05:13Z
0 likes, 0 repeats
@foone 🥴
(DIR) Post #Ak7fiTRKMjkX1cis8O by colin@mastodon.colincogle.name
2024-07-20T13:05:43Z
0 likes, 0 repeats
@foone Too bad you’re a nice person and won’t dd a disk image and share it via BitTorrent for, let’s say, distributed research purposes.This doesn’t sound like any IoT product I own, thankfully, but I hope this gets reported properly.
(DIR) Post #Ak7g0Qy6IEI2ZZcGEy by suetanvil@freeradical.zone
2024-07-20T13:09:28Z
0 likes, 0 repeats
@foone I use it out of spite. No, Mr. I'm-Gonna-Break-Your-Code-So-I-Can-Put-Brackets-On-Print, I'm not gonna upgrade to something you can't be bothered to fix correctly! Heck you!
(DIR) Post #Ak7gE3JZ2AwtGY9Js8 by tina@mastodon.babb.no
2024-07-20T13:10:14Z
0 likes, 0 repeats
@foone After THIS weeks "news", you ask THAT? ;)"There's no procedure anymore. It's a fucking disgrace ... " - Torchwood.
(DIR) Post #Ak7gMZsZqKgUa2ajke by DocBohn@techhub.social
2024-07-20T13:16:01Z
0 likes, 0 repeats
@foone Maybe they took this idea and decided to skip the part where you have to configure Docker.
(DIR) Post #Ak7gYpE6bltDebV9BQ by poleguy@mastodon.social
2024-07-20T13:17:26Z
0 likes, 0 repeats
@foone I imagine the developer was being paid by the hour. The manager asked for a demo, saw that it worked and stopped paying the dev. Then he got his kid to duplicate the setup for him.
(DIR) Post #Ak7hBn5SUqWAJQ2M88 by bcasiello@floss.social
2024-07-20T13:23:26Z
0 likes, 0 repeats
@foone @catsalad "Ship it today or you're fired, Jenkins!"
(DIR) Post #Ak7hKT3GMCQomP9COu by ClickyMcTicker@hachyderm.io
2024-07-20T13:26:55Z
0 likes, 0 repeats
@foone This is basically Yes Man from Fallout New Vegas. If you open the door he’s just sitting there with root access to everything, waiting for a command.
(DIR) Post #Ak7hQ0m8Ot84otmNSi by oliof@hachyderm.io
2024-07-20T13:27:27Z
0 likes, 0 repeats
@foone back in, uhh, 2012, I got to review a prerelease security product for MacOS, and the installer for the binaries also included the full set of repos. The installer itself failed to install the binaries correctly, which is how I looked into what it did in fact, do drop on disk ...
(DIR) Post #Ak7jz4g65A7yy2noEy by winterschon@mastodon.bsd.cafe
2024-07-20T13:56:32Z
0 likes, 0 repeats
@foone lol, yep... here's another vector:I buy a decent amount of used enterprise hardware on ebay. guess how many former owner's ssh logins, smtp relays, bmc logins that I've come across? hahaha it's a lot.
(DIR) Post #Ak7klo5OYkOBhKsAam by asbestos@toot.community
2024-07-20T14:05:05Z
0 likes, 0 repeats
@foone@artemisWhen I see something like that, where they didn't take just that little bit of time to do a decent job, I wonder how many other corners were cut in the rest of the product.
(DIR) Post #Ak7ktVGuOW1XfAvbGK by mycotropic@beige.party
2024-07-20T14:06:27Z
0 likes, 0 repeats
@foone Oh God, does this mean I should take my Haier stove apart and reverse engineer the asinine protocol they use to make half of the functions require the use of the worst app ever written?#FuckGE by the way.
(DIR) Post #Ak7mVJlLjVAuvWlHou by mistersql@mastodon.social
2024-07-20T14:24:15Z
0 likes, 0 repeats
@foone It works on my machine! Ok let's ship your machine!
(DIR) Post #Ak7mcV2mBkWfwRKzGS by kae_bytheocean@slime.global
2024-07-20T14:24:45Z
0 likes, 0 repeats
@foone this is somehow the worst part of it all
(DIR) Post #Ak7nq63XzL4mS6kHgW by aardvark@ioc.exchange
2024-07-20T14:39:51Z
0 likes, 0 repeats
@foone you could go anonymous through a disclosure intermediary like ZDI…
(DIR) Post #Ak7pCRaIj9FxXvHmCm by vkc@linuxmom.net
2024-07-20T14:54:18Z
0 likes, 0 repeats
@foone move fast, expose things?
(DIR) Post #Ak7puBxoANTzqB8qMi by md@chaos.social
2024-07-20T15:02:18Z
0 likes, 0 repeats
@foone open source development :)
(DIR) Post #Ak7qU6LsVZO2rRWUvg by TrillionB@mstdn.social
2024-07-20T15:08:53Z
0 likes, 0 repeats
@foone As a dirty casual, I'm amazed (ok, not really) at the depth of arcane knowledge needed to avoid even basic mistakes/weaknesses when developing.Oh, our product encodes a bunch of machine info in the outputs (compiled objects, images, whatever).Yep, this one let's a developer specify where the logs are stored. By default, it's the same as source files (so they get pushed to any repo).Etc.It's a damned minefield. Learn our tool. Then five years later learn how screwed you are.
(DIR) Post #Ak7qpDgMRuYXg2Aq5g by whitequark@mastodon.social
2024-07-20T15:08:39Z
0 likes, 0 repeats
@foone can i have a copy please?~
(DIR) Post #Ak7qxILQzwVCSDEhWq by bshah@fosstodon.org
2024-07-20T15:14:04Z
0 likes, 0 repeats
@foone please tell me at least they're out of business?
(DIR) Post #Ak7r48jt6rzogpwDVg by rasur@mastodon.social
2024-07-20T15:11:23Z
0 likes, 0 repeats
@foone "Forgive them, Father, for they know not what they hath wrought" :_(
(DIR) Post #Ak7rgiuZ4RoxsdKWFE by pleidos@rollenspiel.social
2024-07-20T15:22:10Z
0 likes, 0 repeats
@foone „WHY WOULD YOU DO THIS?“:Because basically nobody cares about the crappiness of crappy IoT devices. So why should being not as crappy as the state of the art be a development goal?
(DIR) Post #Ak7s5cD17wPAKgpXjE by engarneering@floss.social
2024-07-20T15:24:30Z
0 likes, 0 repeats
@foone planned obsolecence or support contract nonsense. Lol, soooo many people dont know this
(DIR) Post #Ak7sRY7izsGA26oWIK by gkrnours@mastodon.gamedev.place
2024-07-20T15:30:46Z
0 likes, 0 repeats
@foone 🤣
(DIR) Post #Ak7tGRrC3WHBMlLsgq by dzwiedziu@mastodon.social
2024-07-20T15:40:08Z
0 likes, 0 repeats
@foone
(DIR) Post #Ak7uNJa9JtnlgQDYwq by Parke@mastodon.social
2024-07-20T15:53:16Z
0 likes, 0 repeats
@foone this is the part where I started laughing.
(DIR) Post #Ak7uUTplbO6xVQwIvw by bswolf@hachyderm.io
2024-07-20T15:53:15Z
0 likes, 0 repeats
@foone
(DIR) Post #Ak7viNKcfrQDLcYskK by yngmar@social.tchncs.de
2024-07-20T16:07:47Z
0 likes, 0 repeats
@foone It's how generation Docker works :-P
(DIR) Post #Ak7yI7aKtem4qO5HG4 by __jz@troet.cafe
2024-07-20T16:35:24Z
0 likes, 0 repeats
@fooneDoes this by any chance have data from a region where GDPR applies?
(DIR) Post #Ak7yUu70IhUwp3SY8O by Ash_Crow@mastodon.social
2024-07-20T16:38:00Z
0 likes, 0 repeats
@foone @panda if they left the devs' .bash_history copied on every device what are the chances that they used unique SSH keys?
(DIR) Post #Ak7yYZCVzPmn7smejw by jimp@masto.ai
2024-07-20T16:37:57Z
0 likes, 0 repeats
@foone QA: "I can't get this to work."Dev: "It works on my machine."[Monkey paw curls]
(DIR) Post #Ak7z8xMncQUKV4wiyu by tofugolem@mastodon.social
2024-07-20T16:45:50Z
0 likes, 0 repeats
@foone This is why my IoT stuff is on a subnet.
(DIR) Post #Ak7zGRQ2HemHjU1rRg by Nagaram@hachyderm.io
2024-07-20T16:46:17Z
0 likes, 0 repeats
@fooneRip homie.
(DIR) Post #Ak80G37giPsWKmp9CC by hazelnot@sunbeam.city
2024-07-20T16:58:51Z
0 likes, 0 repeats
@foone @cadey theft 😳
(DIR) Post #Ak80WFXyI7ShV2qJYO by pseudonym@mastodon.online
2024-07-20T17:00:45Z
0 likes, 0 repeats
@foone As always, you are my hero. This is jaw-dropping bad.Play some old Lode Runner on an Apple ][ emulator for brain bleach. Nice find. #infosecSee if they have a bug bounty program. They won't, given these kinds of findings, but clearly they should.
(DIR) Post #Ak81hxqm0ruq2kmrKq by benbe@social.chaotikum.org
2024-07-20T17:14:55Z
0 likes, 0 repeats
@foone As they say: The S in IoT is for Security …
(DIR) Post #Ak85Jwh142WVJw1ecq by Andres@mastodon.hardcoredevs.com
2024-07-20T17:55:25Z
0 likes, 0 repeats
@foone Sound like it was:"It's working on my machine, just don't touch a thing and send it"
(DIR) Post #Ak878LaasFFAy7cQee by foone@digipres.club
2024-07-20T18:16:08Z
0 likes, 0 repeats
@__jz sadly not. I keep saying California should join the EU but no one listens to me
(DIR) Post #Ak8A3Q7MuPklQdI7Ie by thomastc@mastodon.gamedev.place
2024-07-20T18:48:31Z
0 likes, 0 repeats
@foone Did you find anything that might put other users of this crap product at risk? If so, please consider starting some responsible disclosure process.
(DIR) Post #Ak8AphgGuh3pnbdkjg by foone@digipres.club
2024-07-20T18:57:27Z
0 likes, 0 repeats
I just noticed this is how they heatsinked that raspberry pi I yanked the SD card out of.
(DIR) Post #Ak8B9uunQ0BodV4Xpo by Viss@mastodon.social
2024-07-20T18:59:27Z
0 likes, 0 repeats
@foone what did this iot product do?
(DIR) Post #Ak8BKeh04csbVZjvnM by k80@mastodon.online
2024-07-20T19:00:28Z
0 likes, 0 repeats
@foone was it vertically mounted? I wonder if the adhesive started to fail and it tipped overEither way, it’s *disgusting* how they treated their product and customers.
(DIR) Post #Ak8BZfufom07daIUrY by jordan@sometimes.social
2024-07-20T19:01:21Z
0 likes, 0 repeats
@foone Secretly terrified this is a former employer's handiwork
(DIR) Post #Ak8BakssoxNZLQyVsG by moira@mastodon.murkworks.net
2024-07-20T19:01:16Z
0 likes, 0 repeats
@foone the fact that it's stayed on is by itself kind of impressive
(DIR) Post #Ak8BbWDOqUiW8fw3sW by funkylab@mastodon.social
2024-07-20T19:01:04Z
0 likes, 0 repeats
@foone well, I don't want to say it, but, if I read your posts, I might come to the conclusion that this device was not carefully designed nor built at all!
(DIR) Post #Ak8BbYIn5QDYbyTOYi by funkylab@mastodon.social
2024-07-20T19:04:49Z
0 likes, 0 repeats
@foone You mean just build a shoody IoT product?You really think someone would do that?
(DIR) Post #Ak8CIuf3pbC6PRZ8SW by darkling@mstdn.social
2024-07-20T19:14:06Z
0 likes, 0 repeats
@foone The heatsink is tilted like that to ensure that the caloric fluid runs off properly.
(DIR) Post #Ak8CVoET2rGgEdHC4m by lnwirz@mastodon.social
2024-07-20T19:15:30Z
0 likes, 0 repeats
@foone I'd also be slightly surprised if the heat sink on the EMI shield was required ...
(DIR) Post #Ak8CsdRVKLSrQpG5Lc by glyph@mastodon.social
2024-07-20T19:20:26Z
0 likes, 0 repeats
@foone this level of both software & hardware gore is bordering on needing a CW
(DIR) Post #Ak8D0LcLU69iSs0Ubo by MenhirMike@mastodon.social
2024-07-20T19:20:32Z
0 likes, 0 repeats
@foone From that angle it almost looks like it's actually a Li-Ion Laptop battery bulging rather than a heatsinked chip.
(DIR) Post #Ak8D6a3IjH4WyFaTDM by admitsWrongIfProven@qoto.org
2024-07-20T19:22:06Z
0 likes, 0 repeats
@foone Tips heatsink M'croprocessor
(DIR) Post #Ak8DOXMbSqpxqQB6K8 by richlowe@hachyderm.io
2024-07-20T19:25:39Z
0 likes, 0 repeats
@foone heatsinked? heatsunk? heatsank?
(DIR) Post #Ak8E2Sb2bjzIduy4wa by sudo_whoami@mastodon.social
2024-07-20T19:33:12Z
0 likes, 0 repeats
@foone the heatsink on the WiFi module shield is a nice touch
(DIR) Post #Ak8FhFjDSKFgYmo5yq by parsley@mastodon.nz
2024-07-20T19:51:52Z
0 likes, 0 repeats
@foone are there any dates in there that reveal when it was developed? Not just 10 year old code.
(DIR) Post #Ak8H3wzlN4XZ4hvxIG by oscillik@mstdn.social
2024-07-20T20:07:22Z
0 likes, 0 repeats
@foone perfectly cromulent
(DIR) Post #Ak8HnsuaswdZjPQ2dc by lethal_guitar@mastodon.social
2024-07-20T20:15:02Z
0 likes, 0 repeats
@foone this whole thing feels like a dev handed someone else at the company a Raspi saying "here's my first working prototype, let me know what you think". Next day: "So, did it work ok?" "Oh yeah, works great. We've put it into mass production now." "You did what?!"
(DIR) Post #Ak8IHBC5zVfkpZZf2e by foone@digipres.club
2024-07-20T20:20:32Z
0 likes, 0 repeats
@parsley all the timestamps point to 2021-2023
(DIR) Post #Ak8IUpGGKjgSrU1vzU by parsley@mastodon.nz
2024-07-20T20:21:07Z
0 likes, 0 repeats
@foone oh no.
(DIR) Post #Ak8LxnXo60yxnSk8jA by wauz@mastodon.de
2024-07-20T20:59:09Z
0 likes, 0 repeats
@fooneIsn't that called an easter egg?@werawelt
(DIR) Post #Ak8MPtuO1m6rdwhllw by scibidoo@aus.social
2024-07-20T21:06:47Z
0 likes, 0 repeats
@foone 🤠🤠🤠🤠🤠💀
(DIR) Post #Ak8NwOCL2zBso09p32 by KeksKopf@digitalcourage.social
2024-07-20T21:24:08Z
0 likes, 0 repeats
@foone documentation...
(DIR) Post #Ak8Q5pQDOmxjklHDl2 by diebarschlampe@mas.to
2024-07-20T21:48:35Z
0 likes, 0 repeats
@foone J F C
(DIR) Post #Ak8QK7v1QO3DAsVKme by zachdecook@social.librem.one
2024-07-20T21:49:09Z
0 likes, 0 repeats
@foone compliance with the GPL: "you may find the source code by pulling out the SD card"
(DIR) Post #Ak8QoDdUjSm7asegWu by tyil@fedi.tyil.nl
2024-07-20T21:57:27.460Z
0 likes, 0 repeats
@foone@digipres.club "It works on my computer" so they shipped that dev's computer
(DIR) Post #Ak8RuO255hSPWuezZI by michelv@oisaur.com
2024-07-20T22:08:45Z
0 likes, 0 repeats
@foone the S in "IoT" is for Security.
(DIR) Post #Ak8UXuCvbBxKWLhnyy by mamg22@social.vivaldi.net
2024-07-20T22:38:14Z
0 likes, 0 repeats
@foone Is their update process some variation of:`curl 'http://company.com/version' | dd of=/dev/sda1`Pulling the freshest image, just yanked out of the dev's laptop?
(DIR) Post #Ak8Ui8lwIofoaWxiZk by crazybutable@mastodon.social
2024-07-20T22:39:58Z
0 likes, 0 repeats
@foone it’s a jaunty little hat!
(DIR) Post #Ak8YT8sq0RkgPFICw4 by timonsku@mastodon.social
2024-07-20T23:22:31Z
0 likes, 0 repeats
@foone oh shit thats really recent too then. I would have somewhat excused the bs if this was a Raspberry Pi 1 or 2 or smth where there were little ressources for proper image generation and deployment for the platform.That sounds like someone just left the company and whoever was left just deployed what was available in any way they knew how.
(DIR) Post #Ak8Zeb51c1PKzo1FBY by trouble@masto.ai
2024-07-20T23:35:27Z
0 likes, 0 repeats
@foone as a 30 year build and release professional, yes, this sort of sloppy deployment is entirely too common.
(DIR) Post #Ak8a1NmRE77UPLBqt6 by foone@digipres.club
2024-07-20T23:39:41Z
0 likes, 0 repeats
@trouble yeah I'm one too (just a couple decades less experience) so I know how bad this is
(DIR) Post #Ak8bA1u02Pgh7APjlo by Unixbigot@aus.social
2024-07-20T23:51:50Z
0 likes, 0 repeats
@foone @dianea Yeah, Tesla, Why?!
(DIR) Post #Ak8eEHApV6X5V00E3k by a1ba@suya.place
2024-07-21T00:27:23.308309Z
1 likes, 0 repeats
@foone if it's not reverse engineering, it's zero velocity engineering. Also, LOL. I knew guys who did the same thing but it was like temporary solution and nothing was shipped in similar state.
(DIR) Post #Ak8ezetN8MHCfeQlkG by xvf17@sfba.social
2024-07-21T00:35:34Z
0 likes, 0 repeats
@foone This doesn’t ring true. My guess is you made several disgusted faces.
(DIR) Post #Ak8lEwJTFF4KlmJ9UG by NotHowThatWorks@mstdn.social
2024-07-21T01:45:36Z
0 likes, 0 repeats
@foone It's a fashionable hat at a jaunty angle!
(DIR) Post #Ak8r2zSsIhWknJOMr2 by nazokiyoubinbou@urusai.social
2024-07-21T02:50:17Z
0 likes, 0 repeats
@foone This is illegal in 50 states.Well, it should be. 😒
(DIR) Post #Ak90ygxEBAXFliB7PE by sterophonick@bitbang.social
2024-07-21T04:41:53Z
0 likes, 0 repeats
@foone THIS IS THE FUNNIEST FUCKING THREAD HAHAHAHAHAHA
(DIR) Post #Ak92u9DFt3s5s4dUbA by thunderbird32@social.restless.systems
2024-07-21T05:03:21Z
0 likes, 0 repeats
@foone Jaunty!
(DIR) Post #Ak94NYNTVIHKGq0Anw by jswagner@bitbang.social
2024-07-21T05:19:49Z
0 likes, 0 repeats
@foone works_on_my_machine.img
(DIR) Post #Ak9G1bdzsSGLTr1zH6 by felix@wandering.shop
2024-07-21T07:30:15Z
0 likes, 0 repeats
@foone That's a major plot point in the cyberpunk novella I wrote last autumn. 🤦
(DIR) Post #Ak9O52V7HR1JHG1cx6 by Toble_Miner@chaos.social
2024-07-21T09:00:11Z
0 likes, 0 repeats
@foone I don’t even understand why one would even want to develop let alone use Chrome on a Pi. It is just a slow and painful experience.
(DIR) Post #Ak9OXiu5DnRotZNfiS by djh@chaos.social
2024-07-21T09:05:43Z
0 likes, 0 repeats
@foone wowza, what's a recommended way forward here? Reaching out to them reporting these issues? Or just letting it go?
(DIR) Post #Ak9Q1YKrB6XqlCgwKm by confluency@hachyderm.io
2024-07-21T09:22:25Z
0 likes, 0 repeats
@foone Amazing. That's much cooler than finding .DS_Store files in zipped digital purchases.
(DIR) Post #Ak9USUQaDLYoHCTCq0 by tisha@htt.social
2024-07-21T10:11:59Z
0 likes, 0 repeats
@foone Oh wow 😵💫
(DIR) Post #Ak9gShJBWUojfusJma by GyrosGeier@hachyderm.io
2024-07-21T12:26:34Z
0 likes, 0 repeats
@foone @hax404 reverse engineering is killing the software industry. We've left debug symbols in so you can help.
(DIR) Post #Ak9w1MWGJ5jse9ymEi by ctrlsaltdelete@mastodon.social
2024-07-21T15:21:01Z
0 likes, 0 repeats
@fooneis he, y'know, *tilts heatsink*
(DIR) Post #AkABtzmg2IvdNGANlo by balu@muenster.im
2024-07-21T18:18:05Z
0 likes, 0 repeats
@foone Unscrewing is reverse engineering.
(DIR) Post #AkAJzt2Wp7mjpNtv6G by cabbey@phpc.social
2024-07-21T19:48:30Z
0 likes, 0 repeats
@foone this is the ultimate embodiment of the old joke about “works on my machine” bugs and shipping their machine to production.
(DIR) Post #AkAcxnfJjUHXi2lLRw by rivenskaye@ohai.social
2024-07-21T23:22:16Z
0 likes, 0 repeats
@foone see if they have any open source licensed dependencies. Preferrably the ones enforcing dependents to make their full source available as well. If so, they technically complied with the license and you have your answer
(DIR) Post #AkBy85Ln7wrneMKq6y by njsg@social.sdf.org
2024-07-22T14:53:39Z
0 likes, 0 repeats
@foone No, no, no, you got this wrong, shell history, browser profile with search history, passwords, this is all intentional, it's: XDThat stands for eXtreme Documentation, where you just ship everything so that there's context for every line of code and every setting.The web browser searches? These replace in-code/in-config comments. The sshpass part? That's intended to make it fully reproducible.
(DIR) Post #AkCKoL4NGwWDYWk2gy by wffl@im-in.space
2024-07-22T19:07:15Z
0 likes, 0 repeats
@foone truly open source software: every device has a copy of all the sources!
(DIR) Post #AkDFArdkS2OYNLbZmC by coelacanthus@mastodon.yuuta.moe
2024-07-23T05:39:29Z
0 likes, 0 repeats
@foone NOI Linux 1.4.1 (A Linux Distribution used for National Olympiad in Informatics of China) also left .bash_history on how they build this distro from Ubuntu 14.04.
(DIR) Post #AkEZO51qB0NbuCPgNE by vitriolix@mastodon.social
2024-07-23T21:00:36Z
0 likes, 0 repeats
@foone if it has private repos they are shipping private SSH keys, aren't they
(DIR) Post #Al8p7WMllIoJt45I7E by foone@digipres.club
2024-08-20T00:19:36Z
0 likes, 0 repeats
@Hackulaura Python is fine: just you should be learning Python 3, not Python 2
(DIR) Post #Al8pbLxZ19t0IcWHfk by jhwgh1968@chaos.social
2024-08-20T00:25:52Z
0 likes, 0 repeats
@foone> WHY WOULD YOU DO THIS?I know this is rhetorical, but my autistic brain just flashed me through some memories at several jobs, and so I must say"I know exactly why"(I imagine you do too)
(DIR) Post #Al8q9XHLRLmXFb4VCC by jferg@flyovercountry.social
2024-08-20T00:31:41Z
0 likes, 0 repeats
@foone Minimum Viable Product, baby!!! YOLO! 😬
(DIR) Post #Al9cuXwFbHkghtgfCq by amberage@eldritch.cafe
2024-08-20T09:38:59Z
0 likes, 0 repeats
@foone in Germany, which is infamously backwards and close-minded about i.e. disclosing 0days, you could go to prison for this.Germany recently sentenced a software engineer to huge fines for cybercrimes, in a years-long trial that destroyed his career, because he found a plaintext password in a file, told the company about that vulnerability, and went public with it when they bitched at him what business he had finding vulnerabilities in their product (a client of theirs had hired him to figure out why his servers were crashing or smth) (and ofc he waited with the going public until the vuln was closed).
(DIR) Post #Al9qpHILS6eYzwP5HM by SoftwareTheron@mas.to
2024-08-20T12:13:30Z
1 likes, 0 repeats
@foone Dev to grumbly tester: "Hey, it works on my machine :) "Overhearing PM: "Right, let's ship your machine then!"
(DIR) Post #AlBck9abfCRIbsWlV2 by segfox@floofy.tech
2024-08-21T08:46:25Z
0 likes, 0 repeats
@foone probably because it worked on their machine ¯\(ツ)/¯