Product: Hey, this screwdriver feature I never requested isn’t there. Why? Can you fix it? It’s kinda urgent.

Product: @Root please jump on the ticket above … fairly urgent.

Root: It’s Friday, I’m out next week, and I’m working on finishing <urgent comma ticket> right now.

Boss: Work on the screwdriver instead. But make sure you finish the comma ticket too!

Boss: By the way, I volunteered you for eight security reviews next month!

Security: You’re on call for AWS audits next month, too!

So just recently my school blocked the following for unknown reasons websites
Github
Gitlab
Amazons aws
stack exchange
Bitbucket
Heroku
The hacker news
DuckDuckGo
The Debian package repositories yea all of em
And all domains that end in .io
Now some of you out there are probably just saying "well just use a vpn" the answer to that is I can't the only device I have a locked down school iPad can't install apps cannot delete apps cannot change vpn or proxy setting's I cannot use Safari private tab they have google safe search restricted to "on" they even have "safari restricted mode which lets safari choose what it wants to block" and even when I'm on my home wifi it's s still blocked as they use Cisco security connector THIS IS HELL

Also this is my first post :)

This is very usual with AWS

Wow... this is the perfect week for this topic.

Thursday, is the most fucked off I’ve ever been at work.

I’ll preface this story by saying that I won’t name names in the public domain to avoid anyone having something to use against me in court. But, I’m all for the freedom of information so please DM if you want to know who I’m talking about.

Yesterday I handed in my resignation, to the company that looked after me for my first 5 years out of university.

Thursday was my breaking point but to understand why I resigned you need a little back story.

I’m a developer for a corporate in a team of 10 or so.

The company that I work for is systemically incompetent and have shown me this without fail over the last 6 months.

For the last year we’ve had a brilliant contracted, AWS Certified developer who writes clean as hell hybrid mobile apps in Ion3, node, couch and a tonne of other up to the minute technologies. Shout out to Morpheus you legend, I know you’re here.

At its core my job as a developer is to develop and get a product into the end users hands.

Morpheus was taking some shit, and coming back to his desk angry as fuck over the last few months... as one of the more experienced devs and someone who gives a fuck I asked him what was up.

He told me, company want their mobile app that he’s developed on internal infrastructure... and that that wasn’t going to work.

Que a week of me validating his opinion, looking through his work and bringing myself up to speed.

I came to the conclusion that he’d done exactly what he was asked to, brilliant Work, clean code, great consideration to performance and UX in his design. He did really well. Crucially, the infrastructure proposed was self-contradicting, it wouldn’t work and if they tried to fudge it in it would barely fucking run.

So I told everyone I had the same opinion as him.

4 months of fucking arguing with internal PMs, managers and the project team go by... me and morpheus are told we’re not on the project.

The breaking point for me came last Wednesday, given no knowledge of the tech, some project fannies said Morpheus should be removed and his contract terminated.

I was up in fucking arms. He’d done everything really well, to see a fellow developer take shit for doing his job better than anyone else in [company] could was soul destroying.

That was the straw on the camels back. We don’t come to work to take shit for doing a good job. We don’t allow our superiors to give people shit in our team when they’re doing nothing but a good job. And you know what: the opinion of the person that knows what they’re talking about is worth 10 times that of the fools who don’t.

My manager told me to hold off, the person supposed to be supporting us told me to stand down. I told him I was going to get the app to the business lead because he fucking loves it and can tell us if there’s anything to change whilst architecture sorts out their outdated fucking ideas.

Stand down James. Do nothing. Don’t do your job. Don’t back Morpheus with his skills and abilities well beyond any of ours. Do nothing.

That was the deciding point for me, I said if Morpheus goes... I go... but then they continued their nonsense, so I’m going anyway.

I made the decision Thursday, and Friday had recruiters chomping at the bit to put the proper “senior” back in my title, and pay me what I’m worth.

The other issues that caused me to see this company in it’s true form:
- I raised a key security issue, documented it, and passed it over to the security team.
- they understood, and told the business users “we cannot use ArcGIS’ mobile apps, they don’t even pretend to be secure”
- the business users are still using the apps going into the GDPR because they don’t understand the ramifications of the decisions they’re making.

I noticed recently that [company] is completely unable to finish a project to time or budget... and that it’s always the developers put to blame.

I also noticed that middle management is in a constant state of flux with reorganisations because in truth the upper managers know they need to sack them.

For me though, it was that developers in [company], the people that know what they’re talking about; are never listened to.

Fuck being resigned to doing a shit job.

Fuck this company. On to one that can do it right.

Morpheus you beautiful bastard I know you’ll be off soon too but I also feel I’ve made a friend for life. “Private cloud” my arse.

Since making the decision Thursday I feel a lot more free, I have open job offers at places that do this well. I have a position of power in the company to demand what I need and get it. And I have the CEO and CTO’s ears perking up because their department is absolutely shocking.

Freedom is a wonderful feeling.

* How other sites charge for a domain name
- The domain (abc.com) is available
---- Price => $14

* How AWS charges
- Your domain (abc.com) is available
--- Domain name => $18.99
--- DNS resolution => $17.88
--- Hosted zone (1) => $10.97
--- Route53 Interface => $45.67
--- Network ACL => $63.90
--- Security Group => $199.78
--- NAT Gateway (1) => $78.99
--- IP linking => $120.89
--- Peer Connection => $67.00
--- Reverve Endpoint => $120.44
--- DNS Propagation => $87.00
--- Egress Gateway => $98.34
--- DNS Queries (1m) => $0.40
--------------------------------
---- TOTAL => $2903.99
(Pay for what you use... learn more)
--------------------------------

Me: 15 years of experience in AWS, DevOps, Architecture, and Security. Current title: "Senior DevOps Manager"

Recruiter: "There are a lot of opportunities, but this one caught my eye, and I thought you'd be interested... Junior Frontend Developer"

If you want to do your job, at least do it half way well. Recruiters can suck, but most are better than that.

Highlights from my week:

Prod access: Needed it for my last four tickets; just got it approved this week. No longer need it (urgently, anyway). During setup, sysops didn’t sync accounts, and didn’t know how. Left me to figure out the urls on my own. MFA not working.

Work phone: Discovered its MFA is tied to another coworker’s prod credentials. Security just made it work for both instead of fixing it.

My merchant communication ticket: I discovered sysops typo’d my cronjob so my feature hasn’t run since its release, and therefore never alerted merchants. They didn’t want to fix it outside of a standard release. Some yelling convinced them to do it anyway.

AWS ticket: wow I seriously don’t give a crap. Most boring ticket I have ever worked on. Also, the AWS guy said the project might not even be possible, so. Weee, great use of my time.

“Tiny, easy-peasy ticket”: Sounds easy (change a link based on record type). Impossible to test locally, or even view; requires environments I can’t access or deploy to. Specs don’t cover the record type, nor support creating them. Found and patched it anyway.

Completed work: Four of my tickets (two high-priority) have been sitting in code review for over a month now.

Prod release: Release team #2 didn’t release and didn’t bother telling anyone; Release team #1 tried releasing tickets that relied upon it. Good times were had.

QA: Begs for service status page; VP of engineering scoffs at it and says its practically impossible to build. I volunteered. QA cheered; VP ignored me.

Retro: Oops! Scrum master didn’t show up.

Coworker demo: dogshit code that works 1 out of 15 times; didn’t consider UX or user preferences. Today is code-freeze too, so it’s getting released like this. (Feature is using an AI service to rearrange menu options by usage and time of day…)

Micromanager response: “The UX doesn’t matter; our consumers want AI-driven models, and we can say we have delivered on that. It works, and that’s what matters. Good job on delivering!”

Yep.
So, how’s your week going?

TL; DR: Bringing up quantum computing is going to be the next catchall for everything and I'm already fucking sick of it.

Actual convo i had:

"You should really secure your AWS instance."

"Isnt my SSH key alone a good enough barrier?"

"There are hundreds of thousands of incidents where people either get hacked or commit it to github."

"Well i wont"

"Just start using IP/CIDR based filtering, or i will take your instance down."

"But SSH keys are going to be useless in a couple years due to QUANTUM FUCKING COMPUTING, so why wouldnt IP spoofing get even better?"

"Listen motherfucker, i may actually kill you, because today i dont have time for this. The whole point of IP-based security is that you cant look on Shodan for machines with open SSH ports. You want to talk about quantum computing??!! Lets fucking roll motherfucker. I dont think it will be in the next thousand years that we will even come close to fault-tolerant quantum computing.

And even if it did, there have been vulnerabilities in SSH before. How often do you update your instance? I can see the uptime is 395 days, so probably not fucking often! I bet you "dont have anything important anyways" on there! No stored passwords, no stored keys, no nothing, right (she absolutely did)? If you actually think I'm going to back down on this when i sit in the same room as the dude with the root keys to our account, you can kindly take your keyboard and shove it up your ass.

Christ, I bet that the reason you like quantum computing so much is because then you'll be able to get your deepfakes of miley cyrus easier you perv."

Why is it that an issue is only critical-priority until the person who's raising the biggest fuss has to do something about it?

I was notified that a website hosted in AWS went down overnight and never came back up. I was then bombarded with email after email after email while I logged into our AWS account and poked around. I'm responsible for cloud infrastructure stuff, like VMs or virtual networking or security or whatever, not the actual applications running on said infrastructure. Once I confirmed their EC2 instance was reachable and I could login with SSH, I told them they'd have to fix their application.

They told me that they had no backend developer on their development team. I'm still getting a deluge of emails from multiple people on this team and their managers and managers' managers and so on.

"Perfectly understandable," I told them, though it was anything but. "You should probably look into obtaining one."

The emails stopped immediately. I assumed they were handling it and closed my ticket and moved on. But apparently I was wrong.

Six weeks later, the site is still down, they still have no backend dev, and I'm convinced that they were lying to me when they stressed the importance of this web app because now that it's no longer my problem, not a single person seems to care that it's still broken.

Recruiter: I have an open position for lead DevSecOps role.

Me: Tell me more

Recruiter: It’s an AI company , where the AI is making clinical medical decisions. It’s really cool. They need somebody to help them pass government audits and you’d be solely responsible for the systems security, AWS accounts, and also all of DevOps, which they’ve never heard of before but I told them they needed and they though it was cool.

Also, they use AWS but not sure what services inside AWS, they think it’s AWS storage and AWS servers or something like that .

Me: That’s a big hell no. 👎 Got any other positions though ?

Our local cyber security team has asked all to remove docker from their laptops, reason they can't track them

Most of our stack is aws fargate with nodejs and java springboot

Developers = wtf ?!!

Despite common sense, I think technology is not making our lives easier. It's just build chaos on top of chaos.

Take server-side programming for instance.

First you have to find someone to host your thing, or a PaaS provider. Then you have to figure out how much RAM and storage you need, which OS you're going to use. And then there's Docker (which will run on top of a VM on AWS or GCP anyway, making even less sense). And then there's the server technology: nginx, Apache (and many many more; if, that is, you're using a server at all). And then there are firewalls, proxies, SSL. And then you go back to the start, because you have to check if your hosting provider will support the OS or Docker or your server. (I smell infinite recursion here.)

Each of these moving parts come with their own can of worms in terms of configuration and security. A whole bible to read if you want to have the slightest clue about what you're doing.

And then there's the programming language to use and its accompanying frameworks. Can they replace the server technology? Should you? Will they conflict with each other and open yet another backdoor into your system? Is it supported by your hosting provider? (Did I mention an infinite recursion somewhere?)

And then there's the database. Does it have a port to the language/framework of your choosing? Why does it expose an web interface? Is it supposed to replace your server? And why are its security features optional again? (Just so I have to test both the insecure and the secure environments?)

And you haven't written a single line of code yet, mind you.

My boss did not care about making things secure in our early development stage, even though I told him several times.
After 1 day our elastic search cluster was filled with random crappy data.

Fix: Apply security schemes provided by AWS

Story of my life...

Other team lead: Hi DevOps Team, We need you to deploy this app to production. It's maintainers gave up on it in 2019, but we looked at it and it feels right.

Me: Uhm. That's not going to work. It'll fail the security scan before you can even finish the build in CI.

Other team lead: Yeah, this app is the right thing to do, and we needed it last week, but since that won't work, we'll just use this other very very infant technology that was just born yesterday. It's not stable in production, or on MySQL, or in AWS at all, but it's the other direction we can to go.

Me: What problem are you trying to solve in the first place?

Other team lead: Oh, we need access to the read from the production database.

It's been a year since I first entered the world of development.

Let's see what I have accomplished so far:

Learned:
Java, J2EE, Node.js, Python, Django, Android, Angular, html/css, Rxjs, RxJava, Linux, MySQL, Mongodb, Docker, Heroku, AWS

Projects:
All unfinished.

Job:
Still working in IT security goddammit.

Fucking hell. Why am I so good at learning but shit at working?

So I was setting up ELK (Elasticsearch, Logstash and Kibana) all in one EC2 on AWS today for demo purposes. I had everything prepared. Elastic IP, correct security group rules, etc.

I figured I would just do quick test before writing filters and templates if I can access Kibana. So I started service for it and tried to open it with Chrome.

Timeout.

Checked config file. Compared it to documentation. Seemed good but changed some things just for sake of change. Restarted service.

Timeout.

Reverted changes I've made in config. Restarted service. Curl on localhost. It work... OK. 😐

It took me half an hour but finally I figured it out after I took my phone and opened it from there. It was working from the beginning. Stupid company network was for some reason blocking this connection. Fuck! 😡And I was restarting that poor service like crazy trying to fix something that wasn't broken.

TLDR: I need advice on reasonable salary expectations for sysadmin work in the rural United States.

I need some community advice. I’m the sysadmin at a small (35 employee) credit card processing company. I began as an intern and have now become their full time sysadmin/networking specialist. Since I was hired in January I have:

-migrated their 2007 Exchange server to Office 365

-Upgraded their ailing Windows server 2003 based architecture to 2012R2

-Licensed their unlicensed VMware ESXi servers (which they had already paid for license keys for!!!) and then upgraded them to 6.5 while preventing downtime on hosted VMs using tricky transfers and deployments (without vMotion!)

-Deployed a vCenter server to manage said ESXi servers easier

-Fixed a three month gap in their backups by implementing Veeam, and verifying its functionality

-Migrated a ‘no downtime’ fileserver to a new hypervisor host, implemented a ‘hot standby’ server as a backup kept up to date by the minute with DFS replication.

-Replaced failing hard drives in a RAID array underlying their one ‘business critical’ fileserver, which had no backups for 3 months at that time

-Reorganized Active Directory and Group Policy deployment from a nightmare spiderweb of OUs and duplicate policies

-Documented the entire old network and now the new one as I’ve been upgrading this

-Audited the developers AWS instances and removed redundant machines, optimized load balancing on front end Nginx servers, joined developer run Fedora workstations to the AD domain and implemented centralized syslog monitoring on them.

-Performed network scans and rewrote firewall exceptions to tighten security

There’s more, but you get the idea. I’ve now been tasked with taking point on an upcoming PCI audit which will be my first.

I’m being paid $16/hr US, with marginal health benefits. This is roughly $32,000 a year, before taxes.

I have two years previous work experience managing a third party Apple repair facility (SimplyMac) and every Apple certification for warranty repair and software troubleshooting. I have a two year degree in general sciences, with about 4 years of college credit (Two years of a physics education and two years of computer science after I switched focus) I’m actively pursuing a CCNA and MCSA server 2016 with exams paid for and scheduled.

I’m going into a salary negotiation in two months. What is a reasonable salary to request, from your perspective, for someone in my position?

Thanks in advance!

Three-factor authentication:
1. Setup an Amazon.com account.
2. Setup an Amazon Web Services account under the same e-mail address
3. Setup two-factor authentication for both systems.
4. Login to Amazon Web Services in a new browser session, and you'll be required to provide BOTH security tokens at login (Amazon.com first, then AWS second.)

Guys has this happened with anyone ..my older aws ec2 instance just vanished from my console but I can still ssh into it, how do I manage it for security groups and other things..?

I'm about to embark on an AWS security journey... Gonna find out who has global ssh access open, who hasnt been rotating their master keys, who has lambda connected to an IGW, who has VPC's with a VPN that also have an open SSH machine to the world.

Anything else i should look for?

I uploaded my static site on AWS. Doesn't load when I typed the public IP in the URL. Googled, found StackOverflow answer to traffic and ports as a security group to AWS. Tried it and it still doesn't work.

Hey Bluehost, sorry I left but I'm back now

Spent three days banging my head against my desk trying to get an AWS Lambda function to work, only to finally discover that my code was perfectly functional and it was a security group problem. It was supposed to send a POST request to a load balancer's URL but couldn't resolve the hostname because the security group blocked a necessary outbound port for DNS requests.

That's what I get for not troubleshooting at the infrastructure level when experiencing connection issues. I did not spend two years doing tech support just to forget basic troubleshooting steps now that I'm in the DevOps field...

Trying to get HIPPA compliance, and wet have to put full disk encryption and anti virus software on all our servers...

All of our servers are on aws ec2 / eks. The instances we do control aren't big enough for anti virus to be running...

God help me now

What is your wishlist for things that need to die or change next year. Mine is :-
1. Games that use peer to peer and have servers for data. Please buy servers on aws or any good cloud service.

2. ISP's that block all incoming connections for security

To be a Java (or other business popular language) developer
* Java 6, 8 and features up to 14
* SQL + nosql
* Caching
* Logging eg log4j2,
* Searching eg elastic stack
* Reactive
* Framework (at least 1, but hey, knowing 1 is lame..)
* Networking or at least base http knowledge
* Tomcat, jboss or other shit
* Aws, heroku, GCE or other SAAS/paas
* Rest, RPC, soap
* Business Hello World example
* Hexagonal Architecture
* TDD
* Ddd
* Cqrs
* 12 app factor
* Solid
* Patterns
* docket
* Kubernetes
* Microservices
* Security, oauth2
* concurrency
* AMPQ
* Cloud
* Eureka or consul as service Discovery
* Config server
* Hazel cast
*
*
* Endless story ...

Then we can start hello word app

AWS Contractor

I've been putting a web application together that I'm looking to have published on AWS. Not having too much experience with AWS, I am looking to hire a contractor. I've had a number of quotes from different AWS admin's ranging from $40 an hour to $200 an hour, from 1-days worth of work to 2-months worth of work!

I'm not really sure what to make of it or to whom to trust. I believe they’re using my ignorance to overcharge me. I've listed my requirements below, could you guys use your professional experiences to let me know what you think is reasonable charge and where best I could find someone to help me.

My application is a US shopping website where people can set up an online shop and upload their products and maintain an inventory of the items.

This is what I’m looking for setup and configuration with the following two areas:

1) AWS SYSTEMS…

* AIM - Set up my server admin users.

* EC2 - Web Hosting.

* RDS - Fast DB.

* SES - To send emails.

* S3 Buckets - Uploaded image hosting.

Route 53 - I don’t know but someone said I should have this.

* Elastic Load Balancing - For, well, load balancing.

2) SCRIPTS…

* A script that would back up the database once a day and save it to a private S3 Bucket.

* A script that will run once a day that calls an internal API, and POST a query to it.

* A script that runs once every 90 days, to refresh the SSL using ZeroSSL.com

Is there anything that I've missed such as security systems, firewalls, auto scaling and CDNs?

The quotes that I've received arranged from $320 to $64,000. I know I am being abused because of my ignorance. I would never overcharge someone because the customer doesn't know the efforts of the work. I hope someone here can help to understand the efforts needed and can tell me the true cost.

Thank you

So i just learned aws elastic beanstalk (EBS, ECS, ALB, EC2, Amplify, S3, RDS, SQS)

Essentially i learned how to operate with aws to deploy a full stack web application with custom backend i built, with security and jwt token, certificate manager, ssl/tls to set up https and redirect from http, and react/angular/nextjs on frontend

All with custom CI/CD pipelines docker and other devops shit

But i still feel like im missing on A Lot of stuff regarding aws. I havent worked with Fargate for example and dont know how it works or when to use it, but i heard other devs use it

Can someone list me a number of things i as a dev should know more regarding aws?

AWS y u no let me make folders!!!!????

Using AWS S3 web ui to copy a big folder from one to another and in the middle of copying, I got a pop up that your session has expired please refresh the page and task failed because of this.
What kind of security is this ? Can you check if any task is currently running.
Second who uses browser alert these days... wasted my one hour.

Devs and security researchers out there!!
I had a doubt regarding subdomain takeover vulnerability.

How to find where a site is hosted on heroku or AWS or heroku or more?

I was trying to write a script for it.

Any expertise will be welcomed.

Thinking to start smoking 🚬

Never tried it once in 26 years not even a sip even refused temptations from school friends

Now by starting a job, i have no security, ironically. I feel like i stepped at the leap of a bottomless pit and tomorrow i jump into it and fall... and fall....and fall..... No end.

I have no idea how to use ansible and rexify.org and thats what I'll need to use. I have no idea how to do devops with Azure, and thats what ill do. I only build devops with terraform on Aws.

The unknown of 9-5 is frightening me more than starting a business. Paradoxically, i think it would come as a relief to get fired within the first week from failing to complete literally everything

On top of that my blonde gf disappeared yesterday for 3-4 hours. No texts no phone calls. Called for 2 times no answer. Called 3rd time and got a voice message the phone was shut down. 3-4 hours later she said she was with mom at shopping and didnt have internet

I also caught her texting some random guy on instagram. They both have vanish mode enabled (texts delete themselves as soon as you leave the conversation). Confronted her today. She wont tell me the truth. Likes his pics on ig. Keeps lying. On a question "why do you have vanish mode enabled with him?" her answer is "well i guess married men always use vanish mode"

Im tired

Too much shit unraveling. The opening of 2024 already doesnt look good

Why do good people die in accidents or diseases but i dont and i live? Shits unfair. Why doesnt nature/God fucking kill me? I beg to die. I hope to die. I pray for something to kill me. It would come as such a relief.

This life is meaningless and empty to me. typeof(life) yields a void. I dont value it. Its shit. Whether succeed or fail its meaningless. Nihilism was right

I am literally a walking dead. Physically moving but spiritually dead. Mentally lost. I am the captain of a ship in the middle of the ocean who no longer knows where the ship is going

Why cant i just get cancer or something. Can cigarettes help me get it? Cause I'll start consuming that shit right away to speedrun that process

End it

AWS offers a wide range of services that can be used to automate your IT operations. Some of the most popular services for automation include:

*AWS Systems Manager Automation: This
service allows you to automate tasks such as
provisioning servers, deploying applications, and
configuring security policies.
*AWS Lambda: This service allows you to run
code without provisioning or managing servers.
This can be used to automate tasks such as
sending emails, updating databases, and
processing data.
*AWS CloudFormation: This service allows you
to create and manage infrastructure as code.
This can be used to automate the deployment
of complex IT environments.
*AWS CodePipeline: This service allows you to
automate the software development lifecycle.
This can be used to automate the build, test,
and deploy of applications.

Please give me code snippet to create windows ec2 instance using boto3 within aws free tier limit.

import boto3

# Create an AWS session and EC2 client
aws_management_console = boto3.session.Session(profile_name='....')
ec2_console = aws_management_console.client(service_name='ec2')

def create_ec2_instance():
try:
print("Creating EC2 instance")
ec2_console.run_instances(
ImageId="....",
MinCount=1,
MaxCount=1,
InstanceType="t3.micro",
KeyName="...",

SecurityGroupIds=['...1'] # Specify your security group ID(s) as a list
)
except Exception as e:
print(e)

# Call the function to create the EC2 instance
create_ec2_instance()
Have i missed anything in this code?
It's running fine not creating any instance.

What are opinions out there on security theatre?

Should developers have access to aws secrets?

Should dev test and prod be on separate vpcs or all in one vpc.

I have worked at banks where this was strictly not allowed.

Can’t wait to hear responses on this one….

There are different types of security method and there comes the AWS captcha.