I'm getting ridiculously pissed off at Intel's Management Engine (etc.), yet again. I'm learning new terrifying things it does, and about more exploits. Anything this nefarious and overreaching and untouchable is evil by its very nature.

(tl;dr at the bottom.)

I also learned that -- as I suspected -- AMD has their own version of the bloody thing. Apparently theirs is a bit less scary than Intel's since you can ostensibly disable it, but i don't believe that because spy agencies exist and people are power-hungry and corrupt as hell when they get it.

For those who don't know what the IME is, it's hardware godmode. It's a black box running obfuscated code on a coprocessor that's built into Intel cpus (all Intell cpus from 2008 on). It runs code continuously, even when the system is in S3 mode or powered off. As long as the psu is supplying current, it's running. It has its own mac and IP address, transmits out-of-band (so the OS can't see its traffic), some chips can even communicate via 3g, and it can accept remote commands, too. It has complete and unfettered access to everything, completely invisible to the OS. It can turn your computer on or off, use all hardware, access and change all data in ram and storage, etc. And all of this is completely transparent: when the IME interrupts, the cpu stores its state, pauses, runs the SMM (system management mode) code, restores the state, and resumes normal operation. Its memory always returns 0xff when read by the os, and all writes fail. So everything about it is completely hidden from the OS, though the OS can trigger the IME/SMM to run various functions through interrupts, too. But this system is also required for the CPU to even function, so killing it bricks your CPU. Which, ofc, you can do via exploits. Or install ring-2 keyloggers. or do fucking anything else you want to.

tl;dr IME is a hardware godmode, and if someone compromises this (and there have been many exploits), their code runs at ring-2 permissions (above kernel (0), above hypervisor (-1)). They can do anything and everything on/to your system, completely invisibly, and can even install persistent malware that lives inside your bloody cpu. And guess who has keys for this? Go on, guess. you're probably right. Are they completely trustworthy? No? You're probably right again.

There is absolutely no reason for this sort of thing to exist, and its existence can only makes things worse. It enables spying of literally all kinds, it enables cpu-resident malware, bricking your physical cpu, reading/modifying anything anywhere, taking control of your hardware, etc. Literal godmode. and some of it cannot be patched, meaning more than a few exploits require replacing your cpu to protect against.

And why does this exist?
Ostensibly to allow sysadmins to remote-manage fleets of computers, which it does. But it allows fucking everything else, too. and keys to it exist. and people are absolutely not trustworthy. especially those in power -- who are most likely to have access to said keys.

The only reason this exists is because fucking power-hungry doucherockets exist.

(tl:dr at the bottom)
context:
my partner programming skills are pretty basic and he does not work in software development. instead he is in the largest (and only) electricity company here.
history:
one day his boss ask him "hey, do you know how to use google maps?"
Partner: "yeah, what do u need?"
His boss: "great! please make 10,000 routes with these coordinates, i need them for tomorrow"
Partner: "WTF!" ,grab his phone and call me, "(explains me te situation) dude, can you make like a script or something?"
Me: "Sure, but we'll need a loooot of coffee"
We spent 18 hours developing a routes generator with java-fx, mysql and JS.
Next day we went to deliver those routes and to "show" the system. They told us that after searching for 6-7 months, they wasnt able to find such a solution as ours.
Next day, I took a plane to this company HQ (My partner was food-sick, so i had to be there by my own), had a meeting with the TOP Bosses (on of them arrived in a Helicopter, lots of body-guards) and after a 3-4 hours, just like that, we had our first Big Contract with a huge ass company.

tl;dr:
we ended making an 8 months national project with the biggest and only electricity company with an 18hrs-developed system.

My dad got a new phone over the weekend and asked me to help him set it up (TL;DR his IPhone broke, he likely cussed out someone on the phone and now he's on android).

Setting up his bank app, I asked for his password (I somehow knew asking a 80+ year old man password questions wouldn't end well)

<pulls a card out of his wallet>
Dad: "Here you go."
Me: "This is your business card?"
Dad: "Yep. Password is at the bottom. That way I never forget it."
Me: "Jeez dad, you shouldn't have your bank's password on a business card. You don't give these out to people, do you?"
Dad: "Sometimes. Hell, they won't know what that is. Its just a bunch of nonsense."

Luckily the password didn't work. He had to reset it when his IPhone messed up and didn't remember what he changed the password to.

The website for our biggest client went down and the server went haywire. Though for this client we don’t provide any infrastructure, so we called their it partner to start figuring this out.
They started blaming us, asking is if we had upgraded the website or changed any PHP settings, which all were a firm no from us. So they told us they had competent people working on the matter.

TL;DR their people isn’t competent and I ended up fixing the issue.

Hours go by, nothing happens, client calls us and we call the it partner, nothing, they don’t understand anything. Told us they can’t find any logs etc.

So we setup a conference call with our CXO, me, another dev and a few people from the it partner.
At this point I’m just asking them if they’ve looked at this and this, no good answer, I fetch a long ethernet cable from my desk, pull it to the CXO’s office and hook up my laptop to start looking into things myself.

IT partner still can’t find anything wrong. I tail the httpd error log and see thousands upon thousands of warning messages about mysql being loaded twice, but that’s not the issue here.
Check top and see there’s 257 instances of httpd, whereas 256 is spawned by httpd, mysql is using 600% cpu and whenever I try to connect to mysql through cli it throws me a too many connections error.

I heard the IT partner talking about a ddos attack, so I asked them to pull it off the public network and only give us access through our vpn. They do that, reboot server, same problems.

Finally we get the it partner to rollback the vm to earlier last night. Everything works great, 30 min later, it crashes again. At this point I’m getting tired and frustrated, this isn’t my job, I thought they had competent people working on this.

I noticed that the db had a few corrupted tables, and ask the it partner to get a dba to look at it. No prevail.

5’o’clock is here, we decide to give the vm rollback another try, but first we go home, get some dinner and resume at 6pm. I had told them I wanted to be in on this call, and said let me try this time.

They spend ages doing the rollback, and then for some reason they have to reconfigure the network and shit. Once it booted, I told their tech to stop mysqld and httpd immediately and prevent it from start at boot.

I can now look at the logs that is leading to this issue. I noticed our debug flag was on and had generated a 30gb log file. Tail it and see it’s what I’d expect, warmings and warnings, And all other logs for mysql and apache is huge, so the drive is full. Just gotta delete it.

I quietly start apache and mysql, see the website is working fine, shut it down and just take a copy of the var/lib/mysql directory and etc directory just go have backups.

Starting to connect a few dots, but I wasn’t exactly sure if it was right. Had the full drive caused mysql to corrupt itself? Only one way to find out. Start apache and mysql back up, and just wait and see. Meanwhile I fixed that mysql being loaded twice. Some genius had put load mysql.so at the top and bottom of php ini.

While waiting on the server to crash again, I’m talking to the it support guy, who told me they haven’t updated anything on the server except security patches now and then, and they didn’t have anyone familiar with this setup. No shit, it’s running php 5.3 -.-

Website up and running 1.5 later, mission accomplished.

TL;DR: A freehoster got a redesign!

I remember when I made "my own website" in wix and sitey. It sucked working with them for me. I hated having an ad for them fixed at the bottom of my screen. I hated WYSIWYG-editors and wanted to paste my own code, a pro feature.

Sometime later I found bplaced, a free german based (also English language) hoster. And I use it for all my "official" test project. My first ever published self-coded website is still on there.. When I want to show someone what I've been working on (locally) without putting it on my domain, I use their services. They always looked oldish like from 2000 but their redesign puts them at least in 2015 :D

Give 'em a shot if you want.
Sadly, I am not paid to say this. I just really like them.

Disclaimer: Long tale of a tech support job. Also the wk29 story is at the bottom.

One time I was working tech support for a website and email hosting firm that was in town. I was hired and worked as the only tech support person there, so all calls came in through me. This also meant that if I was on a call, and another one came through, they would go straight to voice mail. But I couldn't hang up calls either, so, sometimes someone would take up tons of time and I'd have to help them. I was also the "SEO" and "Social Media Marketing" person, as well; managed peoples' social media campaigns. I have tons of stories from this place but a few in particular stick out to me. No particular order to these, I'm just reminiscing as I write this.

I once had to help a man who couldn't find the start button on his computer. When I eventually guided him to allowing me to remote into his computer via Team Viewer, I found he was using Windows XP. I'm not kidding.

I once had to sit on the phone with a man selling Plexus Easy Weight Loss (snake oil, pyramid scheme, but he was a client) and have him yell at me about not getting him more business, simply because we'd built his website. No, I'D not built his website, but his website was fine and it wasn't our job to get him more business. Oh yeah, this is the same guy who said that he didn't want the social media marketing package because he "had people to hide from." Christ.

We had another client who was a conspiracy theorist and wanted the social media marketing package for his blog, all about United States conspiracies. Real nut case. But the best client I've ever had because sometimes he'd come into the office and take up my time talking at me about how Fukushima was the next 911 and that soon it'll spill into the US water supply and everybody was going to die. Hell, better than being on the phone! Doing his social media was great because he wanted me to post clearly fake news stories to his twitter and facebook for him, and I got to look at and manage all the comments calling him out on his bullshit. It was kinda fun. After all, it wasn't _me_ that believed all this. It felt like I was trolling.

[wk29] I was the social media and support techie, not a salesperson. But sometimes I was put in charge _alone_ in front of clients for status meetings about their social media. This one time we had a client who was a custom fashion-type person. I don't really remember. But I was told directly to make them a _new_ facebook page and post to it every day with their hot new deals and stuff. MONTHS pass since I do that and they come in for a face-to-face meeting. Boss is out doing... boss things and that means I have to sit in with her, and for some fucking reason she brought her boyfriend AND HER DAD. Who were both clearly very very angry with me, the company, and probably life. They didn't ever say anything at first, they didn't greet me, they were both just there like British royal guards. It was weird as fuck. I start showing them the page, the progress on their likes goals, etc etc. Marketing shit. They say, "huh, we didn't see any of these posts at home." Turns out they already had a Facebook page, I was working on a completely seperate one, and then the boyfriend finally chimes in with the biggest fucking scowl, "what are you going to do about this?" He was sort of justified, considering this was a payed and semi-expensive service we offered, but holy shit the amount of fire in all three of them. Anyway, it came down to me figuring out how to merge facebook pages, but they eventually left as clients. Is this my fuck up? Is it my company's? Is it theirs? I don't know but that was probably the most awkward meeting ever. Don't know if it comes across through text but the anxiety was pretty real. Fuck.

tl;dr Tech support jobs are a really fun and exciting entry level position I recommend everybody apply for if they're starting out in the tech world! You'll meet tons of cool people and every day is like a new adventure.

!rant, TL;DR at the bottom

Holy fuck, Yesterday, I got absolutely schooled by a literal newbie.
And I mean, NEWBIE newbie, the dude just started a Computer Science degree, and has been learning Java only for a MONTH. He has 0 prior experience with code or anything of the like, and he's somewhat of an Ars(Israel's version of a Gopnik).
So I was helping him with some stuff he didn't understand, and lo and behold his code was probably the most aesthetically pleasing and organized code I have seen in my 8 years of programming(I know 8 is not much, but It's at least above beginner level). The dude's a perfectionist, so I was like, "Okay, very impressive, but makes sense for perfectionism"(I straight up told him: "Damn, I've seen people with years of programming experience who can't learn to write this well, and you do this by default? I envy whoever's going to work with you"), and then I saw the way he writes checks(as in, methods that return a boolean) and I think I came.
The code was:
[First method in the picture]

And I know, it doesn't look as ✨ WOW✨ as I make it sound, but in my personal opinion this both looks much better and is much more readable than what I normally write:
[Second method in the picture]

and whenever there are longer or more complicated checks it makes it look like a simple puzzle that just fits in all the pieces nicely, for example in a rectangle class we had to write an 'isIn' method, this is how I wrote it:
[Third method in the picture]

His way of writing the same thing was:
[Fourth method in the picture]

Which I think is soooooo much better and readable and organized,
It's enough just looking at the short return statement to immediately understand everything that's going on.
"Oh, so it just checks if the SW(South West, i.e. Bottom Left) corner is above and to the right, and if the NE(North East, i.e. Top Right) corner is bellow and to the left"

Point of the story? Some people are just fucking awesome. And sometimes the youngest/most inexperienced people can teach you new tricks.
And to all of you dinosaurs here with like, 20+ years of experience, y'all can still learn even from us stupid ones. If 8 years can get schooled by a 1 month, 20 years can get schooled by a 1 year.
Listen to everyone everybody, never know where you might learn something new.

TL;DR: Got schooled by a local "Gopnik" who only started learning programming a month ago with 0 prior experience with his insane level of organization and readability.

(tl;dr at the bottom)
one day, an old "friend" asked if i would like to be part of a project with their friends to create a site, we had plenty of meetings, my partner and i were excited with this project until we realized that those girls literally wanted a copy-paste from another site, and i mean, exactly the same but translated in google translate. We even asked other developers for their opinion and they said the same, that it was a copypastarino.
so my partner and i talked to them about how we didn't want to be part of a copied project. Those girls went angry and we drop off that.
Yesterday, after almost 7 months, I found you that those girls won an "startup contest" and that they will be traveling to sillicon valley soon to meet a founder and start the business.

ooooh boy...
what would happen if we send an email pointing out that copied-googleTranslated project?
is the industry really that dumb or lazy? i mean, how is that even possible that they haven't found it out?

tl;dr
some girls just google-translated a site, my partner and i didnt want to be involved and now, 7 months later, they are going to sillicon valley to meet a founder and make it real.

!rant

tl;dr at the bottom

This might not be a popular opinion, so please, if you throw things at me, limit yourselves only to tomatoes and other soft projectiles. Thank you!

So this being said, i must say ut: i actually like how facebook use this data overall. While i am completly against privacy violation, that data is given up by ourselves with a choice to do it, so we can't hand them for it. However, i think the fact that we got ads for what our interests are is quite awesome! For example because of this i found webcomics and artists i curently hold really high in my praises and this might not have been the case if FB had another business model.

This being said, i just think people should focus on problems more important than how social media manages to earn some bucks, and while is our choise to be part of that we can't simply call ourselves "products". History holds many stories about civilization that gaved no choice if you wanted or not to be a product so we could be at least glad it is not the case anymore.

Anyway, if you read all the way down here, tnaks for your time!

TL;DR: Facebook is no holy church but it actually not so bad, we can find things we get to love or actually needed in the first place in their targeted adds system. At least we have a choice to be part of this or not!

Our IT-Class project: Mathematics trainer in Java
Day 1 (was monday)

TL;DR we didn't save.

So we formed groups and I landed in the UI team with, let's call him Mage and let's call her Goth.

We had an eclipse project folder on our desktop (they said it only works when put on desktop) Btw they didn't even want to use a cloud or something (I wish we'd use git and I'd finally learn it). We should take the changes by USB from computer to computer.

So me, Mage an Goth are making a basic GUI for this Mathematic-Training App. We use this thing from Eclipse but I forgot the name. It has not enough functionality on surface and I hate things that break complex things up to ease things but leave away so much.

So after a productive hour of building a GUI and centering shit by calculating the top and bottom distance and use margins (hurts me really but Mage was designing, Goth intensively calculating on paper), the bell rings.

Mage wants to save the project on my USB-Stick and bamm💥
A black screen.
I don't know how it happened but it sure had something to do with the USB-port looking like you fucked it with a way to huge🍆. It looked damn broken.

So because we have a nice App called HD-Guard, which fucking wipes the desktop on startup and resets all but the documents/images/videos/music folder —

It's all's gone. Today is day 2 of this project so let's see how today turns out.

Subaru's Symmetrical AWD is the best thing in the world at the moment. Also, warning: !dev

Tl;dr: I'm getting another RPi3 thanks to awesome engineering.

Got a couple of inches of light snow here, and on my way home I came across a GMC Sierra dually stuck at the bottom of a moderately sized ditch. Naturally, I stopped by in my Forester and offered to tow it out.

With my 20ft tow rope stretched to its full length I was barely touching the road. He signalled that he was ready, and I gunned it. Slowly but surely the truck crawled out of the 6ft deep trench. She crested the hill with much applause (from me and the driver of the truck). As a thanks, he gave me $30.

Looks like I'm gonna get a new Raspberry Pi to play with. I think I'll turn this one into a countertop MAME arcade machine.

And for those of you wondering why I'm praising Symmetrical AWD as opposed to AWD in general, here's a quick lesson in drivetrains:
Most all wheel drive cars power the front wheels most of the time. This saves on fuel economy. The thing is, power is only transmitted to the rear wheels when the front wheels start to lose traction. At that point you're already screwed; only two wheels at any one time are putting useful power to the road.
Symmetrical AWD systems, like you'll find in all Subarus and most performance cars, distribute the vehicle's torque eaqually front-rear at all times. So instead of waiting until the front wheels start slipping, all of the wheels are powered right off the bat.

To make this more devvy: grrrr php, vim is best, I configured the tab key to enter four spaces, js has too many damn frameworks and they're still being pumped out faster than rabbits in a bunny farm.

For those who whine about authors putting "TL;DR" after the text that was supposed not to be necessarily read...

"TL;DR" means "Too long; didn't read". Hence, we have all the audacity to insert it *after* the long text. When you don't have time to read, you usually scroll to bottom and find a summary if any.

At least, scrolling can be done even by monke and author can concentrate on writing the streams of text to their heart's content instead of fishy semantics.

tl;dr. web hosting && a panic attack && security threat

i wasn't sure whether my brother's domain was hosted or not (because it wasnt showing a website and he didnt know any better).
so i decided to host a react-app for it on netlify and pointed the domain's nameservers towards it (a separate security threat at bottom).
all went well and now when you punch in the domain it ..all-behold.. shows a website.

NOW, i remember my brother was using the domain's email which probably means it was hosted, right?. so im panicking because im not sure whether i just deleted all his emails or not because it's 1:15 am and he's asleep.
there is a rant in there somewhere but im in too much of a shock as to how much data i might have just accidentally deleted
.
.
another tl;dr: my domain registrar let me change someone else's settings..
the reason i didnt know his domain settings is that he didnt know his password.
i had bought a couple of domains and was gonna host them on netlify. while i was doing this a bright idea hit me.. "you should finally build a website for your brother for the domain he bought 7 years ago"..
this is where the fun begins.
i sent an email to my registrar to point all nameservers of all domains to my nameservers and just to try out i included my brother's domain into it (i dont own this domain it's not registered by my email), and the next day i get an email telling me they've successfully made all changes.
.
Now tomorrow is monday and i'm going to their office to tell them i found a security flaw and see how long i can stall before actually telling them what it was and how their live's could've been made hell.

[tl;dr at the bottom]
(Project Team Group Chat)
dev: @Desing team, i have a question, there's a required field missing in you design, can i go to your desktop to get an quick answer/explanation about that?
design team:....
dev: hello..?
PM: [writes a huge text to tell me that i can not interrupt them even if its a blocker and that we (dev team) shoul write them down and tell them only once a day in the scrum meeting]
dev: uuumm ok

-next day-
dev: so about that field, why did you...
Client: WHAT? There's a problem with the design!? oh boy, lets re-check every view right now with the whole team!
(it took like 2 hours, the field was missing just because they forgot that feature)
PM: okay, @DesingTeam, answer any questions from developers when they ask you...

tl;dr
we spent almost two hours with the client just because desing team didn't want to answer me a little question

(TL;DR at bottom)
Does anyone else feel that modern GUI's or webpages or anything thats 2-D and modernized, just seem to contain 10x less data that old interfaces.
Disclaimer: First time uploading picture, idk how it will go)
Let's say Google's Inbox, compared to the old Gmail interface... (In attached picture)

I am the only one annoyed by this?

I really like the look and everything and I love modern designs, but please please, keep the functionality there. I just feel like there is 10x less options to do when I see a system converted to a new modernized design. Even YouTube look ugly now, that I am convinced there are about 10 buttons less under each video.
(New <-> Old in attached picture)

Thinking objectively, all of the buttons are still there, but from other experiences, I just always get discouraged when I see a product with a minimalistic design, and am immediately turned away from it, expecting that I wont have any sort of ability to customize my settings.

If you say that fancier GUI's take too much work to make all he settings, the fucking don't make a modern GUI... I want something I can tailor to my needs... There is always a good line in between, just like "old" youtube's design...

Maybe thats why I hated LastPass with it's fancy GUI's and instead preferred KeePass for my passwords...

As promised:

TL;DR
Anyone else hate modern GUI's since they usually lack features?

TL;DR: work at the reference hospitals, we got precautions, no panic, we got this.

Well, currently my client is one of the reference hospitals in belgium in regards to coronavirus so they receive a lot of the infected patients. Although the general public is 'uneasy' to put it mildly, the IT department is not scared. We take our precautions, we already have safe working distances from each other. If the federal minister of health announces it, all non-medical or non-essential employees from the hospital will be either put on leave or work remote. Bottom line is: no panic. we got this!

TL;DR Jump to the bottom, putting question first seems strange.

I got 2 servers sharing 1 external ip, i use one server for x y z and the other for a b c, so they dont use the same ports.
I got told i would need 1 dedicated ip per server, and i refuse to believe that since everything works fine. However, some things would definitely be alot easier having an ip per server.

So, does anyone have experience with getting an additional ip for your home connection?