Oh, man, I just realized I haven't ranted one of my best stories on here!

So, here goes!

A few years back the company I work for was contacted by an older client regarding a new project.

The guy was now pitching to build the website for the Parliament of another country (not gonna name it, NDAs and stuff), and was planning on outsourcing the development, as he had no team and he was only aiming on taking care of the client service/project management side of the project.

Out of principle (and also to preserve our mental integrity), we have purposely avoided working with government bodies of any kind, in any country, but he was a friend of our CEO and pleaded until we singed on board.

Now, the project itself was way bigger than we expected, as the wanted more of an internal CRM, centralized document archive, event management, internal planning, multiple interfaced, role based access restricted monster of an administration interface, complete with regular user website, also packed with all kind of features, dashboards and so on.

Long story short, a lot bigger than what we were expecting based on the initial brief.

The development period was hell. New features were coming in on a weekly basis. Already implemented functionality was constantly being changed or redefined. No requests we ever made about clarifications and/or materials or information were ever answered on time.

They also somehow bullied the guy that brought us the project into also including the data migration from the old website into the new one we were building and we somehow ended up having to extract meaningful, formatted, sanitized content parsing static HTML files and connecting them to download-able files (almost every page in the old website had files available to download) we needed to also include in a sane way.

Now, don't think the files were simple URL paths we can trace to a folder/file path, oh no!!! The links were some form of hash combination that had to be exploded and tested against some king of database relationship tables that only had hashed indexes relating to other tables, that also only had hashed indexes relating to some other tables that kept a database of the website pages HTML file naming. So what we had to do is identify the files based on a combination of hashed indexes and re-hashed HTML file names that in the end would give us a filename for a real file that we had to then search for inside a list of over 20 folders not related to one another.

So we did this. Created a script that processed the hell out of over 10000 HTML files, database entries and files and re-indexed and re-named all this shit into a meaningful database of sane data and well organized files.

So, with this we were nearing the finish line for the project, which by now exceeded the estimated time by over to times.

We test everything, retest it all again for good measure, pack everything up for deployment, simulate on a staging environment, give the final client access to the staging version, get them to accept that all requirements are met, finish writing the documentation for the codebase, write detailed deployment procedure, include some automation and testing tools also for good measure, recommend production setup, hardware specs, software versions, server side optimization like caching, load balancing and all that we could think would ever be useful, all with more documentation and instructions.

As the project was built on PHP/MySQL (as requested), we recommended a Linux environment for production. Oh, I forgot to tell you that over the development period they kept asking us to also include steps for Windows procedures along with our regular documentation. Was a bit strange, but we added it in there just so we can finish and close the damn project.

So, we send them all the above and go get drunk as fuck in celebration of getting rid of them once and for all...

Next day: hung over, I get to the office, open my laptop and see on new email. I only had the one new mail, so I open it to see what it's about.

Lo and behold! The fuckers over in the other country that called themselves "IT guys", and were the ones making all the changes and additions to our requirements, were not capable enough to follow step by step instructions in order to deploy the project on their servers!!!

[Continues in the comments]

I have been working on a project I call Pipelines. The idea behind the project is that it will be a centralized dashboard for you to receive Webhooks on.

"You claim you are a developer and don't know what firebase is? Pfft"

Words uttered by one of my classmates flexing on some 4th semester college inmates. I don't know what's more annoying his squeaky voice, the pretentiousness of using headphones as a necklace during class or that I was just like him when I was a freshman (minus the low hanging fruit flexing).

God fucking damn, I'm not even mad at his obnoxious pampered kid semblance, it's the irony of this enlightened fago falling into the god forsaken rat race. Why?

Because he hasn't been magnanimously disappointed by one of the most corrupt systems I've ever been witness of, yeah keep talking about firebase to the teacher who just nods pretending she knows what you are talking about.

I've had this same teacher before and your nice asynchronous ES6 express nosql solution will come last compared to all the WordPress templates she'll approve because they are pretty and all the time you invested, yeah, right into the crapper, seriously it would've been more satisfying to just masturbate everyday until Christmas break. I'm not pissed at him, annoyed by his semblance maybe, but I actually pitty him because the system will take a big shit on his face and he's just smiling.

Damn it, all these careers ruined by lazy ass professors who think leaving a shitload of diagrams as homework counts as teaching. And before any quirky brother interjects with "oh maybe your University is shit", "muh University verry gut u suk", you shut the fuck up! I know my university sucks even tho is "one of the best ones" by the corrupt media's standards, I'm here to vent about issues, real fucking issues happening in real corrupt systems, I'm taking about professors sexually abusing students, not going to classes, no centralized teaching systems, fucking chaos.

I'm happy for you if you feel good about the piece of paper you hang on your wall that certifies you as Bobby the guy who not only learned a shit load about computers, he also bent his ass so far for us and payed us so much money for it, it's funny he thinks himself as smart.

I know, I know, you went to an ivy league college, have a wonderful job and owe some money, good for you, some are not so lucky and I'll make sure those lazy asses who take advantage of the system lose their jobs.

I'm so sick of this shit we call "moodern educashion"

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

Seriously, wtf is with the new "make-everything-in-javascript" thing?

JavaScript is a terrible language. The type safety, or rather lack of it, gives me nightmares about debugging. The standards are always different. It's way too flexible. Ugh.

I'm tired of all the awesome services that I'd love to use being centralized over Node and JS. I don't want to use your stupid fucking language. Who does?

Also what happened to that dart thing that was supposed to replace JS?

The year is 2019.

C++ is still one of the most powerful programming languages around..............with no centralized package manager that is widely adopted by the community that allows one to sandbox libraries from conflicts with one another.

I ain't hating, just find this funny and I love cpp

Apt get/git submodules it is!!

Why has "privacy minded" people fallen for the illusion that Signal is good?

- It is centralized, which means you can't have control
- It uses google play services
- Using third party servers to send gifs
- The apk has flaws
- There is a reason F-Droid dont want it in its repo

I really can't wrap my head around why "privacy minded" people would embrace it.

Learned over Xmas, my brother-in-law works at a company with NO CENTRALIZED VERSION CONTROL. They just... pass around zip files of the latest code? Or something? Like jfc, even as a student we at least used TortoiseSVN!

I was ok with their marriage last summer, but now I feel that my sister deserves better. Can't imagine a company like that attracts the best and brightest. Here's hoping he actually exceeds the expectations, and leads the company into a glorious, gitty future.

Client, who have no idea about tech. wants our cloud based centralized and universal platform that I developed to be hosted on his own server, for sake of his data privacy. He thinks we will sell his data to his competitor

Anything I (am able to) build myself.
Also, things that are reasonably standardized. So you probably won't see me using a commercial NAS (needing a web browser to navigate and up-/download my files, say what?) nor would I use something like Mega, despite being encrypted. I don't like lock-in into certain clients to speak some proprietary "secure protocol". Same reason why I don't use ProtonMail or that other one.. Tutanota. As a service, use the standards that already exist, implement those well and then come offer it to me.

But yeah. Self-hosted DNS, email (modified iRedMail), Samba file server, a blog where I have unlimited editing capabilities (God I miss that feature here on devRant), ... Don't trust the machines nor the services you don't truly own, or at least make an informed decision about them. That is not to say that any compute task should be kept local such as search engines or AI or whatever that's best suited for centralized use.. but ideally, I do most of my computing locally, in a standardized way, and in a way that I completely control. Most commercial cloud services unfortunately do not offer that.

Edit: Except mail servers. Fuck mail servers. Nastiest things I've ever built, to the point where I'd argue that it was wrong to ever make email in the first place. Such a broken clusterfuck of protocols, add-ons (SPF, DKIM, DMARC etc), reputation to maintain... Fuck mail servers. Bloody soulsuckers those are. If you don't do system administration for a living, by all means do use the likes of ProtonMail and Tutanota, their security features are nonstandard but at least they (claim to) actually respect your privacy.

Soooo.... It's almost summer alright.. Centralized heating is long gone already and they forecast +1C tonight.

I mean I do have to survive... Guess I'm keeping this overnight

yeah, pic qlty us shitty, sensors say it's 70-80

Ask me about that one time a motherfucking LOG STATEMENT caused the code to not work properly, breaking both the Test and QA environments, but failed in a way that made it maddening to figure out (in conjunction with the cloud-based hosting environment and the abomination that is centralized logging, which just makes EVERYTHING more difficult).

Actually, DON'T ask me about it, because it was today, it wasted most of my day, and I'm still salty as fuck about it.

Why would anyone use Discord is beyond me.

If people really have an itch to abandon IRC, why not just use Matrix instead of a centralized Gliphy?

Is your office too cold? Centralized aircon and you can't control the temperature? 🙄 hard to type when it is too cold

For some reason github is returning 503 on our build servers randomly. And I need to checkout several repositories to build everything successfully. Builds are automatic and I don't want to maintain local mirror. And we wanted to release tomorrow (but were smart enough to promise this week). And on top of everything build takes six hours and sometime fails randomly even without github. But I'm still optimistic - it's Monday after all. We still have enough time to make it in time for Friday release :-)

TLDR: I need advice on reasonable salary expectations for sysadmin work in the rural United States.

I need some community advice. I’m the sysadmin at a small (35 employee) credit card processing company. I began as an intern and have now become their full time sysadmin/networking specialist. Since I was hired in January I have:

-migrated their 2007 Exchange server to Office 365

-Upgraded their ailing Windows server 2003 based architecture to 2012R2

-Licensed their unlicensed VMware ESXi servers (which they had already paid for license keys for!!!) and then upgraded them to 6.5 while preventing downtime on hosted VMs using tricky transfers and deployments (without vMotion!)

-Deployed a vCenter server to manage said ESXi servers easier

-Fixed a three month gap in their backups by implementing Veeam, and verifying its functionality

-Migrated a ‘no downtime’ fileserver to a new hypervisor host, implemented a ‘hot standby’ server as a backup kept up to date by the minute with DFS replication.

-Replaced failing hard drives in a RAID array underlying their one ‘business critical’ fileserver, which had no backups for 3 months at that time

-Reorganized Active Directory and Group Policy deployment from a nightmare spiderweb of OUs and duplicate policies

-Documented the entire old network and now the new one as I’ve been upgrading this

-Audited the developers AWS instances and removed redundant machines, optimized load balancing on front end Nginx servers, joined developer run Fedora workstations to the AD domain and implemented centralized syslog monitoring on them.

-Performed network scans and rewrote firewall exceptions to tighten security

There’s more, but you get the idea. I’ve now been tasked with taking point on an upcoming PCI audit which will be my first.

I’m being paid $16/hr US, with marginal health benefits. This is roughly $32,000 a year, before taxes.

I have two years previous work experience managing a third party Apple repair facility (SimplyMac) and every Apple certification for warranty repair and software troubleshooting. I have a two year degree in general sciences, with about 4 years of college credit (Two years of a physics education and two years of computer science after I switched focus) I’m actively pursuing a CCNA and MCSA server 2016 with exams paid for and scheduled.

I’m going into a salary negotiation in two months. What is a reasonable salary to request, from your perspective, for someone in my position?

Thanks in advance!

Guys, why does every idea project I get are already made!

"
Hey I have an idea, I could create a linux distro to replace those 🤬 windows 7 that have office 2003 and all that crap and that always update at my brother’s school.

I should base it on Ubuntu, as it is the most popular distro with the most support on the Internet (for those teachers that can’t enter a 🤬 ‘ , yes an apostrophe).

It should have all those sweet open source softwares to show the kids the open source world.

It should have a centralized restriction thingy.

How could I name it? Oh maybe Edubuntu, yeah that’s a cool name.

*searches it*

🤬 you!

I guess I could contribute to it, but I think it’s dead

So just now I had to focus on a VM running in virt-manager.. common stuff, yeah. It uses a click of le mouse button to focus in, and Ctrl-Alt-L to release focus. Once focused, the VM is all there is. So focus, unfocus, important!

Except Mate also uses Ctrl-L to lock the screen. Now I actually don't know the password to my laptop. Autologin in lightdm and my management host can access both my account and the root account (while my other laptop uses fingerprint authentication to log in, but this one doesn't have it). Conveniently my laptop can also access the management host, provided a key from my password manager.. it makes more sense when you have a lot of laptops, servers and other such nuggets around. The workstations enter a centralized environment and have access to everything else on the network from there.

Point is, I don't know my password and currently this laptop is the only nugget that can actually get this password out of the password store.. but it was locked. You motherfucker for a lock screen! I ain't gonna restart lightdm, make it autologin again and lose all my work! No no no, we can do better. So I took my phone which can also access the management host, logged in as root on my laptop and just killed mate-screensaver instead. I knew that it was just an overlay after all, providing little "real" security. And I got back in!

Now this shows an important security problem. Lock screens obviously have it.. crash the lock screen somehow, you're in. Because behind that (quite literally) is your account, still logged in. Display managers have it too to some extent, since they run as root and can do autologin because root can switch user to anyone else on the system without authentication. You're not elevating privileges by logging in, you're actually dropping them. Just something to think about.. where are we just adding cosmetic layers and where are we actually solving security problems? But hey, at least it helped this time. Just kill the overlay and bingo bango, we're in!

Boss: I don't want centralized error logging

Me: But we have 50+ client sites running the same web app, why the fuck wouldn't we?

Boss: What if the database is offline, then we wouldn't be able to log exceptions

Me: *beats head against desk*

GitHub is horrible. It takes the "de" away from the "decentralized" aspect of Git. Also, don't forget the part of the TOS that says Microsoft has all rights to your code regardless of license.

IBMs Rational Team Concert.

Whole the VCS is okay for a semi-centralized one, the client was based on eclipse.

Who in a bright mind could possibly think that writing the client as an eclipse plugin is a good idea?

Home automation
Lights turning on at the same time the wake up alarm goes off, blinds up and such
Centralized and shared calendar in the living room
And stuff that could bring me to jail (I've never done that and I'll never do it, I swear)
Maybe

I'm looking for a personal project involving IPFS. I know that a lot of people say that IPFS is going to revolutionize the way we think of Internet and its the future and so on and so forth. I fully agree with this. But, from a practical stand point, I am wondering if there is any kind of service that absolutely necessitates the use of IPFS. In other words, is there something that I can work on that isn't already accomplished by a traditional, centralized service?

I don’t understand blockchain enthusiasts. I even spent some time studying the concept and application examples. Most of the time they use private networks removing the concept of distribution, many other times regular database and signature techniques would be cheaper and more practical and anyway these ready made solutions are actually black boxes for the final users because messing around with blockchain would require too much skills… But if you have to trust these black boxes, you could actually just trust any centralized service… I really can’t understand…

Dev1: Something is not adding up
Dev2: Yea I saw it too,
Dev1: We can come up with an algo to show more controversial content vs really bad content
Dev2: They already LOATHE the algorithm, and make videos about it,
Dev1: If we remove the dislike count,
Dev2: ... sync count will not be centralized
Dev1: ... because only the creator will see the dislikes
Dev2: ... view count v dislikes will be totally blurred now
Dev1: ... coz the dislike code depends on the "has the user viewed it" algo
Dev2: meaning people will have to watch is more than the threshhold!!!
Dev1: but people are not gonna be happy
Dev2: we didnt get negative feedback on the small experiment
Dev1: Fck it, PR will handle it

How I think it really happend, because I cant wrap my head around this shit

Git was designed to be used in a decentralized fashion, and as such has a lot of additional logic steps to deal with this.
The way people use git today only with centralized storage such as github makes it a inferior solution compared to SVN

Do you people prefer a central tool to manage multiple servers? If so, what are some good opensource ones you'd recommend? is Kibana a thing? I'm a CLI purist, and I'm a little concerned about a large attack surface on something so centralized

Thanks!

Too much Centralized ?

Best practices for implementing centralized authentication system like LDAP servers?

Hey guys, just wanted to know what does everyone really think about Blockchain, honestly.
I've seen Blockstack create so many modules duplicating almost every centralized functionality, but why aren't they as famous yet. Just because people aren't aware?

Here is an interesting idea
You could collect a whole bunch of peoples programming related search history and find out when they started searching for a problem on stackoverflow or other such evil sites

And you could migrate the answers that seemed to fix their problem to another site and combine these things in a nice centralized tailored to the use case form

Centralized or Distributed? What do u think?