My last internship (it was awesome). A programmer developed a vacation/free day request application for internal use.
Asked if I could test it for security.
The dev working on it thought that was a very good idea as he wasn't much into security and explained how the authentication process worked.
I immediately noticed a flaw just from his explanation. He said it was secure anyways (with an explanation but his way of thinking was wrong in this case). Asked if I was allowed to show him. He said he was intrigued by this so gave me a yes right away.

For the record, user levels were normal user, general admin and super admin (he was the only super admin).

Wrote a quick thingy server side (one of my own servers/domains) for testing purposes.

Then I started.

Went from normal user to super admin (his account) through a combination of XSS and Session Hijacking within 15 seconds.

Explained him where he went wrong and he wrote a patch under my guidance 😃.

That felt so fucking awesome.

2010: PHP, CSS, Vanilla JS, and a LAMP Server.

Ah, the simple life.

2016: Node.js, React, Vue, Angular, AngularJS, Polymer, Sass, Less, Gulp, Bower, Grunt.

I can't handle this, I'm shifting domains to Machine Learning.

2017: Numpy, Scipy, TensorFlow, Theano, Keras, Torch, CNNs, RNNs, GANs and LOTS AND LOTS OF MATH!

Okay, okay. Calm down there fella.
JavaScript doesn't seem that complicated now, does it? 🙈

Started talking about Pi-Hole (still trying to install this fucker by the way) today with a collegue.

He had it installed and showed me around a little.

CW: Alright give me an example then I'll show you wildcard blocking.
Me: google.com 😅
CW: *enters and saves it. then tries to load anything related to google.com*

*no google.com domains load, all give a blocked error*

Me: Works great!
CW: Yup.
...
...
...
...
Me: Uhm so you aren't like surprised that I went with google.com as example and that I'd genuinely would block it?!
CW: No, why would I be?
Me: Well, most people consider me paranoid/crazy the second they find out I don't want to use google/google's services.
CW: well that's fucking retarded. why would anyone redicule you for not using something you don't want to use. You'll have your reasons.
Me: So if I'd say i do it for privacy reasons, you wouldn't find that redicilous?
CW: No, why would I? Not using google (and for that matter facebook etc) for privacy reasons is very logical really.

FUCKING. THANK. YOU.

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Who am I to refuse such a flattering offer?

Front-end dev: email domains other than Gmail and Hotmail exist?!1! 😱 And email regex, what the hell is that? 😵

First rant from a phone without Google services.

Put shitloads of Google/fb etc domains in the hosts file so my phone cant reach those either.

Root firewall blocks everything except for devrant, a download manager, fdroid and firefox focus.

As for my phone, I'm Google free!

Thanks for @PonySlaystation for coming up with this idea!

Wrote my first ever Firefox extension. It loads a json list from a server containing domains which, according to the snowden leaks of 2013, are integrated within a US powered mass surveillance network.

If it finds any urls on the page being loaded, it puts a fullscreen red background with a warning text and the links which match the surveillance criteria.

There's no way to continue to the web page yet, will try to add that later on.

Just registered two new domains. Will be writing two new services tonight 😃

I'm happy yay 😊

I don't use Google/Facebook for privacy reasons (and their sub-services etc). Haven't used them for ages but noticed that google still loads a lot of domains like analytics etc. This goes for facebook as well.

I now blocked a lot of google/facebook domains through my hosts file.

It's funny to see the amount of DNS requests to those fb/google connected domains nearly go to zero and also the fact that I literally can't load google/facebook anymore!

Another great thing is pihole.

Blocking more than 2 million domains like an afternoon breeze

Last september:
I get an email from a customer who want to end the contract. I inform him that the contract runs to the end of March and it will be terminated the last of march.

Customer agrees and I do not hear a word from him. Until now when I closed down all his services.

Angry email:
Why did you close the server and email? are you **** stupid!?

I reply:
21/9 2016, you wanted to terminate all services you had with us. That means that your domains, DNS-services, VPS, email and Office 365 was going to be closed today.

Why is this not uncommon?!

Stop buying domains that you don't use you fucking idiots. Can't find any domain for my new project. But none of them are being used. Fucking retards.

Wierd Domains Game

Like: pornhub + StackOverflow
PornOverflow.Com

Add your entry in comment.

Winner will be get 1 domain + 1 year hosting

Holy fuck, this is starting to work!

Problem: I am highly anti google/facebook/few others and I'd rather null route those DNS requests.
The problem is that the pihole only can blacklist domains or wildcard domains but not words. So if Google would come up with a new name for some of their domains, I'd be fucked because I can't filter out the word Google through the pihole.

Today I fucking found the solution (still a work in progress but a PoC is nearly working):
Compiled a program which can monitor DNS queries/requests and logs them to a file.
Have a php (yes I write most of my cli tools in php) script tailing the log file and gathering the requested domains from it.
Then I can see if the domain contains the substring which I don't like (google as word for example) and echo it to the end of my hosts file with 0.0.0.0 in front of it if that's the case.

Holy fuck this seems to be working! 😍

Just opened localhost8000 and this is what I get

So just recently my school blocked the following for unknown reasons websites
Github
Gitlab
Amazons aws
stack exchange
Bitbucket
Heroku
The hacker news
DuckDuckGo
The Debian package repositories yea all of em
And all domains that end in .io
Now some of you out there are probably just saying "well just use a vpn" the answer to that is I can't the only device I have a locked down school iPad can't install apps cannot delete apps cannot change vpn or proxy setting's I cannot use Safari private tab they have google safe search restricted to "on" they even have "safari restricted mode which lets safari choose what it wants to block" and even when I'm on my home wifi it's s still blocked as they use Cisco security connector THIS IS HELL

Also this is my first post :)

Have been working on a frontend with actual stats for the DNS server I'm building. This is the result so far (real stats, red blocked domains are marked by me (in redis) as surveillance domains), thoughts?menu

Was thinking of a name for my currently biggest project and thought of a funny one, took the first letter of each word and started to use that to refer to the project, was thinking about domain names and such already etc.

Just wrote it down and I suddenly noticed:

ONE OF THE LETTERS IN THE SHORTCUT ISN'T CORRECT.

How the fuck did I miss that for fucking weeks?! It's not like it's a difficult sentence/set of words or anything.

I'm so fucking glad I didn't register domains or shit yet.

How. In. The. Living. Hell.

I was offered to work for a startup in August last year. It required building an online platform with video calling capabilities.
I told them it would be on learn and implement basis as I didn't know a lot of the web tech. Learnt all of it and kept implementing side by side.
I was promised a share in the company at formation, but wasn't given the same at the time of formation because of some issues in documents.
Yes, I did delay at times on the delivery date of features on the product. It was my first web app, with no prior experience. I did the entire stack myself from handling servers, domains to the entire front end. All of it was done alone by me.
Later, I also did install a proxy server to expand the platform to a forum on a new server.
And yesterday after a month of no communication from their side, I was told they are scraping the old site for a new one. As I had all the credentials of the servers except the domain registration control, they transferred the domain to a new registrar and pointed it to a new server. I have a last meeting with them. I have decided to never work with them and I know they aren't going to provide me my share as promised.
I'm still in the 3rd year of my college here in India. I flunked two subjects last semester, for the first time in my life. And for 8 months of work, this is the end result of it by being scammed. I love fitness, but my love for this is more and so I did leave all fitness activities for the time. All that work day and night got me nothing of what I expected.
Though, they don't have any of my code or credentials to the server or their user base, they got the new website up very fast.
I had no contract with them. Just did work on the basis of trust. A lesson learnt for sure.
Although, I did learn to create websites completely all alone and I can do that for anyone. I'm happy that I have those skills now.
Since, they are still in the start up phase and they don't have a lot of clients, I'm planning to partner with a trusted person and release my code with a different design and branding. The same idea basically. How does that sound to you guys?

I learned that:
. No matter what happens, never ignore your health for anybody or any reason.
. Never trust in business without a solid security.
. Web is fun.
. Self-learning is the best form of learning.
. Take business as business, don't let anyone cheat you.

How people see me:

Father: computer nerd (he's a coder too)
Mother: website maker and computer nerd
Brother#1: some computer wizard
Brother#2: noob web coder (he codes as well, but systems programming) - thanks bro!
Colleagues: The ALIEN™
Girlfriend: 404 not found
Friends: The NERD™
Dog: some hooman spending lots of time behind those lighty rectangles

Fyi, I am passionate about computers in all domains and always helped debugging people

My solution to not being overwhelmed with futile demands? Talking to them in complicated words, so they will only ask questions about true problems and not garbage :D

A few weeks ago a client called me. His application contains a lot of data, including email addresses (local part and domain stored separately in SQL database). The application can filter data based on the domain part of the addresses. He ask me why sub.example.com is not included when he asked the application for example.com. I said: No problem, I can add this feature to the application, but the process will take a longer.

Client: No problem, please add this ASAP.

So, the next day I changed some of the SQL queries to lookup using the LIKE operator.

After a week the client called again: The process is really slow, how can this be?

Me: Well, you asked me to filter the subdomains as well. Before, the application could easily find all the domains (SQL index), but now it has to compare all the domains to check if it ends with the domain you are looking for.

Client: Okay, but why is it a lot slower than before?

Me: Do you have a dictionary in your office?

<Client search for a dictionary, came back with one>

Me: give me the definition of the word "time"

<Client gives definition of time>

Me: Give me the definition of all words ending with "time"

Client: But, ...

Never heard from him again on this issues :-P

Started working on a pihole alternative a while ago.

I like pihole a lot but one of the features I am missing is to be able to define a list of mass surveillance related domains (Snowden leaks; PRISM program and such) and show statistics based on dns queries containing blacklisted domains, prases/words and surveillance-related domains/words (google/facebook/microsoft/apple etc).

Started working on one based on an existing (php based) dns server which is open source and slowly but surely developed something which worked.
Then, I found out that the php resolving function (dns resolving) uses the system default, which can, of course, be google's dns as well. Changing this would be ideal but while the documentation suggested that it could be done some way, it didn't work for me so I chose a library which can do it with specific dns servers (to use as external dns servers).
This library used a different way of showing the retrieved dns query results and really wasn't in for converting everything by hand so i kinda quit the project a while ago.

A few days ago I thought fuck it and started again.
Now have a working version based on the new dns resolving library and made some other good improvements.

For those who are wondering why I chose PHP for this: why the fuck not?

Happy happy happy.

Namecheap: *cricket noises for over a year*
Today: "hEy ThErE cOnDoR, yOuR dOmAiN WiL eXPirE iN 24 hOuRs!1! rEnEw NoW, yOU rEadY?"
Me: "No you motherfucking bastards, a bank transfer takes 3 days at least. Oh wait you don't even accept bank transfer, how convenient!"

And what if I didn't see that email right after your fucking craptacular automated notification system sent it to me, hmm? Don't you Namecheap of all companies know how fucking *vile* domain squatting on the .com is?!!

MOTHERFUCKING CUNTS!!! Jeopardize my domains like that *one more fucking time*, and guess who will be taking his assets to the sexist bastards that I tried avoiding for so long, GoDaddy! FUCKERS!!!

Since GoDaddy was calling me frequently to buy domains I've added to my cart, I added another domain
'dontcontactmetobuythisdomain.com'

So I used to do some freelancing in web development last year, nothing too fancy just some simple PHP websites. Comes the worst meeting in my life. So I am from India and we have a lot of long lasting business here being passed on over generations. TL;DR the guy was the owner of a very old business which was actually very huge and the guy was educated too, so I assumed that he'll be sensible as compared to other people.

The meeting was in an expensive cafe and he paid for it, he even told me upfront that meeting is on him. Great, right? So we sit down, order some coffee and then start discussing what he needed.
The guy needed an ecommerce website built with backend and logistics system integrated. We discussed possible designs for the website and stuff too and so far the deal looked promising to both of us.
I explained him the cost estimate and told him that I would email him the final quote from myself once we discussed server cost and shit.
So now comes the bargaining part where he asked me to give him server and domain for free.
At this point, I suspected that he didn't know that servers and domains are not something that you make. You have to purchase and renew them periodically.
So I told that guy that he didn't understand the cost estimation and explained to him that X is the cost of making this fucking thing and Y is its monthly maintenance cost, if he wanted annually could be done too. And this Y did not include server and domain costing.
Now came the fucking tide, the guy straight up turned to his shit and told me I am lying and trying to con him. So I gently asked him if he had ever gotten any website made. To which, he said No, but he knows how the costing works.
I was like "Bitch?". So I calmly tried to explain that that's not how websites are done, delivered and maintained.
He didn't seemed to be understanding and kept on fucking repeating that he knows his shit and blah blah.
At this point, I was like "Okay. Fuck this dude then. I can find another project. " and then I told him that he'll need to find someone according to his needs.
Interestingly enough, the guy called someone and then walked out of the cafe while talking on phone. I waited for 5 minutes and he didn't come back so I decided I would pay for my coffee and leave. Turns out the guy had paid his bill before my arrival and ditched me with the excuse of the call.

But oh well, I think working with such an idiot would have been much worse than paying for that coffee.

Me: Gets idea, buys a domain name
Me after 2 months: Looks at expenses, questions impromptu spending habits on domains

DigitalOcean

My god, it's so easy and simple to spin up a server for a few minutes without being stuck with a contract of a year. Also, being able to manage all my domains there is a blessing :D

You know what I envy Americans about? Your .gov domain.
It is so difficult here to detect if the website is honest or a scam because our government is too dense to put all their sites as subdomains of one trusted domain. Like dod.country.tld for the department of defense or justice.ministry.country.tld for the ministry of justice.
No, these idiots buy ministry-of-justice.tld, because no scammer ever could conceive the idea of buying ministryofjustice.tld to host a scam site.

At least publish an up2date list with domains I can trust.

Needed a list with all domains I run on a server but I don't always give nginx config files the names of their website so I was about to start going through them by hand..... waaait, let's try to automate this with a bash script...

Five minutes later I've got a working bash script which gets all domains from all config files.

Oh, the joys of terminal/bash stuff!

Heres a smartass domain name if anybody is looking for one :^)

> I noticed you have domains that are not used anywhere, do we need to move them? e.g. domain X?
>> no, they aren't used
*migrate servers and working domains*
>> why did domain X stop working?
> que?

We have 1 guy managing everything. He develop our CMS, customers email client, manage our network, servers, domains (our own domain servers), billing system, SSL certificates... In short: everything (as well as bugs). The entire company relies on 1 guy, pretty much.
Brings the phrase "all for one, and one for all" to a whole new meaning.

I eat food. And I cook food. Believe it or not, cooking is very similar to coding. Things you do at the very beginning haunt you till the very end. Also, premature optimization is the root of all evil (in both domains).

Motherfucking website style JavaScript rant ahead.

Just tried to register some travel tickets, at FlixBus. Of course alternatively I could go for a train but those would be more expensive. So yeah.

Turns out that the website loads JavaScript from 20 domains including 3 required CloudFront ones (those are the most annoying because it's not possible to tell by the domain what it would be doing). But alright, I'll take it. Web 3.0 amirite?

So I go and find myself a nice bus, add it to my cart.. oh shit it's the wrong one. Change some parameters, hit return.. well guess what. Turns out that in all their JavaScript glory they couldn't implement that much. Awesome!

Go to another site to get another ticket for my travel back, only to find out that while they couldn't implement return, their webdevs are apparently skilled enough to get a giant boner on blinking "(1) Almost ready!" in the site's title, when changing to another tab and there happens to be stuff in the cart. Do you really think I care about that shit! Don't distract me and let me get my shit done!!!

So, to all you webdevs who would pull something like this and wank on it too. Guess what motherfucker. That purchase got cancelled through the power of JavaScript wank, because there's no way I'm supporting that dystopian junk. Guess what, when people shell out money at your shitty online shop, they may want a quarter-ass decent UX too. And no notifications or any of that wank, you hear me?

But yeah fucking Web 3.0!!! Give me a fucking break.

Trying to learn some golang after a break.

Made http / https transparent proxy for personal project.

Mind: You need to add configuration file with domains you allow traffic and block everything else using list of regex.

Me: Ok I can do it, 4 hours later ok done

Mind: Why not make it differently by making list of url you can block and test this shit on fucking ads and stop using adblock that downloads content.

Me: ok that will be handy I can watch websites faster and drop traffic I don’t want to.

Funny fact, it works I broke analytics, logging, quantum shit fucks and even youtube plays ok.

Go is awesome for networking stuff lol.

Dear Product Owners,

If you tell me how I need to architect my software again I'm going to ask you to provide a network topology of the architecture you want me to build.

I'll also need you to request the new servers, work with the ops teams to setup credentials, provision the NAT, register the domains and document the routes that the proxy will need to use.

then I'll need you to hook the repo up to our non-existent pipeline so that I can make sure I won't do all that testing I already can't do.

I hope you're paying attention, because that framework you told me I needed to use is going to be a pain to setup correctly.

after you're done with that, please attach any documentation you shit out to the ticket you never created.

Enragedly yours,
Looking for a new job

PS: get fucked

I hate asking questions but I need to right now.

Any suggestions for an easy installable email server like mailinabox? Multiple domains is a requirement :)

My first job was actually nontechnical - I was 18 years old and sold premium office furniture for a small store in Munich.
I did code in my free time though (PHP/JS mostly, had a litte browsergame back then - those were the days), so when my boss approached me and asked me whether I liked to take over a coding project, I agreed to the idea.

Little did I know at the time: I was supposed to work with a web agency the boss had contracted to build their online shop. Only that he had no plan or anything, he basically told them "build me an online shop like abc(a major competitor of ours at the time)"

He employed another sales lady who was supposed to manage the shop (that didn't exist yet). In the end, I think 80% of her job was to keep me from killing my boss.

As you can imagine, with this huuuuge amout of planning and these exact visions of what was supposed to be, things went south fast and far. So far that I could visit my fellow flightless birds down in the Penguin's republic of Antarctica and still need to go further.

Well... When my boss started suing the web agency, I was... ahem, asked to take over. Dumb as I was, I did - I was a PHP kid and thought that Magento, being written in PHP, would be easy to master. If you know Magento, you know that was maybe the wrongest thing I ever said.

Fast forward 3 very exhausting months, the thing was online. Not all of it worked yet, but it was online and fairly secure.

I did next to everything myself, administrating the CentOS box the shop was running on, its (own) e-mail server, the web server, all the coding required for the shop (can you spell 12 hour day for 8 hour pay?)

3 further months later, my life basically was a wreck, I dragged myself to work, the only thing I looked forward being the motorcycle ride home. The system worked though.

Mind you, I was still, at the time, working with three major customers, doing deskside support and some admin (Win Server 2008R2 at the time) - because, to quote my boss, "We could not afford a full time developer and we don't need one".

I think i stopped coding in my free time, the one hobby I used to love more than anything on the world, somewhere Decemerish 2012. I dropped out of the open source projects I was in, quit working on my browser game and let everything slide.

I didn't even care to renew the domains and servers for it, I just let it die without notice.

The little free time I had, I spent playing video games and getting drunk/high.

December 2013, 1.5 years on the job, I reached my breaking point and just left, called in sick at least a week per month because I just could not see this fucking place anymore.

I looked for another job outside of ALL of what I did before. No more Magento, no more sales, no more PHP. I didn't have to look for long, despite what I thought of my skills.

In February 2014, I told my boss that I quit. It was still seven months until my new job started, but I wanted him to know early so we could migrate and find a replacement.

The search for said replacement started in June 2014. I had considerably less work in the months before, looks like he got the hint.

In August 2014, my replacement arrived and I got him started.

I found a job, which I am still in, and still happy about after almost half a decade, at a local, medium sized ISP as a software dev and IT security guy. Got a proper training with a certificate and everything now.

My replacement lasted two months, he was external and never really did his job - the site, which until I had quit, had a total of 3 days downtime for 3 YEARS (they were the hoster's fault, not mine), was down for an entire month and he could not even tell why.

HIS followup was kicked after taking two weeks to familiarize himself with the project. Well, I think that two weeks is not even barely enough to familiarize yourself with nearly three years of work, but my boss gave him two days.

In 2016, the shop was replaced with another one. Different shop system, different OS, different CI. I don't know why and I can't say I give a damn.

Almost all the people that worked at the company back with me have left for greener pastures, taking their customers (and revenue) with them.

As for my boss' comments, instructions and lines: THAT might not be safe for work. Or kids. Or humans in general. And there wouldn't be much left if you put it through a language filter...

Moral of the story: No, it's not a bad thing to leave a place if you're mistreated there. Don't mistake loyalty with stupidity!

And, to quote one of my favourite Bands: "Nothing matters when the pain is all but gone" (Tragedy + Time by Rise Against).

My biggest insecurity?

That I'm fascinated by a lot of domains and rather than mastering one I'm just intermediate in all of them, making me a jack of all trades but a master of none.

I had forgotten why I hated GoDaddy so much.. until today. It all came back to me.

I have been a GoDaddy customer for over 5 years now. Last year I tried out Namecheap for the first time because someone who was sending me a domain asked me to create an account on NC.

A couple of days on NC and I fell in love with the support and pricing. I started transferring all my domains to NC over the year. (30+)

Now I was left with 3 domains, 1 of them was to expire 4 days ago. but 5 days ago, GoDaddy switched it to pending mode, barring me from transferring to domain or changing any details.

today I called GoDaddy and after a loooong chat, they fucking forced me to renew my domain!! Saying that I need to renew the domain before I attempt to make any more changes!!!

FUCK YOU GODADDY! THIS IS WHY I NEVER SEND CLIENTS YOUR WAY!!!

So according to google domains I just put in a transfer request 5 days in the future... Fuck me I need to learn to contain these powers...

It came to me, a brilliant idea, a simple solution to an everyday problem and easy route to market. Great, starts looking for domains and writes down idea in full in case i forget. Later that day, picks up 12 year old son from school, tells him my great idea. He told me how shit it was and why straight away.

Microsoft Teams can burn.

Who the fuck thought it would be an excellent workflow, when you want to COLLABORATE IN TEAMS between users in different domains, that each sorry bastard needs to manually log in to a second Teams tenant and loose all the context from their main Teams tenant !?

On random occasions the fucking authentication token expires. I send messages to my team mate in another domain. Three days later I am pissed off because they don't answer. It turns out their authentication token has expired so when they are on their main tenant they don't get any notifications before they manually log in to our tenant as a guest. HOW FUCKING GREAT IS THAT AS A NOTIFICATION SYSTEM ??!

Would it be that fucking difficult to maintain a notification bar with all tenants and note with an exclamation mark or something REALLY FUCKING SIMPLE to hint about an expired token ? It's not like this is magic, Slack does it already.

FUCK !

Installed Cookie Clicker yesterday. This app literally bombs my PiHole with ad- and tracker domains.
This is pretty bad...

I have this side project that I’ve been working on for the past 6 years part time but over the past 2 years just as a sysadmin to keep it running, it’s unpaid work but whatever, dropping in once a month or so doesn’t worry me.

Well the owner of the domain hasn’t been reachable for nearly 9 months and the domain expired a while back, not much I can do about that, so I pushed everything over to work at the IP level while I reach out and wait - that was 2 months ago while I waited for the owner to renew it or for the domain to fall.

Today the domain fell, so I jumped on to buy it back up only to find its already purchased... 😦

so I find the owner, it’s fucking parked on a shitty “buy me” page with a price tag of $4500 USD. Fuck these slimy hoarding domain parking bastards.

I know the site was on its last legs, low membership and traffic but I’ll be fucked if I’m paying that much to reacquire it.

Just spent 2$ on mydev.life
(Bought the domain for no damn reason)

We all have that graveyard of domains which we never get to use!

IF YOU UPDATE AN ADM PLATTFORM FOR FUCKS SAKE DON'T DO THE FOLLOWING THINGS:

1. ONLY DOCUMENTATE IT IN A POWERPOINT

2. WRITE DOWN IPs AND PORTS ONLY ON A WHITE-BORD

3. MOVE TOOLS TO OTHER SUBNETS OR DOMAINS WITHOUT PROPERLY KNOWING THE WAYS OF COMMUNICATION BETWEEN THEM

4. USE YOUR PERSONAL EMAIL ADDRESS AS RESET OPTION FOR LICENCE-MANAGEMENT ACCESS IF NO ONE KNOWS THE PW

5. LEAVE THE COMPANY THE DAY AFTER THE UPGRADE IS DONE

Because the guy who has to take care of the upcoming problems is not going to like you!

BUT having to deal with all of this at once would not be a problem if your, so called team (30 People who work with those applications e.g. as test-engineers) would actually work together instead of having that "not my daily business, I am going to drink coffee" attitude.

Apparently I am the only one who has enough balls to see, admit, and report a problem to our leadership.
This always leads to Me fixing the issue...
....that's alright I am learning a lot...
...BUT IF A TEAM-MATE, WHO HAS THE SAME DEGREE AS I AM GOING TO GET, LEAVES EARY BECAUSE: "HE DOES NOT KNOW WHATS WRONG", IT TRIGGERS ME!!!

- The apprenticeship guy

PS Needless to say hundreds of clients have access to those systems and I worked through a shittload of official tool docs just to get to know the tools first...

My boss says to me this morning.

Boss: Can you add these links as a redirect 301 to this link.

Me: Ok, I'm not the developer for that domain but I guess I can do it. Let's try to update apache htaccess for that domain through my account.

(After a swift ssh connection to the server to check out that domain.)

Me: Er...boss, we don't own that domain. We cannot redirect it's links to our other domains.

Boss: Why? What do you mean?!

Me: well if we don't own that domain, than it is not on our server and we cannot update it's server config files. So we cannot redirect that domain to our other domains.

Boss: Are you sure?

It went on like this for a while. I had a laugh break after.

PSA to /[devs who things it's a good idea|management who thinks it's a good idea to force your devs]+/g:

There currently exists 1543 (and counting) top level domains. My email addresses follow the pattern: /^[a-z]+@panduro\.guru$/ and I die a little inside whenever I get told my email addresses aren't valid because you thought it was a good idea (to force your devs) to hardcode "valid" top level domains. There is a reason why the filter for input type email does not include top level domains.

And you can't even begin to comprehend how mildly annoyed I get when I message their support and tell them what the problem is (because I'm nice enough to do that) they instead of telling me "thanks for informing us we'll look into it" they tell me "well just get a gmail or something". I should not have to order social status reducing items with my school mail (especially not since I'll loose that email ¾ pairs of years)

Fuck GoDaddy man... Paid extra for the privacy feature thinking I wouldn't get harassed by phone. Think again! Got tons of calls from India in two days. What a rip off...

I guess they're selling our info or something...

What service do you guys use? I want to move my domains, any recommendation?

Client asks to point their domain to a new 'squarespace' they just got, then call you bc they cannot access the admin console to their old site and 'it's so weird that all the requests are now going to squarespace !!'

So much truth

Why do _devs_ still use shared hosting (and then bitch about it)?

"This thing won't let me use external SMTP" - "I can't use more than 2 domains for my site" - "I can't change X in PHP config" ...

You're a dev, VPS prices are pretty much on the same level as shared hosting, and setting those things up isn't exactly rocket science either.

Does anyone own any funny-ish domains?
Mine are:

realog.site - used for testing websites for clients

imgoing.global - will be my personal site / portfolio soon

Unicode domains is the shittiest feature introduced in web recently.

People who came up with this idea must be fucking dumb or have ties with internet scammers.

Holy fcuk! Can anyone here help me understand how this domain is possible?

WARNING: obviously its a spam site. Take necessary security precautions if you are going to visit.

the following domain opens a cluster fuck domain name! >> secret.ɢoogle.com

That ɢ is not what it looks like. How is such domains possible to exist? Even more surprising, how is this sub domain -ception possible?

#include <rant>
Using angry standard;

Int main()
{
cout << "So my mom recently started "exploring the web". I'm sure you already know where this is going; she ended up signing up for a free trail of some diet pills with her credit card on some sketchy website. The website never sent any product but attempted to charge her card over $300 multiple times. My mom's bank noticed and froze the account. She has now opened an investigation with the banks fraud department and is awaiting response. I took the liberty of running a whois look up and found the companies website is held by GoDaddy and is hiding behind Domains by Proxy (GoDaddy's sysadmin hider). I'm angry that she's in this situation but I have no idea of how to uncover the real company behind the diet pills site." << endl;

Return 0;
}

Oh boy, this is gonna be good:

TL;DR: Digital bailiffs are vulnerable as fuck

So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:

The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.

So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!

This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.

I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.

Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!

Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...

The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.

But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.

So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)

So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"

So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones

How common is it for development job applicants to lie about their skillsets and experience?

Had an applicant come interview for a senior software engineer role, has been in the same company for 8 years and his resume is sprayed with almost every tech speciality and language there is, claims to be proficient in 8+ languages, done AWS server migrations, built CI/CD pipelines from scratch, written CloudFormation scripts, built microservices, worked with AWS services and serverless platforms, has managed a team, does salary and performance reviews

My gut feeling is when someone claims to have knowledge and experience across multiple specialities, they’re skills in any of those domains are only skin deep

Remote server software installation support is great!
You can watch them trying to understand where what is on the file system, they repeatedly switch between windows without doing something on either of them and they set your IE browser policy to allow all kinds of domains & sites which are preventing them from downloading their software.
Todays guy did not know how to transfer a file between the local machine and one in remotedesktop. 😄

(If you do support like this, then don't get me wrong, I'm not making fun of you personally, it is just funny to watch if you have to actually sit there and wait for the support to finish.) 😉

Some days ago a friend told me about this good site to by the new .app domains, bigdaddy.com.
So I wanted to look for a domain and ooops, thats gay porn 😮
I confused names with godaddy.com. Maybe a lecture at uni is not the best place to open this site 😅

When you wanna lunch a product and all domains with good names are taken; and when you find a good domain, the twitter handle is taken by an egg!!

A week ago, the team that hired me asked me to fix the s**t they made when they hosted around 30 WordPress sites in a single Bluehost shared server. Several of those were multisite installations. The server eventually gone down because of the load. And the most disturbing part was they were taking money from some of their clients to host the sites, in stead of not having a reseller licence. The server was going down quite frequently so I suggested moving some sites to another host or another server. They asked me to do it, but when I asked for the permission to edit the nameservers, they asked me to make a subdomain and point it to the new server. Which was kind of impossible because the new host was already having some subdomains and it's not easy to work with sub-sub domains. So, on an open statement they said that I am unprofessional and not fit for work. Before that they disturbed me and bursted on me when I was off working hours. -_-

Oops just bought a domain 😁😁

Thanks @ThatDude

me want more domains

Just finished setting up PiHole on my RaspberryPi.... no more adblock extensions with shitty performance... no more custom hosts files... and network level adblocking for all devices...
FUCK YEAH

oh, and I added so many lists that it now blocks about 350k domains (ads and malware)

Today was a good day.. time to hibernate...

I just had a boys-out night with my son. Went to some restaurant, found a parking spot in a confusing parking lot (half is more expensive than the other half of the lot, not sure which fee applies to the middle row... confusing), started paying for parking with the app (pays every 15 minutes until stopped).

Went inside, ordered a pizza, some ice cream. Chatting, playing, eating, having fun,... An SMS comes: "You have outstanding fines" and a link to the gov taxes' website.

wtf.. I must have parked in the wrong spot. FUCK! Oh well, it should not be a large fine anyways, it's just for parking....

Click on the link, login with my bank/SmartID creds. Another SmartID dialog pops up asking for a PIN2.
What? PIN1 is for authentication, PIN2 is for Authorization. What am I authorizing...?
Reading through the Auth message: "Paying 2473€ for Boris SomeLastname".

what.....?

Thank God my muscle memory did not kick in and I did not enter that PIN2.
And thank God I know what PIN1 and PIN2 are for.
It would've been one expensive boys-out evening... Even a strip club would've been cheaper.

Stay sharp, guys!

P.S. Later I checked the URL. It used all the right keywords, and it was registered as an .info domain. It was somewhat off, but gov websites trying to be lean do sometimes use some weird ass domains.

Fuck NameCheap.

They will show you a domain is on sale, make you contact support to buy it, tell you "oh sorry it's your browser cache's fault, please restart your browser" and then JACK UP THE PRICE 10x.

Royally fuck you. This shit should be illegal. If I thought it would solve anything I'd contact ICANN.

God I fucking hate this industry. It's all a fucking scam.

GIRLS PRANK
Omg I changed her lipstick with one of a slightly different color I'm so random she'll go CrAaAaAzY

BOYS PRANK
Use Tampermonkey to transform your colleague's pc into a chinese botnet and redirect him to some PCC website on every click forever

Yeah long story short that's how my previous firm blocked access to domains hosted by the Chinese government.

just started learning dev.

why are all the good domains taken :(

Well, today was a fun day playing with Qubes OS. I really did nothing really difficult, I created a template for multimedia pruposes (Netflix, Amazon Prime, Spotify and VLC) based on debian and then create a domain based on that same template.

It works

Still need to fix the screen tearing, but it is nothing really serious, in fact I probably just change the graphic card to the integrated on the motherboard to see if something change.

Probably the next issue will be set a few domains for specific issues:

- Dev [personal]: This will be used for my personal projects.
- Dev [non personal]: For those times I collab with someone / not my stuff
- [√] Work: mail, msTeams, whatever from my job.
- Bank Stuff: I can asure you that
- [√] Multimedia: chill n stuff

and thats all for now.

PD: Ctrl + C, Ctrl + V Will be a nightmare xD

Why the fuck do I have to work with Windows? AND WHY THE FUCK DO I NEED TO RESTART 3 TIMES TO GET ACCESS TO THE INTERNET? AND... WHY THE FUCKING FUCK IS EVERYTHING 7000 TIMES SLOWER WHEN I PUT MICROSOFT DOMAINS IN MY ROUTER FIREWALL?!

In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!

So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.

Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.

Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!

So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!

So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!

So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!

So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!

Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.

See the issue already?

Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.

What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.

That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.

Overriding that unit file option finally fixed the issue completely.

I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.

And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...

Why. WHY!
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!

And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...

Ugh been waiting a week already for my domain to transfer to google domains... HURRY UUUUUUUUUUUP!

Kubernetes is a breeze they said. Now I‘m sitting here for several hours trying to find out why my pods randomly fail to resolve domain names.

Coming along my adventure: broken systemd configs, systemd-resolved stub causing loops, broken k3s modules and finding out that busybox‘s nslookup is broken for versions greater than v1.28.4.

50 issues later, I figured out that the dude who setup the corporate network (where the machine in question is located) uses two nameservers: one to resolve the internal routes and one for all the external domains. Luckily, coredns randomly picks a nameserver for each request. Therefore, sometimes queries for external domains reach the nameserver dedicated to the internal network which then answers with NXDOMAIN.

I hate networking so so much...

So I decided to start using NoScript in Firefox recently, and it's been the most wonderful and annoying experience.

Wonderful - Easy to use whitelist on a domain basis makes it easy to un-break websites I trust while keeping potential malicious JS from other domains out.'

Annoying - Now I get why all the graybeards on Hacker News hate what the modern web has become

Fellow Deviants, I need your help in understanding the importance of C++

Okay, I need to clarify a few things:

I am not a beginner or a newbie who has just entered this community...

I have been using C++ for some time and in fact, it was the language which introduced me to the world of programming... Before, I switched to Java, since I found it much better for application development...

I already know about the obvious arguments given in favour of C/C++ like how it is a much more faster and memory efficient than other languages...

But, at the same time, C/C++ exposes us and doesn't protect us from ourselves.. I hope that you understand what I mean to say..

And, I guess that it is a fair tradeoff for the kind of power and control that these languages (C/C++) provide us..

And, I also agree with the fact that it is an language that ideally suits our need, if we wish to deal with compilers, graphics, OS, etc, in the future...

But, what I really want to ask here is:

In this age and times, when hardware has advanced so much, where technically, memory efficiency or execution speeds no longer is the topmost priority... These were the reasons for which C/C++ was initially created...

In today's time, human concept of time matters more and hence, syntactical less complicated languages like Java or Python are much more preferred, especially for domains like application development or data sciences...

So, is continuing with C++, an endeavour worth sticking with in the future or is it not required...

I am talking about this issue since I am in a dilemma about the use of C++ in the future...

I would be grateful if we could talk about keeping AI, Machine Learning or Algorithms Optimisation in mind... Since, these are the fields in which I am interested in...

I know that my question could have been posted in a better way.. But, considering the chaos that is present in my mind, regarding this question doesn't allow me to do so...

Any kind of suggestion or thoughts would be welcome and much appreciated...

P.S: I currently use C++ only for competitive programming or challenges...

I started my career 7 years back (at the same company I am currently working) as an Asp.net developer. My company used to work in Microsoft domains back then. 5 years back one of our directors decided to dig into the open-source technologies and move away from Microsoft. And I was the first employee who was assigned to learn python. I thought about switching the company so that my 2 years of asp.net experience doesn't go waste. But I didn't as I started liking python. It was easy, powerful, clean, and same code ran on every fucking platform. And I was introduced to open-source.

Don't know best or worst, but this decision definitely changed my view about software development. I understood that money is not everything, passion is also important. The open-source community runs on passion and dedication. And I love the way it works. The bottom line is, I am happy. And python is beautiful.

Soooo this Canadian mother fuck, own the domain I want, and isn’t using it, and doesn’t wanna sell it.. tells me he is using it for his business.. after a bit of research the domain went inactive after 2007. Hours after sending an email.. a wix site pops up. And then then tells me his buisness has been using it for 25 years.. really??! Per public record your buisness went defunct years ago.

Won’t sell me the domain... fine, I’ll buy all the domains with your name in it variants of your buisness name, and point them to gay porn.. FUCK YOU.. fire with fire BITCH!

I was just going to sign up for a new ISP when they asked for my email. But they managed to screw up the email form validation by only allowing domains with the tld comprising of two or three characters! My email address ends with “.blog” so had to use my university email 😠
Please follow the RFC

Some guy bought a whole bunch of city specific domain names once and wanted me to code the websites for him and manage and support the sites for 5% equity in his business. I told him you realize I can buy my own domains for very little money and build the sites for 100% ownership. His idea was not so bad for that time but he just thought that I was a nerd and he could just use me and I would just be passive and go along being that I'm desperate to make friends.

To every fucking site with an .io domain:

Next time, hype a cheaper TLD...100$/year is just not reasonable...

Hello, brilliant minds!

I am participating in a hackathon based on web development and I need to submit potential problem statements for the same. They have some predetermined domains, but I am unable to look for a suitable problem. The domains are:

1. eCommerce
2. eGovernance: Smart City
3. Fitness
4. Social Innovation
5. Tool/Library/Extension for devs
6. Travel
7. Women's safety

I will have 6 hours to code. Please suggest some of your best ideas. Thanks in advance!

Love,
TheSlug

Chrome 63 forces .dev domains to HTTPS via preloaded HSTS.

Well, FUCK YOU google. Why do you even give a shit of my local proxy.

I will major in AI. No, I will major in Big data, wait, I want to major in cloud too. I think I should first complete the courses I enrolled on cloud academy or the tens of courses in enrolled on Udemy on all the domains possible first! So many technologies, so many dreams!

F**king hate Windows for its insanely confusing proxy setup required for software development...

> Setup proxy in Windows network settings
> Then, setup HTTP_PROXY & HTTPS_PROXY environment variable at the system/user level.
> Followed by separate proxy settings for java, maven, docker, git, npm, bower, jspm, eclipse, VS Code, every damn IDE/Editor which downloads plugins...
> On top of everything, find out the domains which does not need to go through proxy and add them to NO_PROXY.. at each level..
> It does not end here. Sometimes, I need to setup proxy for SSH connections... like, if I have to use git with SSH and not HTTP/S... Uhhh....

More than half of the problems me and my dev team face is related to setting the right proxy. Why can't it be like, set in one place and everything picks up from there, like in any linux machine or for God's sake, a Mac ?

Worst of all is, my org uses a configuration script, which resolves into a list of proxy servers, from which one of them will be used. So, I need to download that script, find out which is the right proxy server and then, use it in all the aforesaid places... WTH ?????

Is this a common workplace problem for all developers ??? Will this be solved by Windows Subsystem for Linux ???

Don’t ring me up all nasty asking why these other domains that you never told me about don’t “work”... and you don’t have dns access ‘cos you don’t know what it is and I need to speak to some geezer from another company that you fired. FUCK OFF, now I have to do some whois fishing to find out the shit you are blaming me for.

Fucking Windows Servers, I just wanted to set a login timeout of a few minutes after several unsuccessful login attempts.

(Windows Active Directory for Domains and shit is installed - just an FYI (otherwise this would be slightly easier))

Steps:
- Go to Group Policy Management
- Navigate to your domain in a policy tree
- Right click "default policies" and select edit in the right click dropdown.
(Why not just fucking double click and edit it them in the convenient right-side window? Because fuck you!)
- Navigate another god damn policy tree
(And it's not obvious, it's under Windows Settings... Ok that makes sense, but there are so many nests.. Fuck me)
- And only now can you edit the "Account lockout duration" field

Windows Servers are a pain.. This actually isn't completely horrible, but it gets really annoying, because literally everything here is hidden in weird places behind thousands of click navigations and in between that there's some shit sandwhich UX.

"On September 1, 2023, the domains registry for .COM and .XYZ will implement universal price increases of up to 9% for .COM renewals, and up to 9% for .XYZ renewals, registrations, and transfers."

sigh.

About 5 years ago I worked at a small company developing websites and .NET applications.

They haven't changed any passwords which means, I still have access to ALL of their customers DNS setups.

Of course I wouldn't do anything.

But just the thought, that I could make an infinite loop, by redirecting the domains, is amazing.

Or redirecting them to a porn site.

FredBoat, largest open source discord bot.
Making all the things work + making it scale when demand kept climbing was a challenge where we had to learn simple stuff like postgres, working with 3rd party apis, generally good coding patterns and maintainable code, but also rather advanced stuff like making the garbage collector play nice, profiling memory leaks and optimizing the hot path, as well as high level topics like cutting the codebase into scalable domains and services.

What would be the most semantic option for a domain if it's just a personal space? .com means commerce, .net means networking services, I think space means... space, the sky... and it's a bit long... .dev? .xyz?
Should I just forget about this and either go with a regular .com or something cheaper I find?

Integrating Google recaptcha into my web service. For some reason it always errors, both on a production and development environment, correct domains configured, and with he simplest setup. I'm fucking lost, documentation assumes it actually works. Similar errors on stack overflow and Google groups either got no answers or have obvious issues.

Fuck this man

ok, so first there were ads.
Then came adblock and the likes.
Then websites started implementing randomly generated strings.
Then came pi-hole.
Now some of the websites are using RNG + hosting ads on their domains...
(the order might not be very accurate, but you get my point)

So what now ?
I'm guessing that the next step for adblock will be to use AI to recognize these RNG strings, and then the websites will use AI to generate better strings (harder to distinguish if it is relevant content or an ad).
In other words - AI vs AI :D

what do you guys think ? :)

Full stack developers are myth . Anyone who claims he is expert in both domains. He is lying. he would be implementing one side crappy solution and showing off that I developed everything from scratch. Tell him you are from monolithic era. You no longer exist. You are doing both side crappy solution go back to school and focus on one thing and come back with one thing which you can do properly

tl;dr. web hosting && a panic attack && security threat

i wasn't sure whether my brother's domain was hosted or not (because it wasnt showing a website and he didnt know any better).
so i decided to host a react-app for it on netlify and pointed the domain's nameservers towards it (a separate security threat at bottom).
all went well and now when you punch in the domain it ..all-behold.. shows a website.

NOW, i remember my brother was using the domain's email which probably means it was hosted, right?. so im panicking because im not sure whether i just deleted all his emails or not because it's 1:15 am and he's asleep.
there is a rant in there somewhere but im in too much of a shock as to how much data i might have just accidentally deleted
.
.
another tl;dr: my domain registrar let me change someone else's settings..
the reason i didnt know his domain settings is that he didnt know his password.
i had bought a couple of domains and was gonna host them on netlify. while i was doing this a bright idea hit me.. "you should finally build a website for your brother for the domain he bought 7 years ago"..
this is where the fun begins.
i sent an email to my registrar to point all nameservers of all domains to my nameservers and just to try out i included my brother's domain into it (i dont own this domain it's not registered by my email), and the next day i get an email telling me they've successfully made all changes.
.
Now tomorrow is monday and i'm going to their office to tell them i found a security flaw and see how long i can stall before actually telling them what it was and how their live's could've been made hell.

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

How do I help my colleague in fighting harrassment?
This is the story of a helpless employee facing everyday harassment. Im trying to help. Seeking for your thoughts

Backstory fast forwarded: My company acquired another company. So we handle all their projects and clients now, but its a completely new domain. So we needed new people. Hired 4 employees + 1 team lead to start with. But the project process got delayed and they were free for a month. So i took 2 of them in my project and gave them some small tasks to help us over. They loved working with my team and were learning new stuff apart from what they usually did. And we were also happy of their contribution. We became good friends. All of this was in March 2020 before covid-19 was taken seriously.

About my company: I love this company. I have been in this company for more than 4 years now. People are really nice. Parties and fun events. Lot of smart and ambitious people. So company and people are awesome.

Coming back to the story. Lets call the team the 4 and team lead T. The 4 were happy that someone like T was in their team. This T had all the best knowledge about stuff and life was going to be awesome for the 4. Or was it?

Story starts: So I talk to one of these 4 on daily basis. Lets call this friend F. F is a real gentle person. Intelligent and dedicated to work. F is awesome to work with. And always enjoyed working. F is a team player and very very soft person. F is fking workoholic. So few days after project starts, F tells me work was not going well. F is getting real frustrated at work and not able to deal with it or find solution.

What happened:
This person T, who was supposed to help these 4, is real piece of shit. He is impatient, arrogant and MFing dick head. Aaaarggggg.
All the good qualities of a leader like supporting the team, boosting confidence, guiding team when they make mistakes, teaching them, were all missing from this person. T was a machine with no emotion and only clock working jerk. I have no idea how T cleared interview process, because one of the interview round is also about cultural fit into company. I know this because i take interviews for other domains. We have rejected lot of such well qualified but arrogant candidates.

So whats the problem now: this team of 4 are learning new tools and taking over the clients requests from old company. Most of the stuff is new for them. So in tat case people need lot of time to understand and figure out shit. people make mistakes while learning and you know have to deal with it. Person T abuses these 4 when something goes wrong. That's one.

Second, the T definitely knows more than these 4. So if these guys dont understand certain stuff they ask T. But T does not help them learn. T will either say busy or run away by saying thats simple and ull know when time comes. REALLY MF???

Third, T does not talk nice. T is rude and does not listen to team members. For eg, If F says some task cannot be done for some reason T will say, "y cant u do it? U r capable of doing it. Tats y u r in this job". And then point number one and two happens. Never responds to emails and messages. But if someone else does the same will not tolerate that and abuses them. List goes on.

So y not escalate and deal with that T:
This person F and other 3 are still under probation and they think complaint or escalation will back fire. These people do not want to lose job in between all this pandemic shit. They are scared.

So this was happening for a while. And i was giving lot of tips on how to handle certain situations. And how one should communicate these.

But being a gentle, soft and workoholic person, F focussed on work and assumed things will get in place as time goes by.

Today, F could not meet a requirement. So T told some shit which got F all sad. and F called up me late night and started crying explaining what happened. I felt real bad. I asked F to file harrassment case. F refused saying it was F's mistake on not completing requirement. WHO THE FK CARES. PEOPLE CANNOT TALK SHIT. I told ill file harrassment case against T. (We have a policy where others can also file if person is not courageous enough). But F did not allow me.

Then after calming down, I told F that telling the problems to me wont solve them. You have to talk to T directly and tell him on face not to talk like this. Or tell the manager about whats happening. Or tell the the HR about this. F said tat cant be done. I was like Y THE FK NOT.

Because the other 3 are not ready to talk about this to anyone as they fear they'll lose job. So if F talks and people question other 3 they might bail out. WAT THE HOLY SPIRIT.

so after lot of convincing F is still not going to
Talk to anyone about this.

So i have decided ill write an anonymous email to HR, the manager and other senior people in the organisation about whats happening.

I really dont know how itll go. Ill keep updating you guys. Feel free to share ur thoughts.

Do y’all horde domains?

(I have more than a few friends who buy domains they never use. I’ve never understood the impulse 😅)

Nothing like migrating to a new domain registrar.

Time to start waiting for it to process....

I got my domain from Swisscom (Switzerlands "T-Mobile") Every damn time I try to renew/adjust the domain it feels like I have to search for the fucking Higgs Boson. Searching for it on DDG only yields wrong results. Domains are hidden deep within the business part of their homepage. Their buisness site barely mentions domains, the login is somehow tied to an account you would normally use in combination with your phone number which only adds more to the confusion and the whole domain thing seems to be a shitty frontend coverup of someone elses service.

For crying out loud, no, GoDaddy, you don't just shutdown expired domain without ANY warnings. No!!! Not cool!!!

A casualty of Windows Update wrecking my machine was the hosts file with the dev domains I added to make my life easier.

It's trivial to add them back as I encounter them, but that's just another little waste of time that Microsoft would be billed for if the world functioned like it should.

What are the benefits of using www for a domain? I know it has something to do with cookies, but I can't find any useful info on the webs.

Wow WTF!

So for a new client, they have their domain on a registrar that has the most ugliest and confusing UI ever.

So I decided to transfer the domain to somewhere better.

Guess what, it takes 5 days for them to release the domain. The site would be down and I won't be able to proceed with my work until transfer is complete.

In hopes to speed up the process, I tried to create a ticket. There is no ticket system and their only available contact email listed is sales@shittiestdomainregistarever.com

I mailed them yesterday evening hoping for a reply.

Few hrs ago, I received a bunch of automated email on some ticket I never created.

The biggest WTF is that the To: on that email is some other customer's gmail address and I am CC'd along with a bunch of other customers gmail and hotmail addresses.

Seriously, WTF is this?! I'm glad I took the decision to move from them

Did you guys notice that the new Chrome update removes the www from domains along with the https.

Too dumb to be better at your domain
Too invested to switch domains

I really, really need some help here.

We have a service provider that is utter shit. Due to their shittyness we have a server to which our customers point their domains and then we forward the request to our shitty provider. This worked well until our provider blocked our server's IP.

They can't come up with a reasonable explanation as to why it's happening, and even though they've whitelisted our IP it keeps happening. I've tried changing the server's IP, but it takes 5 minutes and we're blocked again. Probably some traffic that they deem fishy.

Does anyone have any good or bad idea on how to work around this fuckery? The server at our provider is running PHP, so I'm thinking if I can set up some sketchy tunnel or something, but even then it might be caught on a lower level.

I'm really, really grateful for any ideas or advice. Even of the shitty kind.

pLeAsE dOnAtE tO hElP mE aFfOrD hOsTing

lolwut? you have a free-for-all project with no premium features. Users can’t create accounts. All of your code is JS, you don’t even need a server. Just host your stuff on Cloudflare. I have just about a gigabyte of data uploaded there on my free account, so if I can do it, so do you. Just use a CDN for your client-only, JS-only project.

domains though… yours is long and costs around 40 bucks a YEAR.

if you made a good product and want to make some money with it, that’s completely okay, so just say so: “I want money for my work, but I don’t want to take away features that were free and can be provided at no additional cost, so please donate”. Why lie? It’s not like people who won’t donate to you based on this justification will magically donate for “hosting”.

I use fucking GoDaddy to manage my domains, just cause, whatever, who cares, right, it's a domain manager, they do have great support.

But everytime I login and try to find a domain, it's like 8 clicks and they try to push their website builder in your face and all kinds of shit.

Can I get a recommendation from a trusted devranter? I want to switch.

I use forge if that matters...

thanks.

When the domain you want to buy has been taken from a domain-dealer who takes ownership of unused domains. When that dealer sells it for more than 10.000€ but also would accept ... 70€?🤔 When you see that the offer decreases automatically a couple 100€ every once in a while. Let's see how cheap it can get ...

I just can't get over the fact that the .com domain I have been eyeing for is still out of my reach. This name popped to my brain after brain storming over a week when I started making sites when i was a teen.

The domain has been sitting there unused with a basic webpage containing some ugly web design from 90s era.

I have been eyeing it for over 6 years now and just found out he renewed it for yet another 3 years!

I don't want to approach him about it either, I'm not that desperate for it that I'd pay millions for it.

The wait continues...

Anyone been in a similar situation?

WHY!
Email was invented a gazillion years ago and it's still a shiit experience to setup on linux. Just give me ONE complete package!!
nooo i need to get postfix, dovecot, spamassassain mailscanner, antivirus, opendmarc, opendkim, dovecot-managesieve dovecot-sieve, roundcube, database, webserver and then i still have to configure everything and setup certs, spf, dnssec, dkimkeys on the domains, domains, mailboxes, deny weak certs etc.

I know the whole do one thing and do that one thing well but how about you just be a mailserver and do that ONE thing well without me needing to putting all of the puzzle pieces together myself! I don't want to waste time setting all this shit up. and don't even get me started on symantec and live.com and their blocking!

Need to change host for my sites, but no money for a good one. Trying to put everything in one cloud (5 USD) but... How the duck can I create a mail server with multiple domains?

A good fight with postfix, dovecot... The first account, just to the sake of make it work, is almost working (I reckon)

Did anybody buy .dev domain from Google? Their website was quite slow yesterday and somehow I managed to add my first name .dev to the cart. But in the last screen I got stuck with "Registering this domain" message. I closed tab after an hour. Today it is still under pending domains. But if I search for the availability, it says exact match is available. Should I be worried?

I've spent so many years not coding, I could never get over the initial hump, which was definitely a mistake. Mistakes are fine, we all make them. The best thing is to learn from them. On the plus side I've learnt firewalls, Web hosting. Windows domains, Azure cloud, virtual machines etc etc, skills which are hopefully very useful for Dev to have. I look forward to joining the ranks of skilled developers. If you are interested in development but are afraid to take the leap. Just go for it, start to learn and play with it. My recommendation for anyone looking for a starting point is a Udemy course called "The Complete ASP.NET MVC 5 course". I'm not affiliated in any way or advertising it. I just think it's brilliant and you get to the fun stuff really quick. You will start with the basics of getting and setting up visual studio. Also. If anyone could recommend other very good courses they know of I would appreciate it

I hate those fucking websites that reject Mailinator email addresses (including alternative domains).

The other day I was so pissed off that I went on Freenom.com, registered a bunch of free domain names, and pointed their MX record to mail.mailinator.com.

Now those fucking dumb websites don't block me anymore.

Every time I setup a mailserver, spent lots of hours in making it secure, all mails from me are landing in spam folders. I HATE it! A pity that Google doesn't host the free G Suite with own domains anymore :(

I don't fucking understand why certbot never seems to renew my domains. I try everytime I get one of them anoyying emails but still fail.

Currently trying while watching the webroot and apache logs. Nothing fucking happens. Someone experience with these problems?

I did something potentially extremely stupid today

In 2020 when I was a teenager I suggested my uncle who ran a family business with my father to start a e commerce website. I did lot of stupid stuff doing this too. Planned to use AWS free tier to host the website and used Godaddy for domains IIRC. Setup godaddy email forwarding to his gmail account too IIRC

I registered a AWS account with my email(bad idea since my uncle's debit card was the payment method). I then setup a EC2 instance but instead of using the free instance I used some other instance because I didn't read what instance was free and setup his debit card as the payment method.

Setup woocommerce on it and pointed the domain to instance's static IP. We didn't do a lot of stuff on the website but next month on AWS we got a bill but it was a small amount. Uncle paid the bill and I terminated the EC2 instance IIRC. Next month there was a very small bill I don't remember what I did after it.

Today I remembered about it logged in to AWS and paid the bill. The problem is I used the default billing address which is in my uncle's name and the address of the family business. IIRC we didn't give them tax details of the business so we can't claim tax credit on it.

But still since there is a bill with the address of the business which Amazon probably reported to the government there could be tax discrepancies. Bill was due 4 years ago so maybe it will affect his 2020 returns which could be painful. The bill was also paid by me not from my Uncle's account so that might complicate things.

Thankfully the surprise AWS bill had basically zero affect on my relationship with my uncle.

You got it all wrong, it's being a dev that helped me a lot in a lot of domains: organization, logic, basic maths that I kept struggling with for years, and the love to learn new stuff everyday

Note to self: Always do private domain registrations. I've been getting emails for about a week now asking i want custom development services for the domains I registered 😡

We're looking to change the domain provider we use to register new client's domains to one that has an API.
So far it looks like it'll either be namecheap or AWS's Route 53.
We're also looking for the same thing with mail inboxes.

Do you have any recommendations / experience with either of these?

I was hoping to find a solution that would provide both the domain registration and the mailboxes with no hosting and accessible via API but I've had no such luck.
(Except for maybe two, but neither looked up to date)

Remembered that firefox container tabs also allow you to force domains to their own container, so now have again youtube, google and other creepers automatically in their own containered tabs :)

So basically people in school were playing krunker.io, and shellshock.io in class. The school took notice and decided to "futureproof" their blockage. They basically blocked all io domains, because io domains are definitely all games. So yes, that's the story of how atom.io and every other io domain is blocked at my school

Why in the fuck can't you transfer a domain name for 60 fucking days? This makes no sense. My dumbass purchased a domain from Google Domains and registered it with Google Sites. Now I just realized that Google Sites is useless as fuck. It's more useless than a plastic bag of dicks. The dust on my window seal serve more purpose on this planet than Google Sites. That's how useless Google Sites is. Now I want to switch to Square Space or host it myself but have to wait 60 fucking days.

I could just buy a new domain for 12 bucks but I had the perfect name. Fuck ICANN for their stupid idiotic pointless motherfucking policy. Fuck.

I got stuck in a shitty situatuion in which i have to choose between being a front-end+mobile developper and back-end. I have to answer my company today, the problem is that i like both domains.
HELP !!!

TL:DR linux newbie, looking for advice/links (skip to bottom for questions)

!rant
After i had been looking for a job for quite some time, a couple of months ago i got hired by "smaller" company doing web stuff. So far it have been a great place, good colleagues, and overall just having a great time!.
They seem to value me alot, so that's great!.

Anyway, yesterday i got called into a meeting - and got told they wanted me to start learning "Server stuff (linux)". That got me quite excited, because it always was something i wanted to learn - but never really got around to doing.

But i never touched a linux installation before, so i'm really on ground zero - but im not afraid, i'm a quick learner and quite efficient at googling :)

I figured i would ask here, since other people here always seems to be happy to help other people out.

So far i have manage to setup a server, install various stuff (php, mysql and so on) and done setup a couple of domains/subdomains on my server. Also got a vestacpinstallation working - so overall im quite happy so far.

I figured maybe somebody had some good links/advice for a linux newbie :).

* Performance/Security, will obviously be a big focus - anything i should look at? - any must look at?
* Monitoring tools, how do i monitor various websites running on my server? Here i'm thinking bandwitch, cpu/ram usage and so on pr site basis.
* Any other stuff i should be looking at?

Little about what the server will/should be running :)

* Centos
* vestacp
* WordPress installations only (e-commerce mainly)
* PHP 7 / MySQL / phpmyadmin

Is GoDaddy any good? I've seen that Google has opened .dev domains floodgate and I was wondering about starting my own page. Dunno which hosting service to choose and if I even should make my own website considering I'm not a Web Dev 😅

Help. We're starting to feel the effects of unnecessary micromanagement.

We're a small startup. The kind with less than 10 devs spread across different domains. We've been fine with a Kanban approach as the velocity/flow of deliverables don't necessarily warrant a Scrum approach yet.

Our boss has been wanting to adopt Scrum-style sprints, even shoved and assumed that were doing these sprints and demanding Scrum-style reports (and meetings!!!) when they are, in reality,
1) unnecessary
2) a waste of time

Absolutely none of the team members want this. But our boss insists on having it. We like our boss, but lately things are getting out of control

What can we do to mitigate and prevent this?

Both [mylastname].de and [mylastname].com are taken. Sad.

And it is not even such a common name.

This is gonna be a long post, and inevitably DR will mutilate my line breaks, so bear with me.
Also I cut out a bunch because the length was overlimit, so I'll post the second half later.

I'm annoyed because it appears the current stablediffusion trend has thrown the baby out with the bath water. I'll explain that in a moment.

As you all know I like to make extraordinary claims with little proof, sometimes
for shits and giggles, and sometimes because I'm just delusional apparently.

One of my legit 'claims to fame' is, on the theoretical level, I predicted
most of the developments in AI over the last 10+ years, down to key insights.
I've never had the math background for it, but I understood the ideas I
was working with at a conceptual level. Part of this flowed from powering
through literal (god I hate that word) hundreds of research papers a year, because I'm an obsessive like that. And I had to power through them, because
a lot of the technical low-level details were beyond my reach, but architecturally
I started to see a lot of patterns, and begin to grasp the general thrust
of where research and development *needed* to go.

In any case, I'm looking at stablediffusion and what occurs to me is that we've almost entirely thrown out GANs. As some or most of you may know, a GAN is
where networks compete, one to generate outputs that look real, another
to discern which is real, and by the process of competition, improve the ability
to generate a convincing fake, and to discern one. Imagine a self-sharpening knife and you get the idea.

Well, when we went to the diffusion method, upscaling noise (essentially a form of controlled pareidolia using autoencoders over seq2seq models) we threw out
GANs.

We also threw out online learning. The models only grow on the backend.
This doesn't help anyone but those corporations that have massive funding
to create and train models. They get to decide how the models 'think', what their
biases are, and what topics or subjects they cover. This is no good long run,
but thats more of an ideological argument. Thats not the real problem.
The problem is they've once again gimped the research, chosen a suboptimal
trap for the direction of development.

What interested me early on in the lottery ticket theory was the implications.
The lottery ticket theory says that, part of the reason *some* RANDOM initializations of a network train/predict better than others, is essentially
down to a small pool of subgraphs that happened, by pure luck, to chance on
initialization that just so happened to be the right 'lottery numbers' as it were, for training quickly.

The first implication of this, is that the bigger a network therefore, the greater the chance of these lucky subgraphs occurring. Whether the density grows
faster than the density of the 'unlucky' or average subgraphs, is another matter.
From this though, they realized what they could do was search out these subgraphs, and prune many of the worst or average performing neighbor graphs, without meaningful loss in model performance. Essentially they could *shrink down* things like chatGPT and BERT.

The second implication was more sublte and overlooked, and still is.
The existence of lucky subnetworks might suggest nothing additional--In which case the implication is that *any* subnet could *technically*, by transfer learning, be 'lucky' and train fast or be particularly good for some unknown task.

INSTEAD however, what has happened is we haven't really seen that. What this means is actually pretty startling. It has two possible implications, either of which will have significant outcomes on the research sooner or later:
1. there is an 'island' of network size, beyond what we've currently achieved,
where networks that are currently state of the3 art at some things, rapidly converge to state-of-the-art *generalists* in nearly *all* task, regardless of input. What this would look like at first, is a gradual drop off in gains of the current approach, characterized as a potential new "ai winter", or a "limit to the current approach", which wouldn't actually be the limit, but a saddle point in its utility across domains and its intelligence (for some measure and definition of 'intelligence').

hey guys if any of you guys are good with legal stuff some help would be appreciated.

so there’s this brand tld, which i won’t state for privacy sake. it is, coincidentally, my last name. naturally, i thought it would be pretty cool if i could change my personal domain to <my first name>.<my last name> but after contacting them i did not get a response.

do you guys think i have any legal standing to get my domain? could anyone help?

Namecheap made whois protection free for everyone, probably because of GDPR, but they cannot be used on .eu domains.

!rant

Anyone here experienced with Route53?

I have a small issue I'm trying to think through on how to achieve with minimum effort and maintenance, essentially set once and walk away and never care about it again solution.

Basically what I have is:

sub.domain.com

and I need to get it to redirect over to

otherdomain.com/folderToGetTo/

Using a 301 would be ideal but how for the life of me do I go about serving a 301 redirect over a dns entry - short answer is I can't unless I'm missing something!

Both domains are owned by the same company so no issue in hijacking a subdomain... well besides internal politics but that's just another day 😏

First thoughts include setting up a S3 bucket with hosting and forcing the dns to that and then, redirect out of the bucket... seems overkill but will work.

Hoping to find a smaller solution that I don't have to justify a S3 bucket being used for a single file - audits suck alright🤷‍♂️

Oh and setting up a redirect at the originating domain will take longer then it's worth to setup and get approvals for so not worth the effort internally.

Yes I will accept "fuck off @C0D4" as an answer.

That moment you setup 17 domains on sparkpost as a email delivery system

make your account secure with 2 factor authentication like a good infoSec enthusiast

Go on with your life

Having a Phone crash but nothing to worry because you made them backupz

Restore backupz

once again go on with your happy life.

Having to setup a different bounce action on sparkpost

logging in to sparkpost to make the adjustments

opening google authenticator

realising the backup you restored was before you added the sparkpost entry

mailing sparkpost asking to deactivate 2factor authentication

Having them tell me that they have no access to Google authenticator so they can't help me and all they can do for me is delete my account if i answer their 7569357 questions that i entered a year ago ..

--
You have access to your database yes ? You can delete my account but you can't adjust a fcking Boolean column from true to false? #@?#&!

Why even offer a feature where you have apparently no control over. Stuff like this happens all the time and almost no one saves that fcking authenticator secret.

Make people use authenticators to keep the hackers out, forces them out instead.

Why do we still speak in direct DNS?

I don't know about you, but I have observed so many DNS mishaps in my day, and also have observed that developers and non-devs consistently fail to have a succinct mental model of how to set DNS properly for a website.

There are lots of services that make setting DNS easier than ever, but I'm kind of surprised so many people still have to think directly in terms of CNAMES, APEX DOMAINS, and all the direct domain knowledge of DNS.

Can't we have a higher level abstraction that compiles to DNS with more safety guards? Sure, let me dip into DNS when I need to, but why are DNS settings tables still such a normal thing?

I write Ruby code so I don't have to write C code. I'm sure there are attempts in DNS abstraction, but the fact that I haven't come across them means they are probably still too leaky or just not mainstream.

Thoughts on the matter?

An e-mail told me to verify if this information for my domain is correct. Ehm I'm not sure... :D

So I've been given a task to monitor a whole lot of logs of some servers (whole university ~ 10+ departments). The technologies are diverse so I'm cramming everything into elasticsearch via logstash (and filebeat), viewing it into kibana. Any recommendations for what should be the 'useful' stuff to be viewed into dashboard? I guess:
- Overall traffic wtih respect to previous days/weeks
- Most viewed domains
- 200
- 404
- 503
- Failed logins?
- Dropped connections?
- Critical-load of systems? 90%+

I recently volunteered to be the admin of our student website. Boy was I in for a ride... I can only imagine the conversation went something like this:

IT: previous IT
P: some person

P: we need some additional sites that are unrelated to the main site, where should I put the files?
IT: just put them inside the folder that has the files of the main site, it doesn't matter.

P: we have some sub-domains that we do not use anymore, what do we do with them?
IT: just delete the files, don't bother with deleting the subdomain

P: we are having an event, what do we use to store user applications, we used google forms previously and it worked just fine.
IT: we will have the applications go to our mySQL database, but everything will be in one table so that it's more readable.

I mean I'm still a college student so there might be some deeper meaning to this, but still i can't look at this without my ocd getting the better of me.

Tried to use one of our test domains, but it's been left to expire by the boss (auto-renew off...)

Damn you OVH... You and your goddamn deals again... Now I ended up buying 2 domains for a project again. We all know I'll leave the domain in my cloudflare "keychain" without using it until it expires, because I'll find a fancier and more fun project 😅

I'm at 12 domains right now... I think I might be addicted 🤔

Btw, theres a sick deal going on over at OVH, .com is only 1,20€... Better get your project domain which you'll probably never use again now 😂

Why do average people insist on buying ridiculous packages from companies like GoDaddy - when they don't know a thing about hosting or domains? They may as well just break a few of my fingers before I start their project.

Since last update (version 63) Google chrome forces all *.dev domains to use https. Guess who used a *.dev domain for his local development virtual machine and now have to switch to *.local ...

Removing the HSTS Rule from chrome seems not to be possible and surprisingly I could not use a self signed SSL certificate to make it working again.

Talking to my architect:

- hey, we have a lot of code smell and data is structured usually in a chaotic way, also its hard to understand what is going on with all these code duplications, maybe we can think about refactoring, better structure, maybe even we can extract some domains and make life less painful?

- what is domain?

- *facepalm*

Past hour five spam messages came in and last 24h around 20. Many of them seem unique, I'm so interested, how is this even possible. Many of them even have a phone number attached to it. All that domains, emailadresses and phone numbers. Omg. Why all these small brands instead of a big one when all sites kinda have the same formula? It's such a mystery.

QA: This email don't pass validation ( $%^&*&^%$@m.c)
Me: Yes, that's right, where is the problem ?

QA: We allow special characters in email field, so it should be valid, fix it.
Me: "Searching some info about top-level domains"
Me: Look, this is why this email is bad.

QA: So this email is valid ?
Me: No.

QA: Why ?

Me: O_O
QA: O_O

(╯°□°）╯︵ ┻━┻

We have a lot of small projects with different domains that we maintain and develop. Most go into maintainence mode now and get no new features. Now our new department lead declared us the SWAT team bc there are no new good projects. This baiscally means we get pushed to other team's projects that have issues with deadlines and support there. So basically we get to projects with fire on the roof and as reward for extinguishing, we get another burning project.

Either that or in the first department meeting where our new boss introduced himself and managed to say in the same paragraph that due to corona we "shouldn't expect any salary increases bc these are hard times" and "his department has so much money and doesn't know where to spend it"

I just wanted to transfer my domain from domain operator dns to other dns provider.
Now I lost control over my domain and it redirects to those fuckers website.

I thought fuck them, this is their last fuck up so decided to transfer domains from this piece of shit provider to any other.
It turned out you need to send request using post office or visit their office by yourself to get EEC (authinfo) code
Their office is 300km away but cause it’s fucking faster and more reliable then waiting a month for their mail with fucking numbers I will go and do it next week.
Let the fucking hell begin.
I hope those motherfuckers would food poison and shit themselves into their beds till end of their fucking life.
Fuck those fuckers.

I have a ton.
This one is more about my own foolhardiness, but I also learned a ton and came out stronger & wiser.

when I started out as a dev (my very first job!) and had not learned to say no.
I was a novice way out of my playground.

Like lifting a full booking platform from legacy php to Laravel & launching it like yesterday because it’s high season.
Didn’t know the full domain, so I just built something quite different in a week and shafted the existing db into it.

Obviously wasn’t feature complete or anything, so it resulted in maintaining legacy while building the new one and because it was already live and on different domains, we didn’t fully know which ppl went to, I had to every day painstakingly back port data from both platforms.
What I initially thought would take a few weeks that was launched in 3 days, spanned across 2 years plus one year refining and cleaning up my mess.

Can you guys recommend the best domain host? GoDaddy are ok but it never hurts to ask

rant && what do you think?

so one of our ISP (Orange Slovakia) had troubles with service for like two days. Their DNS servers translated domains to IPs reaaally slow or not at all. So when i saw the dns error in chrome (yes i use chrome and not quantum) I changed my dns to google dns and ignored it.

Two days later when the service was back up and running, this ISP went to the local media and made a statement "we had a DDOS attack, no user data were harmed, blabla" that was when my BS radar went bananas... so somebody DDOSd your DNS server ... for two fucking days straight... this is probably a lie or they have really noob engineers (or both).

I'm not an expert on network services or routing, or servers but, how about turning off this server, IP and setting up a backup on a different IP ? Possibly anyone here with experience how to handle DDOS? Whats the chance of this happening? i'm really curious

Where do you buy your domains from? What are your experiences with various registrars?

Whoops, my head will be squashed tomorrow. Asked to put monitoring in other week by boss, sysadmin been complaining about high CPU, apparently 10 requests (different domains) to the one VM on our servers every 10 seconds is killing it. However this server is being used for MySQL and serving web requests by Apache and PHP. Then also running a few jobs like consuming queues etc.

Wtf do I do? Every time I tell him about more resources (we have decent 2 rack servers just running 20 vms and only 1 VM is for web sites) he says software should be made to work with what we have.

Your computer is probably vulnerable to Samy Kamkar's poisontap: a Pi Zero-based device that connects to usb and does the following:

- emulates an Ethernet device over USB (or Thunderbolt)
- hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
- siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites
- exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding
- installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user's cookies via cache poisoning
- allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user's cookies on any backdoored domain
- does not require the machine to be unlocked
- backdoors and remote access persist even after device is removed and attacker sashays away

I need several minutes with your laptop to perform the hack, even if it's locked. Full-disk encryption and secure boot won't save you.

If you use GNU/Linux, install usbguard today. If you use macOS/Windows, idk, pray.