!(short rant)

Look I understand online privacy is a concern and we should really be very much aware about what data we are giving to whom. But when does it turn from being aware to just being paranoid and a maniac about it.? I mean okay, I know facebook has access to your data including your whatsapp chat (presumably), google listens to your conversations and snoops on your mail and shit, amazon advertises that you must have their spy system (read alexa) install in your homes and numerous other cases. But in the end it really boils down to "everyone wants your data but who do you trust your data with?"

For me, facebook and the so-called social media sites are a strict no-no but I use whatsapp as my primary chating application. I like to use google for my searches because yaa it gives me more accurate search results as compared to ddg because it has my search history. I use gmail as my primary as well as work email because it is convinient and an adv here and there doesnt bother me. Their spam filters, the easy accessibility options, the storage they offer everything is much more convinient for me. I use linux for my work related stuff (obviously) but I play my games on windows. Alexa and such type of products are again a big no-no for me but I regularly shop from amazon and unless I am searching for some weird ass shit (which if you want to, do it in some incognito mode) I am fine with coming across some advs about things I searched for. Sometimes it reminds me of things I need to buy which I might have put off and later on forgot. I have an amazon prime account because prime video has some good shows in there. My primary web browser is chrome because I simply love its developer tools and I now have gotten used to it. So unless chrome is very much hogging on my ram, in which case I switch over to firefox for some of my tabs, I am okay with using chrome. I have a motorola phone with stock android which means all google apps pre-installed. I use hangouts, google keep, google map(cannot live without it now), heck even google photos, but I also deny certain accesses to apps which I find fishy like if you are a game, you should not have access to my gps. I live in India where we have aadhar cards(like the social securtiy number in the USA) where the government has our fingerprints and all our data because every damn thing now needs to be linked with your aadhar otherwise your service will be terminated. Like your mobile number, your investment policies, your income tax, heck even your marraige certificates need to be linked with your aadhar card. Here, I dont have any option but to give in because somehow "its in the interest of the nation". Not surprisingly, this thing recently came to light where you can get your hands on anyone's aadhar details including their fingerprints for just ₹50($1). Fuck that shit.

tl;dr
There are and should be always exceptions when it comes to privacy because when you give the other person your data, it sometimes makes your life much easier. On the other hand, people/services asking for your data with the sole purpose of infilterating into your private life and not providing any usefulness should just be boycotted. It all boils down to till what extent you wish to share your data(ranging from literally installing a spying device in your house to them knowing that I want to understand how spring security works) and how much do you trust the service with your data. Example being, I just shared most of my private data in this rant with a group of unknown people and I am okay with it, because I know I can trust dev rant with my posts(unlike facebook).

Hey devRanters! A tiny update regarding the privacy tips etc site.

So as ewpratten doesn't have much time right now, I'm doing frontend as well for now.

Since some people also offered to contribute content, which I did not expect, I am also writing an invite/registration (based on invites) as we speak. So, this way, I can invite anyone (based on email address) into the CMS so that they can contribute content as well!

Regarding frontend, I'm introducing a system with icons. Icons? Yes, icons, let me explain:

Every application/service will get a couple of default filtering thingies. (not like clicking something and it'll filter anything out, yet) It'll enable users to see what an application does or does not. What the FUCK do you mean? Alright, so, as example, lets say open source. next to each application (read application/service) listed, there will be an open source icon. If the application is open source, this icon will be green, otherwise it will be red.

This will allow for a quick way of filtering stuff out.

For example, if you're only looking for open source stuff, you can quickly filter stuff out where the open source icon is red!

This will apply to things as open sourceness, metadata saving, usage of good crypto technology and so on. So you'll be able to quickly filter out the stuff you want to use (by eyes) through those filters!

Please let me know what you think and if you have ideas, I'll be glad to hear them!

School sent out a mass email asking students to stop using VPNs to get around sites being blocked. They say their technology team is working on improving filters and shit. Let's be real that isn't going to stop ANYONE lmfao...

Cleaned up my email and deleted 45k emails and unsubscribed from ~80+ services and added ~100+ filters to sort and auto-delete new emails. Now I have no unread messages.

Often I hear that one should block spam email based on content match rather than IP match. Sometimes even that blocking Chinese ranges in particular is prejudiced and racist. Allow me to debunk that after I've been looking at traffic on port 25 with tcpdump for several weeks now, and got rid of most of my incoming spam too.

There are these spamhausen that communicate with my mail server as much as every minute.
- biz-smtp.com
- mailing-expert.com
- smtp-shop.com

All of them are Chinese. They make up - rough guess - around 90% of the traffic that hits my edge nodes, if not more.

The network ranges I've blocked are apparently as follows:
- 193.106.175.0/24 (Russia)
- 49.64.0.0/11 (China)
- 181.39.88.172 (Ecuador)
- 188.130.160.216 (Russia)
- 106.75.144.0/20 (China)
- 183.227.0.0/16 (China)
- 106.75.32.0/19 (China)
.. apparently I blocked that one twice, heh
- 116.16.0.0/12 (China)
- 123.58.160.0/19 (China)

It's not all China but holy hell, a lot of spam sure comes from there, given how Golden Shield supposedly blocks internet access to the Chinese citizens. A friend of mine who lives in China (how he got past the firewall is beyond me, and he won't tell me either) told me that while incoming information is "regulated", they don't give half a shit about outgoing traffic to foreign countries. Hence all those shitty filter bag suppliers and whatnot. The Chinese government doesn't care.

So what is the alternative like, that would block based on content? Well there are a few solutions out there, namely SpamAssassin, ClamAV and Amavis among others. The problem is that they're all very memory intensive (especially compared to e.g. Postfix and Dovecot themselves) and that they must scan every email, and keep up with evasion techniques (such as putting the content in an image, or using characters from different character sets t̾h̾a̾t̾ ̾l̾o̾o̾k̾ ̾s̾i̾m̾i̾l̾a̾r̾).

But the thing is, all of that traffic comes from a certain few offending IP ranges, and an iptables rule that covers a whole range is very cheap. China (or any country for that matter) has too many IP ranges to block all of them. But the certain few offending IP ranges? I'll take a cheap IP-based filter over expensive content-based filters any day. And I don't want to be shamed for that.

Wow! They are incredible!

I keep creating new email filters every week or so, and they keep finding new ways to send me spam!

The best part is - these emails are sent from our internal infra. Judging by the sender it looks like they have created a bot collecting various events and sending them to... everyone.

Much smart. Many useful.
Much working

Spam assassin kills most of the spam I get before I see it. It works pretty well. However, I started getting a fuck ton of spam from some asshole on a Turkey server. You cannot forward spam to the gov anymore so what to do (They use a honeypot. Apparently it doesn't catch everything.)? Well I got the abuse email account address for the server. Then I went into my servers spam filter for the email address I am having issues with. Then I redirect the email to this abuse email address. Then I delete it from the server. This makes it so my email client never sees the message and I automagically notify the abuse account. If the abuse account is owned by the spammer then he is just filling up his own server with shit.

Anybody else have fun or interesting ways with dealing with spam the regular filters don't catch?

If I could I just wouldn't support email in any way shape anymore.

It's just too much hassle with all the spam filters and people just don't understand how email works.

Nobody fucking reads it anyway.... but everyone wants like a bazillion variations on stupid emails that go out that nobody will read.

They don't get that email is often instant ... but is actually async.

They don't understand that just because they got an email sent to their own distribution list ... and someone took them off the list... that doesn't mean that WE an outside group emailing that list stopped sending them messages.

Nobody actually looks at their spam filters until I tell them to do it for the 3rd time. And as if by magic folks at the same company don't 'have spam filter problems all the time'.

I had a company 'security' filter that straight up followed all the links in an email (that's fine ... we're good, I get that).... and then their stupid bot or whatever would actually click options on a form and fucking submit the fucking form!!!!!

I mean I get that maybe some sites have folks submit some shit and then deliver malware but that's gonna have consequences submitting shit none the less because I don't know it's just your fucking bot...

So they'd get various offers from our customers and bitch when they went to find it was already gone.

Email from a department mgr regarding a sharepoint site we inherited (lots of custom javascript, XLS, etc, stuff we didn't write)

Dan: "The department filter isn't showing up when I select the 'Logistics and Support' department. Was this caused by the changes you guys made? Its causing a major disruption in our processes and need it fixed ASAP."
Me: "Those changes went out almost two months ago and all the filters were working fine, at least that is what you told me when you tested it."
Dan: "I thought so, but its not working. It has probably been broken ever since you made those changes so I filed a corrective action ticket against your department for not following the documented deployment and testing processes"
Me: "Really? We've been over this. Its your department that is responsible for that sharepoint site. Previous developers hacked javacript together to make it all work, but I'm sure its something simple."
Dan: "Great. I'll start putting together a root-cause analysis to determine which of your processes we need to address."

Start looking at the javascript and found the issue..

if (dept === "Logistics & Support") {
$('deptFilter').show();
}
else {
$('deptFilter').hide();
}

Me: 'Found the issue. Did you rename the logistics department?'
Dan: 'No'
Me: 'To show or hide the filter, the code was looking for "Logistics & Support", someone changed the title to "Logistics and Support"'
Dan: "Well...I guess I did that yesterday...but I didn't change the name, just that stupid character. That shouldn't make any difference."
Me: "I can fix that right now. Are you going to need more information for your root cause analysis?"
Dan: "No, I think we're good. Thanks."

Here are some:
1. email filters for crap
2. know wtf is your current task and stay on it with minimal context switch
3. get a bot to automate some of your work (build, deploy, health, run tests) inside slack/rocket.chat/otjer-irc-like-software

What my ADHD brain looks like to an outsider:

My media player doesn't support ordered chapters, so now I have FreshRSS running on my VPS.

The actual mental process:

> MPC-BE doesn't support ordered chapters with the built-in filters
> I should install the third-party LAV Filters
> Not available on Scoop and I'm never touching Chocolatey again
> I wish I had Linux on this PC instead of Windows, so I could have a proper package manager to handle updates, but I digress
> Sure would be nice if I could find a way to know when this updates.
> Actually, tracking versions for multiple GitHub repos would be really nice.
> I would just subscribe but my email inbox is a mess already and I'd probably fail to see the emails
> GitHub Release pages have their own Atom feeds!
> I don't currently use any feed readers
> Maybe I should self-host a feed reader
> Set up FreshRSS Docker container on my server
> Actually installed the LAV Filters to solve the original problem.

public function index(Request $request): array
{
$parameters = json_decode($request->get('lazyEvent'), true);

if (isset($parameters['page'])) {
$page = $parameters['page'];
} else {
$page = 0;
}

$queryBuilder = DB::table('companies')
->leftJoin('company_contact', 'company_contact.company_id', '=', 'companies.id')
->groupBy('companies.id')
;

if (isset($parameters['filters']['name'])) {
$queryBuilder
->where('name', 'like', '%' . $parameters['filters']['name']['value'] . '%')
;
}

$total = $queryBuilder
->count()
;

$companies = $queryBuilder
->select('companies.id', 'name', 'email', 'phone', DB::raw("COUNT('company_contact.id') AS contact_count"))
->orderBy('name')
->offset($page * $parameters['rows'])
->limit($parameters['rows'])
->get();

return ['companies' => $companies, 'totalRecords' => $total];
}

what is this shit? I get $total 1 when in reality is $companies count is 51

I am thinking avout writing whole sql as raw because I cannto get fucking count correctly

One of the reasons why I wanted to become a software developer is because I see so many products or services taking the easy way out, at the cost of killing customer expectations. For example, I was told about JobTrack.io, which is supposed to help manage job searching by keeping track of applications and their statuses. But almost as quickly as I was told, my mind goes into automatic promise defense mode. And rightfully so, because the service turned out to be almost as monotaneous as the job search itself! Not as seamless as I'd need it to be to get started right away.

Now, maybe there's a slight chance I don't know wtf I'm talking about here. But, what's stopping this product from using an email client that runs server side, to interface with the user's main inbox, to run sentiment analysis on emails for detecting job application submissions? Such functionality would obviously need permission from the end user, so there are no surprises that some 3rd party app is sorta kinda monitoring your emails. And of course measures should be taken to avoid detecting anything beyond the contextual lines of: "Thank you for applying to so and so", or "We've recieved your application! Next steps".

Present those detections to the user to confirm. And do the same thing for rejections and offers. Shouldn't be that hard especially when most sites these days allow you to sign in with Google, and that Google marks these particular emails as "Important"; which further filters the detection process, and partially does JobTrack's job for them.

Honestly, I think the app has promise, and hope this is just a case of starting off small.