Client: My email not working
Me: What error message you getting
Client: Nothing, it's just stuck on Outbook
Me: Is your Internet working?
Client: Yes, of cause am not that stupid
Me: No! No! just asking as checkup
Client: Okay
Me: Open your Internet Browser and goto Google or Facebook
Client: Okay hold on..I am getting message "There is no Internet Connection"
Me: Yea, your Internet is not working that's why email can't be send. Talk to your IT Guy or Internet Provider about it.
Client: Okay, thanks!

Can my vps provider already email me my new vps details?

It's only been 5 minutes, yes but I'm IMPATIENT.

I want to set it up right now 😊

Client (not for the first time): Your work sucks. I had to have this email formatting re-done before I sent it out.

Me: *sees that the email sent matches the work I did exactly with no changes*

Client (months later): I need you to do maintenance on my website.

Me: *does quick maintenance for free but sends update on status of work done and amount left in retainer agreement*

Client: You're too expensive! You started working with me for $X/hr, then you went up to $Y/hr and now you're all the way up to $Z/hr! You're not worth that!

Me: *fires client by refunding the remainder of retainer and sends client a list of local, cheaper providers*

Client: But now I don't have anyone to maintain my website until I find a new provider! Why have you done this to me? Waaaahhhhh!

Me (in the most professional language I can muster): Because you're a biotch and I'm tired of your verbal abuse. Maybe try not to be such a dbag to that next provider, mmm'kay?

Project Cortana: Day 1

I have seen a lot of people switching to Linux or other services to get away from all the data collections. It makes a lot of sense as no one would want their data to be sold without their consent.

But I am going to do something different. My aim is to integrate with Microsoft apps as much as possible and review the experience. So here is what I have done so far:

* Use Cortana in desktop and mobile (Android)
* Use Microsoft launcher in mobile
* Outlook as primary email provider (I was already using them as my default provider)
* Use Microsoft To-Do and calendar to keep track of things
* Use OneDrive to store all my files (I am moving them from Google Drive)
* Use the default Mail app on the Windows 10
* Use Onenote (I was using Evernote before)
* Use Edge on desktop and Mobile
* Use Skype instead of Hangouts

It's day one but I think I have already found it quite useful. For example:

* Adding reminder is much easier. I get them on both desktop and mobile which is nice.
* Mail app has been really useful. Especially the focused inbox really helps to get rid of the clutters. Also, I can immediately add a mail to the calendar (like Inbox by Google) which is really helpful.
* One of the features of edge that I have found really useful is that you can send web pages from mobile to desktop in one tap. That is extremely useful.

So far I am loving it.

Also, I tried to make sure that I am not sharing my data with third-party apps as I have turned off "relevant ads" feature.

Because of hardware failure we had to move some vpns from one datacenter to another.

The team of highly untrained monkeys at my hosting provider were hired to do this. First they ran backups of all the systems. Then they started the moving process. A few hours later they were done. We got an email everything was back online.

So we restarted all our processes and no data was coming in from our Raspberry's around the country. So we start a little investigation. What did these buffons do, they changed our rsa keys.

So we kindly ask them to put the old keys back so we do not have to fix 200 changed key warnings on systems that are not remotely accesible.

Apperently something that can't be done because their back up process is automated and always makes new keys.

Holy fucking fuck, whats the point in having a backup its not an exact copy. Is this fucking normal?

Now I will be spending the next few weeks literally standing in cow shit reconnecting Raspberry's.

Thanks a fucking lot. Not!

I just had to print out some bills for a colleague.
Nothing too bad you say?

Well.. She doesn't seem to care about security or privacy at all.
I opened the website of her email provider at my computer and moved away from the keyboard, so she could log in.
But instead she told me her email and password... In an office with some other colleagues... Multiple times and wrote it onto a piece of paper that the later left on my table.
After that I should look through her inbox to find the bills.
(Yup, I know a lot more about her now)
After finding and printing out her bills, she just thanked me and walked out of the office, because hey, why should I log out of her account?

It's nice that she trusts me... But that was a bit too much...

HR: I’m sure you know what this meeting is about

Dev: My script that converts the name of our 3rd party IT provider in any email thread I reply to with “PooPoo Inc.”?

HR: No, that is a separate meeting

Dev: Ah.

An important message:
PrOpErLy managing servers is HARD.

I get pissed off at customers with ZERO server knowledge who think they can manage their VPS. “Just get a control panel and a VPS” from some flashy provider that makes server management look way too easy.. Clicking around in their fancy control panel, until:

- they need help with their *self-managed* VPS;
- their email ends up in spam;
- they suffer from performance issues;
- they need to restore a backup;
- something breaks, because YES, things break

Way too little people are able to answer:

- when and how do you make backups?
- how do you monitor your servers and which services?
- how do you keep track of trend analysis?

Then I come by with necessary software. SNMP for trend analysis, Graphite for infrastructure health, Sensu for monitoring, Kibana, Ansible for configuration management..

Things that servers need but that customers have never even heard of.. because they can do everything in their control panel..

Until they come crying to me because it broke and they don’t even know how to get into SSH.

I think the ones to blame are VPS providers that tell the tale of how easy it is to install a control panel and never look at your server again.

Customers become responsible for something *business-critical*! Yet they don’t know how it works.

So my client wants to stick with their current hosting provider (Bell) because the company is "big" and "won't go anywhere anytime soon." I just said, well okay it can't be that bad. Bell charges about 10x more and gives you about 10x less compared to other options, but it's not my money so whatever. Well, Bell has the absolute worst customer service. They have an online support form where I can type in my questions and they will call me within a day to help me. They called me during work hours and I missed the call, so they sent me an email to let me know I missed the call and gave me a number to call. I called and I might as well have called my dog because the support didn't even know what a .htaccess file is. I emailed them back and asked if they could forward my email to someone in the hosting department that could help (because the phone support I got was shit). I got a reply saying they "can't"... yup, they used the word "can't", they can't forward the email and that I would have to call. Is everyone at Bell a fucking dick chugging brainless pile of moldy-ass shit biscuits!? YOU CAN"T SEND AN EMAIL? Turns out they do have a dedicated hosting support email, let's hope the email I send ends up in front of someone at Bell who at least has a slight clue how to use a keyboard.

Does anyone know a provider for webhosting with this needs?

- decently priced (~4€/month)
- domain included
- email stuff included
- no analytics/cookie stuff from the provider (that's the point of change)
- easy sftp access
- ssl included

So yeah, we released our app for 26k people to use two days ago. Due to circumstances not under our control, that was developed way faster than it should've. Today we're two days in and everything is going horrible. 26 thousand people are having trouble using it (not every problem is our fault, but ofc they don't give a shit) and our support team is not big enough to handle every request. We're not able to find any more people to help us handle it, so some developers are being used for support. But that slows the bugfixes a lot. We're at risk of losing our jobs because we will not be able to make it work in due time.

In Italy, at the beginning of the year a particular type of invoice became necessary and to handle that everyone needs a particular kind of email called "certified", you know, because Italy, and today our certified email server went offline for the whole fucking day because the provider was an overload of feces. We were overwhelmed by the amount of people that needed help.

I don't even know what to say, if we don't fix it we're fucking fucked, like literally.

I really hope everyone is having a nice new year. For us, this is going terrible.

MailChimp has decided to effectively kill the Mandrill service... Time to spend hours moving to a new outgoing email provider 😭

I email our CFO in January about an overcharge I noticed on an invoice, something we've been paying $120 a month for, not using, and never used the service. I suggested we contact the vendor and request the charge be removed and try for a credit.

Fast forward 2 months, vendor emails me to let me know that the service is being cancelled and they wanted to give me a heads up that I'll need to find another provider. I decide to go ahead and email back telling them that we haven't ever used the service and we shouldn't be paying for it. After 30 minutes on the phone I got the charge removed and got our account credited for the last 12 months.

Now to figure out how to word it to the boss without making it seem like I'm trying to throw the CFO under the bus for not doing his job.

A few days ago Aruba Cloud terminated my VPS's without notice (shortly after my previous rant about email spam). The reason behind it is rather mundane - while slightly tipsy I wanted to send some traffic back to those Chinese smtp-shop assholes.

Around half an hour later I found that e1.nixmagic.com had lost its network link. I logged into the admin panel at Aruba and connected to the recovery console. In the kernel log there was a mention of the main network link being unresponsive. Apparently Aruba Cloud's automated systems had cut it off.

Shortly afterwards I got an email about the suspension, requested that I get back to them within 72 hours.. despite the email being from a noreply address. Big brain right there.

Now one server wasn't yet a reason to consider this a major outage. I did have 3 edge nodes, all of which had equal duties and importance in the network. However an hour later I found that Aruba had also shut down the other 2 instances, despite those doing nothing wrong. Another hour later I found my account limited, unable to login to the admin panel. Oh and did I mention that for anything in that admin panel, you have to login to the customer area first? And that the account ID used to login there is more secure than the password? Yeah their password security is that good. Normally my passwords would be 64 random characters.. not there.

So with all my servers now gone, I immediately considered it an emergency. Aruba's employees had already left the office, and wouldn't get back to me until the next day (on-call be damned I guess?). So I had to immediately pull an all-nighter and deploy new servers elsewhere and move my DNS records to those ASAP. For that I chose Hetzner.

Now at Hetzner I was actually very pleasantly surprised at just how clean the interface was, how it puts the project front and center in everything, and just tells you "this is what this is and what it does", nothing else. Despite being a sysadmin myself, I find the hosting part of it insignificant. The project - the application that is to be hosted - that's what's important. Administration of a datacenter on the other hand is background stuff. Aruba's interface is very cluttered, on Hetzner it's super clean. Night and day difference.

Oh and the specs are better for the same price, the password security is actually decent, and the servers are already up despite me not having paid for anything yet. That's incredible if you ask me.. they actually trust a new customer to pay the bills afterwards. How about you Aruba Cloud? Oh yeah.. too much to ask for right. Even the network isn't something you can trust a long-time customer of yours with.

So everything has been set up again now, and there are some things I would like to stress about hosting providers.

You don't own the hardware. While you do have root access, you don't have hardware access at all. Remember that therefore you can't store anything on it that you can't afford to lose, have stolen, or otherwise compromised. This is something I kept in mind when I made my servers. The edge nodes do nothing but reverse proxying the services from my LXC containers at home. Therefore the edge nodes could go down, while the worker nodes still kept running. All that was necessary was a new set of reverse proxies. On the other hand, if e.g. my Gitea server were to be hosted directly on those VPS's, losing that would've been devastating. All my configs, projects, mirrors and shit are hosted there.

Also remember that your hosting provider can terminate you at any time, for any reason. Server redundancy is not enough. If you can afford multiple redundant servers, get them at different hosting providers. I've looked at Aruba Cloud's Terms of Use and this is indeed something they were legally allowed to do. Any reason, any time, no notice. They covered all their bases. Make sure you do too, and hope that you'll never need it.

Oh, right - this is a rant - Aruba Cloud you are a bunch of assholes. Kindly take a 1Gbps DDoS attack up your ass in exchange for that termination without notice, will you?

I've got this customer who for some fucking reason won't change their DNS to point to our new servers, but wants to fucking stay on that old piece of crap, where we have to ask our sub-provider to generate a CSR to send to our customer to use to sign a certificate to send to us to send to our sub-provider. Because yeah, that's so much fucking easier than just pointing your domain to our new system, and get SSL set up automatically. For fucks sakes! And also, your certificate expires tomorrow, and since our idiot sub-provider hasn't responded to my email about CSR in a week, you basically have no option. So get that thumb out your butt and just switch the DNS!

Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.

Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.

Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.

Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".

Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.

I want to switch to an encrypted email service. My question, what if the service provider suddenly decides to close down the email service.

I feel like it's too risky to move all my emails to them.

Uh-oh I fucked up.

Not at work, but with my website where I had an email forwarder to an external address. The forwarding was everything so that I could do the spam filtering and occasional check in one place. Unfortunately, that triggered the spam detection at the external address (after some years!), and my provider ended up on a blacklist.

That got me a pretty angry mail from my hosting provider who had already disabled the forwarding and wanted to make sure that I understood the issue and would not put it in again.

I thought about whether they had fucked up because it was even possible to do that, or whether I had fucked up because I should have known. Hm yeah I opted for the latter and apologised.

The support guy seemed happy that I didn't try to argue (possibly like other customers...), and advised that I just should add another account in my email client. Sure, at least that will prevent this shit from happening again.

He also mentioned that every single blacklist issue they had experienced in this year was accidental due to external forwarding issues and that they would consider just disabling it altogether.

Which is probably a smart move, just as hint for these ranters here who work at hosting companies. Or at least only enable external forwarding if spam assassin or so is in place.

This isn't a funny rant or story. It's one of becoming increasingly unsure of the career choices I've made the path they've led me down. And it's written with terrible punctuation and grammar, because it's a cathartic post. I swear I'm a better writer than this.

The highlights:
- I left a low-paying incredibly stable job with room to grow (think specialized office worker at a uni) to become a QA tester at a AAA game studio, after growing bored with the job and letting my productivity and sometimes even attendance slip
- I left AAA studio after having been promoted through the ranks to leading an embedded test tools development team where we automated testing the game (we got to create bots, basically!) and the database, and building some of the most requested tools internally to the company; but we were paid as if we were QA testers, not engineers, and were told that wouldn't change; rather than move over or up, I moved out to a better paying, less fabulous web and tools development job for a no-name company
- No-name company offered one or two days remote, was salaried, and close to home. CTO was a fan of long lunches and Quake 3 Arena 1-2 hours at the end of every day. CTO position was removed, I got a lot of his responsibilities, none of his pay, and started freelancing to learn new skills rather than deal with the CFO being my boss.
- Went to work as a freelancer for an email marketing SaaS provider my previous job had used. Made loads of money, dealt with an old, crappy code base, an old, cranky senior dev, and an owner who ran around like the world was on fire 24/7; but I worked without pants, bought a car, a house, had a kid, etc;

Now during ALL of this, I was teaching game dev as an adjunct at my former uni. This past fall, I went full time as a professor in game dev. I took a huge pay cut, but got a steady schedule (semester to semester anyway) and great benefits. I for once chose what I thought was the job I wanted over more money and something that was just "different". And honestly, I've regretted it so much. My peer / diagonally above me coworker feels untrustworthy half the time and teaches the majority of the programming courses when he's a designer and I've been the game programming professor for 8 years (I also teach non-game programming courses, but those just got folded into the games program...); I hate full-time uni politics; I'm struggling with money for my family; and I am in the car all the time it feels like. I could probably go back to my last job, which had some benefits, but nowhere near as good; my wife doesn't want me back to working in the house all the time because that was a struggle unto itself once we had a kid (for all of us, in different ways); and I have now less than 24 hours to tell my university I want to not pursue longer term contracts for full-time and go back to adjunct next Fall (or walk away entirely), or risk burning a bridge (we are reviewing applicants for next year tomorrow, including my own) by bailing out mid-application process.

I'm not sure I'm asking for advice. I'm really just ranting, I guess. Some people I know would kill to have the opportunities I have. I just feel like each job choice led me further away from a job I liked, towards more money, which was a tradeoff that worked out mostly, but now I feel like I don't have either, and I'm trapped due to healthcare and 401k and such. Sure, I like working more with my students and have been able to really support them in their endeavors this semester, but... that's their lives. Not mine. The wife thinks I should stay at the university and we'll figure out money eventually (we are literally sinking into debt, it's not going well at all), while most people think I should leave, make money, and figure out the happiness factor once my finances are back on track and the kid is old enough to be in school.

And I have less than 24 hours it feels like to make a momentous decision.

Yay. Thanks for reading :)

being a sheep over the last years I just recently started to overthink my software choices in terms of privacy. but hell it's far from easy!
just now I realize how dependent I am from all of these services. I mean no problem ditching Facebook for example, it's not essential to me. but what about WhatsApp and GoogleDrive? I'm using these services on a daily basis...
any advices on what software or providers to use alternatively? especially browser, messaging app, email provider and cloud service?
please keep in mind that although I am willing to bring sacrifices I by no means want to neither could live like Richard Stallman. so an argument like "sell your MacBook because macOS is spyware" is not that helpful to me - more like what can I do to increase my privacy within the boundaries given to me. I have to find some sort of compromise. so curious about your advices, stories and opinions right now!

I was Just college fresher who completed his Engineering. My first week in the office. And a system was provided to me, since it was support project so I was given direct access to production database.

Fresher + Production Database + Access of Admin credentials = Worst Possible Combination

So it was my night shift, I was told to update new tariff plan for our client (which was one of the largest telecom service in India) .

If someone recharges for more than 200 Rupee, that person will get 10% or 20% extra talk time. Which was only applicable for particular circle (Like Bihar and Rajasthan).

Since I was fresher, I was told to update given query from my senior employee which he shared on the shared folder. Production downtime was in the mid night, so at that time I updated that query on the production database.

Query successfully updated. I completed my night shift, went home and slept.

When I woke up, I saw my mobile it had 200+ missed calls from different locations of India. They were Circle heads of that telecom service provider who contacted me. I realized something unexpected is expecting me.

Then at that moment my team lead called me and he asked me to come office right away.

Reminding you I was a fresher, I was shivering. What have I done there?

When I reached office, I came to know that the query I updated on production bombarded.

Every person who recharged that day (duration from midnight to morning 10 AM) got 10 times or 20 times more talktime.

A part of Query was something like this where error was made:

TalkTime = RechargeAmount + RechargeAmount * 10/100; (Bihar)
or

TalkTime = RechargeAmount + RechargeAmount * 20/100; (Rajasthan)
But instead of this query, I updated below one:

TalkTime = RechargeAmount + RechargeAmount * 10;
or

TalkTime = RechargeAmount + RechargeAmount * 20;
In a span of 10 hours, that telecom service lost revenue of 6.5 crore Rupees. Thanks to recovery team they were able to recover 6 crore but still 50 lakh Rupees were in loss.

One small query, and approx 1 million dollar was on stake.

Aftermath of this incident

My Mistake:

I should have taken those queries on mail. Or, there should have been mail communication regarding this.
Never ever do anything over oral communication. Senior employee who did this denied and said he provided correct query, and I had no proof of communication.
I told them, it was me who executed that query on production. Since I was fresher, and took my responsibility of that incident. My team lead rescued me from that situation.
Lesson Learned:

Always test your query and code multiple times before you execute or Go live it on production.
Always have email communication for every action you take on production.
Power comes with responsibility. If you have admin credentials of production never use it for update/delete/drop until you are sure.
Don’t take your job lightly.
I was not fired from that Job, but I have learnt my lesson very well.

A random story that just popped back into my head while reading another rant:

Long ago, we developed our own webmail platform at the request of clients. After it was finished, it was never updated and eventually turned into an outdated insecure steaming pile of crap. Up until ~2015, it looked like the first iteration of AOL Mail from the 1990s (and it functioned as such too.) Years, we decided to sunset the platform, and allotted 6-months or so to transition all the active users off the platform and over to an alternative email provider. We had to call each client multiple times and send multiple emails with a deadline detailing when the service would be shut down, and we'd explain that if they didn't transition over to a new service and transfer all their emails before that date, then the emails would be lost forever. Lo and behold, a handful of clients ignored our repeated contact attempts, and we shut down their email service (as we told them that we would.) Of course, they called screaming and panicking "OUR EMAIL IS DOWN OUR EMAIL IS DOWN WE'RE LOSING MONEY FIX IT NOW!!!!," and we told them "We attempted to contact you multiple times, and you neglected to return our numerous calls or emails. We're happy to help you transition your old email addresses to this new provider, but because you neglected to follow the cushy deadline we provided you, all of your emails are gone."

Of course, they denied having ever received our calls/emails, and we'd have to provide them with our outgoing call recordings to prove that we did in fact contact them multiple times. Then they'd blame the mishap on their secretary, who would blame it on the intern, who would blame it on the IT guy, who would blame it on the janitor, and so on and so forth.

Moral of the story: always keep outgoing call recordings when you're sunsetting a product.

Developer just emailed our team a complaint that our logging assembly was resulting in their poor test coverage and they sent a change request to give them the ability to mock the underlying log provider (ex. from the event log to ‘something else’).

Looked at their tests, and they are testing whether or not the .Log was executed (on an exception, if the .Log method was not executed, the test failed), which seemed a bit worthless because we’ve already got coverage in our unit tests.
We had a meeting to discuss the issue.
Me: “I’m OK with changing the logging code if it’s necessary, but I want to understand why.”
DevA: “Logging errors is crucial to the database transaction. If someone removes the logging, the tests should fail.”
Me: “If someone removes the error logging on purpose, then they likely have an agenda and will remove the test validation too. It wouldn’t be an accident.”
DevA: “That’s not my problem. They will have to deal with HR.”
Me: “We purposely prevented someone from intercepting the logging just for that purpose. Your test code already covers the business rule, testing the logging seems out of place. That would like writing a test to make sure the System.IO.File.ReadAllText actually reads all the text from a file. You kinda assume a few smart Microsoft engineers already wrote tests for that.”
DevA: “Yea, I guess that would be silly.”

Got cc’ed an email a little bit ago from DevA to his boss..
“We’re not going to be able to change logging assembly. This may have some impact on our overall test coverage as those lines of code will not get testing coverage. You will have to let the DevMgr know we will not meet our test coverage goals.”

WTF!

I received a few XSD schemas from service provider, this have literally: Table1, Table2, etc... Table21. and without any documentation.

Should I insult provider devs on email?

I forgot my password to my mindfactory account, one of Germany's biggest online vendor for computer components. So I go through the resetting process, which is:

- apply for password reset
- get a mail
- confirm the mail
(So far, so good)

- get a mail with a new CLEAR TEXT PASSWORD

Is this the stone age!?

You never send an email containing the cleartext! You never even store the password as is!
You, as the provider, should never be able to know what the actual password was.

All you are supposed to do is to generate a random salt, and hash the user's password with the salt, and then you only store the salt and the hash. And whenever a user inputs their password, all you do is to check if the you can recreate the hash with the help of the salt and your hash algorithm. (There are libraries for that!)

If a user wants to reset their password? Send them to a mail with link on where they can assign a new password.

At no point should the password ever be stored or transmitted in any other medium.

The company that manages my ISA for Lambda emails on a regular basis to get you to update your income. I got annoyed by the frequency while I was employed so started filtering everything.

Though I’ve been up to date with reporting income to them and submitting tax documents, etc, I apparently missed some important emails.

Like the one on the 4th saying a third party provider flagged by account for employment with CompanyA and that I needed to submit my pay stubs for CompanyA.

I do not and have never worked for CompanyA. My husband works for CompanyA.

I also missed the email from the 12th saying I’m in breach of contract and owe them $19,091.65 immediately.

*head desk*

I’m so mad I can’t even.

Why did i check my email before going to sleep?

AND I POSTED RECENTLY SO I CAN’T EVEN RANT YET. *

*Waited it out

So I want to inform my internet provider of my new phone number, but I can't remember any of my login info for their web interface because I never used it. Luckily, they have a "forgot my username" function, where I submit my email address and get a confirmation that my username has been sent to me.

Yet, I just don't get said email. I try again, but no avail. So I just guess my username and use their "forgot password" form, which – hooray! – confirms it just sent my an email.

But I don't get any email. I retry, I retry after a day, but no automatic response. I remember a incident a few years back when I didn't get some automatically generated mails from a company and decide to contact their support if they could just reset my password manually.

Nearly a week passes.

Now I received the answer. I just don't have an account.

Lesson learned: Next time I'll just input garbage first to check if those forms are sane.

When the boss can't even use an email client but insists on telling you that the email provider is 100% integrated into the production application and short story you know it's not. 😑

Legal Question regarding E-Commerce / Credit Card Payments.

The User sends his Credit Card Information (number/expiration Date/Safety Number) over email to vendor. Vendor types this info from the email into a Credit Card Terminal.

Is this even legal? I thought when listing Credit Card Payment you have to use a PSP (Payment Service Provider) that conforms to the security regulations etc.

Which privacy-respecting email provider can you recommend? It seems that the following three are the best options:

- tutanota (0€ / 12€)
- posteo (12€)
- mailbox.org (12€)

Do you have any experience with them?
What do you think about a hosted email service with your own domain?

We're looking to change the domain provider we use to register new client's domains to one that has an API.
So far it looks like it'll either be namecheap or AWS's Route 53.
We're also looking for the same thing with mail inboxes.

Do you have any recommendations / experience with either of these?

I was hoping to find a solution that would provide both the domain registration and the mailboxes with no hosting and accessible via API but I've had no such luck.
(Except for maybe two, but neither looked up to date)

#storytime

Soon I'll start moving to a new place on the 16th and I wanted to change my address at the Internet provider (T).
go to provider website (T) reading that I need to call them...

CALL (T): .... Automatic answering machine.. ... longer than normal, covid19, 30 minutes later:

Operator: Hi moving, yes.. When? we send you an email with details to send Mechanic.

Next day: waking up. clicking mail on my phone in bed half sleepy. select 15th. next. next. next. accept. done.

Me happy :) .... One hour later realizing I said 15th.. and it should be 25... FUCK!!! Me Mad! Knowing what's going to happen...

Click link in mail to change date. You need to call (E).

CALL (E) : ... Automatic answering machine.. ... longer than normal, covid19, 1 hour later.... Give up..

CALL (E)(2): ... Automatic answering machine.. ... longer than normal, covid19, 1.2 hour later.... Give up..

Next day CALL (E)(3): ... Automatic answering machine.. ... longer than normal, covid19, 45 minutes later....

Operator: Hi, yes we can move to date 21. you need to call (R) to change fiber mechanic I'll patch you trough
CALL (T) : ... Automatic answering machine.. ... longer than normal, covid19, 30 minutes later....
Operator: You need to call (K) Here is the number 123456789..

CALL (K): ... Automatic answering machine.. ... longer than normal, covid19, 20 minutes later
Operator: This department (R) can not be reached by phone we will call you back.

Next day:
Incoming call from (K). Because you are moving to a new house you do not need (R). have a nice day.

Have a nice day to you too calm and friendly.
hopefully I won't be without internet for a couple of days...

Guys, I'm changing my email provider and am looking for a (paid) one that focuses on security and data privacy. Any suggestions/experiences?

Second phishing victim of the year.
F*ck our email service provider, the service sucks so much. The deny list DOESN'T EVEN WORK. I'm so fed up with this.

ON THE PHONE WITH THE SHITTY HEALTH CARE PROVIDER THAT OUR COMPANY USES... THEY CANT PROVIDE AN EMAIL.... NOW THE GUY I GOT SAYS HE CANT ACCESS MY INFO BECAUSE OF A SYSTEM ERROR.... NEED TO TRANSFER TO ANOTHER GUY!!!!

WTF!!!!! DUMBASSES.... THEY SHOULD BURN IN HELL!!!!!!!!

AND I NEED TO GET A NEW JOB... BUT PROLLY WONT BE DOING THAT FOR AWHILE.... :(

rants[0] =

"tl;dr: the account creation process at salesforce.com is really flawed.

In a lecture we were supposed to try out different CRM tools, one of them was salesforce. They are the worlds largest CRM software provider - not relevant for the rant, but it means they should have enough $$$ and competence to make something better.

When you create your account, you do not set a password. Instead they send you an email with a link, serving both as account activation and for setting your password. However, if you close the tab without setting a password, your account is still activated and the link in the email won't work anymore.

Alright, rather annoying, but that's why you can reset your password via email, right? Wrong. When you try to reset your password, they prompt you with a security question. Even when you never set them up. And obviously can't give the right answer. Who designed this logic?

On top of that, they nicely tell you to contact your sys admin if you are still having issues. My account is private. Not associated with any company.

So yeah, burned 3 emails until I figured that out and created 3 accounts I can never access again.";

!rant

Need advice guys :)

just bought myself a nice domainname, and now I'm looking for a good email provider I can use for my domain.

Any of you can point me in the right direction? It can come at a price, as long as it is not too much, but I'm well aware quality service does not come free...

I've worked at a small business for the last 10 years. We used to do all our IT provisioning services in house because originally you could count the number of employees on a mutilated hand. The nice thing about this was that we could get a new employee up and onboarded in a couple of hours.

In the last 6 months we've now moved to Microsoft stack for credentials and managed by a 3rd party provider because it's not worth our time. The problem is that 4 days in, our new employees still have no access to their email or the fileserver.

I've heard about the power of positive thinking so just wanted to celebrate how I've made it to big enterprise!

(Also Microsoft Teams is utterly horrific and IMO successful only because big enterprise organisations need to fulfil statutory compliance/accreditation requirements. It is the definition of economic rent seeking)

So I work with an old ICT Responsible.

Today he wanted some information about the internet.
He takes the phone and start calling...
I was like what are you doing ? Can't you just send them an e-mail ?

He said "no, calling someone is more time efficient and quicker"
So he is there calling an internet provider after closing time waiting...

Music playing... still waiting...

After 5 minutes the call is ended telling that they are closed...
Next he was "well I will send an email then"

Like wtf. How is that efficient and faster ? You could have send the mail and finish any other task... What is wrong with old people and calling everybody for small stuff.

When you call someone, they have to litterally drop what they are doing and answer the call. Just send emails and let them anwser when they have time dammit !

Dear Gmail, you guys always claim to be the "best" free email provider, yet each week my inbox gets filled with spammy emails, even after marking those emails as spam for the past 1 year. I'm tired of your bullshits. Fucking fix it already!

TLDR
Apparently if you delete your google account as an only admin of a workplace by just clicking remove account on expired subscription screen when you are on document page you not only loose access to google workplace but also you can create new workplace google account using same domain and email immediately and it’s fresh google domain account without domain verification and with everything wiped off from your old account. So you don’t have access to anything but on the other side there is possibility to use gmail as spam hub if google fucked ip something in their dns verification and once verified and after that expired domain gets bought again it stays verified.

Well I luckily migrated my gmail to other provider 3 years ago and I lost nothing important there but lol.

You can easily lock out yourself from your domain.

I opened ticket using some questionnaire and by adding another dns txt record to my domain to claim access to workplace admin page and let’s see what they do.

If they ever respond to that ticket and how long it will take to get it resolved.

This is good test to see if google is still a people’s company or an evil corporation.

I was using workplace as long as it was free from days of google app engine and begging of cloud revolution. I remember at best times I could chat with google support employee about spam I got from domain registered on google servers and he was processing ticket for me.

To ship a package of two USB cables from one US city to another. What could be easier for a large company? Well, hold on a little.

I ordered two fucking cables from fucking Nomad at 15TH OF FUCKING JULY, and they are still not shipped. Here's how their customer support works: you send them an email, they reply in like a day or two, and that's it, that email thread is abandoned. They won't visit it again. You should write a whole new message where you say "hey, the previous time you said me X, so I want you to do Y then", and the message title should be different, otherwise they'll ignore it.

My roof is under construction now. When it was raining and there was a rain both inside and outside my apartment, I filmed it and an article about the situation was in my local newspaper in like 20 minutes. Russian government organizations are notorious for ignoring people's requests, shutting down their telephones and doing other shit like that, but in one day I managed to collect the foundation of overhaul, my utilities provider, the foreman of the organization responsible for roof repair, his supervisor and the actual guy that did that job. That same day, they all was at my doorstep, collecting the evidence, signing papers, apologizing, threatening to sue each other and collectively signing a document that states that they owe me either a full financial compensation or an overhaul. I managed to do it in the country where you throw an empty plastic cup at a cop and go to jail for it for five years.

Nomad, tell me, what exactly is stopping me from going full Jackson Pollock with a .45 on your company all over the social media (props to @SortOfTested)? You think I can't handle a mediocre iPhone case manufacturer?

Think again.

I've started to get more into the TOR idea over the last couple of weeks.

I know I'm way to "non protective" of my privacy but changing would mean I'd have to break many habits and stop using things I'm used to.

A couple years back (I guess it was in like 8th grade or so) I had a presentation in German (my first language) for an extra mark. It was about tor. In the process of researching all of it I learned quite a lot about it. All of this knowledge has stuck to me the whole time, unused.

Fast forward to today, I've finally decided to use the couple of bitcoins I have (like 15€ or so) from my home mining experiment to rent a vps for a tor relay. First, I was lucky enough to find a service provider that accepts bitcoin for a 3€. They advertised "Fair use Traffic", later found out, after committing for three months since I was like "yeah... will be fine", in the customer panel there is a graph that shows me that I have used x% of 1.5 TB... I guess the customer support will get an email from me asking what "Fair use" exactly means... But that's fine... Oh... And ipv6 wasn't a thing to be found...

To wrap it up... I've now got a 2 weeks old little tor relay <3

(I didn't wanted to put it on my main vps where I have 200mbit guaranteed at unlimited for 5€ a month since that's where I have my mail server running and a hidden service for my next cloud)

Best email provider for privacy? Is ProtonMail any good?

I'm trying to improve my email setup once again and need your advice. My idea is as follows:
- 2-5 users
- 1 (sub)domain per user with a catchall
- users need to be able to also send from <any>@<subdomain>.<domain>
- costs up to 1€ per user (without domain)
- provider & server not hosted in five eyes and reasonably privacy friendly
- supports standard protocols (IMAP, SMTP)
- reliable
- does not depend on me to manage it daily/weekly
- Billing/Payment for all accounts/domains at once would be nice-to-have, but not necessary

I registered a domain with wint.global the other day and I actually managed to get this to work, but unfortunately their hosting has been very underwhelming.. the server was unreachable for a few minutes yesterday not only once, but roughly once an hour, and I'd really rather be able to actually receive (and retrieve) my mail. Also their Plesk is quite slow. To be fair for their price it's more like I pay for the domain and get the hosting for free, but I digress..

I am also considering self hosting, but realistically that means running it on a VPS and keeping at secure and patched, which I'd rather outsource to a company who can afford someone to regularly read CVEs and keep things running. I don't really want to worry about maintaining servers when I'm on holiday for example and while an unpatched game server is an acceptable risk, I'd rather keep my email server on good shape.

So in the end the question is: Which provider can fulfill my email dreams?

My research so far:
1. Tutanota doesn't offer standard protocols. I get their reasons but that also makes me depended on their service/software, which I wouldn't like. Multiple domains only on the business plans.
2.With Migadu I could easily hit their limits of incoming mails if someone signs up for too many newsletters and I can't (and don't want to) micromanage that.
3. Strato: Unclear whether I can create mails for subdomains. Also I don't like the company for multiple reasons. However I can access a domains hosted there and could try...
4. united-domains: Unclear whether I can create mails for subdomains.
5. posteo: No custom domains allowed.

I'm getting tired.. *sigh*

Was watching OITNB at home when boss called sounded urgent about SSL not working on one of our subdomains. We use a paid cloud app for some of our reports which. So the subdomain is a CNAME to the providers app subdomain. Recently there was an upgrade at our hosting but it shouldn't be related.

Boss: Hey, there is an error prompt when I visit our reporting site with https
Me: That's cos we never installed any SSL cert for that subdomain.
Boss: Well it worked before and you will need to get it fixed.
Me: Wait.. It worked before? How is that possible? We've never set it up and the subdomain is a CNAME pointing to another site which we don't own. The cert will have to load from their server and we have not done any setup with them.
Boss: I'm very sure it worked before the hosting upgrades. All along our customers has been accessing with https.
Me: Okay.... That's something new because and I am pretty SURE the last I checked, the app provider doesn't allow that yet.
* meanwhile I when to search the app provider docs and it says not able to support multiple SSL yet for CNAME
Me: Look, it says so here in the docs.
Boss: Ok, can you try to fix it as its important for the users to not see that error. It has been working all along.
Me: Hmmmm... I'll get back to you.

How do I fix something that didn't exist / broken?? How did it work before??

I know it can be possible to install the cert on the cloud provider end but we haven't done this before. And their support docs says feature not available yet.

Was it magic?? Am I missing something?? Anyway, I've sent an email to the provider's support team and telling them "it worked before"

Have a question about email service providers. Specifically inbox delivery and warmup. Over the years I gathered a ~200k email database of players from my projects. I cleared them by using debounce.io and now I have 100k clean emails. That means I can send a mass newsletter and bounce rate should be good. Now my main question is what email services provider should I use? For email client I thought of setting up sendy.co, for hosting it use sendybay.com and for smtp use pepipost.com But the problem with sendy is that it sends emails without any delay. Like 2-3 emails a second. Is there a difference in terms of inbox delivery and domain reputation wether I send all emails in bulk with sendy or should I try to keep low profile and send lets say 1k a day? I have friends who use amazon ses and they are able to send even 100k a day, given that emails database is cleared(valid working emails) and bounce rate is low.

We ended up finding ourselves with a bunch of tables that have mostly the same columns, but differ by a few. Every time we consume a REST API, we store the `access_token`s and expiration dates and the other OAuth data. However, each provider has slightly different requirements. For example, we store email addresses for email api's, other providers require us to store some additional information, etc. etc.. I'm tempted by the flexibility and lack of schema brought by document databases, but not enough to use one since they're generally slower and we already have everything in SQL. So I got the idea of using JSON columns to alleviate this issue: have a single table for all REST integrations (be it outlook or facebook), and then store the unique integration data inside of this JSON column for "additional data". This data is mostly just read, not filtered by (but ocasionally so). Has anyone had experience with this? How's the performance of JSON fields? Is this a good practice or will it get harder with more integrations?

I recently started working on laravel. As the community says it was easy to get along with the framework and its methodologies. But then i had to do multiple login with framework in same domain.

Oh man, i spent a week to make it work. All those guards and middlewares realted to login was driving me crazy. The concept was clear, but somehow the framework was like "You! I shall make you spend a week for my satisfaction". The project demo was nearing and i was doing all kind of stuff i found. Atlast after continous tries it worked. Never in my 4+ years as a developer i had to face such an issue with login.

So here is how it works,if anyone faces the same issue:
(This case is beneficial if you're using table structures different from default laravel auth table structures)

1. Define the guards for each in auth.php
Eg:
'users' => [
'driver' => 'session',
'provider' => 'users',
],
'client' => [
'driver' => 'session',
'provider' => 'client',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],

2. Define providers for each guards in auth.php
'users' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
'table' => '<table name>', //Optional. You can define it in the model also
],
'admins' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
],
'client' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
],

Similarly you can define passwords for resetting passwords in auth.php

3. Edit login controller in app/Http/Controller/Auth folder accordingly
a. Usually this particular line of code is used for authentication
Auth::guard('<guard name>')->attempt(['email' => $request->email, 'password' => $request->password]);
b. If above mentioned method doesn't work, You can directly login using login method
EG:
$user = <model namespace>::where([
'username' => $request->username,
'password' => md5($request->password),
])->first();
Auth::guard('<guard name>')->login($user);

4. If you're using custom build table to store user details, then you should adjust the model for that particular table accordingly. NOTE: The model extends Authenticatable
EG
class <model name> extends Authenticatable
{
use Notifiable;

protected $table = "<table name>";

protected $guard = '<guard name>';

protected $fillable = [
'name' , 'username' , 'email' , 'password'
];

protected $hidden = [
'password' ,
];

//Below changes are optional, according to your need
public $timestamps = false;
const CREATED_AT = 'created_time';
const UPDATED_AT = 'updated_time';

//To get your custom id field, in this case username
public function getId()
{
return $this->username;
}
}

5. Create login views according to the user types you required

6. Update the RedirectIfAuthenticated middleware for auth redirections after login

7. Make sure to not use the default laravel Auth routes. This may cause some inconsistancy in workflow

The laravel version which i worked on and the solution is for is Laravel 6.x

I'm thinking of making a email validation api that can check if an email address is temporary disposable email, tld domain, from a free email provider, mx detals, delivery availability etc.

Is this even a good API idea?

Does anyone from here working by GMX? I am specially looking for a sysadmin.

The story is the following. We can't send emails to GMX addresses in general. I've contacted my provider, and they said, that they've contacted GMX several times but no solution has been made so far. This was almost a month ago and the problem still persists.

If anyone from here willing to help me clear this mess, or just give some explanation, I would be grateful. We are loosing reputation as a company having to answer from a different email address.

If it is a sensitive info please give me a channel where we can speak about the details.

Please note I am not a sysadmin by the hosting company, i am simply a customer of theirs.

For people who use an email provider that's not Google/Microsoft/proprietary-steal-yo'-data. What are y'all's thoughts on it? Are there good open source or proprietary but private(not sell your data to China/US/Uncle greg from the market) ones? Excluding the obvious "just host your own email server".

I was thinking about a cli tool, involving sending emails through smtp because its purpose.
I was very happy finding out that Mozilla with the ISPDB offered a large list of configuration parameteres for various email provider, but I noticed that its not updated.
Any tips is welcomed