10 points for next century option.

What a stupid configuration of firewall at my work:

devrant -> blocked because of entertainment category.
xvideos -> no problem at all.

Conclusion: sysadmin likes watching porn.

'Normal' people when they get a new phone:
- install whatsapp
- install Facebook (or other social media)
- install regular email app

Me:
- Root phone
- Install app ops
- Install Signal
- Install encrypted email services' app
- Install firewall
- Install devRant

Anyone else like me here?

My girlfriends mom asked whether I could fix her coworkers laptop. She claimed that it had viruses installed and laptop is laggy..

So... I got that laptop just now, got home and turned it on. It doesn't have WiFi drivers installed and I do not have any free Ethernet cable right now.

About the lags... Well you won't believe how many custom tool bars and security programs there were. McAffe, AVG, ESET and some Russian made firewall which asks for license key every 5mins.

And she asked me to reinstall windows and keep every file of hers, and she didn't bother to point which files of 300gb of photos/videos/docs are worth keeping and which are not.. HDD is 300GB :A fuck me

P. S. Since it's my first rant I can say ranting helps a lot to calm down

So a friend of Mine asked me to check their Mail server because some emails got lost. Or had a funny signature.

Mails were sent from outlook so ok let's do this.

I go create a dummy account, and send/receive a few emails. All were coming in except one and some had a link appended. The link was randomly generated and was always some kind of referral.

Ok this this let's check the Mail Server.

Nothing.

Let's check the mail header. Nothing.

Face -> wall

Fml I want to cry.

Now I want to search for a pattern and write a script which sends a bunch of mails on my laptop.
Fuck this : no WLAN and no LAN Ports available. Fine let's hotspot the phone and send a few fucking mails.

Guess what? Fucking cockmagic, no funny mails appear!

At that moment I went out and was like chainsmoking 5 cigarettes.

BAM!

It hit me! A feeling like a unicorn vomiting rainbows all over my face.

I go check their firewall. Shit redirected all email ports from within the network to another server.

Yay nobody got credentials because nobody new it existed. Damn boy.

Hook on to the hostmachine power down the vm, start and hack yourself a root account before shit boots. Luckily I just forgot the credentials to a testvm some time ago so I know that shit. Lesson learned: fucking learn from your mistakes, might be useful sometimes!

Ok fucker what in the world are you doing.

Do some terminal magic and see that it listens on the email ports.

Holy cockriders of the galaxy.

Turns out their former it guy made a script which caught all mails from the server and injected all kind of bullshit and then sent them to real Webserver. And the reason why some mails weren't received was said guy was too dumb to implement Unicode and some mails just broke his script.

That fucker even implented an API to pull all those bullshit refs.

I know your name "Matthias" and I know where you live and what you've done... And to fuck you back for that misery I took your accounts and since you used the same fucking password for everything I took your mail, Facebook and steam account too.

Git gut shithead! You better get a lawyer

> Customer calls
Her: I have over 5k 404 request to [insertwebsite]/autodiscover/autodiscover.xml
Me: Sound like a missconfigured exchangeserver/client. Let me have a look.
> Takes a look and can confirm the IP and the owner of that IP
Me: It looks like someone/something from xxx.xxx.xxx.xxx is failing to resolve autodiscover.[insertdomain].com
and defaults to @ record on the zone. Do you happend to know to whom that IP belongs?
Her: No, and I dont care, just block it. I do not like the 404 that shows up on the summary.
Me: Alright
> Blocks the IP in the firewall.

>>> Fast forward to next day >>>

> Someone calls, it is the same girl
Her: I cant reach my website! Infact, I cant reach anything! WHYYYYYY!!!
> I remember, blocking that IP yesterday...
Me: Oh, can you please visist "minip.se" (whatismyip.com, swedish version) and tell me what you see?
Her: Yes, it is xxx.xxx.xxx.xxx
Me: Do you remember that IP that you request that I block yesterday?
> I can hear the shame coming from the phone.
> Turn out that her collegues did'nt have any mail delivered to them from the time I blocked their IP
> Her boss is really mad
> Atleast she had a cute voice

Anyone know this bitch hacker 127.0.0.1 story?

WORST HACKERS OF ALL TIME

CONTINUED IN THE COMMENTS BECUASE IT IS SO LONG...

TLdr bitch hacker hacks himself by localhost

bitchchecker (~java@euirc-a97f9137.dip.t-dialin.net) Quit (Ping timeout#)
bitchchecker (~java@euirc-61a2169c.dip.t-dialin.net) has joined #stopHipHop
<bitchchecker> why do you kick me
<bitchchecker> can’t you discus normally
<bitchchecker> answer!
<Elch> we didn’t kick you
<Elch> you had a ping timeout: * bitchchecker (~java@euirc-a97f9137.dip.t-dialin.net) Quit (Ping timeout#)
<bitchchecker> what ping man
<bitchchecker> the timing of my pc is right
<bitchchecker> i even have dst
<bitchchecker> you banned me
<bitchchecker> amit it you son of a bitch
<HopperHunter|afk> LOL
<HopperHunter|afk> shit you’re stupid, DST^^
<bitchchecker> shut your mouth WE HAVE DST!
<bitchchecker> for two weaks already
<bitchchecker> when you start your pc there is a message from windows that DST is applied.
<Elch> You’re a real computer expert
<bitchchecker> shut up i hack you
<Elch> ok, i’m quiet, hope you don’t show us how good a hacker you are
<bitchchecker> tell me your network number man then you’re dead
<Elch> Eh, it’s 129.0.0.1
<Elch> or maybe 127.0.0.1
<Elch> yes exactly that’s it: 127.0.0.1 I’m waiting for you great attack
<bitchchecker> in five minutes your hard drive is deleted
<Elch> Now I’m frightened
<bitchchecker> shut up you’ll be gone
<bitchchecker> i have a program where i enter your ip and you’re dead
<bitchchecker> say goodbye
<Elch> to whom?
<bitchchecker> to you man
<bitchchecker> buy buy
<Elch> I’m shivering thinking about such great Hack0rs like you
bitchchecker (~java@euirc-61a2169c.dip.t-dialin.net) Quit (Ping timeout#)
bitchchecker (~java@euirc-b5cd558e.dip.t-dialin.net) has joined #stopHipHop
<bitchchecker> dude be happy my pc crashed otherwise you’d be gone
<Metanot> lol
<Elch> bitchchecker: Then try hacking me again… I still have the same IP: 127.0.0.1
<bitchchecker> you’re so stupid man
<bitchchecker> say buy buy
<Metanot> ah, [Please control your cussing] off
<bitchchecker> buy buy elch
bitchchecker (~java@euirc-b5cd558e.dip.t-dialin.net) Quit (Ping timeout#)
bitchchecker (~java@euirc-9ff3c180.dip.t-dialin.net) has joined #stopHipHop
<bitchchecker> elch you son of a bitch
<Metanot> bitchchecker how old are you?
<Elch> What’s up bitchchecker?
<bitchchecker> you have a frie wal
<bitchchecker> fire wall
<Elch> maybe, i don’t know
<bitchchecker> i’m 26
<Metanot> such behaviour with 26?
<Elch> how did you find out that I have a firewall?
<Metanot> tststs this is not very nice missy
<bitchchecker> because your gay fire wall directed my turn off signal back to me
<bitchchecker> be a man turn that shit off
<Elch> cool, didn’t know this was possible.
<bitchchecker> thn my virus destroys your pc man
<Metanot> are you hacking yourselves?
<Elch> yes bitchchecker is trying to hack me
<Metanot> he bitchchecker if you’re a hacker you have to get around a firewall even i can do that
<bitchchecker> yes man i hack the elch but the sucker has a fire wall the
<Metanot> what firewall do you have?
<bitchchecker> like a girl
<Metanot> firewall is normal a normal hacker has to be able to get past it…you girl
<He> Bitch give yourself a jackson and chill you’re letting them provoce you and give those little girls new material all the time
<bitchchecker> turn the firewall off then i send you a virus [Please control your cussing]er
<Elch> Noo
<Metanot> he bitchchecker why turn it off, you should turn it off
<bitchchecker> you’re afraid
<bitchchecker> i don’t wanna hack like this if he hides like a girl behind a fire wall
<bitchchecker> elch turn off your shit wall!
<Metanot> i wanted to say something about this, do you know the definition of hacking??? if he turns of the firewall that’s an invitation and that has nothing to do with hacking
<bitchchecker> shut up
<Metanot> lol
<bitchchecker> my grandma surfs with fire wall
<bitchchecker> and you suckers think you’re cool and don’t dare going into the internet without a fire wall
<Elch> bitchchecker, a collegue showed me how to turn the firewall off. Now you can try again
<Metanot> bitchhacker can’t hack
<Black<TdV>> nice play on words
<bitchchecker> wort man
<Elch> bitchchecker: I’m still waiting for your attack!
<Metanot> how many times again he is no hacker
<bitchchecker> man do you want a virus
<bitchchecker> tell me your ip and it deletes your hard drive
<Metanot> lol ne give it up i’m a hacker myself and i know how hackers behave and i can tell you 100.00% you’re no hacker..

The most secure firewall.

First rant from a phone without Google services.

Put shitloads of Google/fb etc domains in the hosts file so my phone cant reach those either.

Root firewall blocks everything except for devrant, a download manager, fdroid and firefox focus.

As for my phone, I'm Google free!

So that high level prank from yesterday.

Senior Linux engineer, the fucker.

He somehow installed shitloads of cron jobs onto my system.

Every few minutes it would create a new user with a freaking complicated password. Then it would install openssh server in case it wasn't installed yet. After that it'd set all iptables rules to allow incoming AND outgoing connections on port 22.

That was one badass ansible script though!

I'm not sure what more there's to it because sometimes when i removed crons, they'd magically appear again later AND i forgot to check the boot scripts so i might be fucked again when I get to work today!

Plus side, i finally fully understand cron 😅

How not to give support..

Me: Creates ticket on support site, letting them know their webservice returns "maintenance" page.
Support: "It works on our end."
Support: *closes ticket*

Euhm.. excuse me?

Me: Creates another ticket with a screenshot and the curl response information..
Support: Sends screenshot back that it works on their end. "Maybe check your firewall"
Support: *closes ticket*

I ain't playing these games..

Me: Creates new ticket with more curl responses from 4 different servers to prove it's not "firewall" related.
Support: ..

2 days later

Me: Sends *friendly* reminder.
Support: ..

6 days later

Me: Creates ticket again saying I'm still having issues.
Support: "I'm forwarding this to our technical support"
Support: *closes ticket*

10 minutes later.

Technical Support: "Here's the manual for our integration .pdf."

Excuse me, you say what now? I KNOW HOW IT WORKS, I'VE WRITTEN THE INTEGRATION ALREADY. THE SERVICE JUST SEEMS TO BE DOWN FFS.. pls..

Me: Sends mail to their project manager who manages the clients dossier with support history and such.
Him: "I'll check it out and let you know."

1 day later.

Support: "We had some issues this and that, wasn't publically availble, works now, .."

What a nice way to waste your time..

string excuses[]={
"it's not a bug it's a feature",
"it worked on my machine",
"i tested it and it worked",
"its production ready",
"your browser must be caching the old content",
"that error means it was successful",
"the client fucked it up",
"the systems crashed and the code got lost" ,
"this code wont go into the final version",
"It's a compiler issue",
"it's only a minor issue",
"this will take two weeks max",
"my code is flawless must be someone else's mistake",
"it worked a minute ago",
"that was not in the original specification",
"i will fix this",
"I was told to stop working on that when something important came up",
"You must have the wrong version",
"that's way beyond my pay grade",
"that's just an unlucky coincidence",
"i saw the new guy screw around with the systems",
"our servers must've been hacked",
"i wasn't given enough time",
"its the designers fault",
"it probably won't happen again",
"your expectations were unrealistic",
"everything's great on my end",
"that's not my code",
"it's a hardware problem",
"it's a firewall issue",
"it's a character encoding issue",
"a third party API isn't responding",
"that was only supposed to be a placeholder",
"The third party documentation is wrong",
"that was just a temporary fix.",
"We outsourced that months ago.","
"that value is only wrong half of the time.",
"the person responsible for that does not work here anymore",
"That was literally a one in a million error",
"our servers couldn't handle the traffic the app was receiving",
"your machines processors must be too slow",
"your pc is too outdated",
"that is a known issue with the programming language",
"it would take too much time and resources to rebuild from scratch",
"this is historically grown",
"users will hardly notice that",
"i will fix it" };

Windows firewall security he like..

Fleksy keyboard: We don't access your private information and upload it to the cloud!

No, because I'm blocking your Internet access through a fucking root firewall.

"I really love the new $3k Fortigate firewall switch you bought for the office after our chat about security but it doesn't change the fact that you can access any computer in the company using Password123" - me

I think I've shown in my past rants and comments that I'm pretty experienced. Looking back though, I was really fucking stupid. Since I haven't posted a rant yet on the weekly topics, I figure I would share this humbling little gem.

Way back in the ancient era known as 2009, I was working my first desk job as a "web designer". Apparently the owner of this company didn't know the difference between "designer", which I'm not, and "developer", which I am, nor the responsibilities of each role.

It was a shitty job paying $12/hour. It was such a nightmare to work at. I guess the silver lining is that this company now no longer exists as it was because of my mistake, but it was definitely a learning experience I hold in high regard even today. Okay, enough filler...

I was told to wipe the Dev server in order to start fresh and set up an entirely new distro of Linux. I was to swap out the drives with whatever was available from the non-production machines, set up the RAID 5 array and route it through the router and firewall, as we needed to bring this Dev server online to allow clients to monitor the work. I had no idea what any of this meant, but I was expected to learn it that day because the next day I would be commencing with the task.

Astonishingly, I managed to set up the server and everything worked great! I got a pat on the back and the boss offered me a 4 day weekend with pay to get some R&R. I decided to take the time to go camping. I let him know I would be out of town and possibly unreachable because of cell service, to which he said no problem.

Tuesday afternoon I walked into work and noticed two of the field techs messing with the Dev server I built. One was holding a drive while the other was holding a clipboard. I was immediately called into the boss's office.

He told me the drives on the production server failed during the weekend, resulting in the loss of the data. He then asked me where I got the drives from for the Dev server upgrade. I told him that they came from one of the inactive systems on the shelf. What he told me next through the deafening screams rendered me speechless.

I had gutted the drives from our backup server that was just set up the week prior. Every Friday at midnight, it would turn on through a remote power switch on a schedule, then the system would boot and proceed to copy over the production server's files into an archive for that night and shutdown when it completed. Well, that last Friday night/Saturday morning, the machine kicked on, but guess what didn't happen? The files weren't copied. Not only were they not copied, but the existing files that got backed up previously we're gone. Why? Because I wiped those drives when I put them into the Dev server.

I would up quitting because the conversation was very hostile and I couldn't deal with it. The next week, I was served with a suit for damages to this company. Long story short, the employer was found in the wrong from emails I saved of him giving me the task and not once stating that machine was excluded in the inactive machines I could salvage drives from. The company sued me because they were being sued by a client, whose entire company presence was hosted by us and we lost the data. In total just shy of 1TB of data was lost, all because of my mistake. The company filed for bankruptcy as a result of the lawsuit against them and someone bought the company name and location, putting my boss and its employees out of a job.

If there's one lesson I have learned that I take with the utmost respect to even this day, it's this: Know your infrastructure front to back before you change it, especially when it comes to data.

Customer: why 1 router cost so much? I can buy 3 normal routers with that.

Me: this has security features and functions that 3 of those routers put together combined could not do. Then you will still need to buy firewall for security. Why have more devices and have more possible points of failure when u can have 1?

Customer *keeps quiet*

Me: numbers is not important. Having 5 normal parachutes during skydiving doesnt guarantee u better safety than 1 good reliable parachute.

My company earned $700 profit for that sale today. 😂

Years ago we had a visit from a startup company developing a firewall and I got the chance to talk with one of their devs.

He explained the subtleties of security holes in websites and after I said something about our site being secure thanks to being behind a firewall he gently asked what would happen if he entered a specially crafted test into one of the text fields ... and he gave an example ...

I got a chill, went back to my seat and traced what it would do ...

That was when I learned about sql injection and his example would have killed the DB :/

Before going home I designed a way to secure the input which I then refined over a few days.

We still use that today after 17 years.

That one single sentence really showed to never be to proud of our security and I realized how vulnerable our site was.

A human cell has 75MB of DNA information, a sperm cell has half A human cell has 75MB of DNA of it 37.5MB, a milliliter of semen has 100 million sperm cels, on average, a ejaculation lasts 5 seconds and has 2.24 milliliters of Semen.

That means a man is able to produce: 37.5MB x 100,000, 000 x 2.25/5 = 1.687.500,000.000.000 bytes/sec 1,6875 Terabytes/sec;

That means a ovule is able to recive a dDOS attack of 1,6 terabytes per second and only lets one package pass, making it THE BEST FIREWALL IN THE WORLD

Worst security ever?

Happy new year!
If you feel alone tonight, read your firewall logs.

"Well, in my custom made JVM, I can indeed create instances of interfaces. At least on the OS, I wrote"

CAN YOU PLEASE STOP BEING SO GOD DAMN VERYSMART WHEN I HAVE TO DO A GROUP PROJECT WITH YOU? Your code is as shitty is your attitude is. Just admit it and don't fuckin redefine the principles of objectorientation so it fits in your incompetence.
You are literally the reason why Have is known as "slow and ugly"

Also fuck you for saying "nooo I can't contribute to the project, because my freaking firewall blocks got". I don't fuckin care and in the 4th semester, and as a guy who created his own freakin jvm, you should be able to fix that, fucker!

You are the cancer of the CS classes. You think you are a good student because you are good at gaming and don't have a girlfriend. FUCK YOU for making me look like a pretentious nerd, if I say that I study CS.

FUCK YOU!

Mother of god.

I spent hours and hours last week to try and get OpenVPN working. I mean, OpenVPN is working perfectly fine (on a VirtualBox (nope no vmware for me on servers) machine on a friends' dedicated server) but it wouldn't get through! As in, every forwarding/firewall rule just didn't work.

Was seriously about to lose my shit just now when I suddenly noticed the term 'TCP' in a forwarding rule.

Looked at the .ovpn file: proto udp

I added the exact same rule for UDP as a forward within VirtualBox.

It worked.

Well, there goes quite some hours 😐

And solely because I didn't realise that I setup a forwarding thingy for the wrong protocol.

I feel very stupid now :(

Work in a company where Github, StackOverflow, Slack is Blocked by a Firewall and Develop code which they think are futuristic but of Stone age :-(

enabling firewall on a vps to secure my docker containers and forgetting to add openssh to allowed list --> ssh blocked 😃🔫

DevRant works in china! 👌🏼
Honestly though it's been quite fascinating watching the great firewall of china actively filter most things I try to do.

Credits to creditor.

Who needs a firewall when you have a kitten

Last weekend I witnessed the most infected computer I have ever seen in my life...

I went on a private party. A girl had her laptop plugged to the speakers to play some music. This thing was literally 99% cancer. The first thing I noticed, when I looked at her opened browser, was that nearly half the screen was taken by toolbars. Also any popular website you could visit had additional ads INJECTED into it. The fist 10 YouTube search results: always porn. No idea how that didn't make her suspicious.

Precisely every 10th click (anywhere not only in the browser) would open up a window with either more ads or an aggressively blinking message saying: "A virus has been detected on your machine. Click here to download our antivirus programm. You have 60 seconds left before your firewall breaks!!!".

Also physically this device was on the edge of completely broken. The power supply had to be taped to the socket because it was so loose. Every little jiggle would immediatly shut the system down and Windows had to be completely reinstalled (which of course didn't solved any of the "software issues").

First I wanted to use that laptop to show some friends a new web project of mine but this thing probably would have DDoSed the shit out of my recently finished work or something.

I couldn't decide if I should laugh or cry...

I thought this launch (security/privacy blog) would go smooth:
- analytics fell, except for one thing, apart for yet unknown reasons
- MySQL came with a very weird error which took me like half an hour of research before I hacked my way past it.
- the firewall started to fuck around for no reason, works now though.

Nginx worked without issues though, as well as NetData 😅

Yeah, didn't go as planned :P

When I'm on call and its weekend, I'm often a little nervous the entire weekend and time seems to go slow.

Programming on the dns proxy/firewall now and time is suddenly going quite faster.

This is a damn relieve.

*receive candidate profile from HR*
Give it a quick read, spot a link to a site the dev made for a clothing company.
*click*
*get blocked by the company's firewall*

mfw the sysadmin now thinks i'm shopping lingerie during work hours.

Start a development job.
Boss: "let's start you off with something very easy. There's this third party we need data from. They have an api, just get the data and place it on our messaging bus."
Me: "sure, sounds easy enough"

Third party api turns out to have the most retarded conversation protocol. With us needing a service to receive data on while also having a client to register for the service. With a lot of timed actions like, 'send this message every five minutes' and 'check whether our last message was sent more than 11 minutes ago'.
Due to us needing a service, we also need special permissions through the company firewall. So I have to go around the company to get these permissions, FOR EVERY DATA STREAM WE NEED!

But the worst of it all is... This whole api is SOAP based!!

Also, Hey DevRant!

devRant - securing our users webcams and microphones since 2016

As long as devRant lives, your firewall is useless.

So I did a rookie mistake this week. Connected a webapp for a client using Nginx and installed the SSL cert for the site. I decided to activate the firewall of the server because hey security. All was well. Went home feeling like I am the shit.

Next day I find out I can't log in to the server over ssh. Only to find out that I had forgotten to allow SSH through the firewall.

I had basically locked myself out of the server. 😞

*tries to SSH into my laptop to see how that third kernel compilation attempt went*
… From my Windows box.

Windows: aah nope.

"Oh God maybe the bloody HP thing overheated again"
*takes laptop from beneath the desk indent*
… Logs in perfectly. What the hell... Maybe it's SSH service went down?

$ systemctl status sshd
> active (running)

Well.. okay. Can I log in from my phone?

*fires up Termux*
*logs in just fine*

What the fuck... Literally just now I added the laptop's ECDSA key into the WSL known_hosts by trying to log into it, so it can't be blocked by that shitty firewall (come to think of it, did I disable that featureful piece of junk yet? A NAT router * takes care of that shit just fine Redmond certified mofos).. so what is it again.. yet another one of those fucking WanBLowS features?!!

condor@desktop $ nc -vz 192.168.10.30 22
Connection to 192.168.10.30 22 port [tcp/ssh] succeeded!

ARE YOU FUCKING FOR REAL?!

Fucking Heisen-feature-infested piece of garbage!!! Good for gaming and that's fucking it!

Edit: (*) this assumes that your internal network doesn't have any untrusted hosts. Public networks or home networks from regular users that don't audit their hosts all the time might very well need a firewall to be present on the host itself as well.

Win Firewall

Finally got my new VPS details.

It's very funny to login to your vps from your phone and install a firewall instead of doing it from a bigger screen!

Also the time just went scarily fast while doing that O_o

So this happened a few days ago. I always want to root my smartphones for that little bit more control.

*Put's new smartphone into fastboot mode*
*Tries to flash root zip onto it*
"You have to OEM unlock the bootloader first"
*OEM unlocks the bootloader*
*Tries to flash but fails*
*Tries to reboot*
Phone: "The bootloader has been tampered with, the device will boot in 5 seconds".
*Screen just hangs there for ages*
FUCK.
*Tries to enter fastboot again to OEM re-lock the bootloader*
*Fastboot appears to startup RIGHT AFTER THE FUCKING ERROR MESSAGE so can't boot into that anymore*.
FUCKING FUCK.
Hmm... TWRP is still installed...
*Tries to flash some stuff through TWRP*
"The zip file you are trying to flash is corrupt".
FUCK MY FUCKING LIFE.
*Connects phone to Linux for adb flashing*
*Nothing happens after half an hour of trying*
*Connects phone to ancient windows 7 laptop*
*Laptop doesn't even RECOGNISE the phone although all drivers are installed*.
*Le me about to completely lose my fucking mind*
*Connects phone desperately with Linux again*
*Phone is recognised right away but the SPL flash tool can't detect it*
*Tries to put it into fastboot again*
*Fails for about an hour*
*phone in charging mode again*
*Presses the power button for a last, desperate attempt*
*SPL flash suddenly recognises the phone*
FLASHING
FLASHING
FLASHING
DONE.
*Android boots again like nothing happened*

I can use it again like normal but the No-Root firewall is draining my battery like crazy.
That was one hell of a journey though!

This gif explain how does window firewall works

The truth about javascript is it is evil. I almost invariably disable it, even on sites I trust just on principal.

Reasoning is simple: If you were tired of your customers subverting your attempts to mine their data with javascript what's the answer? Deliver content with javascript because then they have to enable it.

So if you're developing with a JS framework that opens its own network connections and retrieves content, or to put it more simply if your website does not work without scripts running, figure something else the hell out. Because when you're all alone and I'm president, JavaScript content delivery will be made illegal. We're going to build a firewall.

And Web Assembly, don't get me started. Granted if somebody told me to fix the problems with the current web technology stack I can almost guarantee that I would have come up with Web Assembly, that doesn't make it ok just because it's the logical conclusion. You bet your sweet ass that the main reason companies are excited about it is because now the protocol for accessing the internet just isn't text readable any more. It's a great new tool for taking advantage of and abusing users because they'll be even more ignorant of your transgressions and even more helpless to stop them.

Look the web architecture we have now isn't great, but at least we can do things like use the dev tools to remove the adblocker-disable-begging, and disable javascript, and disable styling if it's broken. It's totally at our fingertips every time we open a web page, and if we're being taken advantage of, we can do something about it.

The way I look at things, the people that are coming up with these frameworks are like the people who invented the atomic bomb. It's technology that has the potential to do good, but has the greatest potential for evil. It makes me crazy that nobody has even considered this.

Dev(null networking knowledge): -"i've already deployed the web but it isn't up."

Boss(strong networking skills): Found port 80 blocked.
-Option A: open port 80.
-Option B: disable firewall.
Choose option B.

Me:😐(poker face)

Um.. yea I've published a GDPR contact email on our website, for issues about our privacy policy. Not sure if you Chinese marketing fucks behind the GFW know what this regulation is about though. I'm not interested in your stupid moulds.
Perhaps that firewall of China could use some further tightening... 😒

IPod didn't sync well on my Linux machines so decided to give windows - in a highly isolated environment disconnected from the Internet behind a firewall and sandbox - a shot with itunes.

- during the installation it wouldn't detect the fucking harddrive multiple times (genuine unlicensed copy) and after the 4-5th time it's random-fuckingly recognized out of fucking nowhere; I didn't change shit.
- crashes (blue screen and freezes) multiple times during the installation, multiple retries and suddenly it works(?!)
- it took about 10 minutes (!!!!!!!) to install 10+ drivers for an iPod and an external hdd:
Installing Apple iPod drivers... Done
Installing seagate drivers... Done
Installing apple iPod drivers... Done
Installing seagate drivers... Done
Installing Apple iPod drivers... Done
Installing seagate drivers... Done
Installing Apple iPod drivers... Done
Installing seagate drivers... Done
Installing Apple iPod drivers... Done

WHY INSTALL THOSE FUCKERS 5 FUCKING TIMES?!

- iTunes installation fails multiple times without error code (unknown error occured, restoring to original state...),just said fuck it and clicked the shortcut after the ***th fail and it works just like this, THANKS FOR NOTIFYING ME (NOT)!
- iTunes has to restore the entire ipod, this was done with iTunes in the store I bought it already, thanks for nothing.
-restore takes 30+ minutes?!
-syncs the iPod 3 times afterwards.

*clicks close button*
*are you sure you want to quit? Sync in progress*
*oh shit, cancels*
*itunes quits*
*?!?!?*

*tries to import media library*
*seagate hdd suddenly not detected*

I'm fucking tired of this bullshit, windows and iTunes can go die in a fucking corner after getting ass raped while their genitals are being scraped off layer by fucking layer and dipped into fucking acid.

Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.

That time when...

He wrote a social media network with end-to-end encryption before it was cool.

He wrote custom 64kb encryption for his academic HDD.

He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.

He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).

He used only hashes of passwords as passwords (which isn't actually good).

He kept a drill on the desk ready to destroy his HDD at a moments notice.

He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.

He set up a new email account for each individual online service.

He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).

He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).

He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).

He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.

He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.

He bought a burner phone to visit the capital city.

He bought a burner phone whenever he left his hometown come to think of it.

He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).

He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.

(You might be noticing it's all he's. Maybe it is, maybe it isn't).

He ate a sim card.

He brought a balaclava to pentesting training (it was pretty meme).

He printed out his source code as a manual read-only method.

He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).

He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).

He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.

I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.

I’ve started the process of setting up the new network at work. We got a 1Gbit fibre connection.

Plan was simple, move all cables from old switch to new switch. I wish it was that easy.

The imbecile of an IT Guy at work has setup everything so complex and unnecessary stupid that I’m baffled.
We got 5 older MacPros, all running MacOS Server, but they only have one service running on them.

Then we got 2x xserve raid where there’s mounted some external NAS enclosures and another mac. Both xserve raid has to be running and connected to the main macpro who’s combining all this to a few different volumes.

Everything got a static public IP (we got a /24 block), even the workstations. Only thing that doesn’t get one ip pr machine is the guest network.
The firewall is basically set to have all ports open, allowing for easy sniffing of what services we’re running.

The “dmz” is just a /29 of our ip range, no firewall rules so the servers in the dmz can access everything in our network.

Back to the xserve, it’s accessible from the outside so employees can work from home, even though no one does it. I asked our IT guy why he hadn’t setup a VPN, his explanation was first that he didn’t manage to set it up, then he said vpn is something hackers use to hide who they are.

I’m baffled by this imbecile of an IT guy, one problem is he only works there 25% of the time because of some health issues. So when one of the NAS enclosures didn’t mount after a power outage, he wasn’t at work, and took the whole day to reply to my messages about logins to the xserve.

I can’t wait till I get my order from fs.com with new patching equipment and tonnes of cables, and once I can merge all storage devices into one large SAN. It’ll be such a good work experience.

What if Donald Trump (or Drumpf :|) was a developer

"I will make PHP GREAT again"

"I will KICK OUT all NODEJS developers from the office premises"

"I will install a FIREWALL in my system so my colleagues cant access anything "
But sir this is not how it works, besides its very impractical
"And my colleagues will PAY for it"

😉😁😁

So after fucking around with trying to setup pi-hole to block avatars in devrant, so I could just use it instead of a no-root firewall and accidentally deleting the devrant app data, I discovered this little option, let's pretend it was never there 🙄

A friend of mine (who is French) has made a little firewall for Windows (idk why).
He sends me the binary, so I tested it and got around it fairly easily.
Replied to him: "I have a nice name for it: Maginot line"

for 2019 I want to be the very best dev
that no one ever was
to code them all will be my test
debugging is my cause
I will travel across the net
searching wide on tor
each singleton to understand
the power of the code

devmons its you and me
you know its our destiny
devmons
you're my best friend
and our firewall will stand
Devmons!

I starten when I was 12 years old. I got bullied and got interested in computers. One day I crashed my dads computer and he reinstalled it. After that my dad made two accounts. The regular user (my account) and the Administrator user (my dads account). He also changed the language from Dutch to English. Gladly I could still use the computer by looking at the icons :')

Everytime I needed something installed I had to ask my dad first (for games mostly because there was no cable internet at that time). Then I noticed the other user account while looking over my dads shoulders. So I tried to guess the password and found out the password was the same as the label next to the password field "password".

At that point my interest in hacking had grown. So when we finally got cable internet and my own computer (the old one) MSN Messenger came around. I installed lots of stuff like flooders etc. Nobody I knew could do this and people always said; he is a hacker. Although it is not.

I learned about IP-address because we sometimes had trouble with the internet. So when my dad wasn't home he said to me. Click on this (command prompt) and type in; ipcondig /all. If you don't see an IP-address you should type in; ipconfig /renew.

Thats when I learned that every computer has a unique address and I started fooling around with hacking tools I found on internet (like; Subseven).

When I got older I had a new friend and fooled around with the hacking tools on his computer. Untill one day I went by my friend and he said; my neighbor just bought my old computer. The best part was that he didn't reinstall it. So we asked him to give us the "weird code on the website" his IP-Address and Subseven connected. It was awesome :'). (Windows firewall was not around back then and routers weren't as popular or needed)

At home I started looking up more hacking stuff and found a guide. I still remember it was a white page with only black letters like a text file. It said sometime like; To be a hacker you first need to understand programming. The website recommended Visual Basic 6 for beginners. I asked my parents to buy me a book about it and I started reading in the holliday.

It was hard for me but I really wanted to hack MSN accounts. When I got older I just played around and copy -> pasted code. I made my own MSN flooders and I noticed hacking isn't easy.

I kept programming and learned and learned. When I was 16/17 I started an education in programming. We learned C# and OOP (altho I hated OOP at first). I build my own hacking tool like "Subseven" and thats when I understood you need a "server" and "client" for a successful connection.

I quit the hacking because it was getting to difficult and after another education I'm now a fulltime back-end developer in C#.

That's my story in short :)

The last time I tried to root my phone, every method failed. Today I said fuck it. Either I'll brick my device or it works but fuck not having root access on my own fucking device.

It worked! I've got Xposed (😍) back and can finally run a root firewall and XPrivacy again 😍

Windows Firewall in a nutshell.

I just installed a firewall on my phone and immeasurable Facebook asked to Access the internet.

The thing is, Facebook is disabled through my apps settings anyways.

Always satisfying when clients say our API doesn't work and it's shit, only to find out their firewall prevented external calls.

Apparently the firewall at work has blocked access our git repo since there are too many consecutive requests to it.

China tried to censor the internet and they failed.
EU approves article 11 & 13 and everything is now blockee in EU.

China should learn from EU parliament on how to censor the internet without the need of any firewall

why great firewall of china??

TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern

Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.

Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.

Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.

An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.

After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.

The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.

It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”

At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”

Facepalm.

Some years ago I was in cyber security in the military being shown some new tech for our use. Was challenged to try and get past it after being explained it's basics. Took me one long line in Linux about 10 seconds.
Anomaly detection firewall with machine learning seemed like a good idea.
Setting it to aggressive response and then change the package header to the firewall's own address however made it kill itself.

We didn't deploy that firewall that I know of.

Today the IT deparment update the firewall's configuration, they blocked almost every website except email and Google.
The problems:
- Blocked some systems outside the organization, there are in another building and also network
- I can search on Google but I can't see the results outside Google
- Forget about download depencies, libraries, deploy code to outside services, search at StackOverflow

I JUST WANNA SAY GOOD JOB, GUYS

PS: The firewall also block the SSH port, I had explained to my boss and he sent a request for allowing the port, so far no answer

Update on my quest for encryption!

For the (large number) people that don't know, I want to use encryption for (almost) everything / actually give a shit about internet privacy... And I want it done by 2018.

So.. here is my progress so far:

I have signal
I now have an @tuta.io email.
I have a complex, long password.
I am using blankslate.io instead of Google docs (except for school)
I run important stuff through Tor or a VPN or both
I have a firewall running on Android.

Any more suggestions on what to do or things to change??

(@linuxxx)

Saw this today, window firewall came to mind...;)

Changed Firewall settings on remote server. Forgot to open ssh... 😑

My first times today:
First time a droplet on Digital Ocean.
First time Nginx.
First time trying to separate mail and website servers.
First time using UFW firewall.
First time Ubuntu webserver.
First try all alone configuration of my webserver.
First time installing all the stuff I need on my own, like MySQL, PHP and so on.
First time only SSH access from the beginning.
First time deployment from bitbucket.

Do you have any advise what I should think about. Or what software I will need. Or what I should think about.

Worst one I’ve seen so far is when I was working for my previous community another developer joined to help me, without the permission of me or the other lead developer he pushed a client-side update. We didn’t think it was a big deal, but once we began reviewing the code it became a big deal... he had placed our SQL credentials into that file that every client downloads. All the person had to do was open the file and could connect to our SQL which contained 50k+ players info, primarily all in-game stuff except IPs which we want to protect at all costs.

Issue becomes, what he was trying to do required the games local database on the client-side, but instead he tried connecting to it as an external database so he decided to copy server-side code and used on the client.

Anyways, the database had a firewall that blocked all connections except the server and the other lead dev and myself. We managed to change the credentials and pull the file away before any harm was done to it, about 300 people had downloaded the file within an hours period, but nothing happened luckily. IP to the DB, username, password, etc, were all changed just to keep it protected.

So far this is the worst, hopefully it doesn’t get worse than this :/

!rant

Symantec anti virus flagged Windows Defender Definition as untrustworthy lol

After being in China for one week,I realized how much I actually use Google during the day.don't know how they do this but even using a VPN is not a solution most of the times :-? At least devRant is not blocked here;)

Fucked!

I have got my cyber security exam tomorrow morning and i just got a call from a client to make some urgent changes to his site.

To add to it, i already wasted around half an hour becoz GoDaddy Plex somehow decided to block my own IP in the firewall.

And now I am on devRant.

Crap. I am fucked!

This one was probably last week of my highschool education so everyone including myself were drunk as fuck like 90% of the time.

Came home drunk one evening and woke up in the morning with a working keylogger waiting to be deployed on school computers. Apparently I've even implemented FTP upload, some basic firewall bypasses and autostart feature. Everything was actually quite good, excluding my stupidness to upload captured data on server through FTP, but there was anyways no-one smart enough in that school to decompile a Windows executable binary.

What's more interesting is until that moment I've never written anything remotely so complicated - I was doing examples from the book and didn't think I have enough knowledge to make program that has any real life application.

After that day it started coming to me that one day I could actually earn for life with programming.

Wth??

I recently started my first job at a small place and on the first week they gave me access to the firewall server because they wanted me to implement a VPN service. It could have gone worse, the network was only down for 10 minutes.

Waiting for EU great firewall.

Some years ago our company site was hosted by a prick who knew nothing and started to pretend the server got a virus or whatever.

I tested their server and figured out they did not have any firewall policies going on like mitigation of ssh brute force.

It was at this time I learned about SYN flood, and boy I flooded that port 80 of them.

The company site went down for as long as I wanted.

It was great because now we manage it in house and never had a problem anymore.

Had devrant whitelisted on the company firewall.

Say goodbye to my productivity ^^

Managed to make myself look like a fucking moron again today...

Can't mount NFS share, get "permission denied". Huh, that's weird... It's correctly exported.

Well it's correctly exported and rpcinfo -p $HOST times out... Must be firewall rule.

Firewall rule is changed but still no joy "permission denied"... Fuck sake networks, can't you do anything right first time?!!!

Firewall rule is correct I am reliably informed... Go about proving that it's not fucking correct and provide "evidence" to show this, I was a little bit more blunt than was strictly required.

Networks say they will take another look.

I turn NFS logging to verbose for my own interest and notice the line "path/to/directory is not a valid directory".

I, as a moron, had missed a "/" at the start of the path. That's why I still couldn't mount after the firewall change.

Go over and apologise in person and explain how I'm a total idiot.

I was debugging my UDP server and client for 3 hours until I realized our school network has a firewall which blocks my connections.

So... Intense pillowtalk with the wife the other night regarding the coming enforcement of the new General Data Protection Regulation (GDPR) law in the EU after a while turns into nerdy dirty talk.

Me: *Whisper in a sleazy voice like the dirty malware that I am*: So... Why don't you just open up all your inbound firewall ports for me...
Her: Hell no... But I might just make an exception in the private domain just for you...

//little Story of a sys admin

Wondered why a Server on my Linux Root couldn't build a network connection, even when it was running.

Checked iptables and saw, that the port of the Server was redirected to a different port.

I never added that rule to the firewall. Checked and a little script I used from someone else generated traffic for a mobile game.

OK beginn the DDoS Penetration. Over 10 Gbit/s on some small servers.

Checked Facebook and some idiot posted on my site:
Stop you little shithead or I will report you to the police!!!

Checked his profile page and he had a small shitty android game with a botnet.

Choose one:
1. let him be
2. Fuck him up for good

Lets Sudo with 2.

I scaled up my bandwith to 25 Gbit/s and found out that guys phone number.

Slowly started to eat away his bandwith for days. 3 days later his server was unreachable.

Then I masked my VoIP adress and called him:

Me: Hi, you know me?
He: No WTF! Why are you calling me.
Me: I love your're game a lot, I really love it.
He: What's wrong with you? Who are you?
Me: I'm teach
He: teach?
Me: Teach me lesson
He: Are you crazy I'm hanging up!
Me: I really love you're game. I even took away all your bandwith. Now you're servers are blocked, you're game banned on the store.
He: WHAT, WHAT? (hearing typing)

Me: Don't fuck with the wrong guys. I teached you a lesson, call me EL PENETRATO

He: FUCK Fuck Fuck you! Who are you???!!! I'm going to report you!
Me: How?
He: I got you're logs!
Me: Check it at Utrace...
He: Holy shit all around the world

Me: Lemme Smash Bitch
*hung up*

When the company you work for decides to install a new firewall and the firewall service recognizes stack overflow as a forum site and blocks it.... :/

So my colleague is listening to alot of Music and je always stomp the floor when he does - I really hate it.

I have created a nice firewall rule that blocks spotify, Youtube and all video and Music to his user and phone ever 5 minuter for 2 minutes.

curl some.url

Can't connect to server.

Try some.url on the browser

It works.

curl some.url

Can't connect to server.

Google the problem

"Maybe you got the URL wrong"

(Sigh. Perhaps it's a firewall thing.)

Switch to tethering

Can't connect to server.

(This is going to be a long day.)

Merriott got hacked. I know the head (and only) tech at a local hotel/resort that just got bought and turned into a Margaritaville, so I checked in with him to see if he needed any help or advice or anything, and he said he hasn't slept since the attack and probably won't for another week. Everything's on lockdown, he's been staring at the firewall monitor and public PC feeds for like a week straight...

God, I feel bad for this man.

I was called back into work last night at 4 a.m.

(L)user - *anony* I’m sorry to wake you but I’m needing on the internet and I can’t get out.

**Just installed a new firewall and I haven’t had time to get a trusted cert pushed through**

Me - alright I’ll be there in a second.

After rolling my sweet ass out of bed and getting here, I get her through and leave. When I get back to my house I realize I’d forgot my fucking keys... I come back and the bitch has her computer shut down reading a book and isn’t even using the internet...

Me - I thought you needed on the internet, whys your computer shut down...?

Her - Oh, I don’t need it right now, I was just having trouble getting on is all.

FUCK YOU, YOU FUCKING FUCK! This is the SAME fucking (l)user that somehow managed to get the fucking toner stuck backwards in a printer. It’s the same girl that has called me in the past at late hours and requested that I move a chair from one patient room to the other. A fucking chair. I’m not in the maintenance department... so first, you’re calling the wrong department and second; the time it took you to call me you yourself could have fucking done it. She didn’t like the way that call ended.

Although partially my fault, if I would have finished everything I wouldn’t have had to get up but shit... this fuck still deserves a chair to the fucking face.

College firewall blocks ssh traffic :/ Can't use github :(

Demoing an app for a client which uses google maps api and has worked great up to this point. It fails because the company firewall is blocking all of Google all of a sudden.

So... did I mention I sometimes hate banks?

But I'll start at the beginning.

In the beginning, the big bang created the universe and evolution created humans, penguins, polar bea... oh well, fuck it, a couple million years fast forward...

Your trusted, local flightless bird walks into a bank to open an account. This, on its own, was a mistake, but opening an online bank account as a minor (which I was before I turned 18, because that was how things worked) was not that easy at the time.

So, yours truly of course signs a contract, binding me to follow the BSI Grundschutz (A basic security standard in Germany, it's not a law, but part of some contracts. It contains basic security advice like "don't run unknown software, install antivirus/firewall, use strong passwords", so it's just a basic prototype for a security policy).

The copy provided with my contract states a minimum password length of 8 (somewhat reasonable if you don't limit yourself to alphanumeric, include the entire UTF 8 standard and so on).

The bank's online banking password length is limited to 5 characters. So... fuck the contract, huh?

Calling support, they claimed that it is a "technical neccessity" (I never state my job when calling a support line. The more skilled people on the other hand notice it sooner or later, the others - why bother telling them) and that it is "stored encrypted". Why they use a nonstandard way of storing and encrypting it and making it that easy to brute-force it... no idea.

However, after three login attempts, the account is blocked, so a brute force attack turns into a DOS attack.

And since the only way to unblock it is to physically appear in a branch, you just would need to hit a couple thousand accounts in a neighbourhood (not a lot if you use bots and know a thing or two about the syntax of IBAN numbers) and fill up all the branches with lots of potential hostages for your planned heist or terrorist attack. Quite useful.

So, after getting nowhere with the support - After suggesting to change my username to something cryptic and insisting that their homegrown, 2FA would prevent attacks. Unless someone would login (which worked without 2FA because the 2FA only is used when moving money), report the card missing, request a new one to a different address and log in with that. Which, you know, is quite likely to happen and be blamed on the customer.

So... I went to cancel my account there - seeing as I could not fulfill my contract as a customer. I've signed to use a minimum password length of 8. I can only use a password length of 5.

Contract void. Sometimes, I love dealing with idiots.

And these people are in charge of billions of money, stock and assets. I think I'll move to... idk, Antarctica?

Need help!

Any Simon Sinek followers here?

I am planning to send an e-mail to my employer (one of the richest man in the world) with some YouTube links of Simon's talk.

Asking him to implement the concept in the company so I and others around can live a happy life and that will also benefit the organisation earning him more wealth.

I am looking for a way to send an anonymous e-mail where they cannot track me and e-mail should be able to get through the firewall.

Any ideas on how to achieve this?

So firewall blocks internal demo 🤗 ohwell

I would like to know some of you guys most used/preferred apps that you have been using it for long time or you will install them immediately after purchasing new phone/ formating/ installing custom ROM.

List them down if you feel like it, maybe some of them can be helpful to us. Here's mine list.

P.S. Apart from devRant

- ES file Explorer
- NoRoot firewall
- flynx
- greenify
- orbot
- Wunderlist
- medium
- xda labs
- Nova launcher

Gosh ! I'm a genius !
- Working on a Sysadmin school project
- configuring the firewall
- looking myself out
- beg my teacher for reinstall
Fml right now ...

I generally don't whine about Windows...

So, I shut my computer down last night, I thought. But no. A rare OneDrive prompt prevented the shutdown. I don't use OneDrive. I've even tried to remove it, but it just keeps popping up.

Other programs stopped just fine though, such as my firewall.

A little background:
One thing I do is teach programming to kids. Normally it goes very well, but the past month and a half, I've had a class that has some extreme issues because of the school network. We're basically unable to do anything relevant to class because of their network firewall.

New boss starts asking me to get this resolved today. Which I've been trying to do now about five weeks. I told her, at this point our best bet is to just offer a refund if we ever want to have a class there again. She sent my suggestion that we refund this whole class to the CEO. This should get interesting.

The one thing I have on my side is my other boss sent out a company email talking about how I'm an example in a certain regard. Let's hope this supplies balance. But, I kind of doubt it...

Is this what's called a firewall?

Why the fuck do I have to work with Windows? AND WHY THE FUCK DO I NEED TO RESTART 3 TIMES TO GET ACCESS TO THE INTERNET? AND... WHY THE FUCKING FUCK IS EVERYTHING 7000 TIMES SLOWER WHEN I PUT MICROSOFT DOMAINS IN MY ROUTER FIREWALL?!

Identified the origin of the DDoS attack. Apparently, the person was just hopping through 3 IPs so looked like a targeted attack likely from a competitor. I sent the logs with incident notification to the abuse@hostprovider.com to ask them to suspend them.

Got a prompt response but took them a week to suspend this.

We were a very small team and had to stop everything to fix this-iptables and firewall etc.

We had not even launched the product and was still under development.

Ever had that frustrating moment that the customer overreacts a small issue into a big issue? Just happened to me today.

Client: "Hey can you check why we are not getting any software update/patches to our firewall?"
Me: "OK. Lemme check"
** Checking **
Me: "I found that its not getting the latest updates because the license file registered has a product serial # mismatch with their support site. You can see it clearly here..."
Client: "THAT'S TERRIBLE!! QUICK!! MAKE IT A PRIORITY 1 ISSUE AND HAVE IT RESOLVE ASAP!!!"
Me: *Facepalm*

Back when I started my career (12 months ago lol), I was in IT support. Having to deal with people who have hard times locating and reading off a sticker, let alone telling me their IP adress, only to realize it's the whole store that's offline, not only their PC (gosh do they ever talk with each other). So I decided to code a small tool that shows your hostname and IP adress, and pings the router, firewall and Google DNS. Aaand just in case the number for the IT hotline. Plan was that we could just tell them to double-click on that one icon on their desktop and read out what it says. We deployed it and I was happily waiting for it's time to shine (still a trainee I was also kinda proud of it), but when the network engineer found out, he wasn't happy about it at all. He was afraid too many people would open that new tool without us telling them to do so and/or forget to close it, producing a number of pings to the router, firewall and google. He went on about Google maybe blocking our IP if we produce too many pings and so on.
In my opinion he was kinda overreacting, but he wasn't that wrong and is a nice guy and responsible for our network, so we recalled the tool and never actually used it.

My school has blocked GitHub on it's internet network. Doesn't bother me much, since I always use a VPN on public networks, but I wonder why they would block github, but not stackoverflow...

"Our central servers firewall has been breached" - Doesn't even work on a server or anything, just his laptop

"How many proxies do we have left?"

"Around 10.200"

I don't take responsibility for any brain damage

Every TV show/movie with a hacking scene....
Person trying to hack: I'm unable to get through their firewall.
Boss : Then hack HARDER.
Hacker: Thanks for the advice boss! I'm in!

The networking closet I had the pleasure of working in most of last night. That's all very loud, very warm air compressors at the bottom, and the switch, firewall, and modem up near the top. And all they had was a small step stool...

Me as a sysadmin, and the devs approach with this:
hey "Linux", they network is stupid, the firewall is blocking the trafic from server1 to server2, pls fix.

The servers are on the same subnet with no firewall, so I log in to the servers and find out that their programs is not running.

This is something I deal with every day

This was a long time ago, when I was working part time in my uni helpdesk. as part of the uni IT service, they offered ISP services at the dorms. It was cheap, and fast. This essentially allowed students living in the dorms to connect thier personal computers to the uni LAN. Then one day...
An ARP poison malware infected some of those computers. An arp poison attack is simple (look at ettercap) - it redirects network traffic via the affected computer, and adds malware to webtraffic to infect more computers. One of these on a network is bad enough, but when there more then one... traffic was redirected a lot. this caused the Dorm switches to collapse under the load. Fun times to work at the helpdesk...
The IT guys came up with a solution for this: they blocked the arp poision attacks at the firewall, and then disabled the switch port for the infected computer for 24 hours. so, when someone called with 'I have no internet!', we told them to bring us the computer, and installed an AV on it.
3-4 month the problem was cleared.

A client's site got malware infected, so we decided to remove everything and replace the site with a fresh WordPress installation (very basic site with 4 pages of content).

Contacted iPage live support asking them to check and unsuspend the account (with no files on it), but they kept on insisting that I buy their "firewall" and "SiteLock" services, with zero reply related to suspension. I've had live chat with many other hosting companies, never had such a lousy fucked up conversation. Without providing technical support, they keep marketing their useless expensive services. Fuck you iPage, you just lost a customer.

When the server firewall is not enough, and look out for "Web application firewall".

Nginx + Mod security

Just wow

When you walk in at work in the morning, hoping for a quiet Friday at work, but nope. I check our WP monitoring and see that half our sites aren't responding. Well fuck. Turns out that the firewall service we use to protect our sites experienced a massive DDOS attack. So the service we use to keep our sites safe ironically caused downtime. Me, our Devopser and another dev spent the entire morning bringing the sites up again and bringing the customers up to date. FFS, I need more coffee.

When you ask your infrastructure admins for a firewall rule and you are very specific. They say that you don't need it... you troubleshoot for 2 hours then argue with them for 5 hours. Then they add the rule and it works. I want to punch someone right now and have a beer. FML!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Was talking to a cousin of mine who's a priest and who spent 10 years in the Vatican, apparently they have 2-3 servers devoted specifically to acting as a firewall processing the data coming in and out of its network and it's a continuous stream of people trying to hack it, like think it would be pretty cool to see what way they have to whole thing set up, might see if he could take me on a tour (might even get a look at the private archives, though apparently it's mainly boring letters about popes meeting their mother and stuff

I hate IT managers, how on earth some become ant form of manager is beyond myself.

I have a server with a hardware firewall. A client, based in the UK, with French offices is saying the server blocking their new French IP. I white-listed their IP address, still no luck.

That was a week ago.

After 4 international phone calls and nearly 30 emails I resolved the "issue".

Their so called "IT Manager" sent over the wrong IP. Instead of it starting with 46.* he sent over an IP starting 42.*, which was in fact being correctly blocked.

Suffice to say I charged the client a lot of money for the wasted time and international rate calls.

Fucking windows
I just had to setup a simple point to point network via Ethernet wire on two machines
- one running windows 7 and the other the 10
- scenario:
1- connect the wire
2- setup the ip address for the first machine
3- setup the ip address for the second machine
4- ping the first machine from the second one: (unreachable host)
5- check the fucking firewall state on both machines
6- redo 1 to 4 about 3 times: (unreachable host)
7- I decide to test with my machine and ping my machine works. (but the inverse don't work)
8- redo 1 to 3
9- start a web server with php and it works (the ping still not working)

the fucking ping is not working

Corporate IT blocks all network traffic, whitelists port 80 and 443 😡

... cos port number is the best predictor of security threats, amirite? 😒

When you think about it, a female egg cell can withstand a sperm DDoS attack at a rate of 1.8 terabytes per second, letting through just one data packet. It's amazing that the packet can hang the system for a whole 9 months.

That's what I would call a good firewall.

At my last gig I was working at a small ISP and my boss was asking why our throughput went to shit every time he checked the router web ui. I told him it was because the web server on the router uses up a lot of CPU time, and that meant the router couldn't process as many packets since it uses that same CPU for well routing, nat, firewall rules etc...so it's probably best to use the CLI instead. Boss says, "YOU DON'T TELL ME WHAT TO DO!!!" And continues to destroy throughput by looking at the web ui.

TL;DR Boss yelled at me for telling him how things work. Yay.

Internet access at the new Uni is crap. I'm getting so pissed at this shit...
Packet loss spikes to over 50% every 30s or so. Can't keep a single SSH pipe open for longer than a minute. Firewall is so tight infrared light wouldn't get through that shit (understandable. And I use a VPN anyway).
And every. Single. AP. Uses. The. Same. Channel. All of them on 6. At least it's on a tight band... But 1 and 11 are free. 100% clean. You know, you could spread them a bit. That helps. But naaah let's keep everything bundled up. Co-channel interference is OK, right?

If you play Rainbow 6, then you might know the new operator "Dokkaebi".
I'm surprised that ubisoft's idea about hacking is still in Hollywood level.
Maybe at lease say "a base station exploit (that can cause RCE)" instead of the old "firewall bypassing" speech

Look, I worked in companies that didnt givr a single f about security, and it wasn't right, but others go are just mad.

Me to itsec: can I deploy Django behind the company firewall on a machine physically 2 meters from you, users will still need the VPN to access it... ?

Itsec: no!

Me: flask?

Itsec: no!

Me: shiny?

Itsec: no!

Me: CAN I EVEN HOST ONE HTML FILE WITH INLINE CSS?

itsec: can I see your badge?!

Customers API is like:
A: I get no input to the API, check your code.
B: My code works fine, just your API returns nothing.
A: I see, let me adjust it. Does it work?
B: No.
A: And now?
B: No dice.
A: But now it should work!
B: I am sorry, nope.
A: Ok, I try to turn off the firewall. Does it work?
B: Yes, it works...(and this is why I do overtime -_-)

Who blocks "dell.com" for God's sake.
This is getting out of hands now >_<

So how the fuck am I meant to get any work done with no admin access to my machine, no access to the databases I need to work with, firewall rules stopping me from doing anything from AWS so I can’t get to my data? Deadline in about a week... fuck that noise!

I find it funny that as soon as I disable password authentication on my server and enable key auth then all of the bots spamming my server with incorrect login requests instantly stop when they realise that they aren’t getting through any time soon. Also don’t ask why I don’t have Fail2Ban and a firewall set up.

A few days ago, I saw a topic from hackernews about Xiaomi phones having a high risk vulnerability because of analytics.apk. I didn't mind it (I'm using a Xiaomi phone).

After about 2 days, I had a notification on my screen having a message 'test' made by my browser.

I immediately installed a firewall blocking all Xiaomi related services.

WTF Xiaomi

Everytime you tell yourself "This time I'm going to make them stop putting the cart before the horse again!!! No more forced shit implementations!!! NO MORE ! I'm strong!!"

The last hour in the next week:
- Selinux: off
- Firewall: Any-Any
- Application data: Everything installed on OS disc.
- Documentation: At best, someone remembers the server supposed-to-be dns record
- Service Accounts: Your domain admin account and sysadmin for databases.
- Patching: DON'T EVER THINK ABOUT IT..AND NO REBOOTING! I have set very important runtime variables.
- Backup: Maybe someone else will set this up.
- Monitoring: Not needed since clients will create tickets if system fails.
- Production Status: vague at best. Sort of silently transitioned to production.
- Handover status: Probably, but I quit before the project closed.

!

1. It's gonna be more and more specialized - to the point where we'll equal or even outdo the medical profession. Even today, you can put 100 techs/devs into a room and not find two doing the same job - that number will rise with the advent of even more new fields, languages and frameworks.

2. As most end users enjoy ignoring all security instructions, software and hardware will be locked down. This will be the disadvantage of developers, makers and hackers equally. The importance of social engineering means the platform development will focus on protecting the users from themselves, locking out legitimate tinkerers in the process.

3. With the EU getting into the backdoor game with eTLS (only 20 years after everyone else realized it's shit), informational security will reach an all-time low as criminals exploit the vulnerabilities that the standard will certainly have.

4. While good old-fashioned police work still applies to the internet, people will accept more and more mass surveillance as the voices of reason will be silenced. Devs will probably hear more and more about implementing these or joining the resistance.

5. We'll see major leaks, both as a consequence of mass-surveillance (done incompetently and thus, insecurely) and as activist retaliation.

6. As the political correctness morons continue invading our communities and projects, productivity will drop. A small group of more assertive devs will form - not pretty or presentable, but they - we - get shit done for the rest.

7. With IT becoming more and more public, pseudo-knowledge, FUD and sales bullshit will take over and, much like we're already seeing it in the financial sector, drown out any attempt of useful education. There will be a new silver-bullet, it will be useless. Like the rest. Stick to brass (as in IDS/IPS, Firewall, AV, Education), less expensive and more effective.

8. With the internet becoming a part of the real life without most people realizing it and/or acting accordingly, security issues will have more financial damages and potentially lethal consequences. We've already seen insulin pumps being hacked remotely and pacemakers' firmware being replaced without proper authentication. This will reach other areas.

9. After marijuana is legalized, dev productivity will either plummet or skyrocket. Or be entirely unaffected. Who cares, I'll roll the next one.

10. There will be new JS frameworks. The world will turn, it will rain.

Not mine, but a colleague puts a script in production which has to sent an email every time a config changes, but in reality sent an email every time the file was accessed. The system sent a good amount of email in a couple of minutes, the remote SMTP bounced them but the connections on port 25 was dropped by the server, the production firewall hits the maximum number of allowed connections... a lot of shit!

Look here Mr Senior Tech if you don’t know 100% what you’re doing, don’t fucking touch the goddamn firewall with your fucking sausage fingers and you overblown call center team lead. I mean you need to have the confidence you would have if you were eating a banana and some one told you it was a poisonous berry, you’d laugh and eat it anyway, cause it’s obviously a banana. That’s the kind of confidence you need to have when fucking with the entire goddamn network configurations. I just went thru a 7 hour shit show because you THOUGHT you knew what you were doing. Not a damn thing was broken there. One service needed a hole in the firewall and you fucked all this beyond an easy fix. Now I’ll admit I don’t have that much confidence working with the firewall, that’s why I would fucking cal one of the companies that set it up even though we don’t necessarily have a support contract, it would have cost a lot damn less to have them work on it than for the whole company to be down and for me to have to stress over every fucking thing going (or not going) on.

Firewall is down. That means no access to developer environments. That means more time for DevRant.

*accidentally deploys unfinished firewall config
*Flushes iptables
*Accidentally flushes literally everything
*Protocols are drop for all connections and interfaces
*Has to reboot server, ssh in AGAIN, and redeploy from the shite configuration I was fixing

me: block all in&put connection
firewall: ok
me: open port 22 for local network
firewall: ok
me: enable firewall
firewall: ok
me: restart pi
firewall: allow me connect
me: open port 80 for local network
firewall: ok
me: open port 443
firewall: Oh! i have to block icoming connections on port 22

Betafence,

a firewall that never got into production.

/badumts

So... I've been messing arround with my first VPS (with little knowledge of Linux).
First installed lxde to learn how to do it, then back to the terminal. then I started with Apache, watching online tuts ...
Then I changed for nginx... Looks way better.
Installed my sql, php and got stuck. Dropped it for a few days.
Today I restarted, deleted Apache, mysql, reinstalled nginx, my php (with lots of problems because of old instalations). Everything is working now except php.
After going round and arround I changed my focus to relax a bit, and remembered I still have Apache on the firewall...
OK Apache and other stuff that I installed.
Delete everything
New rules only for nginx and reset.
Cant ssh to the server... What?
Oh... Forgot to add rules to OpenSSH...
No matter, I can access the terminal directly on the website....
And it loads to ldxe, with no user set...
Fuckkkk.
Oh BTW I'm in a trial free period with no support...

About slightly more than a year ago I started volunteering at the local general students committee. They desperately searched for someone playing the role of both political head of division as well as the system administrator, for around half a year before I took the job.

When I started the data center was mostly abandoned with most of the computational power and resources just laying around unused. They already ran some kvm-hosts with around 6 virtual machines, including a cloud service, internally used shared storage, a user directory and also 10 workstations and a WiFi-Network. Everything except one virtual machine ran on GNU/Linux-systems and was built on open source technology. The administration was done through shared passwords, bash-scripts and instructions in an extensive MediaWiki instance.

My introduction into this whole eco-system was basically this:
"Ever did something with linux before? Here you have the logins - have fun. Oh, and please don't break stuff. Thank you!"

Since I had only managed a small personal server before and learned stuff about networking, it-sec and administration only from courses in university I quickly shaped a small team eager to build great things which would bring in the knowledge necessary to create something awesome. We had a lot of fun diving into modern technologies, discussing the future of this infrastructure and simply try out and fail hard while implementing those ideas.

Today, a year and a half later, we look at around 40 virtual machines spiced with a lot of magic. We host several internal and external services like cloud, chat, ticket-system, websites, blog, notepad, DNS, DHCP, VPN, firewall, confluence, freifunk (free network mesh), ubuntu mirror etc. Everything is managed through a central puppet-configuration infrastructure. Changes in configuration are deployed in minutes across all servers. We utilize docker for application deployment and gitlab for code management. We provide incremental, distributed backups, a central database and a distributed network across the campus. We created a desktop workstation environment based on Ubuntu Server for deployment on bare-metal machines through the foreman project. Almost everything free and open source.

The whole system now is easily configurable, allows updating, maintenance and deployment of old and new services. We reached our main goal for this year which was the creation of a documented environment which is maintainable by one administrator.

Although we did this in our free-time without any payment it was a great year with a lot of experience which pays off now.

His will be the best firewall

SSH attack today. I asked my colleague if a rule in the firewall would block that. He tells me that yes and when I look, the rule is open for the SSH. 2 hours ouf downtime ...

Some minutes ago our firewall in office overheated, no internet, no network, no real way to work some time for coffee and nerd talk - not bad at all

*Windows xp firewall is on*
oh yeah Loooooooool XD

I am a web app developer by profession and software engineer by qualifications but when there is a problem with router, firewall or a server needs to be setup, whether internal or for client, all my employer can see is me. Sometimes i get too tired of this shit. Also I am expected to work at home during night as if I don't have any life outside this field. I need to enjoy my life with I am young. I am twenty and stuck. Fuck it.

Fucking fuck fuck hell.

My grandfather Bought a 50€ doogee phone.
After one month, it started showing advertizuments randomly.

I installed a firewall, but now it opens a different advertizinc in my Browser every few hours.

WHO THE FUCK THOUGHT IT WOULD BE A GOOD IDEA?

O AND:one tap root doesnt work

1st strike :

My university installed a new infra for internet access. Regular PEAP without certs. And there is another fortiguard firewall busting our ass. Even when I try to access my website it says unrated and kicks me. Same is the case for numerous other websites like torrent cache websites, porn sites, and STEAM. When the shit happened, I just changed the url from http to https. Works fine.

2nd strike :
So the dumbass sysadmin installed mitm. It started blocking us again. In our infra we have a high performance redhat xeon e7 server for student's use with a link connection of 1G/s. I just made an ssh tunnel and tried browsing those websites... It worked. The sysadmin dumbass forgot to route the server traffic through the fortiguard. What a moron!!

Waiting for strike 3...

Today I had sort of a meltdown when I found out that the small, 20-something company where I work and where we should all 'trust each other' is working to stealthily enable SSL Inspection.

I'm done with doing anything other than what is stipulated in my contract such as helping out in other areas out of my own volition.

Management got control hungry and mad once they got their hands on a Deep Inspection Firewall.

Well, I'm not feeling sorry for the uproar they'll have to endure once colleagues find out they are doing this stealthily.

Serves them right and after this and other similar experiences my trust in this company is right through the floor.

I never had to deal with an attack.
At least, I don't know about it. My firewall couldn't detect anything.
I wish I could have experienced something like that tbh *sob*

Today I learned that some external devs one of our projects is working with have DB tables where they store references to specific dates, and not only that, but every minute of those dates, and the day of the week, and what season its in. Im not joking.
Hmm should I use the local datetime libs or should I go through a firewall, load balancer and DB cluster just to find out what day it is?

How to survive engineering class:

Finish assigned book work with a good hour and a half to spare before lunch block

Use websites such as translate.google.com and underget.com to bypass school firewall and web filter

Download pirated games (super hot, getting over it, kerbel space program, ect.)

Play said games until class ends

My conversation with Avalara support (API for taxing):
Me: Hey I'm implementing your API for a client. The requests are going through, I get a valid response back but all goods are taxed with $0. Can you please give me a hint what I might be missing?
Sup: You're using Salesforce Commerce Cloud, requests might be blocked through their firewall
Me: I don't think so, here are some sample requests and responses I just created. The object returned matches the one in your API Doc.
Sup: This isn't a system controlled by us, no support.
Me: So how in the world can it be you don't control your own endpoint?

Seriously, if you don't want to help, next time just say fuck you...

I remember someday from a few years ago, because i just got off the phone with a customer calling me way too early! (meaning i still was in my pyjamas)

C:"Hey NNP, why si that software not available (He refers to fail2ban on his server)
Me: "It's there" (shows him terminal output)
C: " But i cannot invoke it, there is no fail2ban command! you're lieing"
Me: "well, try that sudoers command i gave you (basically it just tails all the possible log files in /var/log ) , do you see that last part with fail2ban on it?
C: "Yeah, but there is only a file descriptor! nothing is showing! It doesnt do anything.
Me: "That's actually good, it means that fail2ban does not detect any anomalies so it does not need to log it"
C:" How can you be sure!?"
Me: "Shut up and trust me, i am ROOT"

(Fail2ban is a software service that checks log files like your webserver or SSH to detect floods or brute force attempts, you set it up by defining some "jails" that monitor the things you wish to watch out for. A sane SSH jail is to listen to incoming connection attempts and after 5 or 10 attempts you block that user's IP address on firewall level. It uses IPtables. Can be used for several other web services like webservers to detect and act upon flooding attempts. It uses the logfiles of those services to analyze them and to take the appropriate action. One those jails are defined and the service is up, you should see as little log as possible for fail2ban.)

I invite anyone to give me suggestions on what services to use to keep my online stuff (email, files, others) more secure/ private. Also what's the best firewall for Android?

My reaction when I found uTorrent in the firewall server.

THREE DAYS of debugging, reading all the logs I could find, creating tens of new logs in our appliaction, and SUDDENLY an email from your IT admin:

"Hey your CURL requests are being rejected by my !oh so secure! firewall rule".

Not that I haven't said at the beggining, that THIS IS YOUR F...G NETWORK PROBLEM because we get "connection reset by peer" errors, and you ASSURED that everything is CHECKED and OK!

Barracuda Email Firewall for Dummies:

1. Email Client with perfect grammar and nice subject line. (Email rejected)

2. Change subject line to include Russian and Chinese characters along with discount advertisements for Xanax and male enhancement pills. (Email sent!)

The most crazy issue I've fixed was caused by a TCP behavior which I didn't know, called the "half-closed connection".
There was a third-party application installed on a production server which called a LDAP server for retrieving users information. During the day we had several users using the application and all worked fine. During the night, when the application was not accessed, something happened and the first call to the application in the morning was stuck for about 5 minutes before returning a response. I tried to reproduce the issue in a testing environment without success. Then I discovered that the application and the LDAP server were located on two different networks, with a firewall between them. And firewalls sometimes drop old connections. For this reason network applications usually implement a keep-alive mechanism. Well, the default LDAP Java libraries don't set the keep-alive on their connections. So, I found a library called "libdontdie", which force the keep-alive on the connections. I installed the library on the server, loaded it at the startup and the weird stuck behavior in the morning disappeared.

TLDR: I need advice on reasonable salary expectations for sysadmin work in the rural United States.

I need some community advice. I’m the sysadmin at a small (35 employee) credit card processing company. I began as an intern and have now become their full time sysadmin/networking specialist. Since I was hired in January I have:

-migrated their 2007 Exchange server to Office 365

-Upgraded their ailing Windows server 2003 based architecture to 2012R2

-Licensed their unlicensed VMware ESXi servers (which they had already paid for license keys for!!!) and then upgraded them to 6.5 while preventing downtime on hosted VMs using tricky transfers and deployments (without vMotion!)

-Deployed a vCenter server to manage said ESXi servers easier

-Fixed a three month gap in their backups by implementing Veeam, and verifying its functionality

-Migrated a ‘no downtime’ fileserver to a new hypervisor host, implemented a ‘hot standby’ server as a backup kept up to date by the minute with DFS replication.

-Replaced failing hard drives in a RAID array underlying their one ‘business critical’ fileserver, which had no backups for 3 months at that time

-Reorganized Active Directory and Group Policy deployment from a nightmare spiderweb of OUs and duplicate policies

-Documented the entire old network and now the new one as I’ve been upgrading this

-Audited the developers AWS instances and removed redundant machines, optimized load balancing on front end Nginx servers, joined developer run Fedora workstations to the AD domain and implemented centralized syslog monitoring on them.

-Performed network scans and rewrote firewall exceptions to tighten security

There’s more, but you get the idea. I’ve now been tasked with taking point on an upcoming PCI audit which will be my first.

I’m being paid $16/hr US, with marginal health benefits. This is roughly $32,000 a year, before taxes.

I have two years previous work experience managing a third party Apple repair facility (SimplyMac) and every Apple certification for warranty repair and software troubleshooting. I have a two year degree in general sciences, with about 4 years of college credit (Two years of a physics education and two years of computer science after I switched focus) I’m actively pursuing a CCNA and MCSA server 2016 with exams paid for and scheduled.

I’m going into a salary negotiation in two months. What is a reasonable salary to request, from your perspective, for someone in my position?

Thanks in advance!

FUCK FUCK FUCK Windows share feature
just fuck it !
and fuck the people who made it!!!44

ok calm mode on

I had to copy a 30 gb file from my computer to my sister's one, and since the largest pendrive I have is 8gb, and I'm just lazy to split the file into parts, I thought it would be a great idea to copy it over LAN. (tldr: it's not)

First attempt:
Right click on file and share it with everyone = fail
Enable network discovery in sharing settings = still fail
Ohh, right, I just forgot it, disable firewall, it usually solves everything = still fail (2)
Google the problem and try every possible solution = still fking fail

Second attempt:
Ok, when last time I had the same problem, I made a homegroup and it worked.
Let's enable it on my Win10 = it's missing
After some googling: "We removed the home group feature from Windows 10, because why not and we would be fired if the change log was empty."
Ok, fuck it.

Third attempt:
Download a portable FTP server.
Enable it.
Create an account.
It works.

I already wrote this story in the comments to some other rant, still it's pretty funny.

So, i was modding my wii u by messing with system files, the only way to do this is to run an homebrew that hosts an ftp server so you can connect with your pc, the thing is, this server was not protected and allowed anonymous login, not an issue if you have a firewall.
BUT i had this console in the DMZ on the router for online play.
~You can see where this is going~
While doing stuff from my pc i started seeing a lot of entries on the console's log and i didn't understand why, i thought filezilla was doing some shit so i closed it but the log was still going, then i realized and quickly shut the server down.
Then i disabled the DMZ and went back to check what happened (unfortunately the log was only shown on screen and not saved, by closing the server i lost it) so looks like the attacker uploaded a lot of files with random names in pretty much every folder.
Due to the random names, I don't know which are system files and which attacker's files so i just kept them there. And today they should still be there.

--Random thinking--
What if the attacker also stole some files, he was hoping to get photos or valuable documents, but just got the console's system files and he thought something along the lines of "wtf is even this".
Also, how likely is that an ip scanner script gets to my ip in the 5 minutes i run the server, and (on the attacker side) how likely is to hack a server just to find out that's a wii u (the least successful console in the last generation)...

Moral of the story: double check your firewall if you are going to run an unprotected server.
That's it, stay safe :P

Dear Docker for Windows I know you exist to make devs on Windows life easier. But DEAR GOD, with all the firewall/group policy problems..you have been the pain of my existence during this short time developing on Windows.

Literally have a countdown on the time left until I get to no longer do a rain dance for my development environment to work.

Some <super smart> person ran DHCP in production lab (without disconnecting from main network and/or using firewall)
, now the admin turned all the ports off and went home.
Traffic gens are also unavailable now so are upgrade servers.
Result: I can't run my work over the weekend and the reports are expected on Monday.

Not so bad : I'll run on Monday.
Bad part : This fucking shit takes 2 days to do everything on the rack.

Dev sin: when you're too lazy to configure ufw (uncomplicated firewall) so you just shut it down instead 😓

IT and S*X are one and the same thing use of a firewall is like using a c*nd*m.

>when a sysadmin sets his local Linux firewall (gufw) where one of the rules had the end of the cidr block as the first IP address and the beginning of the cidr block as the last IP address.

Needless to say nothing worked. But the server was secure because nothing could connect to it 😂

FUCK YOU, Windows Firewall.

Built a pFSense box for home with said proxy. Even though my internet connection is slow it seems fast now thanks to squids MITM https proxy and http proxy. Plus a little QoS helps. And it has so many more features than a regular router.... WTF didn't I do this sooner?

Colleague just factory reset the firewall....
- "I have just changed a firewall rule"
Motherfucker!!!!! Burn, burn in hell!

The networking group at my day job, hooooooolly crap I have some unprintable words. But keeping it professional:

* Days to turn around simple firewall whitelisting requests
* Expecting other teams to know the network layout despite not sharing that information anywhere and going out of their way to not share it
* Adding bureaucracy in the form of separate Word doc forms despite having a ticketing system - for no justifiable reason
* Breaking production systems multiple times per month
* Calling in with problems that are clearly network related, being told it’s our systems, and then the problems magically go away even though they swear they didn’t touch anything
* Outright verifiable lies or vague non-answers when they’re not talking to someone at the director level or a vendor from an outside company on conference calls
* Worse packet loss and throughput on our LAN than my home ISP

Doing anything with these clowns is my single biggest source of stress right now. I can’t wait until we get a full SDN stack set up and then we won’t have to deal with them for day-to-day needs any longer.

My boss swears it’s better that we’re not managing the network directly, but I’m pretty sure my friend’s dog could be loosed into the data center to chew on fiber, and eventually the pairs would be connected in such a way as to improve performance.