So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!

It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"

Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.

My parents found it very easy to work with as well so we decided to stick with it.

I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.

Then I started to experiment more and more.

After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!

From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.

Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!

I started to learn stuff like FTP, SSH and so on.

Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?

First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.

Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.

Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!

I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.

Finally made the jump to NginX and CentOS!

Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.

Started with simple, one screen linux setup with ubuntu 10.04.

Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!

It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).

A while ago (few months) I was on the train back home when I ran into an old classmate. I know that he's a designer/frontend/wordpress guy and I know that he'll bring anyone down in order to feel good. I also know that he knows jack shit about security/backend.
The convo went like this:

Me: gotta say though, wordpress and its security...
Him: yeah ikr it's bad. (me thinking 'dude you hardly know what the word cyber security means)
Me: yeah, I work at a hosting company now, most sites that get hacked are the wordpress ones.
Him: yeah man, same at my company. I made a security thing for wordpress though so we can't get hacked anymore.
Me; *he doesn't know any backend NOR security..... Let's ask him difficult stuff*
Oh! What language did you use?
Him: yeah it works great, we don't get hacked sites anymore now!
Me: ah yeah but what language did you use?
Him: oh it's not about what language you use, it's about whether it works or not! My system works great!
Me: *yeah.....right.* oh yeah but I'd like to know so I can learn something. What techniques did you use?
Him: well obviously firewalls and shit. It's not about what techniques/technology you use, it's about whether it works or not!

That's the moment I was done with it and steered the convo another way.

You don't know shit about backend or security, cocksucker.

Today I was hired to pentest a company's framework. While getting directions on what needs to be tested I counted 4times the sentence:
"We are a multi-awarded company for our security, virtually nothing gets past our firewalls".

Most of the PCs had Win98

So I've been looking for a Linux sysadmin job for a while now. I get a lot of rejections daily and I don't mind that because they can give me feedback as for what I am doing wrong. But do you know what really FUCKING grinds my FUCKING gears?

BEING REJECTED BASED ON LEVEL OF EDUCATION/NOT HAVING CERTIFICATIONS FOR CERTAIN STUFF. Yes, I get that you can't blindly hire anyone and that you have to filter people out but at least LOOK AT THEIR FUCKING SKILLSET.

I did MBO level (the highest sub level though) as study which is considered to be the lowest education level in my country. lowest education level meaning that it's mostly focused on learning through doing things rather than just learning theory.

Why the actual FUCK is that, for some fucking reason, supposed to be a 'lower level' than HBO or Uni? (low to high in my country: MBO, HBO, Uni). Just because I learn better by doing shit instead of solely focusing on the theory and not doing much else does NOT FUCKING MEAN THAT I AM DUMBER OR LESS EDUCATED ON A SUBJECT.

So in the last couple of months, I've literally had rejections with reasons like
- 'Sorry but we require HBO level as people with this level can analyze stuff better in general which is required for this job.'. - Well then go fuck yourself. Just because I have a lower level of education doesn't FUCKING mean that I can't analyze shit at a 'lower level' than people who've done HBO.

- 'You don't seem to have a certificate for linux server management so it's a no go, sorry!' - Kindly go FUCK yourself. Give me a couple of barebones Debian servers and let me install a whole setup including load balancers, proxies if fucking neccesary, firewalls, web servers, FUCKING Samba servers, YOU FUCKING NAME IT. YES, I CAN DO THAT BUT SOLELY BECAUSE I DON'T HAVE THAT FUCKING CERTIFICATE APPEARANTLY MEANS THAT I AM TOO INCOMPETENT TO DO THAT?! Yes. I get that you have to filter shit but GUESS WHAT. IT'S RIGHT THERE IN MY FUCKING RESUME.

- 'Sorry but due to this role being related to cyber security, we can't hire anyone lower than HBO.' - OH SO YOUR LEVEL OF EDUCATION DEFINES HOW GOOD YOU ARE/CAN BE AT CYBER SECURITY RELATED STUFF? ARE YOU MOTHERFUCKING RETARDED? I HAVE BEEN DOING SHIT RELATED TO CYBER SECURITY SINCE I WAS 14-15 FUCKiNG YEARS OLD. I AM FAMILIAR WITH LOADS OF TOOLS/HACKING TECHNIQUES/PENTESTING/DEFENSIVE/OFFENSIVE SECURITY AND SO ON AND YOU ARE TELLING ME THAT I NEED A HIGHER LEVEL OF FUCKING EDUCATION?!?!? GO FUCKING FUCK YOURSELF.

And I can go on like this for a while. I wish some companies I come across would actually look at skills instead of (only) study levels and certifications. Those other companies can go FUCK THEMSELVES.

Citizens are advised not to use Firewalls on their devices or Networks, as there can be a fire threat from enabling those.

An active cooperation is expected from everyone.
Stay safe and have a nice day :)

The tech stack at my current gig is the worst shit I’ve ever dealt with...

I can’t fucking stand programs, especially browser based programs, to open new windows. New tab, okay sure, ideally I just want the current tab I’m on to update when I click on a link.

Ticketing system: Autotask
Fucking opens up with a crappy piss poor sorting method and no proper filtering for ticket views. Nope you have to go create a fucking dashboard to parse/filter the shit you want to see. So I either have to go create a metric-arse tonne of custom ticket views and switch between them or just use the default turdburger view. Add to that that when I click on a ticket, it opens another fucking window with the ticket information. If I want to do time entry, it just feels some primal need to open another fucking window!!! Then even if I mark the ticket complete it just minimizes the goddamn second ticket window. So my jankbox-supreme PC that my company provided gets to strugglepuff along trying to keep 10 million chrome windows open. Yeah, sure 6GB of ram is great for IT work, especially when using hot steaming piles of trashjuice software!

I have to manually close these windows regularly throughout the day or the system just shits the bed and halts.

RMM tool: Continuum
This fucker takes the goddamn soggy waffle award for being utterly fucking useless. Same problem with the windows as autotask except this special snowflake likes to open a login prompt as a full-fuck-mothering-new window when we need to open a LMI rescue session!!! I need to enter a username and a password. That’s it! I don’t need a full screen window to enter credentials! FUCK!!! Btw the LMI tools only work like 70% of the time and drag ass compared to literally every other remote support tool I’ve ever used. I’ve found that it’s sometimes just faster to walk someone through enabling RDP on their system then remoting in from another system where LMI didn’t decide to be fully suicidal and just kill itself.

Our fucking chief asshat and sergeant fucknuts mcdoogal can’t fucking setup anything so the antivirus software is pushed to all client systems but everything is just set to the default site settings. Absolutely zero care or thought or effort was put forth and these gorilla spunk drinking, rimjob jockey motherfuckers sell this as a managed AntiVirus.

We use a shitty password manager than no one besides I use because there is a fully unencrypted oneNote notebook that everyone uses because fuck security right? “Sometimes it’s just faster to have the passwords at the ready without having to log into the password manager.” Chief Asshat in my first week on the job.

Not to mention that windows server is unlicensed in almost every client environment, the domain admin password is same across multiple client sites, is the same password to log into firewalls, and office 365 environments!!!

I’ve brought up tons of ways to fix these problems, but they have their heads so far up their own asses getting high on undeserved smugness since “they have been in business for almost ten years”. Like, Whoop Dee MotherFucking Doo! You have only been lucky to skate by with this dumpster fire you call a software stack, you could probably fill 10 olympic sized swimming pools to the brim with the logarrhea that flows from your gullets not only to us but also to your customers, and you won’t implement anything that is good for you, your company, or your poor clients because you take ten minutes to try and understand something new.

I’m fucking livid because I’m stuck in a position where I can’t just quit and work on my business full time. I’m married and have a 6m old baby. Between both my wife and I working we barely make ends meet and there’s absolutely zero reason that I couldn’t be providing better service to customers without having to lie through my teeth to them and I could easily support my family and be about 264826290461% happier!

But because we make so little, I can’t scrap together enough money to get Terranimbus (my startup) bootstrapped. We have zero expendable/savable income each month and it’s killing my soul. It’s so fucking frustrating knowing that a little time and some capital is all that stands between a better life for my family and I and being able to provide a better overall service out there over these kinds of shady as fuck knob gobblers.

Damn firewalls.

I hate interviewing..

The first sentence of the candidate was, that he wanted to speak in english instead of german. Great start if you stated something else in the application.

And his english was even worse than mine.

And as expected from his tags in the application, he had a broad knowledge base. From IoT, LTE, node.js TCP, Java, Ruby, Python, to VLAN and firewalls.

Guess what, he had no in depth knowledge for the required job. Suprise!

Installed an SSD in my Linux box. Installed fresh distro, tried to log in via SSH on localhost. Didn't work. Tried like three times, turned off firewalls, restarted ssh servers, nothing.

Looked at username. Typo in username when setting things up. *facepalm*

Just spent the entire day of which should have been the start of vacation fighting off a second wave of ransomware on one of our production servers. Gandcrab 5.2 anyone?

Turns out an exploit in our MySQL daemon allowed some fucking Chinese hackermonkey to upload a trojan and remote execute it. Thousands of angry customers, me the only one available and able to fix shit and patch up firewalls and system.

And now I get the pleasure of working on what I should have been doing today, another fire that MUST be put out today.

Fuck you deadlines. Fuck you Chinese hackers. In fact, FML.

protecting my computer from wannaCry be like .

Despite common sense, I think technology is not making our lives easier. It's just build chaos on top of chaos.

Take server-side programming for instance.

First you have to find someone to host your thing, or a PaaS provider. Then you have to figure out how much RAM and storage you need, which OS you're going to use. And then there's Docker (which will run on top of a VM on AWS or GCP anyway, making even less sense). And then there's the server technology: nginx, Apache (and many many more; if, that is, you're using a server at all). And then there are firewalls, proxies, SSL. And then you go back to the start, because you have to check if your hosting provider will support the OS or Docker or your server. (I smell infinite recursion here.)

Each of these moving parts come with their own can of worms in terms of configuration and security. A whole bible to read if you want to have the slightest clue about what you're doing.

And then there's the programming language to use and its accompanying frameworks. Can they replace the server technology? Should you? Will they conflict with each other and open yet another backdoor into your system? Is it supported by your hosting provider? (Did I mention an infinite recursion somewhere?)

And then there's the database. Does it have a port to the language/framework of your choosing? Why does it expose an web interface? Is it supposed to replace your server? And why are its security features optional again? (Just so I have to test both the insecure and the secure environments?)

And you haven't written a single line of code yet, mind you.

The ones who use it, what do you like or value about Linux? Why do you use it?

Before I answer, let me say that I am a noob compared to the rest of this community. I run Ubuntu because Arch was too complicated when I tried and bash scripts equal to frustrations for me. That's my knowledge level.

- I don't feel "observed" when using a Linux distro compared to Windows and macOS.
- Feel more connected to the open source thought and the free spirit.
- Feel like I can do anything I want. Learning new programming languages easily, trying out web servers, try and setup own website or mail server etc.
- Everything is accessible. Read something cool about docker? ALT+T to open a terminal and start up a docker container to try out.
- No Internet browsing for software, like googling "Firefox download english".
- Sometimes forces me to learn about the workings of a computer, like networks, servers, routing, firewalls, bootup sequence etc.
- So many great command line tools. Want to find out quickly who owns a website? Want to query a specific DNS server? All possible within 5 seconds!

All in all using Linux feels like watching a documentary while using Windows is more like watching a dumb comedy show where I can turn my brain off, but get more stupid after a while.

!rant
Just helped one of my professors set up a nginx load balancer with https, rate limiter, firewalls and everything from scratch. It feels so amazing to be able to put all the stuff I learn at work to practice.

Speaking of.. What in your opinion would be an appropriate way to warn someone about security problems, like db passwords in git?

I once came across dozens of extremely sensitive services' infra accesses: alibaba/aliexpress, natuonal observatories, gov institutions, telecomms, etc. I had dozens [if not hundreds] routers' and firewalls' credentials along with addresses. I tried one to confirm validity - it worked. I wanted to warn them but did not want to get in trouble.

If it were servers, I'd set a motd or append some warning messages in .profile. But not sure how to do it for non-server devices

what would you do? How would you warn them?

P.S. Deleting that record was a smart move, buddy ;)

p.P.S. Sorry, wrong category... Can't edit now :(

The most crazy issue I've fixed was caused by a TCP behavior which I didn't know, called the "half-closed connection".
There was a third-party application installed on a production server which called a LDAP server for retrieving users information. During the day we had several users using the application and all worked fine. During the night, when the application was not accessed, something happened and the first call to the application in the morning was stuck for about 5 minutes before returning a response. I tried to reproduce the issue in a testing environment without success. Then I discovered that the application and the LDAP server were located on two different networks, with a firewall between them. And firewalls sometimes drop old connections. For this reason network applications usually implement a keep-alive mechanism. Well, the default LDAP Java libraries don't set the keep-alive on their connections. So, I found a library called "libdontdie", which force the keep-alive on the connections. I installed the library on the server, loaded it at the startup and the weird stuck behavior in the morning disappeared.

Manager encounters problem, hacks a load of stuff together to "get around" the problem. Asks me to fix the issue. I spend a week tidying up what he'd hacked together, then change it so I encounter the problem.

A morning of probing later, the problem?

One of our servers is running 2 firewalls, so we were having network connection issues on just that server.

Here's something I'm sick of seeing: server software documentation that doesn't fully list what ports they are using. Too often I've read things like this: "AcmeServe uses ports 400, 8001, and 8002". Great, but why are you making me guess if those are TCP or UDP?

And sometimes it's: "AcmeServe uses ports 400 (UDP), 8001 (TCP), and 8002 (TCP)". Soooo, which ones do I port forward? Are you really going to make me have to use netstat -a to find out?

I can't understand the mentality behind that. They obviously realise you need to setup firewalls, but they half-arse it by only telling you the port numbers but not the protocol and/or if they're inbound/outbound.

Please, list what protocol the port is and if it's listening or outbound. Oh, and consider also mentioning where the port numbers come from in your config files, so I don't have to go playing a guessing game with a bunch of XML files should someone have overridden the default port numbers.

Why do windows users keep installing those bloated anti viruses and firewalls that just slow the hack of their system when windows essentials is enough with near to no impact

Those are the same people that got their system full with malware

I code. I'm not a network or security admin. Did you even read my resume before hiring me? It says "math degree then data analysis then programming degree" Subnets, firewalls and security certs are not my areas of expertise. Given enough time, could I stumble through? Probably. But I'd probably come up with something worthy of mocking on networkadminrant.

So the company I work at is moving to a new location. We are a small company, so we were all talking about potential problems with the move - network, internet, firewalls, access to servers and so on. Us trying to cover all possible scenarios.

Our CTO looks up and says: “or we could just cross our fingers and hope for best”.

WTF🤯

Just started learning Docker. The thing that seemed complex a week ago has started to unwrap the wonders it holds. Hope to make it work to ease up some of the team's deployment headache. Though there were hurdles related to firewall, company intranet, network antivirus, domain sharing etc. But managed to resolve it today.

Anyone have any experience with setting up firewalls? Seems like I'll have to do that at the new office, but man, I ain't got no clue.

I've spent so many years not coding, I could never get over the initial hump, which was definitely a mistake. Mistakes are fine, we all make them. The best thing is to learn from them. On the plus side I've learnt firewalls, Web hosting. Windows domains, Azure cloud, virtual machines etc etc, skills which are hopefully very useful for Dev to have. I look forward to joining the ranks of skilled developers. If you are interested in development but are afraid to take the leap. Just go for it, start to learn and play with it. My recommendation for anyone looking for a starting point is a Udemy course called "The Complete ASP.NET MVC 5 course". I'm not affiliated in any way or advertising it. I just think it's brilliant and you get to the fun stuff really quick. You will start with the basics of getting and setting up visual studio. Also. If anyone could recommend other very good courses they know of I would appreciate it

I deployed docker on a VPS a few weeks ago as a sort of learning experience since I haven't really worked with containers much before. Today I learned that docker doesn't like firewalls.

Or, to be more specific, it adds rules to iptables that are applied prior to ufw rules, allowing external connections that I really didn't want to allow. If I don't explicitly specify that a port is to be published only to localhost, then it punches a hole through my firewall without telling me.

Which means that all of my containers running behind an nginx reverse proxy that auto-redirects to HTTPS... were also accessible directly via HTTP.

I'm... trying to think of a reason why this kind of default behavior was a good idea, but I'm drawing a blank.

Fucking Docker.

Yay Google + leaked info!!
New old news again :P

Come on people if you want something to be safe you DO NOT I repeat DO NOT send it to someone else's computer. That's it. Fuck firewalls fuck av fuck it all.

Now I also experienced the corporate IT - hell.
I'm an apprentice at a small but branch of a fairly big company.
We get a fuckton of guidelines from our IT-HQ, plenty of them outdated.
We can't even decide how to configure our firewalls our self, but get them preconfigured from the HQ.
They micromanage us so hard, we can't even put a switch in a room, without having to arrange that shit with them.

FUCK APPLICATION LEVEL FIREWALLS!

So i cam online today, thought already lets open the shitty outlook webmail client. Holy crap .... thats way to much mails. Many of them are missed teams messages. So i open up teams and holy crap. Like every third dev in my company send me a message screaming "gitab is not working!!!".

Yesterday i updated it so imediately get in panic mode - what the shitty hack have i done?!

So yeah gitlab seems to be working just fine, everything is speedy and responsive, so i call one of my fellow devs and ask him whats wrong? And he is like oh yeah there comes a ldap error saying timeout or something.

I try to login with active directory. Works like a charm. Try another account, same problem?!

Google the problem, search gitlab tickets. Nope there is no open bug or sth. like this.

So alright lets call the network guy. "Yo, can you check if there is something ldap-like getting blocked to the gitlab server?" - He is like oh yeah damn like almost every damn request is getting blocked. Ah wait, there was an firewall update yesterday too. Yeah ldap is no longer ldap. BLOCK THAT SHIT!

After 10 minutes of figuring out what shitty type is detected by the firewall and what needs to be whitelisted to make it fucking work again it seems to work.

But ha no, there is another update rolling on, so same shit like 15 minutes later.

Now it seems to work and i have to inform every damn fcking developer that it works again. And yeah alright you sent a mail, but fuck it, i will call you though! So yeah just answering calls, mails and chat messages. Like why the fuck cant you read your mails like a damn normal person?!

Hey everyone! So for my final year project, I have to make a firewall game to help people understand about firewalls. Any ideas on how I can start?

AWS Contractor

I've been putting a web application together that I'm looking to have published on AWS. Not having too much experience with AWS, I am looking to hire a contractor. I've had a number of quotes from different AWS admin's ranging from $40 an hour to $200 an hour, from 1-days worth of work to 2-months worth of work!

I'm not really sure what to make of it or to whom to trust. I believe they’re using my ignorance to overcharge me. I've listed my requirements below, could you guys use your professional experiences to let me know what you think is reasonable charge and where best I could find someone to help me.

My application is a US shopping website where people can set up an online shop and upload their products and maintain an inventory of the items.

This is what I’m looking for setup and configuration with the following two areas:

1) AWS SYSTEMS…

* AIM - Set up my server admin users.

* EC2 - Web Hosting.

* RDS - Fast DB.

* SES - To send emails.

* S3 Buckets - Uploaded image hosting.

Route 53 - I don’t know but someone said I should have this.

* Elastic Load Balancing - For, well, load balancing.

2) SCRIPTS…

* A script that would back up the database once a day and save it to a private S3 Bucket.

* A script that will run once a day that calls an internal API, and POST a query to it.

* A script that runs once every 90 days, to refresh the SSL using ZeroSSL.com

Is there anything that I've missed such as security systems, firewalls, auto scaling and CDNs?

The quotes that I've received arranged from $320 to $64,000. I know I am being abused because of my ignorance. I would never overcharge someone because the customer doesn't know the efforts of the work. I hope someone here can help to understand the efforts needed and can tell me the true cost.

Thank you

AHHHHHHHHHHGGGH

I HATE VPN SETUP

- Trying OpenSwan
Installing open swan on a Debian machine.. setting up the config.
Restarting openswan. Syntax error. No syntax error to be found.
Different tutorial.. it starts! Try to connect.. I can’t connect. Look at the logs. No errors.
Tcpdump. My traffic is coming through.. all fine.. try to connect again.. it works! (Nothing changed!)
Try to ping somewhere else.. no connectivity.
Try to ping an IP in the same network.. works fine. So I have connectivity, just no internet.
Spend an hour finding out about traffic directions of which no one seems to know what they really mean.
Boss tells me to stop using openswan because it’s deprecated and replaced by strong swan..

- Strongswan
Reinstall Debian machine, install strongswan. Copy openswan config. Oh, they’re incompatible? Look up strong swan config, and the service starts.
Connect to the VPN.. it works! Again, no internet, just connectivity in the same network. Spend 2h debugging the config, disable firewalls everywhere, find an ancient bug in the Debian package related to my issues.. ok, let’s try compiling from source.. you know what, let’s not. I’ll throw this Debian machine away and try something completely different.

- pfSense
Ok, this looks easy enough! Let’s just click through the initial setup, change some firewall rules, create an L2TP VPN with a simple wizard.
Try to connect to VPN. First, it times out. Maybe a firewall issue? Turn off firewall.. ah, something happens now. I get an error message right after trying to connect to the VPN. Hmm, the port doesn’t even get opened when I enable the firewall.. this implementation seems a bit buggy.. let’s try their OpenVPN module.

Configure OpenVPN. Documentation isn’t that clear.. apparently a client isn’t actually a client but a user is a client.. ok, there’s a hidden checkbox somewhere.
Now where do I download my certificate? Oh, I need a plug-in for that.. ok, interesting. Able to download the certificate, import it, connect and.. YES!!! I can ping! But, I have no DNS..
Apparently, ICMP isn’t getting filtered but all outbound ports are.. yet the firewall is completely disabled. Maybe I need outbound NAT? Oh. There’s no clear documentation on where to configure it. Find some ancient doc, set it up, still no outbound connectivity.

AHAHAHAHHHHHHHHHHG

Then I tried VyOS. I had a great L2TP VPN working in less than 15 mins. Thank you VyOS for actually providing proper docs and proper software.

can anyone educate me more about computer networking as a career?
Routers , protocols , network towers, 4g/5g , internet, firewalls, wired/wireless etc , these must be part of some kind of decent job i guess? (I mean there are those guys who just know how to install these in people's systems and then there are guys who are researching and learning about these systems).

- What is the job opportunity? how and when can we start a career there?
- How difficult it is to reach telecom giants like cisco, at&t , airtel, google fiber etc ?
- How interesting is the work there?
- what programming knowledge should we know or we will be learning about?
- How stable is the career there?

I first try to figure out why I really want to build this and (if the project is intended that way) why someone would use it.

Then I strip the idea down to its bare minimums so I know what I should build for it to be of any value.

And then I start building until I no longer think it's worth working on the project.

For instance:

I am kind of surprised to see that in a world where cloud and apis become more and more leading, there isn't really a commonly accepted and flexible api management platform.

There are some cloud based platforms out there that can be configured using some interface but why is it like that? Surely you aren't going to deploy multiple versions of your core with different platforms right?

That's where my latest project comes in. I want to create an on-prem api management platform which you configure to work with your api during development. Then you can deploy it to any infrastructure alongside your core api.

This way you:

- are not bound to a specific cloud
- don't have to worry about security and firewalls
- get user management and rate limiting for free

I will probably create a collab for this once the platform is mature enough.

Am I an asshole for not wanting to learn infrastructure/AWS?

im sure it isnt rocket science, but somewhere from within, even if I try my body rejects it will every fibre of its being

manual bare metal servers, deployment scripts and firewalls? sure im all in

Containers, k8s tied to nginx on the said server? sure

Entire end to end as long as it doesnt involve AWS? done and dusted

But add AWS/Azure to the mix and I'm oil to water 😪

I gotten through 3 of the firewalls!!!

I have heavily customised my windows and my firewalls were down, I had taken ownership of some files and in that process some virus got itself stuck onto System32/logonUI.exe
I was unable to use defender as every option was greyed out.
Every time i logged into windows the process ran itself.
Tried booting Windows Defender Offline but it gave BSOD.
Tried sfc scan and it showed that windows was unable to restore some files for which integrity check failed.

On restart i was unable to login as I was sent back to password screen right after giving a password.

Fixed it using safe mode and blanking password through net user.

Had a very deep sleep after cracking it.

Symfony 4:

I created a firewall with a user provider and everything was great for a year and a half.
I needed a second firewall with a different user provider for my REST API.

Being stateless, the rest api firewall didn't need the refreshUser method so I didn't bother doing anything inside but returning user (without noticing how my original class was built or the official documentation which apparently says I need to throw an exception if this isn't the right user provider for the user in the session).

I was having a problem with my main firewall after that point because I assumed it would only use the relevant user provider, but even though my API firewall only applied to a specific host/pattern, the user provider for that firewall was still being used. If it had run the supports method first, it wouldn't have done that even with my initial mistake. Frankly, I don't know why there is a supports method if it's not being utilized for this purpose...I saw supports() is used for the rememberme functionality, but seems inconsistent not to use it everywhere.

Not only should Symfony be updated to check the supports() method, but I also think it should only loop through user providers for the current applicable firewalls. Since we define a user provider per firewall, I think that would be the natural way for it to work. Otherwise why even define a user provider on the firewall if it's just going to try to use them all anyway?

Furthermore, in the case of a stateless firewall, requiring the refreshUser method via the interface seems strange.

Testing new server deployment in test env all works, then production it all breaks down. Network didn't allowed the right traffic. Took me whole week to find that out. Until some networking engineer said, you know there is a firewall between those networks?

Storytime - The Prometheus tales - Part III (I think..).

Updated the node definitions on the old node today, just to keep it up to date. nothing fancy.

I went to the new node and and checked the setup again. I already had roughly 120 node definitions onboard for testing purposes.

so all firewalls should have been configured the right way, so that the wee one might celebrate the marriage with the rest of the gang finally.. and then went with "puppet YOLO" on the new node. added every fkn node definition to the new setup.

every node turned out just to be fine.

except for 137 little InstanceDown alerts (out of 600+).
it's a good thing, that the little fella can send mails to me, myself and I only for the time being.

so debugging. again. but at least it's not a problem related to prometheus itself, because the connections end with a timeout on the related nodes. should be more like a firewall fubar.

we will see.