So, since I hear from a lot of people (on here and irl) that Linux has a 'very high learning curve', let me share my experiences with the first time my dad touched Linux (Elementary OS) without me interfering at all! (keep in mind that he is very a-technical)

*le me boots the system* (I already did setup a user account for him and gave him the password).

Dad: *enters password and presses enter*
Me: "Hmm that went faster than expected."
Dad: "Uhm I know how to login son, it's not that hard and pretty obvious".
Me: "Alright, why don't you try to open up the default word documents editor on here! I'll be right back!"
Me: *Goes away and returns after a minute*.
Dad: *already a few test sentences typed in LibreOffice writer* it's going pretty well :)!
Me: "Oo how did you find that?!"
Dad: "Well, there's a thingy that says 'applications' so I clicked in and found it in the "Office" section, do you think I am blind or something?!"
Me: 😐. uhm no but I just didn't think you'd find it that quickly. Now try to install Chromium browser! *thinking: he'll fail this one for sure* I'll be right back :).
Me: *returns again after a minute or so*
Dad: *already searching for stuff through Chromium*
Me: "wait, how the hell did you do that so quickly, it's not the easiest thingy for most people".
Dad: "Jesus, it's not that hard! I went to the application browsing thingy, typed 'software' and then a sorta software store icon showed up so I clicked it and it opened a windows with a search bar saying something like 'search for applications/software'. clicked in it, typed 'chromium', saw it coming up, there was a very clear 'install' button, it asked for my password, I put it in and after a little it gave a notification that it was installed. Then I went to that application browsing thingy again and typed Chromium. Then I hit enter because it selected an icon called chromium...."
Me: O.o. Okay this is going very good, now open an email client and login to your email address!
Dad: *goes to application browsing thingy, types 'email', evolution icon shows up, dad clicks it, email address setup steps show up and dad follows them quickly. After about a minute, everything is setup.

I expected this to be a hard process for someone who dealt with Windows his entire life but damn, I underestimated it.
Asked him if he found it easy/what he liked about it:
"Well, it's very clear where I can find everything, default browser/email/word document editor programs are easy to find and that's about all I need so yeah, great system!"

I am proud of you, dad!

I hate those fucking sites which make you login first and then redirect to their home page.

FOR FUCK'S SAKE, ITS 2017. CANT YOU BASTARDS WRITE A FEW LINES OF CODE SO THAT I AM AUTOMATICALLY REDIRECTED TO WHERE I WAS AND I NEED NOT BACKSPACE EVERY TIME I LOGIN?

So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!

It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"

Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.

My parents found it very easy to work with as well so we decided to stick with it.

I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.

Then I started to experiment more and more.

After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!

From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.

Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!

I started to learn stuff like FTP, SSH and so on.

Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?

First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.

Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.

Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!

I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.

Finally made the jump to NginX and CentOS!

Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.

Started with simple, one screen linux setup with ubuntu 10.04.

Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!

It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Fixing family / friends technical problems, episode 2.

Problem: "I lost my iPhone, I know there's a thing that lets you find it. Can you help?"

Debugging:

Me: sure, it's called "find my iPhone"

Friend: ah yes that's it. How do I use it?

Me: I'll show you, just login here and ... oh you didn't set it up?

Friend: Probably not, I don't know much about this computer stuff.

Me: ... when you setup your phone for the first time, it's a full screen thing that says "do you want us to locate your phone if it's lost. Yes / No". It's hardly writing an encryption algorithm now is it?

Friend: no it's not, but still I just didn't know. I probably clicked no for everything.

Me: ... says here you clicked yes for iCould ... and yes for photo sync ... so you read the one about your pictures but not about lost or stolen property ... nice.

Friend: ... so you can't find it then.

Me: No, natural selection took it away from you.

Friend: oh **** off.

Funny story about the first time two of my servers got hacked. The fun part is how I noticed it.
So I purchased two new vps's for proxy server goals and thought like 'I can setup fail2ban tomorrow, I'll be fine.'

Next day I wanted to install NginX so I ran the command and it said that port 80 was already in use!

I was sitting there like no that's not possible I didn't install any server software yet. So I thought 'this can't be possible' but I ran 'pidof apache2' just to confirm. It actually returned a PID! It was a barebones Debian install so I was sure it was not installed yet by ME. Checked the auth logs and noticed that an IP address had done a huge brute force attack and managed to gain root access. Simply reinstalled debian and I put fail2ban on it RIGHT AWAY.

Checked about two seconds later if anyone tried to login again (iptables -L and keep in mind that fail2ban's default config needs six failed attempts within I think five minutes to ban an ip) and I already saw that around 8-10 addresses were banned.

Was pretty shaken up but damn I learned my lesson!

!rant

I was in a hostel in my high school days.. I was studying commerce back then. Hostel days were the first time I ever used Wi-Fi. But it sucked big time. I'm barely got 5-10Kbps. It was mainly due to overcrowding and download accelerators.

So, I decided to do something about it. After doing some research, I discovered NetCut. And it did help me for my purposes to some extent. But it wasn't enough. I soon discovered that my floor shared the bandwidth with another floor in the hostel, and the only way I could get the 1Mbps was to go to that floor and use NetCut. That was riskier and I was lazy enough to convince myself look for a better solution rather than go to that floor every time I wanted to download something.

My hostel used Netgear's routers back then. I decided to find some way to get into those. I tried the default "admin" and "password", but my hostel's network admin knew better than that. I didn't give up. After searching all night (literally) about how to get into that router, I stumbled upon a blog that gave a brief info about "telnetenable" utility which could be used to access the router from command line. At that time, I knew nothing about telnet or command line. In the beginning I just couldn't get it to work. Then I figured I had to enable telnet from Windows settings. I did that and got a step further. I was now able to get into the router's shell by using default superuser login. But I didn’t know how to get the web access credentials from there. After googling some and a bit of trial and error, I got comfortable using cd, ls and cat commands. I hoped that some file in the router would have the web access credentials stored in cleartext. I spent the next hour just using cat to read every file. Luckily, I stumbled upon NVRAM which is used to store all config details of router. I went through all the output from cat (it was a lot of output) and discovered http_user and http_passwd. I tried that in the web interface and when it worked, my happiness knew no bounds. I literally ran across the floor screaming and shouting.

I knew nothing about hiding my tracks and soon my hostel’s admin found out I was tampering with the router's settings. But I was more than happy to share my discovery with him.

This experience planted a seed inside me and I went on to become the admin next year and eventually switch careers.

So that’s the story of how I met bash.
Thanks for reading!

One week, and it turned out to be worse than that.

I was put on a project for a COVID-19 program in America (The CARES Act). The financial team came to us on Monday morning and said they need to give away a couple thousand dollars.

No big deal. All they wanted was a single form that people could submit with some critical info. Didn't need a login/ registration flow or anything. You could have basically used Google Forms for this project.

The project landed in my lap just before lunch on Monday morning. I was a junior in a team with a senior and another junior on standby. It was going to go live the next Monday.

The scope of the project made it seem like the one week deadline wasn't too awful. We just had to send some high priority emails to get some prod servers and app keys and we were fine.

Now is the time where I pause the rant to express to you just how fine we were decidedly **not**: we were not fine.

Tuesday rolls around and what a bad Tuesday it was. It was the first of many requirement changes. There was going to need to be a review process. Instead of the team just reading submissions from the site, they needed accept and reject buttons. They needed a way to deny people for specific reasons. Meaning the employee dashboard just got a little more complicated.

Wednesday came around and yeah, we need a registration and login flow. Yikes.

Thursday came and the couple-thousand dollars turned into a tens of millions. The amount of users we expected just blew up.

Friday, and they needed a way for users to edit their submissions and re-submit if they were rejected. And we needed to send out emails for the status of their applications.

Every day, a new meeting. Every meeting, new requirements that were devastating given our timeframe.

We put in overtime. Came in on the weekend. And by Monday, we had a form that users could submit and a registration/ login flow. No reviewer dashboard. We figured we could take in user input on time and then finish the dashboard later.

Well, financial team has some qualms. They wanted a more complicated review process. They wanted roles; managers assign to assistants. Assistants review assigned items.

The deadline that we worked so hard on whizzed by without so much as a thought, much less the funeral it deserved.

Then, they wanted multiple people to review an application before it was final. Then, they needed different landing pages for a few more departments to be able to review different steps of the applications.

Ended up going live on Friday, close to a month after that faithful Monday which disrupted everything else I was working on, effective immediately.

I don't know why, but we always go live on a Friday for some reason. It must be some sort of conspiracy to force overtime out of our managers. I'm baffled.

But I worked support after the launch.

And there's a funny story about support too: we were asked to create a "submit an issue" form. Me and the other junior worked on it on a wednesday three weeks into the project. Finished it. And the next day it was scrapped and moved to another service we already had running. Poor management like that plagued the project and worked in tandem with the dynamic and ridiculous requirements to make this project hell.

Back to support.

Phone calls give me bad anxiety. But Friday, just before lunch, I was put on the support team. Sure, we have a department that makes calls and deal with users. But they can't be trained on this program: it didn't exist just a month ago, and three days ago it worked differently (the slippery requirements never stopped).

So all of Friday and then all of Saturday and all of Monday (...) I had extended panic attacks calling hundreds of people. And the team that was calling people was only two people. We had over 400 tickets in the first two days.

And fuck me, stupid me, for doing a good job. Because I was put on the call team for **another** COVID project afterwards. I knew nothing about this project. I have hated my job recently. But I'm a junior. What am I gonna say, no?

Was at my sisters place a little ago and somehow we came at the subject of her laptop.
For everyone who thinks I'm posting this solely to hate on windows, I'm not. This really happened and if you don't believe it, well, so be it, I guess.
Also keep in mind that's she's using a stock version without anything except for word and itunes installed.

She got it a couple of years ago and I dual booted it for her (windows + ubuntu). I fully expected her to use windows because of office and outlook etc.

Asked her anyways:

Me: So, you've got dual boot, although I think already know the answer, what system do you use mostly? (I didn't even consider that there was a possibility that the answer would be ubuntu or linux)
Sister: Ubuntu!
Me:
Me:
Me:
Me:
Me:
Me:
Me:
Me: 😵
Me: Sorry, what? You're not using windows as primary system?!
Sister: No. It at first takes that motherfucking system about 5 minutes to reach the FUCKING LOGIN SCREEN.
Me: Ow, that's bad :/
Me: *turns laptop on and indeed, it takes a fuckton of time*
Me: Is the password still the same as when I set it up for you?
Sister: Yesss.
Me: *types the password, it's working, loading screen appears*
Sister: Would you like a coffee?
Me: Uhm.... sure? But that would take you about 10-15 minutes to make.......?
Sister: Yes. And that's exactly how long it takes before that fucking piece of shit called windows has finally loaded the FUCKING DESKTOP.
Me: 😅
Me: Okay but it can't be that bad, right? I mean, I hate windows but you mostly need it for studies and such and as you know I'm not judging you for tha......
Sister: YES IT IS THAT FUCKING BAD. WHEN I'M IN CLASS, IT TAKES HALF THE FUCKING CLASS TO LOAD BEFORE I CAN OPEN WORD OR WHAT-THE-FUCK EVER.
THAT'S WHY I USE UBUNTU PRIMARILY, BECAUSE, ALTOUGH IT'S NOT MY FAVOURITE SYSTEM, IT. JUST. FUCKING. WORKS.

Well, I did definitely NOT see that one coming!

There is some bloatware on there but definitely as bad as what would cause this. Virus scan turned up empty. No. Fucking. Clue.
It's not a gaming laptop or anything but come on, it should run either windows or linux very well.

An intern I was supposed to lead (as an intern) and work with. Which sounded kinda crazy to me, but also fun so I rolled with it. But when I met her I quickly found out she didn't even have a coding editor installed and when I advised one she was "scared of virusses". She had Microsoft Edge in her toolbar, and some picture of a cat as a background. We were given some project by our boss, and a freelance programmer helped us set it up on Trello. Great, lets start! Oke maybe first some R&D, she had to reaeach how to use the Twilio API. After catching her on WhatsApp a few times I realised this wasnt gonna go anywere. After a few weeks of coding and posting a initial project to git I asked her if she could show me the code of the API she made so far..

She told me she was using the quickstart guide (the last 3 FUCKING weeks) which contained some test project with specific use cases.

The one that I did 3 weeks ago that same fucking morning.

AND SHE WAS STILL NOT DONE...

A few days later I asked her about the progress (strangly, I wasn't allowed ti give her another task bcs the freelanc already did) and guess what... She got fking pissed at me

Her: "I will come to you when im done, ok?"
Me: "I just want to see how it is going so far and if you are running into any problems!"
Her: "I dont want to show you right now"

She then goes to my fucking boss to tell him I am bothering her.

And omg... Please dear god please kill me now...

Instead of him saying the she probably didn't do shit. He says to me that the girl thinks im looking down on her and she needs a stress free environment to work in. She will show me when its done. ITS A FUCKING QUICKSTART GUIDE YOU DUMB BITCH.

He then procceeded to whine to me about the email template (another project I do at the same time) which didn't look perfect in all of his clients.

Dont they understand that I am not a frontend developer? Can you stop please? I know nothing about email templates, I told you this!!!

Really... the whole fucking internship the only thing the girl did was ask people if they want more tea. Then she starts cleaning the windows, talk to people for an hour, or clean everyone's dask.

all this while I already made 50% of the fucking product and she just finished the quickstart tutorial 😭. Truly 2 months wasted, and the worse thing is I didn't get any apprication. They constantly blamed me and whined at me. Sometimes for being 3 minutes late, the other for smoking too much, or because I drink to much coffee, or that I dont eat healthy. They even forced me to play Ping Pong. While im just trying to do my job. One of the worst things they got mad at me for if when my laptop got hacked bcs it was infected with some virus. He had remote access and bought 5 iPhones 6's with my paypal while I was on break. I had to go home and quickly reset all my passwords and make sure the iPhones wouldnt get delivered. strange this was, this laptop I only used at the company. So it must have been software I had to download there. Probably phpstorm (torrent). Bcs nobody would give me a license. And the freelancer said I * have to *.

the monday after I still had to reinstall windows so I called them and said I would be late. when I came they were so disrepectfull and didn't understand anything. It went a little like this:

Boss: why u late?
Me: had to reinstall my laptop, sorry.
Boss: why didnt you do this in your own time?
Me: well, I didn't have any time.
Boss: cant you do this in the weekend or something? Because now we have to pay you several hours bcs you downloaded something at home.

Me: I am only using this laptop for work so thats not possible.

Boss: how can that even be possible? You are not doing anything at home with your laptop? Is that why you never do anything at home?

Me: uhm, I have desktop computer you know. Its much faster. And I also need to rest sometimes. Areeb (freelancer) told me to torrent the software. He gave me the link. 2 days later this happends

Boss: Ahh okeee I see.. Well dont let it happen again.

After that nobody at the compamy trusted me with anything computer related. Yes it was my own fault I downloaded a virus but it can happen to anyone. After that I never used Windows again btw, also no more auto login apps.

Designer: Need to file a bug, I'm not getting an option to login with FaceID

Me: Oh weird bug. Is it setup on the phone you are testing with?

Designer: yes, use it in all other apps

Me: Did you get an error during onboarding on the FaceID screen?

Designer: nope no error

Me: ..... hhhmm, can you show me your settings?

Me: ... eh, says you have FaceID disabled for this app ... did you click "No" to FaceID during onboarding?

Designer: Yes, to test edge cases

Me: ................ ok ........ if you setup the app and told it to not allow FaceID to login ......... you won't get the ability to use FaceID to login .......... like .... by design .... on purpose ...... cause .... you told it to do that

Designer: No no, it needs to have a setting on the login screen to allow me to turn that back on incase I forget my passcode

Me: the fuck it does. Yeah we can't have anything on the login page that says, without authorization, change my settings

*Deep breath*

Me: Remember we had this conversation previously, where you didn't want the user to create a passcode during onboarding as it was too much friction, and wanted to do FaceID only. With your backup plan being to allow the user to create a NEW passcode on the login screen if FaceID failed .... remember that discussion we had about security? ... and how its important? ... and that we like having any? Ok so its the same reason as that, just with a different setting this time

Designer: ... hhmm i'm not sure I like this

Me: ... tough luck then, not happening

Me: oh and btw, remember we had that other talk about reproduction steps for bugs? Like when the app crashed and you told me it was because its in light mode, and nothing else at all? So disabling FaceID, is very relevant info to the problem of "I can't login with FaceID", please tell me these things first

When you login to a server through ssh for the first time with a specific domain or up address, you get a prompt asking to verify a signature with yes or no (on Linux at least).

That often goes well but sometimes when I already did that....:

ssh user@server
*types yes automatically and presses enter...........*
Neeeeeeeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaammmmmmmmmmmm:
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes^C
user@server: ~$
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C

Nooooo not again 😅

I'm trying to sign up for insurance benefits at work.

Step 1: Trying to find the website link -- it's non-existent. I don't know where I found it, but I saved it in keepassxc so I wouldn't have to search again. Time wasted: 30 minutes.

Step 2: Trying to log in. Ostensibly, this uses my work account. It does not. Time wasted: 10 minutes.

Step 3: Creating an account. Username and Password requirements are stupid, and the page doesn't show all of them. The username must be /[A-Za-z0-9]{8,60}/. The maximum password length is VARCHAR(20), and must include upper/lower case, number, special symbol, etc. and cannot include "password", repeated charcters, your username, etc. There is also a (required!) hint with /[A-Za-z0-9 ]{8,60}/ validation. Want to type a sentence? better not use any punctuation!

I find it hilarious that both my username and password hint can be three times longer than my actual password -- and can contain the password. Such brilliant security.

My typical username is less than 8 characters. All of my typical password formats are >25 characters. Trying to figure out memorable credentials and figuring out the hidden complexity/validation requirements for all of these and the hint... Time wasted: 30 minutes.

Step 4: Post-login. The website, post-login, does not work in firefox. I assumed it was one of my many ad/tracker/header/etc. blockers, and systematically disabled every one of them. After enabling ad and tracker networks, more and more of the site loaded, but it always failed. After disabling bloody everything, the site still refused to work. Why? It was fetching deeply-nested markup, plus styling and javascript, encoded in xml, via api. And that xml wasn't valid xml (missing root element). The failure wasn't due to blocking a vitally-important ad or tracker (as apparently they're all vital and the site chain-loads them off one another before loading content), it's due to shoddy development and lack of testing. Matches the rest of the site perfectly. Anyway, I eventually managed to get the site to load in Safari, of all browsers, on a different computer. Time wasted: 40 minutes.

Step 5: Contact info. After getting the site to work, I clicked the [Enroll] button. "Please allow about 10 minutes to enroll," it says. I'm up to an hour and 50 minutes by now. The first thing it asks for is contact info, such as email, phone, address, etc. It gives me a warning next to phone, saying I'm not set up for notifications yet. I think that's great. I select "change" next to the email, and try to give it my work email. There are two "preferred" radio buttons, one next to "Work email," one next to "Personal email" -- but there is only one textbox. Fine, I select the "Work" preferred button, sign up for a faux-personal tutanota email for work, and type it in. The site complains that I selected "Work" but only entered a personal email. Seriously serious. Out of curiosity, I select the "change" next to the phone number, and see that it gives me four options (home, work, cell, personal?), but only one set of inputs -- next to personal. Yep. That's amazing. Time spent: 10 minutes.

Step 6: Ranting. I started going through the benefits, realized it would take an hour+ to add dependents, research the various options, pick which benefits I want, etc. I'm already up to two hours by now, so instead I decided to stop and rant about how ridiculous this entire thing is. While typing this up, the site (unsurprisingly) automatically logged me out. Fine, I'll just log in again... and get an error saying my credentials are invalid. Okay... I very carefully type them in again. error: invalid credentials. sajfkasdjf.

Step 7 is going to be: Try to figure out how to log in again. Ugh.

"Please allow about 10 minutes" it said. Where's that facepalm emoji?

But like, seriously. How does someone even build a website THIS bad?

I’m so mad I’m fighting back anger tears. This is a long rant and I apologize but I’m so freaking mad.

So a few weeks ago I was asked by my lead staff person to do a data analysis project for the director of our dept. It was a pretty big project, spanning thousands of users. I was excited because I love this sort of thing and I really don’t have anything else to do. Well I don’t have access to the dataset, so I had to get it from my lead and he said he’d do it when he had a chance. Three days later he hadn’t given it to me yet. I approach him and he follows me to my desk, gives me his login and password to login to the secure freaking database, then has me clone it and put it on my computer.

So, I start working on it. It took me about six hours to clean the database, 2 to set up the parameters and plan of attack, and two or three to visualize the data. I realized about halfway through that my lead wasn’t sure about the parameters of the analysis, and I mentioned to him that the director had asked for more information than what he was having me do. He tells me he will speak with director.

So, our director is never there, so I give my lead about a week to speak with her, in the mean time I finish the project to the specifications that the director gave. I even included notes about information that I would need to make more accurate predictions, to draw conclusions, etc. It was really well documented.

Finally, exasperated, and with the project finished but just sitting on my computer for a week, I approached my director on a Saturday when I was working overtime. She confirmed that I needed to what she said in the project specs (duh), and also mentioned she needed a bigger data set than what I was working with if we had one. She told me to speak to my lead on Monday about this, but said that my work looked great.

Monday came and my lead wasn’t there so I spoke with my supervisor and she said that what I was using was the entire dataset, and that my work looked great and I could just send it off. So, at this point 2/3 of my bosses have seen the project, reviewed it, told me it was great, and confirmed that I was doing the right thing.

I sent it off to the director to disseminate to the appropriate people. Again, she looked at it and said it was great.

A week later (today) one of the people that the project was sent to approaches me and tells me that i did a great job and thank you so much for blah blah blah. She then asks me if the dataset I used included blahblah, and I said no, that I used what was given to me but that I’d be happy to go in and fix it if given the necessary data.

She tells me, “yeah the director was under the impression that these numbers were all about blahblah, so I think there was some kind of misunderstanding.” And then implied that I would not be the one fixing the mistake.

I’m being taken off of the project for two reasons: 1. it took to long to get the project out in the first place,
2. It didn’t even answer the questions that they needed answered.

I fucking told them in the notes and ALL THROUGH THE VISUALIZATIONS that I needed additional data to compare these things I’m so fucking mad. I’m so mad.

- devRant TOR rant! -

There is a recent post that just basically says 'fuck TOR' and it catches unfortunate amount of attention in the wrong way and many people seem to aggree with that, so it's about time I rant about a rant!

First of all, TOR never promised encryption. It's just used as an anonymizer tool which will get your request through its nodes and to the original destination it's supposed to arrive at.

Let's assume you're logging in over an unencrypted connection over TOR and your login information was stolen because of a bad exit node. Is your privacy now under threat? Even then, no! Unless of course you had decided to use your personal information for that login data!

And what does that even have to do with the US government having funded this project even if it's 100%? Are we all conspiracy theorists now?

Let's please stop the spread of bs and fear mongering so that we can talk about actual threats and attack vectors on the TOR network. Because we really don't have any other reliable means to stop a widely implemented censorship.

So...
I'm penetrationtesting a network and the servers on said network
The network administrator and IT security officer knows this, because they hired me..

TL;DR a scan caused the network to crash.

Today I received a very angry email going "Stop scanning NOW!" from one of the IT departments.

Apparently I crashed their login server and thus their entire network...
It happened d the first time I scanned the network from the outside and they had spend an entire day figuring out how and repairing the service they thought was the problem, but then it crashed again, when I scanned from within the network.

Now they want to send me a list of IP's that I'm not allowed to scan and want to know exactly what and when I'm scanning...

How crap can they be at their job, if they weren't able to spot a scan... The only reason they found out it was me was because the NA had whitelistet my IP, so that I could scan in peace...

- Let's make the authentication system so the user can only login in one device at time, because this is more secure.
- You know that this will be a general-public application, right?
- Yeah!
- Sou you want to "punish" users with a logoff on the other device when he tries to login in a new one?
- Yeah!
- But before you said we will use Json Web Token to make the backend stateless.
- Yeah!
- And how will we check if the token is the last one generated?
- We will store the last generated token for this user on a table in our DB.
- So... you are basically describing the old authentication model, with session tokens stored on the backend and communicating them via cookies.
- Yeah, but the token will be sent on the Header, not on cookies
- Okay, so why will we use Json Web Token to do this in the first place?
- Because this is how they're doing now, and this will make the backend stateless.

A moment of silence, please.

It were around 1997~1998, I was on middle school. It was a technical course, so we had programing languages classes, IT etc.

The IT guy of our computer lab had been replaced and the new one had blocked completely the access on the computers. We had to make everything on floppy disks, because he didn't trusted us to use the local hard disk. Our class asked him to remove some of the restrictions, but he just ignored us. Nobody liked that guy. Not us, not the teachers, not the trainees at the lab.

Someday a friend and me arrived a little bit early at the school. We gone to the lab and another friend that was a trainee on the lab (that is registered here, on DevRant) allowed us to come inside. We had already memorized all the commands. We crawled in the dark lab to the server. Put a ms dos 5.3 boot disk with a program to open ntfs partitions and without turn on the computer monitor, we booted the server.

At that time, Windows stored all passwords in an encrypted file. We knew the exact path and copied the file into the floppy disk.

To avoid any problems with the floppy disk, we asked the director of the school to get out just to get a homework we theorically forgot at our friends house that was on the same block at school. We were not lying at all. He really lived there and he had the best computer of us.

The decrypt program stayed running for one week until it finds the password we did want: the root.

We came back to the lab at the class. Logged in with the root account. We just created another account with a generic name but the same privileges as root. First, we looked for any hidden backup at network and deleted. Second, we were lucky: all the computers of the school were on the same network. If you were the admin, you could connect anywhere. So we connected to a "finance" computer that was really the finances and we could get lists of all the students with debits, who had any discount etc. We copied it to us case we were discovered and had to use anything to bargain.

Now the fun part: we removed the privileges of all accounts that were higher than the trainee accounts. They had no access to hard disks anymore. They had just the students privileges now.

After that, we changed the root password. Neither we knew it. And last, but not least, we changed the students login, giving them trainee privileges.

We just deleted our account with root powers, logged in as student and pretended everything was normal.

End of class, we went home. Next day, the lab was closed. The entire school (that was school, mid school and college at the same place) was frozen. Classes were normal, but nothing more worked. Library, finances, labs, nothing. They had no access anymore.

We celebrated it as it were new years eve. One of our teachers came to us saying congratulations, as he knew it had been us. We answered with a "I don't know what are you talking about". He laughed and gone to his class.

We really have fun remembering this "adventure". :)

PS: the admin formatted all the servers to fix the mess. They had plenty of servers.

Just wow. I am amazed by what just happened.

A year ago my parents decided to switch from desktop to laptop for convenience. Knowing their needs, i bought them one without an OS and installed Ubuntu 16.04 on it. The thing is that if you do a regular maintenance of the laptop once a year at their partner company, you get additional 4 years of warranty (this offer is amazing).

So today was the day I brought the laptop for this maintenance for the first time. They make you a profile on their support website where you can track shit regarding your device, super convenient. First thing I notice that the login page was not https. Awkward, but there is no sensitive data here so i let it pass. Naturally i forgot my password, so I requested a new one and guess what? I recieved it in plaintext via mail. A tech repair oriented company does this, my god.

I went there, gave them the laptop in question and got a piece of paper, where they wrote that the laptop is in their hands now, and the current physical state of the laptop, and blabla.

I got home and I read what the guy wrote among other things: THE OPERATING SYSTEM IS NOT LEGAL.

How the fuck is Ubuntu not legal??? What the fuck is this shit? I sure as hell didn't torrent it or bought a booteged copy on the streets.

The tech stack at my current gig is the worst shit I’ve ever dealt with...

I can’t fucking stand programs, especially browser based programs, to open new windows. New tab, okay sure, ideally I just want the current tab I’m on to update when I click on a link.

Ticketing system: Autotask
Fucking opens up with a crappy piss poor sorting method and no proper filtering for ticket views. Nope you have to go create a fucking dashboard to parse/filter the shit you want to see. So I either have to go create a metric-arse tonne of custom ticket views and switch between them or just use the default turdburger view. Add to that that when I click on a ticket, it opens another fucking window with the ticket information. If I want to do time entry, it just feels some primal need to open another fucking window!!! Then even if I mark the ticket complete it just minimizes the goddamn second ticket window. So my jankbox-supreme PC that my company provided gets to strugglepuff along trying to keep 10 million chrome windows open. Yeah, sure 6GB of ram is great for IT work, especially when using hot steaming piles of trashjuice software!

I have to manually close these windows regularly throughout the day or the system just shits the bed and halts.

RMM tool: Continuum
This fucker takes the goddamn soggy waffle award for being utterly fucking useless. Same problem with the windows as autotask except this special snowflake likes to open a login prompt as a full-fuck-mothering-new window when we need to open a LMI rescue session!!! I need to enter a username and a password. That’s it! I don’t need a full screen window to enter credentials! FUCK!!! Btw the LMI tools only work like 70% of the time and drag ass compared to literally every other remote support tool I’ve ever used. I’ve found that it’s sometimes just faster to walk someone through enabling RDP on their system then remoting in from another system where LMI didn’t decide to be fully suicidal and just kill itself.

Our fucking chief asshat and sergeant fucknuts mcdoogal can’t fucking setup anything so the antivirus software is pushed to all client systems but everything is just set to the default site settings. Absolutely zero care or thought or effort was put forth and these gorilla spunk drinking, rimjob jockey motherfuckers sell this as a managed AntiVirus.

We use a shitty password manager than no one besides I use because there is a fully unencrypted oneNote notebook that everyone uses because fuck security right? “Sometimes it’s just faster to have the passwords at the ready without having to log into the password manager.” Chief Asshat in my first week on the job.

Not to mention that windows server is unlicensed in almost every client environment, the domain admin password is same across multiple client sites, is the same password to log into firewalls, and office 365 environments!!!

I’ve brought up tons of ways to fix these problems, but they have their heads so far up their own asses getting high on undeserved smugness since “they have been in business for almost ten years”. Like, Whoop Dee MotherFucking Doo! You have only been lucky to skate by with this dumpster fire you call a software stack, you could probably fill 10 olympic sized swimming pools to the brim with the logarrhea that flows from your gullets not only to us but also to your customers, and you won’t implement anything that is good for you, your company, or your poor clients because you take ten minutes to try and understand something new.

I’m fucking livid because I’m stuck in a position where I can’t just quit and work on my business full time. I’m married and have a 6m old baby. Between both my wife and I working we barely make ends meet and there’s absolutely zero reason that I couldn’t be providing better service to customers without having to lie through my teeth to them and I could easily support my family and be about 264826290461% happier!

But because we make so little, I can’t scrap together enough money to get Terranimbus (my startup) bootstrapped. We have zero expendable/savable income each month and it’s killing my soul. It’s so fucking frustrating knowing that a little time and some capital is all that stands between a better life for my family and I and being able to provide a better overall service out there over these kinds of shady as fuck knob gobblers.

TL;DR :

"when i die i want my group project members to lower me into my grave so they can let me down one last time"

STORY TIME

Last year in College, I had two simultaneous projects. Both were semester long projects. One was for a database class an another was for a software engineering class.

As you can guess, the focus of the projects was very different. Databases we made some desktop networked chat application with a user login system and what not in Java. SE we made an app store with an approval system and admin panels and ratings and reviews and all that jazz in Meteor.js.

The DB project we had 4 total people and one of them was someone we'll call Frank. Frank was also in my SE project group. Frank disappeared for several weeks. Not in class, didn't contact us, and at one point the professors didn't know much either. As soon as we noticed it would be an issue, we talked to the professors. Just keeping them in the loop will save you a lot of trouble down the road. I'm assuming there was some medical or family emergency because the professors were very understanding with him once he started coming back to class and they had a chance to talk.

Lesson 1: If you have that guy that doesn't show up or communicate, don't be a jerk to them and communicate with your professor. Also, don't stop trying to contact the rogue partner. Maybe they'll come around sometime.

It sucked to lose 25% of our team for a project, but Frank appreciated that we didn't totally ignore him and throw him under the bus to the point that the last day of class he came up to me and said, "hey, open your book bag and bring it next to mine." He then threw a LARGE bottle of booze in there as a thank you.

Lesson 2: Treat humans as humans. Things go wrong and understanding that will get you a lot farther with people than trying to make them feel terrible about something that may have been out of their control.

Our DB project went really well. We got an A, we demoed, it worked, it was cool. The biggest problem is I was the only person that had taken a networking class so I ended up doing a large portion of the work. I wish I had taken other people's skills into account when we were deciding on a project. Especially because the only requirement was that it needed to have a minimum of 5 tables and we had to use some SQL language (aka, we couldn't use no-SQL).

The SE project had Frank and a music major who wanted to minor in CS (and then 3 other regular CS students aside from me). This assignment was make an app store using any technology you want. But, you had to use agile sprints. So we had weekly meetings with the "customer" (the TA), who would change requirements on us to keep us on our toes and tell us what they wanted done as a priority for the next meeting. Seriously, just like real life. It was so much fun trying to stay ahead of that.

So we met up and tried to decided what to use. One kid said Java because we all had it for school. The big issue is trying to make a Java web app is a pain in the ass. Seriously, there are so many better things to use. Other teams decided to use Django because they all wanted to learn Python. I suggested why not use something with a nice package system to minimize duplicating work that had already been done and tested by someone. Kid 1 didn't like that because he said in the real world you have to make your own software and not use packages. Little did he know that I had worked in SE for a few years already and knew damn well that every good project has code from somewhere else that has already solved a problem you're facing. We went with Java the first week. It failed miserably. Nobody could get the server set up on their computers. Using VCS with it required you to keep the repo outside of the where you wrote code and copy and paste changes in there. It was just a huge flop so everyone else voted to change.

Lesson 3: Be flexible. Be open to learning new things. Don't be afraid to try something new. It'll make you a better developer in the long run.

So we ended up using Meteor. Why? We all figured we could pick up javascript super easy.Two of us already knew it. And the real time thing would make for some cool effects when an app got a approved or a comment was made. We got to work and the one kid was still pissed. I just checked the repo and the only thing he committed was fixing the spelling of on word in the readme.

We sat down one day and worked for 4 straight hours. We finished the whole project in that time. While other teams were figuring out how to layout their homepage, we had a working user system and admin page and everything. Our TA was trying to throw us for loops by asking for crazy things and we still came through. We had tests that ran along side the application as you used it. It was friggin cool.

Lesson 4: If possible, pick the right tool for the job. Not the tool you know. Everything in CS has a purpose. If you use it for its purpose, you will save days off of a project.

Best part about the covid19 manufactured crisis?
Liquor stores deliver. Worst part about liquor stores delivering? Needing to use their shoddy websites.

I've been using a particular store (Total Wines) since they're cheaper than the rest and have better selection; it's quite literally a large warehouse made to look like a store.

Their website tries really hard to look professional, too, but it's just not. It took me two days to order, and not just from lack of time -- though from working 14 hour days, that's a factor.

Signing up was difficult. Your username is an email address, but you can't use comments because the server 500s, making the ajax call produce a wonderfully ambiguous error message. It also fades the page out like it's waiting on something, but that fade is on top of the error modal too. Similar error with the password field, though I don't remember how I triggered it.

Signing up also requires agreeing to subscribe to their newsletter. it's technically an opt-in, but not opting-in doesn't allow you to proceed. Same with opting-in to receiving a text notification when your order is ready for pickup -- you also opt-in to reciving SMS spam.

Another issue: After signing up, you start to navigate through the paginated product list. Every page change scrolls you to the exact middle of the next page. Not deliberatly; the UI loads first, and the browser gets as close as it can to your previous position -- which was below that as the pagination is at the bottom -- and then the products populate after. But regardless of why, there is no worse place to start because now you must scroll in both directions to view the products. If it stayed at the very bottom, it would at least mean you only need to scroll upwards to look at everything on the page. Minor, but increasingly irritating.

Also, they have like 198 pages of spirits alone because each size is unique entry. A 50ml, 350ml, 500ml, 750ml, 1000ml, and 1750ml bottle of e.g. Tito's vodka isn't one product, it's six. and they're sorted seemingly randomly. I think it's by available stock, looking back.

If you fancy a product, you can click on it for a detail page. Said detail page lists the various sizes in a dropdown, but they're not sorted correctly either, and changing sizes triggers a page reload, which leads to another problem:

if you navigate to more than a few pages within a 10 or so second window, the site accuses you of using browser automation. No captcha here, just a "click me for five seconds" button. However, it (usually) also triggers the check on every other tab you have open after its next nagivation.

That product page also randomly doesn't work. I haven't narrowed it down, but it will randomly decide to start failing, and won't stop failing for hours. It renders the page just fine, then immediately replaces it with a blank page. When it's failing, the only way to interact with the page is a perfectly-timed [esc], which can (and usually does) break all other page functionality, too. Absolutely great when you need to re-add everything from a stale copy of your signed-out cart living in another tab. More on that later. And don't forget to slow down to bypass the "browser automation" check, too!

Oh, and if you're using container tabs, make sure to open new tabs in the SAME container, as any request from the same IP without the login cookie will usually trigger that "browser automation" response, too.

The site also randomly signs you out, but allows you to continue amassing your cart. You'd think this is a good thing until you choose to sign in again... which empties your cart. It's like they don't want to make a sale at all.

The site also randomly forgets your name, replacing it with "null." My screen currently says "Hello, null". Hello, cruft!

It took me two days to order.
Mostly from lack of time, as i've been pulling 14 hour shifts lately trying to get everything done. but the sheer number of bugs certainly wasted most of what little time i had left. Now I definitely need a drink.

But maybe putting up with all of this is worthwhile because of their loyalty program? Apparently if you spend $500, you can take $5 off your next purchase! Yay! 1%! And your points expire! There are three levels; maybe it gets better. Level zero is for everyone; $0 requirement. There are also levels at $500 and $2500. That last one is seriously 5x more than the first paid level. and what does it earn you? A 'free' magazine subscription, 'free' classes (they're usually like $20-$50 iirc), and a 'free' grab bag (a $2.99 value!) twice per month. All for spending $2500. What a steal. It reminds me of Candy Crush's 3-star system where the first two stars are trivial, and the third is usually a difficult stretch goal. But here it's just thinly-veiled manipulation with no benefit.

I can tell they're employing some "smarketing" people with big ideas (read: stolen mistakes), but it's just such a fail.

The whole thing is a fail.

!!oracle

I'm trying to install a minecraft modpack to play with a friend, and I'm super psyced about it. According to the modpack instructions, the first step is to download the java8 jre. Not sure if I actually need it or not, but it can download while I'm doing everything else, so I dutifully go to the download page and find the appropriate version. The download link does point to the file, but redirects to a login page instead. Apparently I need an oracle account to download anything on their site. stupid.

So I make an account. It requires my life story, or at least full name and address and phone number. stupid. So my name is now "fuck off" and I live in Hell, Michigan. My email is also "gofuckyourself" because I'm feeling spiteful. Also, for some reason every character takes about 3/4ths of a second to type, so it's very slow going. Passwords also cannot contain spaces, which makes me think they're doing some stupid "security" shenanigans like custom reversible encryption with some 5th grade math. or they're just stupid. Whatever, I make the stupid account.

Afterwards, I try to log in, but apparently my browser-saved credentials are wrong? I try a few more times, try enabling all of the javascripts, etc. No beans. Okay, maybe I can't use it until I verify the email? That actually makes some sense. Fine, I go check the throwaway inbox. No verification email. It's been like five minutes, but it's oracle so they probably just failed at it like everything else, so I try to have them resend the email. I find the resend link, and try it. Every time I enter my email address, though, it either gives me a validation error or a server error. I try a few mores times, and give up. I try to log in again; no dice. Giving up, I go do something else for awhile.

On a whim later, I check for the verification email again. Apparently it just takes bloody forever, but it did show up. Except instead of the first name "Fuck" I entered, I'm now "Andrew", apparently. okay.... whatever. I click the verify button anyway, and to my surprise it actually works, and says that I'm now allowed to use my account. Yay!

So, I go back to the login page (from the download link) and enter my credentials. A new error appears! I cannot use redirects, apparently, and "must type in the page address I want to visit manually." huh? okay, i go to the page directly, and see the same bloody error because of course i do because oracle fucking sucks. So I close the page, go back to the download list, click the link, wait for the login page redirect (which is so totally not allowed, apparently, except it works and manual navigation does not. yay backwards!), and try to log in.

Instead of being presented with an error because of the redirect, it lets me (try to) log in. But despite using prefilled creds (and also copy/pasting), it tells me they're invalid. I open a new tab container, clear the cache (just to be thorough), and repeat the above steps. This time it redirects me to a single signon server page (their concept of oauth), and presents me with a system error telling me to contact "the Administrator." -.- Any second attempts, refreshes, etc. just display the same error.

Further attempts to log in from the download page fail with the same invalid credentials error as before.

Fucking oracle and their reverse Midas touch.

I just tried to sign up to Instagram. I made a big mistake.

First up with Facebook related stuff is data. Data, data and more data. Initially when you sign up (with a new account, not login with Facebook) you're asked your real name, email address and phone number. And finally the username you'd like to have on the service. I gave them a phone number that I actually own, that is in my iPhone, my daily driver right now (and yes I have 3 Androids which all run custom ROMs, hold your keyboards). The email address is a usual for me, instagram at my domain. I am a postmaster after all, and my mail server is a catch-all one. For a setup like that, this is perfectly reasonable. And here it's no different, devrant at my domain. On Facebook even, I use fb at my domain. I'm sure you're starting to see a pattern here. And on Facebook the username, real name and email domain are actually the same.

So I signed up, with - as far as I'm aware - perfectly valid data. I submitted the data and was told that someone at Instagram will review the data within 24 hours. That's already pretty dystopian to me. It is now how you block bots. It is not how Facebook does it either, at least since last time I checked. But whatever. You'd imagine that regardless of the result, they'd let you know. Cool, you're in, or sorry, you're rejected and here's why. Nope.

Fast-forward to today when I recalled that I wanted to sign up to Instagram to see my girlfriend's pictures. So I opened Chromium again that I already use only for the rancid Facebook shit.. and it was rejected. Apparently the mere act of signing up is a Terms of Service violation. I have read them. I do not know which section I have violated with the heinous act of signing up. But I do have a hunch.

Many times now have I been told by ignorant organizations that I would be "stealing" their intellectual property, or business assets or whatever, just because I sent them an email from their name on my domain. It is fucking retarded. That is MY domain, not yours. Learn how email works before you go educate a postmaster. Always funny to tell them how that works. But I think that in this case, that is what happened.

So I appealed it, using a random link to something on Instagram's help section from a third-party blog. You know it's good when the third-party random blog is better. But I found the form and filled it in. Same shit all over again for info, prefilling be damned I guess. Minor convenience though, whatever.

I get sent an email in German, because apparently browsing through a VPS in Germany acting as a VPN means you're German. Whatever... After translating it, I found that it asks me to upload a picture of myself, holding a paper in my hands, on which I would have a confirmation code, my username, and my email address.. all hand-written. It must not be too dark, it must be clear, it must be in JPEG.. look, I just wanted to fucking sign up.

I sent them an email back asking them to fix all of this. While I was writing it and this rant, I thought to myself that they can shove that piece of paper up their ass. In fact I would gladly do it for them.

Long story short, do not use Instagram. And one final thing I have gripes with every time. You are not being told all the data you'll have to present from the get-go. You're not being told the process. Initially I thought it'd just be email, phone, username, and real name. Once signed up (instantly, not within 24 hours!) I would start setting up my account and adding a profile picture. The right way to ask for a picture of me! And just do it at my own pace, as I please.

And for God's sake, tackle abuse when it actually happens. You'll find out who's a bot and who isn't by their usage patterns soon enough. Do not do any of this at sign-up. Or hell, use a CAPTCHA or whatever, I don't fucking care. There's so many millions of ways to skin this cat.

Facebook and especially Instagram. Both of them are fucking retarded.

NO FUCKING GOOD NIGHT FOR FLOYD.

THIS MULTI FACTOR AUTHENTICATION IS A FUCKING NIGHTMARE.

So my organisation uses some MFA app as an SSO to access any and everything. Fantastic. Absolutely wonderful. No VPN shit and one password to rule them all.

But, for some reason I accidentally deleted the app from my phone and as any normal human being would do, I also reinstalled the app.

Well, post reinstalling, the app does not detect the linked Org account.

I was cool, when I'll login, the system will throw a prompt to map the phone.

So I login to org URL from my machine and lo and behold, the URL says that MFA is already linked to the phone and I have to enter the Citrix type code to login.

But phone does not show the code because account is no longer linked and web does not have option to change/re-register the phone.

What the actual unholy fuck?????? Bloody retards. How am I suppose to get in now?

So after a Googling for a bit, a thread mentioned that this is most common issue faced by users with this MFA app. The only way to get this resolved is to contact your IT team.

Cool. Let's do that.

I opened the link to my IT portal and it asks me to login via SSO which is what I need help with in first place.

I can't login to Slack because fuckers ask SSO every time the app is exited. So no contact there.

Thankfully bastards allow Outlook so was able to drop a note to one of my team member, whom I connected recently and is very nice, asking her to help me sort this IT team.

If this is the most common use case then why the fuck not add a feature to help people overcome this shit?

And my IT team is absolute nuts. No other way allowed to reset the linking or connect them or any help links provided on login page.

Whoever was behind this design should be dipped in donkey shit and deep fried in pig urine.

Red flags in your first week of your software engineering job 🚩

You do the first few days not speaking to anyone.
You can't get into the building and no one turns up until mid day.
The receptionist thinks you're too well dressed to work in this building, thinks you're a spy and calls security on you.
You are eating alone during lunch time in the cafeteria
You have bring your own material for making coffee for yourself

When you try to read the onboarding docs and there aren't any.
You have to write the onboarding docs.

You don't have team mates.
When you ask another team how things are going and they just laugh and cry.😂😭

There's no computer for you, and not even an "it's delayed" excuse. They weren't expecting you.
Your are given a TI PC, because "that's all we have", even though there's no software for it, and it's not quite IBM compatible.
You don't have local admin rights on your computer.💀
You have to buy a laptop yourself to be able to do your job.

It's the end of the week and you still don't have your environment set up and running.
You look at the codebase and there are no automated tests.
You have to request access every time you need to install something through a company tool that looks like it was made in 2001.

Various tasks can only be performed by one single person and they are either out sick or on vacation.
You have to keep track of your time in 6 minute increments, assigned to projects you don't know, by project numbers everyone has memorised (and therefore aren't written down).
You have to fill in timesheets and it takes you 30 minutes each day to fill them in because the system is so clunky.🤮

Your first email is a phishing test from the IT department in another country and timezone, but it has useful information in it, like how to login to the VPN.
Your second email is not a phishing test, but has similar information as the first one. (You ignore it.)
Your name is spelled wrong in every system, in a different way. 2 departments decide that it's too much trouble, and they never fix the spelling as long as you work there. One of them fixes it after you leave, and annoys you for a month because you haven't filled out the customer survey.

sooooooooo for my current graduate class we were to use the MVC pattern to build an IOS application(they preferred it if we did an IOS application) or if you didn't have an Apple computer: an Android application.

The thing is, they specified to use Java, while in their lectures and demos they made a lot of points for other technologies, hybrid technologies, such as React Cordova, all that shit, they even mentioned React Native and more. But not one single mention of Kotlin. Last time I tried my hand at Android development was way before Kotlin, it was actually my first major development job: Mobile development, for which we used Obj C on the IOS part and well, Java on the Android part.

As some of you might now, I rarely have something bad to say about a tech stack(except for VBA which I despise, but I digress) and I love and use Java at work. But the Android API has always seem unnecessarily complex for my taste, because of that, when I was working as a mobile development I dreaded every single minute in which I had to code for Android, Google had a great way to make people despise Java through their Android API. I am not saying it is shit, I am not saying it is bad, I just-dont-like-it.

Kotlin, proves a superior choice in my humble opinion for Android development, and because the language is for retards, it was fairly easy for me to pick it up in about 2 hours. I was already redesigning some of my largest Spring applications using half the code and implemented about 80% of the application's functionality in less than 3 hours(login, fragment manipulation, permissions, bla bla) and by that time I started to wonder if the app built on Kotlin would be ok. And why not? If they specifically mentioned and demonstrated examples using Swift, then surely Kotlin would be fine no? Between Kotlin and Java it is easy to see that kotlin is more similar to Swift than Java. So I sent an email. Their response: "I am sorry, but we would much rather you stick with the official implementations for Android, which in this case is Java for the development of the application"

I was like 0.o wat? So I replied back sending links and documentation where Google touted Kotlin as the new and preferred way to develop Android applications, not as a second class citizen of the platform, but as THE preferred stack. Same response.

Eventually one of the instructors reflected long enough on it to say that it was fine if I developed the application in Kotlin, but they advised me that since they already had grading criteria for the Java program I had to redo it in Java. It did not took me long really, once I was finished with the Kotlin application I basically rewrote only a couple of things into Java.

The end result? I think that for Android I still greatly prefer Kotlin. Even though I am not the biggest fan of Kotlin for anything else, or as my preferred language in the JVM.

I just.......wish....they would have said something along the lines of: "Nah fam please rewrite that shit for Java since we don't have grading criterias in place for Kotlin, sorry bruh, 10/10 gg tho" instead of them getting into an email battle with me concerning Kotlin being or not being the language to use in Android. It made me feel that they effectively had no clue what they were talking about and as such not really capable of taking care of students on a graduate level program.

Made me feel dirty.

Boss: "So I'm taking the next week off. In the mean time, I added some stuff for you to do on Gitlab, we'd need you to pull this Docker image, run it, setup the minimal requirement and play with it until you understand what it does."

Me: "K boss, sounds fun!" (no irony here)

First day: Unable to login to the remote repository. Also, I was given a dude's name to contact if I had troubles, the dude didn't answer his email.

2nd day: The dude aswered! Also, I realized that I couldn't reach the repository because the ISP for whom I work blocks everything within specific ports, and the url I had to reach was ":5443". Yay. However, I still can't login to the repo nor pull the image, the connection gets closed.

3rd day (today): A colleague suggested that I removed myself off the ISP's network and use my 4G or something. And it worked! Finally!! Now all I need to do is to set that token they gave me, set a first user, a first password and... get a 400 HTTP response. Fuck. FUCK. FUUUUUUUUUUUUUUUUUUUCK!!!

These fuckers display a 401 error, while returning a 400 error in the console log!! And the errors says what? "Request failed with status code 401" YES THANK YOU, THIS IS SO HELPFUL! Like fuck yea, I know exactly how t fix this, except that I don't because y'all fuckers don't give any detail on what could be the problem!

4th day (tomorrow): I'm gonna barbecue these sons of a bitch

(bottom note: the dude that answered is actually really cool, I won't barbecue him)

A few days ago Aruba Cloud terminated my VPS's without notice (shortly after my previous rant about email spam). The reason behind it is rather mundane - while slightly tipsy I wanted to send some traffic back to those Chinese smtp-shop assholes.

Around half an hour later I found that e1.nixmagic.com had lost its network link. I logged into the admin panel at Aruba and connected to the recovery console. In the kernel log there was a mention of the main network link being unresponsive. Apparently Aruba Cloud's automated systems had cut it off.

Shortly afterwards I got an email about the suspension, requested that I get back to them within 72 hours.. despite the email being from a noreply address. Big brain right there.

Now one server wasn't yet a reason to consider this a major outage. I did have 3 edge nodes, all of which had equal duties and importance in the network. However an hour later I found that Aruba had also shut down the other 2 instances, despite those doing nothing wrong. Another hour later I found my account limited, unable to login to the admin panel. Oh and did I mention that for anything in that admin panel, you have to login to the customer area first? And that the account ID used to login there is more secure than the password? Yeah their password security is that good. Normally my passwords would be 64 random characters.. not there.

So with all my servers now gone, I immediately considered it an emergency. Aruba's employees had already left the office, and wouldn't get back to me until the next day (on-call be damned I guess?). So I had to immediately pull an all-nighter and deploy new servers elsewhere and move my DNS records to those ASAP. For that I chose Hetzner.

Now at Hetzner I was actually very pleasantly surprised at just how clean the interface was, how it puts the project front and center in everything, and just tells you "this is what this is and what it does", nothing else. Despite being a sysadmin myself, I find the hosting part of it insignificant. The project - the application that is to be hosted - that's what's important. Administration of a datacenter on the other hand is background stuff. Aruba's interface is very cluttered, on Hetzner it's super clean. Night and day difference.

Oh and the specs are better for the same price, the password security is actually decent, and the servers are already up despite me not having paid for anything yet. That's incredible if you ask me.. they actually trust a new customer to pay the bills afterwards. How about you Aruba Cloud? Oh yeah.. too much to ask for right. Even the network isn't something you can trust a long-time customer of yours with.

So everything has been set up again now, and there are some things I would like to stress about hosting providers.

You don't own the hardware. While you do have root access, you don't have hardware access at all. Remember that therefore you can't store anything on it that you can't afford to lose, have stolen, or otherwise compromised. This is something I kept in mind when I made my servers. The edge nodes do nothing but reverse proxying the services from my LXC containers at home. Therefore the edge nodes could go down, while the worker nodes still kept running. All that was necessary was a new set of reverse proxies. On the other hand, if e.g. my Gitea server were to be hosted directly on those VPS's, losing that would've been devastating. All my configs, projects, mirrors and shit are hosted there.

Also remember that your hosting provider can terminate you at any time, for any reason. Server redundancy is not enough. If you can afford multiple redundant servers, get them at different hosting providers. I've looked at Aruba Cloud's Terms of Use and this is indeed something they were legally allowed to do. Any reason, any time, no notice. They covered all their bases. Make sure you do too, and hope that you'll never need it.

Oh, right - this is a rant - Aruba Cloud you are a bunch of assholes. Kindly take a 1Gbps DDoS attack up your ass in exchange for that termination without notice, will you?

I once agreed to maintain and develop an application used in a different section of the school to keep inventory and make sure everything is where it is supposed to be.

At first there was enthusiasm, together with 2 of my classmates we agreed and git clone-d the .NET application that now graduated students built and maintained for the past few years. What could go wrong right?!

It became clear that the original students that worked on it followed an older curriculum, meaning they still got taught .NET instead of the core variant that we get now, not only that but it also seemed that they either did not fully grasp the Clean/Onion architecture or didn't get it in class since there were infrastructure components in the 'Domain' project of the solution. Think of 2 DBContexts in the domain model, yep.

One of us bailed in the first week, the other one and I felt bad for the people using the app so we went on and tried to work on the first bugs that were described in a document. One of these bugs was 'whenever I filter on something in the list, everybody gets to see that filter on their screen instead of only me'. Woah that's weird! Let's see how they put that together!

Oh god, they are using a _static_ variable to store filters, no wonder that it doesn't work properly. Ever heard of sessions?!

Second bug: Sometimes people can't create an account when we sign them up from the admin panel. Alright that is weird, let's figure that one out! Wait a second it seems to work in development? What's this about.

Oh wait I can't create an account on production either? Oh that's weird, wait a second... Why do I have to put my e-mail in a form that was sent to me through e-mail? Why is my address not filled in already? OOH, if someone types in the wrong e-mail address (which is easy since our school has 4 variants of the same f*cking e-mail address) it won't work since it can't recognize the user! Brilliant! Remove e-mail input box and make a token/queryparam determine the user account.

Ah that seems good, it's a mess but it seems a tiny bit better now, great! We're making progress and some sweet buck.

Next bug, trillions of 50x errors on random pages, that's a weird one.

Hm everything works in development, that's odd. Is the production data corrupted?

DID I MENTION that in order to get into the system in development we have to load in a f*cking production database backup ON OUR DEVELOPMENT MACHINE and then ask one of the users' password to login to it and create an account for ourselves? Seeding? What's that, right?!

Anyway, back to bug fixing. I e-mail the the people responsible for the app and get a production admin account, oh I also can't ssh into it because of policies so I have to do everything over e-mail and figure out what's causing the errors. I somehow also wonder if they have any kind of virtualization in place, giving students a VM to do that stuff in doesn't seem so weird does it ? Even with school policies?

Oh btw, 'deploying' means sending a .zip file to a guy in another building and telling him how to configure it, apparently this resulted in a missing folder that the application needed to work and couldn't make on its own. This after 2 weeks of e-mailing back and forth.

After 3 months i quit out of despair and sadness, and due to the fact that I just couldn't do it anymore. I separated everything into logical subprojects and let the last guy handle it, he was OK with that and understood why I left.

Luckily, around that time I already had an actual job at a software development company :)

Ok this is freaking creepy. I searched for information about login systems on other websites for some time. Not once did I touch Facebook. Then Facebook show me targeted ads when I hoped on 30 minutes later. How the heck does Facebook get that data in the first place? I'm starting to get pissed that my data is just handed out to everyone, even by search engines.

My very first rant here was about the mess of ticket submission and ticket tracking applications we use, and about how we were moving to a single unified system some day.

Well, that day is today. And, predictably, it went horribly wrong.

So the way it's supposed to work is people login to the portal, search for what they want to request, then fill in details and submit. It creates a request ticket assigned to the appropriate team. (The old way involved a bunch of nonsense that you can see in my first rant).

The thing is, I found out about this today, when I got a company-wide email saying the new system was live as of this morning. None of us knew it would happen today. Not that I could've foreseen any issues just by getting the announcement early, but still, usually people find out about these things beforehand.

So, ecstatic to finally be rid of the old ticket tracking system, I log into the new system and look for our request form, which is, of course, not there. I check the old system and see that they combined every single "general request" into a single request where you pick which team the request goes to.

So I finally find the right request, pick the right department from the drop-down, and see that the request looks much better than it did on the old system. Out of curiosity, I look at the list of people who are part of that department.

I am not on the list.

My ENTIRE TEAM is not on the list.

Because they migrated the team data to the new system a year ago, when the issue tracking/reporting portion of it went live. My current team was hired approximately six months after that and apparently updating the team data in the new system isn't part of our Onboarding process yet.

So... Bright side is I guess I will have a lot of free time soon since nobody can submit new project work to my team?

tl;dr: they took a great software product and implemented it so poorly that our team can't use it.

Guys what I want to know is how do you secure your code so that they pay you after you deliver the code to them?
So recently I was in this internship that I secured with an over-the-phone interview and the guy who was contacting me was the CEO of the company (I'm going to refer to him as "the fucking cunt" from now on). He asked me to do some OCR and translations and I managed to write a few scripts that automate the entire process. The fucking cunt made me login remotely to his desktop which was connected to the server (who the fuck does that) and I had to operate on the server from his system. I helped him with the installation and taught him how to use the scripts by altering the parameters and stuff, and you know what the fucking cunt did from the next day onward? Dropped contact. Like completely. I kept bombing emails upon emails and tried calling him day after day, the fucking cunt either picked up and cut the call immediately on recognising its me or didn't pick up at all. And the reason he wasn't able to pay me was, and I quote, "I am in US right now, will pay you when I get back to India." I was like "The fuck was PayPal invented for?" Being the naive fool that I was, I believed him (it was my first time) and waited patiently till the date he mentioned and then lodged a complain in the portal itself where he had posted the job initially. They raised a concern with the employer and you know what the fucking cunt replied? "He has not been able to achieve enough accuracy on the translations". Doesn't even know good translation systems don't exist till date ( BTW I used a client for the google translate API). It has been weeks now and still the bitch has not yet resolved the issue.And the worst part of it was I got a signed contract and gave him a copy of my ID for verification purposes.
I'm thinking of making a mail bomb and nagging him every single day for the rest of his life. What do you guys think?

this just happened a few seconds ago and I am just laughing at the pathetic site that is Facebook. xD
4 years ago:
So I was quite a noobie gamer/hacker(sort of) back then and i had a habit of having multiple gmail/fb accounts, just for gaming, like accounts through which i can log in all at once in the same poker room, so 4/5 players in the game are me, or just some multiple accounts for clash of clans for donations.
I had 7-8 accounts back then. one had a name that translated to "may the dead remain in peace "@yahoomail.com . it was linked to fb using same initials. after sometime only this and 2 of my main accs were all i cared about.even today when i feel like playing, i sometimes use those accs.

2 years ago.
My dad is a simple man and was quite naive to modern techs and used to hang around with physical button nokia phones.But we had a business change, my father was now in a partnership in a restaurant where his daily work included a lot of sitting job and and casual working. So he bought a smartphone for some time pass.
He now wanted to download apps and me to teach him.I tried a lot to get him his own acc, but he couldn't remember his login credentials.
so at the end i added one of my own fake ID's(maythedead...) so he could install from playstore, watch vids on youtube and whatever.

The Actual Adventure starts now
Today, 1 hour ago:
I had completely forgot about this incident, since my parents are now quite modern in terms of tech.
But today out of nowhere i recieved an email that someone has JUST CHAINGED MY FB PASSWORD FOR ONE OF MY FAKE ACCS!?!??
what the hell, i know it was just a useless acc and i never even check my fb from any acc these days, but if someone could login into that acc, its not very difficult to track my main accs, id's, etc so i immediately opened this fb security portal and that's where the stupidity starts:

1)To recover your account they FUCKIN ASKS FOR A PHYSICAL ID. yeah, no email, no security question you have to scan your driving license or passport to get back to your account.And where would I get a license for some person named "may the dead remain in peace"? i simply went back.
2) tried another hack that i thought that will work.Closed fb help page, opened fb again , tried to login with my old credentials, it says" old password has been changed,please enter new password", i click forget password and they send an otp. i thought yes i won, because the number and recover mail id was mine only so i received it.
when i added the otp, i was first sent to a password change page (woohoo, i really won! :)) but then it sends me again to the same fuckin physical id verification page.FFFFFFFFFuck

3)I was sad and terrified that i got hacked.But 10 mins later a mail comes ,"Your Facebook password was reset using the email address on Tuesday, April 10, 2018 at 8:24pm (UTC+05:30)."
I tried clicking the links attached, hoping that the password i changed(point<2>) has actually done something to account.NADA, the account still needs a physical license to open:/

4) lost, i just login to my main account and lookup for my lost fake account. the fun part:my account has the display pic of my father?!!?!
So apparently, my father wanted to try facebook, he used the fake account i gave him to create one, fb showed him that this id already has an fb account attached to it and he accidently changed my password.MY FATHER WAS THE HACKER THE WHOLE TIME xD.
but response from fb?" well sir, if you want your virtually shitty account back , you first will have to provide us with all details of your bank transactions or your voter id card, maybe trump will like it"

Oh gee whiz fellas. I lived through my nightmare. Recently too.

(Multiple rants over last few months are merged in this one. Couldn't rant earlier because my login didn't work.)

I joined a new shithole recently.
It was a huge change because my whole tech stack changed, and on top of that the application domain was new too.

Boss: ho hey newbie, here take this task which is a core service redesign and implementation and finish it in two weeks because it has to be in production for a client.

Normally I'd be able to provide a reasonable analysis and estimate. But being new and unaware of how things work here, I just said 'cool, I'll try my best.' (I was aware that it was a big undertaking but didn't realize the scope and the alarming lack of support I'd get and the bullshit egos I'd have to deal with)
Like a mad man I worked 17+ hours a day with barely a day off every week and changed and produced a lot of code, most of it of decent quality.

Deadline came and went by. Got extended because it was impossible (and fake).

All the time my manager is continuously building pressure on me. When I asked questions I never got any direct/clear answers. On asking for help, I'd get an elaborate word vomit of what was already known/visible. Yet I finally managed to have an implementation ready.

Reviewer: You haven't added parameter comments on your functions and there aren't enough comments in code. We follow standards. Clean code and whatnot. Care for the craft verbal diarrhea.

Boss: Ho hey anux, do you think we'll be able to push the code to production?

Me: Nope. We care for the craft and have standards. We need to add redundant comments to self documented code first, because that is of utmost importance as Nuthead reviewer explained.
(what I wish I had said)

What I actually said: No, code is not reviewed yet.

And despite examples of functions which were not documented (which were written by the reviewer nut), I added 6-7 lines of comments for my single line functions describing how e.g. Sum takes two input integers and returns their sum and asked for a review again.

Reviewer: See this comment is better written as this same-meaning-but-slightly-longer way. Can we please add full stops everywhere even though they were not there to begin with? Can we please not follow this pattern and instead promote our anti-pattern? Thanks.

Me: Changed the comments. Added full stops. Here's a link for why this anti-pattern is bad.

Reviewer: you have written such beautiful code with such little gems. Brilliant. It's great to see how my mentoring has honed your skills.
.
.
.
I swear I would have broken a CRT on his stupid face if we weren't working remotely (and if I had a CRT).

It infuriates me how the solution to every problem with this guy is 'add a comment'.

What enrages me more is that I actually thought I could learn from this guy (in the beginning). My self doubt just made me burnout for little in return.

Thankfully this living nightmare will soon be over.

Security fail here. I've just started a PPI claim and have been provided a link to a so called "very secure" client area.

There are no username or passwords and the screenshot is not a first time sign up screen.

All I need to login is a surname, postcode and DOB - all information easy enough to find online.

Pretty bad IMO, esp, so considering the effort required to add a proper login using a username/password combination.

I mean I'm logged in now and have no option to set an account password :|

As I am working with WordPress for the really first time I am making horrible experiences now.

My client wants a simple submenu on the sidebar if the user is logged in else he want the login form to be there. Easy peezy done with php and just good old plain html. Maybe some JavaScript to make the login process asynchronous.
But fucking bitch - NO. As I found out after searching and digging. I have to create a menu in wp-admin first. Then add a menu-widget to the sidebar. And then install a plug-in to make the links only visible for logged in user. Wtf?

WordPress takes all the joy in doing web development for me. I won't do that anymore. I will force all new clients to use proper tools to make their shit work for them. And as I am the expert in this things I am the one who suggests the right tool.

Fuck this shit.

TL;DR my first vps got hacked, the attacker flooded my server log when I successfully discovered and removed him so I couldn't use my server anymore because the log was taking up all the space on the server.

The first Linux VPN I ever had (when I was a noob and had just started with vServers and Linux in general, obviously) got hacked within 2 moths since I got it.
As I didn't knew much about securing a Linux server, I made all these "rookie" mistakes: having ssh on port 22, allowing root access via ssh, no key auth...

So, the server got hacked without me even noticing. Some time later, I received a mail from my hoster who said "hello, someone (probably you) is running portscans from your server" of which I had no idea... So I looked in the logs, and BAM, "successful root login" from an IP address which wasn't me.

After I found out the server got hacked, I reinstalled the whole server, changed the port and activated key auth and installed fail2ban.
Some days later, when I finally configured everything the way I wanted, I observed I couldn't do anything with that server anymore. Found out there was absolutely no space on the server. Made a scan to find files to delete and found a logfile. The ssh logfile. I took up a freaking 95 GB of space (of a total of 100gb on the server). Turned out the guy who broke into my server got upset I discovered him and bruteforced the shit out of my server flooding the logs with failed login attempts...

I guess I learnt how to properly secure a server from this attack 💪

I went to uni for CompSci with knowing no prior knowledge.

In my first year of uni I created a DigitalOcean droplet to host an SQL server. I didn't change the root password or disable password login out of convenience and as I didn't think anyone would be able to find the IP address to be able to hack it.

Within 3 hours DigitalOcean had locked my account for using my droplet to send DDoS attacks. Support contacted me to ask what was going on. I knew nothing at the time so I was a bit 🤷‍♂️.

And that's when I learned the importance of changing your root password.

At the institute I did my PhD everyone had to take some role apart from research to keep the infrastructure running. My part was admin for the Linux workstations and supporting the admin of the calculation cluster we had (about 11 machines with 8 cores each... hot shit at the time).

At some point the university had some euros of budget left that had to be spent so the institute decided to buy a shiny new NAS system for the cluster.

I wasn't really involved with the stuff, I was just the replacement admin so everything was handled by the main admin.

A few months on and the cluster starts behaving ... weird. Huge CPU loads, lots of network traffic. No one really knows what's going on. At some point I discover a process on one of the compute nodes that apparently receives commands from an IRC server in the UK... OK code red, we've been hacked.

First thing we needed to find out was how they had broken in, so we looked at the logs of the compute nodes. There was nothing obvious, but the fact that each compute node had its own public IP address and was reachable from all over the world certainly didn't help.
A few hours of poking around not really knowing what I'm looking for, I resort to a TCPDUMP to find whether there is any actor on the network that I might have overlooked. And indeed I found an IP adress that I couldn't match with any of the machines.

Long story short: It was the new NAS box. Our main admin didn't care about the new box, because it was set up by an external company. The guy from the external company didn't care, because he thought he was working on a compute cluster that is sealed off behind some uber-restrictive firewall.

So our shiny new NAS system, filled to the brink with confidential research data, (and also as it turns out a lot of login credentials) was sitting there with its quaint little default config and a DHCP-assigned public IP adress, waiting for the next best rookie hacker to try U:admin/P:admin to take it over.

Looking back this could have gotten a lot worse and we were extremely lucky that these guys either didn't know what they had there or didn't care.

Well I feel like an idiot thanks to my IT teacher. This guy, this fucking guy thinks that we’re seeing computer for the first time. He’s literally saying “You see this black bar on the bottom? That’s taskbar.”. It’s like he’s teaching 7 years old childs 😤
But the worst part is my class mated don’t know such basics! They don’t know how binary code works, what is motherboard, how to login to school domain on Windows.

But on the flip side, they look at me like at the God 😏

Please delete your browser cache.

Wtf is up with this shit?
Maybe I'm just having a streak of bad luck, but in recent days, I ran into this particular issue time and time again.
First with one of our own products - the user appearently not always was shown the newest version due to stuff being cached in the browser.
Fair enough, we had our web-dev find a solution to that, which he did. Until this is rolled out, the only resolution is to clear the browser cache.

I also ran into this same issue on multiple other fronts. For example, there's a remote connection to one of our clients I had to establish via browser. The backend was a bit unresponsive, and somehow I ended up in a situation where my login was rejected. The only solution? Clear your browser cache.

Then we have confluence and jira in the company. Same issue. All of a sudden, I could no longer log in. Worked fine in another browser.
Delete your browser cache.

Is it just that most frontend developers out there are incompetent at what they do or is this stuff broken by design? I don't recall having to clear my browser cache very frequently - in fact, I'm pretty sure I haven't done it for years on one of my PCs at home. What changed?

Ah well, maybe it was just a streak of bad luck. But still ...
/Rant

example of my commenting on bugs to fix later

Before I found devrant:

//1-3-18
//when user goes to send mailing for first time
//we need to remove the message from admin
//which only displays on first time login, but
//may block the data we are looking for
// then return to parent

After DevRant:

//9-8-18
//when user goes to send mailing for first time
//there's a fucking stupid message that they
//have to read once which blocks the data we need
//so, goutte click that shit, then return to parent

Microsoft and their dev tools...

> Trying to login to Azure VM
> Get an error, saying that password needs to be changed before logging in the first time
> Head over to Azure portal, try resetting password
> Password reset is not successful. Reason: Account already exists (???)
> Google the error message. Found solution (coming from a Microsoft employee!): Create a new user, login with that, fix the password for user #1 inside the VM, then delete the new user

What's wrong with these people? 😂

Short angry rant
What the fuck is wrong with the SalesForce Authenticator logic?! How in the hell do you fuck up a simple 2FA system this hard?!!

Login -> Waiting for Notification... nothing... -> Reload Page -> Login -> Waiting for Notification... nothing -> Click "Use Code instead"... nothing happens... -> Reload Page -> "Login -> don't even wait for notification and just pres "Use Code instead"... nothing -> Reload Page -> Notice there's a "Use Code" button on this page as well -> Finally be able to log into the fucking Aloha piece of shit...

How TF is it, that Duo is able to send me a push notification within 1 second and it ALWAYS works... and THIS FUCKING SHIT NEVER FUCKING WORKS THE FIRST TIME AND AT WORST JUST DOESN'T WORK AT ALL!!!!!

Fucking hell.... Don't offer me a push notification service if you don't know how to make one... jesus fucking christ... All of Salesforce security is fucking stupid, but at least the others mostly work, but this retarded piece of crap is making me actively surprised when it works on first try... Maybe it's because I'm on a slow connection, but again Duo Mobile doesn't have this problem and works *instantly*... so what sort of retarded monkey coded the SF one I don't know, but I hope they are making better products now, because this is a disgrace to programming and security

Oh god where do I start!?

In my current role I've had horrific experiences with management and higher ups.

The first time I knew it would be a problem: I was on a Java project that was due to go live within the month. The devs and PM on the project were all due to move on at the end. I was sitting next to the PM, and overheard him saying "we'll implement [important key feature] in hypercare"... I blew my top at him, then had my managers come and see if I was OK.

That particular project overran with me and the permanent devs having to implement the core features of the app for 6mo after everyone else had left.

I've had to be the bearer of bad news a lot.

I work now and then with the CTO, my worst with her:
We had implemented a prototype for the CEO of a sister company, he was chuffed with it. She said something like "why is it not on brand" - there was no brand, so I winged it and used a common design pattern that the CEO had suggested he would like with the sister company's colours and logo. The CTO said something like "the problem is we have wilful amateurs designing..." wilful amateurs. Having worked in web design since I was 12 I'm better than a wilful amateur, that one cut deep.

I've had loads with PMs recently, they basically go:

PM: we need this obscure set up.
Me & team: why not use common sense set up.
PM: I don't care, just do obscure set up.

The most recent was they wanted £250k infrastructure for something that was being done on an AWS TC2.small.

Also recently, and in another direction:

PM: we want this mobile app deploying to our internal MDM.
Us: we don't know what the hell it is, what is it!?
PM: it's [megacorp]'s survey filler app that adds survey results into their core cloud platform
Us: fair enough, we don't like writing form fillers, let us have a look at it.

*queue MITM plain text login, private company data being stored in plain text at /sdcard/ on android.

Us: really sorry guys, this is in no way secure.
Pm: *in a huff now because I took a dump on his doorstep*

I'll think of more when I can.

TLDR;
I remissness about Yahoo site builder and talk about finding the record of the Google search that changed my life a long time ago and I think it's fucking great.

Earlier I re-installed google chrome but unlike every other time, this time I forgot to turn off the auto-sync feature. I only realized this when I opened gmail and it pre-populated my login info with the info of my very first, long forgotten gmail account.

So naturally I went exploring... after going through the mails I decided to check out the actual Google account to see if there was anything of interest there and lo and behold I found around 7 years of browsing history that I had no idea Google stored at the time.

As scary as it was to see I'm kinda glad about it now because aside from finding out that I was going through an Asian porn phase in 2008 I also found the one Google search record that changed my life.

It was a search to download Yahoo site builder followed by a bunch more on how to use it.

I had stumbled across a random article about it and it caught my eye because I needed a website for the grocery store I was a manager of back then.

Thankfully it was a fucking horrible WYSIWYG editor. I recall it acting almost identical to Word at the time - I would save and back up my site constantly because moving something 1px would fuck the layout up and burn everything to the ground, cntrl+z would try and do something, reversing only my last action while leaving the rest of the site in tatters and I didn't have the skills to understand or fix it...

Ultimately my frustration led me learn a bit of html & css and a week or so later It became apparent it would be easier to scratch code the damn thing so I uninstalled Yahoo site builder and started all over again.

Learning & building that site in notepad ignited my passion for coding and less than a year later I left my shitty dead end job to join a brand new tech company created with the help of a like minded investor officially employed as a developer. Let help you understand just how big this achievement was for me - I had been trying to find a job, ANY job in I.T even at a call center level without success for 6 years because I dropped out of school.

In 6 years as an active job seeker I only received one phone call about a job opportunity which ended very quickly once they realised they had misread my CV. In all those years I never even got a single job interview.

After that I spent the next 3 years rolling out and improving the cloud based loyalty card system I had written for my store out on a national scale and the rest is history. Since then I have never been judged by a crappy piece of paper, hated my job or struggled to find a new one.

What a beautiful search result that was to find.

I dedicate this rant to Yahoo, with my sincere gratitude for making a shitty WYSIWYG editor that was so bad it pissed me off enough to make me actually learn something.

We had a project with a web app and an Android app. We split it out, he took the web and I was working on Android. He was very curious to do the project with me and very motivated at the beginning. We agreed on our first module that was user authentication. After some time when I told him that first module of app is ready and asked him on his progress, (When ever we had a talk he pretend like every thing is going fluently, though I continously told him ask for help if needed ) he opened a folder in vs code containing two files "index.html" and "style.css" and showed me the "login & sign up" design he was doing for days. I have no option but to appreciate his work. On that day I created new folder on my machine "web application" and started working.

Yet another day at my company, Im rewriting some old code for client (rewriting old, php 4 system for vindications managment) and you know the moment when you are focused and someone comes to you to absolutely ruin your focus. Fine, whatever. Oh, for fuck sake. Again dev is doing as support becouse one moron with second can't login into zimbra admin panel and add fucking mailbox. I show them exacly how they login, remind them they are admins too, slowly show them, so you click "manage" than you click that gear icon and than you click "new", fill in email address and password. As simple as 1-2-3. Okay, fuck it, time to go for a cig. I just finish up few lines and stand, grab my vape and start walking towards door. In door I find my buddy with 2 random people. He told me that they are interns and that I should show them some basics and stuff around that. Oh god, fuck my life. If anything, Im definitely very bad teacher, mainly becouse I often have problems with saying what I mean in the way that somebody actually understans and knows what I am trying to say. Whatever. Fuck it all. I grab two of our old laptops that nobody used in like a year or so, and first thing I quickly figure out, is that one day for some what the fuck reason I dont even dont bothered to remember I installed Arch on both while I dont usually use Arch. I just needed it for some specific reason. Whatever. So I guess I will need to upgrade fucking system. Our network isn't really great so that was like... hour or so. In the meantime I figured what they know about coding in general etc, and holly shit. One of them (there was boy and girl), girl, apparently never ever in her life even touched code. Well... fuck. Why am I wasting my time? Becouse there was some programme or some shit like that... Someone could tell me before so I could mentally prepare.. fuck it. whatever. So while laptops are doing their pacman thing, I sit with them and slowly start to explain based on my machine some really basic concepts. Second guy actually had some expirience, he knew how to make some really really basic logic and stuff, so he had another world of problems, becouse it was PHP and, as we all know, everyone hates PHP, and... yeah.. You can probably imagine his approach. Yes, you get user input in super global array. I really wanted to say "Now shut the fuck up and write that fucking $_POST".

hour or so passed, I was close to giving up to not let my anger rise (im not really good teacher... I mentioned it. I suck at teaching others) but luckly machines upgraded. He wanted to use visual studio code, she didnt care too much, so I installed phpstorm in trial mode. whatever. Since that's linux and they were not comfortable with that, I walked them through installing LAMP stack, and when finally it started to look like LAMP stack, I requested them to google how to install xdebug, becouse xdebug is very usefull and googling skill is your best weapon on that field. I go for cig, come back and what I see boiled me a little bit. The girl was stuck looking at github page randomly looking through xdebug source code and idk... hoping for miracle (she admited she thought there will be instructions somewhere) and the guy was in good place, xdebug has a place to paste your phpinfo() for custom instructions. But it didn't work for him, he claims that wizzard told him it cant help him.. hmm intresting, you are sure you pasted in phpinfo? yes, he is sure. Okay, show me.

Again mindblown how someone can have problems with reading.

so his phpinfo() looked like that:
```<?php
phpinfo();```

I highlighted on the page the words "output of phpinfo". He somehow didn't see it or something. He didnt know, he thought that he needs to put in phpinfo so he did. OMG.

Finally, I figured out I can workaround my intern problem, and I just briefly shown them php.net, how documentation looks, said to allways google in english, if he uses tutorial to read whole fucking thing, not just some parts of it, and left them with simple task, that took them whole day and at which they ultimately failed.

To make 3 buttons labeled "1" "2" "3" and if someone presses one of them, remember in session that they pressed it and disallow pressing other ones.

Never fucking again interns. Especially those who randomly without apparent reason almost literally just spawn in front of you and here, its your fucking problem now.

Fuck it, I have some time to get back to my stuff. Time is running so lets not waste it.

After around 15 minutes my one of my superiors comes in and asks me if I can go on meeting with him and other superior. My buddy goes with us, and next 3 hours I was basically explaining that you cannot do some things (ie. know XYZ happened without any source of information) in code, and I can't listen for callbacks from ABC becouse it wont send anyc cuz in their fucking brilliant idea ABC can't even know that this script would even exist, not to mention it wants callbacks.

Sometimes I hate my job.

I gave a technical interview today and here is summary how it went . interviewer asked me to login to leetcode account then .

Interviewer :- "Open this problem( he gave link) and open submission section".

Me :- "Yes sir" I opened it and I have solved that in past .

Interviewer :- "okay so you have solved this one so let's move to next question(2nd)".

I opened it and again I have already solved that in past. Then he gave 3rd and it was also solved by me already .

Then he said " Okay now I will share with you this problem which you have not solved and I am sure ".

He gave me a hard problem which I actually haven't solved . I would have solved the first 3 , the 4th one was actually hard and I was not able to optimise my code on time .

sometimes life is really tough 😪. he could have asked anyone of them 😕.

I just setup a new VPS
I made all configuration required
I reboot the server

I forgot which port I set for ssh 😭

Luckily I have console to access from 😅

Can someone tell me what does this mean? Every time I reboot my MAC ( MacOs Sierra: MacBook air: version 10.12) Every time i reboot and put in the password for my login this pop up keeps popping up once I'm login. I try finding the keychain first aid, but it doesn't have it. I know this isn't ranting but if someone fix this befor3 can you help please.

I recently went to an office to open up a demat account

Manager: so your login and password will be sent to you and then once you login you'll be prompted to change the password

Me: *that's a good idea except that you're sending me the password which could be intercepted* ok

Manager: you'll also be asked to set a security question...

Me: *good step*

Manager: ...which you'll need to answer every time you want to login

Me: *lol what? Maybe that's good but kinda seems unnecessary. Instead you guys could have added two factor authentication* cool

Manager: after every month you'll have to change your password

Me : *nice* that's good

Manager: so what you can do change the password to something and then change it back to what it was. Also to remember it keep it something on your number or some date

Me: what? But why? If you suggest users to change it back to what it was then what is the point of making them change the password in the first place?

Manager: it's so that you don't have to remember so many different passwords

Me: but you don't even need to remember passwords, you can just use softwares like Kaspersky key manager where you can generate a password and use it. Also it's a bad practice if you suggest people who come here to open an account with such methods.

Manager: nothing happens, I'm myself doing that since past several years.

Me: *what a fucking buffoon* no, sir. Trust me that way it gets much easier to get access to your system/account. Also you shouldn't keep your passwords written down like that (there were some password written down on their whiteboard)

Manager: ....ok...so yeah you need sign on these papers and you'll be done

Me:(looking at his face...) Umm..ok

So I want to inform my internet provider of my new phone number, but I can't remember any of my login info for their web interface because I never used it. Luckily, they have a "forgot my username" function, where I submit my email address and get a confirmation that my username has been sent to me.

Yet, I just don't get said email. I try again, but no avail. So I just guess my username and use their "forgot password" form, which – hooray! – confirms it just sent my an email.

But I don't get any email. I retry, I retry after a day, but no automatic response. I remember a incident a few years back when I didn't get some automatically generated mails from a company and decide to contact their support if they could just reset my password manually.

Nearly a week passes.

Now I received the answer. I just don't have an account.

Lesson learned: Next time I'll just input garbage first to check if those forms are sane.

So, it's been a while since I've been working on my current project and I've never had the "luck" to touch the legacy project wrote in PHP, until this week when I got my first issue.

And damn, this goddamn issue. It was a bug, a very strange bug, that only happens in production and that nobody has any idea what was happening, so yeah, I didn't have anyone to ask and I got less time than usual ( because Thanksgiving ).

And thus, I have no starting point, no previous knowledge on PHP and less time! I expected a very fun week 😀 and it was beyond my expectations.

First I tried to understand what might be causing the issue, but there wasn't any real clue to star with, so no choice, time to read the flow on the code and see what are they're doing and using ( 1k line files, yay, legacy ). Luckily I got some clues, we're using a cookie and a php session variable for the session, ok, let's star with the session variable. Where it's that been initialize ? Well, spoiler alert, I shouldn't start with that, because my search end up in the login method of the API that set a that variable and for some reason in the front end app it was always false and that lead me to think that some of the new backend functions were failing, but after checking the logs I got no luck.

Ok, maybe the cookie it's the issue, I should try open the previous website on the brow...redirect to new project login, What? Why ? I ask around and it's a new feature push on Monday, ok I got Chrome Dev tools I can see which value of the cookie it's been set and THERE IT WAS it has a wrong domain! After 2 days ( I resume a lot of my pain ) I got what I've been looking for, so now I should be able to fix the bug. Then where is the cookie initialized ? In the first file the server hits whenever you tried to enter any page of the app, ok, I found the method, but it's using a function that process the domain and sets it correctly? wtf ? Then how in heaven do I get the incorrect domain ? Hello? Ok, relax, you still have one more day to fix this, let's take it easy.

Then, at the end of the Wednesday, nope I still have no clue how this is happening. I talked with the Devops guy and he explain me how this redirection happens and with what it depends on, I followed the PHP code through and nothing, everything should works fine, sigh. Ok I still have 2 days, because I'm not from US and I'm not in US, so I still have time, but the Sprint is messed up already, so whatever I'm gonna had done this bug anyhow.

Thursday ! I got sick, yay, what else could happen this week. Somehow I managed to work a little and star thinking in what external issue could affect the processing, maybe the redirection was bringing a wrong direction, let's talk with the Devops guy again, and he answer me that the redirection it was being made by PHP code, IN A FILE THAT DOESN'T EXIST IN THE REPOSITORY, amazing, it's just amazing. Then he explained me why this file might be missing and how it's the deployment of this app ( btw the Devops guy it's really cool and I will invite him a beer ) . After that I checked the file and I see a random session_star in the first line of the code, without any configuration, eureka ! There was the cause and I only need to ask someone If that line it's necessary anymore, but oh they're on holiday, damn, well I'll wait till Monday to ask them. But once and for all that bug was done for ! 🎉

What do I learn ? PHP and that I don't want any more tickets of PHP 😆.

My first exposure to computers was when i was 7 in 98. Hp Palvillion with windows 98. Got it from walmart and it cost around $1100. Brought it home and i hooked it up on my own on the living room floor. First program installed was "who wants to be a millionare", fitting that a game be the first thing installed since it was for homework. I lived 16 miles from town at the time so i really had no friends and the isolation made it hard for me to adjust in school to the point that i was a loud kid seeking attention. Then we got dialup and i found invisionfree forums which my first programing experiance with javascript started. And no I'm not talking about jquery I'm talking about the real thing.

Fast foward a year. I find an opensource arcade and learn php while writting an arcade from scratch that uses curl to mitm login to verify the user. Later that month i create a small project that dynamicly creates a signature image for the top 1000 posters on a coding forum i liked.

Then all hell broke loose when i found osdev.org, thought i was going to be a badass and make the ultimate operating system that would combine linux, windows, and mac where it could run anything. Reality Check hit me like a semi and train hitting at full force trying that and made me look into hacking. Spent alittle while breaking windows in so many ways and talking to others on irc until i was about to turn 18. Switched to ubuntu 12.04 my senior year while that was occuring.

I managed to remember some old Bitwarden (password manager service, I remember that linuxxx recommended me this one a looong time ago) credentials, so I logged in. I found an old devRant account - not my first though (I deleted it).

I've been a random lurker all this time (this is the first dev community I've been and I'm not planning to leave it until it dies), and it's good to login just to give my 2 cents.

I love you all. Seriously. I love you all with every single bit of my heart (get it?), impartially. Thanks for existing.

Here's an interrupted "caramelCase posted a new rant!"; it's actually longer but a wild guy ++'d my comment.

p.s: seeing my avatar, I don't use c++ anymore. I've just grew with Python haha

!rant

So, when I was young, I wanted to be a freelancing nomad. You know, live the live, work remote and travel.

But I didn't have the bones to pursue that. After 10 years of struggling as a normal "programmer", I did a little of everything. I did normal boring "erp maintenance" in C#, Oracle and some legacy stuff called Visual WEB GUI , which was fun, but required a full 9,5 hours work day, 8:00 am to 6:30pm, and the bosses where squares, and I was young and wanted to try something out of the corporate world.

Then I did some work for a newly funded consulting company that used python, Django, and postgresql, but the bosses promised a lot and delivered none, (I was supposed to work backend and have frontend support, which I did not have, and that hurt my productivity and bosses instead of looking at what they promised but did not deliver, they just discounted my salary 3 months in a row, so Bye bye MFs!!

Then I did some remote work for some guys, that, I managed to sustain for a whole year, the pay was good, the stack was simple, just node.js and pug templates, that gig was good, but communication with the bosses was hard, and eventually things started to get hard for them and me, and we had to say farewell to each other, I miss those guys. This is the only time I remember having fun working, I could work whenever I wanted, I only had to reach the weekly goals, and then my time was mine, I could work from home in the odd hours, or rent a chair in a co working space if I wanted to socialize.

Then fate got me one big gig with a multinational company, and I could hire some people, but I delegated too much and was asking too little of myself, and that project eventually died because I did not know how to negotiate.

So, I quit the whole entrepreneur idea, and got a public job at my University, I was a public employee with all the perks, but none of the fun, I just had to clock-in, work, and clock-out. That experience led me to discover a lot of myself, I worked as a public employee for a year and a half, and in that time, I discovered more about myself than what I learnt in 27 years of previous life experience.

Then, I grew bored of that life, and wanted some action, and I found more than enough fun in a VC funded startup ran by young narcissists that did not have a clue of what they were doing, I helped them organize themselves into "closing stuff", you know, finish the things you say you have finished. Just to give you an idea of what it was like before I got there, the were working for 3 months already on this project, they had on paper 50% of the system done and working, when I tried to use the app, I couldn't even sign-up without hacking some database commands, (this was supposedly done). So I spent a month there teaching these guys how to finish stuff, they got, Sign Up, (their sign up was a mess, it is one of those KYC rich things, that financial apps have), Login, and some core functionality working in a month, while in the previous 4 months they only did parallel work, writing endpoints that were not tried, and an app that did not communicate with the backend. But the bosses weren't happy with me, because I told them time and time again that we were not going to reach the goal they needed to reach to keep receiving funds from the investors, and I had to quit before it became a mayhem of toxic employer/employee relationship.

So now I decided to re-engage with life, I have funds to survive about a month and half, I have a good line of credit in case I need some more funds, and the time of the world.

So wish me luck!!! And I'll be posting often, because I would like opinions, hear from people with similar life experiences and share anecdotes.

Next post, it's going to be about how I discovered taskwarrior, and how implemented my first weekend following some of the aspects of GTD to do all my housekeeping chores, because, I think that organizing myself will be key to survive as a freelancer nomad.

That moment when: You're asked to quickly code a fake login screen and you have a deadline to add it to 10 devices before 2pm.

First build: Forgot to force it to be on top, forgot to add closing preventions

Second build: Due to it going on tablets, it needed an onscreen keyboard, but being on top all the time means the builtin onscreen keyboard doesn't work.

Third build: Forgot to add try and catch exceptions which caused crashes

Final build: Avast kept closing and opening it due to DeepScan

urgh...

First time linux user feedback

Linux lovers are probably gonna eat me alive but I don't give a flying fuck
Maybe its a little lenghty or boring, tell me what you think

Backstory:
I work for game extension company. We work with WinAPI and such. I've been using Windows since forever and I'm happy with it. But I thought to myself "hey, if I wanna be a good dev, I should give Linux and OS X a try, too"

I downloaded Linux Mint couple of months ago to start with. I was unable to boot it from live CD no matter what I tried, even in recovery mode. Apparently, Mint 18.3 was based on Ubuntu 16.04 which doesnt support UEFI
Wait, what the fuck, all modern PCs have UEFI so what, do all Mint users have 10 y/o laptops and PCs???

Anyway, when I heard about Mint 19 being released I thought to give it another try and I did. What a surprise, it booted successfully from Live CD. I saw the Linux desktop for the first time in my life, yay! I then installed it, GRUB appeared, my Windows was still there and wasn't broken so I was happy SOMETHING was working. I configured timeshift and applied dvorak layout system-wide. Realised dvorak layout is fucked up big time and applied normal layout for just desktop environment. Everything was really nice until couple reboots later Cinnamon stopped launching (kept returning to login screen). Okay, lets use timeshift

First big what-the-fuck was when I found out system restore can only be done using GUI??? This is absolutely retarded and I couldn't believe it is true. Login screen has a reachable console but I can't login there since I can't type the password. Fuck, fuck, fucking drovak layout was there.

Recovery mode - I've spent 20 minutes trying to type "timeshift --restore" having to press all keyboard buttons just to progress with one button. I've had another what-the-fuck when I saw "error: can't restore timeshift - partition already mounted"
Okay, this is too much. Why the fuck would you bundle a recovery mode if you can't restore a snapshot from there.

I have spent 3 hours now googling and trying to remove this fucking keyboard layout. No dice. I am making another copy of the live CD now. I'm gonna reinstall the whole shit now. I have the desire to create a custom Mint version without this abomination of a keyboard layout.

It's okay. Windows has taught me to be patient.

Fuck Dvorak, I dont know who the guy is but his keyboard layout can eat my dick

I am the responsible for the atlassian Suite at work, as I maintain the systems, set them up, and stuff.

One day, our crowd (the authentication and authorization application) just went crazy. At like lunch time it could not connect to the AD anymore. No reasons. Throwing XSRF errors (cross site scripting), because http would connect to https. "won't do it, fuck you" it told me. Out of the blue. Noone changed anything. And yea, seriously. Noone did.
It just refused to connect (as connecting to AD is connecting yourself with you own api. And refusing yourself talking to yourself). It runs behind a proxy. Therefore http/https. Well, this worked for years. But out of sudden not anymore.

Yea. Fuck you.

It was reported some hours later, at like 3pm, as people could not login to the applications using crowd as authentication and authorization server.

Tried to debug the system, where nothing was did, to make it work. At best time to fail.

First workaround: if you are logged into one of the other applications of atlassian, just refresh the site, so your SSO token gets a refresh and you are signed on again.

Then I searched more and more. And more.
But nothing worked, nothing helped.

So I addressed an emergency maintenance, take down the whole Suite, restart crowd, to apply some changes to it's settings, not knowing what happening then, because all connections of SSO will then be released. Sent out the mail like 30 minutes beforehands.

While waiting for the window, I just typed my credentials... And redid, and redid, so to type and being bored.
Three minutes before the window...

It just worked again.

Well. Wtf. Serioudl
Just came back.

No Intrusion, no changes at all. Just came back, as nothing has happened.

Kind of best part of this story... A headhunter messaged me on my way home to offer me a job as an Atlassian Suite SysAdmin for a company, at kinda the double of my salary.

At first I was thinking to go there, and when someone then asked me sth about Atlassian just start to laugh and then leave still laughing...

But then I very nicely respond that I dont want to cry at work. And wished him best luck.

I am doing some bad upgrades now on our Suite. Very painful.
And I looked into the start scripts. Some Look like the untalented intern tells another one to write scripts. Seriously wtf.

Today I followed the guide to Update a confluence and change database to Postgres. Didnt work, Postgres error.
Try it again, jquery won't load. Next try, tomcat not starting anymore. Did same thing. Every fucking time.

Yea. Maintenance window to get a nice new export soon. Will only take an hour.

To switch database in confluence, you need to set it up very fresh. And then Import your export.
Export takes an hour at our system.
Importing maybe the same time. Hope it will work (hint: Nope).

Oh, can be nice also. Just tell the Bitbucket to migrate databases, there is a fucking setting for it. Enter new database, ready, go, finished.

At least they don't raise costs very much every kinda year.
Oh sorry, yes, they do.

I recently logged into my care provider's online services for the first time, to schedule a doctor's appointment.
The login form requested the usual: username and password - but also a birth date. Which their developers implemented with the default Android datepicker control.

Meaning I had to click 'back' 339 times to get to December 1989.

fuuuuck.

Stupid timeline, there is this company I was working for. It was sub-contracted by another company to do a government project. Government only pays after you deliver in my country. It was a complex system I must say. We were to work with my buddy on this project...now the timeline we were given were not feasible since another company had been given the same project and were not able to deliver. We had a meeting and discussed with our CEO about the project timelines. From the workload the feasible timelines were around 8months if we were to work as two devs. My CEO said that was not going to happen.. The only timelines that was allowed was not more than 3 months. So we suggest use an existing system to customize. .The meetings with the clients were to be weekly demos. So we choose to go with google docs api for the document management part. We were working around 20hrs a day to be able to achieve the target deadline..we management to complete the project within the given timeline..on the commissioning date of the project we faced a government panel and this was my worst disappointment. At the point of login we had to use Google email for business to obtain the API. Just as I was logging in the guy noticed and yelled. "Is that google account ?" and I replied yes..and he said "no need of proceeding since it will be of no use and they won't approve the system". That was my lowest moment in programming. I thought I had done the best project in my life as a programmer only for stupid man to declare my project as null. I felt like calling him son of a bitch but I knew that would have made me more angry...i just walked out. I went to the toilet and all I did was cry for the first time as I can recall.. My question was I was doing weekly demos. Why didn't they raise any questions by then so as to change the entire system??? Later after that demo we went and discussed about the issue and there was time extension. I redid the project using 'open office' but just before deploying the system I got a better job. I wasn't feeling like working on that project anymore. I want to release that project as open source. Recently after one year they haven't yet deployed the system. They are calling for my help. And I don't feel like helping after the humiliation...

Why does #Devrant (idk if #'s are a thing here) not have a confirm password field?

Come on... I doubt it annoys users and it saves people a lot of hassle, especially when we are logging in on multiple devices :/ I know lots of people who type their password wrong the first time and later on they can't login and get frustrated and confused then end up resetting via email.

Also why no login with Google etc~ that's kinda annoying too...

It's 4am and I finally installed Linux for the first time (Ubuntu, the easy to install one)... And now it's stuck and won't load after login asdasd I feel dumb and I need to sleep.

I really thought I had done it lol "bitch you thought"

!rant

I had that installation of windows 3 to 4 years now.
I'm using a third party software for backup so everyday at 23:00 the backup service starts. The image is stored on a second HDD.
First i want to point out that i set up the windows maintenance around that time too. So any updates should occur then and i remember finding my PC at login screen couple of times meaning a restart had taken place.
Everything was fine all this time.
Couple of days ago i returned home late around 2 am to find a blue screen saying that the computer did not boot property the last time. Had two options, just restart or try to fix.
Of course i will fix it, come on.
Everything failed. Everything. Even safe mode won't boot.
Who cares i have the back up system image. Boot from the bootable usb stick and restore. Well nothing is happening. It's just freezing at 5%. Cancel. Try again. Cancel. Verify the image. Success! Try again! Nothing.
Damn. Im really tired, off to bed.
Woke up tried fixing and restore but to no avail.
Fuck it i will just install Windows fresh. I was set up after an hour or so installed the necessary drivers and such. Let's see that image of any file i want to get back.
Image is corrupted. What the fuck? How? Damn it. Mount and recovery also failed.

That's it. I did not lose any important files. I save everything on a different drive and also the backup.
But I'm wondering what had gone wrong.
My guess windows rebooted when the backup was running. If that's the case shouldn't be a check if such service is running?

sort of an update on my midterm project read my last rant to catch up.

Progress so far has been absolutely phenomenal I have a sign up and login page, a profile page, home page, and can post to the app now in real time. for my first time using Kotlin I'm insanely surprised at what I've accomplished so far.

I just realized what a horrible fate I escaped several years ago.

I was just finishing bachelor s degree, when I was offered to write my diploma under teacher, who works in Bitrix.

I was given first tasks how to make web site on my own l, I liked it pretty much in the beginning, I installed sql database, made simple registration, login. And then I was offered to try CMS bitrix (which is essentially proprietary local version of Wordpress). With words, that I will see how much easier to work in this way.

I found myself not trusting it, something was fishy. I could not understand why, am I as beginning dev in it, could not use it for free? Why could I not making deving in it, without paying big sum per month(it was big for student-me at least).

I went to work with computer graphics during diploma then, and made minecraft analog in c# (at that time I played minecraft too much)

Now I am working with modern open source world wide supported frameworks. And recently saw a web site made by bitrix devs... They went into production without... https. And I think they are the same ones.

Been developing a website for a few months for a group of people who started a company in their spare time. Basically, everyone puts in about 5 hours a week. The two founders spent a year planning the site, creating mockups and collecting data. Site has user login, 5 main sections that all require custom programming to do what they need it to do.

After a month, the one dude is getting pissy with me because I can't get their site up any faster. I agreed to 5 hours a week, in my spare time for equity to a project that has no clear monetization plan. Sometimes my main job and paying clients eat even that time up.

To date, I've only got about 30 hours of actual dev time, and 15 hours of meetings. The first launch is in sight, but the site is a monster and has more phases to come.