What it's like to be a network engineer...translated into normal people speak

User: I think we are having a major road issue.

Me: What? No, I just checked, the roads are fine. I was actually just on the roads.

User: No, I’m pretty sure the roads are down because I’m not getting pizzas.

Me: Everything else on the roads is fine. What do you mean you aren’t getting pizzas?

User: I used to get pizzas when I ordered them, now I’m not getting them. It has to be a road issue.

Me: As I said, the roads are fine. Where are you getting pizzas from?

User: I’m not really sure. Can you check all places that deliver pizzas?

Me: No I don’t even know all the places that deliver pizza. You need to narrow it down.

User: I think it is Subway.

Me: Okay, I’ll check…No, I just looked and Subway doesn't deliver pizzas.

User: I’m pretty sure it is Subway. Can you just allow all food from Subway and we can see if pizza shows up?

Me: Sigh, fine I’ve allowed all food from Subway, but I don’t think that is the issue.

User: Yeah I’m still not getting pizza. Can you check the roads?

Me: It’s not the roads, the roads are fine. I’m pretty sure Subway isn’t the place.

User: Okay, I found it. It’s Papa Johns.

Me: Okay, I looked and Papa Johns does deliver pizza. Is it the local Papa Johns or one in a different town?

User: I don’t know. Can you allow pizza from all Papa Johns to me?

Me: No I can’t do that. Can you get me an address for Papa Johns?

User: No, I only know it as Papa Johns. Can you get me all the addresses of all Papa Johns and I’ll tell you if one of them is correct?

Me: No, I don’t have time for that. Okay, I looked at the local one and it looks like they have sent you pizza in the past and they are currently allowed to send you pizzas. Try ordering a pizza while I watch.

User: Yeah still no pizza. I’m guessing they are getting blocked at the freeway. Can you check the freeway to make sure they can get through?

Me: No, this is a local delivery. They aren't even using the freeway.

User: Okay, well then it has to be a road issue.

Me: No, the roads are fine. Okay, I just drove from the Papa Johns to the address they have on file for you and there is nothing there.

User: Hmm, wait we did move recently.

Me: Did you give your new address to Papa Johns?

User: No, I just thought they would be able to look me up by name.

Me: No they need your new address. What’s your new address?

User: I’m not really sure. Can you look it up?

Me: Sigh, give me a second…Okay, I found your address and gave it to Papa Johns. Try ordering a pizza now.

User: HEY! PIZZA JUST SHOWED UP!

Me: Okay, good.

User: (To everyone else they know) I apologize for the delay in the pizza but there was a major road issue that was preventing the pizza from getting to me. The network engineer has fixed the roads and we are able to get pizza again.

Me: But it wasn’t the roads…whatever.

User: Oh, can you also check on an issue where Chinese food isn’t getting to me? I think it may be a road issue

Linux sucks.

Now now, chill. I'm using it as my main OS for a few years now. I know what I'm talking and this title is a bit click-baity, but this just has to go out there:

1. It's usable as a Windows replacement just fine - FALSE. XFCE4 is years old and buggy as hell especially on multi-monitor set-up, Gnome3 gets stuck more often than my Windows 98 machine used to, KDE is like a rich kid on meth. Plug in Bluetooth headphones? Well no, sorry, you have to research that online, since you'll probably need to install some packages for it to work. Did I say "work"? Well no, because after more research you realize that Debian on Gnome3 on gdm3 launches pulseaudio on its own, so you have 2 instances of pulseaudio, and one of them is stealing your headphones sometimes and you either have no sound or shitty sound. How do I know that you ask? The same way I know everything else - every time you try to do something new on any Linux, it involves a ton of research. Exciting research, don't get me wrong, but at this point it looks more like a toy than a reliable desktop computer operating system.

2. And why am I using pulseaudio? Why not alsa? years ago people were discussing on forums that pulseaudio is old and dead, yet here we are with new LTS release of Ubuntu still shining with Pulseaudio. How about several different service management systems being deprecated by new ones, each having different configurations and calling methods? Apparently systemd is old and lame now. It's a mix of 10 year old software that works badly, with a 5 year old replacement that works worse, somehow trying to live under the same roof. Does it work? Ask my headphones who sound like a fucking dial-up modem.

3. Let's talk about displays, shall we? xorg is old and deprecated, right? We got Wayland that's mostly stable. Don't know what that is? That's just basic knowledge for Linux. And when you try to install network-manager, it also tries to install Mir toolkits. Because why the fuck not install 3 display managers when you want a network manager, of which one is old and dying, one is young and stupid, and another is an infant that died of cancer?

4. Want to integrate with Google Drive? Yeah, there's a tool that mounts the drive as a local directory. Yeah only for Ubuntu. Want it on Debian? You need to compile it. Oh wait, it's on Ocaml, because fuck mainstream languages, we're hipsters. How do you compile Ocaml? Well you need to have Ocaml on your system, dummy. How do you do that? Well you need to compile Ocaml. Ok, how do I do that? Well, git clone, download and install some dependencies, configure, make... oh sorry, you're using libssl1.0.2g when you need libssl1.0.1f, nope, sorry, won't work. Want to install libssl1.0.1f? Why? You already have the "g", stupid! Want to remove libssl1.0.2g? Bye-bye literally everything that you have on your PC. But at least you got the "f". Does it work now? Well no, because you need libssl1.0.2g for another dependency to work.
And all I ever wanted was to get a fucking document from google drive (not nudes, I promise).

5. Want to watch a movie? Let me tear that screen in half and make the bottom half late by a couple of frames, because who needs vertical sync, right? Oh you do? Well install the native drivers maybe. Oh you have? Welcome to eternal Boot to Recovery mode, motherfucka!

---------------------------------

Yeah, most of the times things work just fine. But the reason I know what those things are and how they work is not curiosity. The reason that I know the inner workings of Linux much better than the inner workings of Windows, is because in those few years that I've been using it full time, it has caused me 10 times more headache than I have ever experienced with other systems. And it's not the usual annoyances like "OMG it rebooted when I didn't ask it to", but more like "Oh, it won't work and I need 2 days to find out why" kind of stuff, because even if you experience the same thing again, it's always caused by some new shit and the old solution won't work any more.

I still love it, and will continue to use it. I don't know why really. Maybe because I'm not afraid of fucking it up any more? Maybe because I can do what I want in it and recovering will be easier than on Windows?
It's a toy for me, after all these years. And I also use it for professional reasons.

But whenever someone presents it as a better alternative to Windows, I just want to puke.

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

> installs devRant app on my iPhone
> too lazy to type my 18-char random password on mobile
> password manager app not on App Store yet
> dig up my old Macbook
> install XCode & homebrew package manager
> install 2 other package managers using homebrew
> install App deps from the 2 package managers
> query stackoverflow for why my deps fail to install
> open App in XCode
> setup Apple provisioning profile
> trust my certificate on my iPhone
> dig up an old router & setup a local WiFi network
> start a server on my laptop to serve my PGP keys
> download my PGP keys to my iPhone
> app crashes
> open an issue on github with steps to reproduce & stacktrace
...
> type my 18-char random password
> rant on how I wasted an entire afternoon

So my actual job is being a nurse at the local hospital, with coding being just a hobby. However, the way some IT–Related things are treated here are just mind-blowing. Here are some examples:

Issue: Printer is not recognized by network anymore due to not being properly plugged in

Solution: Someone has to tell the house technician, if the house technician is currently not available, ask his assistant who only works part time and like twice a week. House technician took the printer (God knows why), came back 2 days later and plugged it back in.

Issue: Printer 1 of 2 on ICU has run out of ink and since all computers default to printer 1, nobody can print.

Solution: Call the house technician, blah blah, house technician comes, takes ink cartridge of printer 2 and puts it into printer 1.

Issue: Public WiFi is broken, can be connected to but internet access is missing. Probably config issue as a result of a recent blackout.

Solution: Buy a new router, spend 5 days configuring it and complain about how hard networking is.

Issue: Computer is broken, needs to be exchanged with a new one, but how do we transfer the data?

Solution: Instead of just keeping the old hard drive, make a 182GB backup, upload it to the main file server and then download it again on the new computer.

Issue: Nurse returns from vacation, forgot the password to her network account.

Solution: Call the technician who then proceeds to open a new account, copies all the files from the old one and tells her to pick an easier password this time. She chooses "121213".

Holy fucking hell!
Who the fuck sets up a local network with an 255.255.0.0 subnet mask and then lets the dhcp-server distribute clients onto the 192.249.x.x., 192.2.x.x and the 192.22.x.x networks AT FUCKING RANDOM???
I need to SSH onto 40 routers distributed across the entire campus and have a WORKING internet connection while doing so and you make me spin the connect-disconnect-wheel. Fucking hell dude, don't give me that "Uh, it wasn't intended for this size"-bullshit. You have about 200 active devices. And in one subnet you have space for more than 60 000. Fuck you, dumbass! OH, YOUR FUCKING LIST IS FUCKING WRONG AND YOU DON'T REMEMBER THE IP OF THE ROUTERS? OH FUCK YOU EVEN HARDER!!!
Goddamn people why does legacy maintenance always suck so much?😭😭😭

So I was looking at the linux environment at my new job. Found 2 VM's in the local network, only one of them is documented. Noone knows about the other one or what it does, let alone usernames and passwords.

Spent over an hour trying to break in, only to find out that a couple of bored devs, that have long since left the company, set up a game server on there and noone noticed it for the past 3 years..

So, continuing the story, in reverse order, on the warship and its domain setup...
One day, the CO told me that we needed to set up a proper "network". Until now, the "network" was just an old Telcom switch, and an online HDD. No DHCP, no nothing. The computers dropped to the default 169.254.0.0/16 link local block of addresses, the HDD was open to all, cute stuff. I do some research and present to him a few options. To start things off, and to show them that a proper setup is better and more functional, I set up a linux server on one old PC.
The CO is reluctant to approve of the money needed (as I have written before, budget constraints in the military is the stuff of nightmares, people there expect proper setups with two toothpicks and a rubber band). So, I employ the very principles I learned from the holy book Bastard Operator From Hell: terrorizing with intimidating-looking things. I show him the linux server, green letters over black font, ngrep -x running (it spooks many people to be shown that). After some techno-babble I got approval for a proper rack server and new PCs. Then came the hard part: convincing him to ditch the old Telcom switch in favour of a new CISCO Catalyst one.
Three hours of non-stop barrage. Long papers of NATO specifications on security standards. Subliminal threats on security compromises. God, I never knew I would have to stoop so low. How little did I know that after that...
Came the horrors of user support.
Moral of the story: an old greek saying says "even a saint needs terrorizing". Keep that in mind.

I wonder why banks are always so terribly insecure, given how much money there's for grabs in there for hackers.

Just a while ago I got a new prepaid credit card from bpost, our local postal service that for some reason also does banking. The reason for that being that - thank you 'Murica! - a lot of websites out there don't accept anything but credit cards and PayPal. Because who in their right mind wouldn't use credit cards, right?! As it turns out, it's pretty much every European I've spoken to so far.

That aside, I got that card, all fine and dandy, it's part of the Mastercard network so at least I can get my purchases from those shitty American sites that don't accept anything else now. Looked into the manual of it because bpost's FAQ isn't very clear about what my login data for their online customer area now actually is. Not that their instruction manual was either.

I noticed in that manual that apparently the PIN code can't be changed (for "security reasons", totally not the alternative that probably they didn't want to implement it), and that requesting a forgotten PIN code can be done with as little as calling them up, and they'll then send the password - not a reset form, the password itself! IN THE FUCKING MAIL.

Because that's apparently how financial institutions manage their passwords. The fact that they know your password means that they're storing it in plain text, probably in a database with all the card numbers and CVC's next to it. Wouldn't that be a treasure trove for cybercriminals, I wonder? But YOU the customer can't change your password, because obviously YOU wouldn't be able to maintain a secure password, yet THEY are obviously the ones with all the security and should be the ones to take out of YOUR hands the responsibility to maintain YOUR OWN password.

Banking logic. I fucking love it.

As for their database.. I reckon that that's probably written in COBOL too. Because why wouldn't you.

Buckle up kids, this one gets saucy.

At work, we have a stress test machine that trests tensile, puncture and breaking strength for different materials used (wood construction). It had a controller software update that was supposed to be installed. I was called into the office because the folks there were unable to install it, they told me the executable just crashed, and wanted me to take a look as I am the most tech-savvy person there.

I go to the computer and open up the firmware download folder. I see a couple folders, some random VBScript file, and Installation.txt. I open the TXT, and find the first round of bullshit.

"Do not run the installer executable directly as it will not work. Run install.vbs instead."

Now, excuse me for a moment, but what kind of dick-cheese-sniffing cockmonger has end users run VBScript files to install something in 2018?! Shame I didn't think of opening it up and examining it for myself to find out what that piece of boiled dogshit did.

I suspend my cringe and run it, and lo and behold, it installs. I open the program and am faced with entering a license key. I'm given the key by the folks at the office, but quickly conclude no ways of entering it work. I reboot the program and there is an autofilled key I didn't notice previously. Whatever, I think, and hit OK.

The program starts fine, and I try with the login they had previously used. Now it doesn't work for some reason. I try it several times to no avail. Then I check the network inspector and notice that when I hit login, no network activity happens in the program, so I conclude the check must be local against some database.

I browse to the program installation directory for clues. Then I see a folder called "Databases".

"This can't be this easy", I think to myself, expecting to find some kind of JSON or something inside that I can crawl for clues. I open the folder and find something much worse. Oh, so much worse.

I find <SOFTWARE NAME>.accdb in the folder. At this point cold sweat is already running down my back at the sheer thought of using Microsoft Access for any program, but curiosity takes over and I open it anyway.

I find the database for the entire program inside. I also notice at this point that I have read/write access to the database, another thing that sent my alarm bells ringing like St. Pauls cathedral. Then I notice a table called "tUser" in the left panel.

Fearing the worst, I click over and find... And you knew it was coming...

Usernames and passwords in plain text.

Not only that, they're all in the format "admin - admin", "user - user", "tester - tester".

I suspend my will to die, login to the program and re-add the account they used previously. I leave the office and inform the peeps that the program works as intended again.

I wish I was making this shit up, but I really am not. What is the fucking point of having a login system at all when your users can just open the database with a program that nowadays comes bundled with every Windows install and easily read the logins? It's not even like the data structure is confusing like minified JSON or something, it's literally a spreadsheet in a program that a trained monkey could read.

God bless them and Satan condemn the developers of this fuckawful program.

I decided to setup a little server on my local network just to make use of a 2TB harddrive I use to store videos.

Told everyone in the house I planned to grow the library over time and that they could access it all in a browser using my system name. It's become quite a fun venture and my video library is shaping up nicely.

Using nginx on a Dell XPS 17 with Ubuntu 16.04 to host a server that just auto indexes a shared directory on my external 2TB harddrive. Kind of an embarrassing rig, but it's just a hobby activity and I do plan to upgrade shit later.

The real fun has been getting to understand a bit more about video files. They used to be magic to me, as complex as their file extension. Now I run a script on all of my torrents which checks the video and audio codecs, converting them if they aren't supported by Chrome's and Firefox's web players, and outputting mp4s using ffmpeg. I feel like I have this stuff down fairly well now. Becoming more and more automated.

Next step is to port forward so I can access it from anywhere, but we'll see about that later down the line.

It were around 1997~1998, I was on middle school. It was a technical course, so we had programing languages classes, IT etc.

The IT guy of our computer lab had been replaced and the new one had blocked completely the access on the computers. We had to make everything on floppy disks, because he didn't trusted us to use the local hard disk. Our class asked him to remove some of the restrictions, but he just ignored us. Nobody liked that guy. Not us, not the teachers, not the trainees at the lab.

Someday a friend and me arrived a little bit early at the school. We gone to the lab and another friend that was a trainee on the lab (that is registered here, on DevRant) allowed us to come inside. We had already memorized all the commands. We crawled in the dark lab to the server. Put a ms dos 5.3 boot disk with a program to open ntfs partitions and without turn on the computer monitor, we booted the server.

At that time, Windows stored all passwords in an encrypted file. We knew the exact path and copied the file into the floppy disk.

To avoid any problems with the floppy disk, we asked the director of the school to get out just to get a homework we theorically forgot at our friends house that was on the same block at school. We were not lying at all. He really lived there and he had the best computer of us.

The decrypt program stayed running for one week until it finds the password we did want: the root.

We came back to the lab at the class. Logged in with the root account. We just created another account with a generic name but the same privileges as root. First, we looked for any hidden backup at network and deleted. Second, we were lucky: all the computers of the school were on the same network. If you were the admin, you could connect anywhere. So we connected to a "finance" computer that was really the finances and we could get lists of all the students with debits, who had any discount etc. We copied it to us case we were discovered and had to use anything to bargain.

Now the fun part: we removed the privileges of all accounts that were higher than the trainee accounts. They had no access to hard disks anymore. They had just the students privileges now.

After that, we changed the root password. Neither we knew it. And last, but not least, we changed the students login, giving them trainee privileges.

We just deleted our account with root powers, logged in as student and pretended everything was normal.

End of class, we went home. Next day, the lab was closed. The entire school (that was school, mid school and college at the same place) was frozen. Classes were normal, but nothing more worked. Library, finances, labs, nothing. They had no access anymore.

We celebrated it as it were new years eve. One of our teachers came to us saying congratulations, as he knew it had been us. We answered with a "I don't know what are you talking about". He laughed and gone to his class.

We really have fun remembering this "adventure". :)

PS: the admin formatted all the servers to fix the mess. They had plenty of servers.

Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".

You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.

Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.

So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.

Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.

There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.

I'm so grateful DevOps is now a thing. I remember getting a phone call from a client at 2am on a Friday because their site was down and having to ssh in from a Nokia with the world's tiniest keyboard to reboot the server.

Of course that particular server only exposed port 22 on it's local network, so I had to first ssh into another server which did have its ssh port open to external connections.

Trying to remember two sets of credentials and type them in on a tiny keyboard, while so drunk you were seeing double, standing outside in the rain as it was the only place you got signal. Yeah…I'm so grateful DevOps is now a thing

I was learning about packets and I was trying pirni (like Wireshark for iPhone) on my local network. I found a packet of my my roommate about a recipe of fancy a fancy dish

me: *enters the kitchen* Bro you need to see this I got this sick recipe of $fancyDish that I really wanna try

le roommate: THERES NO WAY ARE YOU FREAKING KINDING

I know its wrong to spy on peoples trafic but it was worth it hahaha

Our web department was deploying a fairly large sales campaign (equivalent to a ‘Black Friday’ for us), and the day before, at 4:00PM, one of the devs emails us and asks “Hey, just a heads up, the main sales page takes almost 30 seconds to load. Any chance you could find out why? Thanks!”
We click the URL they sent, and sure enough, 30 seconds on the dot.
Our department manager almost fell out of his chair (a few ‘F’ bombs were thrown).
DBAs sit next door, so he shouts…
Mgr: ”Hey, did you know the new sales page is taking 30 seconds to open!?”
DBA: “Yea, but it’s not the database. Are you just now hearing about this? They have had performance problems for over week now. Our traces show it’s something on their end.”
Mgr: “-bleep- no!”
Mgr tries to get a hold of anyone …no one is answering the phone..so he leaves to find someone…anyone with authority.
4:15 he comes back..
Mgr: “-beep- All the web managers were in a meeting. I had to interrupt and ask if they knew about the performance problem.”
Me: “Oh crap. I assume they didn’t know or they wouldn’t be in a meeting.”
Mgr: “-bleep- no! No one knew. Apparently the only ones who knew were the 3 developers and the DBA!”
Me: “Uh…what exactly do they want us to do?”
Mgr: “The –bleep- if I know!”
Me: “Are there any load tests we could use for the staging servers? Maybe it’s only the developer servers.”
DBA: “No, just those 3 developers testing. They could reproduce the slowness on staging, so no need for the load tests.”
Mgr: “Oh my –bleep-ing God!”
4:30 ..one of the vice presidents comes into our area…
VP: “So, do we know what the problem is? John tells me you guys are fixing the problem.”
Mgr: “No, we just heard about the problem half hour ago. DBAs said the database side is fine and the traces look like the bottleneck is on web side of things.”
VP: “Hmm, no, John said the problem is the caching. Aren’t you responsible for that?”
Mgr: “Uh…um…yea, but I don’t think anyone knows what the problem is yet.”
VP: “Well, get the caching problem fixed as soon as possible. Our sales numbers this year hinge on the deployment tomorrow.”
- VP leaves -
Me: “I looked at the cache, it’s fine. Their traffic is barely a blip. How much do you want to bet they have a bug or a mistyped url in their javascript? A consistent 30 second load time is suspiciously indicative of a timeout somewhere.”
Mgr: “I was thinking the same thing. I’ll have networking run a trace.”

4:45 Networking run their trace, and sure enough, there was some relative path of ‘something’ pointing to a local resource not on development, it was waiting/timing out after 30 seconds. Fixed the path and page loaded instantaneously. Network admin walks over..
NetworkAdmin: “We had no idea they were having problems. If they told us last week, we could have identified the issue. Did anyone else think 30 second load time was a bit suspicious?”
4:50 VP walks in (“John” is the web team manager)..
VP: “John said the caching issue is fixed. Great job everyone.”
Mgr: “It wasn’t the caching, it was a mistyped resource or something in a javascript file.”
VP: “But the caching is fixed? Right? John said it was caching. Anyway, great job everyone. We’re going to have a great day tomorrow!”
VP leaves
NetworkAdmin: “Ouch…you feel that?”
Me: “Feel what?”
NetworkAdmin: “That bus John just threw us under.”
Mgr: “Yea, but I think John just saved 3 jobs. Remember that.”

Fucking cloud providers always trying to steal your shit and spy on your things, fucking prying eyes. That's why i've decided to go back hosting my own private cloud from home. Running on some very energy efficient shit: dual core intel atom cpu (so slow that it can't fucking run windows normally), 16gb of ram, because why the fuck not? and 1tb 2.5"hdd, along with unlimited data - 100/100 Mbit/s internet connection with a server response time less than 95ms just to backup my shitty Iphone selfies and cat pics, host some very important files and regularly back up my contacts. This shit runs CentOS, Nginx, https, bitch! This platform is more trustworthy than your shitty dropbox or whatever other shit they offer you. I can choose whether i back-up my shit from local network or over internetz, Costing me no more than 25€ annually(just to keep the machine on 24/7/365).

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

*looks for jobs in system administration*

For our client in $location we're looking for a Network and System Administrator ... to manage our local IT infrastructure (so far so good) ... that's Microsoft-based.

Fuck that company.

*looks further*

Requirements: deployment and maintenance of servers, backups and storage, updates, yada yada.. fine with me.
yOU wiLl mAiNtAiN WanBLowS sUrVaR sYsTeMs

Fuck that company too.

Does anyone here in Belgium even work with fucking Linux servers?! Or should I really relocate to the Netherlands to get something decent?!!

This one's for all the SysAdmins out there.

About 4 years ago I was asked to take over a dental offices systems administration (~20 machines) after their previous guy had allowed their servers RAID 1 to fail and hadn't done any updates or general maintenance. (please take note this office is my parents dental office).

I since have been recovering from his poor configuration and setup by instating an active directory environment and installing up to date software as well as updating machines on the domain to Windows 10 since windows 7 is no longer supported. I have also been properly licensing everything.

My bosses (my parents) are annoyed with this because "it's more expensive" and "it's too complicated we don't know how to manage it" and I don't know how to explain to them that they aren't fucking systems admins. They asked why they could do it before and I tried to explain that now it's secure and things need to be rolled out on the network level. They had every user running full local admin on every workstation plus the server.

Some people don't fucking understand that just because it's simple doesn't make it a good fucking idea. And because it's cheap doesn't mean it will always be (just wait till Microsoft audits you).

Oh and they also don't understand fucking CAL licensing and refuse to pay for gsuite for all their staff who use it. Instead they just have two gsuite accounts and give everyone the fucking password.

I'm going to have an aneurysm

TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern

Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.

Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.

Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.

An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.

After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.

The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.

It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”

At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”

Facepalm.

Okay, help :(

Trying to get my dns server in php to work from the outside (it's on a vm on one of my dedi's) but it's not working.

- Port forwarding works well: confirmed.
- Connection type: UDP; confirmed.
- I *can* dig from the host (dedicated server) to the vm.
- nmap scans show an open port.

The exact same happens on my local network.

I'm lost.

TLDR: There’s truth in the motto “fake it till you make it”

Once upon a time in January 2018 I began work as a part time sysadmin intern for a small financial firm in the rural US. This company is family owned, and the family doesn’t understand or invest in the technology their business is built on. I’m hired on because of my minor background in Cisco networking and Mac repair/administration.

I was the only staff member with vendor certifications and any background in networking / systems administration / computer hardware. There is an overtaxed web developer doing sysadmin/desktop support work and hating it.

I quickly take that part of his job and become the “if it has electricity it’s his job to fix it” guy. I troubleshoot Exchange server and Active Directory problems, configure cloudhosted web servers and DNS records, change lightbulbs and reboot printers in the office.

After realizing that I’m not an intern but actually just a cheap sysadmin I began looking for work that pays appropriately and is full time. I also change my email signature to say “Company Name: Network Administrator”

A few weeks later the “HR” department (we have 30 employees, it’s more like “The accountant who checks hiring paperwork”) sends out an email saying that certain ‘key’ departments have no coverage at inappropriate times. I don’t connect the dots.

Two days later I receive a testy email from one of the owners telling me that she is unhappy with my lack of time spent in the office. That as the Network Administrator I have responsibilities, and I need to be available for her and others 8-5 when problems need troubleshooting. Her son is my “boss” who is rarely in the office and has almost no technical acumen. He neglected to inform her that I’m a part time employee.

I arrange a meeting in which I propose that I be hired on full time as the Network Administrator to alleviate their problems. They agree but wildly underpay me. I continue searching for work but now my resume says Network Administrator.

Two weeks ago I accepted a job offer for double my current salary at a local software development firm as a junior automation engineer. They said they hired me on with so little experience specifically because of my networking background, which their ops dept is weak in. I highlighted my 6 months experience as Network Administrator during my interviews.

My take away: Perception matters more than reality. If you start acting like something, people will treat you like that.

Describe the most hellish development environment you can imagine for yourself:

Me:

Workstation OS: Windows Vista with network boot, no hard disk and can't save local files

Server OS: Closed physical appliance of Windows Server 2000 with no possibility of installing extra software

Languages: Visual Basic, Perl, Php, assembly, ABAP

IDE: None, just echoing code lines to files

Web technologies: IIS, Sharepoint, Java applets, asp

Network: No internet access, internal company network only

Web browser: IE 6

Graphical design software: msPaint

Version control: Emails

Team communication: Emails

Software distribution vector: Emails

Boss: some 40 year old guy who knows nothing about computers

Not kidding most of these stuff were actually real in my previous workplace.

Awesome, first paying gig and I get to build a site for a local school system!

Superintendent and 3 network admins at the stakeholder meeting to approve the design?

Wait, you don't want the school colors, but ones from your favorite football team?

Seriously? Blinking police light line art bookending the alert block?

You.... Want my design as a Dreamweaver template?

I'm just going to go sit in a corner and cry now...

Just now I realized that for some reason I can't mount SMB shares to E: and H: anymore.. why, you might ask? I have no idea. And troubleshooting Windows.. oh boy, if only it was as simple as it is on Linux!!

So, bimonthly reinstall I guess? Because long live good quality software that lasts. In a post-meritocracy age, I guess that software quality is a thing of the past. At least there's an option to reset now, so that I don't have to keep a USB stick around to store an installation image for this crap.

And yes Windows fanbois, I fucking know that you don't have this issue and that therefore it doesn't exist as far as you're concerned. Obviously it's user error and crappy hardware, like it always is.

And yes Linux fanbois, I know that I should install Linux on it. If it's that important to you, go ahead and install it! I'll give you network access to the machine and you can do whatever you want to make it run Linux. But you can take my word on this - I've tried everything I could (including every other distro, custom kernels, customized installer images, ..), and it doesn't want to boot any Linux distribution, no matter what. And no I'm not disposing of or selling this machine either.

Bottom line I guess is this: the OS is made for a user that's just got a C: drive, doesn't rely on stuff on network drives, has one display rather than 2 (proper HDMI monitor recognition? What's that?), and God forbid that they have more than 26 drives. I mean sure in the age of DOS and its predecessor CP/M, sure nobody would use more than 26 drives. Network shares weren't even a thing back then. And yes it's possible to do volume mounts, but it's unwieldy. So one monitor, 1 or 2 local drives, and let's make them just use Facebook a little bit and have them power off the machine every time they're done using it. Because keeping the machine stable for more than a few days? Why on Earth would you possibly want to do that?!!

Microsoft Windows. The OS built for average users but God forbid you depart from the standard road of average user usage. Do anything advanced, either you can't do it at all, you can do it but it's extremely unintuitive and good luck finding manuals for it, or you can do it but Windows will behave weirdly. Because why not!!!

a small local social network i made around 2008 as a replacement for the original which the owner closed down.

i missed the people from there, so it motivated me to make a replacement in a week, while learning html+php+mysql+js.

it worked for about 3 years and i redid it from scratch 3 times as i gradually learned more.

it was cool to be basically a host of a community i've come to like in the years before, and it was basically the only project i felt, really felt, had meaning, a point. people were grateful that i made a replacement for the original closed-down site, and i was grateful that they were using it and that i could keep talking to all of them on it.

at the height of its popularity it had about 1500 registered accounts, 150 daily logged in ones, and about 30-40 very active ones.

it was also the place where i went to implement all the cool stuff i learned and came up with.

it had a pretty cool questionnaire creator (originally just a test of how deppressed users are, but then i thought "why not let people make their own tests/questionnaires?"), which tracked people's results over time and showed them on a cool interactive flash-based chart.

also a whole forum system made from scratch, wysiwyg article editor, later seamlessly integrated admin controls for those who had privileges, like, not a separate admin ui, but the admin buttons right on the site, later even a realtime chat persistent across page reloads where you could put special links which, on click, would highlight site elements/buttons, or even complete step-by-step path to them if it was more clicks. would highlight the first step, after clicking would then highlight the second one, and so on...

it was pretty cool stuff for 2008, and afaik it basically landed me my first two full-time jobs with almost no actual job interview, basically just "we looked at the site, interesting stuff, tell us how you did x and y and z on it, okay, hired"

back then i kinda felt i have a bright future ahead of me =D

Recently applied at a local company. Webform, "enter some details and we'll get back to you"-like.

Entered my details, hit submit, lo and behold "Error 503 - something went wrong on our end".

I was just baffled. It's a well-established IT company and they can't even get their application form to work?

So I'm sitting there in the debugger console, monitoring network stuff to see if anything is weird. I obviously hit submit some several more times during that.

Eventually I give up.

In the night my phone wakes me up with a shitton of "we've received your application and will review it..." emails.

Yeah they didn't get back to me.

26 or so hours up now. And I've got a few stories to tell :) feel free to refresh your cup of coffee and take a seat.

Last few days I've been going into this odd place called intown.irl to get in touch with its inhabitants. An odd place I have to say. But in some cases quite rewarding, even got a MILF home with me and into bed at some point. Anyway...

3 days ago I think it is now? Thursday evening I took my laptop to this local bar where I had this issue about dihydrogen monoxide with one of the bartenders earlier (you'll find that rant on those keywords). Still wanted to visit it regardless though, as I met that first woman there earlier that approached me. Unfortunately I didn't see her there that day.

Some bald guy who was clearly drunk approached me. Many people were already giving curious looks at this laptop I brought to the bar. I finally tuned it up with the stickers from FOSDEM.. I'll put a picture of it in the comments. My theme was one of privacy (central), distributions and Google's open source initiative (which aligns with the keychain token I got from them as well). But of course.. that guy.. he thought that a pimped/riced laptop obviously meant that I was a hacker.

Guy went to the toilet.. went back.. and suddenly grabbed my laptop and turned it towards him. Boy was I never more smugly satisfied that those rubber pads on the bottom are quite resilient. Could've almost damaged my screen by trying to grab it like that. But it's a CCFL display.. so high voltage. If it were to become broken.. worth it. 😈

On it at the time was a terminal, pinging Google (had network issues at that bar, to the point where one of the - I think - staff members got up to me and offered the WiFi password and got to talk with me.. more on that later), and my usual Linux desktop along with the Arch anime wallpaper with the quote of Da Vinci.. simplicity is the ultimate sophistication. Of course the guy saw the terminal.. and probably reaffirmed.. yep, that's a hacker. At least he wasn't too wrong about the general term.. but the hat.. most likely he was wrong on that one.

Guy left with this question.. "you are a hacker, aren't you."
I replied to him: "No sir. I'm not a hacker. I've got no idea what you're talking about."
Guy kept looking at me weirdly for the whole night to come.

Back to that companion guy though. Mac user, yada yada.. but he told me about his backup solution. Apparently - I shit you not - he has not only the photos on his local device, he's also frequently backing them up in Time Machine (which I was really curious about whether it uses mirroring or snapshots.. he couldn't tell, lmk if you do) but not only that.. he was storing another offsite backup in that very bar, in case his house went on fire.

Now that is a proper backup scheme!!! If only more people were like that.

Seriously though.. that bald guy who took my laptop just like that... I just let it slide for that one time, but I tend to treat my machines as an extension of my very self. I think that was a very uncalled for move. Asshole...

How would you have reacted to such a thing? And.. maybe that's why we technologists don't get outside too often? Fucking everything is hacking these days if it's not Knopkes and Blinkenlights… Not every shell is a h4xx0ring console for h3kk1ng de fasbuk…

Have a couple I want to air today.

First was at my first gig as a dev, 4-5 months out of school. I was the only dev at a startup where the owner was a computer illiterate psycopath with serious temper tantrums. We're talking slamming doors, shouting at you while you are on the phone with customers, the works...

Anyways, what happened was that we needed to do an update in our database to correct some data on a few order lines regarding a specific product. Guess who forgot the fucking where-clause... Did I mention this boss was a cheap ass, dollar stupid, penny wise asshole that refused to have anything but the cheapest hosting? No backups, no test/dev/staging environment, no local copies... Yeah, live devving in prod, fucking all customers with a missing semi-colon (or where clause).

Amazingly, his sheer incompetance saved my ass, because even if I explained it, he didn't get it, and just wanted it fixed as best we could.

The second time was at a different company where we were delivering managed network services for a few municipalities. I was working netops at that time, mostly Cisco branded stuff, from Voice-over-IP and wifi to switches and some routing.

One day I was rolling out a new wireless network, and had to add the VLAN to the core switch on the correct port. VLAN's, for those who don't know, are virtual networks you can use to run several separated networks on the same cable.

To add a VLAN on a Cisco switch one uses the command:

switchport access vlan add XYZ

My mistake was omitting the 'add', which Cisco switches happily accept without warning. That command however can be quite disruptive as it replaces all of the excisting VLAN's with the new one.

Not a big deal on a distribution switch supplying an office floor or something, but on a fucking core switch in the datacenter this meant 20K user had no internet, no access to the applications in the DS, no access to Active Directory etc. Oh and my remote access to that switch also went down the drain...

Luckily a colleague of mine was on site with a console cable and access to config backups. Shit was over within 15 minutes. My boss at that time was thankfully a pragmatic guy who just responded "Well, at least you won't make that mistake again" when we debriefed him after the dust settled.

My client's using some legacy server side software. I set it all up nice and isolated with proxmox, tunneled it through cloudflare, got the folks to do their install on a windows vm, passthrough their licensing usb. Hosted GLPI on it too (system inventory) and so on.

Wait for it. Windows Server refuses to accept local or domain passwords. WTF. Even went ahead and did a Utilman reset on it which lets you use an admin cmd prompt to the login screen where you could reset the password. Insane that it was even possible, but no good.

Client blamed linux for it, I switched over to Windows Server on baremetal. I setup Hyper-V thinking it should be just as capable as KVM.

Nope.

Guess what, you can't pass through usb for licensing (the legacy software). MOFOS DECIDED TO install it baremetal. I couldn't even get hyper-v to create a decent virtual network. It keeps changing all my network adapter settings. I COULDN'T EVEN PASSTHROUGH PCIE NETWORK CARDS.

This feels like an eternally stagnated, mossy soup of abandonware.

FUCK YOU WINDOWS. You've been sore pain the ass for EVERYONE.

Getting called by my dad "how do I make a local network with my phone?"
"I don't fricking know, I don't have your phone"
"Well you are the tech guy"
Really now?

!rant

Just succesfully running DNS server on local network using raspi!!
Awesome

Got to know about OSMC/Kodi last week. Took out my Raspberry Pi. Setup OSMC over the weekend, did all the cable setup for 4 external hard drives and connected to TV via HDMI. After few configurations, I'm all setup. I'm astonished by all the features it provides. Fetching data from TMDb (I had actually created a javaFX app to do this for my local library just last month), remote control from Android as well Web Browser. Enabled UPnP and now I have my complete media center floating around my house network. It is one of the best open source project I have laid my eyes upon. Wish I could attach more pics.

Best thing about doing Wifi setup/network maintenance for the local coffee shop for free? Putting my laptop's MAC address into the QOS table and guaranteeing myself bandwidth.

april fools of Windows 11 :

Decided to connect me at 100 mbps instead of 2.5gbps to local network, I'm still looking how and why.

I'm performing a pentest for my client.
So after scanning my client's network I understood they're using IIS 4.5 and windows server 2012 (or 2012 R2)
I know the systems are real old.
And there are known exploits for them.

The tricky part is I have to stay hidden and I only have my own credentials for logging in to the asp page. (Uploading a script is almost crossed cuz it will reveal my identity)
Also I have access to the local network with some of the other employees user/pass.

Any recommendation for exploiting and staying hidden at the same time ?

One more question : will exploits for newer versions work for the older ones necessarily?

About slightly more than a year ago I started volunteering at the local general students committee. They desperately searched for someone playing the role of both political head of division as well as the system administrator, for around half a year before I took the job.

When I started the data center was mostly abandoned with most of the computational power and resources just laying around unused. They already ran some kvm-hosts with around 6 virtual machines, including a cloud service, internally used shared storage, a user directory and also 10 workstations and a WiFi-Network. Everything except one virtual machine ran on GNU/Linux-systems and was built on open source technology. The administration was done through shared passwords, bash-scripts and instructions in an extensive MediaWiki instance.

My introduction into this whole eco-system was basically this:
"Ever did something with linux before? Here you have the logins - have fun. Oh, and please don't break stuff. Thank you!"

Since I had only managed a small personal server before and learned stuff about networking, it-sec and administration only from courses in university I quickly shaped a small team eager to build great things which would bring in the knowledge necessary to create something awesome. We had a lot of fun diving into modern technologies, discussing the future of this infrastructure and simply try out and fail hard while implementing those ideas.

Today, a year and a half later, we look at around 40 virtual machines spiced with a lot of magic. We host several internal and external services like cloud, chat, ticket-system, websites, blog, notepad, DNS, DHCP, VPN, firewall, confluence, freifunk (free network mesh), ubuntu mirror etc. Everything is managed through a central puppet-configuration infrastructure. Changes in configuration are deployed in minutes across all servers. We utilize docker for application deployment and gitlab for code management. We provide incremental, distributed backups, a central database and a distributed network across the campus. We created a desktop workstation environment based on Ubuntu Server for deployment on bare-metal machines through the foreman project. Almost everything free and open source.

The whole system now is easily configurable, allows updating, maintenance and deployment of old and new services. We reached our main goal for this year which was the creation of a documented environment which is maintainable by one administrator.

Although we did this in our free-time without any payment it was a great year with a lot of experience which pays off now.

So a few months ago, I got a half-broken old iPhone (microphone, speaker and cameras not working) for testing purposes and it lays 99.9% of the time on my shelf turned off. Today, I turned it on and after I opened Safari, I surprised in not exactly the most pleasant way.
When I started writing in the address bar a strange suggestion from Siri came up for a website my mom searched a few hours ago on her android tablet. Like what the actual fuck?? There is absolutely 0 connection between these 2 devices, there is PiHole running on local network. The only thing that I can think of is that she is using Google (logged out) and it looks like they are actively sharing their data based on IP addresses. Wow...

So client wants an android app that implements some legacy Epson printer SDK, works on a chinese Windows device with an android Emulator on it, connects to local Webservice that had to be configurated and ran (local Network) , sends and tracks data, if Server down then handle it on the Client and reconnect as soon as Server up, running own TCP Server on Android device that listens for specific http requests, which make the android connect to an Epson printer to start printing. The stuff that is being printed? A png file that has to be converted to a Bitmap, a QR Code that has to be generated by the bugged base64 encrypted stuff coming via http in (webserver-> Android TCP server)
Dont forget the Software Design (MVP), documentation, research etc.. Im about to finish the app , its my 5th day on this Project, the 6th day was planned to be full testing. Client Calls me and ask me how far I am, I reply, he says ok. 30 minutes later he tells me he wont pay me next time that much because this work should take 3 days, or even 2. "A senior Android developer could do this in 2 days"... When i sent him my notices he called me a liar, his webdev has alot of experience and told him it should take 2-3 days...ffs

What if people, life, humanity, the universe is just a cluster of CPUs running a giant Recurrent Neural Network algorithm? 🤔

-Sun and food == power source
-People == semiconductors
-Earth/a Galaxy == a single CPU
-Universe == a local grouping of nearby nodes, so far the ones we've discovered are dead or not what same data transport protocol/port as us
-Universal Expansion == the search algorithm
-Blackholes: sector failures
-Big Bang == God turns on his PC, starts the program
-Big Crunch == rm -rf

As of late I'm creating private game servers on my local network in my free time for fun / relaxing

I've already running:
a World of Warcraft vanilla;
Travian version 3;

And I am currently working on a conquer online private server, but getting the right client for it is the hard part...

You know your site is heavy when even the local host says your network is slow.

Testing a chat application that works within a local network on my mobile hotspot.

600 mb gone

WTF!

I HATE SURFACES SO FRICKING MUCH. OK, sure they're decent when they work. But the problem is that half the time our Surfaces here DON'T work. From not connecting to the network, to only one external screen working when docked, to shutting down due to overheating because Microsoft didn't put fans in them, to the battery getting too hot and bulging.... So. Many. Problems. It finally culminated this past weekend when I had to set up a Laptop 3. It already had a local AD profile set up, so I needed to reset it and let it autoprovision. Should be easy. Generally a half-hour or so job. I perform the reset, and it begins reinstalling Windows. Halfway through, it BSOD's with a NO_BOOT_MEDIA error. Great, now it's stuck in a boot loop. Tried several things to fix it. Nothing worked. Oh well, I may as well just do a clean install of Windows. I plug a flash drive into my PC, download the Media Creation Tool, and try to create an image. It goes through the lengthy process of downloading Windows, then begins creating the media. At 68% it just errors out with no explanation. Hmm. Strange. I try again. Same issue. Well, it's 5:15 on a Friday evening. I'm not staying at work. But the user needs this laptop Monday morning. Fine, I'll take it home and work on it over the weekend. At home, I use my personal PC to create a bootable USB drive. No hitches this time. I plug it into the laptop and boot from it. However, once I hit the Windows installation screen the keyboard stops working. The trackpad doesn't work. The touchscreen doesn't work. Weird, none of the other Surfaces had this issue. Fine, I'll use an external keyboard. Except Microsoft is brilliant and only put one USB-A port on the machine. BRILLIANT. Fortunately I have a USB hub so I plug that in. Now I can use a USB keyboard to proceed through Windows installation. However, when I get to the network connection stage no wireless networks come up. At this point I'm beginning to realize that the drivers which work fine when navigating the UEFI somehow don't work during Windows installation. Oh well. I proceed through setup and then install the drivers. But of course the machine hasn't autoprovisioned because it had no internet connection during setup. OK fine, I decide to reset it again. Surely that BSOD was just a fluke. Nope. Happens again. I again proceed through Windows installation and install the drivers. I decide to try a fresh installation *without* resetting first, thinking maybe whatever bug is causing the BSOD is also deleting the drivers. No dice. OK, I go Googling. Turns out this is a common issue. The Laptop 3 uses wonky drivers and the generic Windows installation drivers won't work right. This is ridiculous. Windows is made by Microsoft. Surface is made by Microsoft. And I'm supposed to believe that I can't even install Windows on the machine properly? Oh well, I'll try it. Apparently I need to extract the Laptop 3 drivers, convert the ESD install file to a WIM file, inject the drivers, then split the WIM file since it's now too big to fit on a FAT32 drive. I honestly didn't even expect this to work, but it did. I ran into quite a few more problems with autoprovisioning which required two more reinstallations, but I won't go into detail on that. All in all, I totaled up 9 hours on that laptop over the weekend. Suffice to say our organization is now looking very hard at DELL for our next machines.

New twist on an old favorite.

Background:
- TeamA provides a service internal to the company.
- That service is made accessible to a cloud environment, also has a requirement to be made available to machines on the local network so you can develop against it.
- Company is too cheap/stupid to get a s2s vpn to their cloud provider.
- Company also only hosts production in the cloud, so all other dev is done locally, or on production non-similar infra, local dev is podman.
- They accomplish service connectivity by use of an inordinately complicated edge gateway/router/firewall/message translator/ouija board/julienne fry maker, also controlled by said service team.

Scenario:
Me: "Hey, we're cool with signing requests using an x509 cert. That said, doing so requires different code than connecting to an unsecured endpoint. Please make this service accessible to developer machines and lower environments on the internal network so we can, you know, develop."
TeamA: "The service should be accessible to [cloud ip range]"
Me: "Yes, that's a production range. We need to be able to test the signing code without testing in production"
TeamA: "Can you mock the data?"
Me: "The code we are testing is relating to auth, not business logic"
TeamA: "What are you trying to do?"
Me: "We are trying to test the code that uses the x509 you provide to connect to the service"
TeamA: "Can you deploy to the cloud"
Me: "Again, no, the cloud is only production per policy, all lower environments are in the local data center"
TeamA: "can you try connecting to the gateway?"
Me: "Yes, we have, it's not accessible, it only has public DNS, and only allows [cloud ip range]"
TeamA: "it work when we try it"
Me: "Can you please supply repro steps so we can adjust our process"
TeamA: "Yes, log into the gateway and try issuing the call from there"
Me: (╯°□°)╯︵ ┻━┻

tl;dr: Works on my server

!rant
How to self host a website?
Seriously, through many guides out there, I was never been able to see my site (hosted on a raspberrypi with nginx) outside the local network. I always tried to link my router to no-ip without success outside my localhost, the port 80 is already open for the raspberrypi. I live in Italy, can it be that the local ISPs obstacle the creation of such homemade website hosts?

It all started with an undelivereable e-mail.

New manager (soon-to-be boss) walks into admin guy's office and complains about an e-mail he sent to a customer being rejected by the recipient's mail server. I can hear parts of the conversation from my office across the floor.

Recipient uses the spamcop.net blacklist and our mail was rejected since it came from an IP address known to be sending mails to their spamtrap.

Admin guy wants to verify the claim by trying to find out our static public IPv4 address, to compare it to the blacklisted one from the notification.
For half an hour boss and him are trying to find the correct login credentials for the telco's customer-self-care web interface.
Eventually they call telco's support to get new credentials, it turned out during the VoIP migration about six months ago we got new credentials that were apparently not noted anywhere.

Eventually admin guy can log in, and wonders why he can't see any static IP address listed there, calls support again. Turns out we were not even using a static IP address anymore since the VoIP change. Now it's not like we would be hosting any services that need to be publicly accessible, nor would all users send their e-mail via a local server (at least my machine is already configured to talk directly to the telco's smtp, but this was supposedly different in the good ol' days, so I'm not sure whether it still applies to some users).

In any case, the e-mail issue seems completely forgotten by now: Admin guy wants his static ip address back, negotiates with telco support.
The change will require new PPPoE credentials for the VDSL line, he apparently received them over the phone(?) and should update them in the CPE after they had disabled the login for the dynamic address. Obviously something went wrong, admin guy meanwhile having to use his private phone to call support, claims the credentials would be reverted immediately when he changed them in the CPE Web UI.

Now I'm not exactly sure why, there's two scenarios I could imagine:
- Maybe telco would use TR-069/CWMP to remotely provision the credentials which are not updated in their system, thus overwriting CPE to the old ones and don't allow for manual changes, or
- Maybe just a browser issue. The CPE's login page is not even rendered correctly in my browser, but then again I'm the only one at the company using Firefox Private Mode with Ghostery, so it can't be reproduced on another machine. At least viewing the login/status page works with IE11 though, no idea how badly-written the config stuff itself might be.

Many hours pass, I enjoy not being annoyed by incoming phone calls for the rest of the day. Boss is slightly less happy, no internet and no incoming calls.

Next morning, windows would ask me to classify this new network as public/work/private - apparently someone tried factory-resetting the CPE. Or did they even get a replacement!? Still no internet though.
Hours later, everything finally back to normal, no idea what exactly happened - but we have our old static IPv4 address back, still wondering what we need it for.

Oh, and the blacklisted IP address was just the telco's mail server, of course. They end up on the spamcop list every once in a while.

tl;dr: if you're running a business in Germany that needs e-mail, just don't send it via the big magenta monopoly - you would end up sharing the same mail servers with tons of small businesses that might not employ the most qualified people for securing their stuff, so they will naturally be pwned and abused for spam every once in a while, having your mailservers blacklisted.

I'm waiting for the day when the next e-mail will be blocked and manager / boss eventually wonder how the 24-hours-outage did not even fix aynything in the end...

Who the fuck comes to the idea of printing the local IP address on the Fucking screen?

Yes, I know that it is not remotely accessable (only when there is no port forwarding set for that ip), but think of that this way: Someone manages to get in that network. Without scanning the network, you would have your first victim. You could analyzer the traffic of that victim and find more victims. And so on

I haven't said anything yet, but an AltRant notification server exists. Support for it will arrive very very soon on the AltRant app. It will run locally on the end user's personal computer, and it does not require a constant connection to the phone. Both devices need to be connected to the same local network on first connection, but after that you can wander out of your house or disconnect from the local network and still receive notifications.

DISCLAIMER: ALL SENSITIVE USER CREDENTIALS ARE NOT STORED *ANYWHERE* EXCEPT ON THE LOCAL USER'S MACHINE. NO DATA IS SENT TO ME. THE SERVER IS OPEN-SOURCE, HAS NO RELEASE BINARIES AND RUNS ON PYTHON.

Note to @dfox: if you want this to not exist or not be supported inside AltRant, please tell me or send me an email about it.

Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!

System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.

Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.

Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.

That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.

We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.

Hella excited about this!

If you guys have any suggestions let us know. We are utter noobs when it comes to this.

!Rant #lazy
I setup my local server so I can test my apps and to mount my partitions on my www folder in a folder named "mnt" with numbered folders for each mounted partition
So I can access and download my files to phone and other devices from all over the network :)
And even watch movies that are in my computer on my phone or tv
And when I want to sleep I usually watch a movie or one episode of series which is stored in my pc ,on my phone by this method in my bed 😅
So the thing is I'm too lazy to get out of bed and shut down the server and pc
So I setup this file so I can run commands on my PC from my phone 😅😂😂😂
192.168.1.110/server.php?cmd=shutdown now&psw=mypassword

1 - I love coding because since when I was a kid I really loved to solve problems and create things

2 - I always tried to understand how computers worked, and how could yo make a program because when I was a kid I was almost always on the computer and my dream was to create a virus 😂

3 - I was studying my baccalaureate and I hadn't decided what to study in the university. I was only playing videogames and installing software to make jokes. So, my computing teacher taught me to code in VB.net and how to manage a local network so I decided to study and IT degree before going to the university, and when I was studying that I falled in love with programming so I'm currently in the university studying software development engineer

Today’s text chat:

Me walking near the river in the middle of nowhere with a cellphone.

frontend developer:
- I need image from test server. Can you provide me that image ? I need it for my local environment to fix something ( writes details of how to get an image ).

me:
- Can’t you go to test server website and get it by yourself ?

frontend developer:
- But this image is on canvas element.

me:
- Because frontend is drawing in on canvas so go to network tab and get the url.

frontend developer:
- Ah yes I can do that

I have such small talks all the fucking time. They accumulate when I go out to chill during the day.

I need some opinions on Rx and MVVM. Its being done in iOS, but I think its fairly general programming question.

The small team I joined is using Rx (I've never used it before) and I'm trying to learn and catch up to them. Looking at the code, I think there are thousands of lines of over-engineered code that could be done so much simpler. From a non Rx point of view, I think we are following some bad practises, from an Rx point of view the guys are saying this is what Rx needs to be. I'm trying to discuss this with them, but they are shooting me down saying I just don't know enough about Rx. Maybe thats true, maybe I just don't get it, but they aren't exactly explaining it, just telling me i'm wrong and they are right. I need another set of eyes on this to see if it is just me.

One of the main points is that there are many places where network errors shouldn't complete the observable (i.e. can't call onError), I understand this concept. I read a response from the RxSwift maintainers that said the way to handle this was to wrap your response type in a class with a generic type (e.g. Result<T>) that contained a property to denote a success or error and maybe an error message. This way errors (such as incorrect password) won't cause it to complete, everything goes through onNext and users can retry / go again, makes sense.

The guys are saying that this breaks Rx principals and MVVM. Instead we need separate observables for every type of response. So we have viewModels that contain:

- isSuccessObservable
- isErrorObservable
- isLoadingObservable
- isRefreshingObservable
- etc. (some have close to 10 different observables)

To me this is overkill to have so many streams all frequently only ever delivering 1 or none messages. I would have aimed for 1 observable, that returns an object holding properties for each of these things, and sending several messages. Is that not what streams are suppose to do? Then the local code can use filters as part of the subscriptions. The major benefit of having 1 is that it becomes easier to make it generic and abstract away, which brings us to point 2.

Currently, due to each viewModel having different numbers of observables and methods of different names (but effectively doing the same thing) the guys create a new custom protocol (equivalent of a java interface) for each viewModel with its N observables. The viewModel creates local variables of PublishSubject, BehavorSubject, Driver etc. Then it implements the procotol / interface and casts all the local's back as observables. e.g.

protocol CarViewModelType {
isSuccessObservable: Observable<Car>
isErrorObservable: Observable<String>
isLoadingObservable: Observable<Void>
}

class CarViewModel {
isSuccessSubject: PublishSubject<Car>
isErrorSubject: PublishSubject<String>
isLoadingSubject: PublishSubject<Void>

// other stuff
}

extension CarViewModel: CarViewModelType {
isSuccessObservable {
return isSuccessSubject.asObservable()
}
isErrorObservable {
return isSuccessSubject.asObservable()
}
isLoadingObservable {
return isSuccessSubject.asObservable()
}
}

This has to be created by hand, for every viewModel, of which there is one for every screen and there is 40+ screens. This same structure is copy / pasted into every viewModel. As mentioned above I would like to make this all generic. Have a generic protocol for all viewModels to define 1 Observable, 1 local variable of generic type and handle the cast back automatically. The method to trigger all the business logic could also have its name standardised ("load", "fetch", "processData" etc.). Maybe we could also figure out a few other bits too. This would remove a lot of code, as well as making the code more readable (less messy), and make unit testing much easier. While it could never do everything automatically we could test the basic responses of each viewModel and have at least some testing done by default and not have everything be very boilerplate-y and copy / paste nature.

The guys think that subscribing to isSuccess and / or isError is perfect Rx + MVVM. But for some reason subscribing to status.filter(success) or status.filter(!success) is a sin of unimaginable proportions. Also the idea of multiple buttons and events all "reacting" to the same method named e.g. "load", is bad Rx (why if they all need to do the same thing?)

My thoughts on this are:

- To me its indentical in meaning and architecture, one way is just significantly less code.
- Lets say I agree its not textbook, is it not worth bending the rules to reduce code.
- We are already breaking the rules of MVVM to introduce coordinators (which I hate, as they are adding even more unnecessary code), so why is breaking it to reduce code such a no no.

Any thoughts on the above? Am I way off the mark or is this classic Rx?

After debugging this shit Java program for 2 days fucking straight, finally this shit works! Hallelujah!

Turns out, if you want to enable local DCOM/COM+ on windows, you have to not tell the piece of shit firewall that it should consider the network "public"...
WHY?!?
IT'S FUCKING LOCAL! NOT A SINGLE FUCKING NETWORK PACKET IS SEND! WHY?!?

For what fucking reason the ability to set the date and time programatically has been blocked on Android?!
Why you can create fucking invisible apps that work in the background, mine cryptos, steal your data but they decided that something like that is considered dangerous?

Can anyone give me a logical explanation?

P.S.
There are cases (big pharma companies) where the users don't have access to internet nor a ntp server is available on the local network, so the ability for an app to get the time of a sql server and set it in runtime is crucial, expecially when the user, for security reasons, can't have access to the device settings and change it by himself.
"System apps" can do it, but you would have to change the firmware of a device to sideload an external "System app" and in that case it would lose the warranty.

So, yeah, fucking Google assholes, there are cases where your dumb decisions make the others struggle every other day.
Give more power to third party developers, dumb motherfuckers.
It's not that difficult to ask the user, once, to give the SET_TIME permission.
It was possible in the past...

P.S.2
Windows Mobile 6.5 was a masterpiece for business.
It still could be, just mount better CPUs on PDAs and extend the support. But no, "Android is the future". What a fucking bad future.

So I'm currently "assigned" a task in which I need to fix a slow query problem, which isn't a big deal. The biggest problem is that the original team of this project haven't got any means to develop things on your local machine. Looking at their docs and scripts, it seems like everything is deployed to a dev server. But whilst looking for details for this server, I found out that the network team have decommissioned the server!

So my dilemma right now is that I can't test any of my fixes on anywhere besides staging, or possibly production! Inheriting projects is the bloody worst!

Q: How instantaneous are these jobs? *referring to a Jenkins job to upload database from local to an environment

A: Well that depends on your network speed. Here in the middle of nowhere, I have a donkey carries the package up the mountain, so that could take a while.

me: block all in&put connection
firewall: ok
me: open port 22 for local network
firewall: ok
me: enable firewall
firewall: ok
me: restart pi
firewall: allow me connect
me: open port 80 for local network
firewall: ok
me: open port 443
firewall: Oh! i have to block icoming connections on port 22

tldr; Finally my NordVPN subscription comes to an end so I was looking at other VPN providers and I chose Mullvad. So far, it is an amazing experience.

It has been 2 years since I was using NordVPN. It was great at first but soon first problems started to appear. Speeds were not exactly breathtaking and I barely sqeezed more than 40Mb out of it. Another problem was connecting from PC to PC on local network with both of them connected to VPN. I never found a working solution.
Then Tefincom started pushing it literally everywhere. Ads on YouTube (+ partnerships), fake websites redirecting to NordVPN, etc. That was when I decided to just fucking wait until my subscription ends so I can finally delete my account there...
Today is the day. I decided to go Mullvad because it seemed to be really privacy focused (don't kill me - I know I can't have *real* privacy with VPN, but you also can't have that with your own VPN) - they don't know anything about me, no email, no name, no payment data (Bitcoin Cash). Speeds are absolutely f*cking amazing and also local network works!

Have defective supermicro server, but the ipmi is working and could tell me what's going on.

Only problem is, I don't have access to it since the last owner didn't provide it to me.

So I thought let's try metasploit.

Setup local network with a second server, connect to local* address.

"Welcome to intel integrated BMC web console"

What? Its a Supermicro, did the owner reflash the ipmi? What the heck.

Msf: scan adress ....
ipmi found bla bla bla.

Msf: zero cipher scan.
... Voulnerable to zero cipher.

Was pretty happy but the doubt kept creeping in.

On my WS that isn't connected to the ipmi of my server, I go to that ip address.
Bam
"Welcome to intel BMC ......"

MOTHERFUCKER.

What are the odds that some fucker has his ipmi open to the public on that exact same address that my board was configured to.

Well, actually pretty high I guess.

Fuck. Shit.

That didn't go as planned.

Does anyone else here use PuTTY to SSH into a linux server and then create a tunnel into a Windows PC on that local network for remote desktop to pass through.

Last night there was a hellstorm of weather that ripped off 10m thick trees out of its fucking ROOTS and smashed cars, traffic lights ripped off, some roofs ripped off, containers flying fucking everywhere, floods and it all went away within 2 hours as if nothing happened

Electricity is fucked and Of Course i lost my internet connection. I dont have my fucking wifi. Im using mobile 4g

I try to continue coding on my project AND LOCALHOST CAN NOT RUN IF I DONT HAVE WIFI??? WTF IS THIS HORSESHIT?

WHY a NEXTJS APP CAN NOT RUN AT 127.0.0.1 IP ADDRESS JUST BECAUSE MY INTERNET IS DEAD FROM SHITSTORM??? WTF DOES LOCAL NETWORK HAVE TO DO WITH THE INTERNET

I SWEAR MAN SOME HIGHER FORCE DOES NOT LET ME WIN

ALL THIS BULLSHIT AINT MY FAULT NO MORE ITS SOME BULLSHIT HIGHER FORCE TAKEN OVER RN

I was looking at a local job posting for a network engineer. Is it odd to see one of the duties listed as, "Responsible for administration of subpoenas and warrants." ??? Telecommunication company...

I currently use Github as my git server and have worked a little bit with Travis. Sadly Travis can't deploy to local network targets and that's why I had the idea to create my own basic CI for the local network: It will be a simple nodejs-app and listens to pushes via Github Webhooks. Then it fetches the code from Github and runs a task runner like Gulp over it and tests it with any nodejs testing framework. Then it deploys the compiled, tested and linted app to the local network. What do you think of this idea?

How about incompetent management? Company absolutely murders any possible increase in productivity. Laptop provided? Slow as balls. Takes minutes to log in. I get a Mac for mobile development and that's OK. SSD and adequate memory but I'm primarily a .NET Dev. Can't get on the network with a virtual machine. They won't I stall even a managed image. So can't use databases because they're all AD authenticated. Got a virtual desktop environment and that sucks worse in performance than the laptop. Add the Assault on local administration rights and the monitoring software that constantly thrashers any memory and hard drive usage and im about to quit over all this... All this decided by a non developer and not asked for our opinions. Yay large Enterprises

2 AIX workloads got messed up during patching. Apparently they had a local database and they were in PROD env.

"Not a biggie - there's always a netbackup to restore the whole workload" - I said and reached out to netbackup folks.

Turns out even though netbackup was configured properly it had never even initiated successfully bcz backup NIC was not whitelisted in network layer. Never ever in 3 years.

Service guys were piiiiiiiiiiiiised big time

My workplace is still using xml based configuration, and non-spring boot projects.

So every spring boot tutorial I find feels like "Look at how easy you can get this running" and then it's just actually a toy you can't get into production.

Also it kind of bugs me that you need to be online to actually be able to initialize/create a spring boot project and every single tutorial says so.
You can make a local network m2 repository, but can one make a spring initializer service?

Either way, migrating every single project to Spring boot is a no-no,

And I'm stuck with like 5 prototypes of SSO integration from which only 2 work, and the other 3 have their own problems.

One does redirect to the login and all, but the SAML endpoint gets 404 on response when you log in.

One is on OpenID Connect, but I would need to update the project from Spring 3 to Spring 5 to get it working, which upon attempting to do seems to break everything else.

One has an external library handling the security context just the way we are accustomed to, but it only does a 401 forbidden when you go without logging in and I'm starting to think it is actually one of those that require you to extract the token or something manual like that, which wouldn't work for us

The other two are spring boot tutorials that worked out of the box, both SAML and OpenID, still can't use those for the main projects.

I'm tired of dealing with this configuration hell, been two months at this, I want to get features done as usual, not be stuck configuring stuff that might or might not work.

Rant aside, I think I figured I need to use a different Security adapter, but I needed to vent.

Tested a script that watches a folder for any missing folders (team members kept moving them), and then showed it to the guy who was mentoring me. It did what it needed to, so we were going to switch it off the test directory on the local box to the network share.

I had been testing against the live folder for a couple of days, didn't notice, and didn't screw anything up. There was a, "good job you idiot," and he added it right to his big script that runs 24/7. FeelsGoodMan.jpg

More network/hardware than dev but anyway: I use OPNsense as a firewall at home on an embedded system. Had everything set up nicely and appearing to be working fine, quite a lot of things set up (static leases, VLANs with various firewall rules etc. - a fair bit of stuff involved). I noticed my remote system was failing to back up to my local one. Turned out port forwarding wasn't fully working (initial packet got through but nothing else). I noticed this at midnight.

Ran an update to see if that helped - nope. Reboot time then! It made its shutdown noises and I waited 15 minutes before giving up (no noises, no ping response). Took SD card out. Copied a fresh install onto it, thus wiping all settings. Booted up fine, set up my internet connection, all good. Proceeded to configure it. Noticed I couldn't access the internet from my PC, but could from the firewall itself. Rebooted the firewall. It didn't come back up. Argh!

Reinstalled AGAIN. Attached a serial cable and it was complaining about something which sounded like it couldn't read the SD card. Tried another. Nope. Looked online (using phone): known issue to do with boot delays.

Gave up and went to bed at this point (4am).

Next day: Installed it in a VM instead. Still no internet from my PC! Another known issue to do with default gateway not being the PPPoE interface. Got into shell, manually changed the default route. Was then able to update to the latest version which fixes the gateway issue. Rebooted the VM. All good.

Put all my settings back in, this time taking a backup afterward.

Only to discover....

....port forwarding wasn't working properly. Back to square 1.

Poked around with some NAT settings (outbound ones), made no difference, undid those changes and suddenly it started working.

WTF? /waves arms in the air

OPNsense folk were very helpful, producing a new build for me to try within a couple of hours of me asking about the problem.

But days like that, I start to question whether I really enjoy technology as much as I thought I did...

Interesting project lined up for today!

I'll be installing a security system, one camera connected to a DVR pointing at a front door triggering a buzzer and sending a video feed to a monitor in a ground floor room at the other side of the house.

But it's my dads house so I'm going to have fun with it and install a wired Cat5 network an Isolated offline router and build in some "smart home" features from scratch, all running on a Local Area Network.

I've built a private home server package for media and storage using Apache and I want to add as many features to the house as I can, maybe even install an extra camera pointing towards the sky (every home should have a sky cam lol).

I can take my time with this project over the next several weeks and I was wondering what would you add to this project?

I found out why my local server kept going offline.

Due to living constraints, it has to be connected to the network via wifi. The cable connecting the wifi card to the computer appears not to work when bent in a specific direction...

Why can't cables that come with things be of good quality?

Just spent all morning adding my own user account to my local MongoDB because some network security guy found I was running an unprotected server on my PC....

I tried all the admin roles to get full access across all databases I have but none worked....

Until I see one at the bottom of the official documentation:

root

Today i chartered new realms for me.

I created a new hyper-v vm on the company windows servers and added a 5th instance to it, but instead of running another windows server i installed an ubuntu 18.04 (cause i am a bit familiar with debian from my raspberry pi)

we have two servers, one which runs the 4 vms and a replica. I first had the new vm on the main server but it occured me to move it instead to the unusued replica machine. That kinda worked..i did a planned failover but the main server isnt configured to be the replica..and even when activating that it didnt work. This is weird.

For the moment i ignored that and proceeded to install nginx, mariadb and php 7.2..basically the lemp stack. I managed to setup nginx and a static ip adress for the machine (which was different from how i remembered it to do (in 18.04 its not done with the network conf but a yaml file).

in the end i added two different virtual servers, one for actual use and one for dev stuff (with phpmyadmin running for instance), listening on port 80 and some random other port.

as a test i brought a mediawiki onto the Port 80 server and it worked.

on monday i have to figure out how to implement the wildcard certificate i have for our company domain (internal dns simply routes intranet.company.com to the local server vm)

i am mighty proud cause all my experience with linux was with a raspberry pi so far and i am fairly certain i did it right and without shortcuts this time. (unlike my raspberry experience)

just wanted to share

(i also sweated a lot of blood when editing the hyper v settings as i did not set up the server in the first place)

((i also installed xrdp and a mate desktop, but i am less proud of that, but sometimes seeing folders graphically helps me))

!rant
...
.UseKestrel(options =>
{
options.Listen(new IPAddress(new byte[]{ 192, 168, 178, 20 }), 5000);
})
...
Look at this easy piece of code(that I added) from an Asp.NET Core 2 template project(MVC). I needed only to add this piece of code to WebHost.CreateDefaultBuilder() (in the Program.cs) to be able to setup a working WebServer which will listen and answer on that IP(local network machine IP) and port, then I opened that port from my modem on this local IP, then used DynDNS with noip.com, tested out on my smartphone with 4G connection and it does work!
This is the EASIEST web project setup and test that I've ever tried and that let me showcase something from my machine to the entire world! :')
Great job Microsoft; can't wait to try the cross-platform of this open standard.

I connected oven to wifi using application on my phone but application on my phone didn’t connected to oven.
So now I need to disconnect oven from wifi to connect oven to my phone.
I connected dishwasher last month, first I needed to take a photo of qr code and send it to my laptop to be able to scan it cause it was to small and dishwasher app didn’t recognized it. Looks like dishwasher decided to disconnect from wifi this week so I need to repeat the whole process again.
I also bought connected washing machine and fridge but I think I will try to connect them next month when I manage hopefully to connect my oven.
Seriously home appliances iot is complete shit. Looks like there is no wide known standard of establishing connection so everyone is doing it on it’s own. All this security procedures to connect something to your local network are crap. I hope oven won’t disconnect from wifi.

personal projects, of course, but let's count the only one that could actually be considered finished and released.

which was a local social network site. i was making and running it for about three years as a replacement for a site that its original admin took down without warning because he got fed up with the community. i loved the community and missed it, so that was my motivation to learn web stack (html, css, php, mysql, js).

first version was done and up in a week, single flat php file, no oop, just ifs. was about 5k lines long and was missing 90% of features, but i got it out and by word of mouth/mail is started gathering the community back.

right as i put it up, i learned about include directive, so i started re-coding it from scratch, and "this time properly", separated into one file per page.

that took about a month, got to about 10k lines of code, with about 30% of planned functionality.

i put it up, and then i learned that php can do objects, so i started another rewrite from scratch. two or three months later, about 15k lines of code, and 60% of the intended functionality.

i put it up, and learned about ajax (which was a pretty new thing since this was 2006), so i started another rewrite, this time not completely from scratch i think.

three months later, final length about 30k lines of code, and 120% of originally intended functionality (since i got some new features ideas along the way).

put it up, was very happy with it, and since i gathered quite a lot of user-generated data already through all of that time, i started seeing patterns, and started to think about some crazy stuff like auto-tagging posts based on their content (tags like positive, negative, angry, sad, family issues, health issues, etc), rewarding users based on auto-detection whether their comments stirred more (and good) discussion, or stifled it, tracking user's mental health and life situation (scale of great to horrible, something like that) based on the analysis of the texts of their posts...

... never got around to that though, missed two months hosting payments and in that time the admin of the original site put it back up, so i just told people to move back there.

awesome experience, though. worth every second.

to this day probably the project i'm most proud of (which is sad, i suppose) - the final version had its own builtin forum section with proper topics, reply threads, wysiwyg post editor, personal diaries where people could set per-post visibility (everyone, only logged in users, only my friends), mental health questionnaires that tracked user's results in time and showed them in a cool flash charts, questionnaire editor where users could make their own tests/quizzes, article section, like/dislike voting on everything, page-global ajax chat of all users that would stay open in bottom right corner, hangouts-style, private messages, even a "pointer" system where sending special commands to the chat aimed at a specific user would cause page elements to highlight on their client, meaning if someone asked "how do i do this thing on the page?", i could send that command and the button to the subpage would get highlighted, after they clicked it and the subpage loaded, the next step in the process would get highlighted, with a custom explanation text, etc...

dammit, now i got seriously nostalgic. it was an awesome piece of work, if i may say so. and i wasn't the only one thinking that, since showing the page off landed me my first two or three programming jobs, right out of highschool. 10 minutes of smalltalk, then they asked about my knowledge, i whipped up that site and gave a short walkthrough talking a bit about how the most interesting pieces were implemented, done, hired XD

those were good times, when I still felt like the programmer whiz kid =D

as i said, worth every second, every drop of sweat, every torn hair, several times over, even though "actual net financial profit" was around minus two hundred euro paid for those two or three years of hosting.

What it's like to be a network
engineer...translated into normal people speak
User: I think we are having a major road issue,

Me: What? No, I just checked, the roads are
fine. I was actually just on the roads.

User: No, I'm pretty sure the roads are down
because I'm not getting pizzas.

Me: Everything else on the roads is fine. What
do you mean you aren't getting pizzas?

User: I used to get pizzas when I ordered
them, now I'm not getting them. It has to be a
road issue.

Me: As I said, the roads are fine. Where are
you getting pizzas from?

User: I'm not really sure. Can you check all
places that deliver pizzas?

Me: No I don't even know all the places that
deliver pizza. You need to narrow it down.

User: I think it is Subway.

Me: Okay, I'll check...No, I just looked and
Subway doesn't deliver pizzas.

User: I'm pretty sure it is Subway. Can you just
allow all food from Subway and we can see if
pizza shows up?

Me: Sigh, fine I've allowed all food from
Subway, but I don't think that is the issue.

Usher: Yeah I'm still not getting pizza. Can you
check the roads?

Me: It's not the roads, the roads are fine. I'm
pretty sure Subway isn't the place.

User: Okay, I found it. It's Papa Johns.

Me: Okay, I looked and Papa Johns does
deliver pizza. Is it the local Papa Johns or one
in a different town?

User: I don't know. Can you allow pizza from
all Papa Johns to me?

Me: No I can't do that. Can you get me an
address for Papa Johns?

User: No, I only know it as Papa Johns. Can
you get me all the addresses of all Papa Johns
and I'll tell you if one of them is correct?

Me: No, I don't have time for that. Okay, I
looked at the local one and it looks like they
have sent you pizza in the past and they are
currently allowed to send you pizzas. Try
ordering a pizza while I watch.

Usher: Yeah still no pizza. I'm guessing they
are getting blocked at the freeway. Can you
check the freeway to make sure they can get
through?

Me: No, this is a local delivery. They aren't
even using the freeway.

User: Okay, well then it has to be a road issue,

Me: No, the roads are fine. Okay, I just drove
from the Papa Johns to the address they have
on file for you and there is nothing there.

User: Hmm, wait we did move recently.

Me: Did you give your new address to Papa,
Johns?

User: No, I just thought they would be able to
look me up by name.

Me: No they need your new address. What's
your new address?
User: I'm not really sure. Can you look it up?

Me: Sigh, give me a second...Okay, I found
your address and gave it to Papa Johns. Try
ordering a pizza now.

User: HEY! PIZZA JUST SHOWED UP!
Me: Okay, good.

User: (To everyone else they know) I apologize
for the delay in the pizza but there was a major
road issue that was preventing the pizza from
getting to me. The network engineer has fixed
the roads and we are able to get pizza again.

Me: But it wasn't the roads...whatever.

User: Oh, can you also check on an issue
where Chinese food isn't getting to me? think
it may be a road issue

Didn't know how difficult is to work with UDP protocol, doing local tests between two PCs in the same network it works well but, connecting to a public server over the internet has become a PITA, you have to do some shit like hole punching or UPnP(some routers but accoding to some users on the net is not reliable) or some others shit in order to connect it

And all that is because how NAT and UDP works, libs like libtorrent(C++) can connect using NAT-PMP, PCP and UPnP, but nothing in C# that can help with that, this is a game of pure guessing

rant && what do you think?

so one of our ISP (Orange Slovakia) had troubles with service for like two days. Their DNS servers translated domains to IPs reaaally slow or not at all. So when i saw the dns error in chrome (yes i use chrome and not quantum) I changed my dns to google dns and ignored it.

Two days later when the service was back up and running, this ISP went to the local media and made a statement "we had a DDOS attack, no user data were harmed, blabla" that was when my BS radar went bananas... so somebody DDOSd your DNS server ... for two fucking days straight... this is probably a lie or they have really noob engineers (or both).

I'm not an expert on network services or routing, or servers but, how about turning off this server, IP and setting up a backup on a different IP ? Possibly anyone here with experience how to handle DDOS? Whats the chance of this happening? i'm really curious

So excited about my project !
It's about securing file transfer within local network.
Clients are android devices and there is a linux system as a server which handles file and public key transfer between clients .

Any idea about making it cooler ?

So, I was working on my code base and wanted to update my remote with the local changes. I issued the git push command but it just remained unresponsive, no error-nothing. (I use bitbucket as remote host). This was strange, even enabling verbose option didn't tell me anything useful apart from usual 'pushing this to that' sort of response. I checked internet connectivity on my system. It's fine. I restarted my network-mananger just in case, tried if ping, telnet and other tools were working. Everything seemed fine.

Well, it turns out for a major portion of the day bitbucket was having issue with ssh connection. Finally I added https remote and was able to push my changes using 'username', 'password' route.

It wasted a good portion of my time today!!

I have been in work 25 minutes before my colleague asks me to help him save and email a file to someone, AGAIN. I have showed them so many times how to do it but they keep losing the file (saving it to the local disk rather than network so they cant find it then forgot how to export the file as a PDF)

The most stressful day of month.
I need to put hours into hour counting programs so computer can analyze those hours using deep learning algorithms and pay me a wage I don't deserve.

Each program work differently.
One of it works inside the local company network.
Other one I need to connect outside from company network.
In all of them I can't make mistake or I need to write to someone to fix my mistakes.
One of this programs use java applet, other is simple php website.
One of them blocks row in calendar when I click so when I login again and click I can't edit this row because it's locked by me who is editing this row.
One of them is requesting me to provide my work in minutes.
I need to follow strict procedures to report any holidays or national holidays that I need first figure out when they happen.
Wish me luck.

Disclaimer: Technically it's not "our" stack, but we have to use it so....

A webapp we built runs inside the company's network we built it for. Their IT are windows lovers, so everything has to run on Windows servers, even the tablets which are used to access said web app need to have windows.
Their company network isn't accessable from the outside world, so we have access via VPN to get into their network. But this isn't enough to access that shitty windows server our software runs on. After that VPN, you have to connect to a different VPN to which you can only connect to while you're inside the company's network. Then you have access to two servers, one the application is running on and one, well to see if you're changes were deployed correctly because the production server doesn't have a browser on it other than shitty internet explorer 8.

The only way to connect to the server is using RDP. Not even samba or so. To deploy the changes we made to our app, you need to copy paste the files from your local machine to the server. And don't get me started on running mssql migration with the shitty mssql console 😤😤

Why would anyone who isn't a complete idiot use Windows for servers or mssql in the first place????

Recently I've been tasked with setting up of a small /mid-size infrastructure and I've been documenting things like infrastructure design, network configuration all the way to playbooks and cluster configuration.
Since I just started with this, until now I have been doing this in a Google doc / some spread around markdown files. I would like to have a better way of having this documentation hosted internally..
I have been playing around with local installations of rtd, gitbook and mkdocs. So far, I've liked the simplicity and customizability of mkdocs.

Any other options before I commit myself to mkdocs?

MacOS terminal -> Windows 10 Local Network -> Ubuntu session. Every key I strike gets touched by three different operating systems running on my desk.

Goddammit have tried for several days to get a vpn up and running so we can have a mac as build server.

I have opened the ports on the router, tried l2tp and openvpn, everything works on the local network.

However accessing my static ip from my ISP, it just gives me weird errors from the devices no information. Goddammit what to do....

Not a rant more like a question

Hello devRant,
I am currently planning to purchase a small home server + media client (with Kodi).

A small Linux Distro running the Hometheateroftware Kodi will run on the media clients (Odroid C2). The control is then over an app over the local network. The database of Kodi should be on the server in the form of a MySQL database. The movies, pictures, music are also streamed by the server (max. 2 simultaneously) via SMB (simplest variant). In addition, the server is to be accessible to the outside via a web interface to act as a cloud (maybe nextcloud). The whole should be optimized for stability and longevity. In addition, a small GitLab CE instance will probably run on the server. Do you have any comments or objections? The fact that I only take 2x ne 2 TB hard drive has the simple reason that I currently have no need for more space. Sometimes it happens to me that I forget completely obvious things :D

I knew programming was for me, MUCH later in life.

I loved playing with computers growing up but it wasn't until college that I tried programming ... and failed...

At the college I was at the first class you took was a class about C. It was taught by someone who 'just gets it', read from a old dusty book about C, that assumes you already know C... programming concepts and a ton more. It was horrible. He read from the book, then gave you your assignment and off you went.

This was before the age when the internet had a lot of good data available on programming. And it didn't help that I was a terrible student. I wasn't mature enough, I had no attention span.

So I decide programming is not for me and i drop out of school and through some lucky events I went on to make a good career in the tech world in networking. Good income and working with good people and all that.

Then after age 40... I'm at a company who is acquired (approved by the Trump administration ... who said there would be lots of great jobs) and they laid most people off.

I wasn't too sad about the layoffs that we knew were comming, it was a good career but I was tiring on the network / tech support world. If you think tech debt is bad, try working in networking land where every protocols shortcomings are 40+ years in the making and they can't be fixed ... without another layer of 20 year old bad ideas... and there's just no way out.

It was also an area where at most companies even where those staff are valued, eventually they decide you're just 'maintenance'.

I had worked really closely with the developers at this company, and I found they got along with me, and I got along with them to the point that they asked some issues be assigned to me. I could spot patterns in bugs and provide engineering data they wanted (accurate / logical troubleshooting, clear documentation, no guessing, tell them "i don't know" when I really don't ... surprising how few people do that).

We had such a good relationship that the directors in my department couldn't get a hold of engineering resources when they wanted ... but engineering would always answer my "Bro, you're going to want to be ready for this one, here's the details..." calls.

I hadn't seen their code ever (it was closely guarded) ... but I felt like I 'knew' it.

But no matter how valuable I was to the engineering teams I was in support... not engineering and thus I was expendable / our department was seen / treated as a cost center.

So as layoff time drew near I knew I liked working with the engineering team and I wondered what to do and I thought maybe I'd take a shot at programming while I had time at work. I read a bunch on the internet and played with some JavaScript as it was super accessible and ... found a whole community that was a hell of a lot more helpful than in my college years and all sorts of info on the internet.

So I do a bunch of stuff online and I'm enjoying it, but I also want a classroom experience to get questions answered and etc.

Unfortunately, as far as in person options are it felt like me it was:

- Go back to college for years ---- un no I've got fam and kids.

- Bootcamps, who have pretty mixed (i'm being nice) reputations.

So layoff time comes, I was really fortunate to get a good severance so I've got time ... but not go back to college time.

So I sign up for the canned bootcamp at my local university.

I could go on for ages about how everyone who hates boot camps is wrong ... and right about them. But I'll skip that for now and say that ... I actually had a great time.

I (and the handful of capable folks in the class) found that while we weren't great students in the past ... we were suddenly super excited about going to class every day and having someone drop knowledge on us each day was ultra motivating.

After that I picked up my first job and it has been fun since then. I like fixing stuff, I like making it 'better' and easier to use (for me, coworkers, and the customer) and it's fun learning / trying new things all the time.

i need an adult. I know noone who would understand my worries, so you guys need to be it.

i have a nextcloud running on my raspberry pi. performance is horrible, dont ask, but it works.

i mostly use it to backup the photos of my phone sd card every night when my phone charges. Internally this works good. If i am elseplace it wont for obvious reasons.

In my youthful joy of doom i opened port 443 and forward it to my raspi. I get internet via cable and my ip is pretty much static (it was the same for 10 months). So external access is provided.

Now i thought, its stupid that i cannot sign an ssl certificate cause i dont have a domain. Lets buy domain. But before i do that i did some try runs with duckdns to test the principle.

Some back and forth, it works now. Pretty god, i could even make a cron job on the raspbi to renew (that should work right?). Only problem. randoname.duckdns.org doesnt work internally. Or should not at least.

So i googled a bit and it turns out that my router (a cable fritz!box i bought myself) can be a local network dns. Or cannot. Regardless what i try, it doesnt accept the changed config file.

Now the problem.

It works anyway. randoname.duckdns.org points to my external "static" ip and resolves to that from my internal network..so it works on my phone or laptop. if i traceroute the thing it goes via two hops out and finishes in less than 1ms.

Now to the problem:
I have no fokkin clue why. The expected behaviour would be that it shouldnt work. If i do what i intended todo on pc in the hosts file tracert works correctly, directly pointing to the internal ip.

What i cannot figure out, is it the fritz!box being smart? Is it my ISP being smart?

Reason to rant: i have absolutly NOONE to ask, i know not a single person who would even understand what troubles me. I want to learn, i want to know WHY not just some mindless russian patchwork of "if it works its good enough".

thats depressing.

I was trying to set up my own "cloud" for iot experiments. I planned to use Intel Edison with mqtt broker (using mosca) and a node js app for providing API for mobiles and browser. And also to do other book keeping.

I spent the half day trying figure how to expose these servers to internet.

I configured ddns in noip.com and ddns settings configured to it in my router.
Port forwarded to the local server services I needed.

And then tested. Worked perfectly on any device in my router connected network. Tested on mobile network. Bam! It fucking doesn't work.

Then connected another router.
Double port forwarded. Again worked perfectly on router network. And failed on mobile.
Tested if ddns is right. Did nslookup it was fine as fuck.
Then disabled port forwarding. Did dmz. Nope. Nadda. No luck.

Then scratched my head so hard that I lost more already losing hairs.

Then remembered about router hardware firewall. Disabled it.
Tested
And there it didn't work.
My dreams shattered like a fucking deer hit by car on highway.
Didn't work.
Then I see the IP pointing to my router in nslookup. Its 172.20.xx.xx. Its a fucking private IP.

My Asshole ISP is running another private network behind firewall. Which I fucking can't port forward
Now I think how much of a noob and idiot I am. Fuck this shit. Fuck all of these shit.
I am going for SaaS option for mqtt broker.
(Or help me?)
Once again.
Asshole ISP.
Fuck your firewall.
(PS: I had test the next day. FML)

i want to find the person who proposed to force mtp in android for file transfers, and bash them in the head with a plush android toy till they're knocked unconscious.

all i want is to make a file transfer between my phone and my computer, and rather than plugging my phone's usb, i find it easier to set up an ftp server over local network. and when that doesn't work, i might as well hexdump the file, and copy it char-by-char manually, than use mtp.

TFW you have to ask if Google is ACTUALLY down, or if you messed up your local network settings and cut yourself off from half of the Internet again.

So recently I've been feeling like I fooled myself into thinking I'm any good at anything regarding development.

Today I tried to deploy a Console Application that would run nightly. The production systems are much more guarded, as it should be, but I should still be able to schedule a windows task (yeah yeah, windows servers, not the time Linux fanboys and not my choice :P) no problem.

Except I didn't expect that network users can't run jobs, because of a Group Policy about saving passwords on network accounts.

I expected a local administrator account to be available, and it wasn't.

Also a web API isn't available, even though I could telnet to the address on port 443 (HTTPS). A proxy apparently accepts all HTTP/HTTPS traffic and so on.

All this I feel like I should have known....

So am I in my own head, or am I right in thinking maybe I'm not "pro" development yet? Maybe I don't deserve to be "pro".

Thoughts?

Is there a file manager which let me manage all my cloud drive , local drive , network drive in one place?

I was asked to fix our complete network. We have multiple SSID for different floors. All of the equipment needs an external controller for management (ubiquiti unifi). Originally when it was configured, the controller was hosted on a local work pc with dynamic up, so the equipments tries to connect to different ips, and the controller does not exist anymore. All of the documentation is on a single side of a single Post-It note... Beautiful...

sorry, search engines were not helpful. does anyone know of a lightweight browser that doesn't need installing but stores everything in the os user directory?

i have no it-permissions but want to provide my department with a suitable browser. we have ie and edge, but the latter deletes everything on closing which makes it unusable for my usecase and the it is not willing to set this up different.

ff portable can not be run from a read-only-folder and any other scenario either needs installing on every terminal or does not handle different profiles which is essential. i read that this is the case for any portable browser.

i'd like to set it up properly with neccessary start page, favourites, adblocker and so on but just in one network directory for maintainance reasons.

we run a web based application strictly local but each windows-user-account must have their own setting in this app (cookies or preferably webstorage).

am i asking too much for?

External Storage recommendation questions.

Im in need of some sort of external storage, either a harddrive or a NAS server, but idk what to get.

Price should be reasonable for the security and storage space it gives, so heres what i figured so far for pros and cons:

NAS Server:
+ Bigger capacity
+ Raid option
+ Easily expandable
+ Always accessible via the network (local)

- Difficult to transport (not gonna do that, but still)
- Expensive
- Physically larger
- Consumes power 24/7 (i dont pay for power currently)

Harddrive:
+ Easy to pack away and transport
+ Cheaper

- If drive fails, youre fucked
- If you want larger capacity, you end up with two external backups

What do you guys do? Im not sure what i should do :i
Any advice is appreciated.

It will be used for external backup, as mentioned. For my server and my own pc.

So as a personal project for work I decided to start data logging facility variables, it's something that we might need to pickup at some point in the future so decided to take the initiative since I'm the new guy.
I setup some basic current loop sensors are things like gas line pressures for bulk nitrogen and compressed air but decided to go with a more advanced system for logging the temperature and humidity in the labs. These sensors come with 'software' it's a web site you host internally. Cool so I just need to build a simple web server to run these PoE sensors. No big deal right, it's just an IIS service. Months after ordering Server 2019 though SSC I get 4 activation codes 2 MAK and 2 KMS. I won the lottery now i just have to download the server 2019 retail ISO and... Won't take the keys. Back to purchasing, "oh I can download that for you, what key is yours". Um... I dunno you sent me 4 Can I just get the link, "well you have to have a login". Ok what building are you in I'll drive over with a USB key (hoping there on the same campus), "the download keeps stopping, I'll contact the IT service in your building". a week later I get an install ISO and still no one knows that key is mine. Local IT service suggests it's probably a MAK key since I originally got a quote for a retail copy and we don't run a KMS server on the network I'm using for testing. We'll doesn't windows reject all 4 keys then proceed to register with a non-existent KMS server on the network I'm using for testing. Great so now this server that is supposed to connected to a private network for the sensors and use the second NIC for an internet connection has to be connected to the old network that I'm using for testing because that's where the KMS server seems to be. Ok no big deal the old network has internet except the powers that be want to migrate everything to the new more secure network but I still need to be connected to the KMS server because they sent me the wrong key. So I'm up to three network cards and some of my basic sensors are running on yet another network and I want to migrate the management software to this hardware to have all my data logging in one system. I had to label the Ethernet ports so I could hand over the hardware for certification and security scans.

So at this point I have my system running with a couple sensors setup with static IP's because I haven't had time to setup the DNS for the private network the sensors run on. Local IT goes to install McAfee and can't because it isn't compatible with anything after 1809 or later, I get a message back that " we only support up to 1709" I point out that it's server 2019, "Oh yeah, let me ask about that" a bunch of back and forth ensues and finally Local IT get's a version of McAfee that will install, runs security scan again i get a message back. " There are two high risk issues on your server", my blood pressure is getting high as well. The risks there looking at McAfee versions are out of date and windows Defender is disabled (because of McAfee).

There's a low risk issue as well, something relating to the DNS service I didn't fully setup. I tell local IT just disable it for now, then think we'll heck I'll remote in and do it. Nope can't remote into my server, oh they renamed it well that's lot going to stay that way but whatever oh here's the IP they assigned it, nope cant remote in no privileges. Ok so I run up three flights of stairs to local IT before they leave for the day log into my server yup RDP is enabled, odd but whatever let's delete the DNS role for now, nope you don't have admin privileges. Now I'm really getting displeased, I can;t have admin privileges on the network you want me to use to support the service on a system you can't support and I'm supposed to believe you can migrate the life safety systems you want us to move. I'm using my system to prove that the 2FA system works, at this rate I'm going to have 2FA access to a completely worthless broken system in a few years. good thing I rebuilt the whole server in a VM I'm planning to deploy before I get the official one back. I'm skipping a lot of the ridiculous back and forth conversations because the more I think about it the more irritated I get.

I created a django app for event management for our college's event. Initially planned to host it on local network. But seems like college local infrastructure is not that capable. So I am thinking to host it online. Is there any free or dead cheap hosting for 5 days that can handle 1000 requests per day.

If workspace has Macs connected in local network.
Use ssh to your colleague's mac and make Mac "say weird embarrassing noises" ( if you know what i mean )

Does anyone have any ideas on how to decrease latency of audio multicast via pulseaudio?

Currently having a non uniform latency of 1-10 seconds

This is in case of local network

Relatively often the OpenLDAP server (slapd) behaves a bit strange.

While it is little bit slow (I didn't do a benchmark but Active Directory seemed to be a bit faster but has other quirks is Windows only) with a small amount of users it's fine. slapd is the reference implementation of the LDAP protocol and I didn't expect it to be much better.

Some years ago slapd migrated to a different configuration style - instead of a configuration file and a required restart after every change made, it now uses an additional database for "live" configuration which also allows the deployment of multiple servers with the same configuration (I guess this is nice for larger setups). Many documentations online do not reflect the new configuration and so using the new configuration style requires some knowledge of LDAP itself.
It is possible to revert to the old file based method but the possibility might be removed by any future version - and restarts may take a little bit longer. So I guess, don't do that?

To access the configuration over the network (only using the command line on the server to edit the configuration is sometimes a bit... annoying) an additional internal user has to be created in the configuration database (while working on the local machine as root you are authenticated over a unix domain socket). I mean, I had to creat an administration user during the installation of the service but apparently this only for the main database...

The password in the configuration can be hashed as usual - but strangely it does only accept hashes of some passwords (a hashed version of "123456" is accepted but not hashes of different password, I mean what the...?) so I have to use a single plaintext password... (secure password hashing works for normal user and normal admin accounts).

But even worse are the default logging options: By default (atleast on Debian) the log level is set to DEBUG. Additionally if slapd detects optimization opportunities it writes them to the logs - at least once per connection, if not per query. Together with an application that did alot of connections and queries (this was not intendet and got fixed later) THIS RESULTED IN 32 GB LOG FILES IN ≤ 24 HOURS! - enough to fill up the disk and to crash other services (lessons learned: add more monitoring, monitoring, and monitoring and /var/log should be an extra partition). I mean logging optimization hints is certainly nice - it runs faster now (again, I did not do any benchmarks) - but ther verbosity was way too high.

The worst parts are the error messages: When entering a query string with a syntax errors, slapd returns the error code 80 without any additional text - the documentation reveals SO MUCH BETTER meaning: "other error", THIS IS SO HELPFULL... In the end I was able to find the reason why the input was rejected but in my experience the most error messages are little bit more precise.

Some crazy Thing here in my Local network...

Used a GUI to merge branches today. I managed to create a local branch with the same name. Merge my changes into that. Then merge my local into the remote of the same name. The network graph is a little crazy right now.

I have the following scenario with a proposed solution, can anyone please confirm it is a secure choice:
- We have critical API keys that we do not want to ship with the app because de-compiling will give access to those keys, and the request is done before the user logs in, we are dealing with guests

Solution:
- Add a Lambda function which accepts requests from the app and returns the API keys
- Lambda will accept the following:
1. Android app signing key sha1
2. iOS signing certificate sha1
- If lambda was able to validate them API keys are sent back.

My concerns:
- Can an attacker read the request from the original (non-tampered) apk and see what the actual sha1 value is on his local network?
- If the answer to the question above is yes, what is the recommended way to validate that the request received is actually from the app that we shipped and not from curl/postman/script/modified version of the app

Does anyone know of a simple facial recognition program that I could train locally on a set of people’s faces?
I’m tasked with culling through a few hundred photos to find ones of certain people. I need the originals taken off the network drive and copied to a hard-disk.

Guys what do you use to connect to a linux machine in a local network? I'm aware of the existence of VNC however I don't want to go outside the lan over the internet and back in to view the desktop , i want simply to enter 192.168.1.10 and access it within my lan...

Serious question - how does one learn basics of higher level networking, beyond stuff I can mess with on my local machine?

Today, I was completely caught off guard when I had to set up BGP-based loadbalancing on a machine and I just... Didn't know how the whole topology looks or behaves...

Once I go beyond the server in the network, I tend to get lost. Especially around how routing works and stuff like that... All I know is my machine has one or more gateways to which it sends data going to specific network segments...

I may need some ideas for a personal project in mind:
I plan to have a server that shall connect to a usb stick/device, the usb is plugged to a TV. The usb device can create its own local wifi network which provides CRUD on media files via REST. My own server should be accessible via the internet, but at the same time connect to the local usb wifi, once the usb wifi is available, and then send requests to it. Kind of a user-friendly bridge.
There's a PC near the device, almost always turned on. It's used by family members as regular office machine and could run a local server. What if as remotely accessible server? Then what about DOS attacks? (Would that "kill" the PC?)
An alternative would be a separate server. A raspberry pi? A dedicated server?

Just built out my first app using Cloudflare Workers, Typescript, and DurableObjects. Holy shit, this is nice stuff.

It's taken little to no time to build out:

* JSON API written in Typescript
* JWT verification against my OAuth backend (SAML support too)
* CI Automated Deployments including unit tests
* DurableObject support
* 3rd party HTTP calls + caching (built in to the framework!) to reduce network latency and hiccups.
* Cron-like tasks on each stored object so they can awaken the app on a schedule and update themselves as necessary
* Rapid deployment to new environments

The local testing with coordinated "miniflare" is dreamy too.

Uri Josef Drucker - Information
Uri Josef Drucker, nicknamed Uri Drucker, or just Drucker is an entrepreneur with many years of experience across different markets.

Drucker formed a company in 1984, producing a range of women’s hygiene products, employing over 100 staff. The products were distributed across Israel and Europe. The company was sold with a successful exit in the 1990’s.

Uri Josef Drucker produced, printed, and distributed a newspaper called ‘The Main Issue’ for 10 years. The paper focused on regional municipal and environmental issues and was successfully sold in 2015 and is still printing to this day. The production was based in Kiryat Tivon, near Haifa, Israel.

Uri Drucker has been living in Kiryat Tivon for many years and was born as Uri Josef Drucker in the city of Haifa, Israel.
Drucker was also a political candidate for the local elections in Kiryat Tivon in 2018. During the race, Drucker connected to many people in his town and managed to increase his great ability of listening to others and giving satisfying solutions to common issues. Although he did not win the local elections, Uri Drucker continues giving to his community until this day.

If you want to learn more about Uri Josef Drucker, you should also visit Uri Josef Drucker's social media profile pages. The links to Drucker’s social media profiles are listed at the bottom of this page.

Also, you can feel free to message Drucker in his various profile pages and please be sure to follow him or add him as your friend on Social media. Connect with Drucker and send him a message for any questions, inquiries, or just to chat.

It’s very important to state that Uri Josef Drucker can be found online in many different social media websites and he will do his best to answer you in each and every single one, so connect to him on your favorite network

Take into account that this website profile is solely dedicated to Uri Josef Drucker, but he does not manage it personally and it might take him time to respond.

Please note that Uri Drucker is not responsible for creating this profile and we can not guarantee that Uri Josef Drucker will indeed reply here. If you want Uri Drucker to contact you back, please visit some of his other profile pages that represent Uri Josef Drucker and try to contact him there, as if he doesn’t answer in one profile, he will surely answer in another one.
Drucker has over 50 social media profiles in order to satisfy different people that use different websites.