So, since I hear from a lot of people (on here and irl) that Linux has a 'very high learning curve', let me share my experiences with the first time my dad touched Linux (Elementary OS) without me interfering at all! (keep in mind that he is very a-technical)

*le me boots the system* (I already did setup a user account for him and gave him the password).

Dad: *enters password and presses enter*
Me: "Hmm that went faster than expected."
Dad: "Uhm I know how to login son, it's not that hard and pretty obvious".
Me: "Alright, why don't you try to open up the default word documents editor on here! I'll be right back!"
Me: *Goes away and returns after a minute*.
Dad: *already a few test sentences typed in LibreOffice writer* it's going pretty well :)!
Me: "Oo how did you find that?!"
Dad: "Well, there's a thingy that says 'applications' so I clicked in and found it in the "Office" section, do you think I am blind or something?!"
Me: 😐. uhm no but I just didn't think you'd find it that quickly. Now try to install Chromium browser! *thinking: he'll fail this one for sure* I'll be right back :).
Me: *returns again after a minute or so*
Dad: *already searching for stuff through Chromium*
Me: "wait, how the hell did you do that so quickly, it's not the easiest thingy for most people".
Dad: "Jesus, it's not that hard! I went to the application browsing thingy, typed 'software' and then a sorta software store icon showed up so I clicked it and it opened a windows with a search bar saying something like 'search for applications/software'. clicked in it, typed 'chromium', saw it coming up, there was a very clear 'install' button, it asked for my password, I put it in and after a little it gave a notification that it was installed. Then I went to that application browsing thingy again and typed Chromium. Then I hit enter because it selected an icon called chromium...."
Me: O.o. Okay this is going very good, now open an email client and login to your email address!
Dad: *goes to application browsing thingy, types 'email', evolution icon shows up, dad clicks it, email address setup steps show up and dad follows them quickly. After about a minute, everything is setup.

I expected this to be a hard process for someone who dealt with Windows his entire life but damn, I underestimated it.
Asked him if he found it easy/what he liked about it:
"Well, it's very clear where I can find everything, default browser/email/word document editor programs are easy to find and that's about all I need so yeah, great system!"

I am proud of you, dad!

UN: admin
PW: password

Best part about the covid19 manufactured crisis?
Liquor stores deliver. Worst part about liquor stores delivering? Needing to use their shoddy websites.

I've been using a particular store (Total Wines) since they're cheaper than the rest and have better selection; it's quite literally a large warehouse made to look like a store.

Their website tries really hard to look professional, too, but it's just not. It took me two days to order, and not just from lack of time -- though from working 14 hour days, that's a factor.

Signing up was difficult. Your username is an email address, but you can't use comments because the server 500s, making the ajax call produce a wonderfully ambiguous error message. It also fades the page out like it's waiting on something, but that fade is on top of the error modal too. Similar error with the password field, though I don't remember how I triggered it.

Signing up also requires agreeing to subscribe to their newsletter. it's technically an opt-in, but not opting-in doesn't allow you to proceed. Same with opting-in to receiving a text notification when your order is ready for pickup -- you also opt-in to reciving SMS spam.

Another issue: After signing up, you start to navigate through the paginated product list. Every page change scrolls you to the exact middle of the next page. Not deliberatly; the UI loads first, and the browser gets as close as it can to your previous position -- which was below that as the pagination is at the bottom -- and then the products populate after. But regardless of why, there is no worse place to start because now you must scroll in both directions to view the products. If it stayed at the very bottom, it would at least mean you only need to scroll upwards to look at everything on the page. Minor, but increasingly irritating.

Also, they have like 198 pages of spirits alone because each size is unique entry. A 50ml, 350ml, 500ml, 750ml, 1000ml, and 1750ml bottle of e.g. Tito's vodka isn't one product, it's six. and they're sorted seemingly randomly. I think it's by available stock, looking back.

If you fancy a product, you can click on it for a detail page. Said detail page lists the various sizes in a dropdown, but they're not sorted correctly either, and changing sizes triggers a page reload, which leads to another problem:

if you navigate to more than a few pages within a 10 or so second window, the site accuses you of using browser automation. No captcha here, just a "click me for five seconds" button. However, it (usually) also triggers the check on every other tab you have open after its next nagivation.

That product page also randomly doesn't work. I haven't narrowed it down, but it will randomly decide to start failing, and won't stop failing for hours. It renders the page just fine, then immediately replaces it with a blank page. When it's failing, the only way to interact with the page is a perfectly-timed [esc], which can (and usually does) break all other page functionality, too. Absolutely great when you need to re-add everything from a stale copy of your signed-out cart living in another tab. More on that later. And don't forget to slow down to bypass the "browser automation" check, too!

Oh, and if you're using container tabs, make sure to open new tabs in the SAME container, as any request from the same IP without the login cookie will usually trigger that "browser automation" response, too.

The site also randomly signs you out, but allows you to continue amassing your cart. You'd think this is a good thing until you choose to sign in again... which empties your cart. It's like they don't want to make a sale at all.

The site also randomly forgets your name, replacing it with "null." My screen currently says "Hello, null". Hello, cruft!

It took me two days to order.
Mostly from lack of time, as i've been pulling 14 hour shifts lately trying to get everything done. but the sheer number of bugs certainly wasted most of what little time i had left. Now I definitely need a drink.

But maybe putting up with all of this is worthwhile because of their loyalty program? Apparently if you spend $500, you can take $5 off your next purchase! Yay! 1%! And your points expire! There are three levels; maybe it gets better. Level zero is for everyone; $0 requirement. There are also levels at $500 and $2500. That last one is seriously 5x more than the first paid level. and what does it earn you? A 'free' magazine subscription, 'free' classes (they're usually like $20-$50 iirc), and a 'free' grab bag (a $2.99 value!) twice per month. All for spending $2500. What a steal. It reminds me of Candy Crush's 3-star system where the first two stars are trivial, and the third is usually a difficult stretch goal. But here it's just thinly-veiled manipulation with no benefit.

I can tell they're employing some "smarketing" people with big ideas (read: stolen mistakes), but it's just such a fail.

The whole thing is a fail.

!!oracle

I'm trying to install a minecraft modpack to play with a friend, and I'm super psyced about it. According to the modpack instructions, the first step is to download the java8 jre. Not sure if I actually need it or not, but it can download while I'm doing everything else, so I dutifully go to the download page and find the appropriate version. The download link does point to the file, but redirects to a login page instead. Apparently I need an oracle account to download anything on their site. stupid.

So I make an account. It requires my life story, or at least full name and address and phone number. stupid. So my name is now "fuck off" and I live in Hell, Michigan. My email is also "gofuckyourself" because I'm feeling spiteful. Also, for some reason every character takes about 3/4ths of a second to type, so it's very slow going. Passwords also cannot contain spaces, which makes me think they're doing some stupid "security" shenanigans like custom reversible encryption with some 5th grade math. or they're just stupid. Whatever, I make the stupid account.

Afterwards, I try to log in, but apparently my browser-saved credentials are wrong? I try a few more times, try enabling all of the javascripts, etc. No beans. Okay, maybe I can't use it until I verify the email? That actually makes some sense. Fine, I go check the throwaway inbox. No verification email. It's been like five minutes, but it's oracle so they probably just failed at it like everything else, so I try to have them resend the email. I find the resend link, and try it. Every time I enter my email address, though, it either gives me a validation error or a server error. I try a few mores times, and give up. I try to log in again; no dice. Giving up, I go do something else for awhile.

On a whim later, I check for the verification email again. Apparently it just takes bloody forever, but it did show up. Except instead of the first name "Fuck" I entered, I'm now "Andrew", apparently. okay.... whatever. I click the verify button anyway, and to my surprise it actually works, and says that I'm now allowed to use my account. Yay!

So, I go back to the login page (from the download link) and enter my credentials. A new error appears! I cannot use redirects, apparently, and "must type in the page address I want to visit manually." huh? okay, i go to the page directly, and see the same bloody error because of course i do because oracle fucking sucks. So I close the page, go back to the download list, click the link, wait for the login page redirect (which is so totally not allowed, apparently, except it works and manual navigation does not. yay backwards!), and try to log in.

Instead of being presented with an error because of the redirect, it lets me (try to) log in. But despite using prefilled creds (and also copy/pasting), it tells me they're invalid. I open a new tab container, clear the cache (just to be thorough), and repeat the above steps. This time it redirects me to a single signon server page (their concept of oauth), and presents me with a system error telling me to contact "the Administrator." -.- Any second attempts, refreshes, etc. just display the same error.

Further attempts to log in from the download page fail with the same invalid credentials error as before.

Fucking oracle and their reverse Midas touch.

Client: I can't login with my lastpass
Me: Oh, why not, how are you trying?
Client: So, I've entered my lastpass password into my bank account, and it says 'wrong login credentials'
Me: °-°

Great finaly get away on vacation 2weeks of just realaxing, 30min before leaving to the airport i get a sms from my server one of my main hard drives fail. No problem just need to swap the drive and start the recover at the airport.
At the airport i connect to my home vpn and start the recovery everything works fine just need to restart the server when done ~12h. next day im in the hotell and my vpn does not accept my connection, okey might be the hotell that block vpn connections i try my external vpn and it works and i try to connect home when i get a lovley text from my server "login attempt has failed from ip:x" then it hits me i have forgotten to add to whitelist. Outsmarted myself to just let i be.
So i finally get 2 weeks off and nothing i can do about it.

If($password = $password2) {
//login
}

Keep in mind that password is the salted and hashed input and password2 is the Salter and hashed pw in the database...

Who needs passwords am I right?

I looked into the code of the website of our company. One of the first things I found was that the Login was hardcoded with clear passwords. So everytime a new user needs an account the code has to change.

I still can't understand how people can do that.

Always back up your data.

I came to my computer earlier today to find it on my Linux login screen. This could only mean one thing: something went horribly wrong.

Let me explain.

I have my BIOS set up to boot into Windows automatically. The exception is a reboot or something horrible happens and the computer crashes. Then, it boots me into Linux. Due to a hardware issue I never looked into, I have to be present to push F1 to allow the computer to start. The fact that it rebooted successfully, without me present, into *Linux*, could only mean one thing:

My primary hard drive died and was no longer bootable.

The warning was the BIOS telling me the drive was likely to fail ("Device Error" doesn't really tell me anything to be fair).

The massive wave of panic hit me.

I rebooted in hopes of reviving the drive. No dice.

I rebooted again. The drive appeared.

Let's see how much data I can recover from it before I can no longer mount it. Hopefully, I can come out of this relatively unscathed.

The drive in question is a 10 year old 1.5 TB Seagate drive that came with the computer. It served me well.

Press F to pay respects I guess.

On the bright side, I'll be getting an SSD as a replacement (probably a Samsung EVO).

tl;dr:
The Debian 10 live disc and installer say: Heavens me, just look at the time! I’m late for my <segmentation fault

—————

tl:
The Debian 10 live cd and its new “calamares” installer are both complete crap. I’ve never had any issues with installing Debian prior to this, save with getting WiFi to work (as expected). But this version? Ugh. Here are the things I’ve run into:

Unknown root password; easy enough to get around as there is no user password; still annoying after the 10th time.

Also, the login screen doesn’t work off-disc because it won’t accept a blank password, so don’t idle or you’ll get locked out.

The lock screen is overzealous and hard-locks the computer after awhile; not even the magic kernel keys work!

The live disc doesn’t have many standard utilities, or a graphical partition editor. Thankfully I’m comfortable with fdisk.

The graphical installer (calamares) randomly segfaults, even from innocuous things like clicking [change partition] when you don’t have a partition selected. Derp.

It also randomly segfaults while writing partitions to disk — usually on the second partition.

It strangely seems less likely to segfault if the partitions are already there, even if it needs to “reformat” (recreate) them.

It also defaults to using MBR instead of GPT for the partition table, despite the tooltip telling you that MBR is deprecated and limited, and that GPT is recommended for new systems. You cannot change this without doing the partitions manually.

If you do the partitions manually and it can’t figure out where to install things, it just crashes. This is great because you can’t tell it where to install things, and specifying mount points like /boot, /, and /home don’t seem to be enough.

It also tries installing 32bit grub instead of 64bit, causing the grub installer to fail.

If you tell it to install grub on /boot, it complains when that partition isn’t encrypted — fair — but if you tell it to encrypt /boot like it wants you to, it then tries installing grub on the encrypted partition it just created, apparently without decrypting it, so that obviously fails — specific error: cannot read file system.

On the rare chance that everything else goes correctly, the install process can still segfault.

The log does include entries for errors, but doesn’t include an error message. Literally: “ERROR: Installation failed:” and the log ends. Helpful!

If the installer doesn’t segfault and the install process manages to complete, the resulting install might not even boot, even when installed without any drive encryption. Why? My guess is it never bothered to install Grub, or put it in the wrong place, or didn’t mark it as bootable, or who knows what.

Even when using the live disc that includes non-free firmware (including Ath9k) it still cannot detect my wlan card (that uses Ath9k).

I’ve attempted to install thirty plus times now, and only managed to get a working install once — where I neglected to include the Ath9k firmware.

I’m now trying the cli-only installer option instead of the live session; it seems to behave at least. I’m just terrified that the resulting install will be just as unstable as the live session.

All of this to copy the contents of my encrypted disks over so I can use them on a different system. =/

I haven’t decided which I’m going with next, but likely Arch, Void, or Gentoo. I’d go with Qubes if I had more time to experiment.

But in all seriousness, the Debian devs need some serious help. I would be embarrassed if I released this quality of hot garbage.

(This same system ran both Debian 8 and 9 flawlessly for years)

This is getting annoying.

For the past >half a year I've been chasing windmills. This is what my BAU day looks like:

- We login to client's network
- We start running some Sanity tests before the actual runs (actual runs are hell of an expensive (financially and time-wise) thing to launch) to make sure environment is OK.
- Sanity tests fail. wtf? Nothing's been changed since y-day!
- Spend ~3-4 hours digging logs, code, more logs,... Apparently some genius decided to change a single parameter.
- Spend another 1-2 hours trying to work around that parameter (since apparently that genius did have a task to do that, so we'll most likely have to find a way to live with it)
- Restart the whole env (~30min).
- Launch a Smoke, Sanity tests to verify env state.
- Launch the actual test
- Go home.

Next day:
- We login to client's network
- We start running some Sanity tests before the actual runs to make sure environment is OK.
- Sanity tests pass.
- Run the actual test
- Concurrency on RDS database is sky-rocketing! WTF did that come from??? Nothing's been changed since y-day!!
- Spend ~1-2 hours looking for anything changed, dig some logs for anything unusual. Nothing.
- Escalate to DBA. 2 hours later DBA says "fix the app". thanks for nothing mate....
- Spend remaining 2 hours analysing AWR. Give up, restart the whole RDS instance. Another hour wasted.
- Time to go home. Out of curiosity run Sanity test -- all good. Run the actual test -- all good. wtf??
- Go home

Next day
- We login to client's network
- We start running some Sanity tests before the actual runs to make sure environment is OK.
- Sanity tests fail. wtf? Nothing's been changed since y-day!
- Spend ~3-4 hours digging logs, code, more logs,... Apparently some genius decided to change a single parameter.
- Spend another 1-2 hours trying to work around that parameter
- ..... I think you know where this is going.

And this keeps going on and on, day by day. Spending the better half of the day chasing windmills and doing our actual work on the last hour of the working day or even after that.

We have plenty of interesting tasks in our Jira but we're squirels spinning in the wheel and never being able to touch them.

It feels like I'm wasting my time. I could do so much more with my time!

[just needed to vent ]

For the last week or so I've been writing a userbot for Telegram. Completely from scratch, plus Telethon to not reinvent the wheel entirely. I'm coming from the codebase of an existing userbot.

That userbot is written by a good friend of mine, who makes 6 figures, and whom I respect greatly. However the code is a steaming pile of shit. Now that is not his fault, he largely inherited that code too, tried to fix it, failed, gave up.

I am reimplementing it entirely. I'm only looking at the modules, trying to understand them, and copying over the necessary bits and changing them where necessary. But I've come across some nasty shit.

Userbots often edit existing messages from real Telegram clients. They're kind of like a login to your account, but with a program rather than a regular client. You send a message from a real client, it sees it and does whatever it needs to, and edits your message to give you feedback. Which is great.

However, there's no need to do simple string edits by importing "re". So why do you? Because you're an idiot, that's why. The old bot is based on Paperplane, which in turn is based on Telethon. Why do I see function calls to Telethon in some places and Paperplane in others? Because you're an idiot, that's why. Why does the dig module fail to even give correct answers? Because you know nothing about the DNS, that's why. And you didn't learn about RRs before implementing it.

And don't you tell me that this code is shit, and this bot is slow only when I run it on a fucking Pentium. I run this shit on an i7 and CPU isn't even the issue - memory, disk and such are. If you had any clue whatsoever about efficiency, you would've known because it's blatantly obvious. There's a reason why my machines rarely go past 5% CPU utilization. It's the fastest component in the entire fucking system.

When users come and say.. hmm this application of yours, it consumes a lot of memory. It takes a long time to do X and Y and I don't quite understand why, it seems illogical. Then maybe you should go look at your code, like you would look at yourself in the mirror. And then you fucking go fix it so that I don't have to. You're an engineer just like I am. And I am not even a dev proper - I'm a sysadmin by trade. Why should I have to fix your shit for you?

Security fail here. I've just started a PPI claim and have been provided a link to a so called "very secure" client area.

There are no username or passwords and the screenshot is not a first time sign up screen.

All I need to login is a surname, postcode and DOB - all information easy enough to find online.

Pretty bad IMO, esp, so considering the effort required to add a proper login using a username/password combination.

I mean I'm logged in now and have no option to set an account password :|

!Rant #motivation #hugeProject
Yesterday i started a new app and i designed some of it but classes i coded will speed up the whole coding of other parts .
Anyways today i needed to work on the server side of the project and when i was working on setting up the databases structures i realized how big is this project (it uses like 3 APIs) so i was unmotivated because its a side project and it takes alot of time and overall it dont worth it and even app may fail or may be successful.
So i said i dont care about how it will turn out
Im gonna do it , and im gonna do it right now
So i did now its 6 am and the server part is almost finished ! 75% done .
It was a secure login system and signup with verifications and more security stuff and the codes that provide the server status and most of the user parts . And some of the features of the app .
The most hard thing remaining is to setup the in app purchases and the APIs .
So if you see a project that is huge .
Dont give up . Just do it as long as you can
And you will see how much you progress !
And the huge project will be a big project ;)
Then a normal project , then a tiny project :P
Good night

Just managed to send my password in plain text to a colleague when I ment to enter it in the login box.....

Time to change my password again.....

To be honest I forgot completely about the ducks and was kind of disappointed to see them, don't understand me wrong, its a great addition to the shop (especially to support devrant more when buying them and I will probably do too) and trogus (wow it's pronounced t-rogus) deserves a lot of respect for going through the very hard process of developing it, getting somebody to do a decent quality result etc. but I was hoping for the new site that got hyped up some time ago or some update to the app that fixes design issues on phones that have 2k resolution and no statusbar and more. ("just open a github issue" - I don't have one right now and it didn't get much attention anyway, since I am in the niche of people with those kind of setups, most people it seems have phones that can even barely run the app lol). The login still pops up each time you visit the site (basically just click it away, but it's rather annoying to have it pop up), it's nowhere near to the original app (although the native app is written in some sort of wrapper anyway?) - especially what comes to options, customizing, deactivating things, posting into categories (newest feature), getting notifications etc

There is some community builds that try to recreate a better desktop experience, but sadly fail to do so (sorry to devrantron and others, but what the fuck were you thinking when you rounded only the top right and left corner?) - since they always have something that is just thrown out to "be there" or design fails (which devrant just lacks and looks good across the board), that makes me rather cautious if that program doesn't send my credentials to some african prince. ("just look at the sourcecode", yes I have better things to do, thanks)

I could just create my own build, having to reverse engineer the whole website and app (granted, most of it are just api calls), but I simply lack the time (so I understand why my mentioned problems aren't getting really any attention or can't be implemented that fast, yet still its somewhat bugging)

I have listened to the Q&A and I know you guys are working full time at for example adobe (amazing that you both have time to be putting it towards devrant), so its not as much of a rant, just wanted to get out my disappointment about the event I felt personally. Still nice to have seen you and talk with the community a bit (although the time I feel was picked more towards your US audience rather than EU?).

Fuck ssh. It does 4 things at once and i couldn't get it to do one. I have some pi's and want a shared directory on each of them. On a server i created a user for that and mounted its home directory on a pi, it worked. I did some lockdowns (no shell, only sftp allowed, login only via keyfile), but i was still able to mount it on boot.

Now i had to migrate this setup to another server. It took me a while copying all the configuration etc. All i got for that was a error-message. I figured out the users home-directory had to be owned be root, fixed that, got another error message. Somehow scp didn't use sftp but the login shell which is /usr/sbin/nologin. That made scp (and sshfs) fail, even though it perfectly works with the other server.

I gave up and removed all the setup. I'll find another distributed filesystem for that (but not samba or nfs, those are way to complicated). Those are the setbacks that depress me.

I am the responsible for the atlassian Suite at work, as I maintain the systems, set them up, and stuff.

One day, our crowd (the authentication and authorization application) just went crazy. At like lunch time it could not connect to the AD anymore. No reasons. Throwing XSRF errors (cross site scripting), because http would connect to https. "won't do it, fuck you" it told me. Out of the blue. Noone changed anything. And yea, seriously. Noone did.
It just refused to connect (as connecting to AD is connecting yourself with you own api. And refusing yourself talking to yourself). It runs behind a proxy. Therefore http/https. Well, this worked for years. But out of sudden not anymore.

Yea. Fuck you.

It was reported some hours later, at like 3pm, as people could not login to the applications using crowd as authentication and authorization server.

Tried to debug the system, where nothing was did, to make it work. At best time to fail.

First workaround: if you are logged into one of the other applications of atlassian, just refresh the site, so your SSO token gets a refresh and you are signed on again.

Then I searched more and more. And more.
But nothing worked, nothing helped.

So I addressed an emergency maintenance, take down the whole Suite, restart crowd, to apply some changes to it's settings, not knowing what happening then, because all connections of SSO will then be released. Sent out the mail like 30 minutes beforehands.

While waiting for the window, I just typed my credentials... And redid, and redid, so to type and being bored.
Three minutes before the window...

It just worked again.

Well. Wtf. Serioudl
Just came back.

No Intrusion, no changes at all. Just came back, as nothing has happened.

Kind of best part of this story... A headhunter messaged me on my way home to offer me a job as an Atlassian Suite SysAdmin for a company, at kinda the double of my salary.

At first I was thinking to go there, and when someone then asked me sth about Atlassian just start to laugh and then leave still laughing...

But then I very nicely respond that I dont want to cry at work. And wished him best luck.

I am doing some bad upgrades now on our Suite. Very painful.
And I looked into the start scripts. Some Look like the untalented intern tells another one to write scripts. Seriously wtf.

Today I followed the guide to Update a confluence and change database to Postgres. Didnt work, Postgres error.
Try it again, jquery won't load. Next try, tomcat not starting anymore. Did same thing. Every fucking time.

Yea. Maintenance window to get a nice new export soon. Will only take an hour.

To switch database in confluence, you need to set it up very fresh. And then Import your export.
Export takes an hour at our system.
Importing maybe the same time. Hope it will work (hint: Nope).

Oh, can be nice also. Just tell the Bitbucket to migrate databases, there is a fucking setting for it. Enter new database, ready, go, finished.

At least they don't raise costs very much every kinda year.
Oh sorry, yes, they do.

Devrant is so fucking broken. Sign out and go to devrant.com. No fucking way to login, Two fucking identical install buttons in the top right for your fucking crap iOS and Android apps, only way to fucking tell which is which is to hover over link.

I sign in by using a search engine to direct link to a random rant then I can login and post this, but now for some reason /feed and /stories fail to load too many redirects.

Even a worse eXperience than reddit.