Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "mail server"
Guy called in because he wanted to get an IP white listed on a server. He wasn't authorized so i told him to send an email from an authorized email address.
He didn't like that very much and asked if another engineer was available (he talked to him more often so he thought that engineer would just do it. We need those kind of requests by email.)
Walked over to my colleague and explained what that client asked for.
'let him send an email!'
Told him i ready told the client that but that the client wanted to talk to him instead.
'sure, connect him through and then come back so you can hear him after i ask him to mail us!'
Connected him through. Client explained the situation.
Then he says with the sweetest voice and a 'get rekt' face: 'could you send me an email about that? 😊'
Let's just say that the client sounded everything but happy xD4
Oh, man, I just realized I haven't ranted one of my best stories on here!
So, here goes!
A few years back the company I work for was contacted by an older client regarding a new project.
The guy was now pitching to build the website for the Parliament of another country (not gonna name it, NDAs and stuff), and was planning on outsourcing the development, as he had no team and he was only aiming on taking care of the client service/project management side of the project.
Out of principle (and also to preserve our mental integrity), we have purposely avoided working with government bodies of any kind, in any country, but he was a friend of our CEO and pleaded until we singed on board.
Now, the project itself was way bigger than we expected, as the wanted more of an internal CRM, centralized document archive, event management, internal planning, multiple interfaced, role based access restricted monster of an administration interface, complete with regular user website, also packed with all kind of features, dashboards and so on.
Long story short, a lot bigger than what we were expecting based on the initial brief.
The development period was hell. New features were coming in on a weekly basis. Already implemented functionality was constantly being changed or redefined. No requests we ever made about clarifications and/or materials or information were ever answered on time.
They also somehow bullied the guy that brought us the project into also including the data migration from the old website into the new one we were building and we somehow ended up having to extract meaningful, formatted, sanitized content parsing static HTML files and connecting them to download-able files (almost every page in the old website had files available to download) we needed to also include in a sane way.
Now, don't think the files were simple URL paths we can trace to a folder/file path, oh no!!! The links were some form of hash combination that had to be exploded and tested against some king of database relationship tables that only had hashed indexes relating to other tables, that also only had hashed indexes relating to some other tables that kept a database of the website pages HTML file naming. So what we had to do is identify the files based on a combination of hashed indexes and re-hashed HTML file names that in the end would give us a filename for a real file that we had to then search for inside a list of over 20 folders not related to one another.
So we did this. Created a script that processed the hell out of over 10000 HTML files, database entries and files and re-indexed and re-named all this shit into a meaningful database of sane data and well organized files.
So, with this we were nearing the finish line for the project, which by now exceeded the estimated time by over to times.
We test everything, retest it all again for good measure, pack everything up for deployment, simulate on a staging environment, give the final client access to the staging version, get them to accept that all requirements are met, finish writing the documentation for the codebase, write detailed deployment procedure, include some automation and testing tools also for good measure, recommend production setup, hardware specs, software versions, server side optimization like caching, load balancing and all that we could think would ever be useful, all with more documentation and instructions.
As the project was built on PHP/MySQL (as requested), we recommended a Linux environment for production. Oh, I forgot to tell you that over the development period they kept asking us to also include steps for Windows procedures along with our regular documentation. Was a bit strange, but we added it in there just so we can finish and close the damn project.
So, we send them all the above and go get drunk as fuck in celebration of getting rid of them once and for all...
Next day: hung over, I get to the office, open my laptop and see on new email. I only had the one new mail, so I open it to see what it's about.
Lo and behold! The fuckers over in the other country that called themselves "IT guys", and were the ones making all the changes and additions to our requirements, were not capable enough to follow step by step instructions in order to deploy the project on their servers!!!
[Continues in the comments]26
So a friend of Mine asked me to check their Mail server because some emails got lost. Or had a funny signature.
Mails were sent from outlook so ok let's do this.
I go create a dummy account, and send/receive a few emails. All were coming in except one and some had a link appended. The link was randomly generated and was always some kind of referral.
Ok this this let's check the Mail Server.
Let's check the mail header. Nothing.
Face -> wall
Fml I want to cry.
Now I want to search for a pattern and write a script which sends a bunch of mails on my laptop.
Fuck this : no WLAN and no LAN Ports available. Fine let's hotspot the phone and send a few fucking mails.
Guess what? Fucking cockmagic, no funny mails appear!
At that moment I went out and was like chainsmoking 5 cigarettes.
It hit me! A feeling like a unicorn vomiting rainbows all over my face.
I go check their firewall. Shit redirected all email ports from within the network to another server.
Yay nobody got credentials because nobody new it existed. Damn boy.
Hook on to the hostmachine power down the vm, start and hack yourself a root account before shit boots. Luckily I just forgot the credentials to a testvm some time ago so I know that shit. Lesson learned: fucking learn from your mistakes, might be useful sometimes!
Ok fucker what in the world are you doing.
Do some terminal magic and see that it listens on the email ports.
Holy cockriders of the galaxy.
Turns out their former it guy made a script which caught all mails from the server and injected all kind of bullshit and then sent them to real Webserver. And the reason why some mails weren't received was said guy was too dumb to implement Unicode and some mails just broke his script.
That fucker even implented an API to pull all those bullshit refs.
I know your name "Matthias" and I know where you live and what you've done... And to fuck you back for that misery I took your accounts and since you used the same fucking password for everything I took your mail, Facebook and steam account too.
Git gut shithead! You better get a lawyer16
And here comes the last part of my story so far.
After deploying the domain, configuring PCs, configuring the server, configuring the switch, installing software, checking that the correct settings have been applied, configuring MS Outlook (don't ask) and giving each and every user a d e t a i l e d tutorial on using the PC like a modern human and not as a Homo Erectus, I had to lock my door, put down my phone and disconnect the ship's announcement system's speaker in my room. The reasons?
- No one could use USB storage media, or any storage media. As per security policy I emailed and told them about.
- No one could use the ship's computers to connect to the internet. Again, as per policy.
- No one had any games on their Windows 10 Pro machines. As per policy.
- Everyone had to use a 10-character password, valid for 3 months, with certain restrictions. As per policy.
For reasons mentioned above, I had to (almost) blackmail the CO to draft an order enforcing those policies in writing (I know it's standard procedure for you, but for the military where I am it was a truly alien experience). Also, because I never trusted the users to actually backup their data locally, I had UrBackup clone their entire home folder, and a scheduled task execute a script storing them to the old online drive. Soon it became apparent why: (for every sysadmin this is routine, but this was my first experience)
- People kept deleting their files, whining to me to restore them
- People kept getting locked out because they kept entering their password WRONG for FIVE times IN a ROW because THEY had FORGOTTEN the CAPS lock KEY on. Had to enter three or four times during weekend for that.
- People kept whining about the no-USB policy, despite offering e-mail and shared folders.
The final straw was the updates. The CO insisted that I set the updates to manual because some PCs must not restart on their own. The problem is, some users barely ever checked. One particular user, when I asked him to check and do the updates, claimed he did that yesterday. Meanwhile, on the WSUS console: PC inactive for over 90 days.
I blocked the ship's phone when I got reassigned.
Phiew, finally I got all those off my chest! Thanks, guys. All of the rants so far remind me of one quote from Dave Barry:7
I suddenly remembered this after being gone from my previous company for nearly a year.
So, I worked there as a tech supporter and Linux engineer.
What would often happen was clients calling with an issue regarding software of some sorts and about half the time, instead of LOOKING AT THE GODDAMN ERROR MESSAGE they'd just click it away fast and complain shit wasn't working.
I specifically remember this one case:
*big client mails complained that one of their clients' email isn't working. Screenshots weren't possible apparently so after emailing back and forth for way too long, we decide to do a screen sharing session (which we never do).*
(for the record, already emailing for hours, client very frustrated, me as well because the behavior of the software sounds impossible)
Me: alright, close everything, then open it again so I can see what happens.
Client: *opens mail client, error appears, client clicks error away faster than an arch user being able to mention they use arch*
Me: uhm.... I assume you already know what that message said and that it has nothing to do with the issue?
Client: it has nothing to do with the issue.
Me: okay... But have you at least looked the message?
Client: no but it has nothing to do with the issue.
Me: but, how'd you know if you won't look at it?
Client: it has nothing to do with the issue, okay?
Me: okay.... so, what's happening here?
Client: the user isn't receiving email anymore at this point!
Me: alright, have you checked the settings and everything?
Client: of course, all good
Me: okay but can we at least restart the software again to at least check the error message?
Client: FINE. *restarts client (pun intended, of course)*
Error message: username or password incorrect, can't connect to the server.
Client:..... Right, I changed the password...
Client: *sets correct password*
*poof, error message gone*
Client:..... Thanks 💀
Me: you're welcome 😄
Someone's outlook wasn't connecting to a mail server.
Fair enough, colleague started debugging in the morning!
It worked fine on any client on linux/mac.
After a while the swearing started to come, for some reason outlook thought that the url used for incoming/outcoming email was offline, worked on any other system.
We all left him alone for the rest of the day.
At the end I walked to his desk aan went:
Me: hey man is it working already? *very sweet smile*
Him: *gives a death stare* fucking die 😡
The day I send myself about 76k mails
> be me
> be working on a rest api
> implement an error handler that would send me a mail with exception details
> use same error handler in mail send error handler
> Summoned the recursion devil by accident
> Test error handler
> Forgot port forwarding to SMTP server
> keep the debug session open
> throw new UnexpectedInterruptionException()
> get back to work
> Add the missing port forwarding rule to putty
> The error handler starts doing it's thing
> The handler chain starts to pop
> handler after handler executes
> VS finally accepts stop debugging
> Peek into webmail
> Look into it
> Realizing what I have done
> Delete mailbox
> Remove recursion
> Wow that's how randy must have felt in southpark
> Feel weird
> Shutdown, go outside
> What's up anon?
> Nothing, really7
Excuse the profuse amount of profanity below.
Fuck this fucking fucked up motherfucker of a fucking director. Money does not make you a fucking decent person, and you come in here and tell me that you pay my fucking measly salary so I must be fucking grateful.
Starts off with a boardroom meeting this morning. Wireless connection on my laptop takes two minutes to connect, I get told that I am wasting company time and that the salary of everyone in the meeting is quite a lot ("with me being the highest"- cuntface director) so stop wasting time. Fuck you man, it's a fucking wireless connection. I am building your motherfucking company applications and doing web design and for what, so I can earn fuckall and be told that I am fucking wasting time. I am presenting your fucking site you wanted, so give me a fucking minute extra to start up the fucking wireless connection.
The fucking mails are taking long to send, great, let's come down and fucking scream at the dev who regrettably said he would try and assist IT (by calling the provider). I literally just got told that I am the following. 1) Fucking stupid 2) He is going to close the dept down because I apparently fuck up (yet again cuntface, your fucking mailserver is NOT MY FUCKING PROBLEM) 3) He is going to contact an external company to come and check my work. 4) I am fucking useless. 5) I telling him lies (yeah fuckface, I worked as a sys admin, I know what a motherfucking DNS server is and what it does. you don't - so don't fucking tell me that I am lying when I tell you there is a DNS fucking issue, because you don't know what the fuck you are talking about - to top that off motherfucker, I FUCKING BUILT YOUR FUCKING SERVER AND YOUR FUCKING NETWORK. I FUCKING KNOW HOW IT WORKS AND WHAT THE FUCK I AM TALKING ABOUT).
On top of that, I got pushed out of the way of my own PC, my code got some fucked up gibberish in it (because he was trying to minimise my editor and he typed some in it, and now I have to fucking roll-back. He told me I am wasting company time and he will take my shit away from me if I download something again. It is an open network. I downloaded JAVA and fucking updated Sublime. Jesus man. What the fucking fuck.
"why is your gmail open?!?!" because I was testing your emails from an external network. "DON'T FEED ME BULLSHIT" (even though the top mail states "test"). It's the whole fucking "my money determines my dick size" mentality.
That being said, I got told that I need to work overtime, without pay, to resolve IT's issue, even if I have to on the weekend.
That being said,my new Dell that I had just bought (my own) got thrown on the floor and he fucked out of my office. Stupid motherfucker. I fucking earn nothing but cannot leave. I will find another job, and when I do - you can go and fuck yourself and your fucking degrading opinions. I am not fucking stupid, so fuck you.Fuck your company and fuck you. Cunt.34
Laravel is the worst framework ever.
Everything has to be made convenient and easy. That sounds amazing, because developers want to save time, worry less about boilerplate code, right? No more constructors, no more dependency injection, fuck all the tedious OOP shit... RIGHT?
It does one thing well: Make PHP syntax uniform and concise through easily integrated libraries such as Collection and Carbon. But those are actually not really part of the framework... just commonly integrated and associated with Laravel.
The framework itself is completely derailed: You can define code in a callback in the routes file. You can define a controller in the routes file. You can define middleware as a parameter to the route, as a fluent method to the route, you can stack them up in a service provider. Validators can be made in controllers, Request objects, service providers, etc. You can send mail inline, through Mailable objects, through Notification objects, etc.
Everything is macroable, injectable, and definable in a million different places. Ultimate freedom!
Guess what happens when you give 50 developers of various seniority a swiss army knife?
One hammers in a screw with a nail file, the other clips the head from the screw using scissors, and you end up with an unworkable mess and blunt tools.
And don't get me started about Eloquent, the Active Record ORM. It's cute for the simple blog/article/author/comment queries, but starts choking when you want more selective and performant queries or more complex aggregates, and provides such an opaque apple-esque interface which lets people think everything is OK, when in reality it's forcing the SQL server to slowly commit suicide.43
A co-worker at the city-government just chose the wrong mailing list and send an e-mail to EVERY SINGLE emlpoyee (about 20'000 people, including our police-department, hospitals, councils etc.).
Within A MINUTE hundrets of people responded to the mail by using the "reply all" button, pointing out that this mail obviously wasn't meant for them.
After another minute the same douchebags sent another mail (of course using the "reply all" button AGAIN), asking to be removed from the mailing list and stop spamming them.
Even two hours after blocking the mailing list immediately, our mail servers still are processing all those damn mails.
RIP exchange servers
RIP faith in humanity
From my work -as an IT consultant in one of the big 4- I can now show you my masterpiece
INSIGHTS FROM THE DAILY LIFE OF A FUNCTIONAL ANALIST IN A BIG 4 -I'M NOT A FUNCTIONAL ANALYST BUT THAT'S WHAT THEY DO-
- 10:30, enter the office. By contract you should be there at 9:00 but nobody gives a shit
- First task of the day: prepare the power point for the client. DURATION: 15 minutes to actually make the powerpoint, 45 minutes to search all the possible synonyms of RESILIENCE BIG DATA AGILE INTELLIGENT AUTOMATION MACHINE LEARNING SHIT PISS CUM, 1 hour to actually present the document.
- 12:30: Sniff the powder left by the chalks on the blackboards. Duration: 30 minutes, that's a lot of chalk you need to snort.
13:00, LUNCH TIME. You get back to work not one minute sooner than 15.00
- 15:00, conference with the HR. You need to carefully analyze the quantity and quality of the farts emitted in the office for 2 hours at least
- 17:00 conference call, a project you were assigned to half a day ago has a server down.
The client sent two managers, three senior Java developers, the CEO, 5 employees -they know logs and mails from the last 5 months line by line-, 4 lawyers and a beheading teacher from ISIS.
On your side there are 3 external ucraininans for the maintenance, successors of the 3 (already dead) developers who put the process in place 4 years ago according to God knows which specifications. They don't understand a word of what is being said.
Then there's the assistant of the assistant of a manager from another project that has nothing to do with this one, a feces officer, a sys admin who is going to watch porn for the whole conference call and won't listen a word, two interns to make up a number and look like you're prepared. Current objective: survive. Duration: 2 hours and a half.
- 19:30, snort some more chalk for half an hour, preparing for the mail in which you explain the associate partner how because of the aforementioned conference call we're going to lose a maintenance contract worth 20 grands per month (and a law proceeding worth a number of dollars you can't even read) and you have no idea how could this happen
- 20:00, timesheet! Compile the weekly report, write what you did and how long did it take for each task. You are allowed to compile 8 hours per day, you worked at least 11 but nobody gives a shit. Duration: 30 minutes
- 20:30, update your consultant! Training course, "tasting cum and presenting its organoleptic properties to a client". Bearing with your job: none at all. Duration: 90 minutes, then there's half an hour of evaluating test where you'll copy the answers from a sheet given to you by a colleague who left 6 months ago.
- 22:30, CHANCE CARD! You have a new mail from the HR: you asked for a refund for a 3$ sandwich, but the receipt isn't there and they realized it with a 9 months delay. You need to find that wicked piece of paper. DURATION: 30 minutes. The receipt most likely doesn't even exist anymore and will be taken directly from your next salary.
- 23:00 you receive a message on Teams. It's the intern. It's very late but you're online and have to answer. There's an exception on a process which have been running for 6 years with no problems and nobody ever touches. The intern doesn't know what to do, but you wrote the specifications for the thing, 6 years ago, and everything MUST run tonight. You are not a technician and have no fucking clue about anyhing at all. 30 minutes to make sure it's something on our side and not on the client side, and in all that the intern is as useful as a confetto to wipe your ass. Once you're sure it's something on our side you need to search for the senior dev who received the maintenance of the project, call him and solve the problem.
It turns out a file in a shared folder nobody ever touches was unreachable 'cause one of your libraries left it open during the last run and Excel shown a warning modal while opening it; your project didn't like this last thing one bit. It takes 90 minutes to find the root of the problem, you solve it by rebooting one of your machines. It's 01:00.
You shower, watch yourself on the mirror and search for the line where your forehead ends and your hair starts. It got a little bit back from yesterday; the change can't be seen with the naked eye but you know it's there.
You cry yourself to sleep. Tomorrow is another day, but it's going to be exactly like today.10
I absolutely love the email protocols.
x1 LOGIN user@domain password
x2 LIST "" "*"
x3 SELECT Inbox
Because a state machine is clearly too hard to implement in server software, clients must instead do the state machine thing and therefore it must be in the IMAP protocol.
I should be careful with this one since there's already more than enough spam on the interwebs, and it's a good thing that the "developers" of these email bombers don't know jack shit about the protocol. But suffice it to say that much like on a real letter, you have an envelope and a letter inside. You know these envelopes with a transparent window so you can print the address information on the letter? Or the "regular" envelopes where you write it on the envelope itself?
Yeah not with SMTP. Both your envelope and your letter have them, and they can be different. That's why you can have an email in your inbox that seemingly came from yourself. The mail server only checks for the envelope headers, and as long as everything checks out domain-wise and such, it will be accepted. Then the mail client checks the headers in the letter itself, the data field as far as the mail server is concerned (and it doesn't look at it). Can be something else, can be nothing at all. Emails can even be sent in the future or the past.
You have this property "mynetworks" in /etc/postfix/main.cf where you'd imagine you put your own networks in, right? I dunno, to let Postfix discover what your networks are.. like it says on the tin? Haha, nope. This is a property that defines which networks are allowed no authentication at all to the mail server, and that is exactly what makes an open relay an open relay. If any one of the addresses in your networks (such as a gateway, every network has one) is also where your SMTP traffic flows into the mail server from, congrats the whole internet can now send through your mail server without authentication. And all because it was part of "your networks".
Yeah when it comes to naming things, the protocol designers sure have room for improvement... And fuck email.
Oh, bonus one - STARTTLS:
So SMTP has this thing called STARTTLS where you can.. unlike mynetworks, actually starts a TLS connection like it says on the tin. The problem is that almost every mail server uses self-signed certificates so they're basically meaningless. You don't have a chain of trust. Also not everyone supports it *cough* government *cough*, so if you want to send email to those servers, your TLS policy must be opportunistic, not enforced. And as an icing on the cake, if anything is wrong with the TLS connection (such as an MITM attack), the protocol will actively downgrade to plain. I dunno.. isn't that exactly what the MITM attacker wants? Yeah, great design right there. Are the designers of the email protocols fucking retarded?9
I used PHPMailer to send emails to a client's website user. SMTP host is smtp.gmail.com.
web was hosted on Bluehost. I found out that mailer was not working. I enabled verbose output and to my surprise I found out that Bluehost was intercepting my mail and responding with
220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail
when i was explicitly using smtp.gmail.com. Not only they were intercepting but also They were trying my credentials against its own smtp server and then showing me that authentication failed.
When i contacted chat they asked me to tell last 4 characters of Bluehost account password to verify ownership.
Dude do they have passwords in plaintext.🤔5
Long rant ahead.. so feel free to refill your cup of coffee and have a seat 🙂
It's completely useless. At least in the school I went to, the teachers were worse than useless. It's a bit of an old story that I've told quite a few times already, but I had a dispute with said teachers at some point after which I wasn't able nor willing to fully do the classes anymore.
So, just to set the stage.. le me, die-hard Linux user, and reasonably initiated in networking and security already, to the point that I really only needed half an ear to follow along with the classes, while most of the time I was just working on my own servers to pass the time instead. I noticed that the Moodle website that the school was using to do a big chunk of the course material with, wasn't TLS-secured. So whenever the class begins and everyone logs in to the Moodle website..? Yeah.. it wouldn't be hard for anyone in that class to steal everyone else's credentials, including the teacher's (as they were using the same network).
So I brought it up a few times in the first year, teacher was like "yeah yeah we'll do it at some point". Shortly before summer break I took the security teacher aside after class and mentioned it another time - please please take the opportunity to do it during summer break.
Coming back in September.. nothing happened. Maybe I needed to bring in more evidence that this is a serious issue, so I asked the security teacher: can I make a proper PoC using my machines in my home network to steal the credentials of my own Moodle account and mail a screencast to you as a private disclosure? She said "yeah sure, that's fine".
Pro tip: make the people involved sign a written contract for this!!! It'll cover your ass when they decide to be dicks.. which spoiler alert, these teachers decided they wanted to be.
So I made the PoC, mailed it to them, yada yada yada... Soon after, next class, and I noticed that my VPN server was blocked. Now I used my personal VPN server at the time mostly to access a file server at home to securely fetch documents I needed in class, without having to carry an external hard drive with me all the time. However it was also used for gateway redirection (i.e. the main purpose of commercial VPN's, le new IP for "le onenumity"). I mean for example, if some douche in that class would've decided to ARP poison the network and steal credentials, my VPN connection would've prevented that.. it was a decent workaround. But now it's for some reason causing Moodle to throw some type of 403.
Asked the teacher for routers and switches I had a class from at the time.. why is my VPN server blocked? He replied with the statement that "yeah we blocked it because you can bypass the firewall with that and watch porn in class".
Alright, fair enough. I can indeed bypass the firewall with that. But watch porn.. in class? I mean I'm a bit of an exhibitionist too, but in a fucking class!? And why right after that PoC, while I've been using that VPN connection for over a year?
Not too long after that, I prematurely left that class out of sheer frustration (I remember browsing devRant with the intent to write about it while the teacher was watching 😂), and left while looking that teacher dead in the eyes.. and never have I been that cold to someone while calling them a fucking idiot.
Shortly after I've also received an email from them in which they stated that they wanted compensation for "the disruption of good service". They actually thought that I had hacked into their servers. Security teachers, ostensibly technical people, if I may add. Never seen anyone more incompetent than those 3 motherfuckers that plotted against me to save their own asses for making such a shitty infrastructure. Regarding that mail, I not so friendly replied to them that they could settle it in court if they wanted to.. but that I already knew who would win that case. Haven't heard of them since.
So yeah. That's why I regard those expensive shitty pieces of paper as such. The only thing they prove is that someone somewhere with some unknown degree of competence confirms that you know something. I think there's far too many unknowns in there.
Nowadays I'm putting my bets on a certification from the Linux Professional Institute - a renowned and well-regarded certification body in sysadmin. Last February at FOSDEM I did half of the LPIC-1 certification exam, next year I'll do the other half. With the amount of reputation the LPI has behind it, I believe that's a far better route to go with than some random school somewhere.27
Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.
That time when...
He wrote a social media network with end-to-end encryption before it was cool.
He wrote custom 64kb encryption for his academic HDD.
He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.
He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).
He used only hashes of passwords as passwords (which isn't actually good).
He kept a drill on the desk ready to destroy his HDD at a moments notice.
He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.
He set up a new email account for each individual online service.
He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).
He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).
He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).
He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.
He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.
He bought a burner phone to visit the capital city.
He bought a burner phone whenever he left his hometown come to think of it.
He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).
He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.
(You might be noticing it's all he's. Maybe it is, maybe it isn't).
He ate a sim card.
He brought a balaclava to pentesting training (it was pretty meme).
He printed out his source code as a manual read-only method.
He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).
He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).
He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.
I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.26
N e v e r, fucking e v e r chmod/ chown permissions recursive on the linux /etc folder❗
I did yesterday (, because I am fucking dumb and know little about linux systems) and got the result today. My whole mailserver wasn't working.
After fucking tons of googling and searching and log-digging I found that postfix and opendkim require specific permissions on their respective folders and files.
After changing a fucking amount of permissions on those fucking files the fucking mailserver worked and I can send and receive mails, now. 😤😤😤
What a torture. Lesson learned. Never will repeat this mistake.16
>> this === rant
At beginning of this year, I only knew HTML, JS, and CSS so I just applied for offers like "Jr Apprentice Dev in Front-End"
In a interview call, the woman told me that they will send me a test asking about my JS and HTML5 knowledge.
When I look in my inbox, the mail subject says "Back-end Test".
Then I call the woman:
Me: "Hello, I have received the test mail, but maybe it's wrong. I applied for a Front-End position and the test is about backend! "
She: "Do you have skills in JS and HTML5?"
Me: "Yes!, and CSS3"
She: "Well, the test is about that. JS, jQuery, and HTML5"
Me: "Sorry, that languages are Front-End. In the subject say 'Back-End' and Back-End is PHP, SQL, MySQL, Java, .Net... I don't know nothing about that. I only know HTML, JS, CSS."
She: "It's the same"
Me: "I sorry but it's not the same. Fron-End is client-side, what users sees. Animation, colors, FXs, buttons, forms... And Back-End is server-side, what users doesn't see."
She: "Well, JS, HTML, and CSS is backend for us. We call it that way too"
Me: "Sorry but that is wrong. I invite you to read some basic info. Now I am confused"
Of course that I am not confused. That idi0t was wrong.
Perhaps recruiters should take some info about areas where they are recruiting... (:T)3
That feeling when your client connection is more stable than the connection of a fucking game server... Incompetent pieces of shit!!! BEING ABLE TO PUT A COUPLE OF SPRITES DOESN'T MAKE YOU A FUCKING SYSADMIN!!!
Oh and I sent those very incompetent fucks a mail earlier, because my mailers are blocking their servers as per my mailers' security policy. A rant from the old box - their mail servers self-identify a fucking .local!!! Those incompetent shitheads didn't even properly change the values from test into those from prod!! So I sent them an email telling them exactly how they should fix it, as I am running the same MTA on my mailers (Postfix), at some point had to fix my mailers against the exact same issue as well, and clearly noticed in-game that they have deliverability problems (they explicitly mention to unblock their domain). Guess why?! Because their server's shitty configuration triggers fucking security mechanisms that are built against rogue mailers that attempt to spoof themselves as an internal mailer, with that fucking .local! And they STILL DIDN'T CHANGE IT!!!! Your fucking domain has no issues whatsoever, it's your goddamn fucking mail servers that YOU ASOBIMO FUCKERS SHOULD JUST FIX ALREADY!!! MOTHERFUCKERS!!!!!2
That's actually something that happened fairly recently.. just that I didn't have the energy left at the time to write it down. That, or I got my ass too drunk to properly write anything.. not sure actually.
So on paper I'm unemployed, but I do spend some time still on pretty much voluntary work for HackingVision, along with a handful of other people.
At the time, we were just doing the usual chit-chat in the admin channel, me still sick in my bed (actually that means that I wasn't drunk but really tired for once.. amazing!) and catching up to what happened, but unable to do any useful work in this sick state. So, tablet, typing on glass, right. I didn't have any keyboard attached at the time.
One of the staff members (a wanketeer from India) apparently had an assignment in a few hours for which he needed to write a server application in Java. Now, performance issues aside, I figured.. well I've got quite a bit of experience with servers, as well as some with client-server protocols. So I got thinking.. mail servers, way too overengineered. Web servers.. well that could work, I've done some basic netcat webservers that just sent an HTTP 200 OK and the file, those worked fine.. although super basic of course. And then there's IRC, which I've actually talked to an InspIRCd server through telnet before (which by the way is pretty much the only thing that telnet is still useful for, something that was never its purpose, lol) and realized that that protocol is actually quite easy to develop around. That's why I like it so much over modern chat protocols like XMPP, MQTT and whatnot. So I recommended that he'd write a little IRC server in Java. Or even just a chatbot like I attempted to at the time, considering that that's - with a stretch of course - a sort-of server too.
His fucking response however, so goddamn fucking infuriating. "If the protocol is so easy, then please write me down how to implement it in Java."
Essentially do his fucking work for him. I don't know Java, but as a fucking HackingVision admin, YOU SHOULD FUCKING KNOW THAT HACKERS CAN'T STAND LAZY CUNTS THAT CAN'T EVEN BE ASSED TO GOOGLE SHIT!!! If I wanted to deal with cunts like that, I'd have opened the page inbox with all its Fb h4xx0ring questions, not the fucking admin chat!
And type it on a goddamn fucking piece of glass, while fucking sick?! Get your ass fucked by a bobs and vegana horny fuck from the untouchable caste, because that's where you fucking belong for expecting THAT from me, you fucking bhenchod.
But at least I didn't get my ass enraged like that to say that to him in the admin chat. Although that probably wouldn't have been a bad thing, to get his feet right back on the ground again.1
So my ISP just called me again that I'm sending plenty of spam. This time, I have all flows logged, so I know for sure that it wasn't my TV (only vulnerable device with internet access) and as my switch was offline there is nothing in front of my router anymore. And I learned that all the spam was going directly to their smtp server which I never used and didn't even know they have some. All in all everything points to their cable modem. Will tell them that in response to the mail they promised to send me. Really looking forward to new at least a little bit competent ISP (alternative should be available soon).3
Fucking Gmail !!!! I hate you so much !!!
My mail server is fucking perfect, I have all the records in my DNS and even have a 10/10 score on mail-tester.com.
But this fucking Gmail keeps putting me the spam folder ! Why do you hate my so much ?21
Feeling productive at a Sunday evening. Let's install a DNS server and a fucking mail server on two forgotten VPS's I am still paying for.
SO A-FUCKING-PPEARANTLY, THEIR WEB MANAGEMENT PANEL IS FUCKED UP SO I CANNOT REINSTALL MY MOTHERFUCKER VPS's. HOW FUCKING FUCKING FUCKING FUCKING DIFFICULT CAN IT BE.15
It's finally happened. I've used my mail servers for about a year to give out different email addresses on my domain to things I sign up for online, and only used my "actual" email address that received all this email for the whole domain but the single one that I used outbound for private communications.
This worked well for a long time as I could see when spam comes in, where it came from by looking at the email address I designated it. Each company's email would be sent not only from an email address that they choose, but also to an email address that I choose. It allowed me to easily determine where there were problems. For example, on Freenode IRC my vhost happened to make my username@host there a valid email address. It eventually got blacklisted due to too much incoming spam as crawlers started detecting it. Another one was "nickname"@my.domain as I posted it a few times here. Got crawled as well. But it allowed me to easily blacklist each.
I'd never thought my actual outbound email address, my real one, to get crawled though. That would require the mail server of a company I explicitly communicated with to get hacked. But today that happened. I wonder whose it is, but I can't tell.
Time to make my outgoing email bound to a designated email address as well. I want to know which companies this happens to, even if they don't disclose it.7
I just tried to sign up to Instagram. I made a big mistake.
First up with Facebook related stuff is data. Data, data and more data. Initially when you sign up (with a new account, not login with Facebook) you're asked your real name, email address and phone number. And finally the username you'd like to have on the service. I gave them a phone number that I actually own, that is in my iPhone, my daily driver right now (and yes I have 3 Androids which all run custom ROMs, hold your keyboards). The email address is a usual for me, instagram at my domain. I am a postmaster after all, and my mail server is a catch-all one. For a setup like that, this is perfectly reasonable. And here it's no different, devrant at my domain. On Facebook even, I use fb at my domain. I'm sure you're starting to see a pattern here. And on Facebook the username, real name and email domain are actually the same.
So I signed up, with - as far as I'm aware - perfectly valid data. I submitted the data and was told that someone at Instagram will review the data within 24 hours. That's already pretty dystopian to me. It is now how you block bots. It is not how Facebook does it either, at least since last time I checked. But whatever. You'd imagine that regardless of the result, they'd let you know. Cool, you're in, or sorry, you're rejected and here's why. Nope.
Fast-forward to today when I recalled that I wanted to sign up to Instagram to see my girlfriend's pictures. So I opened Chromium again that I already use only for the rancid Facebook shit.. and it was rejected. Apparently the mere act of signing up is a Terms of Service violation. I have read them. I do not know which section I have violated with the heinous act of signing up. But I do have a hunch.
Many times now have I been told by ignorant organizations that I would be "stealing" their intellectual property, or business assets or whatever, just because I sent them an email from their name on my domain. It is fucking retarded. That is MY domain, not yours. Learn how email works before you go educate a postmaster. Always funny to tell them how that works. But I think that in this case, that is what happened.
So I appealed it, using a random link to something on Instagram's help section from a third-party blog. You know it's good when the third-party random blog is better. But I found the form and filled it in. Same shit all over again for info, prefilling be damned I guess. Minor convenience though, whatever.
I get sent an email in German, because apparently browsing through a VPS in Germany acting as a VPN means you're German. Whatever... After translating it, I found that it asks me to upload a picture of myself, holding a paper in my hands, on which I would have a confirmation code, my username, and my email address.. all hand-written. It must not be too dark, it must be clear, it must be in JPEG.. look, I just wanted to fucking sign up.
I sent them an email back asking them to fix all of this. While I was writing it and this rant, I thought to myself that they can shove that piece of paper up their ass. In fact I would gladly do it for them.
Long story short, do not use Instagram. And one final thing I have gripes with every time. You are not being told all the data you'll have to present from the get-go. You're not being told the process. Initially I thought it'd just be email, phone, username, and real name. Once signed up (instantly, not within 24 hours!) I would start setting up my account and adding a profile picture. The right way to ask for a picture of me! And just do it at my own pace, as I please.
And for God's sake, tackle abuse when it actually happens. You'll find out who's a bot and who isn't by their usage patterns soon enough. Do not do any of this at sign-up. Or hell, use a CAPTCHA or whatever, I don't fucking care. There's so many millions of ways to skin this cat.
Facebook and especially Instagram. Both of them are fucking retarded.8
So, a few weeks ago I asked you guys what would you do if you were to quit your current job. I attempted a start-up with an old "friend" of mine.
He was very enthusiastic and hardworking at the beginning. However he received a job offer from somewhere and told me that he would work there just until we found the company officially and then quit and work full time on the project.
Well... I put around 300 hours into the project and developed the system, did most of my part according to the plan but the guy didn't deliver anything.
Turned out he had another secret partner whom he first introduced me as his mentor. I had my suspicions and suddenly shut down API servers, project management domain and mail server. Suddenly the quiet guy called me asking if I was alright and everything was fine.
Then, nothing happened. He went radio silence until I called him last night and he picked up the phone drunk and mumbled something like "I'm aware of you being a victim" then went to "you're passive aggresive" or something like that and I said nothing, just hung up.
I think you can figure out what went down on the other side and I'd like to hear your scenarios.
PS: now I have another start-up idea: I'm gonna pick up a flamethrower and burn the world while laughing histerically. Anyone who'd like to join is welcome.3
My first job was actually nontechnical - I was 18 years old and sold premium office furniture for a small store in Munich.
I did code in my free time though (PHP/JS mostly, had a litte browsergame back then - those were the days), so when my boss approached me and asked me whether I liked to take over a coding project, I agreed to the idea.
Little did I know at the time: I was supposed to work with a web agency the boss had contracted to build their online shop. Only that he had no plan or anything, he basically told them "build me an online shop like abc(a major competitor of ours at the time)"
He employed another sales lady who was supposed to manage the shop (that didn't exist yet). In the end, I think 80% of her job was to keep me from killing my boss.
As you can imagine, with this huuuuge amout of planning and these exact visions of what was supposed to be, things went south fast and far. So far that I could visit my fellow flightless birds down in the Penguin's republic of Antarctica and still need to go further.
Well... When my boss started suing the web agency, I was... ahem, asked to take over. Dumb as I was, I did - I was a PHP kid and thought that Magento, being written in PHP, would be easy to master. If you know Magento, you know that was maybe the wrongest thing I ever said.
Fast forward 3 very exhausting months, the thing was online. Not all of it worked yet, but it was online and fairly secure.
I did next to everything myself, administrating the CentOS box the shop was running on, its (own) e-mail server, the web server, all the coding required for the shop (can you spell 12 hour day for 8 hour pay?)
3 further months later, my life basically was a wreck, I dragged myself to work, the only thing I looked forward being the motorcycle ride home. The system worked though.
Mind you, I was still, at the time, working with three major customers, doing deskside support and some admin (Win Server 2008R2 at the time) - because, to quote my boss, "We could not afford a full time developer and we don't need one".
I think i stopped coding in my free time, the one hobby I used to love more than anything on the world, somewhere Decemerish 2012. I dropped out of the open source projects I was in, quit working on my browser game and let everything slide.
I didn't even care to renew the domains and servers for it, I just let it die without notice.
The little free time I had, I spent playing video games and getting drunk/high.
December 2013, 1.5 years on the job, I reached my breaking point and just left, called in sick at least a week per month because I just could not see this fucking place anymore.
I looked for another job outside of ALL of what I did before. No more Magento, no more sales, no more PHP. I didn't have to look for long, despite what I thought of my skills.
In February 2014, I told my boss that I quit. It was still seven months until my new job started, but I wanted him to know early so we could migrate and find a replacement.
The search for said replacement started in June 2014. I had considerably less work in the months before, looks like he got the hint.
In August 2014, my replacement arrived and I got him started.
I found a job, which I am still in, and still happy about after almost half a decade, at a local, medium sized ISP as a software dev and IT security guy. Got a proper training with a certificate and everything now.
My replacement lasted two months, he was external and never really did his job - the site, which until I had quit, had a total of 3 days downtime for 3 YEARS (they were the hoster's fault, not mine), was down for an entire month and he could not even tell why.
HIS followup was kicked after taking two weeks to familiarize himself with the project. Well, I think that two weeks is not even barely enough to familiarize yourself with nearly three years of work, but my boss gave him two days.
In 2016, the shop was replaced with another one. Different shop system, different OS, different CI. I don't know why and I can't say I give a damn.
Almost all the people that worked at the company back with me have left for greener pastures, taking their customers (and revenue) with them.
As for my boss' comments, instructions and lines: THAT might not be safe for work. Or kids. Or humans in general. And there wouldn't be much left if you put it through a language filter...
Moral of the story: No, it's not a bad thing to leave a place if you're mistreated there. Don't mistake loyalty with stupidity!
And, to quote one of my favourite Bands: "Nothing matters when the pain is all but gone" (Tragedy + Time by Rise Against).8
I was just testing the Postfix server on one of my mailers, for the hell of it.. EHLO, STARTTLS, all good. Then comes the mail submission part.
MAIL FROM firstname.lastname@example.org
Connection closed by foreign host.
Right after I say mail from, it just closes the connection! Is it just me or does this feel like the server says to me "fuck off"? :')19
I've accomplished something I thought I'd never do.
I convinced my boss to switch from SVN to Git. (before SVN we've even been using CVS if someone remembers)
Only requirement: it needs to stay in house and I'm the one setting up the server, writing documentation and teach everyone how to use it.
What? Why should I setup the server? Don't we have someone whose job it is to... OK ok... I'll do it.
So after some painstaking arguments with the guy whose job it should have been to do that, I've managed to install a virtual machine running Gitlab.
Long story short: I've just found out about the joys of mail configuration to send E-Mails to established mail providers. Every... single... one of them has a different problem with the way the mails are sent.
I think I'm going to ask that guy again to use our mail servers SMTP. There should be a possibility to use my gitlabs domain for that somehow.
Really looking forward to Monday. Ugh...
Boss: please deleted These vServers since we dont need them anymore
Me: Starts working today. Got a Mail from my boss.
"Can we Talk about Server xyz123, there may be some important data on it"
Sometimes I wonder if they think that I Just sitting around with a finger in my nose and wait for days before I start doing stuff.
Just dont ask me to delete stuff if you are unsure.5
Often I hear that one should block spam email based on content match rather than IP match. Sometimes even that blocking Chinese ranges in particular is prejudiced and racist. Allow me to debunk that after I've been looking at traffic on port 25 with tcpdump for several weeks now, and got rid of most of my incoming spam too.
There are these spamhausen that communicate with my mail server as much as every minute.
All of them are Chinese. They make up - rough guess - around 90% of the traffic that hits my edge nodes, if not more.
The network ranges I've blocked are apparently as follows:
- 18.104.22.168/24 (Russia)
- 22.214.171.124/11 (China)
- 126.96.36.199 (Ecuador)
- 188.8.131.52 (Russia)
- 184.108.40.206/20 (China)
- 220.127.116.11/16 (China)
- 18.104.22.168/19 (China)
.. apparently I blocked that one twice, heh
- 22.214.171.124/12 (China)
- 126.96.36.199/19 (China)
It's not all China but holy hell, a lot of spam sure comes from there, given how Golden Shield supposedly blocks internet access to the Chinese citizens. A friend of mine who lives in China (how he got past the firewall is beyond me, and he won't tell me either) told me that while incoming information is "regulated", they don't give half a shit about outgoing traffic to foreign countries. Hence all those shitty filter bag suppliers and whatnot. The Chinese government doesn't care.
So what is the alternative like, that would block based on content? Well there are a few solutions out there, namely SpamAssassin, ClamAV and Amavis among others. The problem is that they're all very memory intensive (especially compared to e.g. Postfix and Dovecot themselves) and that they must scan every email, and keep up with evasion techniques (such as putting the content in an image, or using characters from different character sets t̾h̾a̾t̾ ̾l̾o̾o̾k̾ ̾s̾i̾m̾i̾l̾a̾r̾).
But the thing is, all of that traffic comes from a certain few offending IP ranges, and an iptables rule that covers a whole range is very cheap. China (or any country for that matter) has too many IP ranges to block all of them. But the certain few offending IP ranges? I'll take a cheap IP-based filter over expensive content-based filters any day. And I don't want to be shamed for that.7
A database of a German client for testing was sent to our software company. To make sure that the program works well with real data. Testers are funny people, they immediately found a certain Schwarzkopf in the database and fired, making a comment “for dyed hair”. Further - more. Some Albert Speer was suspended from work on the night shift, pointing out in a comment: "suspected of a relationship with Hitler."
Work progressed, genocide grew. The whole department was dismissed with the comment: “To the gazenvagen” (naturally in German). The apogee was the demotion of the director to the supply manager, the establishment of the Obersturmbanführer position and the adoption of Max von Stirlitz (as you might have guessed) on it. An element of reality in the game of testers was made by a dull dude who wanted to check how the mail server works.
As a result, the above comments were sent to all of the above characters, as well as their managers, through the database to their real e-mail addresses.3
When your university drops the support for IMAP on their mail-server, leaving Exchange as only possible option, because apparently the thought that somebody MIGHT be using Linux in a fucking IT major is completely out of this world...7
Set up a mail server for our office using one of those all-in-one mail server installations. It would keep denying connections every few days, so me, being the inexperienced shit I was, setup a cron job to restart the server at midnight everyday. It worked and still, to this day, it still works.1
Why the fuck did Oracle change their policies on the official JDK and made the website nigh impossible to use?!
It was shit from the 90s before, and now its still shit just modern.
Why do I have to register do get the JDK, you know Im going to use the fucking 10min mail. I just wanted to setup a freaking build server and I had to go over your retarded website that for some reason *refreshes* and erases the username field everytime I put in the wrong password. Why?
Why is oracle just outright bad at making websites?! Its always a maze to navigate and now it also takes seconds to even load...
This shit is why everyone uses openJDK and adopt. 3 billion devices running java?! Not with your jre/jdk they are not, because It's a pain to get... Don't me even get started on the mess it does on windows server. Why wasn't my JAVA_HOME set automatically?! I lost almost 2 hours because I trusted your piece of shit software to so the one job it has, even reinstalled it completely...
Get your shit together Oracle, this was unacceptable 10 years ago, let alone now11
Aren't the system admin supposed to figure out how to install something on their server when a developer has requested something from them?
They seem to have no idea when I request them to install php gd extension. They also cannot give me a ssh access to their server. So I have to troubleshoot/help by sending one command and ask for the output from them and give another command to run through mail.
I don't even know what to rant or whom to rant at anymore.
// I'm blue.12
"There's more to it"
This is something that has been bugging me for a long time now, so <rant>.
Yesterday in one of my chats in Telegram I had a question from someone wanting to make their laptop completely bulletproof privacy respecting, yada yada.. down to the MAC address being randomized. Now I am a networking guy.. or at least I like to think I am.
So I told him, routers must block any MAC addresses from leaking out. So the MAC address is only relevant inside of the network you're in. IPv6 changes this and there is network discovery involved with fandroids and cryphones where WiFi remains turned on as you leave the house (price of convenience amirite?) - but I'll get back to that later.
Now for a laptop MAC address randomization isn't exactly relevant yet I'd say.. at least in something other than Windows where your privacy is right out the window anyway. MAC randomization while Nadella does the whole assfuck, sign me up! /s
So let's assume Linux. No MAC randomization, not necessary, privacy respecting nonetheless. MAC addresses do not leak outside of the network in traditional IPv4 networking. So what would you be worried about inside the network? A hacker inside Starbucks? This is the question I asked him, and argued that if you don't trust the network (and with a public hotspot I personally don't) you shouldn't connect to it in the first place. And since I recall MAC randomization being discussed on the ISC's dhcp-users mailing list a few months ago (http://isc-dhcp-users.2343191.n4.nabble.com/...), I linked that in as well. These are the hardcore networking guys, on the forum of one of the granddaddies of the internet. They make BIND which pretty much everyone uses. It's the de facto standard DNS server out there.
The reply to all of this was simply to the "don't connect to it if you don't trust it" - I guess that's all the privacy nut could argue with. And here we get to the topic of this rant. The almighty rebuttal "there's more to it than that!1! HTTPS doesn't require trust anymore!1!"
... An encrypted connection to a website meaning that you could connect to just about any hostile network. Are you fucking retarded? Ever heard of SSL stripping? Yeah HSTS solves that but only a handful of websites use it and it doesn't scale up properly, since it's pretty much a hardcoded list in web browsers. And you know what? Yes "there's more to it"! There's more to networking than just web browsing. There's 65 THOUSAND ports available on both TCP and UDP, and there you go narrow your understanding of networking to just 2 of them - 80 and 443. Yes there's a lot more to it. But not exactly the kind of thing you're arguing about.
Enjoy your cheap-ass Xiaomeme phone where the "phone" part means phoning home to China, and raging about the Google apps on there. Then try to solve problems that aren't actually problems and pretty vital network components, just because it's an identifier.
P.S. I do care a lot about privacy. My web and mail servers for example do not know where my visitors are coming from. All they see is some reverse proxies that they think is the whole internet. So yes I care about my own and others' privacy. But you know.. I'm old-fashioned. I like to solve problems with actual solutions.11
>Start working on PHP after ages.
>Found that mail() is deprecated through server support
>they suggest to use PEAR Mail
>Suggest to use deprecated PEAR code
>Fix deprecated code and magically runs on localhost
>try to run on server
>Try using PHPMailer
>WTF is this How the fuck this works?
>Spends hours to understand with example code
>about to use YiiMailer.
Anything I (am able to) build myself.
Also, things that are reasonably standardized. So you probably won't see me using a commercial NAS (needing a web browser to navigate and up-/download my files, say what?) nor would I use something like Mega, despite being encrypted. I don't like lock-in into certain clients to speak some proprietary "secure protocol". Same reason why I don't use ProtonMail or that other one.. Tutanota. As a service, use the standards that already exist, implement those well and then come offer it to me.
But yeah. Self-hosted DNS, email (modified iRedMail), Samba file server, a blog where I have unlimited editing capabilities (God I miss that feature here on devRant), ... Don't trust the machines nor the services you don't truly own, or at least make an informed decision about them. That is not to say that any compute task should be kept local such as search engines or AI or whatever that's best suited for centralized use.. but ideally, I do most of my computing locally, in a standardized way, and in a way that I completely control. Most commercial cloud services unfortunately do not offer that.
Edit: Except mail servers. Fuck mail servers. Nastiest things I've ever built, to the point where I'd argue that it was wrong to ever make email in the first place. Such a broken clusterfuck of protocols, add-ons (SPF, DKIM, DMARC etc), reputation to maintain... Fuck mail servers. Bloody soulsuckers those are. If you don't do system administration for a living, by all means do use the likes of ProtonMail and Tutanota, their security features are nonstandard but at least they (claim to) actually respect your privacy.2
What kinda blockhead moron at my ISP decided that I require a new modem & router that is managed by THEM! I'm not really baffled by the privacy concerns but more about that I am unable to manage my home network. I literally cant open ports, manage ip adresses and do other shit I NEED FOR WORKING AT HOME.
I cant print!
I cant read mail!
I cant access my network drives!
My website is down!
Colleagues are asking why the Minecraft server is offline!
And using the new brick they gave me as a modem only, is not possible as there is no setting to be found to turn the router off!
And if I call their imbecile's of support they tell my that if they change a setting, that my phone will disconnect. (The phone line is also connected to the modem!) And right after the support guy said that and wanted to start explaing me further steps, his settings apply and I get kicked off the line. Bruh! You knew this would happen so why didnt you work around it?!?!?!!
Thing is, this new modem isnt even necessary as it doesnt use a different standard like fiber for example.
If I cant figure out how to get my stuff to work again, I swear to god I will turn on full Karen mode and ramble into their next store looking to get some manager fired!
(Ill post an update soon!)8
Here comes the story how I became a DevRanter.
When I was young, I built an expensive gamer-machnine, so I had to crack games. I Got used to computers, so I startet an apprenticeship in IT. I finished with good grades. I left everything and everyone behind and moved in a city, found a parttime job as a PHP developer and started studying CS. After 5 years doing work as developer, studying CS, creeping around as soldier, I finally finished and graduated. After a few months working fulltime (same job), as my life began to settle down and I got bored.
A flatmate (also CS) laughed his ass off about something, then he introduced me to DevRant. It became part of my life to read DevRant, to overcome boredom. But there are not enough new Rants.. I'm f'cked. OK, I resigned my Job, and my flat and signed up for the BS in natural scinces at university in an even bigger city. I will again leave everything behind to begin a new life. Now I'm planing to freelance to pay the bills and challenge me again. Wish me luck :)
So I am beginning this new life with writing this story, how i became a dev. I klick Post, and bang! "please verify your email before ranting.. blah" I got no mail, no span, nothing. Resend.. wait.. nothing. I WAS BORED AGAIN!! FUCK YOU MAIL-SERVER, WHY CAN'T YOU SEND AN EMAIL WITHIN SECONDS OR MINUTES, WE ARE IN 21ST CENTURY AND THE INTERNET CONSISTS MAINLY OF OPTIC FIBER CABLES!!
And this is, dear DevRant community, how i become a Ranter, just then when I wanted to Post my first story.4
Got my first Linux magazine with real worth tips for noobs with advanced stuff (like mounting a web mail server using Nmap, create personalized distros ssh, terminology and stuff , you don't see that in most noob magazines).
First point... Comes with a CD with 4 distros (OK... I perfer to download the latest for my VMs) and 200 euros worth of.. Linux software?
And I ripped this beautiful cover before even reading it... Killing a wasp. So, worth the 10 euros even before opening it5
I’m fairly new to maintaining my own webservers. For the past week the servers (two of them) kept crashing constantly.
After some investigation I figured it was due to someone running a script trying to get ssh access.
I learned about fail2ban, DOS and DDOS attacks and had quite a fight configuring it all since I had 20 seconds on average between the server shutdowns and had to use those 20 second windows to configure fail2ban bit by bit.
Finally after a few hours it was up and running on both servers and recognized 380 individual IPs spamming random e-mail / password combos.
I fet relieved seeing that it all stopped right after fail2ban installation and thought I was safe now and went to sleep.
I wake up this morning to another e-mail stating that pinging my server failed once again.
I go back to the logs, worried that the attack became more sophisticated or whatever only to see that the 06:25 cronjob is causing another fucking crash. I can’t figure out why.
Fuck this shit. I’m setting another cronjob to restart this son of a bitch at 06:30.
The ones who use it, what do you like or value about Linux? Why do you use it?
Before I answer, let me say that I am a noob compared to the rest of this community. I run Ubuntu because Arch was too complicated when I tried and bash scripts equal to frustrations for me. That's my knowledge level.
- I don't feel "observed" when using a Linux distro compared to Windows and macOS.
- Feel more connected to the open source thought and the free spirit.
- Feel like I can do anything I want. Learning new programming languages easily, trying out web servers, try and setup own website or mail server etc.
- Everything is accessible. Read something cool about docker? ALT+T to open a terminal and start up a docker container to try out.
- No Internet browsing for software, like googling "Firefox download english".
- Sometimes forces me to learn about the workings of a computer, like networks, servers, routing, firewalls, bootup sequence etc.
- So many great command line tools. Want to find out quickly who owns a website? Want to query a specific DNS server? All possible within 5 seconds!
All in all using Linux feels like watching a documentary while using Windows is more like watching a dumb comedy show where I can turn my brain off, but get more stupid after a while.6
Guys what I want to know is how do you secure your code so that they pay you after you deliver the code to them?
So recently I was in this internship that I secured with an over-the-phone interview and the guy who was contacting me was the CEO of the company (I'm going to refer to him as "the fucking cunt" from now on). He asked me to do some OCR and translations and I managed to write a few scripts that automate the entire process. The fucking cunt made me login remotely to his desktop which was connected to the server (who the fuck does that) and I had to operate on the server from his system. I helped him with the installation and taught him how to use the scripts by altering the parameters and stuff, and you know what the fucking cunt did from the next day onward? Dropped contact. Like completely. I kept bombing emails upon emails and tried calling him day after day, the fucking cunt either picked up and cut the call immediately on recognising its me or didn't pick up at all. And the reason he wasn't able to pay me was, and I quote, "I am in US right now, will pay you when I get back to India." I was like "The fuck was PayPal invented for?" Being the naive fool that I was, I believed him (it was my first time) and waited patiently till the date he mentioned and then lodged a complain in the portal itself where he had posted the job initially. They raised a concern with the employer and you know what the fucking cunt replied? "He has not been able to achieve enough accuracy on the translations". Doesn't even know good translation systems don't exist till date ( BTW I used a client for the google translate API). It has been weeks now and still the bitch has not yet resolved the issue.And the worst part of it was I got a signed contract and gave him a copy of my ID for verification purposes.
I'm thinking of making a mail bomb and nagging him every single day for the rest of his life. What do you guys think?9
Open source mail server?
I'm using Mailu but was thinking if there are other good options?
Also it is better if it has a docker image13
Mail provider: "You are over your storage quota"
Me: "K, guess I'll clean up the junk I have on there then?"
Mail provider: "We also block IMAP connections for accounts over the storage quota"
SO I JUST FOUND OUT THIS:
Hostinger changed its mailservers from mx1.hostinger.com, to IMAP.hostinger.com and SMTP.HOSTINGER.COM
This means that all of the emails that I sent out for the last 2 weeks on my phone(the only place where I send out emails) has been going to fadoodle knows where?
Now that I changed on my phone the incoming and sending servers and I send out a email it appears as spam, but It dosent do that when I send it out of the web platform.
So like bruv, more digging to do...
HOSTINGER U BICH ASS FUCKING CUNTS, DO YOU KNOW HOW MANY EMAILS I NEEDED TO FORWARD BCZ OF THIS???😂
And I though people were Beeing rude or something3
Just found a nice hosting provider that actually have some customers in the taxi and transport segment.
The provider offer emailsservices, webhosting, dns services. So far so good.
The only problem that I can find here is that everything is hosted on one single IP.
The DNS-servers, the mail server and webserver is one fucking server.2
Just now I was reading on https://pve.proxmox.com/wiki/... about high availability. Now my Proxmox VE is just a tower (which happens to have ECC memory) that's stored in my storage room (and which is mostly used for experimental and home server purposes). But my mail servers.. those have been made with high availability in mind. Most importantly, I've made their services entirely redundant (but within the same datacenter). And when they have updates, I apply updates to one, reboot, see if it didn't break something and then do the same to the other server after the first one came up again. So no downtime whatsoever.
If memory serves me right, I think that I've been able to maintain these servers for the last year without any downtime at all (I reboot them every month to apply new kernels but they haven't both been simultaneously down at any moment). Does that make them High Availability? My interventions regarding their availability have been rather trivial. Is it really that hard..?4
Colleague from other department : Hey man I don't think my laptop can access to my company mail do you think you can fix it?
Me, newly working as an application programmer : Nah sorry man, perhaps you could ask that technician by the server room. He will know more hardware than I do.
Colleague : But aren't you also an IT specialist?
Me : Did you just assume my occupation?
The moment when you've spent way too much time working on your mail server and your dumbass friend instinctively slaps a @gmail.com at the end of your custom domain...1
Me: The IP Address on your public mail server cluster has been blacklisted.
Supporter: What is the IP? You can get it from whatismyip.com
Me: *has left the chat*
Hey there 👋
I am more or less throwing any burden (WhatsApp, Facebook, Google etc.) out of my life. Of course I will continue using the Google account for YouTube and some games that need it.
That's what it looks like right now:
Raspberry Pi 3B+
- forum - complete (atm just for me)
- blog - no ideas and just installed october cms and nothing done yet
- nextcloud - complete and filled with my porn... eeh... data
(missing spamassassin, clam or sth. like this but it's working 😂)
(as an additional alternative to messengers)
Raspberry Pi 2
✅ catches dust
Of course, many more configurations and the like are necessary before everything is ready... but what then or what else is there?
At the moment I still use WhatsApp. Just wanna take time before sending everyone a message about changing the messenger and that it should be important for thinking about the own privacy, which alternatives there are bla...
Edit: For passwords I'm using Myki - didn't hear anything bad about it yet and it's very easy to use (Firefox add-on, Android app).
I love my passwords with 200 characters 😂
Maybe someone's knowing more about them?
Hope I didn't forget a thing... thanks in advance aaaaaaand... I'm gone. ☺23
You know what, let me jump in on the "I hate PHP" bandwagon.
A couple months ago I upgraded my mail servers unattended. Roundcube got fucked for a couple of months, and I figured.. fuck it, I can still use Dovecot for authenticating with desktop mail clients like K-9.
Recently I unfucked it, turns out that it was an issue with the sock file in php-fpm. That's also when I noticed that PHP apparently hardcodes in its current version in the bloody socket file. Because why the fuck wouldn't you? It makes upgrades so much fucking easier!!! Said no fucking sysadmin ever!!!
And today I upgraded one of my mail servers to Ubuntu Server 18.04, finally, after a lot of hesitation. Bad decision, because now PHP got fucked YET AGAIN.
Again an issue with socket files? I have no fucking idea. systemctl shows no failed services (because you know PHP, why would you fail your service with an error message instead of throwing a meaningless 502 Bad Gateway, right?!!) and looking at the config files, well the socket file got its new php-fpm 7.2 file (still got the fucking version number hardcoded in) and thus I changed that socket file location in /etc/php/7.0...
devRant may just have been my rubber duck.
WHY THE FUCK DO YOU STINKING FUCKING PILE OF SHIT CALLED FUCKING PHP KEEP THE FUCKING 7.0 DIRECTORY OUT THERE WHEN YOU'VE UPGRADED, WITHOUT EVEN HAVING THE FUCKING BALLS TO RENAME THE MOTHERFUCKING DIRECTORY TO 7.2, IF YOU'RE GOING TO HARDCODE IN YOUR VERSION NUMBERS ANYWAY?!!!!!
Bloody fucking pile of fucking junk!!!!18
Subject: a rant for devRant
Not entirely sure why or when exactly it happened, but after I joined mailing lists I have a pet peeve for people who don't use a proper subject line, or don't use email when I literally made a mail server for that purpose (some organizations really prefer calling apparently). Is it really that hard to summarize a message in one sentence? Hell half the time even the message itself is just a few sentences.
Also the greeting and salutation at the beginning and end of email messages. I find them so redundant. Has anyone ever gotten any meaningful information out of "Hello", "Greetings", "Dear", or something like that? Or "Best regards" or whatever. I get that it's just being polite but it's so meaningless! I really don't like using them anymore. Just a message block and who it came from, that's all it needs to me. Instead pour some effort into the damn subject, the title of whatever drivel you're putting out there! Or replying to an email *only* when the subject matter is still related! Or actually replying to the damn email if it's still that subject matter...
I probably sound like an old man, but seriously.. email isn't a hard concept once you "get it". Anyone can write a halfway decent letter, why isn't that the case for email?
Im working with morrons...
So someone had bright idea of having clone setup of our servers in other hosting company (in previous company we have rendundant setup). Whatever, maybe they want to be resistant to thermonuclear war or whatever, like the project wasn't underfunded already... Whatever, fuq it.
And with that, I have like really, really really fucking ABSOLUTELY BULLSHIT STUPID questions thrown at me.
So, this particular instance of bullshit started with trivial, literally "how much storage capacity we will need" I anwsered at least 4TB, preferably on redundant disk array, I've added small table what uses what and how much etc.
Than I got mail back...
"Thats not enough information:
1. What we need to say to company ABC
2. What we need to say to company XYZ
3. (this one actually had sense) Backups conception
4. **WILL WE PAY FOR SERVERS**
5. other important things (literally)"
So let's break it down.
Im backend guy. What the fuck do I know what you gonna say to XYZ or ABC. I dont give a shit, for me it's clicking setup new server and Im done for, you are overcomplicating as shit and require special care from hosting company that you will pay extra.
Next one, the killer one. What the fucking fuck. my anwser was literally "yes, we need to pay for servers, servers arent free."
Now tell me. How the fuck it is possible that someone can be such an idiot to ask questions like that. and I dont mean #3. maybe even #1 and 2 is like looking someone to throw responsibility on. But why the fuck I have to anwser mail that literally asked me if servers are free.
No, fuck off idiot, I have actual work. Take your bullshit and spread it somewhere else.
and before anyone asks. No, Im not working in kindergarden but I often feel like I am indeed working within kindergarden full of 30+ mentally handicapped toddlers.8
Shit, again a long rant...
It all started 9 months ago.
We had a meeting with our group staff (5 people). Back the we discussed, if we should only work online or still send files around with mail.
Sure I suggested to run everything on a root server, would be the best performance/cost choice.
The president and the accounted refused, they said it's still working, why change. Payment will only be trough banktransfer and everybody keeps files local.
Back then I told them, that they will have sooner or later a problem. Files will be missing and bills not payd.
Last week we had a new meeting:
- Some of the group missed files.
- Some bills were unpaid
So now I have time until march to find and finish a groupware/collaboration tool.
I need to run member administration and payment online, this should be finished in October 2018. It should also do accounting.
Im really planing to use WooCommerce for this, I'm really crazy, I know! But I dont have time for that shit!
I work fulltime beside this and almost have no time to code something like that.
Well this week I demanded a memberlist, so I can plan a CRM database.
I received a word file as memberlist.
I asked them if this is a joke, right?!
They said no, thats the list. All the Data was mixed and some user details missing.
I HAD 3 HOURS TO GET IT DOWN IN EXCEL. WHY ARE YOU DOING THIS??? I REALLY WANNA PUNCH YOU ALL IN YOUR FACE!
When I sended it, I didn't receive a response or thanks.
The joke, I'm doing this stuff for free. I volontered, to make something big...
Im really going to shit Lego Bricks next...
There is just one thing that's been haunting me.
That I have yet to succeed at doing.
That I have yet to understand it's mazehole.
That I failed me as a developer.
How in the FUCK do I create my own mail server with my own domain name? HOW? JUST FUCKING HOWWWWW
WHAT THE FUCK IS THE SECRET!
WHAT AM I MISSING!!!!!
(no don't tell me about any of those office 365/GoDaddy/Windows bullshit, just guide me with something normal)8
TL;DR my first vps got hacked, the attacker flooded my server log when I successfully discovered and removed him so I couldn't use my server anymore because the log was taking up all the space on the server.
The first Linux VPN I ever had (when I was a noob and had just started with vServers and Linux in general, obviously) got hacked within 2 moths since I got it.
As I didn't knew much about securing a Linux server, I made all these "rookie" mistakes: having ssh on port 22, allowing root access via ssh, no key auth...
So, the server got hacked without me even noticing. Some time later, I received a mail from my hoster who said "hello, someone (probably you) is running portscans from your server" of which I had no idea... So I looked in the logs, and BAM, "successful root login" from an IP address which wasn't me.
After I found out the server got hacked, I reinstalled the whole server, changed the port and activated key auth and installed fail2ban.
Some days later, when I finally configured everything the way I wanted, I observed I couldn't do anything with that server anymore. Found out there was absolutely no space on the server. Made a scan to find files to delete and found a logfile. The ssh logfile. I took up a freaking 95 GB of space (of a total of 100gb on the server). Turned out the guy who broke into my server got upset I discovered him and bruteforced the shit out of my server flooding the logs with failed login attempts...
I guess I learnt how to properly secure a server from this attack 💪3
Sorry, is TL, but humbly think is worth to read.
Coworker: Hey, our mail is being redirected to our client's spam folder. What did you do?
Me: Sorry, but I have no control over that.
Boss: I happened to me also. Something is wrong with our mail server.
Me: I'll check, but this is really out of my control.
Rushed to my station... domain blacklist check...Fuuuuuuuu! We been blacklisted! What in the fucking damn hell happened?????!!!
Mail server log check....Mmmm...WTF is this shit?
Devilish grin in my face....muahahahaaa! Your ass is MINE!
So, my "I know everything" new coworker ( https://www.devrant.io/rants/193238 ) used his account to send over 6300 messages a couple of times over a period of 4 hours. By our boss request we have no limit on our servers...
Gotcha! I'm going to get your ass fired!
(BTW: The pic is Gotcha the Cockatoo)4
CAN I HAVE YOUR ATTENTION:
Thanks. This is a notice from Yahoo Mail to warm up your IP’s.
Preferably by toaster but only microwave as a last resort.
Long story short a mail server was used by botnets to send out a few thousand emails over the past few days. We contacted a few email providers in hopes that they remove our IP from their blacklists.1
Me: Yay everything is tested and everything works!
Manager: Changes password of the e-mail server
hsctf (high school capture the flag)
first hurdle: you gotta have a mail server that accepts RFC uncompliant emails
second hurdle: even when you have it the acceptation link won't work
third hurdle: its FUCKING IN PYTHON
If this how you wanna educate your youth, the for gods sake, die
When I was in 11th class, my school got a new setup for the school PCs. Instead of just resetting them every time they are shut down (to a state in which it contained a virus, great) and having shared files on a network drive (where everyone could delete anything), they used iServ. Apparently many schools started using that around that time, I heard many bad things about it, not only from my school.
Since school is sh*t and I had nothing better to do in computer class (they never taught us anything new anyway), I experimented with it. My main target was the storage limit. Logins on the school PCs were made with domain accounts, which also logged you in with the iServ account, then the user folder was synchronised with the iServ server. The storage limit there was given as 200MB or something of that order. To have some dummy files, I downloaded every program from portableapps.com, that was an easy way to get a lot of data without much manual effort. Then I copied that folder, which was located on the desktop, and pasted it onto the desktop. Then I took all of that and duplicated it again. And again and again and again... I watched the amount increate, 170MB, 180, 190, 200, I got a mail saying that my storage is full, 210, 220, 230, ... It just kept filling up with absolutely zero consequences.
At some point I started using the web interface to copy the files, which had even more interesting side effects: Apparently, while the server was copying huge amounts of files to itself, nobody in the entire iServ system could log in, neither on the web interface, nor on the PCs. But I didn't notice that at first, I thought just my account was busy and of course I didn't expect it to be this badly programmed that a single copy operation could lock the entire system. I was told later, but at that point the headmaster had already called in someone from the actual police, because they thought I had hacked into whatever. He basically said "don't do again pls" and left again. In the meantime, a teacher had told me to delete the files until a certain date, but he locked my account way earlier so that I couldn't even do it.
Btw, I now own a Minecraft account of which I can never change the security questions or reset the password, because the mail address doesn't exist anymore and I have no more contact to the person who gave it to me. I got that account as a price because I made the best program in a project week about Java, which greatly showed how much the computer classes helped the students learn programming: Of the ~20 students, only one other person actually had a program at the end of the challenge and it was something like hello world. I had translated a TI Basic program for approximating fractions from decimal numbers to Java.
The big irony about sending the police to me as the 1337_h4x0r: A classmate actually tried to hack into the server. He even managed to make it send a mail from someone else's account, as far as I know. And he found a way to put a file into any account, which he shortly considered to use to put a shutdown command into autostart. But of course, I must be the great hacker.3
Yay, Dubba didnt die.
Okay, hello'ed back, lets fucking rant.
Im fucking SICK and TIRED and ANNOYED by all freaking cloud fanboys. Yeah, sure. You get scalability. You waste less resources. Sure. But it depends on use case. There is suprising ammount of services that can be run on VPS or dedicated servers that will be a lot cheaper if you just DONT run it on cloud. And dont you dare to missinterpret me. I fully recognize that there are valid uses for cloud services. But for fuck sakes, its not anwser for ALL of your needs, and it costs insane ammount of money if you use it where you should use dedicated.
WHY we, as humanity came to this place where self-claimed "proffesionals" will anwser you "cloud" before you even ask your question.
No, fuck off, take calculator and think for around 60 seconds. And than decide if you need cloud or not.
And no, this mail server will be fucking few times more expensive on cloud, and I know it becouse I have fucking calculator and I was running it past 1.5 year and actually run sometimes htop, so stop bullshitting me.
Sorry if some cloud die-hard felt offended but it is exacly how I see and feel it.
Oh man setting up postfix and dovecot (plus things like rspamd) is a pain in the ass.
But it's worth it, having your own mail server is just quite a good feeling.
Now I just need to find out how to get it to pass the spam filter of Google, despite the server and the DNS zone being well-configured (better than my school's mail server according to tests, but that one still manages to pass. I have no idea why.)9
telco sysadmin: hey maybe we should secure our SMTP server with SSL and password verification so our clients can e-mail safely!
senior exec be like: nah just filter incoming connections for our own IP-range, that'll do.
result: I can impersonate any client of the telco and send e-mail in their name (from any home network connected to that provider), but I can't send e-mail over cellular network.1
It all started with an undelivereable e-mail.
New manager (soon-to-be boss) walks into admin guy's office and complains about an e-mail he sent to a customer being rejected by the recipient's mail server. I can hear parts of the conversation from my office across the floor.
Recipient uses the spamcop.net blacklist and our mail was rejected since it came from an IP address known to be sending mails to their spamtrap.
Admin guy wants to verify the claim by trying to find out our static public IPv4 address, to compare it to the blacklisted one from the notification.
For half an hour boss and him are trying to find the correct login credentials for the telco's customer-self-care web interface.
Eventually they call telco's support to get new credentials, it turned out during the VoIP migration about six months ago we got new credentials that were apparently not noted anywhere.
Eventually admin guy can log in, and wonders why he can't see any static IP address listed there, calls support again. Turns out we were not even using a static IP address anymore since the VoIP change. Now it's not like we would be hosting any services that need to be publicly accessible, nor would all users send their e-mail via a local server (at least my machine is already configured to talk directly to the telco's smtp, but this was supposedly different in the good ol' days, so I'm not sure whether it still applies to some users).
In any case, the e-mail issue seems completely forgotten by now: Admin guy wants his static ip address back, negotiates with telco support.
The change will require new PPPoE credentials for the VDSL line, he apparently received them over the phone(?) and should update them in the CPE after they had disabled the login for the dynamic address. Obviously something went wrong, admin guy meanwhile having to use his private phone to call support, claims the credentials would be reverted immediately when he changed them in the CPE Web UI.
Now I'm not exactly sure why, there's two scenarios I could imagine:
- Maybe telco would use TR-069/CWMP to remotely provision the credentials which are not updated in their system, thus overwriting CPE to the old ones and don't allow for manual changes, or
- Maybe just a browser issue. The CPE's login page is not even rendered correctly in my browser, but then again I'm the only one at the company using Firefox Private Mode with Ghostery, so it can't be reproduced on another machine. At least viewing the login/status page works with IE11 though, no idea how badly-written the config stuff itself might be.
Many hours pass, I enjoy not being annoyed by incoming phone calls for the rest of the day. Boss is slightly less happy, no internet and no incoming calls.
Next morning, windows would ask me to classify this new network as public/work/private - apparently someone tried factory-resetting the CPE. Or did they even get a replacement!? Still no internet though.
Hours later, everything finally back to normal, no idea what exactly happened - but we have our old static IPv4 address back, still wondering what we need it for.
Oh, and the blacklisted IP address was just the telco's mail server, of course. They end up on the spamcop list every once in a while.
tl;dr: if you're running a business in Germany that needs e-mail, just don't send it via the big magenta monopoly - you would end up sharing the same mail servers with tons of small businesses that might not employ the most qualified people for securing their stuff, so they will naturally be pwned and abused for spam every once in a while, having your mailservers blacklisted.
I'm waiting for the day when the next e-mail will be blocked and manager / boss eventually wonder how the 24-hours-outage did not even fix aynything in the end...
I'm planning on stopping my mail server but I don't know to which service I should move, I have a custom domain that I need to link, for example Google cloud apps where I can forward emails, but of course I don't want to use Google.
I already wrote a rant about this yesterday, but since I'm a sysadmin trying to convert to dev.. I dunno, maybe it's not a bad idea to muddy the waters a bit and talk about why not to be a sysadmin.
Personally I think it's that the perceived barrier to entry is just too high, while it isn't. You don't need a huge Ceph cluster and massive servers when you're just starting out. Why overbuild an appliance like that if it's gonna start out at maybe 5 requests a minute?
Let's take an example - DNS servers! So there's been this guy on the bind-users mailing list asking how to set up a DNS server on 2 public servers, along with a website. Nothing special I guess - you can read the thread here: https://0x0.st/ZY-d. Aside from the question being quite confusing, there was advice to read RFC's, get a book, read the BIND ARM, etc etc. And the person to deny this? No one less than Stephane Bortzmeyer, one of the people who works for nic.fr (so he maintains the .fr TLD) and wrote some of those RFC's as part of the DNSOP working group in the IETF. As for valid reasons to set up a DNS server? Could just be to learn how the DNS works, or hell even for fun. As far as professional DNS servers go.. this (https://0x0.st/ZYo9) is the nugget that powers the K root server, one of the 13 root servers that power the root zone of the internet, aka the zone apex. 2 RJ45 connections, and a console connection. The reason why this is possible is the massive recursor networks that ISP's, Google DNS, Cloudflare DNS, Quad9, etc etc provide. Point is, you don't need huge infrastructure to run a server!
Or maybe your business needs email. How many thousands of emails per second are you gonna need to build your mail server against? How many millions will you need to store? If your business has 10 employees and all of those manage about 10k emails total.. well that's easy, 100k emails total. Per second? Hundreds of emails per second per employee? Haha, of course not. Maybe you'll see an email a minute at most. That is not to say that all email services are like this - it is true that ISP's who offer email to their customers, and especially providers like Microsoft and Google do need massive mail servers that can handle thousands of emails per second. But you are not Microsoft or Google. So yeah, focus on the parts of email that are actually hard.. and there is plenty.
Among sysadmins you have this distinction between "professional" sysadmins and homelabbers. I don't mind the distinction itself but I think both augment each other. If you've started out by jumping into a heap of legacy at an established company, you will have plenty of resources, immediately high complexity, and probably a clusterfuck right away. But you will have massive amounts of resources. If you start out with a homelab, you will have not many resources, small workloads, and something completely new for you to build and learn with. And when running a server like that, you'll probably find that the resources required are quite small, to provide you with your new services. My DHCP servers take 12MB memory each. My DNS servers hover around the 40MB mark. The mail server.. to be fair that one consumes around 150. But if you'd hear the people saying that you need huge servers.. omg you need at least a TB of RAM on your server and 72 cores, massive disks and Ceph!1!
No you don't. All that does is scaring people away and creating a toxic environment for everyone. Stop it.1
just bought a dedicated server, coming in the mail this Friday. gonna use it for a 24/7 Minecraft server and maybe some web apps to experiment with stuff. I'm also going to have it connected to my TV as a media center occasionally. best Linux distro for dedicated server? bonus points for easy to install and configure14
ZNC shenanigans yesterday...
So, yesterday in the midst a massive heat wave I went ahead, booze in hand, to install myself an IRC bouncer called ZNC. All goes well, it gets its own little container, VPN connection, own user, yada yada yada.. a nice configuration system-wise.
But then comes ZNC. Installed it a few times actually, and failed a fair few times too. Apparently Chrome and Firefox block port 6697 for ZNC's web interface outright. Firefox allows you to override it manually, Chrome flat out refuses to do anything with it. Thank you for this amazing level of protection Google. I didn't notice a thing. Thank you so much for treating me like a goddamn user. You know Google, it felt a lot like those plastic nightmares in electronics, ultrasonic welding, gluing shit in (oh that reminds me of the Nexus 6P, but let's not go there).. Google, you are amazing. Best billion dollar company I've ever seen. Anyway.
So I installed ZNC, moved the client to bouncer connection to port 8080 eventually, and it somewhat worked. Though apparently ZNC in its infinite wisdom does both web interface and IRC itself on the same port. How they do it, no idea. But somehow they do.
And now comes the good part.. configuration of this complete and utter piece of shit, ZNC. So I added my Freenode username, password, yada yada yada.. turns out that ZNC in its infinite wisdom puts the password on the stdout. Reminded me a lot about my ISP sending me my password via postal mail. You know, it's one thing that your application knows the plaintext password, but it's something else entirely to openly share that you do. If anything it tells them that something is seriously wrong but fuck! You don't put passwords on the goddamn stdout!
But it doesn't end there. The default configuration it did for Freenode was a server password. Now, you can usually use 3 ways to authenticate, each with their advantages and disadvantages. These are server password, SASL and NickServ. SASL is widely regarded to be the best option and if it's supported by the IRC server, that's what everyone should use. Server password and NickServ are pretty much fallback.
So, plaintext password, default server password instead of SASL, what else.. oh, yeah. ZNC would be a server, right. Something that runs pretty much forever, 24/7. So you'd probably expect there to be a systemd unit for it... Except, nope, there isn't. The ZNC project recommends that you launch it from the crontab. Let that sink in for a moment.. the fucking crontab. For initializing services. My whole life as a sysadmin was a lie. Cron is now an init system.
Fortunately that's about all I recall to be wrong with this thing. But there's a few things that I really want to tell any greenhorn developers out there... Always look at best practices. Never take shortcuts. The right way is going to be the best way 99% of the time. That way you don't have to go back and fix it. Do your app modularly so that a fix can be done quickly and easily. Store passwords securely and if you can't, let the user know and offer alternatives. Don't put it on the stdout. Always assume that your users will go with default options when in doubt. I love tweaking but defaults should always be sane ones.
One more thing that's mostly a jab. The ZNC software is hosted on a .in domain, which would.. quite honestly.. explain a lot. Is India becoming the next Chinese manufacturers for software? Except that in India the internet access is not restricted despite their civilization perhaps not being fully ready for it yet. India, develop and develop properly. It will take a while but you'll get there. But please don't put atrocities like this into the world. Lastly, I know it's hard and I've been there with my own distribution project too. Accept feedback. It's rough, but it is valuable. Listen to the people that criticize your project.9
Never new setting up a mail server could be a huge pain 😭
Two days still no luck... Let's see how long it takes13
> Develop puppet deployment module for hip new mail server
> set vm so taht it simulates cheap ass requirements of 1 core, 1 gig ram
> finally get to the webserver part, need to generate own dhparam.pem
Meanwhile my beard is becoming more and more grey3
Going back home for the holidays means becoming tech support for pretty much the whole family, unluckly.
As soon as I enter my grandparent's home, my grandpa says "Could you print some emails?". I open his laptop, and I start sweating as soon as I see the Windows XP logo popping up. He (obviously) doesn't remember his password, and the only way to access his (mostly defunct) web mail service is Outlook 2003. For some reason, the web mail provider's POP3 server dies, and i spend half an hour trying to explain it. I ended up leaving with him saying "Why are you even going to a computer engineering university."
What a week at work...
As some of you might know, it‘s currently very hot in Germany with temperatures rising up to 35°C. That‘s when our AC at work decided to stop working. I‘m working in the third floor of a three story building so it‘s getting very hot in the office.
The day after we had a 45 min powercut and the AC still does not work.
Today when I got up and wanted to go to work, I got an E-Mail saying that we have another powercut which lasts at least three hours. We‘re supposed to work from home using VPN. But how the fuck should I be able to log into the VPN if the network is offline?! Oh and of course our GitLab server is hosted in house as well, so no access to any code at all.
Hopefully next week is gonna be a better one...1
For all the hate that Java gets, this *not rant* is to appreciate the Spring Boot/Cloud & Netty for without them I would not be half as productive as I am at my job.
Just to highlight a few of these life savers:
- Spring security: many features but I will just mention robust authorization out of the box
- Netflix Feign & Hystrix: easy circuit breaking & fallback pattern.
- Spring Data: consistent data access patterns & out of the box functionality regardless of the data source: eg relational & document dbs, redis etc with managed offerings integrations as well. The abstraction here is something to marvel at.
- Spring Boot Actuator: Out of the box health checks that check all integrations: Db, Redis, Mail,Disk, RabbitMQ etc which are crucial for Kubernetes readiness/liveness health checks.
- Spring Cloud Stream: Another abstraction for the messaging layer that decouples application logic from the binder ie could be kafka, rabbitmq etc
- SpringFox Swagger - Fantastic swagger documentation integration that allows always up to date API docs via annotations that can be converted to a swagger.yml if need be.
- Last but not least - Netty: Implementing secure non-blocking network applications is not trivial. This framework has made it easier for us to implement a protocol server on top of UDP using Java & all the support that comes with Spring.
For these & many more am grateful for Java & the big big community of devs that love & support it.
Been working on a new project for the last couple of weeks. New client with a big name, probably lots of money for the company I work for, plus a nice bonus for myself.
But our technical referent....... Goddammit. PhD in computer science, and he probably. approved our project outline. 3 days in development, the basic features of the applications are there for him to see (yay. Agile.), and guess what? We need to change the user roles hierarchy we had agreed on. Oh, and that shouldn't be treated as extra development, it's obviously a bug! Also, these features he never talked about and never have been in the project? That's also a bug! That thing I couldn't start working on before yesterday because I was still waiting the specs from him? It should've been ready a week ago, it's a bug that it's not there! Also, he notes how he could've developes it within 40 minutes and offered to sens us the code to implement directly in our application, or he may even do so himself.... Ah, I forgot to say, he has no idea on what language we are developing the app. He said he didn't care many times so far.
But the best part? Yesterday he signales an outstanding bug: some data has been changed without anyone interacting. It was a bug! And it was costing them moneeeeey (on a dev server)! Ok, let's dig in, it may really be a bug this time, I did update the code and... Wait, what? Someone actually did update a new file? ...Oh my Anubis. HE did replace the file a few minutes before and tried to make it look like a bug! ..May as well double check. So, 15 minutes later I answer to his e-mail, saying that 4 files have been compromised by a user account with admin privileges (not mentioning I knee it was him)... And 3 minutes later he answered me. It was a message full of anger, saying (oh Lord) it was a bug! If a user can upload a new file, it's the application's fault for not blocking him (except, users ARE supposed to upload files, and admins have been requestes to be able to circumvent any kind of restriction)! Then he added how lucky I was, becausw "the issue resolved itself and the data was back, and we shouldn't waste any more yime.on thos". Let's check the logs again.... It'a true! HE UPLOADED THE ORIGINAL FILES BACK! He... He has no idea that logs do exist? A fucking PhD in computer science? He still believes no one knows it was him....... But... Why did he do that? It couldn't have been a mistake. Was he trying to troll me? Or... Or is he really that dense?
I was laughing my ass of there. But there's more! He actually phones my boss (who knew what had happened) to insult me! And to threaten not dwell on that issue anymore because "it's making them lose money". We were both speechless....
There's no way he's a PhD. Yet it's a legit piece of paper the one he has. Funny thing is, he actually manages to launch a couple of sort-of-nationally-popular webservices, and takes every opportunity to remember us how he built them from scratch and so he know what he's saying... But digging through google, you can easily find how he actually outsurced the development to Chinese companies while he "watched over their work" until he bought the code
Wait... Big ego, a decent amount of money... I'm starting to guess how he got his PhD. I also get why he's a "freelance consultant" and none of the place he worked for ever hired him again (couldn't even cover his own tracks)....
But I can't get his definition of "bug".
If it doesn't work as intended, it's a bug (ok)
If something he never communicated is not implemented, it's a bug (what.)
If development has been slowed because he failed to provide specs, it's a bug (uh?)
If he changes his own mind and wants to change a process, it's a bug it doesn't already work that way (ffs.)
If he doesn't understand or like something, it's a bug (i hopw he dies by sonic diarrhoea)
I'm just glad my boss isn't falling for him... If anything, we have enough info to accuse him of sabotage and delaying my work....
Ah, right. He also didn't get how to publish our application we needes access to the server he wantes us to deploy it on. Also, he doesn't understand why we have acces to the app's database and admin users created on the webapp don't. These are bugs (seriously his own words). Outstanding ones.
Also, sorry for the typos.5
Hotmail and t-online (Germany) are the worst E-Mail providers. They have a weird setup with weird custom white and blacklists.
My mail server is configured perfectly. However, my server is inside an IP range microsoft and telekom decided to block.
Oh... come on6
I have multiple contenders ;)
A program used to sort emails.
We was in the process of moving from lotus notes to exchange and needed a way route emails to the right server internally.
Solution, a qmail to receive all emails, a script running by cron every minute to read the emails, check the recipient name to a list and resending to the right server. The script was written in php :P since that was the only way we at the time had to read an email into an object, it was run just like any other shell script :D
A multi threaded mail sender that fetch email addresses and content from a database and posted them through qmail using background execution and pipes to get the result back and then update the database, written in bash script.
A c program used in a similar way as in one but this time using dial up and uucp to fetch email and then drop these either into lotus notes or into a bbs for our customers to give them an email address. This was around 1993, so not to many isp’s offered email and not to many had internet anyway, dial up bbs was much more common.5
I'm currently between jobs and have a few rants about my previous job (naturally). In retrospect, it's somewhat therapeutic to range about the sheer brainfuckery that has taken place. Enjoy!
First, let me set the scene: legacy B2B web app made with LEMP stack and sencha ext.js 3 + 4 (don't ask) and a lot of madness. Let's call that app "Alpha".
Alpha is a self made CMS build for typical ERP stuff. Yes, a self made CMS: entities are containers, containers have types and fields and values. Like so many legacy PHP apps, it does not have a dedicated FE: the HTML is rendered on the server and then spewed out to the browser.
Easy right? Coding like it's 1999! But there was a twist: Because everything is basically a container, the HTML-templates are saved in the DB. Along with the nessary JS and the CSS. And the translation variables. Why? Because fuck you! That's why. Who needs a git history anyways.
For some reason, Alpha was kinda slow.
There was also an editor, that allowed you to modify templates (web, mail, pdf) on the fly in prod. Because templates contain repeating data (header/footer), one template could contain additional templates. Much confusion. You could change templates via migration (slow, boring) or just ctrl-c/ctrl-v that sucker (fast, much excitement).
Did I mention Alpha was slow?
On with the rant: e-mails! How do they work? Noone knows. How to send mails asynchronous in PHP? Witchcraft is the only possible answer to that riddle. Here is your enterprise™ solution:
1. create mail
2. insert mail into DB
3. WAIT UP TO 59 SECONDS FOR A FUCKING CRON TO SEND MAIL
Why? "Because that way, we can resend mails in case the network is down :)"
Same procedure for the SOAP-API (db-queue + cron). You read that right: all requests to various other systems are processed once a minute.
Alpha was only one of several systems. Imagine a bunch of monolithic php apps, interconnected via SOAP, REST and GraphQL like a godamn intergalactic orgy. Image having to debug that cluster fuck.
Let's say there is a bad request. These things happen. No biggie. Remember the db-queue? Let's try to send the bad request a second time! And a third time! Still no luck? How odd. Let's create a specific file in a specific directory: a LOCK-file. Now, "the db-queue is on hold and no request gets processed :)"
Golly gee thanks Alpha.
Anyhow, did you know that MySQL has a join limit of 61 tables?3
10 Signs You Picked the Wrong ISP !!
10. Their company logo: two tin cans and a length of string.
9. You check out their address, and it's a phone booth containing a Compaq portable and an acoustic coupler.
8. Their chief technical officer lives in a 10-foot-by-7-foot shack in the woods.
7. Their proud boast: "We've been on the Internet since it was CB radio."
6. Their promo materials use the words "information" and "superhighway" in the same sentence.
5. You order an SLIP/PPP connection, e-mail, and 2MB of server space for your personal Web site, and the voice on the other end of the phone asks, "Would you like fries with that?"
4. "As seen in Better Business Bureau special reports."
3. "Access speeds up to 9,600 bps in most areas."
2. They hawk both domain names and Rolexes on street corners.
1. They charge by the word.3
I absolutely hate it when companies use this or that medium for communications despite me asking them time and time again for another.
I have a mail server for more professional communications. The phone, only for stuff that won't matter if I inevitably end up forgetting about it (even more so now that Google made call recording more or less impossible, laws be damned). I will forget about a phone call no doubt. I've got better shit to do than to remember your manglement decisions, thank you very much. On mail, that's all nicely on my mail server for retrieval in several years even.
So I ask them to use the email address I gave them, a dedicated one for their company too (catch-all go brrr). Can't do that with phone numbers. Managing all those SIM cards aside, our government has now limited the amount of SIM cards one can have to 10. And texts and phone calls are not a long-term medium! And I can't share my phone number with just about anyone because people will inevitably spam the shit out of it, AND it's hard to replace! It's not a good medium! So with all due respect, companies - I couldn't care less what medium you prefer to use for your customers. You don't care about what your customer wants you to use - explicitly so! - and you lose a customer. It's as simple as that. Dealing with manglement is one thing, but dealing with manglement using the wrong media is something I'd really rather not do.
But hey I guess that virtue signalling is more "in" than actually listening to your goddamn customers nowadays? Let's replace another master/slave reference. You know, arguing that if we did that 2 years ago, George Floyd would've totally survived. Not by fixing the US police brutality, oh no no no. That's not the right way. Changing nomenclature and hashtags however, and not giving half a shit about your customers, yeah that's the way to go!2
i fucking hate that professor for whom i have to work on laboratory project right now.
well that wouldn't be not so bad if...
we wouldn't have to fucking debug his mistakes he put into the fucking prepared code AND his fucking useless instructions how to set up the project for eclipse the first time. not to mention his fucking requirements which make no sense
oh yeah im a student. i can always go and ask him for help if i need any...
i have another 70% mandatory course at the same time and that fucker refuses to upload hos sheets in moodle and answer even one fucking question via mail. not to mention no support if I am there unless i have eclipse setup. even through the projects should be build using gradle...
and all that wont even give us a grade. no ita simply a pass or fail part of the module which the course is part of.
have i also mentioned that the whole shit should be done in 20 hours according to the schedule8
I installed sendgrid on my server today for the first time. Now I have several questions to you more experienced programmers.
1. Is there anything I should know about using sendgrid for server generated mails?
2. Can I still use my own configured Mail-Server (eg. for sending emails with Thunderbird?
3. How does sendgrid work?
4. Are there probably better alternatives? (I first wanted to use mailgun, but those fuckers want me to have a credit card for registration)2
I'm thinking of writing an email server that accepts all usernames and just forwards the mail to the main inbox.
Or at least forwards a huge list of usernames to the main inbox.
You know, for spamming shit conveniently.
This way, email@example.com, firstname.lastname@example.org, and email@example.com will all go to the same inbox without actually needing to register any of those users.
It would be like having an email with infinite aliases.
Is there something like this already or do I need to implement SMTP?10
Gah... Outlook just froze because it can't connect to the mail server.... While I was drafting a long email....
Hope it doesn't crash, hope it doesn't crash.... Please please please...
There are a few email addresses on my domain that I keep on receiving spam on, because I shared them on forums or whatever and crawlers picked it up.
I run Postfix for a mail server in a catch-all configuration. For whatever reason in this setup blacklisting email addresses doesn't work, and given Postfix' complexity I gave up after a few days. Instead I wrote a little bash script called "unspam" to log into the mail server, grep all the emails in the mail directory for those particular email addresses, and move whatever comes up to the .Junk directory.
On SSD it seems reasonably fast, and ZFS caching sure helps a lot too (although limited to 1GB memory max). It could've been a lot slower than it currently is. But I'm not exactly proud of myself for doing that. But hey it works!1
On Friday afternoon, i got an e-mail from the IT manager of the company I'm working for.
"Due to security issues we have been forced to stop the server you deployed"
Today, on Monday morning, i got a message from the director saying LITERALLY NOBODY CAN ACCESS THE SYSTEM
I wonder what it could be.3
Customer: So I have two emails and I'd like to be able to use them.
Me: Okay, I see you have both Windows Live Mail and Thunderbird...
Customer: Yeah, Thunderbird was the old one we used, we now use the Windows Live Mail, but it's always having problems.
Me: Well, Windows Live Mail isn't supported anymore, so I would recommend moving back to Thunderbird.
Customer: But that would mean I would have to get another email, right?
Me: No... *thinks for a moment* OK, imagine you have a garden hose that is connected to the main line of your house. You with me?
Customer: I guess...
Me: So the connection from your house is your email - or at least the server out on the internet. Now on the other end you have a hose splitter, and it splits off into two other hoses. Still with me?
Me: So on the end of the other two hoses you have two spray nozzles; one for each hose. Now one nozzle is from company A and the other is from company B. Both nozzles share some spray types on the heads, but there are a few heads on A that B doesn't have and vice versa.
Me: Those spray heads are Windows Live Mail and Thunderbird. They receive your mail from the same place, like the water, but they have different features. Does that makes sense?
Customer: I suppose.5
Argh fuck you Microsoft for blocking my precious mail server. I can't believe that you were the only one. Even google accepts my mails with every fucking test passed...
Oh and not to mention that in the no delivery report you are referring an error code which is not present on the linked troubleshoot page. Thank you once more, you piece of shit.
Should have listened to the articles about why I don't want an own mail server...15
Webhost (that I basically only use for email) decided to get rid of all plans they had in favour of 1 big "unlimited" (with FUP ofc) plan...
I used to pay about 3,65 a year (incl. VAT) for my plan (which had about 1250MB of storage) which was totally fine...
Good enough storage for mails.
The new plan costs me 55 euro a year (incl. VAT) and has that "unlimited" storage...
Which I don't need for a fucking mail server...
And they don't allow me to go back to my old plan >.>
Literally the only reason why I went with them 7 years ago was because they were so cheap (back when they also still hosted my website) and perfectly fit my needs >.>
Way to shoot your longest time customers in the back.
Well, time to look for an alternative T_T2
Setting up a mail server is the worst experience I ever had. And whoever took part in the invention of these evil pieces shall get hit by doves, round cubes and get lost in /home/minzkraut/mbox FOREVER!!
Need to change host for my sites, but no money for a good one. Trying to put everything in one cloud (5 USD) but... How the duck can I create a mail server with multiple domains?
A good fight with postfix, dovecot... The first account, just to the sake of make it work, is almost working (I reckon)10
I wonder how fast the mail server pewdiepie uses will go down, if he turned on notifications for every like, comment etc.2
FUCK APPLICATION LEVEL FIREWALLS!
So i cam online today, thought already lets open the shitty outlook webmail client. Holy crap .... thats way to much mails. Many of them are missed teams messages. So i open up teams and holy crap. Like every third dev in my company send me a message screaming "gitab is not working!!!".
Yesterday i updated it so imediately get in panic mode - what the shitty hack have i done?!
So yeah gitlab seems to be working just fine, everything is speedy and responsive, so i call one of my fellow devs and ask him whats wrong? And he is like oh yeah there comes a ldap error saying timeout or something.
I try to login with active directory. Works like a charm. Try another account, same problem?!
Google the problem, search gitlab tickets. Nope there is no open bug or sth. like this.
So alright lets call the network guy. "Yo, can you check if there is something ldap-like getting blocked to the gitlab server?" - He is like oh yeah damn like almost every damn request is getting blocked. Ah wait, there was an firewall update yesterday too. Yeah ldap is no longer ldap. BLOCK THAT SHIT!
After 10 minutes of figuring out what shitty type is detected by the firewall and what needs to be whitelisted to make it fucking work again it seems to work.
But ha no, there is another update rolling on, so same shit like 15 minutes later.
Now it seems to work and i have to inform every damn fcking developer that it works again. And yeah alright you sent a mail, but fuck it, i will call you though! So yeah just answering calls, mails and chat messages. Like why the fuck cant you read your mails like a damn normal person?!1
Who, more than I, totally HATE emoji?
lol I hate emoji after it caused so much problems with Microsoft Outlook and email backups from said program combined with emoji in subjects.
Wrote an subject filter in exim4 (took 3 days to debug and get working propely) that totally eradicate anything that isnt ISO-8859-1 from the subject line, then converts the rest to UTF-8 (because said IMAP client isnt following standards).
it also converts ISO-8859-1 characters in subjects to UTF-8 even if the original subject is declared to be UTF-8, because obviously some software (especially newsletter software) are transmitting ISO-8859-1 subjects that are declared to be in UTF-8 (but the opposite isn't true).
And also cuts subject to 100 chars, because too long subjects are a problem too. Same with date headers, I replace them with the server date/time because some software are sending Date: 1970 Jan 01 00:00:00, because some of these erronous headers are put by some mailing list software, aswell as causing problem in OEM clients like Samsung Mail.
Problem solved, all IMAP clients happy on internal network.7
I've been working on migrating my personal e-mail server for nearly a month.
Old (Linode): opensuse 13.1 (no longer gets update) running postfix + amavis-new(with spamassassin and clamav) + dkimproxy + dovecot
New (Vultr): OpenBSD 6.3 running opensmtpd + spampd(spamassassin proxy) + clamav + dkimproxy + dovecot
I'm surprised I only have 5GB of e-mail, considering I migrated all my gmail there a while back; 5GB for ever e-mail since 2004.
I finally got all the DNS switched over and tested all the end points this morning. The whole thing is done in Ansible so hopefully switching to another provider will be a lot faster:
spent all day with a new project, maybe you guys can help.
I have two p2p cameras that I want to setup and access when my family goes on vacation.
Cameras are working (with mildly success) , now, what Is the best option to access them from the Internet?
I can send e-mails, but can't config the SMTP server (don't know why always gives connection error, but guessing that maby this kind of products are blocked from sending e-mails), tried Gmail, mail, and Hotmail.
ftp-server.. don't have any online (have a VPS with 200 mb free ram...)
I fucking hate web development and fuckton of issues it has. Laravel library not found despite the files exists and composer loaded it in the autoloader, fix: create a config file for the lib, why? Because magic. The code cannot find the provider class without it....
Next, try out smtp mail. Works everywhere, but not with the live smtp server. Fails with Invalid recipients error. 2 hours later, with half of my hair torn out I finally figured out. Can you guess?
Credentials and settings are correct, recipients are also correct. The fucking from address parameter was the culprit because you cannot send emails on behalf another address, logical but fuck that error message. Why is it that hard to respond with an understandable response?2
Xcode: took away the ability to manage multiple windows as documents; everything is a half-assed safari browser window that neither works like Mail nor like Safari.
Xcode: took away the ability to have variables in the debugger in separate displays, now it is a single basket of eye-bleeding variable/data spew.
Xcode: took away the ability to modify variable values in the debugger, it's just broken and lets you think you can but reverts the value.
Xcode: took away the debugger's ability to modify the execution pointer. You can't move the current line of execution to the previous line, the line past the current line, nothing.
The same internal human virus that manages the Alzheimers 'upgrades' of macOS Server seems to be managing the Xcode debugger, more aptly named now "Xcode stepper" cuz it makes a lot of motion but goes nowhere fast.1
I just got a mail from our universities tech support for a ticket I openend a fucking year ago... They didn't respond for a whole year and are now working on it?
One year ago I had problems connecting to eduroam on my Linux machine. No matter what settings I tried I never got it to work.
So I decided to open a ticket at my universities tech support. Fairly fast they answered me and tried to find what the problem was. Somehow only half my username made it to their server which means their is no way I can log in.
The conversation went on for a few mails but we never managed to solve the problem...
Now after one year they send me a mail stating that I can call them if I still have this problem.
Wtf? Who answeres to a ticket from one year ago? Why is the ticket still open? Did they work on it or just randomly decide to reply to old mails? Why didn't they write anything in the meantime?2
Worst dev disaster?
Welp, my now 6 year old Mac keeps sending signal to my monitors that in my experience regardless of OS generally says "my video card is gonna fuckin die soon".
I've re-installed the Windows partition like 3 times, but that responds to the video card problems so bad it pretty much just BSODs... but the Mac side soldiers on, just occasionally having weird visual glitches. Thats fine, I work on the Mac side.
And I don't really want to spend a shit ton on a new computer... but I do want a Mac, so I'm gonna spend a shit ton.
So now I have to decide if I can hold out for an M1 or if I should just shell like thousands for a Mac that will be out of date in like 4 months. After which for development purposes I'd still have to buy at least the M1 dev kit Mac Mini.
All of which hinges on this effing video card lasting another few months.
Because if it doesn't I'm going to have to use my kids 8GB fuckin HP laptop as my main dev machine while I get another Mac in the mail and that would fucking suck not to mention the like minimum two days sleep I'd lose just setting up the required local environments I'd need... not to mention I'd have to do all that in Windows... so I'd have to find Windows equivalents for all my dev tools. Or fuck it, maybe I could just install Putty and server cowboy everything... but it would still suck.
And, of course, I don't have time to do any of that because I have the normal like 2 tight deadlines on shit.
The next few months of my life, potentially my ability to earn a living, potentially my sanity...
Hangs on the health of a fucking six year old heavily abused video card.9
I should create a contact form for support requests.
Me: I can't connect to the mail server with the settings you've send me.
Employer: It works. I can send and receive mails with Outlook.
Me: Ok, I will check my code.
Employer: It has to work. I even checked the informations I send you about the mail server settings and they are the correct ones.
I've tried every configuration which could be possible and rewrote my code. It wont work, so I tried to use my own mail server and it worked immediately.
Me: I've tried everything but I can't connect to your mail server. After a while I've tried to connect to my own and it works just fine.
TLDR: I wanted to change email to new one, but I could not remember which one I have
currently. I found out an API in DevRant JS files for email verification and used
it to find it out.
So, I am moving from Gmail to Protonmail Pro, absolutely love their service.
I wanted to do same on Devrant but I could not figure out my current mail for
"I lost my password" form. My Password Manager have only login saved, and profile does
not show email address.
I thought that this user information is stored on server so it have to be some way to retrieve it. I dug
in source code and I've found:
`<div class="signup-title">Verify Your Email</div>`
Which has event assigned to function which uses jQuery.ajax (love it btw :D) to call:
This seems like worth a shot. Few copy-pastes and one ajax call later:
"Welcome to Devrant"
Got it :) So I have already changed in march when DevRant on previous layout.
This is what I love in this profession - problem solving. AI will not replace human
in any way, we will just stop coding array iterations and data manipulation - we will focus
on real problem solving and human touch (like design, convincing management for changes).1
fucking web hosts blocking all SMTP ports outgoing, forcing me to use PHP mail from their shitty blacklisted IP's.
Since I can't use a web api to send the mail Iended up setting up my home server to forward port 53 back out to the mail server, alot of hassle to get mail working :(14
Finally got that damn web app to send out mails (2am). Turned out mail server worked, rails was properly configured, delayed jobs were running and were getting proper rights and environment. The issue was wrong configuration in app itself (somebody skipped part of the wizard). But still, fixing somebody's else server with webapp I know just a little about in languages I know even less about (not a web developer) after few guys failed and just within five hours, makes me feel both dumb (should have noticed much sooner) and proud (figured it out in the end).
This day is off to no good... :(
First l forget the ssh port to my mail server and now i realized that tomorrow is the last day the server is up. I need to add more credits but i literally have 2 cents on my bank account :(1
So, I work as a sysadmin junior (6 months and going), and in the past few months, I learned what my boss warned me about - Devs don't understand us admins, and we don't understand the devs.
We have this huge client who is about to migrate to our company (We do mostly server managment/Housing/Renting), and I am so gald I don't have to work on the migration myself!
Just hearing what the company devs say makes me facepalm: No, it won't work. It cannot work on just 3 machines (They use like... 20 in total), no, we won't get rid of our docker swarm, that's essential (Doing the absolute minimum in their infrastructure, just a fancy buzzword to lure people on. Though they've spent like 2 years developing the app that uses it, so they my not want to give it up).
I kid you not, once, they replied to an email that contained the phrase "To be afraid of/worried about" something during the migration, that something could break, not work, be unstable. 7 times.
Might not sound as bad, but it was a rather short mail, and when they're so afraid of everything, its kinda hard to cooperate with them.
My colleague literally spent this entire week mapping out /their/ infrastructure, because they were unable to provide us with the description themselves.
And as a cherry on top, they sent us a "graph" of relationships of all the parts of their infrastructure that was this jumbled mess of rectangles and arrows. Oh, and half of all the machines were not even in the graph at all! Stating that "We also have all this, but I really don't know how to ilustracte the interactions anymore"
Why do companies like that exist? If you build an infrastructure yourself, shouldn't at least someone know exactly how it works?1
Outlook protection is shit!
Microsoft is blocking our company mail server AND even my private one for a couple of days now for no reason.
Every other mailing black list has nothing to complain but Microsoft: "You want to send a very important mail to your customer? Nope!"
"Yeah, now you tried to use your private server to fool me. Haha, nope! You didn't think I would block IPs randomly, did you?"
Fuck Microsoft! Fuck Outlook protection! Fuck hotmail!1
Best debug ever?
Some years ago we had to do a web project as group. It was a cinema like website with backend and front-end.
So in the end we arrived at the presentation and while scrolling the code I found commented out some authentication controls 😅😆 (probably for debug reason lol)
Whatever, meanwhile, while I was talking with the professor two of my mates were whispering... Turns out they found what he mail service wasn't working. And what's best than fix it, push it to the Heroku server and restart all? XD
The professor noticed some little lag in a button and asked "what's happening?"
"oh, nothing we just restarted the server "
I am the responsible for the atlassian Suite at work, as I maintain the systems, set them up, and stuff.
One day, our crowd (the authentication and authorization application) just went crazy. At like lunch time it could not connect to the AD anymore. No reasons. Throwing XSRF errors (cross site scripting), because http would connect to https. "won't do it, fuck you" it told me. Out of the blue. Noone changed anything. And yea, seriously. Noone did.
It just refused to connect (as connecting to AD is connecting yourself with you own api. And refusing yourself talking to yourself). It runs behind a proxy. Therefore http/https. Well, this worked for years. But out of sudden not anymore.
Yea. Fuck you.
It was reported some hours later, at like 3pm, as people could not login to the applications using crowd as authentication and authorization server.
Tried to debug the system, where nothing was did, to make it work. At best time to fail.
First workaround: if you are logged into one of the other applications of atlassian, just refresh the site, so your SSO token gets a refresh and you are signed on again.
Then I searched more and more. And more.
But nothing worked, nothing helped.
So I addressed an emergency maintenance, take down the whole Suite, restart crowd, to apply some changes to it's settings, not knowing what happening then, because all connections of SSO will then be released. Sent out the mail like 30 minutes beforehands.
While waiting for the window, I just typed my credentials... And redid, and redid, so to type and being bored.
Three minutes before the window...
It just worked again.
Well. Wtf. Serioudl
Just came back.
No Intrusion, no changes at all. Just came back, as nothing has happened.
Kind of best part of this story... A headhunter messaged me on my way home to offer me a job as an Atlassian Suite SysAdmin for a company, at kinda the double of my salary.
At first I was thinking to go there, and when someone then asked me sth about Atlassian just start to laugh and then leave still laughing...
But then I very nicely respond that I dont want to cry at work. And wished him best luck.
I am doing some bad upgrades now on our Suite. Very painful.
And I looked into the start scripts. Some Look like the untalented intern tells another one to write scripts. Seriously wtf.
Today I followed the guide to Update a confluence and change database to Postgres. Didnt work, Postgres error.
Try it again, jquery won't load. Next try, tomcat not starting anymore. Did same thing. Every fucking time.
Yea. Maintenance window to get a nice new export soon. Will only take an hour.
To switch database in confluence, you need to set it up very fresh. And then Import your export.
Export takes an hour at our system.
Importing maybe the same time. Hope it will work (hint: Nope).
Oh, can be nice also. Just tell the Bitbucket to migrate databases, there is a fucking setting for it. Enter new database, ready, go, finished.
At least they don't raise costs very much every kinda year.
Oh sorry, yes, they do.4
Alright, here we go again with issues on Vector. (My home server that we're transitioning our website, infiniit.co to.)
I'm trying to get the email server up and running. It's a PITA which is evident by the fact we are now on attempt number 6, at least on the 6th VM now. At this time I'm installing a Ubuntu 16.04 LTS ISO and I'll be installing IRedMail unless someone else has any recommendations. So far I've had nothing but problems doing it manually, installing dovecot and postfix, trying to get them linked, and then the last failure was sending a test email locally.
Also, a continuation of the last issue that I had here, now my VMRC isn't working anymore for some reason. Ive forwarded websockets but it won't work unless I use local IP since everything (except direct local IP connections) is running through an apache VHost setup... My head hurts. Help pls.2
Follow up to my previous rant ( https://devrant.com/rants/1680373/... )
I've contacted digital ocean support and asked them about that blocked port. They said that they didn't block it and that I must've messed up with configuration. The thing is, when I set postfix to port 2525 it works perfectly fine and I can connect no problem. Will see how they respond to that...4
My laptop was at 500% of course usage and ram... Wtf...
Had to stay till 1am because I was debugging a microservice system with 15 services, 3 databases and a full mail server. Freaking integration tests took all night to build and run. Don't have a remote server to run this on because the guy is sick. Arghhhhhh8
Life is to take decisions. Which u prefer
Google vs Shodan vs 🦆 🦆 go
Angular vs vue vs react vs other
Gnome vs unity vs KDE
Atom vs vscode vs sublime or other
iOS vs android vs other
Natives bs ionic vs react native vs xamarin vs flutter
Gmail iCloud or outlook or proton mail
Camel, pascal ,snake case
C# or Java or python
Sql or not sql
Debian , fedora ,linux mint or kali
Server side rendering or client side
Aws vs gcloud vs Azure vs ibm cloud
Firefox vs chrome vs safari
Free without privacy or ads or paid without ads or privacy
Nintendo vs pc vs ps4 or xbox
WhatsApp or telegram or other
Sleep at night or not
Coment your favorite12
Yeah, sure.. I'll configure your DNS & mail server.. while I'm at it, I'll also optimise your db settings & configure backups..and don't forget LDAP & group policies!! Sure, no probs!! :/4
Set up customer's e-mail addresses in Plesk. Worked fine in testing, all goes well for about a week.
Then their e-mail stops delivering. Stuff arrives, but outgoing messages either bounce or fail silently altogether. I contact 1&1 support, and they help set up SPF and DMARC on the domain, and then we wait and see once the DNS changes propagate.
Well, something about these changes caused my business e-mail (on a separate server) to exhibit the same problem now, when it had been working for 3 years without issue prior to that.
Check back with 1&1 2 days later to see why the first one isn't working; we verified all of the records across everything, tweaked a couple other things (like setting the full hostname in Plesk to mail.servername.com), and waited 2 more days.
Still having the same problem on both accounts. did a bit of looking up the issue for Plesk and found that in order for SPF/DMARC to work, they have to be activated on the Plesk-wide mail settings, and then again individually at the domain level.
Made these changes on my business e-mail's server and domain and it fixed the problem!
Made the same changes on the server with the customer's domain and...still seeing the same issue.
Have checked all settings between them and they're identical. All the appropriate DNS records are in place. I'm kind of at a loss for waht else to check at this point.1
I need to install a web hosting control panel with limited access for web developer. but most panels mess up with other server configuration (e.g mail server and ...).
What do you suggest. Is there any panel that doesn't break other configurations?7
Send customer mail about fixing some bugs and remarks, and ask If I should place the fixes on a test server or just go ahead and go online.
Customer never reads the mail and retest old version....
Why don't people READ a mail.....
I've started to get more into the TOR idea over the last couple of weeks.
I know I'm way to "non protective" of my privacy but changing would mean I'd have to break many habits and stop using things I'm used to.
A couple years back (I guess it was in like 8th grade or so) I had a presentation in German (my first language) for an extra mark. It was about tor. In the process of researching all of it I learned quite a lot about it. All of this knowledge has stuck to me the whole time, unused.
Fast forward to today, I've finally decided to use the couple of bitcoins I have (like 15€ or so) from my home mining experiment to rent a vps for a tor relay. First, I was lucky enough to find a service provider that accepts bitcoin for a 3€. They advertised "Fair use Traffic", later found out, after committing for three months since I was like "yeah... will be fine", in the customer panel there is a graph that shows me that I have used x% of 1.5 TB... I guess the customer support will get an email from me asking what "Fair use" exactly means... But that's fine... Oh... And ipv6 wasn't a thing to be found...
To wrap it up... I've now got a 2 weeks old little tor relay <3
(I didn't wanted to put it on my main vps where I have 200mbit guaranteed at unlimited for 5€ a month since that's where I have my mail server running and a hidden service for my next cloud)1
It's lovely when your corporate application starts having problems sending mail through google, so you fallback to your onsite mail server, only to learn it is nothing more than a pass through to your gmail account.
Not only that, but it isn't secured at all, so spam bots have been sending millions of spam emails through it, leading to your google account being blacklisted which caused the email problems in the first place. Yay!2
When you create some shell scripts on the servers which are supposed to mail your team each day at 9pm and you leave for vacation at 4pm only to see the emails suddenly arriving on the way home at 4:30 telling you and everybody else that almost everything possible went wrong on an unknown server.
So a third-party service that I implemented is going to production and me and the PO were testing that yesterday, didn't see any orders coming in the service backend.. so we send a mail to them.
This morning they respond with saying that they can't have both the test server running and the production server...
What the hell is this... :/3
Asks daily for login credentials to server. After a week mail from the client: "why isn't our platform live yet?"
I have been working on idea similar to pastebin for mobile platform currently available on Android. The main concept is the easy share of Note in any language that is encrypted and the notes get deleted as soon as other party reads it. Plus you can encrypt it further by adding your own password and then share that password with others. This is useful when we are sharing our card details and other secret stuff with friends or family. The problem is that if you use mail or messaging stuff it gets stored in other party device and it can be exploited in future in case of theft or mobile loss. Here is my application for Android.
Please comment your reviews.,comments and suggestions here.
If you want to fork the code of both server and client comment that also.
I am thinking to migrate from a shared hosting (I have a few websites, some of them with WordPress) to a 2GB RAM droplet, but I am concerned about having to create a mail server.
Any opinion about that?
I've been trying to setup a mail server on my vps. Postfix is setup fine, I can send and receive mail with SSH, but I couldn't connect any mail client to the server. After a couple reinstalls, following a million tutorials, I finally found the reason.
The fucking reason was that fucking digital ocean FUCKING BLOCKS THE FUCKING PORT 25 BECAUSE FUCKING SPAMMERS ABUSED IT.
Switched postfix to use port 2525 instead and everything works as it should.
Fucking digital ocean, I swear I wouldn't use it if I didn't get free 50 dollars from github student pack.
On a side note, can anyone recommend a cheap vps provider that doesn't block ports?1
That lovely moment, when I have to spend an hour on mail delivery issue, only to find out the message was flagged as spam due to a faulty dns blacklist.
Though the way it got flagged is idiotic and funny at the same time, too.
The blacklist domain got parked, dunno why, and of course, all of the dns queries thus got redirected to a different dns server that just returned the A records of the dns park owners.
Guess what that causes when you use that blacklist? Every single email gets flagged, including that one of ours that I had to debug.
Fml, an hour of overtime for a stupid malfunctioning blacklist...
What do you think is the best software for an e-mail server running on Ubuntu 16.04 (Gotta use Ubuntu for a few different reasons). Haven’t been able to find a good solution for me to use. Needs to be able to run a few different email domains, roughly 5 domains.
Hell, any suggestions on a VPS host? I’ve been thinking of OVH. (Best bang for the buck so far that I’ve found)10
I've been using Google Photos to serve images for clients E-Mail Templates since its a one time payment and I didnt want to continually pay for a server and storage.
Anyone knows if that violates any Google ToS since i use it pretty much commercially?
I couldnt find anything about that and was thinking about migrating the images to AWS7
I'll fucking kill you bitch who the fuck made you the system administrator of this fucking college? The fuckery you do... god damn some students know more than you and you should agree to this fact. The previous sysadmin was knowledgeable and you are just a fucking worker in the finance department. You fucking dare not call yourself a sysadmin when you can't even read the fucking docs provided by the G Suite. At least you didn't make the mail server yourself otherwise god knows what the shit you'd have spread around.
Need some help,
I am setting up postfix and I need it to accept all emails, from any domain (without a domain list), and forward it to a local address on the machine (It pipes into PHP, toscript@).
I have a catch-all working where it is forwarding the emails to the toscript@ mailbox dispite of the to address. But if I send an email to it that is not in the domain list it gets rejected as it's not in the domain list, Is their a known way to force Postfix to accept all domain emails without having a list of the domains in the server.
I have searched but no luck of a working solution, I have looked at the following with no working solution
Server Fault: 133190
Server Fault: 422468
Server Fault: 179419
Server Fault: 105641
Server Fault: 161321
Server Fault: 318426
Server Fault: 514643
Server Fault: 410053
Stack Overflow: 4772229
Super User: 353488
Looking at the docs I do not see anything for it but making it an open relay but I can't figure what settings to update to make it the open relay to capture all of the mail.
I know I am missing something but I can't figure out what it is!
I'd like to use Postfix as it seems very stable and it's not a hack job as some of the projects that I have seen. It also can communicate with all of the proper channels for SMTP and the Protocol as well as some very easy configs.2
TIL they created an open source e-mail protocol, JMAP (info at http://jmap.io), based on IMAP. The problem is, there is no client nor server that actually uses this. Do you know if they will ever develop one?
I finally got around to setting up my own cloud with nextcloud on my own dedicated server.
Just setting up Nextcloud alone was not really the challenge ( I've set up at least 2 Nextcloud instances in the past ).
The actual challenge was to install /e/ OS on my mobile phone and get it to work with my Nextcloud instance.
It's not all performant, buttery-smooth or super-fast yet, but for a one-person / user-cloud, I think it should be just fine.
There's still room for improvement in terms of server-side performance, but it's working fine with the basics at least.
I need to figure / iron out some issues like social federation via ActivityPub not working, Nextcloud SMS not syncing up my SMS, Mail app crashing because I used a self-hosted Nextcloud instance, etc; but those are things I could work on slowly, in the course of time.
No, the server is not physically controlled by me, yet ( it's a dedicated box server though. Still, hosted and physically controlled by a provider ).
I intend on setting up another 'replica' on a RaspberryPi which I will then make primary, connecting to the internet via DynamicDNS.
I'll probably keep the server as a fallback / backup server just in case my home server loses connectivity.
Taking back control from Big Tech is something I intend on pursuing actively this year. I've had the idea in my head for too long that it has started to fester.
This is only a first step, of many, that needs to follow, in order for me to take control back from Big Tech.
Yes, there still is some room for improvement, but I think for now ‒
Someone posted a link to a 30-day-security-challenge here on devRant some time ago and I just thought well, why not try to migrate away from the big companies - I've been using OneDrive as my only cloudstorage since the time when it was called SkyDrive and I've been hosting my Emails at outlook (via Live Custom Domains, a service that does not even exist anymore) for about 8 years now. Since I've always been lazy and since exchange activesync is a great feature if you have multiple calendars and want to sync them and your contacts to several devices I never tried to switch but now I am half done with migrating my data to my own nextcloud installation and my emails to my own mail server - since I don't want to loose the exchange functionality I am also setting up Z-Push and oh boy, this thing is bitching around but my webmail is already nicely integrated into nextcloud, IMAP / SMTP is up, configured and secured (still have to mess around with spamassassin as this email adress is floating around the web for about 10 years now). The only things to do is to get Z-Push work with STARTTLS and the card/caldav backend running and then the basic setup should be done.
I am just wondering if someone could hand me over a guide on how to sign / encrypt emails (GPG?)