A call I had today, girl registered a domain and put it in her hosting package:

Girl: so where can I view my email accounts?
Me: *explains*
G: Oh, I wanted an email address with info or my first name as part before the @ but I only see an account with the name of my hosting account username?
Me: that's right, that's a default one you get :)
G: oh 😞 I....I.... I've always have wanted a domain name with my own email addresses linked to it and I thought I could do that this way 😩
(I could hear the disappointment and that she seemed very sad suddenly)
Me: do you see that "create new email account" button up there?
G: Yes..... Wait.... Can I make like multiple email addresses myself?!
Me: as many as you can manage inside your hosting account!
G: 😵😍 OH MY GOD
Me: Haha, enjoy creating some!
G: THANK YOU I LOVE YOU BYE
*Click*

It's those moments which can make your fucking day!

More than half of all support calls and tickets we get are so fucking easily searchable through our own fucking website and search engines, it's really fucking annoying sometimes.

"how do I redirect a site?"
Type the fucking word redirect into our helpdesk page.

"how can i reset my email password?"
Literally fucking type the word EMAIL into fucking search bar?!

"hey the article said to go to yourdomain.com/webmail, I'm not getting anything!!!"
"what domain did you use?"
"yourdomain.com of course!"

😥🔫

"how can I add a domain to my hosting?"
Search for the FUCKING word DOMAIN on our online helpdesk.

IT'S REALLY NOT THAT HARD, PLEASE APPLY COMMON SENSE AND USE YOUR FUCKING BRAIN.

And here comes the last part of my story so far.
After deploying the domain, configuring PCs, configuring the server, configuring the switch, installing software, checking that the correct settings have been applied, configuring MS Outlook (don't ask) and giving each and every user a d e t a i l e d tutorial on using the PC like a modern human and not as a Homo Erectus, I had to lock my door, put down my phone and disconnect the ship's announcement system's speaker in my room. The reasons?
- No one could use USB storage media, or any storage media. As per security policy I emailed and told them about.
- No one could use the ship's computers to connect to the internet. Again, as per policy.
- No one had any games on their Windows 10 Pro machines. As per policy.
- Everyone had to use a 10-character password, valid for 3 months, with certain restrictions. As per policy.
For reasons mentioned above, I had to (almost) blackmail the CO to draft an order enforcing those policies in writing (I know it's standard procedure for you, but for the military where I am it was a truly alien experience). Also, because I never trusted the users to actually backup their data locally, I had UrBackup clone their entire home folder, and a scheduled task execute a script storing them to the old online drive. Soon it became apparent why: (for every sysadmin this is routine, but this was my first experience)
- People kept deleting their files, whining to me to restore them
- People kept getting locked out because they kept entering their password WRONG for FIVE times IN a ROW because THEY had FORGOTTEN the CAPS lock KEY on. Had to enter three or four times during weekend for that.
- People kept whining about the no-USB policy, despite offering e-mail and shared folders.
The final straw was the updates. The CO insisted that I set the updates to manual because some PCs must not restart on their own. The problem is, some users barely ever checked. One particular user, when I asked him to check and do the updates, claimed he did that yesterday. Meanwhile, on the WSUS console: PC inactive for over 90 days.
I blocked the ship's phone when I got reassigned.
Phiew, finally I got all those off my chest! Thanks, guys. All of the rants so far remind me of one quote from Dave Barry:

Last day on the contract from hell. I'd written a project with one other person in our spare time that performed a critical business function. The following conversation was had between myself, the job thief who was handed my job and their manager, with the 10 other IBM GS "dev domain experts" assigned to that team sitting silently on zoom:

Moi: hey all, what seems to be the problem?
JT: how to update the java for requirement?
Moi: I would assume a text editor, have you tried intellij
JTM: she's talking about ticket BS-101, the data is wrong
Moi: ah, well, you might want to fix that
JT: how to fix?
Moi: update the database and update the logic that depends on it
JTM: what changes are those?
Moi: the ones described in the ticket, I would assume, I'm no longer on that project
JTM: didn't you write this application?
Moi: yes.
JTM: ok, so do you know how to fix the issue?
Moi: definitely
JTM: ok... ... Can you tell us how to fix it?
Moi: yes.
*The sound of silence*
JTM: *will* you tell us?
Moi: I would, but I'm already off the clock, and as of an hour ago I no longer have a contract. And even if I did, I don't have a contract or authorization to work on that system. I'm not actually being paid for this call.
JTM: ... What are we going to do about this?
Moi: I have no idea
JTM: ok, so we can look at getting a 1 month contract to support this
Moi: I'm sure our firm has someone who can definitely help you out
JTM: *heavy raging* ... Can you do the work?
Moi: Unfortunatley, I'm already committed to a new contract at another customer. I also don't do one month contracts. I'm an engineer, not a car wash employee
JTM: well, I don't understand how you can just leave us in the lurch like this?!
Moi: well, respectfully, it was your decision to cut me from the budget because you thought you were close enough to end of the project to get it across the line with junior resources.
Interjecting-JT: I am senior!
Moi: Right. So, basically, you took ownership of the product before go live. We advised against it, in writing, numerous times. We also notified you that we would not carry a bench, so the project resources are now working on other things. We can provide you with new resources for a minimum 6 month duration who can help you out. Also, since we've cycled out, our rate has increased per the terms of our MSA.
JTM: we don't have budget for that! How are we supposed to do this?!
Moi: *zoom glare at JT* that question is more appropriate for your finance officer and the IT director. I can send a few emails and schedule a call with your account representative and the aforementioned individuals so you can hash this out.

-_---------------
I'm free! 🥳 That said, still plenty of residual fodder I need to get out of my system on these guys. Might need to start my own Dilbert.

Had a former customer call a few (10) years ago, furious that we shut down their website.

Me: but you moved your website to another provider 2 years ago? We dont even provide webhosting any more?

Turns out, when they moved we put a redirect to their new site on our server.

During the summer this server was decommisoned due to a failing harddrive but since we no longer had any active customers on it we just pulled the plug.

The customer had never actually redirected their domain name. :)

When we sent them a copy of their own cancellation letter we got an "oh hell, sorry".

:D

*has a great company name idea*
*tries to register domain*
*domain taken*
*looks at whois*
*i already own it*
i don’t know how to feel

My brother just started learning web development. Day 1 of playing on his own domain, and he breaks his WP install twice in an hour. He sends me the following text:

This is like a horribly frustrating game.

Best summary of software development I've ever heard, and it's only his first day.

*signs up for Skillshare*
> Sorry, your password is longer than our database's glory hole can handle.
> Please shorten your password cumload to only 64 characters at most, otherwise our database will be unhappy.

Motherf-...

Well, I've got a separate email address from my domain and a unique password for them. So shortening it and risking getting that account stolen by plaintext shit won't really matter, especially since I'm not adding payment details or anything.

*continues through the sign-up process for premium courses, with "no attachments, cancel anytime"*
> You need to provide a credit card to continue with our "free" premium trial.

Yeah fuck you too. I don't even have a credit card. It's quite uncommon in Europe, you know? We don't have magstripe shit that can go below 0 on ya.. well the former we still do but only for compatibility reasons. We mainly use chip technology (which leverages asymmetric cryptography, awesome!) that usually can't go much below 0 here nowadays. Debit cards, not credit cards.

Well, guess it's time to delete that account as well. So much for acquiring fucking knowledge from "experts". Guess I'll have to stick to reading wikis and doing my ducking-fu to select reliable sources, test them and acquire skills of my own. That's how I've done it for years, and that's how it's been working pretty fucking well for me. Unlike this deceptive security clusterfuck!

Was browsing job sites and noticed an 'experienced sysadmin' job (Linux).

Everything seemed pretty interesting and then I saw this line (at what they offer):

Free own domain with hosting!

That's genuinely cute offering that to an experienced Linux sysadmin. Not saying every sysadmin has this but I for example have like 10 domain names and a bunch of servers.

Yeah that looked cute 😆

What is a domain name system doing in a hospital..!
And, it has its own office too..!

>>signs up for GitHub student pack
>>Approved almost instantly
>>Looks at what's included
>>See a .me domain from namecheap is free
>>"yo that's lit. Lemme see if they have one I want"
>>Finds domain
>>"Good shit man. I'll finally have a reason to make my own website"
>>Go to checkout
>>Asks for school email address
>>Enters address
>>"it seems your University is not included in this."
>>Fuck me man

*registers for an account on RaidForums*
> Sorry mate, we only accept the following email carriers: gmail.*, googlemail.*, hotmail.*, hotmail.*.*, yahoo.*, yahoo.*.*, ymail.*, live.*.*, live.*, outlook.*, outlook.*.*, protonmail.*, riseup.net, aol.com, gmx.de, raid.lol, msn.com, cox.net, mail.ru, att.net, bellsouth.net, laposte.net, rambler.ru, sky.com, mail.com, pm.me, shaw.ca, charter.ca, facebook.com, terra.com.br, libero.it, web.de, free.fr, orange.fr, wanadoo.fr, rediffmail.com, comcast.net, yandex.ru, uol.com.br, bol.com.br, sfr.fr, verizon.net

Now what if some dickhead somewhere wants to use his own domain to be able to reroute any spam from some forum dickheads to /dev/null, hmm? YOU FUCKING WANKERS, LET ME FUCKING USE MY OWN DOMAIN ALREADY YOU TWATS!!!

Grunt, gulp, bower, webpack, rollup, yarn, npm, requirejs, commonjs, browserify, brunch, rollup, parcel, fusebox, babel,
wrappers for bundlers, frameworks on frameworks, then for css, theres scss, sass, less, stylus, compass, and for templates, handlebars, mustache, nunjucks, underscore, ejs, pug, jade, and about five billion other word-salad tools, all with their own CLIs, each in some way building on npm, but with their own non-congruent little syntax, like no one realized they were reinventing the same problems introduced by domain specific languages, most happy to announce "configuration takes a little time, but it's worth it!"

No, it's not. Just stop people. Just stop. You're not doing anyone any favors by creating another lib, all you're doing is tooting your own horn and self promoting. Use what exists and stop creating more shit for new people to learn, to add to the giant clusterfuck that is the 2019 hotmess known as "web development."

You're not special. You're not important. You're lib or tool will be famous for 15 minutes and no one cares what you've made.

If you want to contribute to web development, do us all a favor and contribute to global sanity by kindly deleting your contribution and any plans to contribute new solutions to problems that have already been solved.

The tech stack at my current gig is the worst shit I’ve ever dealt with...

I can’t fucking stand programs, especially browser based programs, to open new windows. New tab, okay sure, ideally I just want the current tab I’m on to update when I click on a link.

Ticketing system: Autotask
Fucking opens up with a crappy piss poor sorting method and no proper filtering for ticket views. Nope you have to go create a fucking dashboard to parse/filter the shit you want to see. So I either have to go create a metric-arse tonne of custom ticket views and switch between them or just use the default turdburger view. Add to that that when I click on a ticket, it opens another fucking window with the ticket information. If I want to do time entry, it just feels some primal need to open another fucking window!!! Then even if I mark the ticket complete it just minimizes the goddamn second ticket window. So my jankbox-supreme PC that my company provided gets to strugglepuff along trying to keep 10 million chrome windows open. Yeah, sure 6GB of ram is great for IT work, especially when using hot steaming piles of trashjuice software!

I have to manually close these windows regularly throughout the day or the system just shits the bed and halts.

RMM tool: Continuum
This fucker takes the goddamn soggy waffle award for being utterly fucking useless. Same problem with the windows as autotask except this special snowflake likes to open a login prompt as a full-fuck-mothering-new window when we need to open a LMI rescue session!!! I need to enter a username and a password. That’s it! I don’t need a full screen window to enter credentials! FUCK!!! Btw the LMI tools only work like 70% of the time and drag ass compared to literally every other remote support tool I’ve ever used. I’ve found that it’s sometimes just faster to walk someone through enabling RDP on their system then remoting in from another system where LMI didn’t decide to be fully suicidal and just kill itself.

Our fucking chief asshat and sergeant fucknuts mcdoogal can’t fucking setup anything so the antivirus software is pushed to all client systems but everything is just set to the default site settings. Absolutely zero care or thought or effort was put forth and these gorilla spunk drinking, rimjob jockey motherfuckers sell this as a managed AntiVirus.

We use a shitty password manager than no one besides I use because there is a fully unencrypted oneNote notebook that everyone uses because fuck security right? “Sometimes it’s just faster to have the passwords at the ready without having to log into the password manager.” Chief Asshat in my first week on the job.

Not to mention that windows server is unlicensed in almost every client environment, the domain admin password is same across multiple client sites, is the same password to log into firewalls, and office 365 environments!!!

I’ve brought up tons of ways to fix these problems, but they have their heads so far up their own asses getting high on undeserved smugness since “they have been in business for almost ten years”. Like, Whoop Dee MotherFucking Doo! You have only been lucky to skate by with this dumpster fire you call a software stack, you could probably fill 10 olympic sized swimming pools to the brim with the logarrhea that flows from your gullets not only to us but also to your customers, and you won’t implement anything that is good for you, your company, or your poor clients because you take ten minutes to try and understand something new.

I’m fucking livid because I’m stuck in a position where I can’t just quit and work on my business full time. I’m married and have a 6m old baby. Between both my wife and I working we barely make ends meet and there’s absolutely zero reason that I couldn’t be providing better service to customers without having to lie through my teeth to them and I could easily support my family and be about 264826290461% happier!

But because we make so little, I can’t scrap together enough money to get Terranimbus (my startup) bootstrapped. We have zero expendable/savable income each month and it’s killing my soul. It’s so fucking frustrating knowing that a little time and some capital is all that stands between a better life for my family and I and being able to provide a better overall service out there over these kinds of shady as fuck knob gobblers.

I absolutely love the email protocols.

IMAP:
x1 LOGIN user@domain password
x2 LIST "" "*"
x3 SELECT Inbox
x4 LOGOUT

Because a state machine is clearly too hard to implement in server software, clients must instead do the state machine thing and therefore it must be in the IMAP protocol.

SMTP:
I should be careful with this one since there's already more than enough spam on the interwebs, and it's a good thing that the "developers" of these email bombers don't know jack shit about the protocol. But suffice it to say that much like on a real letter, you have an envelope and a letter inside. You know these envelopes with a transparent window so you can print the address information on the letter? Or the "regular" envelopes where you write it on the envelope itself?
Yeah not with SMTP. Both your envelope and your letter have them, and they can be different. That's why you can have an email in your inbox that seemingly came from yourself. The mail server only checks for the envelope headers, and as long as everything checks out domain-wise and such, it will be accepted. Then the mail client checks the headers in the letter itself, the data field as far as the mail server is concerned (and it doesn't look at it). Can be something else, can be nothing at all. Emails can even be sent in the future or the past.

Postfix' main.cf:
You have this property "mynetworks" in /etc/postfix/main.cf where you'd imagine you put your own networks in, right? I dunno, to let Postfix discover what your networks are.. like it says on the tin? Haha, nope. This is a property that defines which networks are allowed no authentication at all to the mail server, and that is exactly what makes an open relay an open relay. If any one of the addresses in your networks (such as a gateway, every network has one) is also where your SMTP traffic flows into the mail server from, congrats the whole internet can now send through your mail server without authentication. And all because it was part of "your networks".

Yeah when it comes to naming things, the protocol designers sure have room for improvement... And fuck email.

Oh, bonus one - STARTTLS:
So SMTP has this thing called STARTTLS where you can.. unlike mynetworks, actually starts a TLS connection like it says on the tin. The problem is that almost every mail server uses self-signed certificates so they're basically meaningless. You don't have a chain of trust. Also not everyone supports it *cough* government *cough*, so if you want to send email to those servers, your TLS policy must be opportunistic, not enforced. And as an icing on the cake, if anything is wrong with the TLS connection (such as an MITM attack), the protocol will actively downgrade to plain. I dunno.. isn't that exactly what the MITM attacker wants? Yeah, great design right there. Are the designers of the email protocols fucking retarded?

When you use your own domain on your pc local apache server instead of "localhost"

Hackerman😎

Ive just bought a domain name for my nephew of now 36 hours old. Ive a really common lastname and it took me 8 years to get a domainname with my name in it.

By the time he is ten (or how old they will be when they get their first email address) he will have his own personalized email and when they learn the basics of programming he can use his own domain for his site.

Visual Studio Code.

I've tried you because of hearing a lot of good stuff about you. I'd switch back to netbeans regardless because I love netbeans and I always try to use as little as possible from companies like Google/microsoft/facebook (and others) but what you're pulling right now is un-fucking-believable.

I've disabled ANY AND EVERY form of calling home I could (find) in your settings. Crash reports, automatic updates, metrics, you name it. I've searched all the fucking settings but I can't find any other home calling thing that's enabled and yet:

I'm monitoring every goddamn DNS request (through my own DNS server) and I'm still seeing calls to a Microsoft owned domain. Closed all my browser sessions and you as well and it stopped. Started browser again but not you, nothing.
Started you again: BAM. Calls to that damned Microsoft owned domain again.

If you can't honour my decision for disabling any form of home calls, go fuck yourself.

Netbeans, I'm back, I've missed you 💜

Dear namecheap, I honestly love your service and prices but how in the hell can I see an ip address in the dig of a new domain (url shortener) which I never put or saw there and which doesn't even belong to any server I own/operate?!

DNS cache after the last chance of three days ago, nah, don't think so.

Fucking hell.

We have 1 guy managing everything. He develop our CMS, customers email client, manage our network, servers, domains (our own domain servers), billing system, SSL certificates... In short: everything (as well as bugs). The entire company relies on 1 guy, pretty much.
Brings the phrase "all for one, and one for all" to a whole new meaning.

On a scale of 1-10:

If you own the domain "Google.com" for 15 minutes, all of the traffic will go to your server/hoster.

How bad will you be sued by your service provider?

TL;DR: A freehoster got a redesign!

I remember when I made "my own website" in wix and sitey. It sucked working with them for me. I hated having an ad for them fixed at the bottom of my screen. I hated WYSIWYG-editors and wanted to paste my own code, a pro feature.

Sometime later I found bplaced, a free german based (also English language) hoster. And I use it for all my "official" test project. My first ever published self-coded website is still on there.. When I want to show someone what I've been working on (locally) without putting it on my domain, I use their services. They always looked oldish like from 2000 but their redesign puts them at least in 2015 :D

Give 'em a shot if you want.
Sadly, I am not paid to say this. I just really like them.

I just tried to sign up to Instagram. I made a big mistake.

First up with Facebook related stuff is data. Data, data and more data. Initially when you sign up (with a new account, not login with Facebook) you're asked your real name, email address and phone number. And finally the username you'd like to have on the service. I gave them a phone number that I actually own, that is in my iPhone, my daily driver right now (and yes I have 3 Androids which all run custom ROMs, hold your keyboards). The email address is a usual for me, instagram at my domain. I am a postmaster after all, and my mail server is a catch-all one. For a setup like that, this is perfectly reasonable. And here it's no different, devrant at my domain. On Facebook even, I use fb at my domain. I'm sure you're starting to see a pattern here. And on Facebook the username, real name and email domain are actually the same.

So I signed up, with - as far as I'm aware - perfectly valid data. I submitted the data and was told that someone at Instagram will review the data within 24 hours. That's already pretty dystopian to me. It is now how you block bots. It is not how Facebook does it either, at least since last time I checked. But whatever. You'd imagine that regardless of the result, they'd let you know. Cool, you're in, or sorry, you're rejected and here's why. Nope.

Fast-forward to today when I recalled that I wanted to sign up to Instagram to see my girlfriend's pictures. So I opened Chromium again that I already use only for the rancid Facebook shit.. and it was rejected. Apparently the mere act of signing up is a Terms of Service violation. I have read them. I do not know which section I have violated with the heinous act of signing up. But I do have a hunch.

Many times now have I been told by ignorant organizations that I would be "stealing" their intellectual property, or business assets or whatever, just because I sent them an email from their name on my domain. It is fucking retarded. That is MY domain, not yours. Learn how email works before you go educate a postmaster. Always funny to tell them how that works. But I think that in this case, that is what happened.

So I appealed it, using a random link to something on Instagram's help section from a third-party blog. You know it's good when the third-party random blog is better. But I found the form and filled it in. Same shit all over again for info, prefilling be damned I guess. Minor convenience though, whatever.

I get sent an email in German, because apparently browsing through a VPS in Germany acting as a VPN means you're German. Whatever... After translating it, I found that it asks me to upload a picture of myself, holding a paper in my hands, on which I would have a confirmation code, my username, and my email address.. all hand-written. It must not be too dark, it must be clear, it must be in JPEG.. look, I just wanted to fucking sign up.

I sent them an email back asking them to fix all of this. While I was writing it and this rant, I thought to myself that they can shove that piece of paper up their ass. In fact I would gladly do it for them.

Long story short, do not use Instagram. And one final thing I have gripes with every time. You are not being told all the data you'll have to present from the get-go. You're not being told the process. Initially I thought it'd just be email, phone, username, and real name. Once signed up (instantly, not within 24 hours!) I would start setting up my account and adding a profile picture. The right way to ask for a picture of me! And just do it at my own pace, as I please.

And for God's sake, tackle abuse when it actually happens. You'll find out who's a bot and who isn't by their usage patterns soon enough. Do not do any of this at sign-up. Or hell, use a CAPTCHA or whatever, I don't fucking care. There's so many millions of ways to skin this cat.

Facebook and especially Instagram. Both of them are fucking retarded.

Client asks why the site is down.
Very quick check shows they just haven't paid for their own domain.

4 hours! four fucking hours! f.o.u.r. h.o.u.r.s.!
It's the amount in the time domain this bug has cost me to fix. The cost in the sanity domain is immeasurable...
I swear, the god damn ass births of devs who coded this abomination should be slowly mutilated and then raped by their own severed limbs.
It took me 4 hours to figure out that their 12 year old binary CLI tool they used to generate PDFs from PHP could not handle neither HTML5 nor some linebreaks at specific places. Some part of it is due to them using REGEX to find and replace HTML tag.
Yes, I am indeed very pissed. And I need a 🥃 or 3

What we learned:
- Don't use REGEX to "parse" HTML
- Don't call random compiled CLI tools from PHP if there are PHP packages to do the same shit

This one ticked me off because of the sheer rudeness of a demand they made of me. I had been building a personal freelance brand around myself and my skills for many years. I had in the prior 3 years developed it from a freelance to a lean agency model. That was running in parallel with full time work and the FT employer was happy to allow it. Eventually that employer downsized me and almost everyone else on staff. But they liked me and gave me mini-projects to do on a contract basis. I began interviewing for FT work with other companies.

One agency I applied at gave me a phone screen interview. The main hiring person was also an investor in the agency. He noted my lean agency and said that a second interview would be contingent on my dropping my clients that I was working for on my own time, disposing completely of my personal brand, and even giving up my domain name.

I told him I’d think about it. But the more I thought about it the more angry I got about such a stupid request. Why does this new company I don’t even know I will like working for get to tell me to abandon my “Plan B” option for if I quit or they decide to lay me off?

They never called back but I wished they had so I could have had the satisfaction of telling them no.

My boss says to me this morning.

Boss: Can you add these links as a redirect 301 to this link.

Me: Ok, I'm not the developer for that domain but I guess I can do it. Let's try to update apache htaccess for that domain through my account.

(After a swift ssh connection to the server to check out that domain.)

Me: Er...boss, we don't own that domain. We cannot redirect it's links to our other domains.

Boss: Why? What do you mean?!

Me: well if we don't own that domain, than it is not on our server and we cannot update it's server config files. So we cannot redirect that domain to our other domains.

Boss: Are you sure?

It went on like this for a while. I had a laugh break after.

When a client calls you after hours saying their website is down, you check it and it's working... Then the client says "oh, I was spelling our own domain wrong"!!!!!

Routing and analysis of http behaviour with wireshark makes so much joy and fun.

Wanna get even more fun?

Add DNS. Add loadbalancers.

Loadbalancers?

Hell Yeah!

VLAN X has it's own router and domain overrides to give a service a seperate IP pointing to a loadbalancer inside the VLAN X.

loadbalancer in VLAN X then has additional routes to point to loadbalancer in VLAN Y.

Which might then point to the service in VLAN Y or... point to another loadbalancer in VLAN Z.

I'm always amazed what a human mind can create....

If you think that's insane, then add HTTP keepalive and persistent connections.

I just love people who have no idea what they're doing but are able to create a clusterfuck of brainfuck....

So ok here it is, as asked in the comments.

Setting: customer (huge electronics chain) wants a huge migration from custom software to SAP erp, hybris commere for b2b and ... azure cloud
Timeframe: ~10 months….

My colleague and me had the glorious task to make the evaluation result of the B2B approval process (like you can only buy up till € 1000, then someone has to approve) available in the cart view, not just the end of the checkout. Well I though, easy, we have the results, just put them in the cart … hmm :-\
The whole thing is that the the storefront - called accelerator (although it should rather be called decelerator) is a 10-year old (looking) buggy interface, that promises to the customers, that it solves all their problems and just needs some minor customization. Fact is, it’s an abomination, which makes us spend 2 months in every project to „ripp it apart“ and fix/repair/rebuild major functionality (which changes every 6 months because of „updates“.

After a week of reading the scarce (aka non-existing) docs and decompiling and debugging hybris code, we found out (besides dozends of bugs) that this is not going to be easy. The domain model is fucked up - both CartModel and OrderModel extend AbstractOrderModel. Though we only need functionality that is in the AbstractOrderModel, the hybris guys decided (for an unknown reason) to use OrderModel in every single fucking method (about 30 nested calls ….). So what shall we do, we don’t have an order yet, only a cart. Fuck lets fake an order, push it through use the results and dismiss the order … good idea!? BAD IDEA (don’t ask …). So after a week or two we changed our strategy: create duplicate interface for nearly all (spring) services with changed method signatures that override the hybris beans and allow to use CartModels (which is possible, because within the super methods, they actually „cast" it to AbstractOrderModel *facepalm*).
After about 2 months (2 people full time) we have a working „prototype“. It works with the default-sample-accelerator data. Unfortunately the customer wanted to have it’s own dateset in the system (what a shock). Well you guess it … everything collapsed. The way the customer wanted to "have it working“ was just incompatible with the way hybris wants it (yeah yeah SAP, hybris is sooo customizable …). Well we basically had to rewrite everything again.
Just in case your wondering … the requirements were clear in the beginning (stick to the standard! [configuration/functinonality]). Well, then the customer found out that this is shit … and well …

So some months later, next big thing. I was appointed technical sublead (is that a word)/sub pm for the topics‚delivery service‘ (cart, delivery time calculation, u name it) and customerregistration - a reward for my great work with the b2b approval process???

Customer's office: 20+ people, mostly SAP related, a few c# guys, and drumrole .... the main (external) overall superhero ‚im the greates and ur shit‘ architect.
Aberage age 45+, me - the ‚hybris guy’ (he really just called me that all the time), age 32.
He powerpoints his „ tables" and other weird out of this world stuff on the wall, talks and talks. Everyone is in awe (or fear?). Everything he says is just bullshit and I see it in the eyes of the others. Finally the hybris guy interrups him, as he explains the overall architecture (which is just wrong) and points out how it should be (according to my docs which very more up to date. From now on he didn't just "not like" me anymore. (good first day)
I remember the looks of the other guys - they were releaved that someone pointed that out - saved the weeks of useless work ...

Instead of talking the customer's tongue he just spoke gibberish SAP … arg (common in SAP land as I had to learn the hard way).
Outcome of about (useless) 5 meetings later: we are going to blow out data from informatica to sap to azure to datahub to hybris ... hmpf needless to say its fucking super slow.
But who cares, I‘ll get my own rest endpoint that‘ll do all I need.

First try: error 500, 2. try: 20 seconds later, error message in html, content type json, a few days later the c# guy manages to deliver a kinda working still slow service, only the results are wrong, customer blames the hybris team, hmm we r just using their fucking results ...
The sap guys (customer service) just don't seem to be able to activate/configure the OOTB odata service, so I was told)
Several email rounds, meetings later, about 2 months, still no working hybris integration (all my emails with detailed checklists for every participent and deadlines were unanswered/ignored or answered with unrelated stuff). Customer pissed at us (god knows why, I tried, I really did!). So I decide to fly up there to handle it all by myself

Scared the shit out of me when I heard one of my volunteer side projects website was down. Because I just finished fixing my own hacked website today.

Turn out the server and website is fine but the domain was expired yesterday 😣

Don't fucking scare at me like that.

Tough week indeed.

I once agreed to maintain and develop an application used in a different section of the school to keep inventory and make sure everything is where it is supposed to be.

At first there was enthusiasm, together with 2 of my classmates we agreed and git clone-d the .NET application that now graduated students built and maintained for the past few years. What could go wrong right?!

It became clear that the original students that worked on it followed an older curriculum, meaning they still got taught .NET instead of the core variant that we get now, not only that but it also seemed that they either did not fully grasp the Clean/Onion architecture or didn't get it in class since there were infrastructure components in the 'Domain' project of the solution. Think of 2 DBContexts in the domain model, yep.

One of us bailed in the first week, the other one and I felt bad for the people using the app so we went on and tried to work on the first bugs that were described in a document. One of these bugs was 'whenever I filter on something in the list, everybody gets to see that filter on their screen instead of only me'. Woah that's weird! Let's see how they put that together!

Oh god, they are using a _static_ variable to store filters, no wonder that it doesn't work properly. Ever heard of sessions?!

Second bug: Sometimes people can't create an account when we sign them up from the admin panel. Alright that is weird, let's figure that one out! Wait a second it seems to work in development? What's this about.

Oh wait I can't create an account on production either? Oh that's weird, wait a second... Why do I have to put my e-mail in a form that was sent to me through e-mail? Why is my address not filled in already? OOH, if someone types in the wrong e-mail address (which is easy since our school has 4 variants of the same f*cking e-mail address) it won't work since it can't recognize the user! Brilliant! Remove e-mail input box and make a token/queryparam determine the user account.

Ah that seems good, it's a mess but it seems a tiny bit better now, great! We're making progress and some sweet buck.

Next bug, trillions of 50x errors on random pages, that's a weird one.

Hm everything works in development, that's odd. Is the production data corrupted?

DID I MENTION that in order to get into the system in development we have to load in a f*cking production database backup ON OUR DEVELOPMENT MACHINE and then ask one of the users' password to login to it and create an account for ourselves? Seeding? What's that, right?!

Anyway, back to bug fixing. I e-mail the the people responsible for the app and get a production admin account, oh I also can't ssh into it because of policies so I have to do everything over e-mail and figure out what's causing the errors. I somehow also wonder if they have any kind of virtualization in place, giving students a VM to do that stuff in doesn't seem so weird does it ? Even with school policies?

Oh btw, 'deploying' means sending a .zip file to a guy in another building and telling him how to configure it, apparently this resulted in a missing folder that the application needed to work and couldn't make on its own. This after 2 weeks of e-mailing back and forth.

After 3 months i quit out of despair and sadness, and due to the fact that I just couldn't do it anymore. I separated everything into logical subprojects and let the last guy handle it, he was OK with that and understood why I left.

Luckily, around that time I already had an actual job at a software development company :)

Last Monday I bought an iPhone as a little music player, and just to see how iOS works or doesn't work.. which arguments against Apple are valid, which aren't etc. And at a price point of €60 for a secondhand SE I figured, why not. And needless to say I've jailbroken it shortly after.

Initially setting up the iPhone when coming from fairly unrestricted Android ended up being quite a chore. I just wanted to use this thing as a music player, so how would you do it..?

Well you first have to set up the phone, iCloud account and whatnot, yada yada... Asks for an email address and flat out rejects your email address if it's got "apple" in it, catch-all email servers be damned I guess. So I chose ishit at my domain instead, much better. Address information for billing.. just bullshit that, give it some nulls. Phone number.. well I guess I could just give it a secondary SIM card's number.

So now the phone has been set up, more or less. To get music on it was quite a maze solving experience in its own right. There's some stuff about it on the Debian and Arch Wikis but it's fairly outdated. From the iPhone itself you can install VLC and use its app directory, which I'll get back to later. Then from e.g. Safari, download any music file.. which it downloads to iCloud.. Think Different I guess. Go to your iCloud and pull it into the iPhone for real this time. Now you can share the file to your VLC app, at which point it initializes a database for that particular app.

The databases / app storage can be considered equivalent to the /data directories for applications in Android, minus /sdcard. There is little to no shared storage between apps, most stuff works through sharing from one app to another.

Now you can connect the iPhone to your computer and see a mount point for your pictures, and one for your documents. In that documents mount point, there are directories for each app, which you can just drag files into. For some reason the AFC protocol just hangs up when you try to delete files from your computer however... Think Different?

Anyway, the music has been put on it. Such features, what a nugget! It's less bad than I thought, but still pretty fucked up.

At that point I was fairly dejected and that didn't get better with an update from iOS 14.1 to iOS 14.3. Turns out that Apple in its nannying galore now turns down the volume to 50% every half an hour or so, "for hearing safety" and "EU regulations" that don't exist. Saying that I was fuming and wanting to smack this piece of shit into the wall would be an understatement. And even among the iSheep, I found very few people that thought this is fine. Though despite all that, there were still some. I have no idea what it would take to make those people finally reconsider.. maybe Tim Cook himself shoving an iPhone up their ass, or maybe they'd be honored that Tim Cook noticed them even then... But I digress.

And then, then it really started to take off because I finally ended up jailbreaking the thing. Many people think that it's only third-party apps, but that is far from true. It is equivalent to rooting, and you do get access to a Unix root account by doing it. The way you do it is usually a bootkit, which in a desktop's ring model would be a negative ring. The access level is extremely high.

So you can root it, great. What use is that in a locked down system where there's nothing available..? Aha, that's where the next thing comes in, 2 actually. Cydia has an OpenSSH server in it, and it just binds to port 22 and supports all of OpenSSH's known goodness. All of it, I'm using ed25519 keys and a CA to log into my phone! Fuck yea boi, what a nugget! This is better than Android even! And it doesn't end there.. there's a second thing it has up its sleeve. This thing has an apt package manager in it, which is easily equivalent to what Termux offers, at the system level! You can install not just common CLI applications, but even graphical apps from Cydia over the network!

Without a jailbreak, I would say that iOS is pretty fucking terrible and if you care about modding, you shouldn't use it. But jailbroken, fufu.. this thing trades many blows with Android in the modding scene. I've said it before, but what a nugget!

That lovely moment when a client calls out of the blue at 4:30PM (we close at 5), 3 weeks before scheduled launch and says, "My website goes down tomorrow so where are we at with the new site?" So...I scrambled all day today to get the site done and it turns out they don't even own their domain or control their DNS. (facepalm) They put in a 30 day cancellation with their current provider and didn't bother to mention we had barely 2 weeks to develop a full custom site.

There is just one thing that's been haunting me.

One.

Thing.

That I have yet to succeed at doing.

One thing.

That I have yet to understand it's mazehole.

ONE THING.

That I failed me as a developer.

How in the FUCK do I create my own mail server with my own domain name? HOW? JUST FUCKING HOWWWWW

WHAT THE FUCK IS THE SECRET!

WHAT AM I MISSING!!!!!

(no don't tell me about any of those office 365/GoDaddy/Windows bullshit, just guide me with something normal)

When I was in 11th class, my school got a new setup for the school PCs. Instead of just resetting them every time they are shut down (to a state in which it contained a virus, great) and having shared files on a network drive (where everyone could delete anything), they used iServ. Apparently many schools started using that around that time, I heard many bad things about it, not only from my school.
Since school is sh*t and I had nothing better to do in computer class (they never taught us anything new anyway), I experimented with it. My main target was the storage limit. Logins on the school PCs were made with domain accounts, which also logged you in with the iServ account, then the user folder was synchronised with the iServ server. The storage limit there was given as 200MB or something of that order. To have some dummy files, I downloaded every program from portableapps.com, that was an easy way to get a lot of data without much manual effort. Then I copied that folder, which was located on the desktop, and pasted it onto the desktop. Then I took all of that and duplicated it again. And again and again and again... I watched the amount increate, 170MB, 180, 190, 200, I got a mail saying that my storage is full, 210, 220, 230, ... It just kept filling up with absolutely zero consequences.
At some point I started using the web interface to copy the files, which had even more interesting side effects: Apparently, while the server was copying huge amounts of files to itself, nobody in the entire iServ system could log in, neither on the web interface, nor on the PCs. But I didn't notice that at first, I thought just my account was busy and of course I didn't expect it to be this badly programmed that a single copy operation could lock the entire system. I was told later, but at that point the headmaster had already called in someone from the actual police, because they thought I had hacked into whatever. He basically said "don't do again pls" and left again. In the meantime, a teacher had told me to delete the files until a certain date, but he locked my account way earlier so that I couldn't even do it.
Btw, I now own a Minecraft account of which I can never change the security questions or reset the password, because the mail address doesn't exist anymore and I have no more contact to the person who gave it to me. I got that account as a price because I made the best program in a project week about Java, which greatly showed how much the computer classes helped the students learn programming: Of the ~20 students, only one other person actually had a program at the end of the challenge and it was something like hello world. I had translated a TI Basic program for approximating fractions from decimal numbers to Java.
The big irony about sending the police to me as the 1337_h4x0r: A classmate actually tried to hack into the server. He even managed to make it send a mail from someone else's account, as far as I know. And he found a way to put a file into any account, which he shortly considered to use to put a shutdown command into autostart. But of course, I must be the great hacker.

Client contacts our company that his site is down, we do some investigating and the only way we can access the site is on a mobile phone. From the office computers the site never loads and times out. Since we don't host the site and I've never logged into it before I don't have a lot of details so I suggest they contact whoever hosts their site. This is where things get weird.

Client tells me that the site is hosted on someone's home server. I tell him that this is quite strange in 2018 and rather unlikely and ask if he was ever given access to the site to log in or if he has access to his domain registration, GoDaddy.

He says he doesn't understand any of this and would rather I just contact his current developer and figure it out with him. We agree that he needs to get access to his site so we are going to migrate it once I get access to it.

I email his current developer letting him know the client has put me in contact with him to troubleshoot the issues with the site. I ask him some standard questions like: where is the site hosted? Can you access it from a computer? Do you have some security measures in place to block certain IP ranges? Can you give me from access to get the files? Will you send me a backup of the site for me to load up on my server?

*2days pass*

Other dev: Tell me the account number and I'll transfer the domain.

Me: I'll have to get back to you on that once I talk to the client and set up his GoDaddy account since we believe the business owner should own their domain, not their developers. In the meantime you didn't answer any of the questions I asked. Transferring the domain won't get the site on my server so I still need the files.

*3 days pass*

OD: You are trying the wrong domain. The correct domain is [redacted].com I'll have my daughter send you the files when she gets in town. We will transfer the domain to you, the client will forget to pay and the site will go down and it'll be your fault.

Me: I appreciate your advice, but the client will own their domain. I'm trying to get the site online and you have no answered any of my questions. It's been a week now and you have not transferred the domain, you have not provided a copy of the site, you have not told me where the site is hosted. The client and I are both getting impatient at this point when will we receive a backup of the site and the transfer of the domain?

OD: Go fuck yourself, tell the client they can sue me.

If the client is that terrible, wouldn't you want to hand them off to anyone willing to take them? I have never understood why developers and agencies try to hold clients hostage by keeping their domain or website and refusing access. From what I can tell this is a freelance developer without a real company so a legal battle likely isn't going to go well since the domain is worthless to him as the copyright to the name is owned by the client. This isn't the first time we've had to help clients through this sort of thing.

!rant

I studied BS Computer Science and one of our requirements is our thesis. All of the groups in our section proposed Web Based apps and got rejected because web based apps are too common. So we have no choice so all of us proposed mobile apps. Mobile Development is not in our curriculum so we have to teach ourselves during the development of our thesis.

All of the groups' dev collaborated and taught each other except one group, my group. Since I am a lazy motherfucker, I didn't taught myself how to develop a mobile app (android). So I made a web based app with responsive design, purchased my own domain, used android studio's webview and voila, a mobile app with a web based admin.

P.S. We got the best thesis award.

!rant

I've seen some rants about people complaining about websites using the 'www' subdomain, so I'd like to take this opportunity to try to explain my opinion about why sites might use it.

I use to feel the same way about not having the www subdomain. It felt like an outdated standard that serves no purpose. But I have changed my option...

Sometimes certain servers have other services running other than just the website, such as ssh, ftp, sql, etc., running on different ports. What if you want to use a web proxy and caching service similar to cloudflare or a cdn? We'll you can't, because they won't allow traffic to flow through to your other ports.

That's where the www subdomain comes in. Enable your caching and cdn on your www subdomain, and slap a 301 redirect from your primary domain on port 80 or 443 to the www subdomain. This still allows you to access your other services via the domain name while still gaining the benefits of using a cdn.

Now I know you could use an 'ftp' subdomain or the like, but to each their own in that regard.

you know what im tires of?

Finding a good domain name for a potential business, unregistered, and then using algorithms, the registrar itself snipes it and cybersquats it as "premium".

In otherwords, if you do find a good name, theres no point becauss it'll just be immediately labelled "premium" by an algorithm and lock you out with 5,000 dollar pay wall.

people in 2003 didnt have to deal with this shit. Registrars should be allowed to do this.

Five domain names now, out of a couple dozen I tried, the five good ones I came up with, all five, "premium".

It wasnt like they were even .coms or common words either. Hell one of them had a number in it.

Nope "we have determined spontaneously, through algorithm, you haves selected what may be a valuable domain name, thank you for the service of identifying it for us, we will now reserve it, even though no one else wants it, at a prohibitively high cost."

Like a homeless women finding a winning lottery ticket in a parking lot, and the rich fucking owner running out demanding that she give him it because it was lost in HIS public parking lot.

Like you motherfuckers dont already have enough? You know what a good domain is? Its a basis for credbility. Its the difference between whether people use your service or not. Its the foundation for excitement or interest.

And here we have this "algorithmically marked as premium" bullshit, fucking the poors out of any chance of even a good start.

"Haahahaha cocksuckers, you're not internet startups in the early two thousands! If you dont habe five grand go drop on a dpmain name that isnt even fucking owned, enjoy staying part of the fucking lowerclass!"

These fuckers. Cant believe this bullshit.

Just another day in motherfucking america, where you have to start rich to even get ahead. just one more way gen x, gen y, and gen z got fuckity fucked right in the ass.

fuck this country so much. fuck it all.

never even gonna have a chance to own a home or anything else.

nobody ever offered me a real fucking chance, not once in my god damned life. not even my fucking parents.

might as well drink myself into a coma.

Some guy bought a whole bunch of city specific domain names once and wanted me to code the websites for him and manage and support the sites for 5% equity in his business. I told him you realize I can buy my own domains for very little money and build the sites for 100% ownership. His idea was not so bad for that time but he just thought that I was a nerd and he could just use me and I would just be passive and go along being that I'm desperate to make friends.

ZNC shenanigans yesterday...

So, yesterday in the midst a massive heat wave I went ahead, booze in hand, to install myself an IRC bouncer called ZNC. All goes well, it gets its own little container, VPN connection, own user, yada yada yada.. a nice configuration system-wise.

But then comes ZNC. Installed it a few times actually, and failed a fair few times too. Apparently Chrome and Firefox block port 6697 for ZNC's web interface outright. Firefox allows you to override it manually, Chrome flat out refuses to do anything with it. Thank you for this amazing level of protection Google. I didn't notice a thing. Thank you so much for treating me like a goddamn user. You know Google, it felt a lot like those plastic nightmares in electronics, ultrasonic welding, gluing shit in (oh that reminds me of the Nexus 6P, but let's not go there).. Google, you are amazing. Best billion dollar company I've ever seen. Anyway.

So I installed ZNC, moved the client to bouncer connection to port 8080 eventually, and it somewhat worked. Though apparently ZNC in its infinite wisdom does both web interface and IRC itself on the same port. How they do it, no idea. But somehow they do.

And now comes the good part.. configuration of this complete and utter piece of shit, ZNC. So I added my Freenode username, password, yada yada yada.. turns out that ZNC in its infinite wisdom puts the password on the stdout. Reminded me a lot about my ISP sending me my password via postal mail. You know, it's one thing that your application knows the plaintext password, but it's something else entirely to openly share that you do. If anything it tells them that something is seriously wrong but fuck! You don't put passwords on the goddamn stdout!

But it doesn't end there. The default configuration it did for Freenode was a server password. Now, you can usually use 3 ways to authenticate, each with their advantages and disadvantages. These are server password, SASL and NickServ. SASL is widely regarded to be the best option and if it's supported by the IRC server, that's what everyone should use. Server password and NickServ are pretty much fallback.

So, plaintext password, default server password instead of SASL, what else.. oh, yeah. ZNC would be a server, right. Something that runs pretty much forever, 24/7. So you'd probably expect there to be a systemd unit for it... Except, nope, there isn't. The ZNC project recommends that you launch it from the crontab. Let that sink in for a moment.. the fucking crontab. For initializing services. My whole life as a sysadmin was a lie. Cron is now an init system.

Fortunately that's about all I recall to be wrong with this thing. But there's a few things that I really want to tell any greenhorn developers out there... Always look at best practices. Never take shortcuts. The right way is going to be the best way 99% of the time. That way you don't have to go back and fix it. Do your app modularly so that a fix can be done quickly and easily. Store passwords securely and if you can't, let the user know and offer alternatives. Don't put it on the stdout. Always assume that your users will go with default options when in doubt. I love tweaking but defaults should always be sane ones.

One more thing that's mostly a jab. The ZNC software is hosted on a .in domain, which would.. quite honestly.. explain a lot. Is India becoming the next Chinese manufacturers for software? Except that in India the internet access is not restricted despite their civilization perhaps not being fully ready for it yet. India, develop and develop properly. It will take a while but you'll get there. But please don't put atrocities like this into the world. Lastly, I know it's hard and I've been there with my own distribution project too. Accept feedback. It's rough, but it is valuable. Listen to the people that criticize your project.

I need to setup a Windows Server with an AD (and therefore an own domain) that can be reached from a Linux host for a test environment... Holy crap I totally forgot what a huge pain in the ass that crap is!

Pro Tip: If youre connected to a Server via VPN and RDP and you create a domain and subsequently get logged out from the server, you're fucked.

Soooo this Canadian mother fuck, own the domain I want, and isn’t using it, and doesn’t wanna sell it.. tells me he is using it for his business.. after a bit of research the domain went inactive after 2007. Hours after sending an email.. a wix site pops up. And then then tells me his buisness has been using it for 25 years.. really??! Per public record your buisness went defunct years ago.

Won’t sell me the domain... fine, I’ll buy all the domains with your name in it variants of your buisness name, and point them to gay porn.. FUCK YOU.. fire with fire BITCH!

Just earlier today I was looking at the hosting packages for a local hosting provider in my country (who shall remain unnamed as I want to work there and criticizing them might not be a very good idea right now) and they start at €250/month apparently. I thought - that's fucking ridiculous!

Like for real, I could literally buy a server for.. I dunno, €600 from the likes of bargainhardware.co.uk with some pretty darn good specs, put it in my home, get a business contract with my ISP for say around €100/month (and use it for my own purposes as well instead of my consumer contract, win-win!), and the server would pay for itself in no more than half a year, probably even less! And you're even getting the actual hardware with it!! And that is for the price of that hosting provider's starting option!!!

Now I know what you're thinking, sure there's more to servers than just the server itself, like redundant power, generators, SLA, multiple routers and switches, and all sorts of failover measures. And you are absolutely right. But does that really justify a rental cost of a server of €250/month?

Not only that, even their shared hosting.. shared hosting, the dreaded, shitty shared hosting! solution is starting at around €10/month. I'm paying about €5/month for 3 light-duty servers and a domain for Christ's sake!

So.. is this hosting provider just expensive as fuck or is this really the industry standard, particularly for the dedicated hosting part? And maybe that's why some services like.. say devRant which apparently gets around €600/month from 299 supporters at the time of writing, yet still has @dfox and @trogus pay from their own wallets for it (if at all possible, please let me know if that's still the case).. I wonder if those costs are all really justifiable?

It just strikes me as odd.. you can get *a lot* of server for a couple hundred bucks if you do it well.. no?

Fucking java library publishing. It's a nightmare. You have to fucking own a domain to publish a shit onto jcenter/bintray/whatever. You have to own the domain, that your lib's package name is. And you MUST verify it, otherwise you won't publish anything. Or you can shit allover your lib with package name like com.github.dumbcoder.mycoollib.

You must to create a ticket for some shitheads that are going to verify your shit for two weeks. They gonna ask you for source.jar, docs.jar and whatever shit.jar they need.

What THE fuck? Who was the asshole that decided name packages in reverse domain name? No FUCKING more ecosystem has such a bullshit. In .net you just make a lib, create a free nuget account, fill some basic info and boom! you have .net package published. Same for npm and rust for example.

Because the fucking package name should be just for structure not for a some dick to own it. Namespace is name-fucking-space.
FUCK JAVA.

404, Swag not found 🥲

I got sick and tired of waiting (4 years) for the debugging ducks to be re-stocked in the swag store, so i made my own.

Yes, I’m a front end developer and the domain redirects to an Etsy shop because I’m too fucking busy carrying the entire company that i work for on my back to develop my own custom one.

I’ll get around to it once PMO/Design/Marketing ops and Business get around to doing their jobs themselves.

tl;dr. web hosting && a panic attack && security threat

i wasn't sure whether my brother's domain was hosted or not (because it wasnt showing a website and he didnt know any better).
so i decided to host a react-app for it on netlify and pointed the domain's nameservers towards it (a separate security threat at bottom).
all went well and now when you punch in the domain it ..all-behold.. shows a website.

NOW, i remember my brother was using the domain's email which probably means it was hosted, right?. so im panicking because im not sure whether i just deleted all his emails or not because it's 1:15 am and he's asleep.
there is a rant in there somewhere but im in too much of a shock as to how much data i might have just accidentally deleted
.
.
another tl;dr: my domain registrar let me change someone else's settings..
the reason i didnt know his domain settings is that he didnt know his password.
i had bought a couple of domains and was gonna host them on netlify. while i was doing this a bright idea hit me.. "you should finally build a website for your brother for the domain he bought 7 years ago"..
this is where the fun begins.
i sent an email to my registrar to point all nameservers of all domains to my nameservers and just to try out i included my brother's domain into it (i dont own this domain it's not registered by my email), and the next day i get an email telling me they've successfully made all changes.
.
Now tomorrow is monday and i'm going to their office to tell them i found a security flaw and see how long i can stall before actually telling them what it was and how their live's could've been made hell.

For my local dev, set up my own root CA, added to trusted root CA in my machine, generated a cert for my local domain, signed by my own root CA, but the behavior is different across browsers:

Can someone help in making Google Chrome padlock green or grey (not red)?

!Rant

I own a domain:

updateyourmotherfuckingbrowser.com

I registered it last year in my sleep (you may find the rant related to it in my profile)

I need ideas as to what the features of this website should be. I want to make it unique and fun compared to the many browser update websites. (Of course the source will be on GitHub)

Any suggestions are welcome. :D

You know how they start calling you when you register a new domain and are not careful enough not to put your own phone number there?

I recently registered a domain that ends in ***shit.com

No calls :) It's like private registration LoL

I spent about an hour writing my own password generator at work... (And probably my item password safe) because my company doesn't allow using Keepass...

But require super complex passwords... That need to be exactly 8 characters...

And they expect us to somehow think of and remember them... And change it every 6 months....

As a developer, isn't it a given that if we can't have something, we'll just build one ourselves... But one that is lower quality since it is adhoc and with by a single dev... That doesn't have time or the experience of a domain expert...

They also blocked GitHub/Sourceforge so I can't just download from my own repo... And basically need to do it on company time... For better or worse.

My dad in 2002 to 7 year old me: "I got you your own domain, this is how you upload files to it. Good luck!"

But the first experience was him recording some of my first sentences. I love my dad <3

I get a free year of web hosting from this web developer course I'm taking on Udemy, so I started setting that up and bought my own domain name from GoDaddy with a promo code. But before I can transfer that domain name to the site I'll be using for hosting I have to wait 2 months.

I'm really happy 😁

I'm usually a library developer, but I bought a domain and started a website: forbylinux.com

I'm constructing my own Linux distribution and package manager from scratch.

Anyway, I've never used CSS, html and JavaScript before, how does it look? (It's kind of empty, still have to add content)

The dangers of PHP eval()

Yup. "Scary, you better make use of include instead" — I read all the time everywhere. I want to hear good case scenarios and feel safe with it.

I use the eval() method as a good resource to build custom website modules written in PHP which are stored and retrieved back from a database. I ENSURED IS SAFE AND CAN ONLY BE ALTERED THROUGH PRIVILEGED USERS. THERE. I SAID IT. You could as well develop a malicious module and share it to be used on the same application, but this application is just for my use at the moment so I don't wanna worry more or I'll become bald.

I had to take out my fear and confront it in front of you guys. If i had to count every single time somebody mentions on Stack Overflow or the comments over PHP documentation about the dangers of using eval I'd quit already.

Tell me if I'm wrong: in a safe environment and trustworthy piece of code is it OK to execute eval('?>'.$pieceOfCode); ... Right?

The reason I store code on the database is because I create/edit modules on the web editor itself.

I use my own coded layers to authenticate a privileged user: A single way to grant access to admin functions through a unique authentication tunnel granting so privileged user to access the editor or send API requests, custom htaccess rules to protect all filesystem behind the domain root path, a custom URI controller + SSL. All this should do the trick to safely use the damn eval(), is that right?!

Unless malicious code is found on the code stored prior to its evaluation.

But FFS, in such scenario, why not better fuck up the framework filesystem instead? Is one password closer than the database.

I will need therapy after this. I swear.

If 'eval is evil' (as it appears in the suggested tags for this post) how can we ensure that third party code is ever trustworthy without even looking at it? This happens already with chrome extensions, or even phone apps a long time after reaching to millions of devices.

Trying to get away from Gmail, anyone know any email providers that respects privacy? Would prefer IMAP/POP access and an option (can be paid) to use my own domain.

Currently considering paying for ProtonMail.

So, apparently, in 2015 our webhost (ixwebhosting) was purchased by Site5... This week, they finally migrated us to Site5 servers without warning, taking my email down in the process...

Today, after following the instructions in their own KB article (that tells you to click an icon that doesn't exist,) and chatting with support for over an hour, I was told that the new system they migrated us to doesn't support catch-all email accounts... At all... It's simply not possible to receive an email that was sent to your domain, unless the email address exists in the system somewhere... Despite the fact that it's a standard cPanel feature, that the old and new systems both use cPanel, that every other webhost I have ever seen that uses cPanel has this feature available, AND the fact that this is an important feature for a lot of websites, because they pipe all of their emails to a script for processing... It's simply not possible... They won't be providing that feature anymore. Nor for that matter is it possible to be migrated back...

They migrated accounts to a system that has a basic email function intentionally disabled, without warning... And we can't afford to open an account with someone else ATM... So I can't get any email until we get migrated... FML

I just came home from opening of the fiscal year of a small drivers' club and it was quite an amazing life experience.

I got about a 5-times "rise" for a first, small, post-due-time project.

All of the members were so relaxed in one of the most serious moments of an association. We ate, drank beer and had as much fun as possible without break the law and other rules.

The story goes like this:

I was an intern in a website development company as students tend to do. In middle of the internship my teacher asked me if I'd be willing to develop a website to the before mentioned organization.
School will help with the money by being as a middle-man. It wasn't going to pay much, about 120€ or so, it's nothing really for the job, but I said yes for the experience. We organized a meeting, school provided the space, and went straight to the business.

The development went quite well: I got the final design requirements late (there weren't too much), research a lot about CMS:s, ended up with a beta version CMS (a risk), learned it, developed some plugins (not published yet), kept copyrights for most of the work and so on.

I was done _relatively_ quickly with the project and was quite happy with it. Only things still pressing my mind was bugs of the beta CMS, support for the plugins and my somewhat inexperienced graphical design.

Then it hit me, the world. Hosting, domain transfer, certificates, registry agreements. Arrgh. Most of things were fine, I know them. I had luck that I had a technical contact for the club. It would have been a nightmare of it's own otherwise.

We had problems transferring the domain, again, as you do. The other hosting company was to blame. They were the n00bs here. I went trough the law, technical guidance, etc. I was having heavy messaging with my technical contact about it, who was a middle-man for me and the hosting firms.
After a long while loop of waiting, reconfiguring, researching and messaging, until he transfer was finally over.

We had a long while of radio silence after some bug fixes. Until the Christmas came and I was invited to a Christmas party in a cottage, third Christmas party that year. It was great fun. We ate, drank, talked, went to sauna and had a playful adult stiga or sledging competition, etc.
I updated the site yet again, a stable version of the CMS were published. Yess!

Another radio silence came and year changed. It was broken off by a call to the opening of the fiscal year, the same day. This is today, or yesterday by now. This was just after my current company's board game night. I was really busy that day. A whole afternoon of second-hand shopping around the city with a bike. I counted 35 kilometers. Yes I go by bike, don't own a car or have an driving license... Yet.

I wasn't horribly late, around 30 minutes. I started eating and drinking. Free food and beer! They was also late, they should've got trough the business before I got there, before eating. So I ate and listened. Learned more about having business or an association in general. Until my matter came to be heard. They thanked me of the co-operation and made public the change of my reward sum, I WAS GRANTED 500€ REWARD for the work. It's still not an amazing sum in a larger point of view, but I can imagine that it's big deal for a small non-profit organization, which was loosing money. Everybody applauded, every 25 members of the club. I was greatly pleased. I will have to update their site a bit still, but they are going to pay the reward ASAP.

Did I mention that the school works around the taxes, legally. Taxes for the reward, if it were assumed as a wage would be 15%, for me, at the worst case scenario, only for getting the money to my hands.

I was offered another gig at the event, but didn't promise anything yet. I left before sauna, so we didn't get to change contact details. He will find a way to reach me if he really wants so. I'm a busy free man.

I have just slept for a minimum of 5 hours. It is 7:47 PM atm.
Why?
We have had a damn stressful day today.
We have had a programming test, but it really was rather an exam.
Normally, you get 30 minutes for a test and 45 minutes for an exam.

In this "test" we have had to explain what 'extends' does and name a few advantages of why one should use it.
Check.
Read 3 separate texts and write the program code on paper. It was about 1 super class and 1 sub class with a test class in Java.
Check.
Task 3: Create the UML diagram of the code from above. *internally: From above? He probably means my code since there is no other code there. *Checks time*. I have about 3 minutes left. Fuck my life.*
Draws the boxes. Put the class names in each of them. A private attribute for the super class.
Teacher: Last minute!
Draw the arrow starting starting from the sub class to the super class.
Put my name on each written paper. And mentally done for the day. Couldn't finish the last task. Task 3.
During this "test", I heard the frustrations of my classmates. Seemed like everyone was pretty much pissed.
After a short discussion with the teacher who also happens to be the physics professor of a university nearby.
[If you are reading this, I hope that something bad happens to you]
The next course was about computer systems. Remember my recent rant about DNS, dhcp, ftp, web server and samba on ubuntu?
We have had the task to do the screenshots of the consoles where you proof that you have dhcp activated on win7 machine etc. Seemed ok to me. I would have been done in 10 minutes, if I would be doing this relaxed. Now the teacher tells us to change the domain names to <surnameOfEachStudent>.edu.
I was like: That's fine.
Create a new user for the samba server. Read and write directories. Change the config.
Me: That should be easy.
Create new DNS entries in the configs.
Change the IPv6 address area to 192.168.x.100-200/24 only for the dhcp server.
Change the web server's default page. Write your own text into it.
You will have 1 hour and 30 minutes of time for it.
Dumbo -ANGRY-CLIENT-: Aye. Let us first start screenshotting the default page. Oh, it says that we should access it with the domain name. I don't have that much time. Let us be creative and fake it, legally.
Changes the title element so that it looks like it has been accessed via domain name. Deletes the url and writes the domain name without pressing Enter. Screenshot. Done. Ok, let us move to the next target.
Dhcp: Change lease time. Change IP address area. Subnet mask. Router. DNS. Broadcast. Optional domain name. Save.
Switches to win7.
ipconfig /release
ipconfig /renew
Holy shit it does not work!
After changing the configs on ubuntu for a legit 30 minutes: Maybe I should change the ip of the ubuntu virtual machine itself. *me asking my old self: why did not you do that in the first place, ass hole?!*
Same previous commands on win7 console. Does not work. Hmmm...
Where could be the problem?
Check the IP of the ubuntu server once again. Fml. Ubuntu did not save when I clicked on the save button the first time I have changed it. Click on save button 10 times to make sure it really is saved now lol.
Same old procedure on win7.
Alright. Dhcp works. Screenshot.
Checks time. 40 minutes left.
DNS:It is your turn. Checks bind9 configs. sudo nano db.reverse.edu.
sudo nano db.<mysurname>.edu.
Alright. All set. It should work now.
Ping win7 from ubuntu and vice versa. Works. Ping domain name on windows 7 vm. Does not work.
Oh, I forgot to restart the bind9 server on ubuntu.
sudo service bind stop
" " " start
Check DNS server IP on win7. It looks fine.
It still doesn't work. Fuck it. I have only 20 minutes left. Samba. Let us do this!
10 minutes in. No result. I don't remember why. I already forgot why I have done for it. It was a very stressful day.
Let us try DNS again.
Oh shit. I forgot the resolver!
sudo nano /etc/resolv.conf
The previous edits are gone. Dumb me. It says it in the comments. Why did not I care about it. Fuck it.6 minutes left. Open a yt video real quick. Changes the config file. Saves it. Restarts DNS and dhcp. Closes the terminal and opens a new one. The changes do not affect them until you reopen them. That's why.
Change to win7.
Ping works. How about nsloopup.
Does not work.
Teacher: 2 minutes left!
Fuck it.
Saves the word document with the images in it. Export as pdf. Tries to access the directories of the school samba server. Does not work. It was not my fault tho. Our school server is in general very slow. It feels like they are not maintained and left alone like this in the dust from the 90s.
Friend gets the permission to put his document on a USB and give the USB to the teacher.
Sneaky me: Hey xyz, can you give me your USB real quick?
Him: sure.
Gets bombed with "do you want to format the USB?" pop-ups 10 times. Fml. Skips in a fast way.
Transfers the pdf. Plug it out. Give it back.
After this we have had to give a presentation in politics. I am done.

Just purchased a new domain and decided to once again design my website personally (Fuck wordpress man) but...

I absolutely hate working with HTML and JS at the same time (I actually love JS on its own), its like bloody Stockholm syndrome!

HTML may beat me senseless.. But i love it too much to stop!

All of them lol

I'm working on my own streaming service. Yes, I know plex a thing but I've had issues with it and I'm honestly doing this more for the fun of it.

When it's ready, I'll run two versions. One that'll use to access my stuff outside my network, Plex style and one that hosts old movies that are now in the public domain. I'll use that one for demonstrative purposes

"Finally." I think they saw it coming when I had my own domain name at age 10 🙈

I made this site which is nice. Its a nice project plus I made this for my own. So I decided to book a domain for it.

Turns out every possible name is booked and it started pissing me off. I mean how positive people are for startups.

They made this a real-state business. Saw land acquire it. You never know which one will be next facebook ha!

Then I hit git.com which was parked too. I thought god bless you and your money.

Ahhh... Waking up Monday morning.... To see a bunch of text messages... and new ones coming in every second... on my phone because another prod issue that was caused by a weekend release... That was supposed to fix a prod issue...

O well not my code, not my problem... It's nice I guess I'm getting less involved and sorta have my own domain of work.

FUCK YOU MyThemeShop FUCK YOU with your shitty licensing solution. I'm just trying to develop a fucking wordpress site on my own fucking local computer. Why TF will you not allow me to fucking sign into my own account. all it fucking does is infinitely load and it does not do fucking anything. you advertise 24/7 support but it takes your fucking bitch ass support team over 10 hours to reply to my dead fucking simple email. ALSO why the fuck can I not change what domain my theme goes to from the online panel. I'm trying to fucking use ngrok and now i cant because it is by domain and not by site. FUCK YOU AND YOUR LAME ASS FUCKING COMPANY GIVE ME MY FUCKING MONEY BACK RIGHT NOW YOU FUCKING BITCH.

Which privacy-respecting email provider can you recommend? It seems that the following three are the best options:

- tutanota (0€ / 12€)
- posteo (12€)
- mailbox.org (12€)

Do you have any experience with them?
What do you think about a hosted email service with your own domain?

is being a tech/dev person, a dead end job?

i have been thinking about this for sometime. as a dev, we can progress into senior dev, then tech lead, then staff engineer probably. but that is that. for a tech person :

1. their salary levels are defined. for eg, a junior may earn $10k pm , and the highest tech guy (say staff engineer) will earn $100k pm, but everyone's salary will be spread over this range only, in different slots.

2. some companies give stocks and bonuses , but most of the time that too is fixed to say 30% of the annual salary at max.

3. its a low risk job as a min of x number of tech folks are always required for their tech product to work properly. plus these folks are majorly with similar skills, so 2 react guys can be reduced to 1 but not because of incompetency .

4. even if people are incompetent, our domain is friendly and more like a community learning stuff. we share our knowledge in public domain and try to make things easy to learn for other folks inside and outside the office. this is probably a bad thing too

compare this to businesses , management and sales they have different:
1. thier career progression : saleman > sales team manager> branch manager > multiple branch manager(director) > multiple zones/state manager (president) > multiple countries/ company manager (cxo)

2. their salaries are comission based. they get a commission in the number of sales they get, later theybget comission in the sales of their team> their branch > their zone and finally in company's total revenue. this leads to very meagre number in salaries, but a very major and mostly consistent and handsome number in commission. that is why their salaries ranges from $2k pm to $2-$3millions per month.

3. in sales/management , their is a always a room for optimisation . if a guy is selling less products, than another guy, he could be fired and leads could be given to other/new person. managers can optimise the cost/expenses chain and help company generate wider profits. overall everyone is running for (a) to get an incentive and (b) to dodge their boss's axe.

4. this makes it a cut-throat and a network-first domain. people are arrogant and selfish, and have their own special tricks and tactics to ensure their value.

as a manager , you don't go around sharing the stories on how you got apple to partner with foxconn for every iphone manufacturing, you just enjoy the big fat bonus check and awe of inspiration that your junior interns make.

this sound a little bad , but on the contrary , this involves being a people person and a social animal. i remember one example from the office web series, where different sales people would have different strategies for getting a business: Michael would go wild, Stanley would connect with people of his race, and Phyllis would dress up like a client's wife.
in real life too, i have seen people using various social cues to get business. the guy from whom we bought our car, he was so friendly with my dad, i once thought that they are some long lost brothers.

this makes me wonder : are sales/mgmt people being better at being entrepreneur and human beings than we devs?

in terms of ethics, i don't think that people who are defining their life around comissions and cut throat races to be friendly or supportive beings. but at the same time, they would be connecting with people and their real problems, so they might become more helpful than their friends/relatives and other "good people" ?

Additionally, the skills of sales/mgmt translate directly to entrepreneurship, so every good salesman/manager is a billionaire in making. whereas we devs are just being peas in a pod , debating on next big npm package and trying to manage taxes on our already meagre , "consistent" income :/

mann i want some people skills like these guys

I need to stop trying to get involved with projects my boss seems to be keeping me away from...

Just stay in my own domain... Let everyone else screw up and say not my problem when they come asking me for help... Pretend I don't know...

Just let them build a pile of shit and don't tell them how they fucked up or how to fix...

Been thinking for a while now about getting into the startup scene and launch my own AI startup. I even got the domain name registered a month ago. Just can't seem to think of an idea that's not already been done.

I've been running Linux on my laptop natively for five months (since the 2nd week I got here). My boss and everyone on my team is okay with this. I've used Linux at the last three companies I've been at since 2012.

All I asked for was a Windows VM so I could use WebEx (which I did at my last job; used Win10 in Virtual box just to share my screen via x11vnc and reset my password occasionally). At my last job, they said Linux users were on their own, but they at least gave us a Windows ISO, license and ability to connect it to the domain. It was a west coast company, with 500 people in IT and several Linux users. The IT team at my current shop has known I've been running Linux for months.

Now the word has come down that I can't have Linux on my laptop and I need to put macos back on it (it's actually on there; just dual booting) for security or some shit. We have a massive deadline and project due in like two months and it would throw me off for several days if I needed to bring in and setup a personal laptop.

Fuck asking our worthless IT department for anything. I told the lead engineer I'd bring in my personal laptop before going back to Mac.

I have a ton.
This one is more about my own foolhardiness, but I also learned a ton and came out stronger & wiser.

when I started out as a dev (my very first job!) and had not learned to say no.
I was a novice way out of my playground.

Like lifting a full booking platform from legacy php to Laravel & launching it like yesterday because it’s high season.
Didn’t know the full domain, so I just built something quite different in a week and shafted the existing db into it.

Obviously wasn’t feature complete or anything, so it resulted in maintaining legacy while building the new one and because it was already live and on different domains, we didn’t fully know which ppl went to, I had to every day painstakingly back port data from both platforms.
What I initially thought would take a few weeks that was launched in 3 days, spanned across 2 years plus one year refining and cleaning up my mess.

I'm looking to buy a domain for my Plex server. Basically, what I want is to be able to watch my movies and TV shows, pictures and other stuff just by visiting my own website. Some of the things I have are not really mine, but I protect that by only allowing myself on the server itself, behind a PIN. Is there any way I can get in trouble after buying a domain?

My DNS provider does not have an API. They do have one... That is wrong... But on the description page, they say we have to open a ticket to be given access. No requirements. Nothing...

And then I am told "they do no longer offer dns for private hosting". I don't even host with them, I only have a domain with them.

But the magical word is no longer. That means they did offer it. In the description of the API it still says "and for everyone who feels comfortable interacting with a REST API." Oh, and they asked anyone who works on it to be so nice and share any SDK's they might have coded up. Would have shared my SDK. Would have... If no Rust SDK was available yet.

So, what the fuck...
The problem with that is that I need a wildcard certificate for my homelab with DNS validation. So, I need to dynamically set a txt record. Now I wonder... Was this done on purpose? They are selling wild card certificates. Letsencrypt are giving them out for free. I bet they deactivated it, so they can sell more...

Anyway. Solution time.
Short term: I make my own API with black jack and hookers... And selenium.
Long term: I need to fucking move my domains to a different provider.

But what the fuck... What the fuck?

Am I a selfish asshole for not allowing my email server to be the relay whore of the internet?

I just hate postfix log files filled with messages not related to my own domain.

When you create a website how do you get it with your choosen domain in the internet, do you need own server or something?

Was asked today what type of service ticket was needed for a domain level whitelist request.. gave them the answer, and they tell me, “oh I don’t think I want to do that, I’ll just create a generic ticket and go from there.”

Why ask if you are going to do it your own way anyways..

This happens to often in all parts of IT. Someone consults you, tells you your suggestion sounds difficult, then try’s to take a short cut..

Good luck to them.. so glad it’s Friday! ✌️

So the project I have been working on for the past 5 months was finally released yesterday with only very minor problems, this stemmed from both programming side, and users entering data incorrectly.

It has been a rather hectic 5 months. I've had to deal with crap like:
- clients not knowing their own products
- a project manager that didn't document anything (or at least everything into a Google Slides document)
- me writing both requirements AND specifications (I'm a dev, not a PM)
- developers not following said specifications (then having to rewrite all their work)

But the worst thing I think would be the lack of vision from everyone. Everyone sees it as a "project" that should be get it over and done with rather a product that has great potential.

So with the project winding down, and only very few things left to fix/implement. Over these 5 months I learned a lot about domain driven design, Laravel's core, AWS, and just how terrible people are at their jobs. I imagine if I worked with people who gave a damn, or who actually had skills, I probably wouldn't have had such a difficult project.

Right now I'm less stressed but now feel rather exhausted from it all. What kind of things do you to help with the exhaustion and/or slow down of pace?

Writing the grammar for my very own domain specific language. Yohooo

I understand that to get a promotion or a level boost you should try to do duties far above your level to show you can do more.

But what if your manager deems that the expectation? What if they don't believe your work is really above your level, and find your lack of domain knowledge compared to someone who's worked for 4 years a restriction from getting promoted? And also what if you can't get involved on projects to increase the domain knowledge you specifically lack (we have a service we don't develop for but own and get pages and resolve incidents for it, and it's an ancient one without good docs).

I just want advice on what should one do to be able to get a promotion at this stage

You work in a team, for a team to move forward successfully the team should work in sync. A team always has a goal and a plan to get to it. There are times when the team needs to take a different direction therefore the set path should always be available for change because our environments dictate it.

We all have different styles of working and different opinions on how things should work. Sometimes one is wrong and the other is right, and sometimes both are wrong, or actually sometimes both are right. However, at the end of it all, the next step is a decision for the team, not an individual, and moving forward means doing it together. #KickAssTeam

The end result can not come in at the beginning but only at the end of an implementation and sometimes if you’re lucky, during implementation you can smell the shit before it hits the fan. So as humans, we will make mistakes at times by using the wrong decisions and when this happens, a strong team will pull things in the right direction quickly and together. #KickAssTeam

Having a team of different opinions does not mean not being able to work together. It actually means a strong team! #kickAssTeam However the challenging part means it can be a challenge. This calls for having processes in place that will allow the team members to be heard and for new knowledge to take lead. This space requires discipline in listening and interrogating opinions without attachment to ideas and always knowing that YOUR opinion is a suggestion, not a solution. Until it is taken on by the team. #KickAssTeam We all love our own thinking. However, learning to re-learn or change opinions when faced with new information should become as easy to take in and use.

Now, I am no expert at this however through my years of development I find this strategy to work in a team of developers. It’s a few questions you ask yourself before every commit, When faced with working in a new team and possibly as a suggestion when trying to align other team members with the team.

The point of this article, the questions to self!

Am I following the formatting standard set?

Is what I have written in line with official documentation?

Is what I am committing a technical conversion of the business requirement?

Have I duplicated functionality the framework already offers?

I have introduced a methodology, library, heavily reusable component to the system, have you had a discussion with the team before implementing?

Are your methods and functions truly responsible for 1 thing?

Will someone you will never get to talk to or your future self have documentation of your work?
Either via point number 2, domain-specific, or business requirements documentation.

Are you future thinking too much in your solution?

Will future proof have a great chance of complicating the current use case?

Remember, you can never write perfect code that cures every future problem, but what you can do perfectly is serve the current business problem you are facing and after doing that for decades, you would have had a perfect line of development success.

II encountered this problem today with a user who couldn't access internet on their own home network or on their company. Everytime they try to access the site. Firewall and Anti-virus settings have blocked the access . Couldn't remote into their PC due to them not being on the domain to setup the VPN client. Reset Browser settings and disabled all Firewall and Anti-virus protocols. User still could not get to any sites..... What did I miss?

Say a JS 'widget' is embedded inside a domain abc.com
the widget's content is retrieved from xyz.com (API?), the API also returns a custom URL (think of it as a tracker) that the JS adds to the DOM of abc.com, inside an iFrame.
Essentially making this iFrame hosting xyz.com content/page while existing in abc.com domain
Now this iFrame's page makes its own requests to 3rd party sites, would that mean the 3rd party would see the request originating from xyz.com (iFrame page) or abc.com (the site hosting the iFrame)?

Looking for hosting recommendation.

I want to set up a very simple, damn near static Node.JS site that uses handlebars and some custom routing logic (static site wouldn't cut it).

No database connection, nothing serverside except handlebars and Node.js.

I want HTTPS and to use my own domain.

Can anything accomplish this for less than a $5/mo droplet from digitalocean?