A few years ago, i got a call which went like this:

Phone: *rings*

Me: *looks at call, recognises the number and picks up*

Me: "Hello! Haven't heard from you in a while! How are you doing?"

Him: "I have a problem with my PC, could you..."

Me: *hangs up*

Aside from not even getting a "hello, how are you?" at the start of the call, here's the plot-twist:

A - This was my goddamn Brother calling

B - It was my goddamn birthday

A while back, I had a lot of telemarketers were calling me daily, and I mean A LOT of them.

I got so frustrated with he calls that I decided I had to figure out a better way to handle those calls.

At the time, I was working with a PBX software called Asterisk, which is used to handle hardware interfaces and network applications for phone calls.

I needed a suitable side project and there was a version of Asterisk designed for Raspberry Pi, so I made a fun little answering service for myself.

Whenever a telemarketer called, I asked them to call back later, but to "my personal number", and gave them the number to my phone robot. (which had a pre-paid SIM card in a GSM dongle mounted)

When it received a call, it would play a pre-recorded phrase, wait for 1000 ms of silence and then play the next phrase.
After all 16 phrases had been played, it would start from phrase 7 again and repeat until the caller gave up.

I had this set up running for a while, and then added another robot for english speaking callers.

The calls stopped after a few months.
MISSION ACCOMPLISHED!

Ah, let me open my half baked personal Android project. Maybe I'll finish it this time.

*opens Android studio*

"You have shitloads of updates. Please download and restart now"

Ok, makes sense. I haven't opened it for a month.

*runs the app*

"CoolApp has crashed"

What the fuck? It was all working before. WTF happened.

*half an hour of online research*

The google play service version is somehow fucked up. So let's fix that.

*App opens*

Yay! Let me login right away!

*Login via google doesn't work*

I didn't even touched the bloody code.

*another half an hour of research. Nothing works*

Fuck this shit.

I realize I've ranted about this before, but...

Fuck APIs.

First the fact that external services can throw back 500 errors or timeouts when their maintainer did a drunk deploy (but you properly handled that using caching, workers, retry handlers, etc, right? RIGHT?)...

Then the fact that they all speak a variety of languages and dialects (Oh fuck why does that endpoint return a JSON object with int keys instead of a simple array... wait the params are separated with pipe characters? And the other endpoint uses SOAP? Fuck I need to write another wrapper class around the client...)

But the worst thing: It makes developers live in this happy imaginary universe where "malicious" is not a word.

"I found this cloud service which checks our code style" — hmm ok, they seem trustworthy. Hope they don't sell our code, but whatever.

"And look at this thing, it automatically makes database backups, just have to connect to it to DigitalOcean" — uhhh wait...

"And I just built this API client which sends these forms to be OCR processed" — Fuck... stop it... there are bank accounts numbers on those forms... Where's that API even located? What company?

* read their privacy policy *

"We can not guarantee the safety of your personal data, use at your own risk [...] we are located in Russia".

I fucking hate these millennial devs who literally fail to get their head out of the cloud.

Somehow they think it's easier to write all these NodeJS handlers and layers around some API, which probably just calls ImageMagick + Tesseract on the other side.

If I wasn't so fucking exhausted, I'd chop of their heads... but they're like hydra, you seal one privacy breach and another is waiting to be merged, these kids just keep spewing their crap into easy packages, they keep deploying shitty heroku apps... ugh.

😖

The list would be quite long.

I think Google is still making good tools, but just like Apple the integrations get all so tight and constricting... And with their data, if it goes wrong, it will go wrong hard.

I feel like YouTube is gliding into a state where cheap clickbait floats to the top and finding quality gets more difficult as well, their algorithm is more and more tuned to choose recent popular stuff over good older gems.

Microsoft is all pretend lovey dovey cuddling open source, but I'm still suspicious it's all a hug of death. I was never a big fan, but they're seriously dropping balls when it comes to windows-as-a-service, taking away so much personal control from end users even though they can't be trusted to babysit either.

Amazon is creeping it's way through the internet, charging $10/m to join the vip club infesting houses with spytubes to sell more plastic crap. Bezos' only right to keep wasting oxygen is BlueOrigin, but he'll probably fuck that up as well turning spaceflight into a decadent prime consumer orgy instead of something inspiring.

Facebook... Well, that's self explanatory. Fuck it, everything it pretends to be, and everyone who still has an account with a rusty spike.

Uber and AirBnB, with their fake ass mission of a green shared economy, but they trample over employees, customers and neighbors to build their ivory towers of progressive illusions.

Then there's a million declining brands.

I liked Skype for example when it was first released, Just like how I started out liking (and then hating) Discord, Slack, etc... They're all tools which seem fast and easy, but then they get us further away from solid protocols, get us entrenched into limiting, bloated and sometimes even dangerous tools. As my dad used to say: "Companies are like women, if you go for cheap, fast and easy you'll end up with a burning dick and half your savings gone"

You know what, fuck all tech companies.

OK, devrant is still pretty nice... For now.

Long rant ahead.. so feel free to refill your cup of coffee and have a seat 🙂

It's completely useless. At least in the school I went to, the teachers were worse than useless. It's a bit of an old story that I've told quite a few times already, but I had a dispute with said teachers at some point after which I wasn't able nor willing to fully do the classes anymore.

So, just to set the stage.. le me, die-hard Linux user, and reasonably initiated in networking and security already, to the point that I really only needed half an ear to follow along with the classes, while most of the time I was just working on my own servers to pass the time instead. I noticed that the Moodle website that the school was using to do a big chunk of the course material with, wasn't TLS-secured. So whenever the class begins and everyone logs in to the Moodle website..? Yeah.. it wouldn't be hard for anyone in that class to steal everyone else's credentials, including the teacher's (as they were using the same network).

So I brought it up a few times in the first year, teacher was like "yeah yeah we'll do it at some point". Shortly before summer break I took the security teacher aside after class and mentioned it another time - please please take the opportunity to do it during summer break.

Coming back in September.. nothing happened. Maybe I needed to bring in more evidence that this is a serious issue, so I asked the security teacher: can I make a proper PoC using my machines in my home network to steal the credentials of my own Moodle account and mail a screencast to you as a private disclosure? She said "yeah sure, that's fine".
Pro tip: make the people involved sign a written contract for this!!! It'll cover your ass when they decide to be dicks.. which spoiler alert, these teachers decided they wanted to be.

So I made the PoC, mailed it to them, yada yada yada... Soon after, next class, and I noticed that my VPN server was blocked. Now I used my personal VPN server at the time mostly to access a file server at home to securely fetch documents I needed in class, without having to carry an external hard drive with me all the time. However it was also used for gateway redirection (i.e. the main purpose of commercial VPN's, le new IP for "le onenumity"). I mean for example, if some douche in that class would've decided to ARP poison the network and steal credentials, my VPN connection would've prevented that.. it was a decent workaround. But now it's for some reason causing Moodle to throw some type of 403.

Asked the teacher for routers and switches I had a class from at the time.. why is my VPN server blocked? He replied with the statement that "yeah we blocked it because you can bypass the firewall with that and watch porn in class".
Alright, fair enough. I can indeed bypass the firewall with that. But watch porn.. in class? I mean I'm a bit of an exhibitionist too, but in a fucking class!? And why right after that PoC, while I've been using that VPN connection for over a year?

Not too long after that, I prematurely left that class out of sheer frustration (I remember browsing devRant with the intent to write about it while the teacher was watching 😂), and left while looking that teacher dead in the eyes.. and never have I been that cold to someone while calling them a fucking idiot.

Shortly after I've also received an email from them in which they stated that they wanted compensation for "the disruption of good service". They actually thought that I had hacked into their servers. Security teachers, ostensibly technical people, if I may add. Never seen anyone more incompetent than those 3 motherfuckers that plotted against me to save their own asses for making such a shitty infrastructure. Regarding that mail, I not so friendly replied to them that they could settle it in court if they wanted to.. but that I already knew who would win that case. Haven't heard of them since.

So yeah. That's why I regard those expensive shitty pieces of paper as such. The only thing they prove is that someone somewhere with some unknown degree of competence confirms that you know something. I think there's far too many unknowns in there.

Nowadays I'm putting my bets on a certification from the Linux Professional Institute - a renowned and well-regarded certification body in sysadmin. Last February at FOSDEM I did half of the LPIC-1 certification exam, next year I'll do the other half. With the amount of reputation the LPI has behind it, I believe that's a far better route to go with than some random school somewhere.

Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.

That time when...

He wrote a social media network with end-to-end encryption before it was cool.

He wrote custom 64kb encryption for his academic HDD.

He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.

He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).

He used only hashes of passwords as passwords (which isn't actually good).

He kept a drill on the desk ready to destroy his HDD at a moments notice.

He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.

He set up a new email account for each individual online service.

He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).

He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).

He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).

He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.

He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.

He bought a burner phone to visit the capital city.

He bought a burner phone whenever he left his hometown come to think of it.

He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).

He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.

(You might be noticing it's all he's. Maybe it is, maybe it isn't).

He ate a sim card.

He brought a balaclava to pentesting training (it was pretty meme).

He printed out his source code as a manual read-only method.

He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).

He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).

He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.

I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.

Screw the German Telekom!
I recently got a new home without internet so naturally, I went to an isp, Telekom. I went there a few weeks ago and was pleasantly surprised by the personal and the general competence. He told me they would send a technician to check my cable. So I thought great and went home. 1 A week passes, nobody shows up. I then went back to the shop and asked(someone different). He basically told me that such a service must be specifically asked for and a contract has to be signed. I then told
him his colleague told me no such thing, and that the technician should have checked up on my connection last week. He excuses him self and I signed the thingy.

Now you would imagine that this would have worked.
but.
NOOOoooo.

A week came and went and I got pissed. So I went back to the shop the guy from the first try was there. I Asked what happened, he types in his Computer. and. and. and. nothing. Apparently, the previous guy forgot, fucking forgot, to enter my request to their bloody System.
Now I asked if I can Just become a customer.
Guy: Sure, what speed is available in your region?
Me: I don't know...
Guy: Let me check
/Type/ /Type/
Guy: I can't see your speed the technician should have checked.
Me: Um, so, can he check?
Guy: Clearly you don't know what you want
Me:???
Guy:*leaves table*

(shorten but you get the Idea)

At this point, I really wanted to change isp so I went to Vodafone.

Lady comes up to me asks me a bunch of stuff and I explain I would want to change my phone, internet, tv, mobile and my friends mobile(I lost a bet once ^~^) to Vodafone.

What happened next I can't really explain, but she talked to her boss and "cheated" (how she calls it) on Vodafone and got me an AMAZING deal it is cheaper than Telekoms has waay more mobile data, faster Internet and I got a new phone :D.

And guess what she could fucking check, fucking check from here Computer my max internet speed.

I can only hope that the lady got a big fat commission for what she has done.

Yesterday evening I'd been to Lenovo service center to get a battery for my personal laptop.

Sales guy: Sir, I can see that your laptop had Windows 8 when you purchased it. If you want I can give you a one key recovery disc for that.

Me: Thanks a lot sir, but I run Ubuntu on my laptop. And if you are insisting, I can take that recovery media and install it on my uncle's laptop.

Sales guy: I'll get back to you on this.

*End of conversation* 😂

Recently started at a new job. Things were going fine, getting along with everyone, everything seems good and running smoothly, a few odd things here and there but for the most part fine.

Then I decided to take a look at our (public facing) website... What's this? Outdated plugins from 2013? Okay, that's an easy fix I guess? All of these are free and the way we're using them wouldn't require a lot of refactoring...

Apparently not. Apparently, we can't even update them ourselves, we have to request that an external company does it (which we pay, by the way, SHITELOADS of money to). A week goes past, and we finally get a response.

No, we won't update it, you'll have to pay for it. Doesn't matter that there's a CVE list a bloody mile long and straight up no input validation in several areas, doesn't matter that tens of thousands of users are at risk, pay us or it stays broken. Boggles the fuckin' mind.

I dug into it a bit more than I probably should have (didn't break no laws though I'm not a complete dumbass, I just work for em) and it turns out it's not just us getting fucked over, it's literally EVERYONE using their service which is the vast majority of people within the industry in my country. It also turns out that the entirety of our region is running off a single bloody IP which if you do a quick search on shodan for, you guessed it, also has a CVE list pop up a fuckin' mile long. Don't get me started on password security (there is none). I hate this, there's fucking nothing I can do and everyone else is just fine sitting on their hands because "nobody would target us because we're not a bank!!", as if it bloody matters and as if peoples names, addresses, phone numbers and assuming someone got into our actual database, which wouldn't be a fuckin' stretch of the imagination let me tell you, far more personal details, that these aren't enticing to anyone.

What would you do in my situation?
What can I even do?
I don't want to piss anyone senior off but honestly, I'm thinkin' they might deserve it. I mean yeah there's nothing we can do but at least make a fuss 'cause they ain't gunna listen to my green ass.

So this guy is asking for help but his ego is too high. What happened was his code raised a ""Trying to get property 'result' of non-object"" error so I told him that the data type is not declared. He still not get it. Like in personal message he asked me wether I know php because he is the founder of some cloud service in php, and I know all about php.

I was like if you know php so well, why cant you realise that $result is not declared?

Working for this startup as a remote dev for last 6 months.

This month they delayed my payment by saying that they are still waiting for crowdfunding payment to be processed.

After 3 days my teamlead who recruited me quitted with 2 more people saying that its 'personal issues'

1 week later (today) I received a letter of termination saying that my contract ceases its effect after 30 days and I will receive my payment after 45 days as all service providers.

I reminded those fuckers that in contract there is a clause saying that they are supposed to pay me within 24 hours of invoice receipt (because this is not my first time with startups). Then fuckers responded that I will get paid as soon as they receive the money.

Contacted CTO today and he told me the truth. Turns out that venture capital that supposedly raised funding of around 10 million usd last year actually didnt raise shit. In the end startup did not receive this funding because VC convinced investors that this project is shit and not worth investing.

VC's plan is to starve out the startup by giving it bridge payment injections. At some point they want to buy out the startup and resell it for profit.

And here I am fucked in the ass. But for some reason im not mad at that VC because shit happens. Im mad ar startup managers who kept us in the dark for 2 weeks and dropped us like shit :)

I am really tired of broke startups and their bullshittery.

fuck it, i'm going to write a personal oauth2 service

pretty soon on websites you'll see a sign in with google button, and sign in with github button, and a sign in with danny button

This day I have received the most glorious news in e-pistolary form. For some years, I was suffering in support of a client who was, well, insufferable. My presence there paralleled the divine comedy in both essence and fact.

I opened the missive, expecting another plea to bail them out of whatever clusterfuck they found themselves in. Instead, what I found was something truly magical.

"Hey Human,

I hope this finds you well. I'm not sure if you remember a few years back, we were trying to decide between IBM Cloud and AWS. Well, after years of battling FF*, we're finally moving ahead with AWS. He failed one too many times to deliver anything visibly. After you left, there was no one left he could use to steal credit, ideas, and work.

FF is still pushing to have them use IBM cloud as a "warm backup" in the event "AWS fails." We will see where that goes.

I figured you'd like to know; you were the void in the wilderness for a long time. I don't want to think about how much time we could have saved if we had just listened.

PeeEm**"

This event represents a personal victory, albeit belated, over a few peoples' absurd amount of privilege. Towards the end, I was vicious about my contestation to the insanity of adopting a desperate hedge attempt-as-cloud offering from a failing company. Some examples:

// cloud 'strategy meeting'
Moi: What cloud platform are we looking at using?
FF: We're looking at IBM cloud and AWS as a second.
Moi: Why is that? I understand you're obligated to rep your offering first, but that decision doesn't seem to have the customer's best interest at heart.
FF: IBM cloud is a market leader; AWS isn't as good.
Moi: I see. I mean, that's the tech equivalent of the company's fleet management considering monkeys on tricycles as a strong competitor to service trucks, but I get what you mean.

// steering meeting
Director: Who can we look to as an example? Who is currently using the IBM cloud?
Moi: No one; they account for a single-digit portion of the actual cloud market. Their long game to sell you a "Hybrid Cloud," which means put some front end payload in a CDN, and buy n-frame units of IBM z servers for the DC with IBM gateway appliances acting as connective tissue. So it's not the cloud at all, really.
Director: How does it compare in cost?
Moi: It's generally 40% more expensive than other clouds, and it only goes higher as you option their software.
Director: What about Watson? I hear Watson is good?
Moi: It's a brand name. Most of the "Watson" product is just a facade on top of FOSS products like Spark, Hadoop, Elasticsearch, etc.
Director: Those were words. They sounded good. FF say it's good tho so we'll believe him because we're from the same city.
Moi: *deletes Director from LinkedIn*

Moral of the story: Never trust a vendor that only recommends their products.

*FF = FatFuck - an embarrassingly rotund individual whose girth is roughly equivalent to his height. He shit his way into an IBM architect position in his mid-20s purely due to winning the visa lottery. He had fake hair glued to his head for his wedding to hide his male pattern baldness; his arrange-married wife undoubtedly cries herself to sleep after sex.

**PeeEm - the then project manager, now portfolio manager of some satellite projects. An overall decent human being, capable.

This was a long time ago, when I was working part time in my uni helpdesk. as part of the uni IT service, they offered ISP services at the dorms. It was cheap, and fast. This essentially allowed students living in the dorms to connect thier personal computers to the uni LAN. Then one day...
An ARP poison malware infected some of those computers. An arp poison attack is simple (look at ettercap) - it redirects network traffic via the affected computer, and adds malware to webtraffic to infect more computers. One of these on a network is bad enough, but when there more then one... traffic was redirected a lot. this caused the Dorm switches to collapse under the load. Fun times to work at the helpdesk...
The IT guys came up with a solution for this: they blocked the arp poision attacks at the firewall, and then disabled the switch port for the infected computer for 24 hours. so, when someone called with 'I have no internet!', we told them to bring us the computer, and installed an AV on it.
3-4 month the problem was cleared.

So I decided to positively tackle the negative energy surrounding me these past few days. I tried to be productive. I went overboard, of course. Where is the fun in normal?

I wrote down all the urgent tasks I must die-die finish. Anyone closed with Asians will know the severity of the die-die and must combo. I started with tasks I have to finish in 3 days. Then in a week. Then in 2 weeks. I ended up creating more than 25 cards across my respective Trello boards.

The tasks that come to me always need minimum 3,4 working hours. Literally. The furthest deadline I see is Oct 15. The tasks I counted is more than 25. No appointments nor meetings were counted yet. It is not impossible. If I finish 2 tasks per day, 14 days is enough to complete all. I might have to continuously work 2 whole weeks of course. But it is still fine, right? Right, guys? Right? It's doable. Right?

I won't get any unskippable appointment within this 2 weeks. Right?

I won't get new tasks to finish within this 2 weeks. Right?

I won't have to guide other people how to do their tasks within this 2 weeks. Right?

I won't have to work other people's tasks when they absent within this 2 weeks. Right?

I won't have to entertain any annoying client because customer service team can't deal within this 2 weeks. Right?

I won't have to do other personal tasks within this 2 weeks. Right? (Like helping with creating a wedding slideshow for a friend marrying on Oct 28)

My life is totally fine. Right?

This would be my first official post.

Been a IT Technician for a managed service provider for the past 9 years up until last year August. Managing director pulls me in with a movement to App Development after coming across some personal hobby projects I have done in the past.

Started in the new position in November as Junior Developer and workloads get dumped on me and left to figure it out. 4 weeks of running through code without documentation and the solutions started to make sense.

Started a new solution for a Large remote customer with documentation and timelines in December and I get pulled in again for a second time in front of the MD.

Good News:With effect in January I have been promoted to Head of Application development.

Bad News: The existing department head is leaving end of the month and I am to go 900km from home to hand over all responsibilities for the next 3 weeks.

Better News: Department has started shifting to DevOps and it is up to me to set the policies and work flows to how I see fit.

Worse news: it starts by expanding the team asap as 10 projects accounting to 4000 man hours with deadlines in Q3.

Wish me luck. It's going to be twisted Rollercoaster ride...

Conversation yesterday (senior dev and the mgr)..

SeniorDev: "Yea, I told Ken when using the service, pass the JSON string and serialize to their object. JSON eliminates the data contract mismatch errors they keep running into."
Mgr: "That sounds really familiar. Didn't we do this before?"
SeniorDev: "Hmmm...no. I doubt anyone has done this before."
Me: "Yea, our business tier processor handled transactions via XML. It allowed the client and server to process business objects regardless of platform. Partners using Perl,
clients using Delphi, website using .aspx, and our SQLServer broker even used it."
Mgr: "Oh yea...why did we stop using it?"
Me: "WCF. Remember, the new dev manager at the time and his team broke up the business processor into individual WCF services."
Mgr: "Boy, that was a crap fest. We're still fighting bugs from the mobile devices. Can't wait until we migrate everything to REST."
SeniorDev: "Yea, that was such a -bleep-ing joke."
Me: "You were on Jake's team at the time. You were the primary developer in the re-write process saying passing strings around wasn't the way true object-oriented developers write code.
So it's OK now because the string is in JSON format or because using a JSON string your idea?"

SeniorDev turns around in his desk and puts his headphones back on.

That's right you lying SOB...I remember exactly the level of personal attacks you spewed on me and other developers behind our backs for using XML as the message format.

Keep your fat ass in your seat and shut the hell up.

Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.

Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.

Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.

Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".

Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.

PayPal = GayPal

PHASE 1

1. I create my personal gaypal account
2. I use my real data
3. Try to link my debit card, denied
4. Call gaypal support via international phone number
5. Guy asks me for my full name email phone number debit card street address, all confirmed and verified
6. Finally i can add my card

PAHSE 2

7. Now the account is temporarily limited and in review, for absolutely no fucking reason, need 3 days for it to be done

8. Five (5) days later still limited i cant deposit or withdraw money

9. Call gaypal support again via phone number, burn my phone bill

10. Guy tells me to wait for 3 days and he'll resolve it

PHASE 3

11. One (1) day later (and not 3), i wake up from a yellow account to a red account where my account is now permanently limited WITHOUT ANY FUCKING REASON WHY

12. They blocked my card and forever blocked my name from using gaypal

13. I contact them on twitter to tell me what their fucking problem is and they tell me this:

"Hi there, thank you for being so patient while your conversation was being escalated to me. I understand from your messages that your PayPal account has been permanently limited, I appreciate this can be concerning. Sometimes PayPal makes the decision to end a relationship with a customer if we believe there has been a violation of our terms of service or if a customer's business or business practices pose a high risk to PayPal or the PayPal community. This type of decision isn’t something we do lightly, and I can assure you that we fully review all factors of an account before making this type of decision. While I appreciate that you don’t agree with the outcome, this is something that would have been fully reviewed and we would be unable to change it. If there are funds on your balance, they can be held for up to 180 days from when you received your most recent payment. This is to reduce the impact of any disputes or chargebacks being filed against you. After this point, you will then receive an email with more information on accessing your balance.

As you can appreciate, I would not be able to share the exact reason why the account was permanently limited as I cannot provide any account-specific information on Twitter for security reasons. Also, we may not be able to share additional information with you as our reviews are based on confidential criteria, and we have no obligation to disclose the details of our risk management or security procedures or our confidential information to you. As you can no longer use our services, I recommend researching payment processors you can use going forward. I aplogise for any inconvenience caused."

PHASE 4

14. I see they basically replied in context of "fuck you and suck my fucking dick". So I reply aggressively:

"That seems like you're a fraudulent company robbing people. The fact that you can't tell me what exactly have i broken for your terms of service, means you're hiding something, because i haven't broken anything. I have NOT violated your terms of service. Prove to me that i have. Your words and confidentially means nothing. CALL MY NUMBER and talk to me privately and explain to me what the problem is. Go 1 on 1 with the account owner and lets talk

You have no right to block my financial statements for 180 days WITHOUT A REASON. I am NOT going to wait 6 months to get my money out

Had i done something wrong or violated your terms of service, I would admit it and not bother trying to get my account back. But knowing i did nothing wrong AND STILL GOT BLOCKED, i will not back down without getting my money out or a reason what the problem is.

Do you understand?"

15. They reply:

"I regret that we're unable to provide you with the answer you're looking for with this. As no additional information can be provided on this topic, any additional questions pertaining to this issue would yield no further responses. Thank you for your time, and I wish you the best of luck in utilizing another payment processor."

16. ARE YOU FUCKING KIDDING ME? I AM BLOCKED FOR NO FUCKING REASON, THEY TOOK MY MONEY AND DONT GIVE A FUCK TO ANSWER WHY THEY DID THAT?

HOW CAN I FILE A LAWSUIT AGAINST THIS FRAUDULENT CORPORATION?

Late night ramble warning.

I like to fix issues. I like to roll up my sleeves and fetch my keyboard or soldering iron on a mission to build a custom solution for whatever real world annoyance that has just triggered my problem solving caveman brain.

I have prided myself in that. I am the kind of guy who doesn't shy away from getting my hands dirty, I tell myself, and it's good because it makes my life easier, I tell myself. But increasingly, I've been wondering if this is really so. Am I really making my life easier? Am I fixing the world or just scratching an itch?

Example 1:
Instead of using conventional backup methods for my personal files like a commercial cloud based service or buying a Synology NAS or something similar, I decided it would be better to build my own linux server and set up a rather obscure configuration in order to address things like parity, ECC, bit-rot and the likes while staying cheap.

Learning a lot? Sure. Fun? Sure. Never have to worry about backups again? The opposite, of course.

While I set out to build the perfect bespoke solution to all my personal backup needs - it's as if I, by putting my time and effort into the nitty gritty of technical implementation, placed a vote for my future to contain more of that stuff. In reality this project has burdened my little brain with many new things to consider in regards to storing my files.

Example 2:
Qwerty and the conventional staggered keyboard layout are relics of past technical limitations and both of them inefficient and bad from an ergonomic perspective.

Possible solution: ignore and carry on or possibly transition to Colemak on a somewhat more ergonomic full size keyboard.
My solution: well, let's also hand build a tiny-ass super obscure ergo keyboard and spend two days to come up with my own layout for all special characters, numbers and function keys.

Fun? Somewhat. Learning a lot? I guess. Never have to think about keyboard layouts again? Lol.

I'm living in a world of pain with various key commands in various apps and edge cases. Could I fix it? Probably make it better but not without quite a bit of effort.

Anyways, it'd be interesting to hear if anyone can relate to this feeling of wanting to fix something once and for all only to find yourself deeper in it then ever before. Idk might be a just me thing. Anyways, goodnight lovely people.

About slightly more than a year ago I started volunteering at the local general students committee. They desperately searched for someone playing the role of both political head of division as well as the system administrator, for around half a year before I took the job.

When I started the data center was mostly abandoned with most of the computational power and resources just laying around unused. They already ran some kvm-hosts with around 6 virtual machines, including a cloud service, internally used shared storage, a user directory and also 10 workstations and a WiFi-Network. Everything except one virtual machine ran on GNU/Linux-systems and was built on open source technology. The administration was done through shared passwords, bash-scripts and instructions in an extensive MediaWiki instance.

My introduction into this whole eco-system was basically this:
"Ever did something with linux before? Here you have the logins - have fun. Oh, and please don't break stuff. Thank you!"

Since I had only managed a small personal server before and learned stuff about networking, it-sec and administration only from courses in university I quickly shaped a small team eager to build great things which would bring in the knowledge necessary to create something awesome. We had a lot of fun diving into modern technologies, discussing the future of this infrastructure and simply try out and fail hard while implementing those ideas.

Today, a year and a half later, we look at around 40 virtual machines spiced with a lot of magic. We host several internal and external services like cloud, chat, ticket-system, websites, blog, notepad, DNS, DHCP, VPN, firewall, confluence, freifunk (free network mesh), ubuntu mirror etc. Everything is managed through a central puppet-configuration infrastructure. Changes in configuration are deployed in minutes across all servers. We utilize docker for application deployment and gitlab for code management. We provide incremental, distributed backups, a central database and a distributed network across the campus. We created a desktop workstation environment based on Ubuntu Server for deployment on bare-metal machines through the foreman project. Almost everything free and open source.

The whole system now is easily configurable, allows updating, maintenance and deployment of old and new services. We reached our main goal for this year which was the creation of a documented environment which is maintainable by one administrator.

Although we did this in our free-time without any payment it was a great year with a lot of experience which pays off now.

Last job search was in mid 2020. I thought I had a pretty good offer: getting 40% more in gross salary. But then I asked some pretty standard/clarifying questions about benefits and all the red flags started coming out 🚩. They really used the pandemic to sell ppl short. TLDR I turned down the offer.

PTO was the dealbreaker. Their PTO was 16 days: 6 holidays plus 10 personal days. Even though any paid time off is PTO, I thought it was pretty gross to count holidays in the PTO bank like that. My friends agreed with me.

Yes, this is a US company.

Then shit hit the fan when I asked about sick days.

Me: What’s the policy on sick time?

Talent/HR: We have a flex time policy, so you don’t have to take time off for a one hour doctor’s appointment.

🤨🚩
I didn’t ask about flex time.

Me: The PTO is really low.

Talent: Well, you could use your sick days for vacation.

🤨🚩🚩

Me: I just asked you about sick time and you didn’t mention sick days. What are these sick days?

Talent: Oh, well technically the personal days are 5 sick days and 5 personal days… [I swear this is what I heard over the phone.]

🤨🚩🚩🚩

Me: 😤 This isn’t going to work.

Talent: I can see about getting you more PTO.

Talent comes back with 5 additional personal days. And it wouldn’t be included in my offer letter it would only be a note in my file. 🚩🚩🚩🚩🚩

The gross thing was this startup was in the healthcare space: it’s a prescription meds delivery service/pharmacy. I know ppl say startups are the “throw money at you and go cheap on benefits” type. But how can you be in a healthcare space and not give ppl decent PTO? And during the pandemic and pre-vaccine existence? They were trying to con me. It was bizarre because it’s not my first job search. I was still employed so I wanted a new job but I wasn’t desperate.

I couldn’t see how anyone would accept that abysmal PTO offer. Maybe if they were really desperate or naive. I suspected this company had a big PTO disparity because I’m positive most employees would have negotiated for more time.

It was hard to turn down the money because I was afraid of not finding a job. Luckily, I did get an offer with really great benefits from a different company later on.

TL;DR Calendar services sucks.

Imagine yourself as startup. You don't want to spend fortune on paying $5 per user per month for Google Services. Also you don't want to pay that to Microsoft for O365. You want to run it itself because you already have droplet running with your other services (ERP for example. Funny story too btw.) Ok, decision has been made, let install something.

I have pretty good experience with OwnCloud from past as Cloud file sharing service. Calendar is not bad for single user purpose (understand it as personal calendar, no invitations to others, sharing is maximum I tried) What can possibly go wrong when I deploy that and use its Calendar?

Well, lot. OwnCloud itself runs well (no rant here) but Calendar is such pain in ass. Trouble is with CalDav under hood and its fragmented standards. So, you want to send invitation to your team for recurrent meeting. Nothing weird. It sends as one invitation to each one, good. Now you realize you have a conflict, so you need to change time of one occurence. Move it, send update. And here comes shitstorm. It is not able to bisect one occurence from series. So it splits it to separate events and send invitation for every single one. 30 INVITATIONS IN 2 SECONDS! Holy sh*t! You want to revert that. Nope, won't do. So you accept your destiny and manually erase every single one with memo in head about planning recurring events.

Another funny issue is when SwiftMailer library (which is responsive for sending e-mails from OwnCloud) goes to spamming mayhem. It is pretty easy to do. When e-mail doesn't comply to RFC, it is rejected, right? So if because of some error CalDav client passes non-compliant e-mail (space as last character is non-compliant btw) and SwiftMailer tries to send it to multiple recepients (one of them is broken, rest is fine), it results in repetitive sending same invitation over and over in 30 minute interval. Sweet.

So now I am sitting in front of browser, looking for alternatives. Not much to choose from. I guess I'll try SOGO. It looks nice. For now.

Updated my personal site to use bulma CSS framework last night. Pushed it all up, then realised github pages doesn't do npm install before it builds the site. So there was no CSS for a bit.

The only way around was to commit node modules folder to git repo. Feels wrong but better than having no CSS.

I guess that's what happens when you use a free service 😁

I made systems automated and effective, requiring less or no human action to process, was told it was to free up people for more sales and personal service, today I found out they fired the equilavent number of people to what my solutions made uneccesary. I really liked especially one of them and was hoping to ask her out. Guess that won't happen now. I feel horrible when my solutions cost people their Jobs.

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

Fuck mi ISP, really, fuck it.
It left the whole city without internet access for 3 days, and it's service is HORRIBLE.
Not only that, they don't expand the network they have and we are stuck with 5mbps! (3, effectively).
Imagine trying to download a file, while 2 other people are watching YouTube, and 2 other devices are PLAYING NETFLIX. OF COURSE IT WILL STOP WORKING.
I COULDN'T EVEN POST A RANT WITH AN IMAGE (it'd stuck loading for minutes).
I am trying to get a new ISP and this one will be wire to my personal PC, fuck them. However, as a house in the suburbs of a small satellite city, it's hard to get a decent new service.

I'd like to locally encrypt files before syncing it with the cloud; what's the "best" software available for this?

I'm currently switching to STACK as my cloud service (it's a file hosting service for Dutch people that offers 1TB of free storage).
But I don't feel fully comfortable with them having access to all my personal data.

So I came to the conclusion that it would be best to locally encrypt files before syncing it with STACK. I DuckDuckGo'd but there seems to be a lot of software available for this so I'm not sure which one to use.

Which one could you recommend me? I'd prefer a free software but I'm okay with paying as long as it isn't too expensive.

To me this is one of the most interesting topics. I always dream about creating the perfect programming class (not aimed at absolute beginners though, in the end there should be some usable software artifact), because I had to teach myself at least half of the skills I need everyday.

The goal of the class, which has at least to be a semester long, is to be able to create industry-ready software projects with a distributed architecture (i.e. client-server).

The important thing is to have a central theme over the whole class. Which means you should go through the software lifecycle at least once.

Let's say the class consists of 10 Units à ~3 hours (with breaks ofc) and takes place once a week, because that is the absolute minimum time to enable the students to do their homework.

1. Project setup, explanation of the whole toolchain. Init repositories, create SSH keys for github/bitbucket, git crash course (provide a cheat sheet).
Create a hello world web app with $framework. Run the web server, let the students poke around with it. Let them push their projects to their repositories.
The remainder of the lesson is for Q&A, technical problems and so on.

Homework: Read the docs of $framework. Do some commits, just alter the HTML & CSS a bit, give them your personal touch.
For the homework, provide a $chat channel/forum/mailing list or whatever for questions where not only the the teacher should help, but also the students help each other.

2. Setup of CI/Build automation. This is one of the hardest parts for the teacher/uni because the university must provide the necessary hardware for it, which costs money. But the students faces when they see that a push to master automatically triggers a build and deploys it to the right place where they can reach it from the web is priceless.
This is one recurring point over the whole course, as there will be more software artifacts beside the web app, which need to be added to the build process. I do not want to go deeper here, whether you use Jenkins, or Travis or whatev and Ansible or Puppet or whatev for automation. You probably have some docker container set up for this, because this is a very tedious task for initial setup, probably way out of proportion. But in the end there needs to be a running web service for every student which they can reach over a personal URL. Depending on the students interest on the topic it may be also better to setup this already before the first class starts and only introduce them to all the concepts in a theory block and do some more coding in the second half.

Homework: Use $framework to extend your web app. Make it a bit more user interactive with buttons, forms or the like. As we still have no backend here, you can output to alert or something.

3. Create a minimal backend with $backendFramework. Only to have something which speaks with the frontend so you can create API calls going back and forth. Also create a DB, relational or not. Discuss DB schema/model and answer student questions.

Homework: Create a form which gets transformed into JSON and sent to the backend, backend stores the user information in the DB and should also provide a query to view the entry.

4. Introduce mobile apps. As it would probably too much to introduce them both to iOS and Android, something like React Native (or whatever the most popular platform-agnostic framework is then) may come in handy. Do the same as with the minimal web app and add the build artifacts to CI. Also talk about getting software to the app/play store (a common question) and signing apps.

Homework: Use the view API call from the backend to show the data on the mobile. Play around with the mobile project to display it in a nice way.

5. Introduction to refactoring (yes, really), if we are really talking about JS here, mention things like typescript, flow, elm, reason and everything with types which compiles to JS. Types make it so much easier to refactor growing codebases and imho everybody should use it.
Flowtype would make it probably easier to get gradually introduced in the already existing codebase (and it plays nice with react native) but I want to be abstract here, so that is just a suggestion (and 100% typed languages such as ELM or Reason have so much nicer errors).
Also discuss other helpful tools like linters, formatters.

Homework: Introduce types to all your API calls and some important functions.

6. Introduction to (unit) tests. Similar as above.
Homework: Write a unit test for your form.

(TBC)

I created an ASP.Net Web Application as my personal Web site. Tested it locally then wanted to test it in a live environment. I purchased a domain/hosting package then publish via FTP. Point it to homepage and nothing shows up. I call customer service and they say it's hosted on a Linux server but their options don't show that it is Linux based. So I had to change it to a Windows platform that it should have already been on. SMH 😣

!rant

So I have bought a new laptop and this time instead of straight up booting linux I had an idea of giving micro$oft a try, so I have decided to use only their services for 2 weeks.

To be honest, I really did not expect windows to use do much cpu and hdd during updates and background tasks, but after a day it was ok and windows feels snappier than during my last encounrer (maybe cause the new hw?).

I was even so dedicated that I started to use cortana and I have to tell, that she is dumb as fuck, since she fails to understand even the basic tasks and if u want something advanced, she refers to the next update. But boy, tell her to open Visual Studio and she asks if you want VS Code or Visual Studio, which seems great. But my response was 'Code' then she insisted that I said Coke. Im like OK, Im not native english speaker, lets try Visual Studio Code, where she told me that there is no such thing and Spelling VS - Code ended me in bing search for Unesco :/

I really want to like Cortana, she has nice name, nice history, but she is like that A girl from class, who looks gorgeous, has great voice, but then u reallise that she just eats a book before exam and after that she is that dumb basic hoe.

I also gave a shot to Bing and Edge. Bing is something between Google and DuckDuckGo, since it gives you a liiitle less results from search history, yet if you want to find something in different language its even possible to tell you that what are you trying to find does not exist.

But I have to tell, that I like Edge and I mean it. Like... Its fast and has some good features, like pushing all your open tavs away, so you can open them Later. It also does not have that stupid ass feature that lets you control tab from left to right, not by chronological order, so you wont end up in infinity loop of 2 tabs. And even if people make fun of M$ trying to convince you to use Edge by being too aggresive. God go on edge and try to use some Google Service(You still dont use chrome?!).

I also tried to play with .Net core and I have to tell that against java they are a bit further. I liked some small features, but what I just simply loved was rhe fucking documentation. You basically dont need google, sincw they give you examples and explain in a human way.

What I didnt quite get was the 'big' Visual Studio. Tje dark theme to me feels strange(personal and irrelevant). Why the hell I do need to press 2 shortcuts to duplicate line?! Why is it so hard to find a plugin to give me back my coloured brackets and why the fuck it takes like a second to Cut one line of code on a damn i7?!

Visual studio Code was something different. It shows how dark theme should be done, the plugin market is full of stuff and the damn shortcuts are not made for octopi. So I have to recommend it ^^.

I even gave a shot to word and office as a whole and fuck I never knew that there are so many templates. It really made my life easier, since all you need to do is find the right one in the app, instead of browsing templates online, where half of them are for another version of your text editor.

Android Launcher was fast, had a clever widget of notes and the sync was pretty handy to be honest so I liked that one as well.

What made me furious was using the CLI. Godfucking damn what the fuck is ipconfig?! :/

Last thing what made me superbhappy was using stuff without wine and all of the addional shit. Especially using stuff like Afinity Designer and having good looking apps in general. I mean Open source has great tools l sometimes with better functionality. But I found out, that what is pleasure to look at, is pleasure to work with.

To Summarize a bit.

It wasnt that bad as I expected. I see where they are heading with building yet another ecosystem of It just works and that they are aiming at professionals once again.

So I would rate it 6/10, would be 7 if that shit was Posix compatible.

I know that for Balmer is a special place in hell... But with that new CEO, Microsoft at the end may make it to purgatory..

I honestly do not understand the hate for Macs. I know I'm not the first to rant about it, but it's sad that I have to. Yes, you can build a crazy PC with 172828 cores over-clocked to 79Thz for like $7 and have a taco along with it, but that's not the point. Each of them are good for their own things. Maybe, I don't want to spend the first 13 hours figuring out which version of Linux I need to run after I get a computer. I mean give me a break. Each of them are personal preferences. What people often don't see in Macs are value you get with service and surprisingly useful default apps (I'm looking at you Open office) and a solid feature set. Why am I even writing this, it's fucking 2AM.

Recep Tayyip Erdogan had a problem — after his army service, he got so used to cold that he could only sleep on a raw, cold metal grill. Usually, normal people put mattress on top, but Erdogan didn’t feel right this way. So, in one of his personal prisons, he established a social project for making a full metal bed for himself.

For starters, to calculate the shape, he took the smallest man ever (3 inches high) with his fingers and sunk him into molten plastic. “What are you doing?! It hurts!” — man screamed. “Shut up. You’re on an important mission. Your motherland won’t forget you.”
After three months, the bed was ready. It was more of the same — metal bars, but this time with some kind of structure built of metal hinges, rebar and strong springs. This was the day — this was the big reveal event. It took place in the same prison — three prisoners were ready to lay on their new full metal beds, while news crews congratulated Erdogan and celebrated his greatness. “Well, it is time!” — he said.
Prisoners laid flat. An awful screeching sound. Prisoner number two is bleeding out. The spring mechanism broke out and impaled his chest onto a large metal bar. He’s not breathing.
“Shut it down. Shut it all down. No more cameras, no more news”, — said Erdogan.
“Yes, our master”, — said news crews.

They wanted to draft me to Afghanistan.
“No!”, — a young officer shouted, misgendering me — “He doesn’t know the stages of pain. Useless.”
“Are you perhaps arguing pain with a bipolar patient?” — I replied.
“You are a rave. Nothing but a rave.”

Raves spawned near your doors at night. Sometimes, they even spawned on the inside. I can’t say you were in danger, but it certainly wasn’t a pleasant thing to happen to anyone. They looked ugly. They dressed weird. They spoke in riddles.
“How do I move to Europe?”, — a rave asked.
“I…”
“Shut up!”
Rave took a door, suspiciously painted over and over multiple times, and started to slam my door with it, using it as a ram.
My door started giving in.

Alarm system.
On a separate note, to disable the alarm system, you have to speedrun Stanley Parable. It’s the hardest speedrun ever, specifically its hidden ending. It disables all alarm systems in three-mile radius IRL. No one knows how it works, but it does. Back to the danger zone!

“The better quality time you spend sitting on your toilet, the more you’ll live.”, — an officer said.
“I once had a girl blow me while I was shitting,” — Matthias replied — “You have nothing on me.”
“Fair enough!”

It is a little known fact, but the liquid that Northern cities use to clean up snow isn’t quite what it seems like. It’s not salt — in reality, there are bases on Mars, and they store pink goo that… “iMpRoVeS” dead bodies. The liquid is biological in nature, and it expires. Expired liquid is recycled as snow melter. You learn that in high school, but now, living on a train, you should know that there are special learning rooms here, in every. single. carriage. The small gym ball with two handles on its sides is called Gandhi ball. Fun fact: if you wear headless Segways on top of your shoes, and then lay flat holding a Gandhi ball, you can reach the speed of 270 kph!

Today’s news: a Reddit moderator and a legless woman gave birth to a living sex toy for their domestic boar.

DevRant has many privacy-conscious people and honestly just people who don't like when their personally identifiable data gets shared.

Yet, DevRant uses Carbon Ads owned by BuySellAds. Here's what their privacy policy reads:

"Some Personally Identifiable Information may also be provided to intermediaries and other Third Party Service Providers (defined in part (4) below) who assist us with the Services"

You know what's the funniest thing? In "part 4 below" they never actually state which companies do they share personally identifiable information with.

Just a quick reminder that when you use DevRant, your personally identifiable information may be shared with any amount of third parties, and you could bet a lot of money that the list includes Google and Facebook because of remarketing. Remarketing is a fancy term that means not selling personal data but instead giving it away for free.

Use AdGuard or any other browser extension that blocks analytic scripts. Buy a Raspberry Pi Zero W and make yourself a PiHole. When you're using DevRant mobile app, use analytics-blocking VPN.

Alright I'm finally making the switch from GitHub. I am pretty set on GitLab because it's open source, but was also considering Bitbucket. In addition to using it for personal projects, I'm also an officer of a student organization whose members work on software projects that I will be "managing" and contributing to. I'd like to use the same service for both, but don't know which one would be better. I read into both, but care more about what all of your opinions are than a non-experienced journalist on some click-bait blogging site

Update:
I've been trying to leave DoD for a couple of months now. Translating my 10 year's experience with complex Intelligence enterprise level systems to something relatable to the civilian IT world. Grabbed a few certs to help out A+, network+ and security+ with Linux+ as my next target. Photos of me working on unclassified systems, radios, cell towers and servers. I'm a teacher for military UAS so this shouldn't be to hard to get even a basic job in IT right.

No one will hire...
Linux admin: Nope
Network admin: Nope
Assistant Network admin: Nope
IT call service: Nope
Pool cleaner fucking nope
Many interviews and nothing
I'm broke and sold all of my personal valuables. I can't hold out much longer and really looking at becoming homeless. But I'm kinda ok with it, one last payment on my apartment and car is all I can do now. My parents think I'm in Afghanistan working a six figure job lol

DoD: we see you're trying to leave we'll pay you alot to teach A+, Network+ and Security+ traveling all across the country and staying at hotels with all expenses paid.

FU FU FU I want out please tell me someone has a job, I'll be a janitor of a server room Idc I just want out. Fuck the pay

I start Tuesday...

I'm in need of advice. I reckon this is no stack overflow but that's probably for the best as I wouldn't feel as comfortable posting there as I am doing it here. So, back to the question: I'm currently working with legacy code, written in .NET 2.0. This code is responsible for calling upon PEC services in order to finally create personal smart cards. I was tasked with the job of creating a repository system that would allow the program to call on the old legacy services or the new ones without any distinction. We are talking about SOAP services in both cases. The issues is: the new service definition is comprised of soap policies. This wouldn't be a problem per se, with more modern version of the framework, but with .NET 2.0? Yes, it is. It doesn't support policies and signing the body with a certificate right out of the box. How can I manage this? I feel like the only way would be letting the proxy class do its thing up until the very last moment: intercept the SOAP request before its sent and modify it according to the specifications. But I reckon this is very bad practice. Is there any other way out of this?

Thanks for anyone that would like to help. 🙂

Companies that pose to be successful and you come across awesome reviews about them, until you try their services out only to find that they have been scamming others. This is a company called Host4Geeks, I was truly impressed by the company until I dug deeper.
It saddens me that companies like these who have huge potential work on providing an awful service while they could earn a lot more if they just provide a better service.

My personal experience was a little different and partially my fault. Someone introduced me to their service and I liked their Reseller service, I tried it out for some of my clients, it was only until I decided to move on that H4G locked down my account and content barring me from attempting any sort of content transfer.

This is Host4Geeks. Beware.

Tl;Dr: Would my salary sugesstion be alright? Will get a promotion. Currently salary 115k $. I would suggest between 135k - 150k $ annual salary

So I work at a large Corpo and was asked by my department Boss, if I want to take a Promotion in our Applications team as Technical Lead. I would have the same Job, but will be the Service Owner and lead the team on a functional base. Would be 5 People. Personal Leadership would still be trough my superior.

Im alright with that, I currently dont want to lead people, but teaching them how to do it like I do right now is fine with me. Also most of the time when Shit hits the Fan Im on the call already to fix a critical Bug.

I trust my boss alot and was always treated fair by her. My currently salary is at 115k annual and Im 29 years old.

Currently Im studying on my Science BSc and work fulltime. I will take the promotion, because its like already now too my Job, I get payd better and not some random pen pusher will be set infront of me.

Also I could deny now all the fuck ups our Business People decide in Projects. I would have a lever more to challenge. (Parry this Peasant 🤣)

Just jumping from 115k up is my mental Challenge. I first thought about just 124k, but the responsibility is alot (Business Critical Applications). Also on the Job Market the Peers are ranging from 140k - 160k.

Im always thinking about the say, you need to be greedy sometimes yourself if its justified. Else some Manager gonna cash in the slip.

Should I suggest 135k or by your experience would you advertise higher like 145k-150k?

Some background:

About 2 months ago, my company wanted to build a micro service that will be used to integrate 3 of our products with external ticketing systems.

So, I was asked to take on this task. Design the service, ensure extendability and universality between our products (all have very different use cases, data models and their own sets of services).

Two weeks of meetings with multiple stakeholders and tech leads. Got the okay by 4-6 people. Built the thing with one other guy in a manner of a week. Stress tested it against one ticketing service that is used in a product my team is developing.

Everyone is happy.

Fast forward to last Thursday night.

“Email from human X”: hey, I extended the shared micro service for ticketing to add support for one of clients ghetto ticketing systems. Review my PR please. P.S. release date is Monday and I am on a personal day on Friday.

I’m thinking. Cool I know this guy. He helped me design this API. He must’ve done good. . . *looks at code* . . . work..... it’s due... Monday? Huh? Personal day? Huh?

So not to shit on the day. He did add much needed support for bear tokens and generalized some of the environment variables. Cleaned up some code. But.... big no no no...

The original code was written with a factory pattern in mind. The solution is supposed to handle communication to multiple 3rd parties, but using the same interfaces.

What did this guy do wrong? Well other than the fact that he basically put me in a spot where if I reject his code, it will look like I’m blocking progress on his code...

His “implementation” is literally copy-paste the entire class. Add 3 be urls to his specific implementation of the API.

Now we have

POST /ticket
PUT /ticket
POST /ticket-scripted
PUT /ticket-scripted
POST /callback

The latter 3 are his additions... only the last one should have been added in reality... why not just add a type to the payload of the post/put? Is he expecting us to write new endpoints for every damn integration? At this rate we might as well not have this component...

But seriously this cheeses me... especially since Monday is my day off! So not only do I have to reject this code. I also have to have a call now with him on my fucking day off!!!!

Arghhhhhh

So as a personal project for work I decided to start data logging facility variables, it's something that we might need to pickup at some point in the future so decided to take the initiative since I'm the new guy.
I setup some basic current loop sensors are things like gas line pressures for bulk nitrogen and compressed air but decided to go with a more advanced system for logging the temperature and humidity in the labs. These sensors come with 'software' it's a web site you host internally. Cool so I just need to build a simple web server to run these PoE sensors. No big deal right, it's just an IIS service. Months after ordering Server 2019 though SSC I get 4 activation codes 2 MAK and 2 KMS. I won the lottery now i just have to download the server 2019 retail ISO and... Won't take the keys. Back to purchasing, "oh I can download that for you, what key is yours". Um... I dunno you sent me 4 Can I just get the link, "well you have to have a login". Ok what building are you in I'll drive over with a USB key (hoping there on the same campus), "the download keeps stopping, I'll contact the IT service in your building". a week later I get an install ISO and still no one knows that key is mine. Local IT service suggests it's probably a MAK key since I originally got a quote for a retail copy and we don't run a KMS server on the network I'm using for testing. We'll doesn't windows reject all 4 keys then proceed to register with a non-existent KMS server on the network I'm using for testing. Great so now this server that is supposed to connected to a private network for the sensors and use the second NIC for an internet connection has to be connected to the old network that I'm using for testing because that's where the KMS server seems to be. Ok no big deal the old network has internet except the powers that be want to migrate everything to the new more secure network but I still need to be connected to the KMS server because they sent me the wrong key. So I'm up to three network cards and some of my basic sensors are running on yet another network and I want to migrate the management software to this hardware to have all my data logging in one system. I had to label the Ethernet ports so I could hand over the hardware for certification and security scans.

So at this point I have my system running with a couple sensors setup with static IP's because I haven't had time to setup the DNS for the private network the sensors run on. Local IT goes to install McAfee and can't because it isn't compatible with anything after 1809 or later, I get a message back that " we only support up to 1709" I point out that it's server 2019, "Oh yeah, let me ask about that" a bunch of back and forth ensues and finally Local IT get's a version of McAfee that will install, runs security scan again i get a message back. " There are two high risk issues on your server", my blood pressure is getting high as well. The risks there looking at McAfee versions are out of date and windows Defender is disabled (because of McAfee).

There's a low risk issue as well, something relating to the DNS service I didn't fully setup. I tell local IT just disable it for now, then think we'll heck I'll remote in and do it. Nope can't remote into my server, oh they renamed it well that's lot going to stay that way but whatever oh here's the IP they assigned it, nope cant remote in no privileges. Ok so I run up three flights of stairs to local IT before they leave for the day log into my server yup RDP is enabled, odd but whatever let's delete the DNS role for now, nope you don't have admin privileges. Now I'm really getting displeased, I can;t have admin privileges on the network you want me to use to support the service on a system you can't support and I'm supposed to believe you can migrate the life safety systems you want us to move. I'm using my system to prove that the 2FA system works, at this rate I'm going to have 2FA access to a completely worthless broken system in a few years. good thing I rebuilt the whole server in a VM I'm planning to deploy before I get the official one back. I'm skipping a lot of the ridiculous back and forth conversations because the more I think about it the more irritated I get.