Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "proxy"
A scammer called me today. They were saying that harmful files were moved to my computer and they needed to remove them. I don't think they are ever going to call me again.
S = scammer; M = me;
S: this is tech support we need access to your computer because we detected harmful files and need to remove them.
M: oh my! Hold on, let me go to my computer now. How can you access it?
S: we can just use RDP and delete the files. They are in a hidden folder that is encrypted so this Is the only way.
M: oh ok I believe you. Hm... it looks like my son only allows certain IP addresses to access our computers.. I don't know how to disable this so can you just email me your IP address?
He then sends me his actual IP address... it doesn't even look like a proxy or VPN.
M: oh my I forgot that you need my password to login. It's really long and complicated... can I just email it to you?
I then tell him to hold on I have to find it that my "son" stored it somewhere.
At this time I'm taking a photo of my bare ass and attaching it to the email. I then say in the email "Please note what my job title is in my signature.. I just sent the FBI your name, phone number, email, and IP address. Please enjoy my bare ass, you'll see a lot of it in prison."22
Browsing to a porn site while still being in the corporate VPN.
Got a proxy page which said this type of content isn't allowed at work. Nearly had a heart attack ;D15
So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!
It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"
Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.
My parents found it very easy to work with as well so we decided to stick with it.
I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.
Then I started to experiment more and more.
After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!
From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.
Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!
I started to learn stuff like FTP, SSH and so on.
Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?
First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.
Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.
Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!
I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.
Finally made the jump to NginX and CentOS!
Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.
Started with simple, one screen linux setup with ubuntu 10.04.
Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!
It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).20
Funny story about the first time two of my servers got hacked. The fun part is how I noticed it.
So I purchased two new vps's for proxy server goals and thought like 'I can setup fail2ban tomorrow, I'll be fine.'
Next day I wanted to install NginX so I ran the command and it said that port 80 was already in use!
I was sitting there like no that's not possible I didn't install any server software yet. So I thought 'this can't be possible' but I ran 'pidof apache2' just to confirm. It actually returned a PID! It was a barebones Debian install so I was sure it was not installed yet by ME. Checked the auth logs and noticed that an IP address had done a huge brute force attack and managed to gain root access. Simply reinstalled debian and I put fail2ban on it RIGHT AWAY.
Checked about two seconds later if anyone tried to login again (iptables -L and keep in mind that fail2ban's default config needs six failed attempts within I think five minutes to ban an ip) and I already saw that around 8-10 addresses were banned.
Was pretty shaken up but damn I learned my lesson!8
This is super childish but it's the gameserver insidstry and karma is a bitch.
TLDR: I hacked my boss
I was working for a gameserver and I did development for about 3 months and was promised pay after the network was released. I followed through with a bunch of dev friends and the guy ended up selling our work. He didn't know that I was aware of this as he tried to tell people to not tell us but one honest person came forward and said he sold our work for about 8x the price of what he owed ALL OF US collectively.
I proceeded to change the server password and when he asked why he couldn't log in I sent him an executable (a crypted remote access tool) and told him it was an "encryption tunnel" that makes ssh and file transfers secure. Being the idiot that he is he opened it and I snagged all of his passwords including his email and I changed them through a proxy on his machine to ensure I wouldn't get two factored with Google. After I was done I deleted system 32 :338
We're using a ticket system at work that a local company wrote specifically for IT-support companies. It's missing so many (to us) essential features that they flat out ignored the feature requests for. I started dissecting their front-end code to find ways to get the site to do what we want and find a lot of ugly code.
So i dig farther and farthee adding all the features we want into a userscript with a beat little 'custom namespace' i make pretty good progress until i find a site that does asynchronous loading of its subpages all of a sudden. They never do that anywhere else. Injecting code into the overcomolicated jQuery mess that they call code is impossible to me, so i track changes via a mutationObserver (awesome stuff for userscripts, never heard of it before) and get that running too.
The userscript got such a volume of functions in such a short time that my boss even used it to demonstrate to them what we want and asked them why they couldn't do it in a reasonable timeframe.
All in all I'm pretty proud if the script, but i hate that software companies that write such a mess of code in different coding styles all over the place even get a foot into the door.
And that's just the code part: They very veeeery often just break stuff in updates that then require multiple hotfixes throughout the day after we complain about it. These errors even go so far to break functionality completely or just throw 500s in our face. It really gives you the impression that they are not testing that thing at all.
And the worst: They actively encourage their trainees to write as much code as possible to get paid more than their contract says, so of course they just break stuff all the time to write as much as possible.
Where did i get that information you ask? They state it on ther fucking career page!
We also have reverse proxy in front of that page that manages the HTTPS encryption and Let's Encrypt renewal. Guess what: They internally check if the certificate on the machine is valid and the system refuses to work if it isn't. How do you upload a certificate to the system you asked? You don't! You have to mail it to them for them to SSH into the system and install it manually. When will that be possible you ask? SOON™.
At least after a while i got them to just disable the 'feature'.
While we are at 'features' (sorry for the bad structure): They have this genius 'smart redirect' feature that is supposed to throw you right back where you were once you're done editing something. Brilliant idea, how do they do it? Using a callback libk like everyone else? Noooo. A serverside database entry that only gets correctly updated half of the time. So while multitasking in multiple tabs because the performance of that thing almost forces you to makes it a whole lot worse you are not protected from it if you don't. Example: you did work on ticket A and save that. You get redirected to ticket B you worked on this morning even though its fucking 5 o' clock in the evening. So of course you get confused over wherever you selected the right ticket to begin with. So you have to check that almost everytime.
Alright, rant over.
Let's see if i beed to make another one after their big 'all feature requests on hold, UI redesign, everything will be fixed and much better'-update.5
It's never enough, is it?
I was going to write a simple dns server/proxy/firewallish thingy in php.
That's working. I'm adding a dashboard and api now 😅15
Co-worker: I need a proxy to do this task.
Me: Why do you need a proxy?
Co-worker: So all these reviews for the company I'm posting don't look sketchy.
Me: Download the TOR browser.
Co-worker: That's kinda sketchy I don't wanna do that.
So falsifying information about the company is okay, but using a browser to do it anonymously is right out.1
Marketing wants to remove the word "sex" from one of my slide decks.
Fuck people who get outraged for others. They are making a bad situation much worse.
Yes, there are people who get triggered by the slightest thing---but those people are going to be triggered no matter what you do. And it seems to me that I'd not want to have them as customers anyway---massive support cost.
We are in danger of washing everything until it becomes an inoffensive shade of beige.
Why do the 99% have to be bored for the 1%?
It's not like I'm doing a live demo...yet...
So, fuck outrage by proxy. If you are personally outraged then say that. If not, shut the fuck up.17
Have multiple and some server related but hereby:
I forcefully quit php on the server I use for devRant related stuffs because I wanted to quit the bakgrounded php process I had running for the dns proxy thingy since I somehow couldn't find the pid.
Two days later I noticed that none of my sites on that server where running anymore and started looking at nginx error logs.
It took me way too long to figure out that I had PHP-FPM installed which runs as a service and by forcefully quitting php the other day.... Yeah, you get it I think.
Started the process again and remembered that one 😅
I was offered to work for a startup in August last year. It required building an online platform with video calling capabilities.
I told them it would be on learn and implement basis as I didn't know a lot of the web tech. Learnt all of it and kept implementing side by side.
I was promised a share in the company at formation, but wasn't given the same at the time of formation because of some issues in documents.
Yes, I did delay at times on the delivery date of features on the product. It was my first web app, with no prior experience. I did the entire stack myself from handling servers, domains to the entire front end. All of it was done alone by me.
Later, I also did install a proxy server to expand the platform to a forum on a new server.
And yesterday after a month of no communication from their side, I was told they are scraping the old site for a new one. As I had all the credentials of the servers except the domain registration control, they transferred the domain to a new registrar and pointed it to a new server. I have a last meeting with them. I have decided to never work with them and I know they aren't going to provide me my share as promised.
I'm still in the 3rd year of my college here in India. I flunked two subjects last semester, for the first time in my life. And for 8 months of work, this is the end result of it by being scammed. I love fitness, but my love for this is more and so I did leave all fitness activities for the time. All that work day and night got me nothing of what I expected.
Though, they don't have any of my code or credentials to the server or their user base, they got the new website up very fast.
I had no contract with them. Just did work on the basis of trust. A lesson learnt for sure.
Although, I did learn to create websites completely all alone and I can do that for anyone. I'm happy that I have those skills now.
Since, they are still in the start up phase and they don't have a lot of clients, I'm planning to partner with a trusted person and release my code with a different design and branding. The same idea basically. How does that sound to you guys?
I learned that:
. No matter what happens, never ignore your health for anybody or any reason.
. Never trust in business without a solid security.
. Web is fun.
. Self-learning is the best form of learning.
. Take business as business, don't let anyone cheat you.20
When I'm on call and its weekend, I'm often a little nervous the entire weekend and time seems to go slow.
Programming on the dns proxy/firewall now and time is suddenly going quite faster.
This is a damn relieve.6
3 rants for the price of 1, isn't that a great deal!
1. HP, you braindead fucking morons!!!
So recently I disassembled this HP laptop of mine to unfuck it at the hardware level. Some issues with the hinge that I had to solve. So I had to disassemble not only the bottom of the laptop but also the display panel itself. Turns out that HP - being the certified enganeers they are - made the following fuckups, with probably many more that I didn't even notice yet.
- They used fucking glue to ensure that the bottom of the display frame stays connected to the panel. Cheap solution to what should've been "MAKE A FUCKING DECENT FRAME?!" but a royal pain in the ass to disassemble. Luckily I was careful and didn't damage the panel, but the chance of that happening was most certainly nonzero.
- They connected the ribbon cables for the keyboard in such a way that you have to reach all the way into the spacing between the keyboard and the motherboard to connect the bloody things. And some extra spacing on the ribbon cables to enable servicing with some room for actually connecting the bloody things easily.. as Carlos Mantos would say it - M-m-M, nonoNO!!!
- Oh and let's not forget an old flaw that I noticed ages ago in this turd. The CPU goes straight to 70°C during boot-up but turning on the fan.. again, M-m-M, nonoNO!!! Let's just get the bloody thing to overheat, freeze completely and force the user to power cycle the machine, right? That's gonna be a great way to make them satisfied, RIGHT?! NO MOTHERFUCKERS, AND I WILL DISCONNECT THE DATA LINES OF THIS FUCKING THING TO MAKE IT SPIN ALL THE TIME, AS IT SHOULD!!! Certified fucking braindead abominations of engineers!!!
Oh and not only that, this laptop is outperformed by a Raspberry Pi 3B in performance, thermals, price and product quality.. A FUCKING SINGLE BOARD COMPUTER!!! Isn't that a great joke. Someone here mentioned earlier that HP and Acer seem to have been competing for a long time to make the shittiest products possible, and boy they fucking do. If there's anything that makes both of those shitcompanies remarkable, that'd be it.
2. If I want to conduct a pentest, I don't want to have to relearn the bloody tool!
Recently I did a Burp Suite test to see how the devRant web app logs in, but due to my Burp Suite being the community edition, I couldn't save it. Fucking amazing, thanks PortSwigger! And I couldn't recreate the results anymore due to what I think is a change in the web app. But I'll get back to that later.
So I fired up bettercap (which works at lower network layers and can conduct ARP poisoning and DNS cache poisoning) with the intent to ARP poison my phone and get the results straight from the devRant Android app. I haven't used this tool since around 2017 due to the fact that I kinda lost interest in offensive security. When I fired it up again a few days ago in my PTbox (which is a VM somewhere else on the network) and today again in my newly recovered HP laptop, I noticed that both hosts now have an updated version of bettercap, in which the options completely changed. It's now got different command-line switches and some interactive mode. Needless to say, I have no idea how to use this bloody thing anymore and don't feel like learning it all over again for a single test. Maybe this is why users often dislike changes to the UI, and why some sysadmins refrain from updating their servers? When you have users of any kind, you should at all times honor their installations, give them time to change their individual configurations - tell them that they should! - in other words give them a grace time, and allow for backwards compatibility for as long as feasible.
3. devRant web app!!
As mentioned earlier I tried to scrape the web app's login flow with Burp Suite but every time that I try to log in with its proxy enabled, it doesn't open the login form but instead just makes a GET request to /feed/top/month?login=1 without ever allowing me to actually log in. This happens in both Chromium and Firefox, in Windows and Arch Linux. Clearly this is a change to the web app, and a very undesirable one. Especially considering that the login flow for the API isn't documented anywhere as far as I know.
So, can this update to the web app be rolled back, merged back to an older version of that login flow or can I at least know how I'm supposed to log in to this API in order to be able to start developing my own client?10
I just can't understand what will lead an so called Software Company, that provides for my local government by the way, to use an cloud sever (AWS ec2 instance) like it were an bare metal machine.
They have it working, non-stop, for over 4 years or so. Just one instance. Running MySQL, PostgreSQL, Apache, PHP and an f* Tomcat server with no less than 10 HUGE apps deployed. I just can't believe this instance is still up.
By the way, they don't do backups, most of the data is on the ephemeral storage, they use just one private key for every dev, no CI, no testing. Deployment are nightmares using scp to upload the .war...
But still, they are running several several apps for things like registering citizen complaints that comes in by hot lines. The system is incredibly slow as they use just hibernate without query optimizations to lookup and search things (n+1 query problems).
They didn't even bother to get a proper domain. They use an IP address and expose the port for tomcat directly. No reverse proxy here! (No ssl too)
I've been out of this company for two years now, it was my first work as a developer, but they needed help for an app that I worked on during my time there. I was really surprised to see that everything still the same. Even the old private key that they emailed me (?!?!?!?!) back then still worked. All the passwords still the same too.
I have some good rants from the time I was there, and about the general level of the developers in my region. But I'll leave them for later!
Is it just me or this whole shit is crazy af?3
The overhead on my JS projects is killing me. Today, I went to implement a simple feature on a project I haven't touched in a few weeks. I wasted 80% of my time on mindless setup crap.
- "Ooh, a simple new feature to implement. Let's get crackin'!"
- update 1st party lib
- ....hmm, better update node modules
- and Typescript typings while I'm at it
- "ugh yeah," revert one node module to outdated version because of that one weird proxy bug
- remove dead tsd references
- fix TS "errors" generated by new typings
- fix bug in 1st party lib
- clean up some files because the linter is nagging me
- change 6 lines of code <-- the work
FUCK YOU WORDPRESS
Omfg never been so fucking pissed in my life.
I just wasted 3 hours because this fucking bullshit rewrites the fucking URL based on the URL on a config fucking file?!!?
It fucking ignores: apache virtual host configs and nginx reverse proxy
hey everyone, I'm new to Dev rant. not quite sure what to say. so i guess I'll just observe.
Just wrote a (PHP based) proxy which can cache resources being requested and serve them to clients.
The idea is that (I'm going to write a firefox add-on for it too, yes) you can install the add-on and any resource (js/CSS, general web resources which would be downloaded off of googleapi's etc) hosted with Google would be proxied through the server running the proxy, meaning that one wouldn't have to connect to the mass surveillance networks directly anymore as for static resources.
I think checksum verify stuff would still work as the proxy is literally a proxy, the content will be identical to the 'real' resource. (Not sure about this one, enlighten me if this isn't true)
Every year my team runs an award ceremony during which people win “awards” for mistakes throughout the year. This years was quite good.
The integration partner award- one of our sysAdmins was talking with a partner from another company over Skype and was having some issues with azure. He intended to send me a small rant but instead sent “fucking azure can go fuck itself, won’t let me update to managed disks from a vhd built on unmanaged” to our jv partner.
Sysadmin wannabe award (mine)- ran “Sudo chmod -R 700 /“ on one of our dev systems then had to spend the next day trying to fix it 😓
The ain’t no sanity clause award - someone ran a massive update query on a prod database without a where clause
The dba wannabe award - one of our support guys was clearing out a prod dB server to make some disk space and accidentally deleted one of the databases devices bringing it down.
The open source community award - one of the devs had been messing about with an apache proxy on a prod web server and it ended up as part of a botnet
There were others but I can’t remember them all5
The company I work for (very big IT consultancy) has made the absolutely genius decision to put a block on the corporate proxy for GitHub. GITHUB. Because no fucking software developer ever needs to visit there. Their reason? "We don't want people publishing our intellectual property". Mate, I can fucking guarantee you that if unscrupulous bastards want to publish code against our T&C's, they will do so. Why make every body else's job harder and block it?!
But the best bit, you can submit a request (that is accepted without question) to get yourself an exemption. WHY THE FUCKING FUCK HAVE THE BLOCK IN THE FIRST PLACE THEN
Our head IT guy is over 70 years old. Our other IT guy is in his twenties. They've just hired another guy. New guy has anime characters on his car windows.
I'm made to use IE 10. Our content filter proxy is in the US. We are in the U.K. Web browsing is not fast even though we have 100Mb up and down.
I'm beginning to suspect life is a cruel joke.6
I've been pleading for nearly 3 years with our IT department to allow the web team (me and one other guy) to access the SQL Server on location via VPN so we could query MSSQL tables directly (read-only mind you) rather than depend on them to give us a 100,000+ row CSV file every 24 hours in order to display pricing and inventory per store location on our website.
Their mindset has always been that this would be a security hole and we'd be jeopardizing the company. (Give me a break! There are about a dozen other ways our network could be compromised in comparison to this, but they're so deeply forged in M$ server and active directories that they don't even have a clue what any decent script kiddie with a port sniffer and *nix could do. I digress...)
So after three years of pleading with the old IT director, (I like the guy, but keep in mind that I had to teach him CTRL+C, CTRL+V when we first started building the initial CSV. I'm not making that up.) he retired and the new guy gave me the keys.
Worked for a week with my IT department to get Openswan (ipsec) tunnel set up between my Ubuntu web server and their SQL Server (Microsoft). After a few days of pulling my hair out along with our web hosting admins and our IT Dept staff, we got them talking.
After that, I was able to install a dreamfactory instance on my web server and now we have REST endpoints for all tables related to inventory, products, pricing, and availability!
Good things come to those who are patient. Now if I could get them to give us back Dropbox without having to socks5 proxy throug the web server, i'd be set. I'll rant about that next.
I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...
#1 - Most expensive lesson learned
Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.
This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...
After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.
Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.
#2 - Hardest to find
This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.
Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.
#3 - Most elegant fix
Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.
My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.
So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.1
In a moment of boredom I decided to pen test the new system I've been writing on the live server. Ran sqlmap but forgot to proxy my connection.
DDOS protection kicked in and blocked the entire offices connection to the server, had to drive home quickly to use my home internet to un-blacklist my office ip. 😂10
Are you using socat?
Any interesting use case you would like to share?
I am using it to create fake / proxy docker containers for network testing.8
> dockerized gitea stops working 502,
> other gitea with same config works just fine
> is the same config the issue? maybe the network names can't be the same?
> any logs from the reverse proxy?
> does it return anything at all on that port?
> any logs inside the container?
> maybe it logs to the wrong file?
> no others exist
> try to force custom log levels
> try to kill the running pid
> it instantly restarts
> try to run a new instance with specifying the new config
> ignores config
> check if theres anything even listening
> nothing is listening on that port, but is listening in the other working gitea container
> try to destroy the container and force a fresh container
> still the same issue
> maybe the recent docker update broke it? try to make a new one and move only necessary
> mkdir gitea2
> all files seem necessary
> guess I'll try to move the same folder here
> it works
> it is exactly the same files as in gitea1, just that the folder name is different
Boss calls: "Can you give me more bandwith?"
Me: "I can, but the other coworkers will have issues"
Boss: "Doesn't matter, and please, lift up the proxy too"
Me: "I am sorry, but I can't, that could compromise our security"
Boss: "I am giving you an order..."
Me: "Ok then..."
Me: *proceeds to give boss more bandwith and lifts up proxy (all is lost now)*
I go to see what is the boss doing with the bandwith...he was downloading League of Legends in his personal notebook...
TL;DR: Boss asks to put company at risk for the sake of a game...3
*describes problem that a system doesn't work behind an nginx proxy, routing to another nginx instance*
*some random "expert" jumps in*
hurrdurr: It works behind nginx proxy, with APACHE, I don't even get why you would want to run nginx behind nginx omg9
Switched to DuckDuckGo, because Google thought it would be nice, to ban the Proxy IP of our company (because you know, many requests) from searching and putting us behind these captcha monstrosities. I don't want to captcha myself out of every query I have for goddamn 2 minutes with slow ass fading images.
Turns out, I like their service even more.9
First (working) attempts at writing a proxy that rewrites live requests from the devrant app, right now it only rewrites all notifications to be unread
Though the first attempt that finally works is built with mitmproxy and it's add-on scripting, plan is to get that stuff work with e.g. goproxy instead39
My school just tried to hinder my revision for finals now. They've denied me access just today of SSHing into my home computer. Vim & a filesystem is soo much better than pen and paper.
So I went up to the sysadmin about this. His response: "We're not allowing it any more". That's it - no reason. Now let's just hope that the sysadmin was dumb enough to only block port 22, not my IP address, so I can just pick another port to expose at home. To be honest, I was surprised that he even knew what SSH was. I mean, sure, they're hired as sysadmins, so they should probably know that stuff, but the sysadmins in my school are fucking brain dead.
For one, they used to block Google, and every other HTTPS site on their WiFi network because of an invalid certificate. Now it's even more difficult to access google as you need to know the proxy settings.
They switched over to forcing me to remote desktop to access my files at home, instead of the old, faster, better shared web folder (Windows server 2012 please help).
But the worst of it includes apparently having no password on their SQL server, STORING FUCKING PASSWORDS IN PLAIN TEXT allowing someone to hijack my session, and just leaving a file unprotected with a shit load of people's names, parents, and home addresses. That's some super sketchy illegal shit.
So if you sysadmins happen to be reading this on devRant, INSTEAD OF WASTING YOUR FUCKING TIME BLOCKING MORE WEBSITES THAN THEIR ARE LIVING HUMANS, HOW ABOUT TRY UPPING YOUR SECURITY, PASSWORDS LIKE "", "", and "gryph0n" ARE SHIT - MAKE IT BETTER SO US STUDENTS CAN ACTUALLY BROWSE MORE FREELY - I THINK I WANT TO PASS, NOT HAVE EVERY OTHER THING BLOCKED.
Thankfully I'm leaving this school in 3 weeks after my last exam. Sure, I could stay on with this "highly reputable" school, but I don't want to be fucking lied to about computer studies, I don't want to have to workaround your shitty methods of blocking. As far as I can tell, half of the reputation is from cheating. The students and sysadmins shouldn't have to have an arms race between circumventing restrictions and blocking those circumventions. Just make your shit work for once.
**On second thought, actually keep it like that. Most of the people I see in the school are c***s anyway - they deserve to have half of everything they try to do censored. I won't be around to care soon.**2
My Android phone is 5 years old. Everybody tell me I should buy a new one but I'm a stingy environmentalist and I refuse buying new stuff if it is not strictly necessary.
So, for 9€ I replaced the phone battery and then I installed a custom ROM, so it looks a bit newer.
Unfortunately, it seems that something in the network configuration has been fucked up.
The phone is able to browse the Internet, but:
- WiFi hotspot is not working
- USB tethering is not working
- Bluetooth tethering is not working
- PPP over USB is not working
But, hey, I never give up, so this is my current setup:
- I installed a proxy server on the phone
- I'm using "adb forward" to forward the proxy port from the phone to my laptop
- I configured Firefox to use that proxy
And, yes, I'm using that connection to write this post. :D11
Question for networking persons or persons who might know more about this than me in general.
I'm looking at setting up a server as vpn server (that part I know) which tunnels everything through multiple other vpn connections.
So let's say I've got a vps which I connect to through vpn. I then want that vps to have one or multiple connections to other vpn servers.
That way i can connect my devices to this server which routes everything to/through other services like mullvad :).
Tried it before but ended up losing ssh access until reboot 😬
Trying to learn some golang after a break.
Made http / https transparent proxy for personal project.
Mind: You need to add configuration file with domains you allow traffic and block everything else using list of regex.
Me: Ok I can do it, 4 hours later ok done
Mind: Why not make it differently by making list of url you can block and test this shit on fucking ads and stop using adblock that downloads content.
Me: ok that will be handy I can watch websites faster and drop traffic I don’t want to.
Funny fact, it works I broke analytics, logging, quantum shit fucks and even youtube plays ok.
Go is awesome for networking stuff lol.12
1. Needed to access an old SVN backup.
2. Didn't have an SVN client installed.
3. Realised GIT comes with an SVN proxy included.
Cool, I'll just quickly download the repository via SVN.
> git svn init
... git sequentially downloads each of the 1800+ revisions and applies them individually.
It's cool, I didn't want to do anything productive today anyway.3
Decided to throw pi-hole in a bin and found enough resources to throw together my own dns filter in node, which if not on the blacklist - proxies the request to an actual dns, which allows to filter given just a word too (because it's regex matching), "came up" with the idea after @Linuxxx wanted to make (or made?) some big hosts file via php matching and blocking to block anything that e.g. contains "google".
By resources I totally mean I would have ate shit, if it wasn't for: https://peteris.rocks/blog/... as most docs are absolute garbage regarding node-dns54
TL;DR : do we need a read-only git proxy
Guys, I just thought about something and this potential gitpocalypse.
There is no doubt anymore that regardless of Microsoft's decisions about Github, some projects will or already have migrated to the competition.
I'm thinking : some projects use the git link to fetch the code. If a dependency gets migrated, it won't be updated anymore, or worse, if the previous repo gets deleted, it can break the project.
Hence my idea : create some repository facade to any public git repository (regardless of their actual location).
Instead of using github.com/any/thing.git, we could use opensourcegit.com/any/thing.git. (fake url for the sake of the example).
It would redirect to the right repository (for public read only), and the owner could change the location of the actual repository in case of a migration.
What do you think ? If I get enough ++'s, I'll create a git repo about this.6
Fucking IT and their self signed corporate proxy SSL bullshit getting in the way of anything that needs to verify SSL requests,
Fuck you for making my day a slow and miserable day and having to resort to forcing rest apis and SDKs to work over HTTP instead, all in the name of “Security”.2
Might be nothing for others, but I finally published my Vue website with the following setup:
1. Vue inside docker
2. Nodejs API inside docker
3. MongoDB inside docker
4. Nginx as reverse proxy
5. Let's Encrypt
6. NO I WILL NOT SHARE THE LINK, don't want to be hacked lol and it is for personal use only.
But I'd love to thank devRant members who have helped me reach this point, two months ago I was a complete noob in Vue and a beginner in NodeJs services, now I have my own todo website customized for my needs.
Thank you :)27
So I manage multiple VPS's (including multiple on a dedicated server) and I setup a few proxy servers last week. Ordered another one yesterday to run as VPN server and I thought like 'hey, let's disable password based login for security!'. So I disabled that but the key login didn't seem to work completely yet. I did see a 'console' icon/title in the control panel at the host's site and I've seen/used those before so I thought that as the other ones I've used before all provided a web based console, I'd be fine! So le me disabled password based login and indeed, the key based login did not work yet. No panic, let's go to the web interface and click the console button!
*clicks console button*
*New windows launches.....*
I thought I would get a console window.
The window contained temporary login details for my VPS... guess what... YES, FUCKING PASSWORD BASED. AND WHO JUST DISABLED THE FUCKING PASSWORD BASED LOGIN!?!
WHO THOUGHT IT WOULD BE A GOOD IDEA TO IMPLEMENT THIS MOTHERFUCKING GOD?!?
I plan on making a proxy for my home network. Whenever you make a Google search, it will search it on duckduckgo and return the same results, but look as if it were google. Will people notice the difference?30
This is fucking bad. I just stumbled across a database online, unencrypted plain text containing ALL details of thousands of students at my university. Full names, ID number (SSN), student numbers, address, family info, medical aid info, physical fitness reports
What do I do? I was not on any VPN or proxy when I accessed it19
*Writes Voting platform*
*Uses ips to stop duplicate voting*
*Notices how lots of the IPS are similar*
Oh shit. Cloudflare HTTP proxy...
Having to create a large python script to automate the creation of Django sites because I'm leaving and they're not replacing me with a python dev.
So I have to basically create a script that creates, populates and configures 4 separate files, adds the site and its details to the nginx.conf file and everything else it might need.
It takes a minimal amount of input from the user and generates all necessary files to start a new site including Web server (gunicorn) and reverse proxy server in nginx.
I was so not paid enough for the shit I'm doing.2
My school has a proxy to block games and some other sites. I was thinking of ways to get around, when I remembered, "I don't have to code anything, I can use google translate!"7
A conversation with my dear sister...
She: Hey Davide, why does this message appear?
Message of youtube: "This video is not available in your country"
Me: It means that whoever uploaded the video wants to reproduce it only in the country chosen by him during the upload.
She: Ah, but how can I do to see it?
Me: You have to go through a proxy. Wait a minute... I arrive...
She: But using the incognito mode could not work?
Me: No 😑😑
Me (thinking): No please... no... please... what was the question? No...
I like you anyway ❤3
weather is beautiful, sun is shining, I am feeling mischevious. Shall I block stackoverflow on our proxy on Monday?2
Yesterday evening I began working on an SSL proxying system for dynamic domain names using Let's Encrypt. I finished just a few hours ago and it's working flawlessly!3
So as all of you web developers know. If you are stepping into the world of web development you stepping into a world of unlimited possibilities, opportunities and adventure.
The flip side is that you step into a world of unlimited choices, tools, best practices, tutorials etc.
Since even for a veteran programmer, this is a little overwhelming, I'd like to take the opportunity to ask you guys for advice.
I know that 'there is no best' and that everything 'depends on what you want to achieve'. So how about just say the pro's and cons or when to use and when not to use. Or why you prefer one over another. Everything is allowed! :D
Maybe it will help others too. Start a nice, professional discussion:)
These are the parts I'd like advice about:
- frontend: what frameworks, libraries
- backend: language, framework, good practice
- server: OS, proxy (nginx, Apache, passenger), extra tips (like don't use root user)
- extras: git, GitHub, docker, anything
Thanks in advance everyone willing to help!:)
Also, if you only know frontend or backend. No worries, just tell me about your specialism!6
So, there was an art student yesterday at my dorm complaining about free speech etc. She told me that they where trying to bring the schools proxy down.
I was pretty impressed because it's an art student!
She then proceeded to tell me she had downloaded kali linux and was learning html...3
Today the corporate proxy decided to flake out on me. Every single external site was blocked.
I was shown a very helpful page informing me the site I wanted to visit was blocked. If I had legit need to access the site or believe the site was blocked in error I could contact IT via a helpful link.
And yeah, the IT support site was blocked by the proxy too.1
I just got my Python project working on my new work PC!!! It took all morning 😂😂😂😂😂
I had to basically hack my company so I could do my job.
More specifically, I had to install a proxy server so Python, and other CLI tools, could access the internet via our company's NTLM/web proxy server.... After some IT morons reconfigured it... without testing or providing us a way to continue using it...1
Using mongodb for one product
A colleague as experimenting with elastic search (I think it was).
It installed a proxy around the collection to get all events for the external search storage.
Worked well, but it was just a test so once done we removed it
But thats where it got scary.
When we removed the proxy through the search dashboard it dropped the underlying collection of live data!!!
A collection it did not create.
Hows that for bad UI.
Always experiment on a separate db server.
Network Security at it's best at my school.
So firstly our school has only one wifi AP in the whole building and you can only access Internet from there or their PCs which have just like the AP restricted internet with mc afee Webgateway even though they didn't even restrict shuting down computers remotely with shutdown -i.
The next stupid thing is cmd is disabled but powershell isn't and you can execute cmd commands with batch files.
But back to internet access: the proxy with Mcafee is permanently added in these PCs and you don't havs admin rights to change them.
Although this can be bypassed by basically everone because everyone knows one or two teacher accounts, its still restricted right.
So I thought I could try to get around. My first first few tries failed until I found out that they apparently have a mac adress wthitelist for their lan.
Then I just copied a mac adress of one of their ARM terminals pc and set up a raspberry pi with a mac change at startup.
Finally I got an Ip with normal DHCP and internet but port 80 was blocked in contrast to others like 443. So I set up an tcp openvpn server on port 443 elsewhere on a server to mimic ssl traffic.
Then I set up my raspberry pi to change mac, connect to this vpn at startup and provide a wifi ap with an own ip address range and internet over vpn.
As a little extra feature I also added a script for it to act as Spotify connect speaker.
So basically I now have a raspberry pi which I can plugin into power and Ethernet and an aux cable of the always-on-speakers in every room.
My own portable 10mbit/s unrestricted AP with spotify connect speaker.
Last but not least I learnt very many things about networks, vpns and so on while exploiting my schools security as a 16 year old.8
I'll just start off with how I really feel. Fuck big corporations with their career robots and retarded practices!
Now for a story. So I work remotely for most of the time nowadays, since my company has as clients big corporations. Used to be embedded with said clients, but it became kind of painful to work with them all so I asked to be reassigned to a remote position.
Now for the retarded part: The fucking Klingons I'm working with have two tiers to their VPN, but won't let me have the full version because it would be too fucking expensive. I checked and it's fucking 50 bucks per year difference.
So for that the Klingons are making me code through a remote connection that has a "best effort" priority.
Anyway after 3 weeks of writing code at a 400-600ms latency I finally snap.
I try to use a proxy and it. I write one myself, gets balcklisted in 2 days.
After about another week of writing code through a fuck straw I start working on node socket with 2 clients and a server that encrypts the send data, and syncs 2 folders between my workstation and the remote one.
It's been a month now and it is still working. It's not perfect, but I can at least write code without lag.
Question for you peeps: What shenanigans have you pulled to bypass shit like this?4
I get an email about an hour before I get into work: Our website is 502'ing and our company email addresses are all spammed! I login to the server, test if static files (served separately from site) works (they do). This means that my upstream proxy'd PHP-FPM process was fucked. I killed the daemon, checked the web root for sanity, and ran it again. Then, I set up rate limiting. Who knew such a site would get hit?
Some fucking script kiddie set up a proxy, ran Scrapy behind it, and crawled our site for DDoS-able URLs - even out of forms. I say script kiddie because no real hacker would hit this site (it's minor tourism in New Jersey), and the crawler was too advanced for joe shmoe to write. You're no match for well-tuned rate-limiting, asshole!1
Using angry standard;
cout << "So my mom recently started "exploring the web". I'm sure you already know where this is going; she ended up signing up for a free trail of some diet pills with her credit card on some sketchy website. The website never sent any product but attempted to charge her card over $300 multiple times. My mom's bank noticed and froze the account. She has now opened an investigation with the banks fraud department and is awaiting response. I took the liberty of running a whois look up and found the companies website is held by GoDaddy and is hiding behind Domains by Proxy (GoDaddy's sysadmin hider). I'm angry that she's in this situation but I have no idea of how to uncover the real company behind the diet pills site." << endl;
Has been a long time since I'm appreciating working with GRPC.
Amazingly fast and full-featured protocol! No complaints at all.
Although I felt something was missing...
Back in the days of HTTP, we were all given very simple tools for making requests to verify behaviours and data of any of our HTTP endpoints, tools like curl, postman, wget and so on...
This toolset gives us definitely a nice and quick way to explore our HTTP services, debug them when necessary and be efficient.
This is probably what I miss the most from HTTP.
When you want to debug a remote endpoint with GRPC, you need to actually write a client by hand (in any of the supported language) then run it.
There are alternatives in the open source world, but those wants you to either configure the server to support Reflection or add a proxy in front of your services to be able to query them in a simpler way.
This is not how things work in 2018 almost 2019.
We want simple, quick and efficient tools that make our life easier and having problems more under control.
I'm a developer my self and I feel this on my skin every day. I don't want to change my server or add an infrastructure component for the simple reason of being able to query it in a simpler way!
However, This exact problem has been solved many times from HTTP or other protocols, so we should do something about our beloved GRPC.
Fine! I've told to my self. Let's fix this.
A few weeks later...
I'm glad to announce the first Release of BloomRPC - The first GRPC Client GUI that is nice and simple,
It allows to query and explore your GRPC services with just a couple of clicks without any additional modification to what you have running right now! Just install the client and start making requests.
It has been built with the Electron technology so its a desktop app and it supports the 3 major platforms, Mac, Linux, Windows.
Check out the repository on GitHub: https://github.com/uw-labs/bloomrpc
This is the first step towards the goal of having a simple and efficient way of querying GRPC services!
Keep in mind that It is in its first release, so improvements will follow along with future releases.
Your feedback and contributions are very welcome.
If you have the same frustration with GRPC I hope BloomRPC will make you a bit happier!2
So, last night I came home from work and "Kung Fu Hustle" was on (cable). I watched it for like ten minutes and then turned it off. Didn't even think about it after.
Just a couple of hours ago I was on YouTube and a clip from that movie came up as a suggested video. On a browser where I'm not logged in. On a computer that's not mine. That is behind a proxy server. That is in a continent far away from me.
Am I crazy or that is actually Google doing that?10
This is how I figured out I figured out how to fix my proxy settings.
Can not Netflix and chill (work) anymore.
FYI. Copied from my FB stalked list.
Web developer roadmap 2018
Common: Git, HTTP, SSH, Data structures & Algorithms, Encoding
Back-end: PHP, Composer, Laravel > Nginx, REST, JWT, OAuth2, Docker > MariaDB, MemCached, Redis > Design Patterns, PSRs
DevOps: Linux, AWS, Travis-CI, Puppet/Chef, New Relic > Docker, Kubernetes > Apache, Nginx > CLI, Vim > Proxy, Firewall, LoadBalancer
I've seen some rants about people complaining about websites using the 'www' subdomain, so I'd like to take this opportunity to try to explain my opinion about why sites might use it.
I use to feel the same way about not having the www subdomain. It felt like an outdated standard that serves no purpose. But I have changed my option...
Sometimes certain servers have other services running other than just the website, such as ssh, ftp, sql, etc., running on different ports. What if you want to use a web proxy and caching service similar to cloudflare or a cdn? We'll you can't, because they won't allow traffic to flow through to your other ports.
That's where the www subdomain comes in. Enable your caching and cdn on your www subdomain, and slap a 301 redirect from your primary domain on port 80 or 443 to the www subdomain. This still allows you to access your other services via the domain name while still gaining the benefits of using a cdn.
Now I know you could use an 'ftp' subdomain or the like, but to each their own in that regard.7
Just a rant... It really sucks to work with maven on a security-paranoid financial institution enforcing ntml proxy auth...
Also usb ports disabled... :(5
A lot of things dev say are true, but this one I don't believe as much:
Many devs say that it's important for everybody to learn a bit of a basic programming language, to learn about computers and how programs are made. I disagree, I think that instead people should learn *how* things work. Ex, in my school people always use a VPN to get around the proxy. I don't care if they know basic statements, I think it's more important to learn how a VPN works. Most of them don't even know what VPN stands for. Am I the only one?3
Being a sysadmin can be the most frustrating thing ever, but it's worth it for those moments when you feel like an absolute ninja.
Switched from single threaded gevent server to an nginx configuration, added ssl, and setup a reverse proxy to flask socketio, all with less than 10 minutes aggregate downtime. On the prod server. \o/3
Networks in which web traffic is filtered via proxy basing on keywords in the URL, UDP is blocked, VPNs IPs are blocked, and even the damn rsync protocol is blocked. I can't even update my flippin' OS.
And the WiFi signal goes on and off randomly the whole day.
Screw you, local admins. Screw you.2
Yeah, sitting on a chainsaw is painful and all but have you ever tried setting up wordpress behind a reverse proxy with https?3
How deep does the rabbit hole go?
Problem: Convert numpy array containing an audio time series to a .wav file and save on disk
Me: pip install "stupid package"
Console: Can't pip, behind a proxy
Me: Finds workaround after several minutes
Conversion works, but audio file on disk doesn't work
Encoding Error only works with array of ints not floats
BUT I NEED IT TO BE FLOATS
Looks for another library
scikits.audiolab <- should work
Me: pip --proxy=myproxy:port install "this shit"
Command Line *spits back huge error*
Googles error <- You need to install this package with a .whl file
Me: Downloads .whl file <- pip install "filename".whl
Command Line: ERROR: scikits.audiolab-0.11.0-cp27-cp27m-win32.whl is not a supported wheel on this platform.
Googles Error <- Need to see supported file formats
Me: python -c "import pip; print(pip.pep425tags.get_supported())"
Console: AttributeError: module 'pip' has no attribute 'pep425tags'
Googles Error <- Use another command for pip v10
Me: python -c "import pip._internal; print(pip._internal.pep425tags.get_supported())"
Me: pip install "filename".whl
Me: *spends 30 minutes to find directory where I should paste .dll file*
Finds Directory (was hidden btw), pastes file
Me: Runs .py file
Console: from version import version as _version ModuleNotFoundError: No module named 'version'
Googles Error <- Fix is: "just comment out the import statement"
Unfortunately this shit still didn't work after two hours of debugging, lmao fuck this7
I work as a .Net consultant. Currently I am at a company that blocks all sociale media sites and sites that look like 'em. I don't mind the social media, but YouTube is also blocked and I need my dose of daily epic music world while developing. So, I set up a proxy on my server to easily bypass these blockades. Note: company policy says nothing about not being allowed certain websites, I always read this before using this trick.
Last week, a new guy joined the company and gets a desk just next to me. After a lot of looking at my screens and trying stuff he asks me for the entire office: "Hey how are you going on YouTube? It doesn't see to work for me.". 😫
The rest of the day, I had to explain to co-workers what a proxy is (they don't care about any tech they don't need...). And I had to explain to the pm that I was not hacking their network...
I'm not sure if I will be getting along with this new guy.... 😧1
I've been working on a web accelerator proxy for two days now, I got the backend done and extension is in the works.
However I kinda need help with the extension (Im not exactly proficient with extension making) so if you wanna help the link is https://github.com/sr229/filo
The main inspiration for this is basically my shitty 3G connection and my country's likewise shitty internet situation. It's like Data saver but it works on https as well2
F**king hate Windows for its insanely confusing proxy setup required for software development...
> Setup proxy in Windows network settings
> Then, setup HTTP_PROXY & HTTPS_PROXY environment variable at the system/user level.
> Followed by separate proxy settings for java, maven, docker, git, npm, bower, jspm, eclipse, VS Code, every damn IDE/Editor which downloads plugins...
> On top of everything, find out the domains which does not need to go through proxy and add them to NO_PROXY.. at each level..
> It does not end here. Sometimes, I need to setup proxy for SSH connections... like, if I have to use git with SSH and not HTTP/S... Uhhh....
More than half of the problems me and my dev team face is related to setting the right proxy. Why can't it be like, set in one place and everything picks up from there, like in any linux machine or for God's sake, a Mac ?
Worst of all is, my org uses a configuration script, which resolves into a list of proxy servers, from which one of them will be used. So, I need to download that script, find out which is the right proxy server and then, use it in all the aforesaid places... WTH ?????
Is this a common workplace problem for all developers ??? Will this be solved by Windows Subsystem for Linux ???10
Managed to find an advantage of IE, and it's not for downloading Firefox or Chrome.
Nah, I just discovered that you can actually add a shortcut on your bar task on Win7 with the favicon of the website (I guess it's the favicon), and IE will directly open to it with slight minor color changes.
So now when I need to check if any commit were made on the repository, I have a shortcut to the website so I can check fastly o/
(why I use IE for that ? Because Firefox and the proxy have some issues, and I had bad experience with Chrome. ¯\_(ツ)_/¯ But IE does the small job I give him, so I don't complain)1
It's frustrating when network guy blame tomcat is not running and hence something wrong with application without fucking checking proxy settings. Fucking waste my 2 hours and in the end he looks like idiot. Good Morning.
Since, I am already using Mullvad's vpn service, I also stumbled on https proxies.
Is it still safe to enter my devRant login data, when I would use a https proxy in FF's settings?
The Proxy is a free elite https proxy.
And devRant also uses SSL.
The traceroute would seem like this I guess.:
VPN(*le me sendin my password -> SSL Proxy -> SSL DevRant)
Following that path, I would assume that it would be like this in detail:
-PW gets encrypted by VPN service
-" " " again " HTTPS Proxy
-" " " again " devRant itself9
Alrighty. So websockets don't like to forward through Apache2's reverse proxy. Nginx here we come...
Linuxxx I need yo help pls15
That FML moment when you find after hours of debugging that the fucking college proxy was the only reason your project was not running.
So for those of you keeping track, I've become a bit of a data munger of late, something that is both interesting and somewhat frustrating.
I work with a variety of enterprise data sources. Those of you who have done enterprise work will know what I mean. Forget lovely Web APIs with proper authentication and JSON fed by well-known open source libraries. No, I've got the output from an AS/400 to deal with (For the youngsters amongst you, AS/400 is a 1980s IBM mainframe-ish operating system that oriiganlly ran on 48-bit computers). I've got EDIFACT to deal with (for the youngsters amongst you: EDIFACT is the 1980s precursor to XML. It's all cryptic codes, + delimited fields and ' delimited lines) and I've got legacy databases to massage into newer formats, all for what is laughably called my "data warehouse".
But of course, the one system that actually gives me serious problems is the most modern one. It's web-based, on internal servers. It's got all the late-naughties buzzowrds in web development, such as AJAX and JQuery. And it now has a "Web Service" interface at the request of the bosses, that I have to use.
The programmers of this system have based it on that very well-known database: Intersystems Caché. This is an Object Database, and doesn't have an SQL driver by default, so I'm basically required to use this "Web Service".
Let's put aside the poor security. I basically pass a hard-coded human readable string as password in a password field in the GET parameters. This is a step up from no security, to be fair, though not much.
It's the fact that the thing lies. All the files it spits out start with that fateful string: '<?xml version="1.0" encoding="ISO-8859-1"?>' and it lies.
It's all UTF-8, which has made some of my parsers choke, when they're expecting latin-1.
But no, the real lie is the fact that IT IS NOT WELL-FORMED XML. Let alone Valid.
THERE IS NO ROOT ELEMENT!
So now, I have to waste my time writing a proxy for this "web service" that rewrites the XML encoding string on these files, and adds a root element, just so I can spit it at an XML parser. This means added infrastructure for my data munging, and more potential bugs introduced or points of failure.
Let's just say that the developers of this system don't really cope with people wanting to integrate with them. It's amazing that they manage to integrate with third parties at all...2
So there I am sitting in front of my laptop, and trying to npm i and I am getting all sorts of sha mismatch errors.
After lot of debug I conclude it is coming from the proxy as it refuses to download and supplies the error page.
It says it's because I'm using the old proxy so they give me the new URL which I set up and it works.
All good until my password expires. I use our bash script to change it. NPM is buggered again throwing the same errors.
Go to IT, tell them the saga begins.
After a countless hours of looking at the log files we notice that the npm registry is set to http instead of the standard https (thanks bash script). so our firewall blocks the download.
Almost. NPM now works fine, but when I go and I play around with node and axios, I get my requests time out. My instinct says its the bloody proxy again.
So I hit up my trusted WIN Support guy and he confirms that the url is not blocked. So he starts monitoring whats going on and turns out, every time I run the node app, node casually ignores the system-wide proxy settings and tries to send the request as the PC rather then my username.
Since the pc's don't have rights on the proxy it is being refused...
Thank fuck for the corporate proxies, without them, I could just develop things not ever learning these quirks of node...3
I spent hours trying to enable CORS on AWS Lambda through API gateway (it was supposed to be simple and Amazon had a nice tutorial) but it turns out that there's a known bug that makes Lambda Proxy Integrations not adhere to any setting in the API Gateway, you have to respond with the headers through the Lambda yourself.
Amazon now mentions this in the tutorial, but if you click "Enable CORS" in API Gateway, it'll show you green check marks and tell you that everything went fine, but you'll find that the Lambda does not respond with the CORS headers. They shouldn't even have "Enable CORS" as an option when you use their Lambda Proxy Integration.1
so I installed nginx on my server this week. I feel like a giddy kid now installing one self hosted app after another. REVERSE PROXY ALL THE THINGS!
Right now I have reviewboard and drone (drone.io) installed. Any of you guys have suggestions for other cool stuff to try out? Mostly interested in something with a web API that can do fun stuff :)3
"We want you to run the site"
"We want you to run the site."
Loop this a few times. Can't say I didn't try to save them the money...2
Chrome 63 forces .dev domains to HTTPS via preloaded HSTS.
Well, FUCK YOU google. Why do you even give a shit of my local proxy.14
I have a gitlab instance behind a reverse proxy at gitlab.mydoman.pizza (yeah my TLD is .pizza 😎🍕). I have a personal site hosted on GitHub pages. I have a CNAME record in GitHub repo pointing to mydomain.pizza. I have 4 A records on my domain registrar pointing to the GitHub pages server IP addresses. now both mydomain.pizza and myusername.github.io both go to my gitlab instance??¿¿ what the fuuuuuckkkkk?¿?¿3
Long time stalker, but I finally signed up! Maybe I have dragged it out to not get too addicted, but it seems like that plan has failed.. ;)
Now for the question:
Can anyone recommend a VPN provider (well, functionally proxy) that works in (South) China these days? Because of the holidays the CCP is blocking everything they can to ensure that.. well let's not get political.
Priorities: Reliability > Privacy > Cost (trial or guarantee would be great though)
Docker with nginx-proxy and nginx-proxy-le (Lets Encrypt) is fucking awesome!
I only have to specify environment variables with email and host name when starting new containers with web servers, and the proxy containers will automatically make a proxy to the new container, and generate lets encrypt ssl certificates. I don’t have to lift a fucking finger, it is so ducking genius2
- Implemented oauth1 - no body hashing
- URL contains credentials in plain text
- Used Azure API management feature as a proxy of the our API, however the documentation was on the our API, thus exposing the API URL with no management to developers.
- easy resource DDoSing because each trial user got a DB, the registration process did not have bot checks. You could literally freeze the db instance by spamming registration requests.
Started a new job as a dev. First days revealed no local admin rights, no right to use Linux locally and a very limited set of Software. Negotiated compromise to get a remote VM with Linux and a user who is part of sudo. VM turned out to be isolated by proxy, so I can not install anything new. At least Docker is pre-installed and I hoped it could work out. But guess what no access to dockerhub and I can not pull any images. Admin told me to copy manually the images with scp.
I'd never thought that there could be any companies out there who treats devs like that. What puzzles me most, there're lot of devs staying with that company for years, even decades already and they're good guys, please don't get me wrong.
Did you encounter anything like that? Could you make any difference there, where you met anything like it.
I reached the point after 3 weeks where I do not think I can make any difference and when it'll take ages to move people and company policy.
I do not want to give up, but I fear it is pointless to fight for change there. I am out of options and about to leave asap. Can you recommend me anything else?
Thanks in advance and for your time :)
Felt good to write it down.14
Fucking spent already 2 days trying to proxy pass deluge webui from an internal windows server via nginx, the fucking tab title changes to "deluge webui" but all the files get 404d and since I can't configure another nginx to do try_files on the windows server, I am stuck, for fucks sake.11
My client installed a new proxy that severely blocks out most of their own intranet, including their IT service desk. We can't raise tickets to let them know and their email just redirects us to their service desk. Fuck me these guys are idiots.
I am forced to work with a client's notoriously slow SOAP api. Slow in this case is 1.5-2s per request.
The api is structured rather... creatively... at the same time. So we have to bombard it with thousands of requests to build our data base with historical SOAP data. Also the data sometimes is a couple of hours late, giving a flat line (all values at 0) until retroactively fixing the output for the same requests.
So to fill one dev data base with a year's worth of historical data (nice to have when testing a dashboard application) we hammer the api with ~20k requests (~1 million if we want to be thorough).
Best thing about that: There is no staging/test api and the prod api seems not to handle lots of requests at the same time very well...
Latest thought: Maybe we could put a varnish cache in front of the SOAP for testing. Better have wrong data, than nothing at all and we don't kill the prod clients every time we ramp up a new instance.
Also that would dramatically decrease the 4.2 hours of data pumping to about 7 minutes after the first run.
This is PART 2/2 of a series of rants over the course of a software engineering course years ago.
We were four team members, two had never failed a class, I’ll refer to them as MT and FT, male and female top students, respectively, and an older student with some real world experience who I’ll refer to as SR.
Rant 6: After the previous drama MT built the groundwork for the project without allowing us to intervene for a week. When he finally disclosed his code he gave us tasks and I was stuck unable to run the new project, due to the friction with MT I asked SR for help which took a couple of days. MT accused us of not wanting to work and claimed he’d just do everything himself. I continued working on the task improving MT’s code and committed the work, which surprised MT and told me I didn’t have to do it. He ended up complimenting my code and complained less about me as a result.
Rant 7: MT kept giving SR flak for not working and took him out of the repo, which I promptly forked just in case he tried anything scummy. SR was indeed working on certain things, but he wasn’t listening to MT’s demands, there was no team coordination. I had to act as a proxy and push some of SR’s changes myself while informing him of the state of things.
Rant 8: When MT finally added SR back and some of the tasks were cleared up, FT didn’t cooperate. She seemed to have zero initiative and always relied on MT to tell her what to do, which didn’t include coordinating with SR to get the front-end templates running. I tried getting them in a group chat but it didn’t work, she just ignored him.
I learned a few things from that.
1. No matter how smart or experienced someone may seem, sometimes people are just petty or take things too personally.
2. Top students are sometimes too focused on their grades and disregard depth of knowledge and work quality.
3. A bad team at college can somehow make something acceptable if everyone works on things that add some kind of value.1
With a recent HAProxy update on our reverse proxy VM I decided to enable http/2, disable TLS 1.0 and drop support for non forward-secrecy ciphers.
Tested our sites in Chrome and Firefox, all was well, went to bed.
Next morning a medium-critical havock went loose. Our ERP system couldn't create tickets in our ticket system anymore, the ticket systems Outlook AddIn refused to connect, the mobile app we use to access our anti-spam appliance wouldn't connect although our internal blackboard app still connected over the same load balancer without any issues.
So i declared a 10min maintenance window and disabled HTTP/2, thinking that this was the culprit.
Nope. No dice.
Okay, i thought, enable TLS 1.0 again.
Suddenly the ticket system related stuff starts to work again.
So since both the ERP system and the AddIn run on .NET i dug through the .NET documentation and found out that for some fucking reason even in the newest .NET framework version (4.7.2) you have to explicitly enable TLS 1.1 and 1.2 or else you just get a 'socket reset' error. Why the fuck?!
Okay, now that i had the ticket system out of the way i enabled HTTP/2 and verified that everything still works.
It did, nice.
The anti-spam appliance app still did not work however, so i enabled one non-pfs cipher in the OpenSSL config and tested the app.
Behold, it worked.
I'm currently creating a ticket with them asking politely why the fuck their app has pfs-ciphers disabled.
And I thought disabling DEPRECEATED tech wouldn't be an issue... Wrong...
While setting up a node app while sitting behind draconian proxies:
- first, set $http_proxy & $https_proxy
- set git proxy
- then, npm proxy, jspm proxy and bower proxy
- followed by strictSSL to false.....
After moving to home network/VPN, change all of these proxies again. It is a never ending vicious circle :(1
to;dr: I think I'm retarded. I don't know how to networking.
got Proxmox set up on my server... sorta. I suck at networking. I bought a domain name, and I'm trying to have each container have a subdomain of the domain name I bought. each container has a unique internal IP address, but they all share the host's public IP address. so after a couple hours of googling, I THINK what I need to do is run a reverse proxy server on the public IP and route each subdomain manually to an internal IP address with something like nginx..... or am I retarded?4
How would you support multiple versions of an API and why?
- Multiple version instances behind a load balancer.
- Versioned controllers behind a proxy.
Curious to hear yours thoughts and reasoning.2
Not really hacking, but every time I work from home(a couple times a week), in lieu of using my company's VPN, I connect to the company network with an SSH reverse tunnel. To make this possible, I wrote a port knocker that runs in a tmux session on a server inside the network. It tries to connect to a high-numbered port on my home machine, and if successful it opens the reverse tunnel. At home, I manually run a script that opens that port and informs me when the reverse tunnel is established.
Then I open an SSH socks5 proxy and use that in my Firefox dev edition, which I use entirely for work.
This is actually much easier than using the actual VPN.
One day I helped another teacher with setting up his backend with the currently running Nginx reverse-proxy, peace of cake right?
Then I found out the only person with ssh access was not available, OK then just reset the root password and we're ready to go.
After going through that we vim'd into authorized_keys with the web cli, added his pub key and tried to ssh, no luck. While verifying the key we found out that the web cli had not parsed the key properly and basically fucked up the file entirely.
After some back and forth and trying everything we became grumpy, different browsers didn't help either and even caps lock was inverted for some reason. Eventually I executed plan B and vim'd into the ssh daemon's settings to enable root login and activate password authentication. After all that we could finally use ssh to setup the server.
What an adventure that was 😅4
When people are thinking that just by deleting UIDAI number ,their phone is hack free now.🤣🤣
today I thought writing a quick project, a youtube proxy server, as in, you browse localhost:<PORT> and youtube comes in the response.
this is not rocket science as proxy servers have around for a long time.
I thought it'd be interesting to code it in userland, as opposed to "systemland".
And 50 lines of code and some minor hurdles later I see youtube "running" in localhost.
Although youtube didn't just work as usual since the videos don't actually come from youtube.com, but from googlevideo.com instead. And my browser, expectably, enforces CORS and forbids any requests to it.
At that point I started to think of ways to somehow proxy googlevideo.com too. But the solutions are not at all trivial.
Then I thought what was the payoff of all this. I tried to proxy serve youtube out of curiosity, and sure thing, you can do it.
But what problem would proxying youtube solve? Maybe I should think in a fuller way what are the problems I have with youtube.
One issue I have is the exposure, discoverability. To explain it, let's say I have been watching a very, very big amount of videos as of today.
Personally I would expect youtube to understand very well by now what my tastes are, what do I want to watch and what I do NOT want to watch.
Notice that I am very black and white, and I do not have much interest in watching certain types of videos.
It could be true that if my expectations of how youtube should work became reality then youtube recommendations would become polarizing or echo chambering.
But that is my decision though, and the problem with youtube is that it's seemingly forcing a single recommendations algorithm onto everyone.
Some people are more open minded and want to watch EVERYTHING, and a lot of people don't.
But users aren't deciding what they should get recommended. Youtube is making that decision for them. And it sure feels like it's trying to maximize ad revenue.
I for one don't give two flying fucks about pranks or diva youtubers. Yet youtube is adamant in presenting some of these to me.
Now, trying to come up with a solution for this is really non trivial. It would definitely require some youtube mining, or some kind of network so as to not get rate limited when mining, and even then you still have to think of how a good recommendation system would work.
I think the implementation of all that would be too much for me (time and skill wise). But I think it's fun to at least try to outline how recommendations could work.
I would very much prefer that when youtube recommended something, at least it has some number of confidence meaning how much would I like that video, so at least I know what to expect.
It should also have some indicators like what is the mood of the video. As in, sometimes I watch youtube in the mood of learning, like programming videos, but most of the time I watch to get entertained.
These ideas are just brainstorms and could be terrible on reproduction, but I'd like to hear what ideas can some of the people here can come up with.3
Unable to access cpanel/whm due to IP changed error.
me : please connect me to networking team (out sourced)
hr : why ?
me : I have some issue to access cpanel. I contacted to hosting comapny but it is not their fault so may be it's our network issue.
hr : explain me in details.
me : ok
from morning I am trying to access whm because our website is out of bandwidth limit and showing 509 error ,I contacted to hosting comapny but they explained me problem from our side. SO i wanted to talk with network team about this issue because I am not using any proxy or vpn even my tor browser is off too still ip chaged error giving frustation. second reason I am frusted that my public IP and private IP is not chaged.
one more your windows pc freeze 3 times from morning.
do you need in detailed technical reason why I want to talk with them.
hr : no no no *hang up*
after 2 minute *my landline ring*
hr : network engineer on other side.
Today I had a full-day job interview for a junior data scientist position.
First I met the team which was only like half of everyone because apparently everyone was gone on Fridays. However the few there were really nice.
First task is to do some basic data analysis stuff even though I already spent a week on the coding challenge and sent them all my code/tasks. I log into my machine and create a new virtual environment but can't for the life of me figure out how to use the command line in windows to install packages. Turns out there is some problem with their proxy and they have to log me in on that. Then I am struggling on the keyboard because it's for a language different that my mother tongue and it takes me 3x as long to so the most simple things. All my shortcuts are out the window. Haven't a hard time typing parentheses and brackets. Start freaking out and have a panic attack mid task. I'm sweating bullets. I didn't even make it to the simple visualization tasks much less the models at the end. Time gets called and we all go to lunch and I'm freaking out on the inside the entire time. Angry at myself because I know I am better and just couldn't think.
After lunch I present my code and results from a coding challenge I did weeks prior. People from other teams get invited and I end up getting grilled for 2 hours by 15 people. Questions are flying in from all sides. They ask me almost everything I know about machine learning and some more. Under stress I forgot the name of the optimizer I used and couldn't answer some easy stuff because my mind was racing.
Right now I am on the train home and my body physically hurts. I am disappointed with myself and wish I could have shown up better. Never really froze up like this before.2
So I reverse engineered the
protocol of QONQR: World in Play and made a mitmproxy addon running locally inside termux that can see when I launch in the game and uses Termux:API to notify me when my ingame resources are replenished.
I direct the traffic through mitmproxy using Drony. I configured it so that by default Drony passes traffic directly to the internet except if it comes from the QONQR app.
The problem is that while Drony is running, there is a chance of network traffic being corrupted so I often get spammed by connection and ssl errors.
So I have to either continue sacrificimg my network integrity or stop getting assistance ppaying QONQR :-/
Does anyone know an alternative to Drony (basically an app that can connect you to a proxy without root using the android vpn api, if possible with filtering by app or ip)?
Also does anyone else have problems with drony on Android 9 or other versions? I don't really have an opportunity to test it.
Edit: It only took 4 tries to post this yay3
I have a dream, that one day I'll be able to work normally without the FUUUCKING corporate proxy blocking every shit1
Just found a tutorial on DigitalOcean to setup traefik so I can easily make my images accessible to the outside.
"So create this file, add this in it, create this proxy, run this long ass command, and when you go to 'https://monitor.example.com', you should get this dashboard"
Got "This website is not available".
Having a shit of a time trying to figure out why Docker containers are not accessing other containers via domain names as they should technically be going through the jwilder nginx proxy container.
Why can't environment setups ever be simple?
At this point of my side project I wanted to check out openresty for dynamic proxy creation in nginx.
Happy to check it out I installed centos 7 as guest using new command I just learned virt-builder that would automate vm creation.
Spend 10 hours debugging why I can ping and ssh but cannot get to application port from any network.
Checked iptables, restarted network, reinstalled vm again 3 times with different methods.
Scrolled trough whole internet and it’s mostly outdated problems.
Learned bunch of new commands without new results.
Results were always the same:
No route to host.
Turned out firewalld is fucking thing now.
systemctl firewalld stop helped
Now I know that systemd would kill me at some point for sure.
What I can add at this point ?
Please add more distros, differences, standards and programming languages so world definitely would be better place.
I need a short break now to actually start making shit that I wanted to start at 4-5pm on Saturday.
It’s Sunday 3:30am and time for breakfast.
At least I am happy it started working.2
Playing around with a POC I'm doing for work, and it works so well I got an IP ban from one of my favorite websites for a massive amount of requests they got from me
I‘m currently writing a http proxy server (something like the proxy mod in Apache, but more special). One the one hand is is nice that HTTP 1.1 can use one TCP connection multiple times, but on the other hand it is very annoying. Because I need to rewrite the Host header. And therefore I need the start of the HTTP header. I solved it after some time, but now my code is more complicated than before.
Built a pFSense box for home with said proxy. Even though my internet connection is slow it seems fast now thanks to squids MITM https proxy and http proxy. Plus a little QoS helps. And it has so many more features than a regular router.... WTF didn't I do this sooner?4
I just woke up from a lucid dream.
I could really control the situation, but it was fun telling my mate how IT stuff works LOL.
It's 3.22 am for me rn.
I fucking told my classmate how the proxy server at our school works. How the packets are being sent and received, how they get cached at the proxy server and through how many nodes they approximately get.
PS: I don't have a rubber ducky or whatever you call it to tell the problems of the program to it.11
finally got my server up and running with a configuration I'm happy with! running Proxmox VE on the host, and each application in an LXD Linux container within Proxmox, and a reverse proxy server on the host to route subdomains to internal container IP addresses. check out what I've got running! https://mjones.pizza2
The weekend is finally over, I have updated my Web Proxy and built an entire blog to post on and applied for a bunch of ad-networks.
I think I have been rather productive ☺
Today I'm bringing a tool for you guys, mount servers with old phones Or have servers in your phone for testing.
Tool: Servers Ultimate Pro
Note1.: Doesn't handle well above android 6+, So test one of the free servers you're intending to use before buying.
Note2.: This App costs around 10€/$ but you can get single App servers for free (I think even html + php + mysql package for free).
Not promotional, I'm just a user that loves this App.
I already talked about this a few times (usually I just call the cell phone I'm using my web server), but as a noob I don't even knot the possibilities.
This App comes with more then 70 protocols (60+ servers and a mix of servers).
From ssh, ftp, html (nginx, lightppd, Apache, simple) with php and mysql, Webdav...
Run over 60 servers with over 70 protocols!
Now you can run a CVS, DC Hub, DHCP, UPnP, DNS, Dynamic DNS, eDonkey, Email (POP3 / SMTP), FTP Proxy, FTP, FTPS, Flash Policy, Git, Gopher, HTTP Snoop, ICAP, IRC Bot, IRC, ISCSI, Icecast, LPD, Load Balancer, MQTT, Memcached, MongoDB, MySQL, NFS, NTP, NZB Client, Napster, PHP and Lighttpd, PXE, Port Forwarder, Proxy, RTMP, Remote Control, Rsync, SMB/CIFS, SMPP, SMS, Socks, SFTP, SSH, Server Monitor, Stomp, Styx, Syslog, TFTP, Telnet, Test, Time, Torrent Client, Torrent Tracker, Trigger, UPnP Port Mapper, VNC, Wake On Lan, Web, WebDAV, WebSocket, X11 and/or XMPP server!
Development: we need Nginx installed on *insert server list*
Me: ok, let me get in tough with the platform team.
Platform team: This should be installed in the userspace, Unix teams don't support this.
And here I am, trying to get a reverse proxy running on servers on which I do not have sudo rights.
Since it doesn't work, it's my fault, both sides block the door.
I installed it locally on a virtual machine, but the compiled or installed code doesn't work once copied.
The joy of being an "application engineer". This job title means nothing!12
I've been working on migrating my personal e-mail server for nearly a month.
Old (Linode): opensuse 13.1 (no longer gets update) running postfix + amavis-new(with spamassassin and clamav) + dkimproxy + dovecot
New (Vultr): OpenBSD 6.3 running opensmtpd + spampd(spamassassin proxy) + clamav + dkimproxy + dovecot
I'm surprised I only have 5GB of e-mail, considering I migrated all my gmail there a while back; 5GB for ever e-mail since 2004.
I finally got all the DNS switched over and tested all the end points this morning. The whole thing is done in Ansible so hopefully switching to another provider will be a lot faster:
Does any one of you own a Omnia Turris (https://omnia.turris.cz/en/)?
In our new apartment, we'll have a 1 Gbps fibre connection (not that we would realy need it, but hey!)
However we need a Router that suports Fibre. The service provider suggested a FRITZ!Box 5490.
I thought about getting the Omnia Turris and run https://pi-hole.net as DHPC on it and maybe add a proxy for TOR or install openHAB later on.
So if you own a Omnia Turris or know someone who owns one, would you recommend it? If yes, why? If no why not? Any additional things I should consider?2
i had a project in a networking class where the provided code was meant to act as a proxy (aka just passing bytes around), but because of the implementation, every byte had to be a valid unicode character
anyway lotta people were frustrated so we asked the course staff and their response was basically "we wanted to support python 2 and 3"
Do you hate proxy as much as I do ?
Just spent an hour debugging my proxy settings just to push my work on GitLab. The bug didn't come from my settings but the proxy itself... such a waste of time 😓
After waiting a while for another programmer on another team to provide a web service that I needed to call from a client side web form, I received word that it was ready. I could not get it to work because CORS headings were not being set correctly. After contacting them and letting them know, I got an email update to the team letting everyone know that they were waiting on me. After explaining that CORS headings were not there, I just built a PHP page to proxy the request, results and set the headers correctly so I can move on. I will remove it when they get their side fixed... if they ever do.
any of you guys had problems with electron/puppeteer, especially trying to load pages using proxies
I'm using arch linux4
Dev companies, please, stop trying to force proxies to your devs... you just make us waste more time figuring out how to avoid it rather than working as we really want.
So some people really liked the last article I wrote, so I figured I'd share this one that's kinda on the same topic:
Last weekend I was working on a small project for a friend of mine: a dockerized webapp, plus API backend and DB. I had some problems with the installation on the vps and had to try out different images and never really did a complete setup of my usual dotfiles. Got it running on an Ubuntu distro. Everything great.
It was the first release so I still had to check that every configuration worked ok, like letsencrypt companion container, the reverse proxy and all that stuff, so I decided to clone the whole project on the server tho make the changes there and then commit them from there.
Docker compose, 10 lines of code, change the hosts and password. Boom everything working. Great... Except for the images in the webapp.
WTF? Check the repo, here they are, all ok. I try different build tactics. Nothing. Even building the app on another docker always the same. Checked browser cache, all the correct ports are open. I even though that maybe react was still using some weird websocket I didn't know, but no.
Damn, I spent 5 hours checking why the f*** the server wouldn't make it out.
Then, finally, the realization...
I didn't install the f******* git-lfs plugin and all I was working with were stupid symbolics links! Webpack never even throw an error for any of the stupid images and the browser would only show a corrupted image, when decoding the base64 string.
Literally the solution took 5 minutes.
F*** changes on production, now I do everything on a fully automated CI.
I design 3D CAD models in my office system. I need to keep saving the files every few minutes because software licenses are floating and once lost, I may lose data.
But another bigger problem is that we need to disable proxy to connect to VPN and work online. And the proxy always turns itself ON, every few minutes and if by chance you saved the file without turning the proxy OFF. Well then OFF goes all the work since you last saved. Because then CREO just stops responding.2
I cannot fucking code without music. I just cannnot fucking focus without music. And this goddam fucking Spotify webplayer keeps crashing. I need to reload the site multiple times for it to work again. And of course this resets the already played songs, so the random queue keeps playing the same songs over and over. But today it is even worse. Every time I get the music playing again, IT STOPS ONLY FIVE SECONDS LATER! This corporate proxy we have always causes me problems. I couldn't get docker running without ordering a special proxy account so it can pull images from the official repo. It took them almost TWO WEEKS to get the fucking account credentials to my desk! Jegus! Yes, the companie site is big, but it really isn't even nearly that big to justify this joke of a delivery time. It would have been ok if they told me to pick them up at zbe account management, but no of course that wasn't an option... This sucks...2
So I use Git intagrated in Visual Studio for the project's repository at work. But I don't like using it because I always used the command line to do stuff on my projects (including those at school, plus last time I used a GUI, I managed to do a merge without being conscious about it).
Why can't I change ? Well, because the proxy block every download link. Or almost.
So a documentation that was updated like 9 months ago was explaining things, and mentionned Git by provinding links to download the bash version. Happy, I click on it and try to download it.
Proxy blocked it.
Just fucking update your documentation1
Been trying to learn Docker when I hit a brick wall. How do I use nginx reverse proxy + letsencrypt with multiple containers? I only managed to do it with a single container. Using docker-compose or stuff like that I guess?6
That awkward moment when I spend two days configuring my proxy server and nothing works, I just try calling my server base url and that shit works O_O
That's a good start for a monday10
So I and couple of my friends are facing this chrome issue where 'waiting for proxy tunnel' , apparantly it's changing my location too,
It should return .co.in and returns .ae ,
Wtf I'm scared as hell, for now Firefox is a lifesaver ♥️3
So I developed this proxy server that will throttle down API calls to one of our providers so we don't get blocked for TOS violation...
Some dude had a tool running all day long which crashed 2 minutes before I left work.
This literally ruined my day until I recalled it's all cached!!!!
Mood is back again and I deserve my beer!
Scenario 1) Server -> proxy -> client
Scenario 2) Server -> proxy -> 2nd proxy -> client
Scenario 1 works on some web browsers
Scenario 2 always works3
At my IT security job(yeah, it sucks sometimes. I want a dev job but that's another story).
Needed to help some end users use and install a toolbar and get it to download through a proxy so they can edit stupid government online forms, which only supports IE 11. Obviously it didn't work.
Wait a MOTHETFUCKING MINUTE.
It's 2017. What the fuck. Who the fuck uses fucking toolbars anymore.
How fucking retarded and out of touch with reality the government can be, when it forces its users to download a fucking toolbar(with admin priviliges!) and use fucking IE 11 just to access a basic feature of the website.
Another fucking proof that governments are cancer and we need Anarcho-capitalism ASAP.2
Work proxy, meet dependency hell.
Can't even install pip modules, everything has to be done through source 😓
Just wanted to do some scripted image resizing for school in school because the teacher asked me to help her with that.
So I thought: Let's just write a tiny script. Written the script in almost no time (just iterates over all jpg's and resizes them)
Now I tried to run it. Didn't have my laptop so I had to somehow run it on their windows PCs. At least it's windows 10, unlike other schools that still run XP and stuff so I thought it might be doable. Well guess what, nope it wasn't.
First tried to install imagemagick, that didn't work as only teacher accounts have admin and the teacher was already pretty scarred once he saw me doing stuff in powershell so I thought I'd better not ask to do this via a teacher account and mess with stuff as admin.
Next method: Installing msys2. That worked at least (after taking forever to install and having to mess with the av software to get it to run).
And there comes the next problem: pacman doesn't connect via the proxy so I can't download any packages. There is free wifi but only for teachers, and students aren't going to get access until the school finally has a faster connection because they'd (understandably) cause this connection to be constantly overloaded. I just happen to have access to this wifi network, too, because at least the guys from the IT dept know how bad using proxies under linux is. So I connect via wifi and it works. At least I thought: After running the script it yields weird errors about unsupported arguments even though the command is exactly the same I have been using for years (already checked typos twice)
Then got the idea of simply installing imagemagick on termux on android and transferring the files onto my phone.
Too bad we aren't allowed to attach our own USBs to the pcs. Luckily I got a rooted phone so I simply activate adb over network and connect to it.
After downloading the platform-tools I can't run them because of AV software. Luckily there is an option to add an exception per executable so I do that. After doing that it works.... nope it doesn't. The wifi only allows 443/tcp and 80/tcp, even for internal network devices.
So that's it. I'm simply going to upload that stuff to my nextcloud and convert it at home.
Windows, I hate you!!!2
Just spent a week creating a distributed api architecture which I found out won't work due to a singular issue which can't be solved - not unless I hack stuff to a degree where I might as well write my own frameworks.
I've been aiming the user application's requests towards my wsgi, which based on a custom header will proxy it towards the correct api. Each customer base has their own api and dataset, but they all visit the same address.
I've handled CORS manually, just picking up when there's an options request, asserting the origin, then returning the correct headers. Cool everyone's happy. Turns out, socket.io includes session id and handshake info as part of their options preflight, which I can't pair with my api header (or cookie, for that matter) which means my wsgi doesn't know where to send it. You get a 400! You get a 400! You get a 401! </oprah>
So my option is to either roll my own sockets engine or just assign each api to a subdomain or give it some url prefix or something. Subdomains are probably pretty clean and tidy, but that doesn't change having to rewrite a bunch of stuff and the hours I spent staring at empty headers in options preflights.
At least this discussion saved me some time in trying to make it work. One of my bad habits is getting in those grooves of "but surely... what the hell, surely there's a way. There has to be"
So, I manage my server with docker containers (nginx-proxy and the letsencrypt-companion). I limit access to some subdomains using basic auth, but I want to use client certificates for convenience.
So my questions to the experts:
1) Do you know a good (and convenient) way to manage client certificates ? This should include revoking certs and allowing specific certs only for specific subdomains.
2) Should I use my letsencrypt CA for this or would a self signed CA better suited?
3) Any things I should be aware of?1
Need some ReactJS help:
So I was able to redo a browser extension project to fit my needs for my browser proxy project, however for some reason, the original source code doesn't seem to know the Setup class for the setup page. Webpack is not the issue but it seems it can't find the exported class, which makes the browser extension unusable. I hope you can help with my silly screwup.
Extension Source code: https://github.com/sr229/filo/...
I really lost all hope :<1
"-Hey, I don't have this method in the proxy
-But you just told me you have it in the console"
Happy debugging to me
Using company's google cloud compute as proxy server for browsing 9gag.
I don't know if it's something to be proud or ashamed of.3
SSL issues when behind a proxy.. i think.
Troubleshooting and solving issues are difficult when you just follow a guide about something you need :i
I fucking hate the Nginx Ingress Controller for Kubernetes. Fucking piece of shit. You fucking can't do a fucking simple rewrite and proxy pass???? Fucccck!1
I am used as a complexity proxy by my team. I foresee many problems and they do not seem to listen to my advices. And guess who will be blamed if something doesn't work, haha, kill me :)1
Ah the joy transitioning from the unrestricted apprentice network to the tightly restricted prod and dev network and environment. U can be sure thst the corporate proxy will give you a dropkick to ure face when trying anything that was released in the last 5 years...
Are there any real trusted and with an anonymity level of Elite, proxies out there or do I have to make my own?3
How do you use youtube in china? Asking for a muggle friend in a foreign exchange program. I sent a link to proxysite.com but the lack of response makes me wonder if that was a bad idea without further precaution. I've never configured a VPN before and Tor is a very bad idea here.4
I'm in need of advice. I reckon this is no stack overflow but that's probably for the best as I wouldn't feel as comfortable posting there as I am doing it here. So, back to the question: I'm currently working with legacy code, written in .NET 2.0. This code is responsible for calling upon PEC services in order to finally create personal smart cards. I was tasked with the job of creating a repository system that would allow the program to call on the old legacy services or the new ones without any distinction. We are talking about SOAP services in both cases. The issues is: the new service definition is comprised of soap policies. This wouldn't be a problem per se, with more modern version of the framework, but with .NET 2.0? Yes, it is. It doesn't support policies and signing the body with a certificate right out of the box. How can I manage this? I feel like the only way would be letting the proxy class do its thing up until the very last moment: intercept the SOAP request before its sent and modify it according to the specifications. But I reckon this is very bad practice. Is there any other way out of this?
Thanks for anyone that would like to help. 🙂6
Hey, I'm looking for a tool to emulate multiple, maybe around 100 browser clients at the same time, having open the same page at the same time. Every single instance would need a separate IP (VPN/proxy). It should also be sort of ressource friendly(not 100chrome windows/tabs)
Anyone got suggestions on a tool I could use? thanks5
I was trying to setup a Confluence install on my root behind a Apache Proxy..
I tried all the Atlassian Configs, my own Configs, but nothing works for Tomcat. I redirects you to the infinities of universe. My Apache Configs are all correct.
If you access Confluence directly it also works.
Tomcat you Ass start playing nice with the proxy fucker!
I hate Tomcat now. Go die!2
Unable to run internet on company provide Mac book ..fucking. stupid....Tried to remove proxy but not working..Even wifi getting connected and for a second it runs the internet.
How to get rid off this proxy shit6
I think this message should start with an aaaaaghhh, but I guess am too sad to do that too.
Everything is going sideways, being a nice person is just a curse.
Nice ? No, i guess being simple is a curse, being stupid is even a bigger curse.
You are a fool because you are not cool . not cool enough to talk bull shit with your college friends and laugh at their ill-logical comments.
You are a fool and an easy target to be laughed at. You are a fool because you have tried so many practical experiments that failed , but you believe them to be the mistakes that made you grow, that made you learn.
These were the practical experiments that will be the point of laughter for everyone, even after years, in public. And now you will be mocked for thinking differently.
Nobody ever thanked you for the practical experiment , where you stood out of this stupid group of audience , talked to the guy at the college gate , and helped their fucking asses get in...
Nobody will ever thank you to help cancel a boring lecture for free attendance, or the 100th proxy you made for them, or the notes you shared.
Yet everyone remembers the day when you said to the examinar "no, it's a oop practical, don't ask c++ related questions, i had python as a subject in class 12th, not c++" (which is not even funny)
When the college shit cracks me up , i can do nothing but be quiet about it. And deep inside it feels like am controlling my fuckin tears. And the sadness in college leads to even stupider turn of events on the way home.
I was able to block some sites editing the hosts file (path: C:\Windows\System32\drivers\etc) and then I discovered proxy site to bypass the block sites ending up reaching the same place.1
So spotify, the only music platform that matched my taste (youtube recommendations rant for another time) is not available in my country. I try to go over this using a proxy and voila, DRM kicks in. Doesn't work even after enabling DRM content in browser. Furthermore, they ban me from using the site. Could I be any more frustrated?7
When you need proxy,
Connecting to Amazon S3
AmazonS3 s3 = new AmazonS3Client(Credentials, config);
We need to move out amazon and start using google cloud storage.
Can't seem to find API Documentation for it.
Saw that they are using HttpURLConnection.
Fvck! They are not even reading proxy information set via System Environment Variables!
Help! Stuck on it for 3 days already.
I don't know why this is so difficult for me but getting ssl for my site is very annoying. I've been building this one site that I need ssl for but I just cant get lets encrypt or certbot to work.
I'm asking for help because I've looked through a lot of articles and stackoverflow posts but nothing seems to work for me.
I'm sorry I know this isn't some stackoverflow alternative but I'm getting kinda desperate here.
I made the site in Flask and Im using gunicorn as the webserver and I can access it at xx.xx.xx.xx:8000 just fine
Then I'm running a nginx reverse proxy to forward all :80 requests to :8000.
I have this one route i made for testing called random (ex xx.xx.xx.xx/random) and it works fine when I'm using my external ip.
I think the problem is with my domain name.
I got it for free of off freenom and it just forwards traffic on the domain (hacschedule.tk) to my ip (not sure if I should have actually put the domain)
This works fine for when I'm just trying to get to the home page, but when i put www.hacschedule.tk/random, it just redirects me to www.hacschedule.tk aka the homepage.
I've tried making routes for the certbot/letsencrypt tools but they keep failing and I think its because of the domain name but since this is my first time actually trying to put a project into production, I don't know what I'm doing wrong.
If anyone could try to lead me the right way I'd really appreciate it. It's an app I wanted to build for peers to use to see school schedule in a more familiar way (we changed systems)10
So I'm interested in building a Raspberry Pi stack at home to continue securing and adding my smart home capabilities, 👍
Have ideas for 2/3 but what else could I look to add?
1. Pi. Hole with cloudflared argo proxy for all DNS
2. Home Automation server
3. IPS / IDS like Bro or snort? Or firewall like pfsense?
4. Log server with Splunk agent from other pi's and router....
5. What else?
Ideas in the comments
lets try again.
What the fuck is with apache. Why I cannot start the page. it should be 5 minutes work.
but it give some shitty error where it is not clear what is wrong
This site can’t be reached timetracker.local’s server IP address could not be found.
Checking the connection
Checking the proxy, firewall, and DNS configuration
Running Windows Network Diagnostics
how long apache is being developed? 10 years ? more? and cannot make normal error messages so you would know how to fix the problem . fuck that. I hate it so much. wasting my time. bastards.15
At my boarding school the admins are too bad : all the 5 min the internet go out for 30s because of overload (when too many computers are downloading) and now when we must work the internet go out so we can't work....
Windows says that the proxy is not responding so it's again a big overload and the internet came back the next day thank of reboot ...
This system is soooo shity.....
And my school want to have a good image of technology....... WOW !
I work in a team that's predominately ASP.NET MVC when it comes to web development. We're merging with another government agency 's development and they're using Node.js.
So I figure that I should make an effort and learn Node.js as I've only had minimal exposure to it.
After five minutes discover that corporate proxy prevents access to npm. Oh well, never mind!4
Did any of you tried to configure iRedMail with an https only domain that also maps in nginx as a reverse proxy?
(Ps: FFS why the developers of iRedMail develop with nginx in mind but there isn't any .conf about iRedMail?)18
Fuckin damn it Google! I setup a transparent proxy and for some fucking reason Google home doesn't like that at all. I think I have a fix but it's a real fucking pain in the ass. I call your support people who I specifically tell that I'm running a fucking proxy and they tell me that I need to talk to their Google WiFi team. It has nothing Todo with my fucking wifi bitch. Its your price of shit price of crap hardware that doesn't like fucking proxies.
I'll update everyone what the fix is when I find it.
Btw, this is a HTTPS transparent proxy and HTTP transparent proxy running on my pFSense firewall box.3
Hours and hours and coffee and tears went into my last debugging session. I couldn't for the life of me figure why unity interception wasn't creating the proxy objects. I was this close *Grabs an atom* of rolling back everything unity related, when suddenly, out of nowhere, a fuc**ng INTERNAL in the afromentioned class caught my eye...
Anyway, lets keep on coding :D :D
A module for molecules, which take an OPEN API definition and creates a restful API and graph definitions.
So all the proxy database stuff on a rest API can be done easily inside a microservices architecture.3
So recently I've been feeling like I fooled myself into thinking I'm any good at anything regarding development.
Today I tried to deploy a Console Application that would run nightly. The production systems are much more guarded, as it should be, but I should still be able to schedule a windows task (yeah yeah, windows servers, not the time Linux fanboys and not my choice :P) no problem.
Except I didn't expect that network users can't run jobs, because of a Group Policy about saving passwords on network accounts.
I expected a local administrator account to be available, and it wasn't.
Also a web API isn't available, even though I could telnet to the address on port 443 (HTTPS). A proxy apparently accepts all HTTP/HTTPS traffic and so on.
All this I feel like I should have known....
So am I in my own head, or am I right in thinking maybe I'm not "pro" development yet? Maybe I don't deserve to be "pro".
So it turns out the site my app scrapes for those NSFW pictures actually scrapes another site.
Now it just seems to mirror that site like a proxy though doesn't work well... pictures not loading, links not working.
But then at the bottom there's like a Copyright tag which shows the other site's name.
I wonder if perhaps he got tired of playing cat and mouse with me and just said ah screw it... I give up, here's the source, go scrape them.13
Forced to work with ASP.NET for a project. Not minding it though, even found it nice, kinda excited about .NET Core now.
HOWEVER, spent over 3 hours figuring out why can't I make a virtual property (Entity Framework actually provides proxy classes to be able to override behaviors of navigational properties, but I digress).
Says I don't have a type named 'virtual'. 3 hours in, no changes (git confirms), and IT SUDDENLY WORKS.
Fuck Visual Studio.2
Out input web services are called webservice_out (and vice versa) so that the calling code can build a proxy client and call webservice_out.method(xyz).
And we can't change it now. Idiots.
Guys, can you recommend a free cloud server that can be used as proxy server?
I wanna keep my api keys safe.7
This had just happened, I was trying to increase the default timeout of an nginx running in a container for a proxy pass and always got a 504-gateway timeout response. I was setting proxy_connect_timeout, proxy_send_timeout, proxy_read_timeout, send_timeout, keepalive_timeout, etc. and nothing worked, after two hours of adding and removing lines of configuration (and waiting 1 minute for every time I tried a request), then I realized I have a local nginx for redirect server names to local ports (the container), that nginx was the one that actually responds with the 504 error, after that I tried a request with the port of the container ALL WORKED!!!!
Hey people any way to setup adblock as a proxy server ? I just want to set it up independent of the browser. Proxy is just one idea.11
Sometimes being a developer really sucks. I adopted a heavily customized OXID shop which introduced an ingame currency beside the fiat currency.
It was done by introducing $iPriceChannel and replacing the $dPrice float value with a multidimensional array across all components, controllers and models.
Wait ... not 100% of the code has been "adapted" yet but it's sufficient to get it working at the first glance.
The reality is: The shop has many subtle bugs and piles up huge (error) log files.
Every time when a bug was found,
and every time the shop maintainer is unlocking an OXID feature which hasn't been used yet, I have to fix it.
It's even extra hard to fix issues sometimes because the shop is embed in a game by utilizing a content-aware reverse proxy. My possibilities to navigate through the shop directly is limited because some of the AJAX/CSS/HTML elements doesn't work without loading this game.1
If someone tries using "multipart/form-data" as only content type for their PUBLIC API ENDPOINTS again I am going to find them and choke them to death.
And if your documentation says you are using something else (application/x-www-form-urlencoded) I am doing it twice.
JSON apis should be standard.
EDIT: I had to fire up BurpSuite proxy, after almost an hour I accidentally switched the body type - voilà1
Ok so, i wanted to make python script that creates 100 accounts on some website via proxy(1acc on 1 proxy). Proxy part should be easy, but how do i solve captcha of trees and street signs? I saw there is some python module captcha-solver but havent tried it. What do you think, can this work?14
New ad self-service portal too hard to integrate ssl and can't have users send their passwords in plaintext.
Setup apache proxy with ssl in same vpc to encrypt traffic to and from vpc.
All good as long as nobody is in my vpc sniffing traffic...
Fuck the sockets.
Fuck the secure sockets.
Fuck that CSP rule in our proxy conf.
Fuck the self script hashed.
After fix everything....
Fuck THEIR proxy that didn't allow wss.
Wrote a small function to transfer files to and from servers to local machine when using a proxy server.
This is meant to be copied in the .bash_profile
Anyone know how to use a proxy for a web crawler written in native Java for Android. I have a bug in an app in production that only surfaced after being used for a couple of days and I urgently need to fix it.
I NEED HELP with Kafka
I'm working a thesis. I developed 4 different microservices (REST APIs). I would like to use Kafka to support large number of users. I may also place the microservices behind a HAPI Proxy. How can I use Kafka to stream requests and respond accordingly. I'm using Node.js. I think I haven't grasped Kafka. My Prof, suggested I try it to act as a broker but I'm blank right now. How do I tell Kafka I want it do a POST or GET etc?2
so I got the reverse proxy all set up on my server, forwarding all the right headers to enable SSL behind reverse proxy. awesome! my only problem remaining is, since nginx only handles HTTP/S traffic, I can't connect to my gitlab instance via ssh. anyone know how I can proxy this traffic as well to enable ssh connection for git?3
If someone can shed some light on this behavior, would be appreciated:
I am running a couple of docker containers with lighttpd on my server (lighttpd is also installed on the host server for reverse proxy). Now whenever I kill lighttpd on my host server it also kills ALL the running lighttpd instances in my docker containers. Isn't docker supposed to be, idk, CONTAINERIZED?2
Why can't all the applications running inside Linux obey to a system wide socks 5 proxy ?
Configuring each application is a terrible idea and such a pain1