Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "proxy"
A scammer called me today. They were saying that harmful files were moved to my computer and they needed to remove them. I don't think they are ever going to call me again.
S = scammer; M = me;
S: this is tech support we need access to your computer because we detected harmful files and need to remove them.
M: oh my! Hold on, let me go to my computer now. How can you access it?
S: we can just use RDP and delete the files. They are in a hidden folder that is encrypted so this Is the only way.
M: oh ok I believe you. Hm... it looks like my son only allows certain IP addresses to access our computers.. I don't know how to disable this so can you just email me your IP address?
He then sends me his actual IP address... it doesn't even look like a proxy or VPN.
M: oh my I forgot that you need my password to login. It's really long and complicated... can I just email it to you?
I then tell him to hold on I have to find it that my "son" stored it somewhere.
At this time I'm taking a photo of my bare ass and attaching it to the email. I then say in the email "Please note what my job title is in my signature.. I just sent the FBI your name, phone number, email, and IP address. Please enjoy my bare ass, you'll see a lot of it in prison."23
Browsing to a porn site while still being in the corporate VPN.
Got a proxy page which said this type of content isn't allowed at work. Nearly had a heart attack ;D14
So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!
It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"
Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.
My parents found it very easy to work with as well so we decided to stick with it.
I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.
Then I started to experiment more and more.
After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!
From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.
Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!
I started to learn stuff like FTP, SSH and so on.
Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?
First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.
Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.
Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!
I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.
Finally made the jump to NginX and CentOS!
Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.
Started with simple, one screen linux setup with ubuntu 10.04.
Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!
It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).20
Funny story about the first time two of my servers got hacked. The fun part is how I noticed it.
So I purchased two new vps's for proxy server goals and thought like 'I can setup fail2ban tomorrow, I'll be fine.'
Next day I wanted to install NginX so I ran the command and it said that port 80 was already in use!
I was sitting there like no that's not possible I didn't install any server software yet. So I thought 'this can't be possible' but I ran 'pidof apache2' just to confirm. It actually returned a PID! It was a barebones Debian install so I was sure it was not installed yet by ME. Checked the auth logs and noticed that an IP address had done a huge brute force attack and managed to gain root access. Simply reinstalled debian and I put fail2ban on it RIGHT AWAY.
Checked about two seconds later if anyone tried to login again (iptables -L and keep in mind that fail2ban's default config needs six failed attempts within I think five minutes to ban an ip) and I already saw that around 8-10 addresses were banned.
Was pretty shaken up but damn I learned my lesson!8
List of things that my fucking corporate proxy blocks
* The NPM registry
List of things that aren't blocked
* Google drive
Half my mobile data is burned away by NPM sinkholes. Fuck this place.21
This is super childish but it's the gameserver insidstry and karma is a bitch.
TLDR: I hacked my boss
I was working for a gameserver and I did development for about 3 months and was promised pay after the network was released. I followed through with a bunch of dev friends and the guy ended up selling our work. He didn't know that I was aware of this as he tried to tell people to not tell us but one honest person came forward and said he sold our work for about 8x the price of what he owed ALL OF US collectively.
I proceeded to change the server password and when he asked why he couldn't log in I sent him an executable (a crypted remote access tool) and told him it was an "encryption tunnel" that makes ssh and file transfers secure. Being the idiot that he is he opened it and I snagged all of his passwords including his email and I changed them through a proxy on his machine to ensure I wouldn't get two factored with Google. After I was done I deleted system 32 :338
We're using a ticket system at work that a local company wrote specifically for IT-support companies. It's missing so many (to us) essential features that they flat out ignored the feature requests for. I started dissecting their front-end code to find ways to get the site to do what we want and find a lot of ugly code.
So i dig farther and farthee adding all the features we want into a userscript with a beat little 'custom namespace' i make pretty good progress until i find a site that does asynchronous loading of its subpages all of a sudden. They never do that anywhere else. Injecting code into the overcomolicated jQuery mess that they call code is impossible to me, so i track changes via a mutationObserver (awesome stuff for userscripts, never heard of it before) and get that running too.
The userscript got such a volume of functions in such a short time that my boss even used it to demonstrate to them what we want and asked them why they couldn't do it in a reasonable timeframe.
All in all I'm pretty proud if the script, but i hate that software companies that write such a mess of code in different coding styles all over the place even get a foot into the door.
And that's just the code part: They very veeeery often just break stuff in updates that then require multiple hotfixes throughout the day after we complain about it. These errors even go so far to break functionality completely or just throw 500s in our face. It really gives you the impression that they are not testing that thing at all.
And the worst: They actively encourage their trainees to write as much code as possible to get paid more than their contract says, so of course they just break stuff all the time to write as much as possible.
Where did i get that information you ask? They state it on ther fucking career page!
We also have reverse proxy in front of that page that manages the HTTPS encryption and Let's Encrypt renewal. Guess what: They internally check if the certificate on the machine is valid and the system refuses to work if it isn't. How do you upload a certificate to the system you asked? You don't! You have to mail it to them for them to SSH into the system and install it manually. When will that be possible you ask? SOON™.
At least after a while i got them to just disable the 'feature'.
While we are at 'features' (sorry for the bad structure): They have this genius 'smart redirect' feature that is supposed to throw you right back where you were once you're done editing something. Brilliant idea, how do they do it? Using a callback libk like everyone else? Noooo. A serverside database entry that only gets correctly updated half of the time. So while multitasking in multiple tabs because the performance of that thing almost forces you to makes it a whole lot worse you are not protected from it if you don't. Example: you did work on ticket A and save that. You get redirected to ticket B you worked on this morning even though its fucking 5 o' clock in the evening. So of course you get confused over wherever you selected the right ticket to begin with. So you have to check that almost everytime.
Alright, rant over.
Let's see if i beed to make another one after their big 'all feature requests on hold, UI redesign, everything will be fixed and much better'-update.5
Once we were going to present a web service to governmental firm. All is going well so far and my boss asks me to host the web application the day before the presentation.
I hosted it and all was good with demo production tests, but I had a bad feeling.
While it was running on our server, I also ran it locally with a reverse proxy just in case.
* Meeting starts *
* Ice broken and down to business *
"And now our developer will run the demo for you..."
* Run the demo from my laptop to double check --> 500 Internal Server Error *
* Opens reverse proxy link on my laptop. Present demo during meeting. Demo works like a charm. *
Firm representative: "Great! Looking forward to go live."
*Our team walks out*
GM: "Good job guys"
So just recently my school blocked the following for unknown reasons websites
The hacker news
The Debian package repositories yea all of em
And all domains that end in .io
Now some of you out there are probably just saying "well just use a vpn" the answer to that is I can't the only device I have a locked down school iPad can't install apps cannot delete apps cannot change vpn or proxy setting's I cannot use Safari private tab they have google safe search restricted to "on" they even have "safari restricted mode which lets safari choose what it wants to block" and even when I'm on my home wifi it's s still blocked as they use Cisco security connector THIS IS HELL
Also this is my first post :)28
It's never enough, is it?
I was going to write a simple dns server/proxy/firewallish thingy in php.
That's working. I'm adding a dashboard and api now 😅13
Co-worker: I need a proxy to do this task.
Me: Why do you need a proxy?
Co-worker: So all these reviews for the company I'm posting don't look sketchy.
Me: Download the TOR browser.
Co-worker: That's kinda sketchy I don't wanna do that.
So falsifying information about the company is okay, but using a browser to do it anonymously is right out.1
Have multiple and some server related but hereby:
I forcefully quit php on the server I use for devRant related stuffs because I wanted to quit the bakgrounded php process I had running for the dns proxy thingy since I somehow couldn't find the pid.
Two days later I noticed that none of my sites on that server where running anymore and started looking at nginx error logs.
It took me way too long to figure out that I had PHP-FPM installed which runs as a service and by forcefully quitting php the other day.... Yeah, you get it I think.
Started the process again and remembered that one 😅
When I'm on call and its weekend, I'm often a little nervous the entire weekend and time seems to go slow.
Programming on the dns proxy/firewall now and time is suddenly going quite faster.
This is a damn relieve.6
I was offered to work for a startup in August last year. It required building an online platform with video calling capabilities.
I told them it would be on learn and implement basis as I didn't know a lot of the web tech. Learnt all of it and kept implementing side by side.
I was promised a share in the company at formation, but wasn't given the same at the time of formation because of some issues in documents.
Yes, I did delay at times on the delivery date of features on the product. It was my first web app, with no prior experience. I did the entire stack myself from handling servers, domains to the entire front end. All of it was done alone by me.
Later, I also did install a proxy server to expand the platform to a forum on a new server.
And yesterday after a month of no communication from their side, I was told they are scraping the old site for a new one. As I had all the credentials of the servers except the domain registration control, they transferred the domain to a new registrar and pointed it to a new server. I have a last meeting with them. I have decided to never work with them and I know they aren't going to provide me my share as promised.
I'm still in the 3rd year of my college here in India. I flunked two subjects last semester, for the first time in my life. And for 8 months of work, this is the end result of it by being scammed. I love fitness, but my love for this is more and so I did leave all fitness activities for the time. All that work day and night got me nothing of what I expected.
Though, they don't have any of my code or credentials to the server or their user base, they got the new website up very fast.
I had no contract with them. Just did work on the basis of trust. A lesson learnt for sure.
Although, I did learn to create websites completely all alone and I can do that for anyone. I'm happy that I have those skills now.
Since, they are still in the start up phase and they don't have a lot of clients, I'm planning to partner with a trusted person and release my code with a different design and branding. The same idea basically. How does that sound to you guys?
I learned that:
. No matter what happens, never ignore your health for anybody or any reason.
. Never trust in business without a solid security.
. Web is fun.
. Self-learning is the best form of learning.
. Take business as business, don't let anyone cheat you.19
Marketing wants to remove the word "sex" from one of my slide decks.
Fuck people who get outraged for others. They are making a bad situation much worse.
Yes, there are people who get triggered by the slightest thing---but those people are going to be triggered no matter what you do. And it seems to me that I'd not want to have them as customers anyway---massive support cost.
We are in danger of washing everything until it becomes an inoffensive shade of beige.
Why do the 99% have to be bored for the 1%?
It's not like I'm doing a live demo...yet...
So, fuck outrage by proxy. If you are personally outraged then say that. If not, shut the fuck up.14
3 rants for the price of 1, isn't that a great deal!
1. HP, you braindead fucking morons!!!
So recently I disassembled this HP laptop of mine to unfuck it at the hardware level. Some issues with the hinge that I had to solve. So I had to disassemble not only the bottom of the laptop but also the display panel itself. Turns out that HP - being the certified enganeers they are - made the following fuckups, with probably many more that I didn't even notice yet.
- They used fucking glue to ensure that the bottom of the display frame stays connected to the panel. Cheap solution to what should've been "MAKE A FUCKING DECENT FRAME?!" but a royal pain in the ass to disassemble. Luckily I was careful and didn't damage the panel, but the chance of that happening was most certainly nonzero.
- They connected the ribbon cables for the keyboard in such a way that you have to reach all the way into the spacing between the keyboard and the motherboard to connect the bloody things. And some extra spacing on the ribbon cables to enable servicing with some room for actually connecting the bloody things easily.. as Carlos Mantos would say it - M-m-M, nonoNO!!!
- Oh and let's not forget an old flaw that I noticed ages ago in this turd. The CPU goes straight to 70°C during boot-up but turning on the fan.. again, M-m-M, nonoNO!!! Let's just get the bloody thing to overheat, freeze completely and force the user to power cycle the machine, right? That's gonna be a great way to make them satisfied, RIGHT?! NO MOTHERFUCKERS, AND I WILL DISCONNECT THE DATA LINES OF THIS FUCKING THING TO MAKE IT SPIN ALL THE TIME, AS IT SHOULD!!! Certified fucking braindead abominations of engineers!!!
Oh and not only that, this laptop is outperformed by a Raspberry Pi 3B in performance, thermals, price and product quality.. A FUCKING SINGLE BOARD COMPUTER!!! Isn't that a great joke. Someone here mentioned earlier that HP and Acer seem to have been competing for a long time to make the shittiest products possible, and boy they fucking do. If there's anything that makes both of those shitcompanies remarkable, that'd be it.
2. If I want to conduct a pentest, I don't want to have to relearn the bloody tool!
Recently I did a Burp Suite test to see how the devRant web app logs in, but due to my Burp Suite being the community edition, I couldn't save it. Fucking amazing, thanks PortSwigger! And I couldn't recreate the results anymore due to what I think is a change in the web app. But I'll get back to that later.
So I fired up bettercap (which works at lower network layers and can conduct ARP poisoning and DNS cache poisoning) with the intent to ARP poison my phone and get the results straight from the devRant Android app. I haven't used this tool since around 2017 due to the fact that I kinda lost interest in offensive security. When I fired it up again a few days ago in my PTbox (which is a VM somewhere else on the network) and today again in my newly recovered HP laptop, I noticed that both hosts now have an updated version of bettercap, in which the options completely changed. It's now got different command-line switches and some interactive mode. Needless to say, I have no idea how to use this bloody thing anymore and don't feel like learning it all over again for a single test. Maybe this is why users often dislike changes to the UI, and why some sysadmins refrain from updating their servers? When you have users of any kind, you should at all times honor their installations, give them time to change their individual configurations - tell them that they should! - in other words give them a grace time, and allow for backwards compatibility for as long as feasible.
3. devRant web app!!
As mentioned earlier I tried to scrape the web app's login flow with Burp Suite but every time that I try to log in with its proxy enabled, it doesn't open the login form but instead just makes a GET request to /feed/top/month?login=1 without ever allowing me to actually log in. This happens in both Chromium and Firefox, in Windows and Arch Linux. Clearly this is a change to the web app, and a very undesirable one. Especially considering that the login flow for the API isn't documented anywhere as far as I know.
So, can this update to the web app be rolled back, merged back to an older version of that login flow or can I at least know how I'm supposed to log in to this API in order to be able to start developing my own client?6
I just can't understand what will lead an so called Software Company, that provides for my local government by the way, to use an cloud sever (AWS ec2 instance) like it were an bare metal machine.
They have it working, non-stop, for over 4 years or so. Just one instance. Running MySQL, PostgreSQL, Apache, PHP and an f* Tomcat server with no less than 10 HUGE apps deployed. I just can't believe this instance is still up.
By the way, they don't do backups, most of the data is on the ephemeral storage, they use just one private key for every dev, no CI, no testing. Deployment are nightmares using scp to upload the .war...
But still, they are running several several apps for things like registering citizen complaints that comes in by hot lines. The system is incredibly slow as they use just hibernate without query optimizations to lookup and search things (n+1 query problems).
They didn't even bother to get a proper domain. They use an IP address and expose the port for tomcat directly. No reverse proxy here! (No ssl too)
I've been out of this company for two years now, it was my first work as a developer, but they needed help for an app that I worked on during my time there. I was really surprised to see that everything still the same. Even the old private key that they emailed me (?!?!?!?!) back then still worked. All the passwords still the same too.
I have some good rants from the time I was there, and about the general level of the developers in my region. But I'll leave them for later!
Is it just me or this whole shit is crazy af?3
The overhead on my JS projects is killing me. Today, I went to implement a simple feature on a project I haven't touched in a few weeks. I wasted 80% of my time on mindless setup crap.
- "Ooh, a simple new feature to implement. Let's get crackin'!"
- update 1st party lib
- ....hmm, better update node modules
- and Typescript typings while I'm at it
- "ugh yeah," revert one node module to outdated version because of that one weird proxy bug
- remove dead tsd references
- fix TS "errors" generated by new typings
- fix bug in 1st party lib
- clean up some files because the linter is nagging me
- change 6 lines of code <-- the work
FUCK YOU WORDPRESS
Omfg never been so fucking pissed in my life.
I just wasted 3 hours because this fucking bullshit rewrites the fucking URL based on the URL on a config fucking file?!!?
It fucking ignores: apache virtual host configs and nginx reverse proxy
hey everyone, I'm new to Dev rant. not quite sure what to say. so i guess I'll just observe.
Just wrote a (PHP based) proxy which can cache resources being requested and serve them to clients.
The idea is that (I'm going to write a firefox add-on for it too, yes) you can install the add-on and any resource (js/CSS, general web resources which would be downloaded off of googleapi's etc) hosted with Google would be proxied through the server running the proxy, meaning that one wouldn't have to connect to the mass surveillance networks directly anymore as for static resources.
I think checksum verify stuff would still work as the proxy is literally a proxy, the content will be identical to the 'real' resource. (Not sure about this one, enlighten me if this isn't true)
I've been pleading for nearly 3 years with our IT department to allow the web team (me and one other guy) to access the SQL Server on location via VPN so we could query MSSQL tables directly (read-only mind you) rather than depend on them to give us a 100,000+ row CSV file every 24 hours in order to display pricing and inventory per store location on our website.
Their mindset has always been that this would be a security hole and we'd be jeopardizing the company. (Give me a break! There are about a dozen other ways our network could be compromised in comparison to this, but they're so deeply forged in M$ server and active directories that they don't even have a clue what any decent script kiddie with a port sniffer and *nix could do. I digress...)
So after three years of pleading with the old IT director, (I like the guy, but keep in mind that I had to teach him CTRL+C, CTRL+V when we first started building the initial CSV. I'm not making that up.) he retired and the new guy gave me the keys.
Worked for a week with my IT department to get Openswan (ipsec) tunnel set up between my Ubuntu web server and their SQL Server (Microsoft). After a few days of pulling my hair out along with our web hosting admins and our IT Dept staff, we got them talking.
After that, I was able to install a dreamfactory instance on my web server and now we have REST endpoints for all tables related to inventory, products, pricing, and availability!
Good things come to those who are patient. Now if I could get them to give us back Dropbox without having to socks5 proxy throug the web server, i'd be set. I'll rant about that next.
Every year my team runs an award ceremony during which people win “awards” for mistakes throughout the year. This years was quite good.
The integration partner award- one of our sysAdmins was talking with a partner from another company over Skype and was having some issues with azure. He intended to send me a small rant but instead sent “fucking azure can go fuck itself, won’t let me update to managed disks from a vhd built on unmanaged” to our jv partner.
Sysadmin wannabe award (mine)- ran “Sudo chmod -R 700 /“ on one of our dev systems then had to spend the next day trying to fix it 😓
The ain’t no sanity clause award - someone ran a massive update query on a prod database without a where clause
The dba wannabe award - one of our support guys was clearing out a prod dB server to make some disk space and accidentally deleted one of the databases devices bringing it down.
The open source community award - one of the devs had been messing about with an apache proxy on a prod web server and it ended up as part of a botnet
There were others but I can’t remember them all4
In a moment of boredom I decided to pen test the new system I've been writing on the live server. Ran sqlmap but forgot to proxy my connection.
DDOS protection kicked in and blocked the entire offices connection to the server, had to drive home quickly to use my home internet to un-blacklist my office ip. 😂10
The company I work for (very big IT consultancy) has made the absolutely genius decision to put a block on the corporate proxy for GitHub. GITHUB. Because no fucking software developer ever needs to visit there. Their reason? "We don't want people publishing our intellectual property". Mate, I can fucking guarantee you that if unscrupulous bastards want to publish code against our T&C's, they will do so. Why make every body else's job harder and block it?!
But the best bit, you can submit a request (that is accepted without question) to get yourself an exemption. WHY THE FUCKING FUCK HAVE THE BLOCK IN THE FIRST PLACE THEN
"NEW OMICRONS VARIANT"
"PROXY WAR BETWEEN NATO AND RUSSIA"
"MASS SHOOTING IN THE US"
Me: and this is news how exactly?11
Are you using socat?
Any interesting use case you would like to share?
I am using it to create fake / proxy docker containers for network testing.7
> dockerized gitea stops working 502,
> other gitea with same config works just fine
> is the same config the issue? maybe the network names can't be the same?
> any logs from the reverse proxy?
> does it return anything at all on that port?
> any logs inside the container?
> maybe it logs to the wrong file?
> no others exist
> try to force custom log levels
> try to kill the running pid
> it instantly restarts
> try to run a new instance with specifying the new config
> ignores config
> check if theres anything even listening
> nothing is listening on that port, but is listening in the other working gitea container
> try to destroy the container and force a fresh container
> still the same issue
> maybe the recent docker update broke it? try to make a new one and move only necessary
> mkdir gitea2
> all files seem necessary
> guess I'll try to move the same folder here
> it works
> it is exactly the same files as in gitea1, just that the folder name is different
I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...
#1 - Most expensive lesson learned
Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.
This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...
After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.
Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.
#2 - Hardest to find
This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.
Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.
#3 - Most elegant fix
Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.
My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.
So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.1
Switched to DuckDuckGo, because Google thought it would be nice, to ban the Proxy IP of our company (because you know, many requests) from searching and putting us behind these captcha monstrosities. I don't want to captcha myself out of every query I have for goddamn 2 minutes with slow ass fading images.
Turns out, I like their service even more.9
*describes problem that a system doesn't work behind an nginx proxy, routing to another nginx instance*
*some random "expert" jumps in*
hurrdurr: It works behind nginx proxy, with APACHE, I don't even get why you would want to run nginx behind nginx omg9
My school just tried to hinder my revision for finals now. They've denied me access just today of SSHing into my home computer. Vim & a filesystem is soo much better than pen and paper.
So I went up to the sysadmin about this. His response: "We're not allowing it any more". That's it - no reason. Now let's just hope that the sysadmin was dumb enough to only block port 22, not my IP address, so I can just pick another port to expose at home. To be honest, I was surprised that he even knew what SSH was. I mean, sure, they're hired as sysadmins, so they should probably know that stuff, but the sysadmins in my school are fucking brain dead.
For one, they used to block Google, and every other HTTPS site on their WiFi network because of an invalid certificate. Now it's even more difficult to access google as you need to know the proxy settings.
They switched over to forcing me to remote desktop to access my files at home, instead of the old, faster, better shared web folder (Windows server 2012 please help).
But the worst of it includes apparently having no password on their SQL server, STORING FUCKING PASSWORDS IN PLAIN TEXT allowing someone to hijack my session, and just leaving a file unprotected with a shit load of people's names, parents, and home addresses. That's some super sketchy illegal shit.
So if you sysadmins happen to be reading this on devRant, INSTEAD OF WASTING YOUR FUCKING TIME BLOCKING MORE WEBSITES THAN THEIR ARE LIVING HUMANS, HOW ABOUT TRY UPPING YOUR SECURITY, PASSWORDS LIKE "", "", and "gryph0n" ARE SHIT - MAKE IT BETTER SO US STUDENTS CAN ACTUALLY BROWSE MORE FREELY - I THINK I WANT TO PASS, NOT HAVE EVERY OTHER THING BLOCKED.
Thankfully I'm leaving this school in 3 weeks after my last exam. Sure, I could stay on with this "highly reputable" school, but I don't want to be fucking lied to about computer studies, I don't want to have to workaround your shitty methods of blocking. As far as I can tell, half of the reputation is from cheating. The students and sysadmins shouldn't have to have an arms race between circumventing restrictions and blocking those circumventions. Just make your shit work for once.
**On second thought, actually keep it like that. Most of the people I see in the school are c***s anyway - they deserve to have half of everything they try to do censored. I won't be around to care soon.**2
My Android phone is 5 years old. Everybody tell me I should buy a new one but I'm a stingy environmentalist and I refuse buying new stuff if it is not strictly necessary.
So, for 9€ I replaced the phone battery and then I installed a custom ROM, so it looks a bit newer.
Unfortunately, it seems that something in the network configuration has been fucked up.
The phone is able to browse the Internet, but:
- WiFi hotspot is not working
- USB tethering is not working
- Bluetooth tethering is not working
- PPP over USB is not working
But, hey, I never give up, so this is my current setup:
- I installed a proxy server on the phone
- I'm using "adb forward" to forward the proxy port from the phone to my laptop
- I configured Firefox to use that proxy
And, yes, I'm using that connection to write this post. :D9
Trying to learn some golang after a break.
Made http / https transparent proxy for personal project.
Mind: You need to add configuration file with domains you allow traffic and block everything else using list of regex.
Me: Ok I can do it, 4 hours later ok done
Mind: Why not make it differently by making list of url you can block and test this shit on fucking ads and stop using adblock that downloads content.
Me: ok that will be handy I can watch websites faster and drop traffic I don’t want to.
Funny fact, it works I broke analytics, logging, quantum shit fucks and even youtube plays ok.
Go is awesome for networking stuff lol.12
Boss calls: "Can you give me more bandwith?"
Me: "I can, but the other coworkers will have issues"
Boss: "Doesn't matter, and please, lift up the proxy too"
Me: "I am sorry, but I can't, that could compromise our security"
Boss: "I am giving you an order..."
Me: "Ok then..."
Me: *proceeds to give boss more bandwith and lifts up proxy (all is lost now)*
I go to see what is the boss doing with the bandwith...he was downloading League of Legends in his personal notebook...
TL;DR: Boss asks to put company at risk for the sake of a game...2
1. Needed to access an old SVN backup.
2. Didn't have an SVN client installed.
3. Realised GIT comes with an SVN proxy included.
Cool, I'll just quickly download the repository via SVN.
> git svn init
... git sequentially downloads each of the 1800+ revisions and applies them individually.
It's cool, I didn't want to do anything productive today anyway.3
Question for networking persons or persons who might know more about this than me in general.
I'm looking at setting up a server as vpn server (that part I know) which tunnels everything through multiple other vpn connections.
So let's say I've got a vps which I connect to through vpn. I then want that vps to have one or multiple connections to other vpn servers.
That way i can connect my devices to this server which routes everything to/through other services like mullvad :).
Tried it before but ended up losing ssh access until reboot 😬
Dear Product Owners,
If you tell me how I need to architect my software again I'm going to ask you to provide a network topology of the architecture you want me to build.
I'll also need you to request the new servers, work with the ops teams to setup credentials, provision the NAT, register the domains and document the routes that the proxy will need to use.
then I'll need you to hook the repo up to our non-existent pipeline so that I can make sure I won't do all that testing I already can't do.
I hope you're paying attention, because that framework you told me I needed to use is going to be a pain to setup correctly.
after you're done with that, please attach any documentation you shit out to the ticket you never created.
Looking for a new job
PS: get fucked3
I have a Windows machine sitting behind the TV, hooked to two controllers, set up as basically a console for the big TV. It doesn't get a lot of use, and mostly just churns out folding@home work units lately. It's connected by ethernet via a wired connection, and it has a local static IP for the sake of simplicity.
In January, Windows Update started throwing a nonspecific error and failing. After a couple weeks I decided to look up the error, and all the recommendations I found online said to make sure several critical services were running. I did, but it appeared to make no difference.
Yesterday, I finally engaged MS support. Priyank remoted into my machine and attempted all the steps I had already tried. I just let him go, so he could get through his checklist and get to the resolution steps. Well, his checklist began and ended with those steps, and he started rather insistently telling me that I had to reinstall, and that he had to do it for me. I told him no thank you, "I know how to reinstall windows, and I'll do it when I'm ready."
In his investigation though, I did notice that he opened MS Edge and tried to load Bing to search for something. But Edge had no connection. No pages would load. I didn't take any special notice of it at the time though, because of the argument I was having with him about reinstalling. And it was no great loss to me that Edge wasn't working, because that was literally the first time it'd ever been launched on that computer.
We got off the phone and I gave him top marks in the CS survey that was sent, as it appeared there was nothing he could do. It wasn't until a couple hours later that I remembered the connectivity problem. I went back and checked again. Edge couldn't load anything. Firefox, the ping command, Steam, Vivaldi, parsec and RDP all worked fine. The Windows Store couldn't connect either. That was when it occurred to me that its was likely that Windows Update was just unable to reach the internet.
As I have no problem whatsoever with MS services being unable to call home, I began trying to set up an on-demand proxy for use when I want to update, and I noticed that when I fill out the proxy details in Internet Options, or in Windows 10's more windows10-ish UI for a system proxy, the "save" button didn't respond to clicks. So I looked that problem up, and saw that it depends on a service called WinHttpAutoProxySvc, which I found itself depends on something called IP Helper, which led me to the root cause of all my issues: IP Helper now depends on the DHCP Client service, which I have explicitly disabled on non-wifi Windows installs since the '90s.
Just to see, I re-enabled DHCP Client, and boom! Everything came back on. Edge, the MS Store, and Windows Update all worked. So I updated, went through a couple reboots-- because that's the name of the game with windows update --and had a fully updated machine.
It occurred to me then that this is probably how MS sends all its spy data too, and since the things I actually use work just fine, I disabled DHCP Client again. I figure that's easier than navigating an intentionally annoying menu tree of privacy options that changes and resets with every major update.
But holy shit, microsoft! How can you hinge the entire system's OS connectivity on something that not everybody uses?8
First (working) attempts at writing a proxy that rewrites live requests from the devrant app, right now it only rewrites all notifications to be unread
Though the first attempt that finally works is built with mitmproxy and it's add-on scripting, plan is to get that stuff work with e.g. goproxy instead37
Fucking IT and their self signed corporate proxy SSL bullshit getting in the way of anything that needs to verify SSL requests,
Fuck you for making my day a slow and miserable day and having to resort to forcing rest apis and SDKs to work over HTTP instead, all in the name of “Security”.2
Decided to throw pi-hole in a bin and found enough resources to throw together my own dns filter in node, which if not on the blacklist - proxies the request to an actual dns, which allows to filter given just a word too (because it's regex matching), "came up" with the idea after @Linuxxx wanted to make (or made?) some big hosts file via php matching and blocking to block anything that e.g. contains "google".
By resources I totally mean I would have ate shit, if it wasn't for: https://peteris.rocks/blog/... as most docs are absolute garbage regarding node-dns54
I'm a "published" freelance dev!
Last night I made my first web application available to the internet. It's an internal enterprise management system for a small non-profit.
It's running on a single $6 a month digitalocean droplet, and the domain is $12 a year, so yearly cost for them is absolutely rock bottom.
It's written in asp.net 6.0 razor pages, nginx reverse proxy, certbot for HTTPS certificates, fail2ban for ssh protection (ssh login is via ssl keys), entity framework with MySQL.
The site itself has automatic IP banning based on a few parameters like login spam, uses JWT tokens, and is fully secured.
All together, it's a lot of value for about $100 a year.15
This is fucking bad. I just stumbled across a database online, unencrypted plain text containing ALL details of thousands of students at my university. Full names, ID number (SSN), student numbers, address, family info, medical aid info, physical fitness reports
What do I do? I was not on any VPN or proxy when I accessed it19
TL;DR : do we need a read-only git proxy
Guys, I just thought about something and this potential gitpocalypse.
There is no doubt anymore that regardless of Microsoft's decisions about Github, some projects will or already have migrated to the competition.
I'm thinking : some projects use the git link to fetch the code. If a dependency gets migrated, it won't be updated anymore, or worse, if the previous repo gets deleted, it can break the project.
Hence my idea : create some repository facade to any public git repository (regardless of their actual location).
Instead of using github.com/any/thing.git, we could use opensourcegit.com/any/thing.git. (fake url for the sake of the example).
It would redirect to the right repository (for public read only), and the owner could change the location of the actual repository in case of a migration.
What do you think ? If I get enough ++'s, I'll create a git repo about this.6
So I manage multiple VPS's (including multiple on a dedicated server) and I setup a few proxy servers last week. Ordered another one yesterday to run as VPN server and I thought like 'hey, let's disable password based login for security!'. So I disabled that but the key login didn't seem to work completely yet. I did see a 'console' icon/title in the control panel at the host's site and I've seen/used those before so I thought that as the other ones I've used before all provided a web based console, I'd be fine! So le me disabled password based login and indeed, the key based login did not work yet. No panic, let's go to the web interface and click the console button!
*clicks console button*
*New windows launches.....*
I thought I would get a console window.
The window contained temporary login details for my VPS... guess what... YES, FUCKING PASSWORD BASED. AND WHO JUST DISABLED THE FUCKING PASSWORD BASED LOGIN!?!
WHO THOUGHT IT WOULD BE A GOOD IDEA TO IMPLEMENT THIS MOTHERFUCKING GOD?!?
Hi lil puppies what's your problem?
Have you eaten something wrong....
*proxy happily eats requests and answers correctly*
Hm... Seems like you are...
*proxy vomits dozen of requests at once*
... Not okay.
Ok.... What did u you get fed you lil hellspawn.
TLS handshake error.
Thousands. Of. TLS. Handshake. Errors.
*checking autonomous system information*
Yeah... Requests come from same IP or AS. Someone is actively bombing TLS requests on the TLS terminator.
Wrong / outdated TLS requests.
Let's block the IP addresses....
*Pats HAProxy on the head*
*Gets more vomit as a thank you no sir*
I've now added a list of roughly 320 IP adresses in 4 h to an actively running HAProxy in INet as some Chinese fuckers seemingly find it funny to DDOS with TLS 1.0... or Invalid HTTP Requests... Or Upgrade Headers...
Seriously. I want a fucking weekend you bastards. Shove your communism up your arse if you wanna have some illegal fun. ;)11
I plan on making a proxy for my home network. Whenever you make a Google search, it will search it on duckduckgo and return the same results, but look as if it were google. Will people notice the difference?30
Might be nothing for others, but I finally published my Vue website with the following setup:
1. Vue inside docker
2. Nodejs API inside docker
3. MongoDB inside docker
4. Nginx as reverse proxy
5. Let's Encrypt
6. NO I WILL NOT SHARE THE LINK, don't want to be hacked lol and it is for personal use only.
But I'd love to thank devRant members who have helped me reach this point, two months ago I was a complete noob in Vue and a beginner in NodeJs services, now I have my own todo website customized for my needs.
Thank you :)26
*Writes Voting platform*
*Uses ips to stop duplicate voting*
*Notices how lots of the IPS are similar*
Oh shit. Cloudflare HTTP proxy...
A conversation with my dear sister...
She: Hey Davide, why does this message appear?
Message of youtube: "This video is not available in your country"
Me: It means that whoever uploaded the video wants to reproduce it only in the country chosen by him during the upload.
She: Ah, but how can I do to see it?
Me: You have to go through a proxy. Wait a minute... I arrive...
She: But using the incognito mode could not work?
Me: No 😑😑
Me (thinking): No please... no... please... what was the question? No...
I like you anyway ❤3
DevOps is a huge scam.
Whoever sold companies maintenance-free cloud is God-tier marketer, they would be able to sell fire extinguishers in hell.
First, the platform is constantly moving, keeping up with all the updates for Kubernetes/CNI/Ambassador/Calico/kube-proxy/wtf/foo/bar/etc requires a huge team constantly peddling the boat; and if not updating in time - eventually everything will suddenly break when AWS deprecates old Kubernetes version (1.23 in EKS has just 1 year and 2 months (!!!) of support) or whatever else. At least they don't deprecate services that often.
Second, all other tooling either suck, or expensive as a Boeing. DataDog/Splunk/NewRelic/Grafana? Data centers were built for the monthly prices of these tools not so long time ago. But, capex vs opex, what stupid software engineers knows (though, it's hilarious to be present on a meeting with an agenda "reduce cloud costs").
That's all really.
On the bright side, when the team is solid and really care about the product and build it in a cloud-first manner (with understanding of all the requirements, caveats and limitation) - it can be rock solid, stable and fast platform.
To bad it's incredibly easy to implement some impressively wrong architecture (much more easier than f'up single-server architecture).9
Yesterday evening I began working on an SSL proxying system for dynamic domain names using Let's Encrypt. I finished just a few hours ago and it's working flawlessly!3
My school has a proxy to block games and some other sites. I was thinking of ways to get around, when I remembered, "I don't have to code anything, I can use google translate!"7
weather is beautiful, sun is shining, I am feeling mischevious. Shall I block stackoverflow on our proxy on Monday?2
So as all of you web developers know. If you are stepping into the world of web development you stepping into a world of unlimited possibilities, opportunities and adventure.
The flip side is that you step into a world of unlimited choices, tools, best practices, tutorials etc.
Since even for a veteran programmer, this is a little overwhelming, I'd like to take the opportunity to ask you guys for advice.
I know that 'there is no best' and that everything 'depends on what you want to achieve'. So how about just say the pro's and cons or when to use and when not to use. Or why you prefer one over another. Everything is allowed! :D
Maybe it will help others too. Start a nice, professional discussion:)
These are the parts I'd like advice about:
- frontend: what frameworks, libraries
- backend: language, framework, good practice
- server: OS, proxy (nginx, Apache, passenger), extra tips (like don't use root user)
- extras: git, GitHub, docker, anything
Thanks in advance everyone willing to help!:)
Also, if you only know frontend or backend. No worries, just tell me about your specialism!6
Today the corporate proxy decided to flake out on me. Every single external site was blocked.
I was shown a very helpful page informing me the site I wanted to visit was blocked. If I had legit need to access the site or believe the site was blocked in error I could contact IT via a helpful link.
And yeah, the IT support site was blocked by the proxy too.1
Network Security at it's best at my school.
So firstly our school has only one wifi AP in the whole building and you can only access Internet from there or their PCs which have just like the AP restricted internet with mc afee Webgateway even though they didn't even restrict shuting down computers remotely with shutdown -i.
The next stupid thing is cmd is disabled but powershell isn't and you can execute cmd commands with batch files.
But back to internet access: the proxy with Mcafee is permanently added in these PCs and you don't havs admin rights to change them.
Although this can be bypassed by basically everone because everyone knows one or two teacher accounts, its still restricted right.
So I thought I could try to get around. My first first few tries failed until I found out that they apparently have a mac adress wthitelist for their lan.
Then I just copied a mac adress of one of their ARM terminals pc and set up a raspberry pi with a mac change at startup.
Finally I got an Ip with normal DHCP and internet but port 80 was blocked in contrast to others like 443. So I set up an tcp openvpn server on port 443 elsewhere on a server to mimic ssl traffic.
Then I set up my raspberry pi to change mac, connect to this vpn at startup and provide a wifi ap with an own ip address range and internet over vpn.
As a little extra feature I also added a script for it to act as Spotify connect speaker.
So basically I now have a raspberry pi which I can plugin into power and Ethernet and an aux cable of the always-on-speakers in every room.
My own portable 10mbit/s unrestricted AP with spotify connect speaker.
Last but not least I learnt very many things about networks, vpns and so on while exploiting my schools security as a 16 year old.8
Using mongodb for one product
A colleague as experimenting with elastic search (I think it was).
It installed a proxy around the collection to get all events for the external search storage.
Worked well, but it was just a test so once done we removed it
But thats where it got scary.
When we removed the proxy through the search dashboard it dropped the underlying collection of live data!!!
A collection it did not create.
Hows that for bad UI.
Always experiment on a separate db server.
I just got my Python project working on my new work PC!!! It took all morning 😂😂😂😂😂
I had to basically hack my company so I could do my job.
More specifically, I had to install a proxy server so Python, and other CLI tools, could access the internet via our company's NTLM/web proxy server.... After some IT morons reconfigured it... without testing or providing us a way to continue using it...1
So, there was an art student yesterday at my dorm complaining about free speech etc. She told me that they where trying to bring the schools proxy down.
I was pretty impressed because it's an art student!
She then proceeded to tell me she had downloaded kali linux and was learning html...3
>Asks client if the proxy can use self-signed cert
>Client agrees, no problem
>Client complains about "an error they're getting"
>The error: "Error in connection establishment: net::ERR_CERT_AUTHORITY_INVALID"
Am I a joke to you? Or am I just talking to a brick wall over there?7
FYI. Copied from my FB stalked list.
Web developer roadmap 2018
Common: Git, HTTP, SSH, Data structures & Algorithms, Encoding
Back-end: PHP, Composer, Laravel > Nginx, REST, JWT, OAuth2, Docker > MariaDB, MemCached, Redis > Design Patterns, PSRs
DevOps: Linux, AWS, Travis-CI, Puppet/Chef, New Relic > Docker, Kubernetes > Apache, Nginx > CLI, Vim > Proxy, Firewall, LoadBalancer
This is how I figured out I figured out how to fix my proxy settings.
Can not Netflix and chill (work) anymore.
Using angry standard;
cout << "So my mom recently started "exploring the web". I'm sure you already know where this is going; she ended up signing up for a free trail of some diet pills with her credit card on some sketchy website. The website never sent any product but attempted to charge her card over $300 multiple times. My mom's bank noticed and froze the account. She has now opened an investigation with the banks fraud department and is awaiting response. I took the liberty of running a whois look up and found the companies website is held by GoDaddy and is hiding behind Domains by Proxy (GoDaddy's sysadmin hider). I'm angry that she's in this situation but I have no idea of how to uncover the real company behind the diet pills site." << endl;
I am at a hotel and these fuckers are blocking outbound connections to port 22. They are also blocking access to any websites mentioning proxy or vpn, seriously fuck them. I managed to get a VNC connection open to one of my servers and I am now trying to set up a VPN tunnel to my servers so I can fucking do my work. >:-(6
Has been a long time since I'm appreciating working with GRPC.
Amazingly fast and full-featured protocol! No complaints at all.
Although I felt something was missing...
Back in the days of HTTP, we were all given very simple tools for making requests to verify behaviours and data of any of our HTTP endpoints, tools like curl, postman, wget and so on...
This toolset gives us definitely a nice and quick way to explore our HTTP services, debug them when necessary and be efficient.
This is probably what I miss the most from HTTP.
When you want to debug a remote endpoint with GRPC, you need to actually write a client by hand (in any of the supported language) then run it.
There are alternatives in the open source world, but those wants you to either configure the server to support Reflection or add a proxy in front of your services to be able to query them in a simpler way.
This is not how things work in 2018 almost 2019.
We want simple, quick and efficient tools that make our life easier and having problems more under control.
I'm a developer my self and I feel this on my skin every day. I don't want to change my server or add an infrastructure component for the simple reason of being able to query it in a simpler way!
However, This exact problem has been solved many times from HTTP or other protocols, so we should do something about our beloved GRPC.
Fine! I've told to my self. Let's fix this.
A few weeks later...
I'm glad to announce the first Release of BloomRPC - The first GRPC Client GUI that is nice and simple,
It allows to query and explore your GRPC services with just a couple of clicks without any additional modification to what you have running right now! Just install the client and start making requests.
It has been built with the Electron technology so its a desktop app and it supports the 3 major platforms, Mac, Linux, Windows.
Check out the repository on GitHub: https://github.com/uw-labs/bloomrpc
This is the first step towards the goal of having a simple and efficient way of querying GRPC services!
Keep in mind that It is in its first release, so improvements will follow along with future releases.
Your feedback and contributions are very welcome.
If you have the same frustration with GRPC I hope BloomRPC will make you a bit happier!3
I get an email about an hour before I get into work: Our website is 502'ing and our company email addresses are all spammed! I login to the server, test if static files (served separately from site) works (they do). This means that my upstream proxy'd PHP-FPM process was fucked. I killed the daemon, checked the web root for sanity, and ran it again. Then, I set up rate limiting. Who knew such a site would get hit?
Some fucking script kiddie set up a proxy, ran Scrapy behind it, and crawled our site for DDoS-able URLs - even out of forms. I say script kiddie because no real hacker would hit this site (it's minor tourism in New Jersey), and the crawler was too advanced for joe shmoe to write. You're no match for well-tuned rate-limiting, asshole!1
Just a rant... It really sucks to work with maven on a security-paranoid financial institution enforcing ntml proxy auth...
Also usb ports disabled... :(5
This Russian site (https://kzclip.com) literally cloned the whole of youtube including its channels and also its recommendation logic... i wonder how those crazy bastards did it.7
A lot of things dev say are true, but this one I don't believe as much:
Many devs say that it's important for everybody to learn a bit of a basic programming language, to learn about computers and how programs are made. I disagree, I think that instead people should learn *how* things work. Ex, in my school people always use a VPN to get around the proxy. I don't care if they know basic statements, I think it's more important to learn how a VPN works. Most of them don't even know what VPN stands for. Am I the only one?3
I'll just start off with how I really feel. Fuck big corporations with their career robots and retarded practices!
Now for a story. So I work remotely for most of the time nowadays, since my company has as clients big corporations. Used to be embedded with said clients, but it became kind of painful to work with them all so I asked to be reassigned to a remote position.
Now for the retarded part: The fucking Klingons I'm working with have two tiers to their VPN, but won't let me have the full version because it would be too fucking expensive. I checked and it's fucking 50 bucks per year difference.
So for that the Klingons are making me code through a remote connection that has a "best effort" priority.
Anyway after 3 weeks of writing code at a 400-600ms latency I finally snap.
I try to use a proxy and it. I write one myself, gets balcklisted in 2 days.
After about another week of writing code through a fuck straw I start working on node socket with 2 clients and a server that encrypts the send data, and syncs 2 folders between my workstation and the remote one.
It's been a month now and it is still working. It's not perfect, but I can at least write code without lag.
Question for you peeps: What shenanigans have you pulled to bypass shit like this?3
I took like 3 years to my company to get this huge-ass client to ask us to remake their website (the client is already our client for other purposes).
The old website was hosted on their local machine, behind a proxy that was there for other 30 website servers.
The old website took like 30-40 seconds to load on a browser and had a google score of 3-6/100.
We made the new website in wordpress, since it was basically a blog and managed all of the older links to redirect to the new pages so that SEO wouldn't get affected.
We then asked the previous developers to let their domain redirect to the new one (it was like example.com => ex.example.com and now it's just example.com, so we needed them to make ex.example.com redirect to example.com).
What they did was making a redirection to the 404 page of the new website, making everything go to fuck itself.
Damn this might be the first time I despise other developers, but this move was fucking awful.
I mean, I get it, we stole your big client, but it's not our fault if we made the google score go up to 90/100 in a week just by changing server and CMS.11
So, last night I came home from work and "Kung Fu Hustle" was on (cable). I watched it for like ten minutes and then turned it off. Didn't even think about it after.
Just a couple of hours ago I was on YouTube and a clip from that movie came up as a suggested video. On a browser where I'm not logged in. On a computer that's not mine. That is behind a proxy server. That is in a continent far away from me.
Am I crazy or that is actually Google doing that?10
I've seen some rants about people complaining about websites using the 'www' subdomain, so I'd like to take this opportunity to try to explain my opinion about why sites might use it.
I use to feel the same way about not having the www subdomain. It felt like an outdated standard that serves no purpose. But I have changed my option...
Sometimes certain servers have other services running other than just the website, such as ssh, ftp, sql, etc., running on different ports. What if you want to use a web proxy and caching service similar to cloudflare or a cdn? We'll you can't, because they won't allow traffic to flow through to your other ports.
That's where the www subdomain comes in. Enable your caching and cdn on your www subdomain, and slap a 301 redirect from your primary domain on port 80 or 443 to the www subdomain. This still allows you to access your other services via the domain name while still gaining the benefits of using a cdn.
Now I know you could use an 'ftp' subdomain or the like, but to each their own in that regard.7
Being a sysadmin can be the most frustrating thing ever, but it's worth it for those moments when you feel like an absolute ninja.
Switched from single threaded gevent server to an nginx configuration, added ssl, and setup a reverse proxy to flask socketio, all with less than 10 minutes aggregate downtime. On the prod server. \o/3
Do you know what a meat proxy is? It's when you work as a consultant for a company, and the company doesn't give you credentials to deploy, debug, or interact in any way with your code. You then have to work through the sysadmin, while telling him how to go through every single step, every git pull, every line of code to edit. Kill me10
- Enterprise patterns
- Enterprise type programming
- Dependency hell
- Logging hell
- Proxy hell
- Debugging hell
That will be all.7
How deep does the rabbit hole go?
Problem: Convert numpy array containing an audio time series to a .wav file and save on disk
Me: pip install "stupid package"
Console: Can't pip, behind a proxy
Me: Finds workaround after several minutes
Conversion works, but audio file on disk doesn't work
Encoding Error only works with array of ints not floats
BUT I NEED IT TO BE FLOATS
Looks for another library
scikits.audiolab <- should work
Me: pip --proxy=myproxy:port install "this shit"
Command Line *spits back huge error*
Googles error <- You need to install this package with a .whl file
Me: Downloads .whl file <- pip install "filename".whl
Command Line: ERROR: scikits.audiolab-0.11.0-cp27-cp27m-win32.whl is not a supported wheel on this platform.
Googles Error <- Need to see supported file formats
Me: python -c "import pip; print(pip.pep425tags.get_supported())"
Console: AttributeError: module 'pip' has no attribute 'pep425tags'
Googles Error <- Use another command for pip v10
Me: python -c "import pip._internal; print(pip._internal.pep425tags.get_supported())"
Me: pip install "filename".whl
Me: *spends 30 minutes to find directory where I should paste .dll file*
Finds Directory (was hidden btw), pastes file
Me: Runs .py file
Console: from version import version as _version ModuleNotFoundError: No module named 'version'
Googles Error <- Fix is: "just comment out the import statement"
Unfortunately this shit still didn't work after two hours of debugging, lmao fuck this7
I am building a website inspired by devrant but have never built a server network before, and as im still a student I have no industry experience to base a design on, so was hoping for any advice on what is important/ what I have fucked up in my plan.
The attached image is my currently planned design. Blue is for the main site, and is a cluster of app servers to handle any incoming requests.
Green is a subdomain to handle images, as I figured it would help with performance to have image uploads/downloads separated from the main webpage content. It also means I can keep cache servers and app servers separated.
Pink is internal stuff for logging and backups and probably some monitoring stuff too.
Purple is databases. One is dedicated for images, that way I can easily back them up or load them to a cache server, and the other is for normal user data and posts etc.
The brown proxy in the middle is sorta an internal proxy which the servers need to authenticate with to connect to, that way I can just open the database to the internal proxy, and deny all other requests, and then I can have as many app servers as I want and as long as they authenticate with the proxy, they can access the database without me changing any firewall rules. The other 2 proxies just distribute requests between the available servers in the pool.
Any advice would be greatly appreciated! Thanks in advanced :D13
oh, I have a few mini-projects I'm proud of. Most of them are just handy utilities easing my BAU Dev/PerfEng/Ops life.
- bthread - multithreading for bash scripts: https://gitlab.com/netikras/bthread
- /dev/rant - a devRant client/device for Linux: https://gitlab.com/netikras/...
- JDBCUtil - a command-line utility to connect to any DB and run arbitrary queries using a JDBC driver: https://gitlab.com/netikras/...
- KubiCon - KuberneterInContainer - does what it says: runs kubernetes inside a container. Makes it super simple to define and extend k8s clusters in simple Dockerfiles: https://gitlab.com/netikras/KubICon
- ws2http - a stateful proxy server simplifying testing websockets - allows you to communicate with websockets using simple HTTP (think: curl, postman or even netcat (nc)): https://gitlab.com/netikras/ws2http
I work as a .Net consultant. Currently I am at a company that blocks all sociale media sites and sites that look like 'em. I don't mind the social media, but YouTube is also blocked and I need my dose of daily epic music world while developing. So, I set up a proxy on my server to easily bypass these blockades. Note: company policy says nothing about not being allowed certain websites, I always read this before using this trick.
Last week, a new guy joined the company and gets a desk just next to me. After a lot of looking at my screens and trying stuff he asks me for the entire office: "Hey how are you going on YouTube? It doesn't see to work for me.". 😫
The rest of the day, I had to explain to co-workers what a proxy is (they don't care about any tech they don't need...). And I had to explain to the pm that I was not hacking their network...
I'm not sure if I will be getting along with this new guy.... 😧1
I've been working on a web accelerator proxy for two days now, I got the backend done and extension is in the works.
However I kinda need help with the extension (Im not exactly proficient with extension making) so if you wanna help the link is https://github.com/sr229/filo
The main inspiration for this is basically my shitty 3G connection and my country's likewise shitty internet situation. It's like Data saver but it works on https as well2
It's frustrating when network guy blame tomcat is not running and hence something wrong with application without fucking checking proxy settings. Fucking waste my 2 hours and in the end he looks like idiot. Good Morning.
The primary concept of reactive programming is great. The idea that things just naturally re-run when anything they rely on is changed is amazing. Really, I think it's the next step in programming language development and within a decade or two at least one of the top 5 programming languages will be built entirely on this principle.
Expecting every dependency to be used unconditionally is stupid. Code that checks everything it might need all the time even if a decision can be made from much less information is simply bad, inefficient code. If you want to build a list of dependencies automatically, you have to parse the source.
Managed to find an advantage of IE, and it's not for downloading Firefox or Chrome.
Nah, I just discovered that you can actually add a shortcut on your bar task on Win7 with the favicon of the website (I guess it's the favicon), and IE will directly open to it with slight minor color changes.
So now when I need to check if any commit were made on the repository, I have a shortcut to the website so I can check fastly o/
(why I use IE for that ? Because Firefox and the proxy have some issues, and I had bad experience with Chrome. ¯\_(ツ)_/¯ But IE does the small job I give him, so I don't complain)1
F**king hate Windows for its insanely confusing proxy setup required for software development...
> Setup proxy in Windows network settings
> Then, setup HTTP_PROXY & HTTPS_PROXY environment variable at the system/user level.
> Followed by separate proxy settings for java, maven, docker, git, npm, bower, jspm, eclipse, VS Code, every damn IDE/Editor which downloads plugins...
> On top of everything, find out the domains which does not need to go through proxy and add them to NO_PROXY.. at each level..
> It does not end here. Sometimes, I need to setup proxy for SSH connections... like, if I have to use git with SSH and not HTTP/S... Uhhh....
More than half of the problems me and my dev team face is related to setting the right proxy. Why can't it be like, set in one place and everything picks up from there, like in any linux machine or for God's sake, a Mac ?
Worst of all is, my org uses a configuration script, which resolves into a list of proxy servers, from which one of them will be used. So, I need to download that script, find out which is the right proxy server and then, use it in all the aforesaid places... WTH ?????
Is this a common workplace problem for all developers ??? Will this be solved by Windows Subsystem for Linux ???9
I spent hours trying to enable CORS on AWS Lambda through API gateway (it was supposed to be simple and Amazon had a nice tutorial) but it turns out that there's a known bug that makes Lambda Proxy Integrations not adhere to any setting in the API Gateway, you have to respond with the headers through the Lambda yourself.
Amazon now mentions this in the tutorial, but if you click "Enable CORS" in API Gateway, it'll show you green check marks and tell you that everything went fine, but you'll find that the Lambda does not respond with the CORS headers. They shouldn't even have "Enable CORS" as an option when you use their Lambda Proxy Integration.1
So for those of you keeping track, I've become a bit of a data munger of late, something that is both interesting and somewhat frustrating.
I work with a variety of enterprise data sources. Those of you who have done enterprise work will know what I mean. Forget lovely Web APIs with proper authentication and JSON fed by well-known open source libraries. No, I've got the output from an AS/400 to deal with (For the youngsters amongst you, AS/400 is a 1980s IBM mainframe-ish operating system that oriiganlly ran on 48-bit computers). I've got EDIFACT to deal with (for the youngsters amongst you: EDIFACT is the 1980s precursor to XML. It's all cryptic codes, + delimited fields and ' delimited lines) and I've got legacy databases to massage into newer formats, all for what is laughably called my "data warehouse".
But of course, the one system that actually gives me serious problems is the most modern one. It's web-based, on internal servers. It's got all the late-naughties buzzowrds in web development, such as AJAX and JQuery. And it now has a "Web Service" interface at the request of the bosses, that I have to use.
The programmers of this system have based it on that very well-known database: Intersystems Caché. This is an Object Database, and doesn't have an SQL driver by default, so I'm basically required to use this "Web Service".
Let's put aside the poor security. I basically pass a hard-coded human readable string as password in a password field in the GET parameters. This is a step up from no security, to be fair, though not much.
It's the fact that the thing lies. All the files it spits out start with that fateful string: '<?xml version="1.0" encoding="ISO-8859-1"?>' and it lies.
It's all UTF-8, which has made some of my parsers choke, when they're expecting latin-1.
But no, the real lie is the fact that IT IS NOT WELL-FORMED XML. Let alone Valid.
THERE IS NO ROOT ELEMENT!
So now, I have to waste my time writing a proxy for this "web service" that rewrites the XML encoding string on these files, and adds a root element, just so I can spit it at an XML parser. This means added infrastructure for my data munging, and more potential bugs introduced or points of failure.
Let's just say that the developers of this system don't really cope with people wanting to integrate with them. It's amazing that they manage to integrate with third parties at all...2
Yeah, sitting on a chainsaw is painful and all but have you ever tried setting up wordpress behind a reverse proxy with https?3
"We want you to run the site"
"We want you to run the site."
Loop this a few times. Can't say I didn't try to save them the money...2
so I installed nginx on my server this week. I feel like a giddy kid now installing one self hosted app after another. REVERSE PROXY ALL THE THINGS!
Right now I have reviewboard and drone (drone.io) installed. Any of you guys have suggestions for other cool stuff to try out? Mostly interested in something with a web API that can do fun stuff :)3
You know the configuration sucks if it's a one file, 10 K lines nginx reverse proxy configuration.
But what really really really sucks....
If the person who wrote it was a google craptastic copy pasta ninja.
For fucks sake, if you don't know what you are doing, just stop.
I've had this in so many rants, it's terrifying how many devs seem to be completely unaware of what they're doing Oo
This time, fuckwad ignored the basic principle of NGINX configuration: set the HTTP version for the proxy.
It's by default HTTP 1.0 - as HTTP 1.1 requires a Host Header _which you must set if not already present_.
The fuckwad had all kinds of scary optimizations enabled. Literally a bukkaka (not a typo) of <way too high value> and <too obscure configuration value that cannot apply here>.
But the most trivial thing, enabling HTTP 1.1 and keepalive. Nope.
Not in it.
It's funny how fast NGINX can be without the bukkaka of configuration values but HTTP keepalive enabled.
*me sits in the silent corner of the plushy pink room with soft walls*1
Fuck environments without direct internet access and only http proxy in place.
That is all, thank you for listening3
Chrome 63 forces .dev domains to HTTPS via preloaded HSTS.
Well, FUCK YOU google. Why do you even give a shit of my local proxy.13
That FML moment when you find after hours of debugging that the fucking college proxy was the only reason your project was not running.
Since, I am already using Mullvad's vpn service, I also stumbled on https proxies.
Is it still safe to enter my devRant login data, when I would use a https proxy in FF's settings?
The Proxy is a free elite https proxy.
And devRant also uses SSL.
The traceroute would seem like this I guess.:
VPN(*le me sendin my password -> SSL Proxy -> SSL DevRant)
Following that path, I would assume that it would be like this in detail:
-PW gets encrypted by VPN service
-" " " again " HTTPS Proxy
-" " " again " devRant itself9
Long time stalker, but I finally signed up! Maybe I have dragged it out to not get too addicted, but it seems like that plan has failed.. ;)
Now for the question:
Can anyone recommend a VPN provider (well, functionally proxy) that works in (South) China these days? Because of the holidays the CCP is blocking everything they can to ensure that.. well let's not get political.
Priorities: Reliability > Privacy > Cost (trial or guarantee would be great though)
Alrighty. So websockets don't like to forward through Apache2's reverse proxy. Nginx here we come...
Linuxxx I need yo help pls15
Started a new job as a dev. First days revealed no local admin rights, no right to use Linux locally and a very limited set of Software. Negotiated compromise to get a remote VM with Linux and a user who is part of sudo. VM turned out to be isolated by proxy, so I can not install anything new. At least Docker is pre-installed and I hoped it could work out. But guess what no access to dockerhub and I can not pull any images. Admin told me to copy manually the images with scp.
I'd never thought that there could be any companies out there who treats devs like that. What puzzles me most, there're lot of devs staying with that company for years, even decades already and they're good guys, please don't get me wrong.
Did you encounter anything like that? Could you make any difference there, where you met anything like it.
I reached the point after 3 weeks where I do not think I can make any difference and when it'll take ages to move people and company policy.
I do not want to give up, but I fear it is pointless to fight for change there. I am out of options and about to leave asap. Can you recommend me anything else?
Thanks in advance and for your time :)
Felt good to write it down.13
With a recent HAProxy update on our reverse proxy VM I decided to enable http/2, disable TLS 1.0 and drop support for non forward-secrecy ciphers.
Tested our sites in Chrome and Firefox, all was well, went to bed.
Next morning a medium-critical havock went loose. Our ERP system couldn't create tickets in our ticket system anymore, the ticket systems Outlook AddIn refused to connect, the mobile app we use to access our anti-spam appliance wouldn't connect although our internal blackboard app still connected over the same load balancer without any issues.
So i declared a 10min maintenance window and disabled HTTP/2, thinking that this was the culprit.
Nope. No dice.
Okay, i thought, enable TLS 1.0 again.
Suddenly the ticket system related stuff starts to work again.
So since both the ERP system and the AddIn run on .NET i dug through the .NET documentation and found out that for some fucking reason even in the newest .NET framework version (4.7.2) you have to explicitly enable TLS 1.1 and 1.2 or else you just get a 'socket reset' error. Why the fuck?!
Okay, now that i had the ticket system out of the way i enabled HTTP/2 and verified that everything still works.
It did, nice.
The anti-spam appliance app still did not work however, so i enabled one non-pfs cipher in the OpenSSL config and tested the app.
Behold, it worked.
I'm currently creating a ticket with them asking politely why the fuck their app has pfs-ciphers disabled.
And I thought disabling DEPRECEATED tech wouldn't be an issue... Wrong...
How to know your network proxy sucks: when everything IDE-related (downloading new package, using Gradle…) is blocked, but almost everything prohibited (like streaming) isn't.
Docker with nginx-proxy and nginx-proxy-le (Lets Encrypt) is fucking awesome!
I only have to specify environment variables with email and host name when starting new containers with web servers, and the proxy containers will automatically make a proxy to the new container, and generate lets encrypt ssl certificates. I don’t have to lift a fucking finger, it is so ducking genius2
How would you support multiple versions of an API and why?
- Multiple version instances behind a load balancer.
- Versioned controllers behind a proxy.
Curious to hear yours thoughts and reasoning.2
PSA: If you do reverse proxying stuff, prefer unix domain sockets over localhost internet sockets, if it's on the same machine (and if it's forwarded over ssh too). You can even serve HTTP as a unix socket.
Unix domain sockets don't have the overhead of IP, so generally speaking, data will flow to your other process with much less overhead.
I've recently stopped being lazy at this, and it's worth it.3
While setting up a node app while sitting behind draconian proxies:
- first, set $http_proxy & $https_proxy
- set git proxy
- then, npm proxy, jspm proxy and bower proxy
- followed by strictSSL to false.....
After moving to home network/VPN, change all of these proxies again. It is a never ending vicious circle :(1
This is PART 2/2 of a series of rants over the course of a software engineering course years ago.
We were four team members, two had never failed a class, I’ll refer to them as MT and FT, male and female top students, respectively, and an older student with some real world experience who I’ll refer to as SR.
Rant 6: After the previous drama MT built the groundwork for the project without allowing us to intervene for a week. When he finally disclosed his code he gave us tasks and I was stuck unable to run the new project, due to the friction with MT I asked SR for help which took a couple of days. MT accused us of not wanting to work and claimed he’d just do everything himself. I continued working on the task improving MT’s code and committed the work, which surprised MT and told me I didn’t have to do it. He ended up complimenting my code and complained less about me as a result.
Rant 7: MT kept giving SR flak for not working and took him out of the repo, which I promptly forked just in case he tried anything scummy. SR was indeed working on certain things, but he wasn’t listening to MT’s demands, there was no team coordination. I had to act as a proxy and push some of SR’s changes myself while informing him of the state of things.
Rant 8: When MT finally added SR back and some of the tasks were cleared up, FT didn’t cooperate. She seemed to have zero initiative and always relied on MT to tell her what to do, which didn’t include coordinating with SR to get the front-end templates running. I tried getting them in a group chat but it didn’t work, she just ignored him.
I learned a few things from that.
1. No matter how smart or experienced someone may seem, sometimes people are just petty or take things too personally.
2. Top students are sometimes too focused on their grades and disregard depth of knowledge and work quality.
3. A bad team at college can somehow make something acceptable if everyone works on things that add some kind of value.1
I have a gitlab instance behind a reverse proxy at gitlab.mydoman.pizza (yeah my TLD is .pizza 😎🍕). I have a personal site hosted on GitHub pages. I have a CNAME record in GitHub repo pointing to mydomain.pizza. I have 4 A records on my domain registrar pointing to the GitHub pages server IP addresses. now both mydomain.pizza and myusername.github.io both go to my gitlab instance??¿¿ what the fuuuuuckkkkk?¿?¿1
- Implemented oauth1 - no body hashing
- URL contains credentials in plain text
- Used Azure API management feature as a proxy of the our API, however the documentation was on the our API, thus exposing the API URL with no management to developers.
- easy resource DDoSing because each trial user got a DB, the registration process did not have bot checks. You could literally freeze the db instance by spamming registration requests.
My client installed a new proxy that severely blocks out most of their own intranet, including their IT service desk. We can't raise tickets to let them know and their email just redirects us to their service desk. Fuck me these guys are idiots.
So there I am sitting in front of my laptop, and trying to npm i and I am getting all sorts of sha mismatch errors.
After lot of debug I conclude it is coming from the proxy as it refuses to download and supplies the error page.
It says it's because I'm using the old proxy so they give me the new URL which I set up and it works.
All good until my password expires. I use our bash script to change it. NPM is buggered again throwing the same errors.
Go to IT, tell them the saga begins.
After a countless hours of looking at the log files we notice that the npm registry is set to http instead of the standard https (thanks bash script). so our firewall blocks the download.
Almost. NPM now works fine, but when I go and I play around with node and axios, I get my requests time out. My instinct says its the bloody proxy again.
So I hit up my trusted WIN Support guy and he confirms that the url is not blocked. So he starts monitoring whats going on and turns out, every time I run the node app, node casually ignores the system-wide proxy settings and tries to send the request as the PC rather then my username.
Since the pc's don't have rights on the proxy it is being refused...
Thank fuck for the corporate proxies, without them, I could just develop things not ever learning these quirks of node...3
Just found a tutorial on DigitalOcean to setup traefik so I can easily make my images accessible to the outside.
"So create this file, add this in it, create this proxy, run this long ass command, and when you go to 'https://monitor.example.com', you should get this dashboard"
Got "This website is not available".
Built a pFSense box for home with said proxy. Even though my internet connection is slow it seems fast now thanks to squids MITM https proxy and http proxy. Plus a little QoS helps. And it has so many more features than a regular router.... WTF didn't I do this sooner?4
I am forced to work with a client's notoriously slow SOAP api. Slow in this case is 1.5-2s per request.
The api is structured rather... creatively... at the same time. So we have to bombard it with thousands of requests to build our data base with historical SOAP data. Also the data sometimes is a couple of hours late, giving a flat line (all values at 0) until retroactively fixing the output for the same requests.
So to fill one dev data base with a year's worth of historical data (nice to have when testing a dashboard application) we hammer the api with ~20k requests (~1 million if we want to be thorough).
Best thing about that: There is no staging/test api and the prod api seems not to handle lots of requests at the same time very well...
Latest thought: Maybe we could put a varnish cache in front of the SOAP for testing. Better have wrong data, than nothing at all and we don't kill the prod clients every time we ramp up a new instance.
Also that would dramatically decrease the 4.2 hours of data pumping to about 7 minutes after the first run.
Fucking spent already 2 days trying to proxy pass deluge webui from an internal windows server via nginx, the fucking tab title changes to "deluge webui" but all the files get 404d and since I can't configure another nginx to do try_files on the windows server, I am stuck, for fucks sake.6
today I thought writing a quick project, a youtube proxy server, as in, you browse localhost:<PORT> and youtube comes in the response.
this is not rocket science as proxy servers have around for a long time.
I thought it'd be interesting to code it in userland, as opposed to "systemland".
And 50 lines of code and some minor hurdles later I see youtube "running" in localhost.
Although youtube didn't just work as usual since the videos don't actually come from youtube.com, but from googlevideo.com instead. And my browser, expectably, enforces CORS and forbids any requests to it.
At that point I started to think of ways to somehow proxy googlevideo.com too. But the solutions are not at all trivial.
Then I thought what was the payoff of all this. I tried to proxy serve youtube out of curiosity, and sure thing, you can do it.
But what problem would proxying youtube solve? Maybe I should think in a fuller way what are the problems I have with youtube.
One issue I have is the exposure, discoverability. To explain it, let's say I have been watching a very, very big amount of videos as of today.
Personally I would expect youtube to understand very well by now what my tastes are, what do I want to watch and what I do NOT want to watch.
Notice that I am very black and white, and I do not have much interest in watching certain types of videos.
It could be true that if my expectations of how youtube should work became reality then youtube recommendations would become polarizing or echo chambering.
But that is my decision though, and the problem with youtube is that it's seemingly forcing a single recommendations algorithm onto everyone.
Some people are more open minded and want to watch EVERYTHING, and a lot of people don't.
But users aren't deciding what they should get recommended. Youtube is making that decision for them. And it sure feels like it's trying to maximize ad revenue.
I for one don't give two flying fucks about pranks or diva youtubers. Yet youtube is adamant in presenting some of these to me.
Now, trying to come up with a solution for this is really non trivial. It would definitely require some youtube mining, or some kind of network so as to not get rate limited when mining, and even then you still have to think of how a good recommendation system would work.
I think the implementation of all that would be too much for me (time and skill wise). But I think it's fun to at least try to outline how recommendations could work.
I would very much prefer that when youtube recommended something, at least it has some number of confidence meaning how much would I like that video, so at least I know what to expect.
It should also have some indicators like what is the mood of the video. As in, sometimes I watch youtube in the mood of learning, like programming videos, but most of the time I watch to get entertained.
These ideas are just brainstorms and could be terrible on reproduction, but I'd like to hear what ideas can some of the people here can come up with.2
Just needing to vent a bit...
We start off with classic asp.net & Xamarin. K.
Then we run into the shitshow that's lackluster documentation and heavy push for asp.net core.
Whatever, will just handroll things.
K. Azure is quickly turning expensive..
Well let's find alternatives.
Yeah, no Linux ain't gonna work.
Wanna shell out for a windows server? Nah.
K. Well, let's rewrite in asp.net core then.
Nginx proxy passthrough to kestrel. Ez.
Now.. wtf is the deal with mssql behaving like a turd on Linux?
Oh now some security jibber about telemetry and adding Microsoft keys to root.
Whatever. I can do PHP & MariaDB then.
1001 things wrong about Xamarin now.
Mostly performance related.
Especially cuz custom renderers for everything.
& Abused onPropertyChanged.
Uh la la, look at that sexy thing called react native.
Hippytyhop new tool for the job.
Ugh wee, what's this ? Customer impatient & deadline for months worth in Xamarin => 1 week.
Whelp I be fudge..6
I deployed docker on a VPS a few weeks ago as a sort of learning experience since I haven't really worked with containers much before. Today I learned that docker doesn't like firewalls.
Or, to be more specific, it adds rules to iptables that are applied prior to ufw rules, allowing external connections that I really didn't want to allow. If I don't explicitly specify that a port is to be published only to localhost, then it punches a hole through my firewall without telling me.
Which means that all of my containers running behind an nginx reverse proxy that auto-redirects to HTTPS... were also accessible directly via HTTP.
I'm... trying to think of a reason why this kind of default behavior was a good idea, but I'm drawing a blank.
Not really hacking, but every time I work from home(a couple times a week), in lieu of using my company's VPN, I connect to the company network with an SSH reverse tunnel. To make this possible, I wrote a port knocker that runs in a tmux session on a server inside the network. It tries to connect to a high-numbered port on my home machine, and if successful it opens the reverse tunnel. At home, I manually run a script that opens that port and informs me when the reverse tunnel is established.
Then I open an SSH socks5 proxy and use that in my Firefox dev edition, which I use entirely for work.
This is actually much easier than using the actual VPN.
Unable to access cpanel/whm due to IP changed error.
me : please connect me to networking team (out sourced)
hr : why ?
me : I have some issue to access cpanel. I contacted to hosting comapny but it is not their fault so may be it's our network issue.
hr : explain me in details.
me : ok
from morning I am trying to access whm because our website is out of bandwidth limit and showing 509 error ,I contacted to hosting comapny but they explained me problem from our side. SO i wanted to talk with network team about this issue because I am not using any proxy or vpn even my tor browser is off too still ip chaged error giving frustation. second reason I am frusted that my public IP and private IP is not chaged.
one more your windows pc freeze 3 times from morning.
do you need in detailed technical reason why I want to talk with them.
hr : no no no *hang up*
after 2 minute *my landline ring*
hr : network engineer on other side.
One day I helped another teacher with setting up his backend with the currently running Nginx reverse-proxy, peace of cake right?
Then I found out the only person with ssh access was not available, OK then just reset the root password and we're ready to go.
After going through that we vim'd into authorized_keys with the web cli, added his pub key and tried to ssh, no luck. While verifying the key we found out that the web cli had not parsed the key properly and basically fucked up the file entirely.
After some back and forth and trying everything we became grumpy, different browsers didn't help either and even caps lock was inverted for some reason. Eventually I executed plan B and vim'd into the ssh daemon's settings to enable root login and activate password authentication. After all that we could finally use ssh to setup the server.
What an adventure that was 😅4
Today I had a full-day job interview for a junior data scientist position.
First I met the team which was only like half of everyone because apparently everyone was gone on Fridays. However the few there were really nice.
First task is to do some basic data analysis stuff even though I already spent a week on the coding challenge and sent them all my code/tasks. I log into my machine and create a new virtual environment but can't for the life of me figure out how to use the command line in windows to install packages. Turns out there is some problem with their proxy and they have to log me in on that. Then I am struggling on the keyboard because it's for a language different that my mother tongue and it takes me 3x as long to so the most simple things. All my shortcuts are out the window. Haven't a hard time typing parentheses and brackets. Start freaking out and have a panic attack mid task. I'm sweating bullets. I didn't even make it to the simple visualization tasks much less the models at the end. Time gets called and we all go to lunch and I'm freaking out on the inside the entire time. Angry at myself because I know I am better and just couldn't think.
After lunch I present my code and results from a coding challenge I did weeks prior. People from other teams get invited and I end up getting grilled for 2 hours by 15 people. Questions are flying in from all sides. They ask me almost everything I know about machine learning and some more. Under stress I forgot the name of the optimizer I used and couldn't answer some easy stuff because my mind was racing.
Right now I am on the train home and my body physically hurts. I am disappointed with myself and wish I could have shown up better. Never really froze up like this before.2
I've been working on migrating my personal e-mail server for nearly a month.
Old (Linode): opensuse 13.1 (no longer gets update) running postfix + amavis-new(with spamassassin and clamav) + dkimproxy + dovecot
New (Vultr): OpenBSD 6.3 running opensmtpd + spampd(spamassassin proxy) + clamav + dkimproxy + dovecot
I'm surprised I only have 5GB of e-mail, considering I migrated all my gmail there a while back; 5GB for ever e-mail since 2004.
I finally got all the DNS switched over and tested all the end points this morning. The whole thing is done in Ansible so hopefully switching to another provider will be a lot faster:
to;dr: I think I'm retarded. I don't know how to networking.
got Proxmox set up on my server... sorta. I suck at networking. I bought a domain name, and I'm trying to have each container have a subdomain of the domain name I bought. each container has a unique internal IP address, but they all share the host's public IP address. so after a couple hours of googling, I THINK what I need to do is run a reverse proxy server on the public IP and route each subdomain manually to an internal IP address with something like nginx..... or am I retarded?3
Do you hate proxy as much as I do ?
Just spent an hour debugging my proxy settings just to push my work on GitLab. The bug didn't come from my settings but the proxy itself... such a waste of time 😓2
The weekend is finally over, I have updated my Web Proxy and built an entire blog to post on and applied for a bunch of ad-networks.
I think I have been rather productive ☺
Today I'm bringing a tool for you guys, mount servers with old phones Or have servers in your phone for testing.
Tool: Servers Ultimate Pro
Note1.: Doesn't handle well above android 6+, So test one of the free servers you're intending to use before buying.
Note2.: This App costs around 10€/$ but you can get single App servers for free (I think even html + php + mysql package for free).
Not promotional, I'm just a user that loves this App.
I already talked about this a few times (usually I just call the cell phone I'm using my web server), but as a noob I don't even knot the possibilities.
This App comes with more then 70 protocols (60+ servers and a mix of servers).
From ssh, ftp, html (nginx, lightppd, Apache, simple) with php and mysql, Webdav...
Run over 60 servers with over 70 protocols!
Now you can run a CVS, DC Hub, DHCP, UPnP, DNS, Dynamic DNS, eDonkey, Email (POP3 / SMTP), FTP Proxy, FTP, FTPS, Flash Policy, Git, Gopher, HTTP Snoop, ICAP, IRC Bot, IRC, ISCSI, Icecast, LPD, Load Balancer, MQTT, Memcached, MongoDB, MySQL, NFS, NTP, NZB Client, Napster, PHP and Lighttpd, PXE, Port Forwarder, Proxy, RTMP, Remote Control, Rsync, SMB/CIFS, SMPP, SMS, Socks, SFTP, SSH, Server Monitor, Stomp, Styx, Syslog, TFTP, Telnet, Test, Time, Torrent Client, Torrent Tracker, Trigger, UPnP Port Mapper, VNC, Wake On Lan, Web, WebDAV, WebSocket, X11 and/or XMPP server!
Having a shit of a time trying to figure out why Docker containers are not accessing other containers via domain names as they should technically be going through the jwilder nginx proxy container.
Why can't environment setups ever be simple?
I have a dream, that one day I'll be able to work normally without the FUUUCKING corporate proxy blocking every shit1
I‘m currently writing a http proxy server (something like the proxy mod in Apache, but more special). One the one hand is is nice that HTTP 1.1 can use one TCP connection multiple times, but on the other hand it is very annoying. Because I need to rewrite the Host header. And therefore I need the start of the HTTP header. I solved it after some time, but now my code is more complicated than before.
Development: we need Nginx installed on *insert server list*
Me: ok, let me get in tough with the platform team.
Platform team: This should be installed in the userspace, Unix teams don't support this.
And here I am, trying to get a reverse proxy running on servers on which I do not have sudo rights.
Since it doesn't work, it's my fault, both sides block the door.
I installed it locally on a virtual machine, but the compiled or installed code doesn't work once copied.
The joy of being an "application engineer". This job title means nothing!12
When people are thinking that just by deleting UIDAI number ,their phone is hack free now.🤣🤣
So I reverse engineered the
protocol of QONQR: World in Play and made a mitmproxy addon running locally inside termux that can see when I launch in the game and uses Termux:API to notify me when my ingame resources are replenished.
I direct the traffic through mitmproxy using Drony. I configured it so that by default Drony passes traffic directly to the internet except if it comes from the QONQR app.
The problem is that while Drony is running, there is a chance of network traffic being corrupted so I often get spammed by connection and ssl errors.
So I have to either continue sacrificimg my network integrity or stop getting assistance ppaying QONQR :-/
Does anyone know an alternative to Drony (basically an app that can connect you to a proxy without root using the android vpn api, if possible with filtering by app or ip)?
Also does anyone else have problems with drony on Android 9 or other versions? I don't really have an opportunity to test it.
Edit: It only took 4 tries to post this yay3
At this point of my side project I wanted to check out openresty for dynamic proxy creation in nginx.
Happy to check it out I installed centos 7 as guest using new command I just learned virt-builder that would automate vm creation.
Spend 10 hours debugging why I can ping and ssh but cannot get to application port from any network.
Checked iptables, restarted network, reinstalled vm again 3 times with different methods.
Scrolled trough whole internet and it’s mostly outdated problems.
Learned bunch of new commands without new results.
Results were always the same:
No route to host.
Turned out firewalld is fucking thing now.
systemctl firewalld stop helped
Now I know that systemd would kill me at some point for sure.
What I can add at this point ?
Please add more distros, differences, standards and programming languages so world definitely would be better place.
I need a short break now to actually start making shit that I wanted to start at 4-5pm on Saturday.
It’s Sunday 3:30am and time for breakfast.
At least I am happy it started working.2
To all developers working on publicly visible APIs or writing public documentation.
DON’T BE A DICK !
Do not just put a screen capture of your curl request which takes 10 minutes to write by hand.
Do not show me list of arguments as an image.
Have AT LEAST one executable demo project (Any language)
And, it’s 2020, add a fucking proxy generator.
How hard can it be?10
Need some ReactJS help:
So I was able to redo a browser extension project to fit my needs for my browser proxy project, however for some reason, the original source code doesn't seem to know the Setup class for the setup page. Webpack is not the issue but it seems it can't find the exported class, which makes the browser extension unusable. I hope you can help with my silly screwup.
Extension Source code: https://github.com/sr229/filo/...
I really lost all hope :<1
After waiting a while for another programmer on another team to provide a web service that I needed to call from a client side web form, I received word that it was ready. I could not get it to work because CORS headings were not being set correctly. After contacting them and letting them know, I got an email update to the team letting everyone know that they were waiting on me. After explaining that CORS headings were not there, I just built a PHP page to proxy the request, results and set the headers correctly so I can move on. I will remove it when they get their side fixed... if they ever do.
How I am supposed to work efficiently with that virus scanner, proxy and slowpoke artifactory !
Any npm install make me super anxious.
Not to mention the 1hour long ci that can break at any given point for various reasons 😭
Anything about working on this project has gone downhill for me it’s unsustainable…
Yet every time I mention how desperate it make me I feel incredibly lonely and everyone seems to see it as completely fine. I feel like my soul is leaving my body 😩6
Probably the one where we had an error, because the service from a thirdparty we needed to install used a fourthparty service that was behind a proxy. Due of internal reasons we needed to use our own tomcat instead of the standard tomcat. We made a meeting because we didn't found out at that point that the problem was the firewall that dropped the packages from the application. We replayed it to them (at that point it was in my musclememory) and after a month i got the idea to use tcpdump to see if the server is calling another webservice, which was denied by the developers.
Does any one of you own a Omnia Turris (https://omnia.turris.cz/en/)?
In our new apartment, we'll have a 1 Gbps fibre connection (not that we would realy need it, but hey!)
However we need a Router that suports Fibre. The service provider suggested a FRITZ!Box 5490.
I thought about getting the Omnia Turris and run https://pi-hole.net as DHPC on it and maybe add a proxy for TOR or install openHAB later on.
So if you own a Omnia Turris or know someone who owns one, would you recommend it? If yes, why? If no why not? Any additional things I should consider?2
Last weekend I was working on a small project for a friend of mine: a dockerized webapp, plus API backend and DB. I had some problems with the installation on the vps and had to try out different images and never really did a complete setup of my usual dotfiles. Got it running on an Ubuntu distro. Everything great.
It was the first release so I still had to check that every configuration worked ok, like letsencrypt companion container, the reverse proxy and all that stuff, so I decided to clone the whole project on the server tho make the changes there and then commit them from there.
Docker compose, 10 lines of code, change the hosts and password. Boom everything working. Great... Except for the images in the webapp.
WTF? Check the repo, here they are, all ok. I try different build tactics. Nothing. Even building the app on another docker always the same. Checked browser cache, all the correct ports are open. I even though that maybe react was still using some weird websocket I didn't know, but no.
Damn, I spent 5 hours checking why the f*** the server wouldn't make it out.
Then, finally, the realization...
I didn't install the f******* git-lfs plugin and all I was working with were stupid symbolics links! Webpack never even throw an error for any of the stupid images and the browser would only show a corrupted image, when decoding the base64 string.
Literally the solution took 5 minutes.
F*** changes on production, now I do everything on a fully automated CI.
So I'm basically fucked.
There's a major bug on an SPA I developed for a client, but I can't reproduce it because I don't have a recent iPhone or iPad (the only ones I have a way too old and either way I can't debug them without a mac) and I can't reproduce the bug on my android.
To overcome this in the past I installed a hackintosh on my pc and used it's iphone emulator, but I fucked it up and had to reinstall all my OSs but was too lazy to reinstall macos. Now I don't remember how to install it anymore, idk where I downloaded the fucking mojave virtual box image and the macos bootable usb stick I have just doesn't work anymore (probably some missing kext or whatever).
I really do not know what I'm gonna do. There's this ios-webkit-debug-proxy thing that might help me, but it just looks like it's a hassle to install and since I don't know what I'm doing the chances of it working are pretty slim. I might try that but I'm fairly confident it won't work. And even if it does, I still can't install chrome on the iphone I own because it's too old and my dad probably won't let me upgrade it to a new version.13
What a consultant's gotta do for his timesheet when homeworking:
1. Fill in Excel, send to self by mail (corporate bitlocker protected PC on proxy that doesnt allow local printer connections)
2. Go upstairs to secondary Windows PC (no Excel on main Linux laptop) and open mail
3. Send to printer, wait 10 minutes (old printer needs to 'warm up')
4. Sign timesheet and go back upstairs
5. Scan signed version, send mail to self.
6. Open personal mail on corporate laptop, send to manager. (can't send directly from personal mail)
7. Wait to get back signed timesheet from manager
8. Finally, send to own admin dept.
2 story points completed, time for a break.1
So some people really liked the last article I wrote, so I figured I'd share this one that's kinda on the same topic:
So I use Git intagrated in Visual Studio for the project's repository at work. But I don't like using it because I always used the command line to do stuff on my projects (including those at school, plus last time I used a GUI, I managed to do a merge without being conscious about it).
Why can't I change ? Well, because the proxy block every download link. Or almost.
So a documentation that was updated like 9 months ago was explaining things, and mentionned Git by provinding links to download the bash version. Happy, I click on it and try to download it.
Proxy blocked it.
Just fucking update your documentation1
Been trying to learn Docker when I hit a brick wall. How do I use nginx reverse proxy + letsencrypt with multiple containers? I only managed to do it with a single container. Using docker-compose or stuff like that I guess?6
finally got my server up and running with a configuration I'm happy with! running Proxmox VE on the host, and each application in an LXD Linux container within Proxmox, and a reverse proxy server on the host to route subdomains to internal container IP addresses. check out what I've got running! https://mjones.pizza2
I just woke up from a lucid dream.
I could really control the situation, but it was fun telling my mate how IT stuff works LOL.
It's 3.22 am for me rn.
I fucking told my classmate how the proxy server at our school works. How the packets are being sent and received, how they get cached at the proxy server and through how many nodes they approximately get.
PS: I don't have a rubber ducky or whatever you call it to tell the problems of the program to it.7
A serious question: what kind of stack should I choose so I can run a web backend installing no deps whatsoever? I know that Perl works on ubuntu out of the box. Anything else? Maybe Python?
Also, what can be used to replace a reverse proxy like nginx? And what kind of database is available out of the box?11
So I and couple of my friends are facing this chrome issue where 'waiting for proxy tunnel' , apparantly it's changing my location too,
It should return .co.in and returns .ae ,
Wtf I'm scared as hell, for now Firefox is a lifesaver ♥️3
So I developed this proxy server that will throttle down API calls to one of our providers so we don't get blocked for TOS violation...
Some dude had a tool running all day long which crashed 2 minutes before I left work.
This literally ruined my day until I recalled it's all cached!!!!
Mood is back again and I deserve my beer!
I design 3D CAD models in my office system. I need to keep saving the files every few minutes because software licenses are floating and once lost, I may lose data.
But another bigger problem is that we need to disable proxy to connect to VPN and work online. And the proxy always turns itself ON, every few minutes and if by chance you saved the file without turning the proxy OFF. Well then OFF goes all the work since you last saved. Because then CREO just stops responding.2
Ah the joy transitioning from the unrestricted apprentice network to the tightly restricted prod and dev network and environment. U can be sure thst the corporate proxy will give you a dropkick to ure face when trying anything that was released in the last 5 years...
Alright! I'm starting to like DietPI.
I liked Raspbian before, but setting up a headless system really was a PITA.
And with DietPI... it seems as if it was made for headless setups.
Finally, I'll have my proxy hub.5
Dev companies, please, stop trying to force proxies to your devs... you just make us waste more time figuring out how to avoid it rather than working as we really want.
Work proxy, meet dependency hell.
Can't even install pip modules, everything has to be done through source 😓
I have a docker instance with 2 running apps. Normally one of them is just a proxy to the other one, so a http req to app0 is redirected to app1 and the same with response.
This works perfectly on bare machine, i can just rewrite the ip in the config file and it works. Now my boss decided that yeah docker is absolutely needed for this software so i have to containerize it.
Thing is docker seems to break local ips? I cant use localhost/, nor assigned ip. Is there a way i can debug this, or what should i look up??? Im lost, this is devops afaik and im far from devops.2
That awkward moment when I spend two days configuring my proxy server and nothing works, I just try calling my server base url and that shit works O_O
That's a good start for a monday10
I am used as a complexity proxy by my team. I foresee many problems and they do not seem to listen to my advices. And guess who will be blamed if something doesn't work, haha, kill me :)1
I fucking hate the Nginx Ingress Controller for Kubernetes. Fucking piece of shit. You fucking can't do a fucking simple rewrite and proxy pass???? Fucccck!1
SSL issues when behind a proxy.. i think.
Troubleshooting and solving issues are difficult when you just follow a guide about something you need :i
You can now download arbitrary shit using WinDefend on Win10.
That's a good fucking idea that will never backfire ever in any way. It's not like it's a Microsoft-signed proxy or anything.
I am going to have a goddamn stroke.5
Using company's google cloud compute as proxy server for browsing 9gag.
I don't know if it's something to be proud or ashamed of.2
Just spent a week creating a distributed api architecture which I found out won't work due to a singular issue which can't be solved - not unless I hack stuff to a degree where I might as well write my own frameworks.
I've been aiming the user application's requests towards my wsgi, which based on a custom header will proxy it towards the correct api. Each customer base has their own api and dataset, but they all visit the same address.
I've handled CORS manually, just picking up when there's an options request, asserting the origin, then returning the correct headers. Cool everyone's happy. Turns out, socket.io includes session id and handshake info as part of their options preflight, which I can't pair with my api header (or cookie, for that matter) which means my wsgi doesn't know where to send it. You get a 400! You get a 400! You get a 401! </oprah>
So my option is to either roll my own sockets engine or just assign each api to a subdomain or give it some url prefix or something. Subdomains are probably pretty clean and tidy, but that doesn't change having to rewrite a bunch of stuff and the hours I spent staring at empty headers in options preflights.
At least this discussion saved me some time in trying to make it work. One of my bad habits is getting in those grooves of "but surely... what the hell, surely there's a way. There has to be"
So, I manage my server with docker containers (nginx-proxy and the letsencrypt-companion). I limit access to some subdomains using basic auth, but I want to use client certificates for convenience.
So my questions to the experts:
1) Do you know a good (and convenient) way to manage client certificates ? This should include revoking certs and allowing specific certs only for specific subdomains.
2) Should I use my letsencrypt CA for this or would a self signed CA better suited?
3) Any things I should be aware of?1
Scenario 1) Server -> proxy -> client
Scenario 2) Server -> proxy -> 2nd proxy -> client
Scenario 1 works on some web browsers
Scenario 2 always works3
Playing around with a POC I'm doing for work, and it works so well I got an IP ban from one of my favorite websites for a massive amount of requests they got from me
You're given a server with the latest Ubuntu. You can't install any deps, and you can't use docker. Your goal is to write a REST API backend that can store/retrieve data persistently, ideally with a SQL-like language. Bonus points if you can figure out a reverse-proxy.
What would you do?
I'm obsessed with an idea of having some kind of codebase that doesn't include binary files and that I can just ssh over to a fresh server, and it would work instantly18
i had a project in a networking class where the provided code was meant to act as a proxy (aka just passing bytes around), but because of the implementation, every byte had to be a valid unicode character
anyway lotta people were frustrated so we asked the course staff and their response was basically "we wanted to support python 2 and 3"
"-Hey, I don't have this method in the proxy
-But you just told me you have it in the console"
Happy debugging to me
Spent days to setup a newer-Android version with reverse-proxy-HTTPS certificate in its CA store + one that'd support Google Play and signing in (old school man-in-the-middle).
FINALLY got the API calls of this 1 app whose unofficial client I wanted to make coz their main sucks ass. Just to get stuck on the phone-number-based OTP that they use for their login (:
They send a unique token for each OTP request, I assumed they're using some hard-coded string based function, which they decrypt on their backend to verify.
Downloaded their APK and decompiled. Went through dozens of weird-ass-named classes (coz decompiled). For the 2nd time I thought I had it!
But no -.- they call Google's Firebase messaging for the phone-num OTP n that function simply called firebase, looked into that service n ofc it's very tightly coupled with the calling API's backend
It was fun while it lasted I guess~~~1
Vite is a black box that can break at any time, I am starting to hate black boxes. Mix that in with flakey pnpm and node (we should all use deno now).
Good luck if something doesn't work in vite.
Proxy hasn't been working correct for me last 2 days so I ditched it and turned off chrome web security5
I am the responsible for the atlassian Suite at work, as I maintain the systems, set them up, and stuff.
One day, our crowd (the authentication and authorization application) just went crazy. At like lunch time it could not connect to the AD anymore. No reasons. Throwing XSRF errors (cross site scripting), because http would connect to https. "won't do it, fuck you" it told me. Out of the blue. Noone changed anything. And yea, seriously. Noone did.
It just refused to connect (as connecting to AD is connecting yourself with you own api. And refusing yourself talking to yourself). It runs behind a proxy. Therefore http/https. Well, this worked for years. But out of sudden not anymore.
Yea. Fuck you.
It was reported some hours later, at like 3pm, as people could not login to the applications using crowd as authentication and authorization server.
Tried to debug the system, where nothing was did, to make it work. At best time to fail.
First workaround: if you are logged into one of the other applications of atlassian, just refresh the site, so your SSO token gets a refresh and you are signed on again.
Then I searched more and more. And more.
But nothing worked, nothing helped.
So I addressed an emergency maintenance, take down the whole Suite, restart crowd, to apply some changes to it's settings, not knowing what happening then, because all connections of SSO will then be released. Sent out the mail like 30 minutes beforehands.
While waiting for the window, I just typed my credentials... And redid, and redid, so to type and being bored.
Three minutes before the window...
It just worked again.
Well. Wtf. Serioudl
Just came back.
No Intrusion, no changes at all. Just came back, as nothing has happened.
Kind of best part of this story... A headhunter messaged me on my way home to offer me a job as an Atlassian Suite SysAdmin for a company, at kinda the double of my salary.
At first I was thinking to go there, and when someone then asked me sth about Atlassian just start to laugh and then leave still laughing...
But then I very nicely respond that I dont want to cry at work. And wished him best luck.
I am doing some bad upgrades now on our Suite. Very painful.
And I looked into the start scripts. Some Look like the untalented intern tells another one to write scripts. Seriously wtf.
Today I followed the guide to Update a confluence and change database to Postgres. Didnt work, Postgres error.
Try it again, jquery won't load. Next try, tomcat not starting anymore. Did same thing. Every fucking time.
Yea. Maintenance window to get a nice new export soon. Will only take an hour.
To switch database in confluence, you need to set it up very fresh. And then Import your export.
Export takes an hour at our system.
Importing maybe the same time. Hope it will work (hint: Nope).
Oh, can be nice also. Just tell the Bitbucket to migrate databases, there is a fucking setting for it. Enter new database, ready, go, finished.
At least they don't raise costs very much every kinda year.
Oh sorry, yes, they do.4
At my IT security job(yeah, it sucks sometimes. I want a dev job but that's another story).
Needed to help some end users use and install a toolbar and get it to download through a proxy so they can edit stupid government online forms, which only supports IE 11. Obviously it didn't work.
Wait a MOTHETFUCKING MINUTE.
It's 2017. What the fuck. Who the fuck uses fucking toolbars anymore.
How fucking retarded and out of touch with reality the government can be, when it forces its users to download a fucking toolbar(with admin priviliges!) and use fucking IE 11 just to access a basic feature of the website.
Another fucking proof that governments are cancer and we need Anarcho-capitalism ASAP.2
I was trying to setup a Confluence install on my root behind a Apache Proxy..
I tried all the Atlassian Configs, my own Configs, but nothing works for Tomcat. I redirects you to the infinities of universe. My Apache Configs are all correct.
If you access Confluence directly it also works.
Tomcat you Ass start playing nice with the proxy fucker!
I hate Tomcat now. Go die!1
any of you guys had problems with electron/puppeteer, especially trying to load pages using proxies
I'm using arch linux3
Unable to run internet on company provide Mac book ..fucking. stupid....Tried to remove proxy but not working..Even wifi getting connected and for a second it runs the internet.
How to get rid off this proxy shit6
I'm in need of advice. I reckon this is no stack overflow but that's probably for the best as I wouldn't feel as comfortable posting there as I am doing it here. So, back to the question: I'm currently working with legacy code, written in .NET 2.0. This code is responsible for calling upon PEC services in order to finally create personal smart cards. I was tasked with the job of creating a repository system that would allow the program to call on the old legacy services or the new ones without any distinction. We are talking about SOAP services in both cases. The issues is: the new service definition is comprised of soap policies. This wouldn't be a problem per se, with more modern version of the framework, but with .NET 2.0? Yes, it is. It doesn't support policies and signing the body with a certificate right out of the box. How can I manage this? I feel like the only way would be letting the proxy class do its thing up until the very last moment: intercept the SOAP request before its sent and modify it according to the specifications. But I reckon this is very bad practice. Is there any other way out of this?
Thanks for anyone that would like to help. 🙂6
In most businesses, self-proclaimed full-stack teams are usually more back-end leaning as historically the need to use JS more extensively has imposed itself on back-end-only teams (that used to handle some basic HTML/CSS/JS/bootstrap on the side). This is something I witnessed over the years in 4 projects.
Back-end developers looking for a good JS framework will inevitably land on the triad of Vue, React and Angular, elegant solutions for SPA's. These frameworks are way more permissive than traditional back-end MVC frameworks (Dotnet core, Symfony, Spring boot), meaning it is easy to get something that looks like it's working even when it is not "right" (=idiomatic, unit-testable, maintainable).
They then use components as if they were simple HTML elements injecting the initial state via attributes (props), skip event handling and immediately add state store libraries (Vuex, Redux). They aren't aware that updating a single prop in an object with 1000 keys passed as prop will be nefarious for rendering performance. They also read something about SSR and immediately add Next.js or Nuxt.js, a custom Node express.js proxy and npm install a ton of "ecosystem" modules like webpack loaders that will become abandonware in a year.
After 6 months you get: 3 basic forms with a few fields, regressions, 2MB of JS, missing basic a11y, unmaintainable translation files & business logic scattered across components, an "outdated" stack that logs 20 deprecation notices on npm install, a component library that is hard to unit-test, validate and update, completely vendor-& version locked in and hundreds of thousands of wasted dollars.
I empathize with the back-end devs: JS frameworks should not brand themselves as "simple" or "one-size-fits-all" solutions. They should not treat their audience as if it were fully aware and able to use concepts of composition, immutability, and custom "hooks" paired with the quirks of JS, and especially WHEN they are a good fit.
Amazon what the hell.
You provide a cool RDS proxy which can be used to manage connection pooling which is especially useful for concurrent Lambda invocations.
But if you have an Aurora cluster and a read-intensive workload it is basically useless because it only sends traffic to the writer instance.
WTF?! Literally the one use case we have is the one thing it doesn’t do. AAARRRGGHHHH2
Just wanted to do some scripted image resizing for school in school because the teacher asked me to help her with that.
So I thought: Let's just write a tiny script. Written the script in almost no time (just iterates over all jpg's and resizes them)
Now I tried to run it. Didn't have my laptop so I had to somehow run it on their windows PCs. At least it's windows 10, unlike other schools that still run XP and stuff so I thought it might be doable. Well guess what, nope it wasn't.
First tried to install imagemagick, that didn't work as only teacher accounts have admin and the teacher was already pretty scarred once he saw me doing stuff in powershell so I thought I'd better not ask to do this via a teacher account and mess with stuff as admin.
Next method: Installing msys2. That worked at least (after taking forever to install and having to mess with the av software to get it to run).
And there comes the next problem: pacman doesn't connect via the proxy so I can't download any packages. There is free wifi but only for teachers, and students aren't going to get access until the school finally has a faster connection because they'd (understandably) cause this connection to be constantly overloaded. I just happen to have access to this wifi network, too, because at least the guys from the IT dept know how bad using proxies under linux is. So I connect via wifi and it works. At least I thought: After running the script it yields weird errors about unsupported arguments even though the command is exactly the same I have been using for years (already checked typos twice)
Then got the idea of simply installing imagemagick on termux on android and transferring the files onto my phone.
Too bad we aren't allowed to attach our own USBs to the pcs. Luckily I got a rooted phone so I simply activate adb over network and connect to it.
After downloading the platform-tools I can't run them because of AV software. Luckily there is an option to add an exception per executable so I do that. After doing that it works.... nope it doesn't. The wifi only allows 443/tcp and 80/tcp, even for internal network devices.
So that's it. I'm simply going to upload that stuff to my nextcloud and convert it at home.
Windows, I hate you!!!2
Fuckin damn it Google! I setup a transparent proxy and for some fucking reason Google home doesn't like that at all. I think I have a fix but it's a real fucking pain in the ass. I call your support people who I specifically tell that I'm running a fucking proxy and they tell me that I need to talk to their Google WiFi team. It has nothing Todo with my fucking wifi bitch. Its your price of shit price of crap hardware that doesn't like fucking proxies.
I'll update everyone what the fix is when I find it.
Btw, this is a HTTPS transparent proxy and HTTP transparent proxy running on my pFSense firewall box.5
Somebody: (whinwy) we need something to log into nonprivileged technical accounts without our rootssh proxy. We want this pammodule pam_X.so
me: this stuff is old (-2013) and i can't find any source for it. How about using SSSD with libsss_sudo? Its an modern solution which would allow this with an advantage of using the existing infrastructure.
somebody: NO I WANT THIS MODULE.
me: ok i have it packaged under this name. Could you please test it by manipulating the pam config?
Somebody: WHAT WHY DO I NEED TO MANIPULATE THE PAMCONFIG?
me: because another package on our servers already manipulates the config and i don't want to create trouble by manipulate it.
Somebody: why are we discussing this. I said clearly what we need and we need it NOW.
we have an package that changes the pam config to our needs, we are starting to roll out the config via ansible, but we still use configuration packages on many servers
For authentication as root we use cyberark for logging the ssh sessions.
The older solution allowed additionally the login into non-rootaccounts, but it is shut down in the next few weeks after over half an year of both systems active and over half an year with the information that the login into non-privileged accounts will be no more.7
When you need proxy,
Connecting to Amazon S3
AmazonS3 s3 = new AmazonS3Client(Credentials, config);
We need to move out amazon and start using google cloud storage.
Can't seem to find API Documentation for it.
Saw that they are using HttpURLConnection.
Fvck! They are not even reading proxy information set via System Environment Variables!
Help! Stuck on it for 3 days already.
So I'm interested in building a Raspberry Pi stack at home to continue securing and adding my smart home capabilities, 👍
Have ideas for 2/3 but what else could I look to add?
1. Pi. Hole with cloudflared argo proxy for all DNS
2. Home Automation server
3. IPS / IDS like Bro or snort? Or firewall like pfsense?
4. Log server with Splunk agent from other pi's and router....
5. What else?
Ideas in the comments
lets try again.
What the fuck is with apache. Why I cannot start the page. it should be 5 minutes work.
but it give some shitty error where it is not clear what is wrong
This site can’t be reached timetracker.local’s server IP address could not be found.
Checking the connection
Checking the proxy, firewall, and DNS configuration
Running Windows Network Diagnostics
how long apache is being developed? 10 years ? more? and cannot make normal error messages so you would know how to fix the problem . fuck that. I hate it so much. wasting my time. bastards.14
At my boarding school the admins are too bad : all the 5 min the internet go out for 30s because of overload (when too many computers are downloading) and now when we must work the internet go out so we can't work....
Windows says that the proxy is not responding so it's again a big overload and the internet came back the next day thank of reboot ...
This system is soooo shity.....
And my school want to have a good image of technology....... WOW !
How do you use youtube in china? Asking for a muggle friend in a foreign exchange program. I sent a link to proxysite.com but the lack of response makes me wonder if that was a bad idea without further precaution. I've never configured a VPN before and Tor is a very bad idea here.4
Are there any real trusted and with an anonymity level of Elite, proxies out there or do I have to make my own?3
Like many of you, I'm currently working from home. This is great, and I hope I can stay remote when this is all said and done. That said, there are a few things I don't like. First and foremost, I need to connect to the VPN in order to do a large number of my tasks. This sucks for multiple reasons, the current worst being that I can't use Fiddler while connected to the VPN. This really handcuffs me in certain situations. Anyone currently using a proxy that works while on VPN? I tried a couple of others, including Burp Suite. But they didn't install on my MacBook. Apple didn't like not being able to peer into the depths of their soul, or some such nonsense2
Having problems with some users ipv6 addresses in my server. For testing purposes I would like to find a free or very cheap vpn so I could obtain a ipv6 ip address proxy/vpn (if its even possible) for testing purposes. Can you recommend something?13
Did any of you tried to configure iRedMail with an https only domain that also maps in nginx as a reverse proxy?
(Ps: FFS why the developers of iRedMail develop with nginx in mind but there isn't any .conf about iRedMail?)17
The laptop it was running as a server just stopped turning on
Meaning my reverse proxy. Some test environments and various other services I haven't moved to my actual server yet are all stopped. : /
Fuck this im going to bed. I'll deal with it tomorrow
Hours and hours and coffee and tears went into my last debugging session. I couldn't for the life of me figure why unity interception wasn't creating the proxy objects. I was this close *Grabs an atom* of rolling back everything unity related, when suddenly, out of nowhere, a fuc**ng INTERNAL in the afromentioned class caught my eye...
Anyway, lets keep on coding :D :D
RDS Proxy is quickly becoming my least favourite AWS offering.
I ranted about it a while back because I had to abandon it for a project because it doesn’t support clusters very well (it only proxys to the primary node).
Well I tried to use it again for a different project with only a single RW instance. Surely it will be ideal?
Nope. It doesn’t support Postgres 13. Only goes up to 12.
What the hell Amazon?
pgbouncer it is I guess.
I working hotfix in prod, small fix but fatal it's about environtment and proxy thing, and I forgot to write in the decumentation, 3 month after that I leave the company.
After some week the PM contact me and tell the developer create some error and make the production down, and the whole team is not going home for 3 days working on that issue.
He offer me some money for helping with the issue, I aggred and they give me some account for access the environtment and code.
I can fix it in less than 15 minutes, but because they cannot fix it I working it for 6 hour, and after that I explain the step for solving it, they seems really glad that I can solve the issue and now the prod is working again..
Now In my opinion, I know I was not a good person, and what i've done is maybe not acceptable.
But for me as a developer, as long I have the credential and access I can read(guessed) how the flow goes and know the environtment that my company use without they explain it or some googling definitly will help right.?
So, what you say about it, What will you do if you got into my situation.?10
So it turns out the site my app scrapes for those NSFW pictures actually scrapes another site.
Now it just seems to mirror that site like a proxy though doesn't work well... pictures not loading, links not working.
But then at the bottom there's like a Copyright tag which shows the other site's name.
I wonder if perhaps he got tired of playing cat and mouse with me and just said ah screw it... I give up, here's the source, go scrape them.13
This had just happened, I was trying to increase the default timeout of an nginx running in a container for a proxy pass and always got a 504-gateway timeout response. I was setting proxy_connect_timeout, proxy_send_timeout, proxy_read_timeout, send_timeout, keepalive_timeout, etc. and nothing worked, after two hours of adding and removing lines of configuration (and waiting 1 minute for every time I tried a request), then I realized I have a local nginx for redirect server names to local ports (the container), that nginx was the one that actually responds with the 504 error, after that I tried a request with the port of the container ALL WORKED!!!!
I work in a team that's predominately ASP.NET MVC when it comes to web development. We're merging with another government agency 's development and they're using Node.js.
So I figure that I should make an effort and learn Node.js as I've only had minimal exposure to it.
After five minutes discover that corporate proxy prevents access to npm. Oh well, never mind!4
So recently I've been feeling like I fooled myself into thinking I'm any good at anything regarding development.
Today I tried to deploy a Console Application that would run nightly. The production systems are much more guarded, as it should be, but I should still be able to schedule a windows task (yeah yeah, windows servers, not the time Linux fanboys and not my choice :P) no problem.
Except I didn't expect that network users can't run jobs, because of a Group Policy about saving passwords on network accounts.
I expected a local administrator account to be available, and it wasn't.
Also a web API isn't available, even though I could telnet to the address on port 443 (HTTPS). A proxy apparently accepts all HTTP/HTTPS traffic and so on.
All this I feel like I should have known....
So am I in my own head, or am I right in thinking maybe I'm not "pro" development yet? Maybe I don't deserve to be "pro".
I made a little automated Docker reverse proxy called Autocaddy to simplify developing unrelated little trinkets under subdomains of a domain name:
It dispatches subdomains to the (container with the) matching network alias and terminates TLS.
it's a little rough around the edges but to my understanding it shouldn't be an inherent risk (unless you're running things that interfere with name resolution like VPN on the container host, but why would you do that if it's already a container host).4
Guys, can you recommend a free cloud server that can be used as proxy server?
I wanna keep my api keys safe.6
Forced to work with ASP.NET for a project. Not minding it though, even found it nice, kinda excited about .NET Core now.
HOWEVER, spent over 3 hours figuring out why can't I make a virtual property (Entity Framework actually provides proxy classes to be able to override behaviors of navigational properties, but I digress).
Says I don't have a type named 'virtual'. 3 hours in, no changes (git confirms), and IT SUDDENLY WORKS.
Fuck Visual Studio.2
The largely dominant meritocratic paradigm of highly competitive Western cultures is rooted on the belief that success is due mainly, if not exclusively, to personal qualities such as talent, intelligence, skills, efforts or risk taking. Sometimes, we are willing to admit that a certain degree of luck could also play a role in achieving significant material success. But, as a matter of fact, it is rather common to underestimate the importance of external forces in individual successful stories. It is very well known that intelligence or talent exhibit a Gaussian distribution among the population, whereas the distribution of wealth - considered a proxy of success - follows typically a power law (Pareto law). Such a discrepancy between a Normal distribution of inputs, with a typical scale, and the scale invariant distribution of outputs, suggests that some hidden ingredient is at work behind the scenes. In this paper, with the help of a very simple agent-based model, we suggest that such an ingredient is just randomness.4
A module for molecules, which take an OPEN API definition and creates a restful API and graph definitions.
So all the proxy database stuff on a rest API can be done easily inside a microservices architecture.3
Is there a cloud service that does nothing but redirect incoming HTTP requests to your home server without the need to have a static IP or an open TCP port ? Sort of like proxy2
I need to implement a Java HTTP proxy with a login that basically sits in front of free Kibana.
Any ideas how to build it or existing libs, code I can use?7
Out input web services are called webservice_out (and vice versa) so that the calling code can build a proxy client and call webservice_out.method(xyz).
And we can't change it now. Idiots.
Sometimes being a developer really sucks. I adopted a heavily customized OXID shop which introduced an ingame currency beside the fiat currency.
It was done by introducing $iPriceChannel and replacing the $dPrice float value with a multidimensional array across all components, controllers and models.
Wait ... not 100% of the code has been "adapted" yet but it's sufficient to get it working at the first glance.
The reality is: The shop has many subtle bugs and piles up huge (error) log files.
Every time when a bug was found,
and every time the shop maintainer is unlocking an OXID feature which hasn't been used yet, I have to fix it.
It's even extra hard to fix issues sometimes because the shop is embed in a game by utilizing a content-aware reverse proxy. My possibilities to navigate through the shop directly is limited because some of the AJAX/CSS/HTML elements doesn't work without loading this game.1
Hey people any way to setup adblock as a proxy server ? I just want to set it up independent of the browser. Proxy is just one idea.5
Fuck these IT corporate proxies
Nothing just *works* and you have to fiddle with shit all the time and waste hours and days
The worst thing is the team I work on and their code isn't on the corporate server so if I'm on their damn proxy I can't access my work, if I'm not I can't access company stuff that I need
So I finally got something to allow me to pipe my network over ssh when I need it.
alias mcserversshproxy='ssh -p <port> -N -D localhost:9999 <user@server>'
I can now use the internal webpage in my network by configuring a profile in firefox as a proxy. Kind of slick!
This tutorial, despite its flaws, helped me work this out:
If someone tries using "multipart/form-data" as only content type for their PUBLIC API ENDPOINTS again I am going to find them and choke them to death.
And if your documentation says you are using something else (application/x-www-form-urlencoded) I am doing it twice.
JSON apis should be standard.
EDIT: I had to fire up BurpSuite proxy, after almost an hour I accidentally switched the body type - voilà1
I NEED HELP with Kafka
I'm working a thesis. I developed 4 different microservices (REST APIs). I would like to use Kafka to support large number of users. I may also place the microservices behind a HAPI Proxy. How can I use Kafka to stream requests and respond accordingly. I'm using Node.js. I think I haven't grasped Kafka. My Prof, suggested I try it to act as a broker but I'm blank right now. How do I tell Kafka I want it do a POST or GET etc?2
Hey, I'm looking for a tool to emulate multiple, maybe around 100 browser clients at the same time, having open the same page at the same time. Every single instance would need a separate IP (VPN/proxy). It should also be sort of ressource friendly(not 100chrome windows/tabs)
Anyone got suggestions on a tool I could use? thanks6
Anyone know how to use a proxy for a web crawler written in native Java for Android. I have a bug in an app in production that only surfaced after being used for a couple of days and I urgently need to fix it.
Fuck the sockets.
Fuck the secure sockets.
Fuck that CSP rule in our proxy conf.
Fuck the self script hashed.
After fix everything....
Fuck THEIR proxy that didn't allow wss.
Ok so, i wanted to make python script that creates 100 accounts on some website via proxy(1acc on 1 proxy). Proxy part should be easy, but how do i solve captcha of trees and street signs? I saw there is some python module captcha-solver but havent tried it. What do you think, can this work?14
New ad self-service portal too hard to integrate ssl and can't have users send their passwords in plaintext.
Setup apache proxy with ssl in same vpc to encrypt traffic to and from vpc.
All good as long as nobody is in my vpc sniffing traffic...
I've got a somewhat special issue with my setup.
I am running an instance of `lucaslorentz/ caddy-docker-proxy` as proxy that handles certificates and request and proxies them to docker containers that run `abiosoft/caddy:php` to host Laravel based applications. The problem is, that the `abiosoft/caddy` containers do not know it's assigned hostname and thus Laravel's `asset`, `secure_asset` and `url` respectively `secure_url` don't work as they use the internal hostname which would be an IP address and thus requests go to 192.168.240.x instead of example.com.
I am not yet entirely sure where I should tackle this problem and am grateful for every hint.
I am currently also evaluating traefik instead of Caddy-docker-Proxy and Caddys v2 official container instead of abiosoft's Caddy v1 container but I guess, that this wouldn't solve the issue as the container still wouldn't know that it's given Domainname is example.com4
Wrote a small function to transfer files to and from servers to local machine when using a proxy server.
This is meant to be copied in the .bash_profile
Is web server like apache or nginx required if there’s no static resource and no need to reverse proxy?9
It baffles me, that most HTTP apps still can't run on multiple domains at a time.
Is it actually that difficult to have a request header, which is set by the reverse proxy, containing the prefix url?!4
I deployed a website and hosted it today. Also used a SSL certificate but now when I'm opening it on another device with its own data connection, it is not loading and showing error "This site can’t provide a secure connection".
But if my device is connected to wifi, the website is functioning normally. Can anybody help me out? My website - https://covid-india.live/4
so I got the reverse proxy all set up on my server, forwarding all the right headers to enable SSL behind reverse proxy. awesome! my only problem remaining is, since nginx only handles HTTP/S traffic, I can't connect to my gitlab instance via ssh. anyone know how I can proxy this traffic as well to enable ssh connection for git?2
Disclaimer: I love open source and I adore the owasp for what they do.
BUT owasp zap has to be the most overly complicated, badly documented tool in existence. As long as one stays within its most basic functions everything is fine, setting it up as a proxy and even issuing a root cert for our test devices worked wonderfully simple.
Then I made the mistake to try to actually do anything with the data we pulled and had to dive into the scripting console.
The documentation basically consists only of "This thing exists", it provides a msg object with no information what it contains or how it's structured, has no code completion and, here comes the kicker, if the script is run and has an error it gets flagged and can't be reenabled after the error is fixed. So I'm currently at forwarder48.groovy trying to simply store the request on a database for possible diagnostics.
So right now I already know that I'll spend most of my vacation next week trying to decipher the source, document it, fix that damn "flagged as error" bullshit and jump through a billion hoops trying to get a pull request through.2
Using boot2docker behind a corporate proxy that fucks with your SSL certs will drive anyone insane!! 👹
If someone can shed some light on this behavior, would be appreciated:
I am running a couple of docker containers with lighttpd on my server (lighttpd is also installed on the host server for reverse proxy). Now whenever I kill lighttpd on my host server it also kills ALL the running lighttpd instances in my docker containers. Isn't docker supposed to be, idk, CONTAINERIZED?2