Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "server 2019"
Merry Christmas to everyone who celebrates, happy holidays to everyone, and happy almost-new-year!
Tim and I wanted to reflect on the year devRant has had, and looking back, there are a lot of awesome things that happened in 2018 that we are very thankful for. Here are just a few of the ones that we thought of (this list is not exhaustive and I'm definitley forgetting stuff, so please comment about those!):
- After nearly a year in the making, the completely overhauled devRant web version was launched (https://devrant.com/rants/1255714/...)
- @linuxxx became the first devRant user to hit 100,000++! (https://devrant.com/rants/1157415/...)
- We once again pulled off the greatest April fools joke everrrr (https://devrant.com/rants/1311206/...)
- @trogus started making awesome devComics and http://devcomics.com was launched
- We added a feature to allow rant filtering by post type (https://devrant.com/rants/1354275/...)
- We made it so avatars could have expressions! (https://devrant.com/rants/1563683/...)
- We had a booth at TechDay New York and got to meet some devRant users! (https://devrant.com/rants/1394067/...)
- We made major backend architectural improvements - including spinning up a special high-powered-CPU web server to handle avatar creation and make the creation process much faster (https://devrant.com/rants/1370938/...)
- App stability: mainly Android - we fixed crashes, did a push-notif overhaul, and tried to continue making the apps better and more stable
- A record amount of devRant meetups were held, and we couldn't be more proud about that, and we thank every person who organized one! (just a few: https://devrant.com/rants/1588218/... https://devrant.com/rants/1884724/... https://devrant.com/rants/1683365/... https://devrant.com/rants/1922950/...)
We had a busy year, and despite some things going on for us personally and some setbacks around those, we think this was a very productve year for devRant and that we are going in the right direction. We're continuing to constantly evaluate feedback from members of the community to decide where to take the app next. We're fully committed to improving the devRant community in 2019 and we have a lot of ideas about how we can do that. We're working on some things, but we're not really announcing them yet, so please sit tight for those :) In the meantime, feel free to let us know what you'd like to see improved/added the most as we always like to get updated feedback from the community.
As always, thank you everyone, and thanks for your amazing contributions to the devRant community!
Looking forward to 2019,
- David and Tim30
Developer: Can you upgrade my machine to Windows 10? I need it for SQL server 2019.
IT Guy: Sure.
Some time later...
IT Guy: Good news, Windows 10 is loaded. Bad news, I need to update TPM to enable Bitlocker but the firewall is blocking me from downloading the update. I will need to download it from home tonight.
Developer: But you're the IT administrator...
IT Guy: Yes...
"Git is useless, connect to the server and edit the pages" - My boss, 2019
And beleive it or not, he's also a teacher. What a great and wise man, we should build a statue for him!8
Made this project "Come Fix Me" in a 24hr hackathon. Won the most innovative solution.
An android application for citizens(users) which allows them to register issues on potholes in their area.
Web for report management
User clicks a photo of the pothole and registers a new issue.
The photo gets uploaded on the firebase database along with other information like GPS co-ordinates.
The image is downloaded in the server and served in the pothole detection script.
If pothole is detected an estimated area is calculated, if no pothole is detected user's issue gets rejected.
After successful detection details are uploaded on the web for administrator, these issue are forwarded to govt. officials.
Once the officials claim that they have fixed the pothole, the user gets a notification and they can close their issue if pothole is fixed
Just another big rant story full of WTFs and completely true.
The company I work for atm is like the landlord for a big german city. We build houses and flats and rent them to normal people, just that we want to be very cheap and most nearly all our tenants are jobless.
So the company hired a lot of software-dev-companies to manage everything.
The company I want to talk about is "ABI...", a 40-man big software company. ABI sold us different software, e.g. a datawarehouse for our ERP System they "invented" for 300K or the software we talk about today: a document management system. It has workflows, a 100 year-save archive system, a history feature etc.
The software itself, called ELO (you can google it if you want) is a component based software in which every company that is a "partner" can develop things into, like ABI did for our company.
Since 2013 we pay ABI 150€ / hour (most of the time it feels like 300€ / hour, because if you want something done from a dev from ABI you first have to talk to the project manager of him and of course pay him too). They did thousand of hours in all that years for my company.
In 2017 they started to talk about a module in ELO called Invoice-Module. With that you can manage all your paper invoices digital, like scan that piece of paper, then OCR it, then fill formular data, add data and at the end you can send it to the ERP system automatically and we can pay the invoice automatically. "Digitization" is the key word.
After 1.5 years of project planning and a 3 month test phase, we talked to them and decided to go live at 01.01.2019. We are talking about already ~ 200 hours planning and work just from ABI for this (do the math. No. Please dont...).
I joined my actual company in October 2018 and I should "just overview" the project a bit, I mean, hey, they planned it since 1.5 years - how bad can it be, right?
In the first week of 2019 we found 25 bugs and users reporting around 50 feature requests, around 30 of them of such high need that they can't do their daily work with the invoices like they did before without ELO.
In the first three weeks of 2019 we where around 70 bugs deep, 20 of them fixed, with nearly 70 feature requests, 5 done. Around 10 bugs where so high, that the complete system would not work any more if they dont get fixed.
- Delete a Invoice (right click -> delete, no super deep hiding menu), and the server crashed until someone restarts it.
- missing dropdown of tax rate, everything was 19% (in germany 99,9% of all invoices are 19%, 7% or 0%).
But the biggest thing was, that the complete webservice send to ERP wasn't even finished in the code.
So that means we had around 600 invoices to pay with nearly 300.000€ of cash in the first 3 weeks and we couldn't even pay 1 cent - as a urban company!
Shortly after receiving and starting to discussing this high prio request with ABI the project manager of my assigned dev told me he will be gone the next day. He is getting married. And honeymoon. 1 Week. So: Wish him luck, when will his replacement here?
There was no replacement. They just had 1 developer. As a 40-people-software-house they had exactly one developer which knows ELO, which they sold to A LOT of companies.
He came back, 1 week gone, we asked for a meeting, they told us "oh, he is now in other ELO projects planned, we can offer you time from him in 4 weeks earliest".
To cut a long story short (it's to late for that, right?) we fought around 3 month with ABI to even rescue this project in any thinkable way. The solution mid February was, that I (software dev) would visit crash courses in ELO to be the second developer ABI didnt had, even without working for ABI....
Now its may and we decided to cut strings with ABI in ELO and switch to a new company who knows ELO. There where around 10 meetings on CEO-level to make this a "good" cut and not a bad cut, because we can't afford to scare them (think about the 300K tool they sold us...).
01.06.2019 we should start with the new company. 2 days before I found out, by accident, that there was a password on the project file on the server for one of the ELO services. I called my boss and my CEO. No one knows anything about it. I found out, that ABI sneaked into this folder, while working on another thing a week ago, and set this password to lock us out. OF OUR OWN FCKING FILE.
Without this password we are not able to fix any bug, develop any feature or even change an image within ELO, regardless, that we paid thausend of hours for that.
When we asked ABI about this, his CEO told us, it is "their property" and they will not remove it.
When I asked my CEO about it, they told me to do nothing, we can't scare them, we need them for the 300K tool.
Just the project file with a password still there today6
I've kinda ghosted DevRant so here's an update:
VueJS is pretty good and I'm happy using it, but it seems I need to start with React soon to gain more business partnerships :( I'm down to learn React, but I'd rather jump into Typescript or stick with Vue.
Webpack is cool and I like it more than my previous Gulp implementation.
Docker has become much more usable in the last 2 years, but it's still garbage on Windows/Mac when running an application that runs on Symfony...without docker-sync. File interactions are just too slow for some of my enterprise apps. docker-sync was a life-saver.
I wish I had swapped ALL links to XHR requests long ago. This pseudo-SPA architecture that I've got now (still server-side rendered) is pretty good. It allows my server to do what servers do best, while eliminating the overhead of reloading CSS/JS on every request. I wrote an ES6 component for this: https://github.com/HTMLGuyLLC/... - Frankly, I could give a shit if you think it's dumb or hate it or think I'm dumb, but I'd love to hear any ideas for improving it (it's open source for a reason). I've been told my script is super helpful for people who have Shopify sites and can't change the backend. I use it to modernize older apps.
ContentBuilder.js has improved a ton in the last year and they're having a sale that ends today if you have a need for something like that, take a look: https://innovastudio.com/content-bu...
I bought and returned a 2019 Macbook pro with i9. I'll stick with my 2015 until we see what's in store for 2020. Apple has really stopped making great products ever since Jobs died, and I can't imagine that he was THAT important to the company. Any idiot on the street can you tell you several ways they could improve the latest models...for instance, how about feedback when you click buttons in the touchbar? How about a skinnier trackpad so your wrists aren't constantly on it? How about always-available audio and brightness buttons? How about better ports...How about a bezel-less screen? How about better arrow keys so you can easily click the up arrow without hitting shift all the time? How about a keyboard that doesn't suck? I did love touch ID though, and the laptop was much lighter.
The Logitech MX Master 3 mouse was just released. I love my 2s, so I just ordered it. We'll see how it is!
PHPStorm still hasn't fixed a couple things that are bothering me with the terminal: can't reorder tabs with drag and drop, tabs are saved but don't reconnect to the server so the title is wrong if you reopen a project and forget that the terminal tabs are from your last session and no longer connected. I've accidentally tried to run scripts locally that were meant for the server more than once...
I just found out this exists: https://caniuse.email/
I'm going to be looking into Kubernetes soon. I keep seeing the name (docker for mac, digitalocean) so I'm curious.
AWS S3 Glacier is still a bitch to work with in 2019...wtf? Having to setup a Python script with a bunch of dependencies in order to remove all items in a vault before you can delete it is dumb. It's like they said "how can we make it difficult for people to remove shit so we can keep charging them forever?". I finally removed almost 2TB of data, but my computer had to run that script for a day....so dumb...8
The argument of "vim/zsh/whatever is not good because it requires configuration, and you don't usually have that on a new server" is a weak argument and it can suck my fucking nuts.
If some people are weak and lazy and forget how to use plain bash because they added a single alias, that's their problem.
That's like saying that getting used to a car is a bad thing because you can forget how to ride a bike.
Even if I did have the brain of a fish and forgot to use a bike because of using a car, I'll still be using a car 95% of the fucking time, so I'll take it.
If you do customize your setup, you can write an install script, dockerize, or just fucking something, it's 2019, you can do whatever the fuck you want.
Get a fucking couple of neurons.5
Has been a long time since I'm appreciating working with GRPC.
Amazingly fast and full-featured protocol! No complaints at all.
Although I felt something was missing...
Back in the days of HTTP, we were all given very simple tools for making requests to verify behaviours and data of any of our HTTP endpoints, tools like curl, postman, wget and so on...
This toolset gives us definitely a nice and quick way to explore our HTTP services, debug them when necessary and be efficient.
This is probably what I miss the most from HTTP.
When you want to debug a remote endpoint with GRPC, you need to actually write a client by hand (in any of the supported language) then run it.
There are alternatives in the open source world, but those wants you to either configure the server to support Reflection or add a proxy in front of your services to be able to query them in a simpler way.
This is not how things work in 2018 almost 2019.
We want simple, quick and efficient tools that make our life easier and having problems more under control.
I'm a developer my self and I feel this on my skin every day. I don't want to change my server or add an infrastructure component for the simple reason of being able to query it in a simpler way!
However, This exact problem has been solved many times from HTTP or other protocols, so we should do something about our beloved GRPC.
Fine! I've told to my self. Let's fix this.
A few weeks later...
I'm glad to announce the first Release of BloomRPC - The first GRPC Client GUI that is nice and simple,
It allows to query and explore your GRPC services with just a couple of clicks without any additional modification to what you have running right now! Just install the client and start making requests.
It has been built with the Electron technology so its a desktop app and it supports the 3 major platforms, Mac, Linux, Windows.
Check out the repository on GitHub: https://github.com/uw-labs/bloomrpc
This is the first step towards the goal of having a simple and efficient way of querying GRPC services!
Keep in mind that It is in its first release, so improvements will follow along with future releases.
Your feedback and contributions are very welcome.
If you have the same frustration with GRPC I hope BloomRPC will make you a bit happier!2
In 2013: *opens cmd* "look at me I'm a hacker, I can hack your Facebook"
Now in 2019 : *copying some python examples* "I'm a hacker now, I made a bot for hacking your discord server"1
I fucking hate Microsoft. I fucking HATE it.
I'm supposed to be setting up a Hyper-V VDI environment on a Windows Server 2019 instance. I got all RDS roles installed, but can't see any fucking templates to make a collection out of.
I don't think that the RDVH role got installed correctly because it can't communicate properly with the RDCB, but both roles are installed on the SAME SERVER. I get stupid and unhelpful errors like "Error: 0: ScenarioBasedDeployment: Job Finished for Cmdlet" and when I tried to create a Quick Start Deployment: "QuickVMCollection: Provisioning job failed. Reason: ". Yeah, I typed that correctly. No reason listed.
I reach out on Technet, and I'm told that I need to contact Microsoft Support directly because my problem is beyond the scope of the forum.
I try contacting Microsoft Support, and they want to charge $499 for a one-time helping fee.
My company does not want to spend any money, and we do not already have support services.
I'm supposed to have VDI set up and working by Friday.
MySpace has lost its entire music catalogue pre-2016, an estimated 50 million songs in a failed server migration: https://theregister.co.uk/2019/03/...8
Discovered this dumb backdoor into http://tutorialspoint.com/codinggro... months ago (June 2019). It's in Project>Compilation Options
It lets you execute any command on their server. I found a lot out:
The system is Red Hat based (Fedora/CentOS/RHEL)
It uses Linux kernel 3.20
It has 251GB of RAM
It has an 800GB HDD
Its IP is 172.17.0.2
Its main username is cg
It uses systemd init9
Finally closed an Epic that was started on April of 2019 to migrated everyone off the old Jenkins server. Finally completed, nearly a year later and under a different project manager and director.3
Its christmass and im writing code for Advent of Code 2019 and Playing elite dangerous.
Yes thats the way i like it.
(Yes we already gave gifts to each other so no worries).
And well since this is Haxk20 it woudlnt be me without compiling something.
Last year it was kernel. Now its full android ROM on server. YAY.
just found out a vulnerability in the website of the 3rd best high school in my country.
TL;DR: they had burried in some folders a c99 shell.
i am a begginer html/sql/php guy and really was looking into learning a bit here and there about them because i really like problem solving and found out ctfs mainly focus on this part of programming. i am a c++ programmer which does school contest like programming problems and i really enjoy them.
now back on topic.
with this urge to learn more web programming i said to myself what other method to learn better than real life sites! so i did just that. i first checked my school site. right click. inspect element. it seemed the site was made with wordpress. after looking more into the html code for the site i concluded all the images and files i could see on the site were from a folder on the server named 'wp-content/uploads'. i checked the folder. and here it got interesting. i did a get request on the site. saw the details. then i checked the site. bingo! there are 3 folders named '2017', '2018', '2019'. i said to myself: 'i am god.'
i could literally see all the announcements they have made from 2017-2019. and they were organised by month!!! my curiosity to see everything got me to the final destination.
with this adrenaline i thought about another site. in my city i have the 3rd most acclaimed high school in the country. what about checking their security?
so i typed the web address. looked around. again, right click, inspect element and looked around the source code. this time i was more lucky. this site is handmade!!! i was soooo happy because with my school's site i was restricted with what they have made with wordpress and i don't have much experience with it.
amd so i began looking what request the site made for the logos and other links. it seemed all the other links on the site were with this format: www.site.com/index.php?home. and i was very confused and still am. is this referencing some part of the site in the index.php file? is the whole site written inside the index.php file and with the question mark you just get to a part of the site? i don't really get it.
so nothing interesting inside the networking tab, just some stylesheets for the site's design i guess. i switched to the debugger tab and holy moly!! yes, it had that tree structure. very familiar. just like a project inside codeblocks or something familiar with it. and then it clicked me. there was the index.php file! and there was another folder from which i've seen nothing from the network tab. i finally got a lead!! i returned in the network tab, did a request to see the spgm folder and boooom a site appeared and i saw some files and folders from 2016. there was a spgm.js file and a spgm.php file. there was a contrib, flavors, gal and lang folders. then it once again clicked me! the lang folder was las updated this year in february. so i checked the folder and there were some files named lang with the extension named after their language and these files were last updated in 2016 so i left them alone. but there was this little snitch, this little 650K file named after the name of the school's site with the extension '.php' aaaaand it was last modified this year!!!! i was so excited! i thought i found a secret and different design of the site or something completely else! i clicked it and at first i was scared there was this black/red theme going on my screen and something was a little odd. there were no school announcements or event, nononoooo. this was still a tree structured view. at the top of the site it's written '!c99Shell v. 1.0...'
this was a big nono. i saw i could acces all kinds of folders. then i switched to the normal school website and tried to access a folder i have seen named userfiles and got a 403 forbidden error. wopsie. i then switched to the c99 shell website and tried to access the userfiles folder and my boy showed all of its contents. it was nakeeed naked. like very naked. and in the userfiles folder there were all, but i mean ALL files and folders they have on the server. there were a file with the salary of each job available in the school. some announcements. there was a list with all the students which failed classes. there were folders for contests they held. it was an absolute mess and i couldn't believe it.
i stopped and looked at the monitor. what have i done? just to learn some web programming i just leaked the server of the 3rd most famous high school in my country. image a black hat which would have seriously caused more damage. currently i am writing an email to the school to updrage their security because it is reaaaaly bad.
and the journy didn't end here. i 'hacked' the site 2 days ago and just now i thought about writing an email to the school. after i found i could access the WHOLE server i searched for the real attacker so if you want to knkw how this one went let me know in the comments.
sorry for the long post, but couldn't held it anymore12
We are moving from Oracle 10g to SQL Server 2019 because Oracle doesn't want to provide support to our legacy 10g database.
It doesn't much sense well anyways god bless us during data migration.
Oh one last thing, fuck business analyst team.4
Major project, multi million budget, huge business and IT coordination, board level status updates, meeting started back in March 2018 for a Go Live of Aug 2019.
Based on draft requirements (and experience) I request the test environment be built for half of the work. Turns out that no one told Server Eng and they are out of space in both dev and prod until Q2 of 2019. We went from Green to Red because a Service Request.5
Y'all might wanna update your Win7, Win8 amd Win Server 2008.
RDP RCE with a CVSS pf 9.8.
Quick Plesk config question...
Been getting open_basedir() notices in the WordPress logs, and frankly it's flooding the log right now. Sample below:
[24-Feb-2019 07:05:19 UTC] PHP Warning: file_exists(): open_basedir restriction in effect. File(/var/www/vhosts/webspacedomain.com/SiteInstallDirectory/wp-content/db.php) is not within the allowed path(s): (/var/www/vhosts/webspacedomain.com/:/tmp/) in /var/www/vhosts/webspacedomain.com/SiteInstallDirectory/wp-includes/load.php on line 397
Checking the settings for open_basedir in the domain's PHP settings, it's currently set to the following default value:
By my read, that **should** be granting permission to the directory. I just checked it against the setting on the dev server (which doesn't report this error), and it's configured in the same manner. Only difference between Dev environment and this one is that the one in Dev is in vhosts/webspacedomain.net/DEV instead of just vhosts/webspacedomain.net
Is there something I'm missing here?4
So as a personal project for work I decided to start data logging facility variables, it's something that we might need to pickup at some point in the future so decided to take the initiative since I'm the new guy.
I setup some basic current loop sensors are things like gas line pressures for bulk nitrogen and compressed air but decided to go with a more advanced system for logging the temperature and humidity in the labs. These sensors come with 'software' it's a web site you host internally. Cool so I just need to build a simple web server to run these PoE sensors. No big deal right, it's just an IIS service. Months after ordering Server 2019 though SSC I get 4 activation codes 2 MAK and 2 KMS. I won the lottery now i just have to download the server 2019 retail ISO and... Won't take the keys. Back to purchasing, "oh I can download that for you, what key is yours". Um... I dunno you sent me 4 Can I just get the link, "well you have to have a login". Ok what building are you in I'll drive over with a USB key (hoping there on the same campus), "the download keeps stopping, I'll contact the IT service in your building". a week later I get an install ISO and still no one knows that key is mine. Local IT service suggests it's probably a MAK key since I originally got a quote for a retail copy and we don't run a KMS server on the network I'm using for testing. We'll doesn't windows reject all 4 keys then proceed to register with a non-existent KMS server on the network I'm using for testing. Great so now this server that is supposed to connected to a private network for the sensors and use the second NIC for an internet connection has to be connected to the old network that I'm using for testing because that's where the KMS server seems to be. Ok no big deal the old network has internet except the powers that be want to migrate everything to the new more secure network but I still need to be connected to the KMS server because they sent me the wrong key. So I'm up to three network cards and some of my basic sensors are running on yet another network and I want to migrate the management software to this hardware to have all my data logging in one system. I had to label the Ethernet ports so I could hand over the hardware for certification and security scans.
So at this point I have my system running with a couple sensors setup with static IP's because I haven't had time to setup the DNS for the private network the sensors run on. Local IT goes to install McAfee and can't because it isn't compatible with anything after 1809 or later, I get a message back that " we only support up to 1709" I point out that it's server 2019, "Oh yeah, let me ask about that" a bunch of back and forth ensues and finally Local IT get's a version of McAfee that will install, runs security scan again i get a message back. " There are two high risk issues on your server", my blood pressure is getting high as well. The risks there looking at McAfee versions are out of date and windows Defender is disabled (because of McAfee).
There's a low risk issue as well, something relating to the DNS service I didn't fully setup. I tell local IT just disable it for now, then think we'll heck I'll remote in and do it. Nope can't remote into my server, oh they renamed it well that's lot going to stay that way but whatever oh here's the IP they assigned it, nope cant remote in no privileges. Ok so I run up three flights of stairs to local IT before they leave for the day log into my server yup RDP is enabled, odd but whatever let's delete the DNS role for now, nope you don't have admin privileges. Now I'm really getting displeased, I can;t have admin privileges on the network you want me to use to support the service on a system you can't support and I'm supposed to believe you can migrate the life safety systems you want us to move. I'm using my system to prove that the 2FA system works, at this rate I'm going to have 2FA access to a completely worthless broken system in a few years. good thing I rebuilt the whole server in a VM I'm planning to deploy before I get the official one back. I'm skipping a lot of the ridiculous back and forth conversations because the more I think about it the more irritated I get.1