Good Morning!, its time for practiseSafeHex's most incompetent co-worker!

Todays contestant is a very special one.

*sitcom audience: WHY?*

Glad you asked, you see if you were to look at his linkedin profile, you would see a job title unlike any you've seen before.

*sitcom audience oooooooohhhhhh*

were not talking software developer, engineer, tech lead, designer, CTO, CEO or anything like that, No No our new entrant "G" surpasses all of those with the title ..... "Software extraordinaire".

*sitcom audience laughs hysterically*

I KNOW!, wtf does that even mean! as a previous dev-ranter pointed out does this mean he IS quality code? I'd say he's more like a trash can ... where his code belongs

*ba dum tsssss*

Ok ok, lets get on with the show, heres some reasons why "G" is on the show:

One of G's tasks was to build an analytics gathering library for iOS, similar to google analytics where you track pages and events (we couldn't use google's). G was SO good at this job he implemented 2 features we didn't even ask for:

- If the library was unable to load its config file (for any reason) it would throw an uncatchable system integrity error, crashing the app.
- If anything was passed into any of the functions that wasn't expected (null, empty array etc.) it would crash the app as it was "more efficient" to not do any sanity checks inside the library.

This caused a lot of issues as some of the data needed to come from the clients server. The day we launched the app, within the first 3 hours we had over 40k crash logs and a VERY angry client.

Now, what makes this story important is not the bugs themselves, come on how many times have we all done something stupid? No the issue here was G defended all of this as the right thing to do!

.. and no he wasn't stoned or drunk!

G claimed if he couldn't get the right settings / params he wouldn't be able to track the event and then our CEO wouldn't have our usage data. To which I replied:

"So your solution was to not give the client an app instead? ... which also doesn't give the CEO his data".

He got very angry and asked me "what would you do then?". I offered a solution something like why not have a default tag for "error" or "unknown" where if theres an issue, we send up whatever we have, plus the file name and store it somewhere else. I was told I was being ridiculous as it wasn't built to track anything like that and that would never work ... his solution? ... pull the library out of the app and forget it.

... once again giving everyone no data.

G later moved onto another cross-platform style project. Backend team were particularly unhappy as they got no spec of what needed to be done. All they knew was it was a single endpoint dealing with very complex model. There was no Java classes, super classes, abstract classes or even interfaces, just this huge chunk of mocked data. So myself and the lead sat down with him, and asked where the interfaces for the backend where, or designs / architecture for them etc.

His response, to this day frightens me ... not makes me angry, not bewilders me ... scares the living shit out of me that people like this exist in the world and have successful careers.

G: "hhhmmm, I know how to build an interface, but i've never understood them ... Like lets say I have an interface, what now? how does that help me in any way? I can't physically use it, does it not just use up time building it for no reason?"

us: "... ... how are the backend team suppose to understand the model, its types, integrate it into the other systems?"

G: "Can I not just tell them and they can write it down?"

**
I'll just pause here for a moment, as you'll likely need to read that again out of sheer disbelief
**

I've never seen someone die inside the way the lead did. He started a syllable and his face just dropped, eyes glazed over and he instantly lost all the will to live. He replied:

" wel ............... it doesn't matter ... its not important ... I have to go, good luck with the project"

*killed the screen share and left the room*

now I know you are all dying in suspense to know what happened to that project, I can drop the shocking bombshell that it was in fact cancelled. Thankfully only ~350 man hours were spent on it

... yep, not a typo.

G's crowning achievement however will go down in history. VERY long story short, backend got deployed to the server and EVERYTHING broke. Lead investigated, found mistakes and config issues on every second line, load balancer wasn't even starting up. When asked had this been tested before it was deployed:

G: "Yeah I tested it on my machine, it worked fine"

lead: "... and on the server?"

G: "no, my machine will do the same thing"

lead: "do you have a load balancer and multiple VM's?"

G: "no, but Java is Java"

... and with that its time to end todays episode. Will G be our most incompetent? ... maybe.

Tune in later for more practiceSafeHex's most incompetent co-worker!!!

>Building advertising platform
>Life is good
>Fire up the dev server and open in browser
>No assets
>What the fuck
>Check code and config for like an hour it's all good
>What the fuck
>Try incognito browser, it works.
>What the fuck
>Oh yeah. Adblock. Fuck.

You know who sucks at developing APIs?

Facebook.

I mean, how are so high paid guys with so great ideas manage to come up with apis THAT shitty?

Let's have a look. They took MVC and invented flux. It was so complicated that there were so many overhyped articles that stated "Flux is just X", "Flux is just Y", and exactly when Redux comes to the stage, flux is forgotten. Nobody uses it anymore.

They took declarative cursors and created Relay, but again, Apollo GraphQL comes and relay just goes away. When i tried just to get started with relay, it seemed so complicated that i just closed the tab. I mean, i get the idea, it's simple yet brilliant, but the api...

Immutable.js. Shitload of fuck. Explain WHY should i mess with shit like getIn(path: Iterable<string | number>): any and class List<T> { push(value: T): this }? Clojurescript offers Om, the React wrapper that works about three times faster! How is it even possible? Clojure's immutable data structures! They're even opensourced as standalone library, Mori js, and api is great! Just use it! Why reinvent the wheel?

It seems like when i just need to develop a simple react app, i should configure webpack (huge fuckload of work by itself) to get hot reload, modern es and jsx to work, then add redux, redux-saga, redux-thunk, react-redux and immutable.js, and if i just want my simple component to communicate with state, i need to define a component, a container, fucking mapStateToProps and mapDispatchToProps, and that's all just for "hello world" to pop out. And make sure you didn't forget to type that this.handler = this.handler.bind(this) for every handler function. Or use ev closure fucked up hack that requires just a bit more webpack tweaks. We haven't even started to communicate to the server! Fuck!

I bet there is savage ass overengineer sitting there at facebook, and he of course knows everything about how good api should look, and he also has huge ass ego and he just allowed to ban everything that he doesn't like. And he just bans everything with good simple api because it "isn't flexible enough".

"React is heavier than preact because we offer isomorphic multiple rendering targets", oh, how hard want i to slap your face, you fuckface. You know what i offered your mom and she agreed?

They even created create-react-app, but state management is still up to you. And react-boierplate is just too complicated.

When i need web app, i type "lein new re-frame", then "lein dev", and boom, live reload server started. No config. Every action is just (dispatch) away, works from any component. State subscription? (subscribe). Isolated side-effects? (reg-fx). Organize files as you want. File size? Around 30k, maybe 60 if you use some clojure libs.

If you don't care about massive market support, just use hyperapp. It's way simpler.

Dear developers, PLEASE, don't forget about api. Take it serious, it's very important. You may even design api first, and only then implement the actual logic. That's even better.

And facebook, sincerelly,

Fuck you.

So my actual job is being a nurse at the local hospital, with coding being just a hobby. However, the way some IT–Related things are treated here are just mind-blowing. Here are some examples:

Issue: Printer is not recognized by network anymore due to not being properly plugged in

Solution: Someone has to tell the house technician, if the house technician is currently not available, ask his assistant who only works part time and like twice a week. House technician took the printer (God knows why), came back 2 days later and plugged it back in.

Issue: Printer 1 of 2 on ICU has run out of ink and since all computers default to printer 1, nobody can print.

Solution: Call the house technician, blah blah, house technician comes, takes ink cartridge of printer 2 and puts it into printer 1.

Issue: Public WiFi is broken, can be connected to but internet access is missing. Probably config issue as a result of a recent blackout.

Solution: Buy a new router, spend 5 days configuring it and complain about how hard networking is.

Issue: Computer is broken, needs to be exchanged with a new one, but how do we transfer the data?

Solution: Instead of just keeping the old hard drive, make a 182GB backup, upload it to the main file server and then download it again on the new computer.

Issue: Nurse returns from vacation, forgot the password to her network account.

Solution: Call the technician who then proceeds to open a new account, copies all the files from the old one and tells her to pick an easier password this time. She chooses "121213".

Funny story about the first time two of my servers got hacked. The fun part is how I noticed it.
So I purchased two new vps's for proxy server goals and thought like 'I can setup fail2ban tomorrow, I'll be fine.'

Next day I wanted to install NginX so I ran the command and it said that port 80 was already in use!

I was sitting there like no that's not possible I didn't install any server software yet. So I thought 'this can't be possible' but I ran 'pidof apache2' just to confirm. It actually returned a PID! It was a barebones Debian install so I was sure it was not installed yet by ME. Checked the auth logs and noticed that an IP address had done a huge brute force attack and managed to gain root access. Simply reinstalled debian and I put fail2ban on it RIGHT AWAY.

Checked about two seconds later if anyone tried to login again (iptables -L and keep in mind that fail2ban's default config needs six failed attempts within I think five minutes to ban an ip) and I already saw that around 8-10 addresses were banned.

Was pretty shaken up but damn I learned my lesson!

Manager: THE SERVER IS DOWN THE SERVER IS DOWN!!!!

Dev: Ok I’ll look into it

*5 mins later

Dev: Wow these are really strange logs, it’s like config values are being changed all over the place while I’m looking at it

Manager: Well I figured while you were looking into it I’d go i to the server settings and change everything I could find in order to try and get the server back up again. Two sets of hands are better than one, Is it up yet???

Dev: …No.

Manager: I THOUGT YOU SAID YOU’D LOOK INTO THIS. I NEED ANSWERS NOW. WHAT IS TAKING SO LONG?!?!?

Dev: …

Today my manager asked me about my research into using RabbitMQ as a backup in case Azure Service Bus ever goes down.

Me: "Good. The way we designed the framework, all we have to do is drop the DLLs into the directory, update the config, and the services will start using RabbitMQ."
Mgr: "Excellent. Probably should be looking into using RabbitMQ as a permanent replacement for Azure"
Me: "What? The whole reason we moved to Azure was to eliminate the problems with having an on prem service bus. Since we've switched, there has been zero downtime."
Mgr: "That's what VP-Joe is afraid of. If Azure ever goes down, he won't know how to explain Azure to the president as to why we're not taking orders or can't ship packages."
Me: "That makes no sense. What did VP-Joe tell the president when a database goes down or a server mis-configuration?"
Mgr: "President understands internal outages, its just the whole 'cloud' thing he doesn't understand."
Me: "Um..then VP-Joe needs to explain it to him?"
Mgr: "The decision has already been made. Are you on board? Lets look at this move as a cost savings."
Me: "You mean the $10 a month? How much hardware will we need to support RabbitMQ?"
Mgr: "Yea, nobody probably thought of that."
Me: "I'm on board with whatever decision, but I'd like a little more than VP-Joe being afraid of the president."
Mgr: "I'm sure its not being afraid."
Me: "..."
Mgr: "OK, lets wait and see if VP-Joe forgets about this and moves on to something new."

Me: Well, it's time to make a new app!
* opens up VS Code *
* opens folder selection dialog *
* creates a new folder called "notes app" *
* yarn inits that folder *
* installs react and react-dom *
* installs webpack, webpack-cli, babel-core, babel-loader, babel-preset-env, babel-preset-react, style-loader, css-loader, file-loader, html-webpack-plugin and clean-webpack-plugin as a dev dependency (install is pending) *
* copies a webpack config from some other project *
* creates a babelrc file *
* copies a yarn script called "build:dev" which would launch webpack *
* dev dependencies installed *
* tries to save *
* vscode doesn't save because files differ *
* tries to copy dev dependencies *
* fail *
* tries again *
* saves *
* writes bare-bones index.jsx *
* yarn build:dev *
* opens build/index.html in firefox *
* gets satisfaction *
* writes bare-bones App.jsx which is a react component but it's an entire app *
* yarn build:dev *
* opens build/index.html in firefox *
* gets satisfaction *
-- trim --
* walks out of his room to his mom's room where's sbc is located *
* grandma plays solitare on laptop *
* i ask grandma for a laptop *
* grandma gives me laptop *
* glues all components into App.jsx *
* yarn start:dev (magic of webpack-dev-server) *
* opens localhost:8080 in firefox *
* searches how to update a component prop *
* nothing found *
* registers on devrant and verifies his email *
* writes this rant *

Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”

Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”

I applied for a backend job. Somehow i ended up doing frontend. Ok whatever the pay is alright and i dont mind doing js. But then i see the backend team doing absolute horseshit, stacking up overhead and not even fucking documenting the endpoints, i get mad.
And now our sysadmin left so there is no fucking server and i cant run locally because of 9trillion config files (remember the overhead part?) and the pm is nagging me to get the site done WHEN THERE IS NO FUCKING SERVER. WHAT DO YOU WANT FROM ME, SET IT ALL UP AGAIN? THATS NOT MY FUCKING JOB YOU IMBECILE FUCKFACE.

Just happened at my internship:
Guy: hey could you come over here for a sec and look at this problem?
me: Sure! *walks to table*
guy: the FTP server isn't working. I added config files etc but nothing!!
me: *does some terminal stuff*
me: uhm.... the ftp server isn't installed......
guy: *poker face*
guy: *poker face*
guy: *poker face*
guy: *plz don't tell anyone face*
guy: could you pls install? *desperate look*

The gift that keeps on giving... the Custom CMS Of Doom™
I've finally seen enough evidence why PHP has such a bad reputation to the point where even recruiters recommended me to remove my years of PHP experience from the CV.

The completely custom CMS written by company <redacted>'s CEO and his slaves features the following:
- Open for SQL injection attacks
- Remote shell command execution through URL query params
- Page-specific strings in most core PHP files
- Constructors containing hundreds of lines of code (mostly used to initialize the hundreds of properties
- Class methods containing more than 1000 lines of code
- Completely free of namespaces or package managers (uber elite programmers use only the root namespace)
- Random includes in any place imaginable
- Methods containing 1 line: the include of the file which contains the method body
- SQL queries in literally every source file
- The entrypoint script is in the webroot folder where all the code resides
- Access to sensitive folders is "restricted" by robots.txt 🤣🤣🤣🤣
- The CMS has its own crawler which runs by CRONjob and requests ALL HTML links (yes, full content, including videos!) to fill a database of keywords (I found out because the server traffic was >500 GB/month for this small website)
- Hundreds of config settings are literally defined by "define(...)"
- LESS is transpiled into CSS by PHP on requests
- .......

I could go on, but yes, I've seen it all now.

Stack Overflow. Everyone uses it but everyone seems to hate the community. I very often read about someone getting down voted and they all say the same thing - "I have no idea why".

I have spent a lot of time moderating SO posts, which gave me a lot of reputation and medals. I find it fun to help people and it feels good to give back to the community.

I have asked a bunch of questions and I've never gotten a single down vote, which leads me to believe everyone of you that is constantly getting down voted are doing something wrong. Because the posts I see getting down voted are fucking stupid questions that either lack information or contain too much information.

Example 1:
Server java error

Why is my server not working? I am using Tomcat, port 8080 and I'm getting IOException.

Example 2:
Webpack configuration not working

My webpack is not a working, why?
[entire webpack config]

End examples.

What the fuck are you expecting asking questions like these?? No one gets paid for answering your questions, so the least you can do is write a CLEAR AND UNDERSTANDABLE question. I'm not gonna tell you how to do it because there's A LOT of information on how to do it.

People devote hours and hours to helping others on SO, and of course they get fed up with the stupid and lazy questions. That community is not about being nice, it's not about making people feel welcomed, it's about QUALITY OF CONTENT. No one is crying when they find a superb question + answer, right? That's the result of a community not accepting low quality content.

So please, the next time you get a down vote on SO - do not come here whining about it but instead take a look at what you have posted there and ask yourself if it could have held a higher quality.

Thanks!

Around 27 hours at new customer location.

They had a server failure due to incompetence.

They had fired their own IT guy and called us 6 months later because the server stopped responding.

First diagnostic. 2 drives are dead in a raid 5 with one hot spare. Raid controller then proved to be broken once the disks was replaced.

Waiting for new raid controller and installing.

Backup non existing, no one changed dat tape during the 6 months without IT. The tape was just a transparent plastic band, no media left.

Raid config is stored in static ram on controller, no backup!

Several hours in tech support to find out how to rebuild raid config from existing disks.

Proves to be impossible to rebuild raid set due to some checksum failures.

More hours with support to enable some diagnostic read only mode to mirror low level content to external drive.

Then many more hours to copy parts of the tree until it gets an error, restart after that and go on.

In the end we got around 70% back.

During this time I manage to be in contact with the raid manufacturers all support centers, one in europe, one in the us and one in Taiwan, switching each time one if them closed for the night.

The customer later declined a steady support contract due to us being to expensive ;)

Some just don’t want to learn.

Fuck mysql charset shit. Pretty easy to forgot setting charset in server side config file. And after creating several databases/tables, boom! All in latin1. That's just so convenient. are you kidding me? Why would any modern database have their default charset to be latin1??? rather than utf8? Oh, just forgot again, that's utf8fuckingmb4 on mysql land.

Needed a list with all domains I run on a server but I don't always give nginx config files the names of their website so I was about to start going through them by hand..... waaait, let's try to automate this with a bash script...

Five minutes later I've got a working bash script which gets all domains from all config files.

Oh, the joys of terminal/bash stuff!

Tried deploying a new nginx server today, wrote the site config manually.

"Alright, done! Let's restart the service and look in the browser how it looks"

# systemctl restart nginx
> Process exited with error code.
"Fuuuuck..."
# nginx
> Unexpected } on line 13.

# vim /etc/nginx/sites-enabled/thatconfig.conf
"Wait wtf.. there's nothing wrong with the curly braces.. they're all opening and closing as they should..."
*takes another closer look*
Line 12, missed a fucking semicolon 😑
Append semicolon, :wq, # systemctl restart nginx
Works like a charm 🙄 all because of a stupid semicolon.

Until now I thought that the semicolon jokes were just lame.. but damn you semicolon, you are indeed the superior hide and seek player 😅

Okay.. I just did it. I had to reinitialize a server because I lost the single SSH keypair (probably the one from my BELOVED Windoze desktop that I recently had to reinstall) that was authorized to access the server, and I didn't add any of the other clients' keys to the server's authorized_keys.

Note to self: replicate all your fucking keys or (or rather, and) back them the fuck up into your keychain already!! Why else does that keychain USB stick exist, Condor, you bloody fucking moron?!!

Well, at least now the admin panel on Aruba Cloud doesn't say "Ubuntu 14.04" that's been upgraded to Ubuntu 18.04 anymore, but 18.04 as it should.. but that's about the only good thing.

People committing config files with connections strings pointing to their own machines.
Oh I'll just pull the latest changes... Why is all my data suddenly different??!? Fucking Gregg just checked in a connection string with "server=GREGGSPC".

After 'Dev' deployed a service using Azure ServiceBus, a particular queue/client was receiving errors.

Dev: "Looking at the logs, client is getting faulted."
Me: 'What is the error being logged?'
Dev: 'Client is faulted'
Me: 'No, that is our error when the client is either unable to connect or there is an exception in the middle of sending a message. What is the exception from Azure?'
Dev: 'Client is faulted. That's it. I'm going to have to re-engineer the code to implement a retry policy.'
<OK, I smell someone cooking up some solution finding, so I dig into the logs a little further>
Me: "Looks like an invalid connection string. The actual exception being thrown and logged is from the Azure client connection string builder. The value cannot be null."
Dev: "No, I'm looking right at the connection string in the config. Looks fine."
Me: "Looks correct on your machine, but what is actually being deployed to the server?"
<I could tell he was getting agitated>
<Dev clicks around, about 10 min. later>
Dev: "Aha!..I found it. The connection string in the config on the main branch is wrong, in fact, the entry is missing."
<dev fixes, re-deploys, life is good, I document the error and the root cause>
Boss: "Great job Dev."

*sigh* ..go teamwork?

My Sunday Morning until afternoon. FML. So I was experiencing nightly reboots of my home server for three days now. Always at 3:12am strange thing. Sunday morning (10am ca) I thought I'd investigate because the reboots affected my backups as well. All the logs and the security mails said was that some processes received signal 11. Strange. Checked the periodics tasks and executed every task manually. Nothing special. Strange. Checked smart status for all disks. Two disks where having CRC errors. Not many but a couple. Oh well. Changing sata cables again 🙄. But those CRC errors cannot be the reason for the reboots at precisely the same time each night. I noticed that all my zpools got scrubbed except my root-pool which hasn't been scrubbed since the error first occured. Well, let's do it by hand: zpool scrub zroot....Freeze. dafuq. Walked over to the server and resetted. Waited 10 minutes. System not up yet. Fuuu...that was when I first guessed that Sunday won't be that sunny after all. Connected monitor. Reset. Black screen?!?! Disconnected all disks aso. Reset. Black screen. Oh c'moooon! CMOS reset. Black screen. Sigh. CMOS reset with a 5 minute battery removal. And new sata cable just in cable. Yes, boots again. Mood lightened... Now the system segfaults when importing zroot. Good damnit. Pulled out the FreeBSD bootstick. zpool import -R /tmp zroot...segfault. reboot. Read-only zroot import. Manually triggering checksum test with the zdb command. "Invalid blckptr type". Deep breath now. Destroyed pool, recreated it. Zfs send/recv from backup. Some more config. Reboot. Boots yeah ... Doesn't find files??? Reboot. Other error? Undefined symbols???? Now I need another coffee. Maybe I did something wrong during recovery? Not very likely but let's do it again...recover-recover. different but same horrible errors. What in the name...? Pulled out a really old disk. Put it in, boots fine. So it must be the disks. Walked around the house and searched for some new disks for a new 2 disk zfs root mirror to replace the obviously broken disks. Found some new ones even. Recovery boot, minimal FreeBSD Install for bootloader aso. Deleted and recreated zroot, zfs send/recv from backup. Set bootfs attribute, reboot........
It works again. Fuckit, now it is 6pm, I still haven't showered. Put both disks through extensive tests and checked every single block. These disks aren't faulty. But for some reason they froze my system in a way so that I had to reset my BIOS and they had really low level data errors....? I Wonder if those disks have a firmware problem? So that was most of my Sunday. Nice, isn't it? But hey: calm sea won't make a good sailor, right?

One of the dumbest things I've done as a dev... I was a front-end/php guy that got hired into a asp.net company. My boss told me to take down a section of the website. I hopped on the server and started looking at files and saved a config file. 2 minutes later I had 3 devs in my office asking what I'd done that took down our entire network.

Thankfully my boss laughed it after they republished the site, but that was my intro into asp.net development.

Hey there!

So during my internship I learned a lot about Linux, Docker and servers and I recently switched from a shared hosting to my own VPS. On this VPS I currently have one nginx server running that serves a static ReactJs application. This is temponarily, I SFTP-ed the build files to the server and added a config file for ssl, ciphers and dhparams. I plan to change it later to a nextjs application with a ci/di pipeline etc. I also added a 'runuser' that owns the /srv/web directory in which the webserver files are located. Ssh has passwords disabled and my private keys have passphrases.

Now that I it's been running for a few days I noticed a lot of requests from botnets that tried to access phpmyadmin and adminpanels on my server which gave me quite a scare. Luckily my website does not have a backend and I would never expose phpmyadmin like that if I did have it.

Now my question is:
Do you guys know any good articles or have tips and tricks for securing my server and future projects? Are there any good practices that I should absolutely read and follow? (Like not exposing server details etc., php version, rate limiting). I really want to move forward with my quest for knowledge and feel like I should have a good basis when it comes to managing a server, especially with the current privacy laws in place.

Thanks in advance for enduring my rant and infodump 😅

! exactly dev

I'd ditched Windows and spent a while exploring the Linux ecosystem for content creation. And I have to say, it was not a nice experience.

As much as I respect the Linux mantra of "free as in freedom" and "you need to roll up your sleeves and figure out stuff on your own", it just isn't good enough for non-dev work. Sorry guys, but I need software that gets out of my way and at least does what it's supposed to do. I can't stand a horrible UI or delays and random crashes, which is exactly what happens with most things under Linux.

To replace my Windows workflow I used the following:
1. Windows -> elementaryOS (because Debian/Ubuntu repositories seem to have the best software support, and elementaryOS is the least horrible looking thing that supports that) and then Arch, because, well, Arch.
2. Blender + Maya -> Blender + Maya on Linux.
3. Reaper + FL Studio -> Ardour + LMMS.
4. Photoshop -> GIMP + Krita + Inkscape.
5. ZBrush -> nothing :(

As you can see, my use cases are pretty much all over the spectrum.

Firstly, installing and configuring stuff. A pleasure on Windows, an absolute pain on Linux. Everything just worked on Windows, I had to wrestle with library versions and patches and unstable audio layers (Linux audio just sucks, except for JACK) on Linux.

Out of these, Blender and Maya were the best experience. But even then, both would suffer from random crashes that just didn't happen on Windows.
Ardour is actually really nice when it works. Its use of JACK for routing makes it really really flexible, but it just isn't stable enough to depend on. LMMS is utter crap. I'm sorry, but I just hate the UI. Can't stand it.
GIMP, Krita, and Inkscape can't beat Photoshop, even when you consider them together. Adobe software workflow is just so much better and more intuitive.
Blender 3D sculpting is not bad, but it's nowhere as good as ZBrush.

Also, if you're a C++ dev like me, nothing beats Visual Studio 2017. Nothing. That IDE just blows everything else out of the water. Even VSCode. And it's not slow at all, it handled a fairly large project (PBRTv3) just fine on my Windows development VM. Yes, a VM.

So...I ditched Linux and went back to Windows, but I keep Linux as a VM for when I actually want to mess with Blender or Ardour. Or some dev stuff which Windows sucks at (which is becoming less frequent because of WSL).

Out of all the above, the only one I'd consider ready for production use would be Blender. Developers of open source software, please learn from Blender. Kickass UI and user friendly operation is extremely important, you can't make a random window with GTK buttons and text boxes and arcane config files and expect people to use it for serious work.

Also, Windows beats Linux hands down as an everyday OS. It's always been rock solid, if you take care of it properly (and that goes for any OS). Updates hardly take any time because I run it on a SSD. As for all the advertising and marketing bullshit, you can block a large amount of stuff. And for what can't be blocked, well, I just have to live with it, because the alternative is compromising on my creative output, which is too much for me.

I still run Linux on my server, though. And on my embedded devices (Pi, BeagleBone, etc.). It absolutely rocks there.

I realize that Linux software is not going to improve unless we do something about it, so I'll be contributing fixes and code (the joys of being a C++ dev, yay). Still, I feel that the platform and software as a whole is just not mature enough.

My boss says to me this morning.

Boss: Can you add these links as a redirect 301 to this link.

Me: Ok, I'm not the developer for that domain but I guess I can do it. Let's try to update apache htaccess for that domain through my account.

(After a swift ssh connection to the server to check out that domain.)

Me: Er...boss, we don't own that domain. We cannot redirect it's links to our other domains.

Boss: Why? What do you mean?!

Me: well if we don't own that domain, than it is not on our server and we cannot update it's server config files. So we cannot redirect that domain to our other domains.

Boss: Are you sure?

It went on like this for a while. I had a laugh break after.

I was freaking out today when a program I have to demo in two days suddenly stopped working correctly. Turned out not that bad when I found my dog added some characters to the server address in the config file when I laid my computer on the bed last night.

Your web server config is fucked, and your app is down.

~ "Faithfully yours, nginx."

Want to make someone's life a misery? Here's how.

Don't base your tech stack on any prior knowledge or what's relevant to the problem.

Instead design it around all the latest trends and badges you want to put on your resume because they're frequent key words on job postings.

Once your data goes in, you'll never get it out again. At best you'll be teased with little crumbs of data but never the whole.

I know, here's a genius idea, instead of putting data into a normal data base then using a cache, lets put it all into the cache and by the way it's a volatile cache.

Here's an idea. For something as simple as a single log lets make it use a queue that goes into a queue that goes into another queue that goes into another queue all of which are black boxes. No rhyme of reason, queues are all the rage.

Have you tried: Lets use a new fangled tangle, trust me it's safe, INSERT BIG NAME HERE uses it.

Finally it all gets flushed down into this subterranean cunt of a sewerage system and good luck getting it all out again. It's like hell except it's all shitty instead of all fiery.

All I want is to export one table, a simple log table with a few GB to CSV or heck whatever generic format it supports, that's it.

So I run the export table to file command and off it goes only less than a minute later for timeout commands to start piling up until it aborts. WTF. So then I set the most obvious timeout setting in the client, no change, then another timeout setting on the client, no change, then i try to put it in the client configuration file, no change, then I set the timeout on the export query, no change, then finally I bump the timeouts in the server config, no change, then I find someone has downloaded it from both tucows and apt, but they're using the tucows version so its real config is in /dev/database.xml (don't even ask). I increase that from seconds to a minute, it's still timing out after a minute.

In the end I have to make my own and this involves working out how to parse non-standard binary formatted data structures. It's the umpteenth time I have had to do this.

These aren't some no name solutions and it really terrifies me. All this is doing is taking some access logs, store them in one place then index by timestamp. These things are all meant to be blazing fast but grep is often faster. How the hell is such a trivial thing turned into a series of one nightmare after another? Things that should take a few minutes take days of screwing around. I don't have access logs any more because I can't access them anymore.

The terror of this isn't that it's so awful, it's that all the little kiddies doing all this jazz for the first time and using all these shit wipe buzzword driven approaches have no fucking clue it's not meant to be this difficult. I'm replacing entire tens of thousands to million line enterprise systems with a few hundred lines of code that's faster, more reliable and better in virtually every measurable way time and time again.

This is constant. It's not one offender, it's not one project, it's not one company, it's not one developer, it's the industry standard. It's all over open source software and all over dev shops. Everything is exponentially becoming more bloated and difficult than it needs to be. I'm seeing people pull up a hundred cloud instances for things that'll be happy at home with a few minutes to a week's optimisation efforts. Queries that are N*N and only take a few minutes to turn to LOG(N) but instead people renting out a fucking off huge ass SQL cluster instead that not only costs gobs of money but takes a ton of time maintaining and configuring which isn't going to be done right either.

I think most people are bullshitting when they say they have impostor syndrome but when the trend in technology is to make every fucking little trivial thing a thousand times more complex than it has to be I can see how they'd feel that way. There's so bloody much you need to do that you don't need to do these days that you either can't get anything done right or the smallest thing takes an age.

I have no idea why some people put up with some of these appliances. If you bought a dish washer that made washing dishes even harder than it was before you'd return it to the store.

Every time I see the terms enterprise, fast, big data, scalable, cloud or anything of the like I bang my head on the table. One of these days I'm going to lose my fucking tits.

Fuck i hate myself right now...
> Wanted to install minikube on my homeserver(which doesn't have a graphics card in it)
> Error: Virtualization is not enabled
> Take the server out of my rack, opens my desktop pc, takes the gpu out, puts in it my server, and then goes into bios.
> Find that virtualization is enabled.
> Realize that I'm running a dozen docker containers on a daily basis from my server, so OF FREAKING COURSE virtualization is enabled...

So after all that, I figure out that I should probably just google my issue, which leads to me find out, it's just an issue with virtualbox, and simply running 'minikube config set vm-driver none', it fixes it, and I am now running minikube.............

Took half an hour of work, to realize that I'm a complete fucking idiot, who shouldn't be allowed near a computer

Server admin: "When do I need to make this config change for you?"

Me (in my head): "You mean the one I put a note in the change request ticket about in ALL CAPS and surrounded by asterisks saying 3pm (aside from the scheduled time field that the ticket requires), and the one we then subsequently chatted about where I reiterated the criticality of the timing about and the one I copied you in the email chain about that said the time in big, bold letters the time? THAT config change?!"

Me (IRL): "3pm, please."

(does not inspire confidence, though better to be asked then they just go off and do it whenever the mood strikes I suppose, which HAS happened)

Conversation between a developer and admin team to change configuration in higher environment.
Dev: Please change these config parameters.
Admin: What is environment url
Dev: 😑. Gives the url
Admin: How to change?
Dev: 😑. Gives all the details
Admin: I am unable to perform as server is slow.
Dev: Whom will you report the slowness of server as you are the admin?😵
Admin shocked developer rocked

So, yet another "senior" web developer employed by my contractor who utterly fails to understand CORS.

I mean, easy enough to config their servers to provide the headers. A good and quick buck.

But I swear the level of idiocy I find in so called "seniors" infuriates me. I swear, he didn't even figure out that

A) you can't make the browser omit the Origin header.
(But it works on curl 😭😭😭)

B) it's the *server* who must include access-control-allow-origin in the response, not you in the request. Like, what use would that be? I don't even...

😞

I guess if I ever need to hire web devs again my only question during the interview will be "explain CORS to me".

I literally just had this conversation.

H: Me
C: Colleague

C: "Hey Hindsight, I'm having issues with our web print driver, it's not opening the browser after printing"
H: "Have you checked Interactive Mode in the installer so it opens the browser?"
C: "Yes"
H: "Are you sure you have the right domain name in your configuration file? It should be <thing.example.com>"
C: "Ah, it's just example.com. Should I just change it in the config?"
H: "No you need to regenerate the config from our server tool, because the server data needs to match your client config data"
C: "Ok, my config says <example.com>"
H: "Yes, just regenerate the config with <thing.example.com> instead for the domain"
C: "Ok I'll do that. What was the correct domain again?"
H: thinking "Holy shit can you really be that dumb!" but saying "<thing.example.com>"

You know what, let me jump in on the "I hate PHP" bandwagon.

A couple months ago I upgraded my mail servers unattended. Roundcube got fucked for a couple of months, and I figured.. fuck it, I can still use Dovecot for authenticating with desktop mail clients like K-9.
Recently I unfucked it, turns out that it was an issue with the sock file in php-fpm. That's also when I noticed that PHP apparently hardcodes in its current version in the bloody socket file. Because why the fuck wouldn't you? It makes upgrades so much fucking easier!!! Said no fucking sysadmin ever!!!

And today I upgraded one of my mail servers to Ubuntu Server 18.04, finally, after a lot of hesitation. Bad decision, because now PHP got fucked YET AGAIN.
Again an issue with socket files? I have no fucking idea. systemctl shows no failed services (because you know PHP, why would you fail your service with an error message instead of throwing a meaningless 502 Bad Gateway, right?!!) and looking at the config files, well the socket file got its new php-fpm 7.2 file (still got the fucking version number hardcoded in) and thus I changed that socket file location in /etc/php/7.0...

devRant may just have been my rubber duck.

WHY THE FUCK DO YOU STINKING FUCKING PILE OF SHIT CALLED FUCKING PHP KEEP THE FUCKING 7.0 DIRECTORY OUT THERE WHEN YOU'VE UPGRADED, WITHOUT EVEN HAVING THE FUCKING BALLS TO RENAME THE MOTHERFUCKING DIRECTORY TO 7.2, IF YOU'RE GOING TO HARDCODE IN YOUR VERSION NUMBERS ANYWAY?!!!!!

Bloody fucking pile of fucking junk!!!!

Not been a good day so far:
1. Woke up to my Synology in a 'Volume crashed' state. Tried to contact support via web page; support web page not loading.
2. Ancient software at work stops working. As the last remaining C++ dev, I gotta troubleshoot. Original developer wrote test program...in VB6.
3. Server config file changed, but all the admins swear up and down nobody's made any changes.
4. Client calls account rep and wants to know about our security policies, so he schedules a meeting with me and client and forgets to mention until he's emailing me asking where the hell I am. From the tone of the conversation between the rep and the client, it's clear that somehow I'm to blame for being late.

Sigh.

Well, hey, at least it's Friday, right? Right?

Received a complaint that the year dropdown list isn't far enough (ends at 2022). They wanted it to go all the way to 2027. My script handles this by getting the current year then add 5 to it and it generates the values in the dropdown list. All I had to do was change from '5' to '10' in the config puppet files. Contractually, any source code changes needs to be documented and informed to the client. I followed suit, documenting how I am going to make the change. This is new as it involves using git to commit the changes and pull it in the server that talks to the git server. This shouldn't take more than a minute to fix.

Submitted and wanted to finish this today. Client decided to wait til next week to complete the code change to fix the complaint. A work that can be done in a minute is now dragged to a week. FFFFFFFFFFFFFFFFFFFFFFUUUUUUUUUUUUUUUUUUUUUU

So this morning something wonderful happened. One of my teams deployed some cache for our API using Redis and they didn't config it!!!
So it's TROLL-time!!! And we have some really cool troll rules if you DOS the QA stack!! So if they resolve it in less than an hour they will only have to use a funny cap all day long (even for lunch) but if it takes more than 1 hour it will be a full cyclist outfit for the whole day (over their own cloth).

PS: if you ever use Redis don't mysql it (why config it? it'll work!!!), because Redis will murder your server!!!

I am so mad, I have no words for how fucking much I hate ever having to work or pass work to other incompetent developers or teams, what a fucking waste of time and resources.

After handing off the frontend - for the client to find some team, that would do it in the short time and budget he needs (multiple developers, more fast, much good), he found a team that seemed to be alright for the job and seemed alright to me too, now maybe a month or two later, the client contacts me, that they fucked something up and if I could talk to them.

The email I then received from them seriously made me speechles, mad and sad, all at same time, I spent multiple upon multiple hours, getting a very good readable documentation up (markdown with TOC, properly rendered headers, bulletpoints, all that shit), with all files, all services used, all credentials, even converted all ssh keys into putty ppk format, in case the developers are using windows and are too dumb to do it themselves, nginx configs, it had seriously everything, even too much to list.

They somehow managed to fuck up the entire server, while attempting to "add ssh keys themselves", EVEN FUCKING THOUGH I have included all the keys they need, all the hosting credentials, everything, yet they decided to fuck with shit themselves and completely annihilate the server in the process (HOW?!), so not even the webserver works anymore.

I am fucking speechless, I made it so fucking easy to gather all info and files they need, all properly put into well named folders, along the documentation in an archive and they somehow managed to nuke the fucking server, while attempting to add ssh keys?!

If you don't know how to config a server, then don't fucking touch it and just use everything, that got served to you on a fucking silver platter.

---

I'll just instantly answer the most annoying comment, that somebody could come up with: "why didn't you do it yourself?"

Because in a perfect world, a fully managed team, can do much more than a single developer can, especially in the same timeframe and from what I heard of said client, atleast they did something in terms of developing the system. (which surprises me, considering it's the same people that nuked a server, while trying to add ssh keys)

I just found a vulnerability in my companies software.
Anyone who can edit a specific config file could implant some SQL there, which would later be executed by another (unknowing) user from within the software.

The software in question is B2B and has a server-client model, but with the client directly connecting to the database for most operations - but what you can do should be regulated by the software. With this cute little exploit I managed to drop a table from my test environment - or worse: I could manipulate data, so when you realize it it's too late to simply restore a DB backup because there might have been small changes for who knows how long. If someone was to use this maliciously the damages could be easily several million Euros for some of our customers (think about a few hundred thousand orders per day being deleted/changed).

It could also potentially be used for data exfiltration by changing protection flags, though if we're talking industry espionage they would probably find other ways and exploit the OS or DB directly, given that this attack requires specific knowledge of the software. Also we don't promise to safely store your crabby patty recipe (or other super secret secrets).

The good thing is that an attack would only possible for someone with both write access to that file and insider knowledge (though that can be gained by user of the software fairly easily with some knowledge of SQL).

Well, so much for logging off early on Friday.

Had to make a change in an ugly codebase. For this I had to change a config value which was duplicated three times in the code base. So I wanted to refactor the code so that the config was in one place.

I worked on this for two days and it was starting to look good. On the third day when I started to work on this I realized that I couldn't start the server anymore. Looking through version control I figure out that my co-worker had stayed till 3am last night to work on the change I was supposed to make.

I had to spend all morning undoing his commits. Once I was done refactoring the actual change took me ten minutes.

Why the fuck would you stay until the middle of the night to work on someone else's task?!

Could have just asked how it was coming along if I wasn't working fast enough for him.

Okay. I’m upset. So the recent .NET update Microsoft put out fried SharePoint which I am currently the main point of contact for at our company. In addition, my only current projects are creating workflows.

I was publishing a workflow and got an error. I googled the error and found that it was the .NET update that caused it. Internet says to edit the web.config file for your web apps and it will be good to go. I go to our networks guy (only available supervisor) and explain what happened and ask about the recent patch and whether this could be the cause. He says that his team doesn’t actually handle the patches so I should speak with the HelpDesk lead (don’t ask).

I go to the HelpDesk lead and explain the situation, explain the solution and ask for what to do next. Keep in mind that this whole thing takes two hours because it’s Friday and everyone is out and I can’t do any of my work while I’m waiting on this. HelpDesk lead says “you have an admin account, I trust you. Go fix it” so I think uh okay.... I’m a junior and not even technically an IT person but sure. I know how to do it - but got nervous about fucking it up because our entire organization uses Sharepoint.

Nevertheless I go to my desk and look for the root directories and find that they’re on a server somewhere that I have no access to. I message the Helpdesk guy and tell him this and he says to talk to the developer supervisor. Great! He’s super nice and helpful and will totally understand! Only he’s not in. Neither is half of his team.

I go to his team and look around and find nobody but realize I may be able to catch one of the guys I know and work with in the break room. I start leaving and am stopped by a developer who is generally nice and funny. I explain the situation and he says “you... YOU need to edit a config file?” And scoffs. He demands to see what I’m talking about.

I walk him to my machine and show him what’s going on and all the research I did. I start to realize he thinks I’m overstepping and I begin to apologize and explain the details to why I was asked to do it and then I say “I really shouldn’t even be the one doing this” he says “no you should not. This isn’t getting done today. Put in a request, include your research and we will see what we can do when the supervisor gets back next week”

His tone was like I was in trouble and I know that I’m not, but it’s my goal to end up on that team and I just feel like shit about this whole situation. To top it off my boss pulled me off of two projects because of unrelated issues (and nothing to do with me) so I have basically nothing to do and I just feel very discouraged. I feel dumb and like I should have gone to the developers first. I just wanted to make it easy on everyone and do my research. I feel like I keep being put in situations above my level (I’m one of two juniors in a 16 person shop, the other one is an intern) and then “getting in trouble” for working beyond my scope.

Anyways.... fuck Microsoft

At the institute I did my PhD everyone had to take some role apart from research to keep the infrastructure running. My part was admin for the Linux workstations and supporting the admin of the calculation cluster we had (about 11 machines with 8 cores each... hot shit at the time).

At some point the university had some euros of budget left that had to be spent so the institute decided to buy a shiny new NAS system for the cluster.

I wasn't really involved with the stuff, I was just the replacement admin so everything was handled by the main admin.

A few months on and the cluster starts behaving ... weird. Huge CPU loads, lots of network traffic. No one really knows what's going on. At some point I discover a process on one of the compute nodes that apparently receives commands from an IRC server in the UK... OK code red, we've been hacked.

First thing we needed to find out was how they had broken in, so we looked at the logs of the compute nodes. There was nothing obvious, but the fact that each compute node had its own public IP address and was reachable from all over the world certainly didn't help.
A few hours of poking around not really knowing what I'm looking for, I resort to a TCPDUMP to find whether there is any actor on the network that I might have overlooked. And indeed I found an IP adress that I couldn't match with any of the machines.

Long story short: It was the new NAS box. Our main admin didn't care about the new box, because it was set up by an external company. The guy from the external company didn't care, because he thought he was working on a compute cluster that is sealed off behind some uber-restrictive firewall.

So our shiny new NAS system, filled to the brink with confidential research data, (and also as it turns out a lot of login credentials) was sitting there with its quaint little default config and a DHCP-assigned public IP adress, waiting for the next best rookie hacker to try U:admin/P:admin to take it over.

Looking back this could have gotten a lot worse and we were extremely lucky that these guys either didn't know what they had there or didn't care.

Whaaaat theeeee actual fuuuuuuuuck. So basically I've got a server running and everything is fine. All services are working and I can access the webserver running on it over every browser. But randomly my ssh access stopped working (can connect but doesn't return shit after last login message) and when loading the web config thingie from my provider it gives me an empty response (all other pages from the provider are working). So basically I've got a working server I cannot access. But I'd like to access it and cannot even restart that shitty thing.

Anybody else had a problem like that or has any idea wtf is going on?

It all started with an undelivereable e-mail.

New manager (soon-to-be boss) walks into admin guy's office and complains about an e-mail he sent to a customer being rejected by the recipient's mail server. I can hear parts of the conversation from my office across the floor.

Recipient uses the spamcop.net blacklist and our mail was rejected since it came from an IP address known to be sending mails to their spamtrap.

Admin guy wants to verify the claim by trying to find out our static public IPv4 address, to compare it to the blacklisted one from the notification.
For half an hour boss and him are trying to find the correct login credentials for the telco's customer-self-care web interface.
Eventually they call telco's support to get new credentials, it turned out during the VoIP migration about six months ago we got new credentials that were apparently not noted anywhere.

Eventually admin guy can log in, and wonders why he can't see any static IP address listed there, calls support again. Turns out we were not even using a static IP address anymore since the VoIP change. Now it's not like we would be hosting any services that need to be publicly accessible, nor would all users send their e-mail via a local server (at least my machine is already configured to talk directly to the telco's smtp, but this was supposedly different in the good ol' days, so I'm not sure whether it still applies to some users).

In any case, the e-mail issue seems completely forgotten by now: Admin guy wants his static ip address back, negotiates with telco support.
The change will require new PPPoE credentials for the VDSL line, he apparently received them over the phone(?) and should update them in the CPE after they had disabled the login for the dynamic address. Obviously something went wrong, admin guy meanwhile having to use his private phone to call support, claims the credentials would be reverted immediately when he changed them in the CPE Web UI.

Now I'm not exactly sure why, there's two scenarios I could imagine:
- Maybe telco would use TR-069/CWMP to remotely provision the credentials which are not updated in their system, thus overwriting CPE to the old ones and don't allow for manual changes, or
- Maybe just a browser issue. The CPE's login page is not even rendered correctly in my browser, but then again I'm the only one at the company using Firefox Private Mode with Ghostery, so it can't be reproduced on another machine. At least viewing the login/status page works with IE11 though, no idea how badly-written the config stuff itself might be.

Many hours pass, I enjoy not being annoyed by incoming phone calls for the rest of the day. Boss is slightly less happy, no internet and no incoming calls.

Next morning, windows would ask me to classify this new network as public/work/private - apparently someone tried factory-resetting the CPE. Or did they even get a replacement!? Still no internet though.
Hours later, everything finally back to normal, no idea what exactly happened - but we have our old static IPv4 address back, still wondering what we need it for.

Oh, and the blacklisted IP address was just the telco's mail server, of course. They end up on the spamcop list every once in a while.

tl;dr: if you're running a business in Germany that needs e-mail, just don't send it via the big magenta monopoly - you would end up sharing the same mail servers with tons of small businesses that might not employ the most qualified people for securing their stuff, so they will naturally be pwned and abused for spam every once in a while, having your mailservers blacklisted.

I'm waiting for the day when the next e-mail will be blocked and manager / boss eventually wonder how the 24-hours-outage did not even fix aynything in the end...

Not mine, but a colleague puts a script in production which has to sent an email every time a config changes, but in reality sent an email every time the file was accessed. The system sent a good amount of email in a couple of minutes, the remote SMTP bounced them but the connections on port 25 was dropped by the server, the production firewall hits the maximum number of allowed connections... a lot of shit!

- Hi, I need this config set up on the server. What do you think? Could you do it?
- Yeah seems fine. But we need to assess it properly.
- Ok, let me show you in details.
- Err.. hmm, reach out to me tomorrow.
...
** Then he stays offline all day. **

HOW AM I SUPPOSED TO **REACH OUT** TO YOU???? VIA SMOKE SIGNALS??!! Some supernatural powers??

Oh man, I hate depending on other people to finish a fucking job.

Updating my nginx config file over and over again. No change is being reflected when I visit the website.

Then I realized instead of restarting the nginx server I was running start command :(

I wanted to develop a programming language since all programming languages have some shortcoming of their owns so as I walk further along in developing custom parser generator and so forth, I get to the point where I have to consider implementing the Language Server Protocol for the programming language only to realize that while ironically LSP was supposed to make it easy to to have autocompletion features and other stuff made available to other editors, you still end up requiring to make plugins/extensions for such editor like Visual Studio and Visual Studio Codes anyway despise the fact that LSP was meant to solve that. Meanwhile over at Linux Land, we have Kate editor that can be configured to simply connect to LSP server and require no plugin/extension to do so, you just specify it in json config and that's that.

Microsoft... you created LSP protocol and yet you want Plugin/Extensions still for VSCode/Visual Studio even though LSP was made to address that... Make up your mind, ffs. P.S. I have no interest in writing 100,000 LOC of extension/plugin for your editor if it can't get it's $#!^ together.

when you try to stop tracking changes to files you added on git but instead of running the remove from cache command you run the remove from server also command. and it deletes all the cpanel config files and ruins the hosting account.

Spend literally two days trying to figure out why I have a 2 hour offset in my timezones for a lamp web app. This isn't even close to my first timezone rodeo.

Check logs, reset Apache/MySQL/PHP timezones in like 100 places. Use 3rd party server side and client side timezone libraries. Moment.js you say? Shit works like a charm... but is, of course, still two hours off.

MySQL is right. PHP is right. Apache is right. PHP libs are in place. Finally convert the entire damn project to use epoch time because I have a deadline, I have no more time to read backwater AWS docs and try to figure out why the hell this Ubuntu EC2 is fucked up, and I literally cannot figure out why in the hell the damn clock is off.

Several days later notice a variable in the main .config file... right in root... 2 hour timezone offset.

Fuuuuuuuuuuuuuuuuuuuuck.

//rant

So i ordered myself a web server and am trying to get access to phpmyadmin.
I got generated username and password for the phpmyadmin login.
So i created mysql databases and database users, outside the interface, but that's fucking it, i need to create tables as well, can't do that without the interface, cuz NO ACCESS!

Fucking piece of shit service provider, they had one thing to do and they can't even fucking do it right. How dare they call themselves web hosts at all...

It's probably a badly configured config file but i can't access the file myself to start sorting this shit out, so i got to wait at least 12 hours till work hours to be able to contact with them and sort this shit out.

This Christmas I transitioned into a new job. At the old job I was the only kubernetes-guy, so since they no longer have any developers who are confident working with that, they decided to go with LAMP-stack.

The data from dev-kubernetes-server was backed up by some guy and moved to an offsite-server, or so they told me. Turns out, he had backed up the kubectl-config-file, and not the databases. Now everything is wiped. Sure glad we still have that config-file!

Of course, since that was only our dev-server, there was nothing too important there, except for all the documentation. The only other backup? On my laptop, which I turned in to them, and is now wiped and used by one of the sales-guys.

Now I’m being called in at least twice a day, since I was their goto-guy for almost anything backend-related. Feels great, after they spent a couple of months attempting to rewrite everything in pure PHP (with a strict no-dependency policy for some reason). Fml.

Don't need Netflix when you have a production deployment right before a long weekend. It has failed since last two weeks due to vulnerabilities present in one of libraries(P.S. FUCK JAVASCRIPT and Post release vulnerability scans!). You have rewritten the whole functionality from scratch twice! Security gates finally open for you, welcoming with arms wide open. So you click Deploy! DAFUQ!! FUCK MY LIFE! Deployment failed! It's only a 3 hour window to deploy! You frantically re-review your code, is it me?? Not again!! It isn't! Well, why is the deployment failing, you work against the clock. Going through configs, code, documentation! WTF is it?? Should I give up and raise a support ticket? Nope! You login to the server, sifting through logs and configs, there's a couple of other tickets with today's deadline. What are you going to do? And you get a hint! You take the hunch, change the config 5 minutes before deadline!
Get merge request approved, wait for the build, hit DEPLOY!! Nail biting 3 minutes! Your eyes fixed on the logs! Building..... Pushing instances..... Starting App..... SUCCESS!!! Finish the remaining tickets! Your long weekend still exists!

I just worked on server stuff for so long I feel like I can speak bash and nginx config better than english

You win Linux. That was the last straw. I will never install ANY linux distribution ever again.

Setup a simple FTP server. What can possibly go wrong ?

Ok now I want it to point to /media/ftp

Easy, right ?

Just add local_root=/media/ftp

Weeeeellll nop.

Not working. Completly ingnoring this setting, all users log to home directory.

#chroot_local_user=YES

tried, no effect.

I'm wiping this server and installing windows server there.

Too bad, the process started very well, the machine is fully confiogured, ready to go, DNS working every thing working. Except this shitty FTP.

So FUCK YOU linux wioth config files, WELCOME windows with nice GUI where I can just SELECT the default ftp folder

Here's something I'm sick of seeing: server software documentation that doesn't fully list what ports they are using. Too often I've read things like this: "AcmeServe uses ports 400, 8001, and 8002". Great, but why are you making me guess if those are TCP or UDP?

And sometimes it's: "AcmeServe uses ports 400 (UDP), 8001 (TCP), and 8002 (TCP)". Soooo, which ones do I port forward? Are you really going to make me have to use netstat -a to find out?

I can't understand the mentality behind that. They obviously realise you need to setup firewalls, but they half-arse it by only telling you the port numbers but not the protocol and/or if they're inbound/outbound.

Please, list what protocol the port is and if it's listening or outbound. Oh, and consider also mentioning where the port numbers come from in your config files, so I don't have to go playing a guessing game with a bunch of XML files should someone have overridden the default port numbers.

FUCKING CHINESE SUPOSED IP CAMERAS...
First, they aren't Ip cameras, they are p2p cameras with different settings and more limited...
then took me 3 days to open 5 ports for 2 cameras, config the cameras, till they work.
YEY they finally work, can see them over the Internet (no default settings, even changed the Alias), have my Ip camera viewer on the Phone... but one doesn't activate on moviment.. in this 3 days only took 2 pictures with motion detection on and people passing in front of them... the other was working for like 5 minutes... giving black and white 7kb jpgs... after a few teeks... can't make it work again.
Now I have two cameras that I can see if my house is being robbed but no motion detection to warm me, or at least save some pictures on the server to serve as evidence (and maby finally get the team that is robbing one house a day, If they try to rob my house again...).
The cameras are very good as baby monitors or to play around, for 14$ and 20$... (love the 360º ball) , but as security cameras... Unless you have them connected to a security station and with a repeater close by... worthless...
Oh, and they may give me 1 good frame a second or lag to 10+seconds a frame...

That moment when you're connected to a server to adapt a setting in the SSH service config and it errors into your face when you attempt to reload it.

Schrödinger's SHell 😰

Long time no see devRant. This rant is dedicated to an MQTT implementation we use. Mosquitto, mqtt.js - FUCK YOU.

I spent the last fucking 30+ hours trying to find why the bloody fuck the stupid server / client won't connect to the shitty mqtt broker. From changing all possible config, enabling & disabling specific code nothing abso-fucking-lutely works.

But then it will randomly decide to connect to the fucking broker, not causing any issues at all. And each fucking day when I wake up again and think to myself: oh today I can actually leave when it is still somewhat bright outside - NOPE. Because guess what? The fucking shitty abomination doesn't work anymore.

I just love these types of problems that are almost impossible to debug because the only logs you get is: "SERVER disconnected". It's impossible to get a proper reason out of this shit show, it's just turned into randomly guessing what the error could be (and especially where it could be).

And each time I got it to work, tested it and let the testing team know that they can start testing it will just stab me in the back and be like "fuck you, I'm not working any more". Luckily it's not like the deadline is next week... otherwise work is great, trust me.

My first software.. Okay. So first time I ever attempted was with my father, i was around 8 or so, i remember very little from it, but in nutshell, i somehow ended up at his job having day off school or something, no idea.

Apparently he was bored, so he decided yo show me... Basic. Yep, thats right. Frking basic. Anyway, he shown me some really basic stuff in basic, and pushed the envelope really hard, just trying to force into me more and more in these 8hrs. I started with filling screen with "o" characters. Most of times he was telling me what to write with elaborate explanation why. At the end of the day, we finished with simple maze game where player was "o" and maze walls was #. Without any goal, or anything.

Next day i was at point 0, understood nothing from it except how to handle keystrokes (and belive me, that for me was huge mindblow, and even bigger mindblow that it actually made prefect sense).

I dont remember much, but later i started with father-assisted c++ and some pascal. I immidietly loved c++ but dropped learning it for (NullPointer) reason.

Thats not really project imho, so now time for my actual first project.

It was about time when ARK survival evolved was a fresh thing, i was playing it a lot. Server admin became buddy. We all complained about max level cap, but to change it in config you needed to input whole new xp curve.

At that time i had great familiarity with google and computers, some thought i was some kind of PC god (seriously I heard someone saying so about me lol) just becouse I could ressurect most cases of broken windows. And I had next to zero programming expirience. It was about to change. I made first c++ actual program, that was making xp curve for you. It took me just bearly 2 days and was series of cin, cout, one file open, some maths in loop, and done. Maths was very bad. But i pushed it into steam forums, and one guy responded how.bad my math was, so we colabed on making 2 iteration. Took around week. Than half a year passed and we wanted go big. Go gui. I had no freaking idea how making gui looks like. Community liked my cli tool, we had quite a lot of downloads, why not go GUI. And thats when I discovered QT framework. And we had few features in mind... It took us half a year to make it. From 60 lines of code i jumped into 1k lines of code. We pushed it and immidietly started working on 4th version with much greater customizability etc.

Than i finished 18 and found a job. Job in php. I got it becouse I made this project.

Now project is abandon. This project also gave me a lesson that donations will not feed you.

Edit: and before you think about my father that he was nice person to show me code, trust me, i dont know bigger dick than him.

Experiences of owning a private server with JFK!

Dropping a prod db: 1
Misplacing passwords: 3
Config errors: Over 9'000
fail2ban banned me: 2
Not reading the docs first since: Forever
Setting up a sever again because I fucked up: 4
Formating the wrong USB stick, which had needed data: 1
Resetting lost DB root password: 2
Server crashes due to insufficient psu: 3
Not knowing the firewall is enabled again, so near to nothing works: 2

Ffs, I just spent the whole weekend setting up our new storage server. Moved it into the rack. Entered the UEFI to enable idrac. And BAM! The uefi decided to load it’s own raid config over the raid controller.

Raid controller bios doesn’t let me load it’s own config after that. So I have to reset the controller and setup raid, os and the whole shot again.

To make it even better. Debian doesn’t load the firmware for the broadcom chip, since it’s a non-free driver. Making me have to do lots of manual config after the install just to get it on the internet.

I wish I could’ve just bought a new server instead of working with this shit.
I would’ve used FreeBSD with ZFS, but our server only has 8GB ram, and I need about 120GB extra to work smoothly with all the storage.

It’s just a pita working with this. One step forward, ten steps back.

My apologize to everyone I told that functional programming is declarative.

It's actually imperative. Thank you @AndSoWeCode for figuring that out. I spent the whole day thinking about it.

Lisp is imperative. It's just different way to define the exact data transformations, and that's quite imperative.

On the other hand, HTML, CSS, config files and markup languages are declarative.

But writing the imperative program which is configured with declarative configs seems like great idea. Consider Apache web server and others.

Trying to setup a staging server boss says just use AWS, system admin doesn't like that thought because it doesn't involve him so waited all day for 3 VM's and still not ready... All I need is 3 blank CoreOS VMs nothing fancy like even doing the cloud config no. Anyone else has colleagues scared of moving out of the private high maintenance servers in the basement?

On my last deployment for the musician client I encountered a really nasty bug.

I configured all the settings in my Nginx. Theoretically everything should work, but it did not. Somehow I always ended up landing on my default Nginx page.

After hours of trying to find the typo, turning it off and on again and praying to all gods I ever heard of, I finally analysed my default Nginx config file. Somehow the server config I posted on the clients conf-file got posted beneath the default configs. WTF?

After deleting those everything worked. 🙄

My server is taking 7 minutes to boot with an ssd 🤔...

Time to systemctl blame the shit out of the system and figure out what config I messed up!

Freenas update from 11.1 to 11.2 beta 2

They added experimental smb direct / multichannel support, yay.

Me tries to connect to the smb share:
->Connection timed out 🤔

Tries something.
->Connection refused 😐

Google foo ....
->Nope, no connection 😔
"Failed to retrieve list of shares from server"

Reinstalls freenas to be sure it's not some janky install.
->Nope.

Google some more
->Nope 😭

*Like a year later*
Look into /etc/samba/smb.conf

Client max protocol = NTLM1

Motherfucker! 😬
Who thought that to be a good Idea!?
😠
It's the default Manjaro smb conf from the official repository by the way.

Seriously.
Didn't even know there was a setting for max client protocol.
Thought it was a server only config.
😵
Nope, some motherfucker trolled me long and hard this time. 😩

But back to getting smb direct working on my setup.

Thunar gvfs is like it's own completely separate thing.

Smb status, and all the other commands don't see any open connections anywhere.
Gvfs still connects fine to the share even though the smb.conf is deleted and everything else is complaining that there is no config.

On the one hand, it uses samba, on the other it's not actually.

Where the heck can I see the connection properties and wether rdma works or not?

Mother trucking, fracking, leg breaking piece of a dance type.

IDK man, it took me a while to finally learn iptables and now switch to firewalld? Oh come on. It's not that I'm against learning new things, no. It's just that firewalld looks a bit.. crappy. If I get a server provisioned and run

firewall-cmd --add-port=53/udp --permanent
firewall-cmd --reload

and I get my ssh connection killed that's no good news, no sir! I mean come on, how can I rely on a tool this critical when a single line in its config file can make my machine inaccessible. Even better -- this config file is managed by that tool entirely!!! My commands passed all the tool's checks and they worked, but when I wanted to make those commands permanent and reload state from the config -- the tool starts spitting bile and blood and says "fuck off, it's my server now!"

IDK man.. It's just way too fishy. The good ol' iptables works very well and I'm kicking its retard younger brother out of the server.

shoosh you dirty pig firewalld, shoosh!

I fucking hate web development and fuckton of issues it has. Laravel library not found despite the files exists and composer loaded it in the autoloader, fix: create a config file for the lib, why? Because magic. The code cannot find the provider class without it....
Next, try out smtp mail. Works everywhere, but not with the live smtp server. Fails with Invalid recipients error. 2 hours later, with half of my hair torn out I finally figured out. Can you guess?
Credentials and settings are correct, recipients are also correct. The fucking from address parameter was the culprit because you cannot send emails on behalf another address, logical but fuck that error message. Why is it that hard to respond with an understandable response?

I have just slept for a minimum of 5 hours. It is 7:47 PM atm.
Why?
We have had a damn stressful day today.
We have had a programming test, but it really was rather an exam.
Normally, you get 30 minutes for a test and 45 minutes for an exam.

In this "test" we have had to explain what 'extends' does and name a few advantages of why one should use it.
Check.
Read 3 separate texts and write the program code on paper. It was about 1 super class and 1 sub class with a test class in Java.
Check.
Task 3: Create the UML diagram of the code from above. *internally: From above? He probably means my code since there is no other code there. *Checks time*. I have about 3 minutes left. Fuck my life.*
Draws the boxes. Put the class names in each of them. A private attribute for the super class.
Teacher: Last minute!
Draw the arrow starting starting from the sub class to the super class.
Put my name on each written paper. And mentally done for the day. Couldn't finish the last task. Task 3.
During this "test", I heard the frustrations of my classmates. Seemed like everyone was pretty much pissed.
After a short discussion with the teacher who also happens to be the physics professor of a university nearby.
[If you are reading this, I hope that something bad happens to you]
The next course was about computer systems. Remember my recent rant about DNS, dhcp, ftp, web server and samba on ubuntu?
We have had the task to do the screenshots of the consoles where you proof that you have dhcp activated on win7 machine etc. Seemed ok to me. I would have been done in 10 minutes, if I would be doing this relaxed. Now the teacher tells us to change the domain names to <surnameOfEachStudent>.edu.
I was like: That's fine.
Create a new user for the samba server. Read and write directories. Change the config.
Me: That should be easy.
Create new DNS entries in the configs.
Change the IPv6 address area to 192.168.x.100-200/24 only for the dhcp server.
Change the web server's default page. Write your own text into it.
You will have 1 hour and 30 minutes of time for it.
Dumbo -ANGRY-CLIENT-: Aye. Let us first start screenshotting the default page. Oh, it says that we should access it with the domain name. I don't have that much time. Let us be creative and fake it, legally.
Changes the title element so that it looks like it has been accessed via domain name. Deletes the url and writes the domain name without pressing Enter. Screenshot. Done. Ok, let us move to the next target.
Dhcp: Change lease time. Change IP address area. Subnet mask. Router. DNS. Broadcast. Optional domain name. Save.
Switches to win7.
ipconfig /release
ipconfig /renew
Holy shit it does not work!
After changing the configs on ubuntu for a legit 30 minutes: Maybe I should change the ip of the ubuntu virtual machine itself. *me asking my old self: why did not you do that in the first place, ass hole?!*
Same previous commands on win7 console. Does not work. Hmmm...
Where could be the problem?
Check the IP of the ubuntu server once again. Fml. Ubuntu did not save when I clicked on the save button the first time I have changed it. Click on save button 10 times to make sure it really is saved now lol.
Same old procedure on win7.
Alright. Dhcp works. Screenshot.
Checks time. 40 minutes left.
DNS:It is your turn. Checks bind9 configs. sudo nano db.reverse.edu.
sudo nano db.<mysurname>.edu.
Alright. All set. It should work now.
Ping win7 from ubuntu and vice versa. Works. Ping domain name on windows 7 vm. Does not work.
Oh, I forgot to restart the bind9 server on ubuntu.
sudo service bind stop
" " " start
Check DNS server IP on win7. It looks fine.
It still doesn't work. Fuck it. I have only 20 minutes left. Samba. Let us do this!
10 minutes in. No result. I don't remember why. I already forgot why I have done for it. It was a very stressful day.
Let us try DNS again.
Oh shit. I forgot the resolver!
sudo nano /etc/resolv.conf
The previous edits are gone. Dumb me. It says it in the comments. Why did not I care about it. Fuck it.6 minutes left. Open a yt video real quick. Changes the config file. Saves it. Restarts DNS and dhcp. Closes the terminal and opens a new one. The changes do not affect them until you reopen them. That's why.
Change to win7.
Ping works. How about nsloopup.
Does not work.
Teacher: 2 minutes left!
Fuck it.
Saves the word document with the images in it. Export as pdf. Tries to access the directories of the school samba server. Does not work. It was not my fault tho. Our school server is in general very slow. It feels like they are not maintained and left alone like this in the dust from the 90s.
Friend gets the permission to put his document on a USB and give the USB to the teacher.
Sneaky me: Hey xyz, can you give me your USB real quick?
Him: sure.
Gets bombed with "do you want to format the USB?" pop-ups 10 times. Fml. Skips in a fast way.
Transfers the pdf. Plug it out. Give it back.
After this we have had to give a presentation in politics. I am done.

So.. I'm migrating a physical server to a virtual (Hyper-V) one.

The physical server is running Windows Server 2008 R2 with IIS6 and Windows SQL Server 2012.

I've set up a VM with Windows Server 2016, IIS10 and Windows SQL Server 2017.

I'm testing with just moving 1 db at a time (we have about 20, 1 per client running this software and a few others) and I've already imported all of the IIS sites.

So the database import and IIS import went smoothly and was surprisingly without hassle but now I'm trying to run the website that I imported the database for and it is throwing 503 Errors at me.
I've been trying to find out the cause but for some reason IIS isn't making any logs.
It's not any 64/32bit system problems (they're both x64) and I can't seem to find anything wrong with the imported config.

Anyone got any ideas?

Dear Webmin,

how is it that you fail to update and fuck up every Apache config file existing on the server.

Why can't I just be a lazy dev tonight, instead of fixing your moronic actions upon those files, one by one.

Why is it that you frigging forget to close Directory tags properly.

Why is it that you show a Forbidden page when everything seems to be finally ok.

And why is it that I can not re-generate that shit with one button.

Fuck this shit.

sudo rm -rf /

!rant

Is there any alternative to socket.io that doesn't need to expose a server ip directly to any client, needing to set up a full nginx anti ddos/auth config and more?

There is the live-ajax way that requests progress, but it feels more like a hack each time. (especially if the site should be able to handle multiple tabs with different progress)

I thought maybe some framework has live requests inbuilt to update content from a server worker model. (without exposing the server ip)

Am i just nuts or is server config at 3am with sushi awesome for people that arent me?

This app also sucks with pics... any tips on that?

How fitting because that just happened today: MOTHERF*CKING Tomcat.

TL;DR:
Tomcat sucks with client side routing (e.g. in angular2).

How hard can it be to provide a web/application server which is properly configurable?
I lost a whole day by trying to get an angular2 project deployed in Tomcat.
It's not that I could not manage to deploy it. But that you need to put all the files in the ROOT folder if Tomcat so that your JavaScript files can be found is the first dumb part.
But that's not enough.

There seems to be no way in Tomcat, short of writing to XML config files and including one jar library, to disable routing go a webapp. And you need to do this when you have a single page application with client side routing.

But yeah, dear boss, I get the part where Tomcat is lightweight, easy to use and does most of the work for you: when you do not use it.

As a side note, so that nobody thinks I have a grudge against the Apache guys: I see the advantages of a Tomcat if you have multiple webapplications written in Java which you need to manage our if you use it as an embedded application server.
But there are just some occasions where a plain old Apache Webserver is better suited.

Another side note: if I just embarrassed myself because those are settings which can be easily applied feel free to tell me 😉

Who the hell hardcodes their localhost ports in a web.config without updating the release config to the correct production URLs? And why doesn't our ops team pick up on this shit before clicking their fancy deploy button? And why in holy heaven do we even have a pre-production server if it isn't an exact mirror of production?

God help me, I need a drink.

Sure, you *could* set up identical VMs on your server and just have one config file for your java application. But why not just set up lots of users on the server, keep various configs in source control, and have a manual task to change the config you're pointing to when you build?

Idiots.

So, i'm trying to get linkr (a pretty cool short link service) to work in a docker container since 4 hours now to host it on my server. There is no official container because it needs a working database connection and stuff during installation which can only be done via console and (for whatever reason I couldn't find out yet) need to be done while building the container. The problem is, I can't connect it to the database while building the container so there is no database during installation to create tables and stuff and the build will fail. ARGH.
Why the hell would you do this????? Theyre actually saying in their readme there is no dockerfile because the config options are specific to your configuration...?!?!
The thing is entirely written in python, so reading and parsing configfiles on the fly should not really be a problem.

Of course I could ssh into the container and run the installation script but that's not the point.

Docker is not about being lazy.
It's about portability.
Maybe I don't want to bloat my server with your 39579372639 npm dependencies? Or I don't want to install a freakin apache, because I have every other site on nginx and therefore wouldn't work with apache.

AAAAAAAARRRRRRGGHHGGGGG

in the end, I'm probably going to modify the thing to install tables when running the container and giving the first user admin rights instead of prompting to enter credentials for a new admin user.
And yet I didn't even speak python.

I have two stories one as a victim and one as a "hacker"
Victim story: I did an installation on a research center a few years ago and the servers where directly connected to the internet. The next day I did see that someone from China had logged in...i did a clean install immediately.

Hacker story: I did help a friend of mine once for a uni project (lamp/ftp server) . While we were setting up our server, we checked the servers of the students that had finished their project and had them online. We obtained the password for the FTP server (it was available for the teacher to check) so ftped to the machine and there was no jail for the FTP.... I searched for joomla config and found the password for the database...

I leave the rest to your imagination...

That horrible, dreadful, feeling when your openvpn server is not working as intended anymore, and yet you can't remember what was the last thing you changed a few weeks ago.
Even worse, one client seems to still work just fine, while another seems completely broken.

- pc1 (windows): all good
- phone 1 (android 8.1): no connectivity, both internal and external
- phone 2 (android 7): all good

All with the exact same config.

If there is a god, I must be in hell. Otherwise I cannot see the point of this sensless torture.

Trying to implement WebRTC for Voice chat in the company app in Unity.

Pros:
- it's super fucking fast
- it kinda is peer to peer

Cons:
- WebRTC comes in very different ways and therefore you either need to properly config the server or change the way the app works
- Each signaling server might have different config so you can't even connect to different servers like you do for http, ftp and so on
- You need to use a server to know each peer
- You need to use another server to make the actual messages go through
- None of it seems to actually be p2p except the fact that you will need to make a different connection to each and every other client in the conference

So basically it was engineered to be as compatible as possible and therefore no server-side default was defined in the protocol, which means it won't ever be actually very compatible with anything at all since everyone will make its configuration.

Fuck me, fuck WebRTC and fuck this whole shit

Spring boot does very much automagically.... but to find every possible configuration is hard....

I found out that it has an automatic config for Scheme Server... but how the fuck to configure it 😑

And do I still need avro made domain objects 🤔 it's hard to fight through all these documentations and versions of spring. 😖

I am messed up at installing a bunch of server app in proxmox, messed up the config, privileges etc.

Guess i need to start over -_-

Hell of a Docker

One application in c++. 4 in c# targeting Linux. Several logging places, Several configuration files , dozens of different folders to access (read/write). Many applications being called from just one that orchestrates everything.

OS is Linux. Installation is to be made inside a docker image and later placed in a container by means of several bash files and python scripts. All these are part of a legacy set of applications.

They’ve asked me to just comment out one line which took 3 days to find out because they didn’t remember where it was and in which application it was and what was in that line.

After changing it, I was asked to create a test environment which must have resemblance to the current server in production. 12 days later And many errors, headaches, problems with docker, I got it done.

Test starts and then, problems with docker volumes, network, images, docker-composer, config files and applications, started to appear.

1 month later, I still have problems and can’t run all applications at least once completely using the whole set.

Just one simple task of deploying locally some applications, which would take one or two days, is becoming a nightmare.

Conclusion: While still trying to figure out why an infinite loop was caused by some DB connection attempt in an application, I am collecting a great amount of hate for docker. It might be good for something, that’s for sure, but in my experience so far, it is far worse than any expectations I had before using it.

Lesson learned: Must run away from tasks involving that shit!

Hey guys
spent all day with a new project, maybe you guys can help.
I have two p2p cameras that I want to setup and access when my family goes on vacation.
Cameras are working (with mildly success) , now, what Is the best option to access them from the Internet?
I can send e-mails, but can't config the SMTP server (don't know why always gives connection error, but guessing that maby this kind of products are blocked from sending e-mails), tried Gmail, mail, and Hotmail.
ftp-server.. don't have any online (have a VPS with 200 mb free ram...)

Tips? ideas?
Thanks, guys

So, today, I wanted to try setting up a wireguard VPN server on my little raspberry pi at home. I... expected /some/ issues, but what I found dumbfounded me.

1 - I already had the wireguard package from the unstable branch of the main raspbian repo installed... Huh, okay.
2 - Setting up config was extremely easy... Wow, so the rumors were true. Wireguard really is almost dumb-simple.
3 - Failed to create a network interface? Oh, trouble, here it is! So lets see... modprobe wireguard... Nope. Don't have the module? What?
4 - Reconfigure package to rebuild the module - missing kernel headers? Huh... weird

This was the simple stuff... Then I went down the rabbit hole of the Raspberry Pi ecosystem:

1 - There is the Raspberry Pi Bootloader, that is apparently separate from the Kernel itself. And I didn't seem to have any of the standard linux-image-* installed... What? Weird, yet there I was, running a 4.19.42-v7+ kernel...
2 - No kernel and no headers... What... The... Fuck
3 - Okay, so... Lets just... try to install the latest kernel image then? One apt-get install... It downloaded the image, but during package configuration, it failed because... I didn't have... its headers? What? What for? And if it needs them (for whatever reason), why isn't the headers package as a dependency? Ugh, whatever...
4 - Another apt-get install and... Okay, building the initrd image aaaaand...
FAIL
WHAT. What is it this time!?

Oh... Ran... No more space on device? What? Is /boot independent? Of course it is, it has to be, its a bloody different filesystem

Okay, so, lets che-OH MY GOD WTF.

Its just bloody 45 MBs big! The entire /boot is just 45 MBs large. WHY. THE. FUCK.

This was a default raspbian install from I have no idea when. But... Why. Oh WHY would ANYONE pre-configure /boot to be this incredibly tiny!?

No wonder the new init ramdisk couldn't fit in there! Its already used up from 64%!

Thanks, Raspbian Devs, now I gotta reinstall the whole system because, yes, the /boot is, of course, sector 8192. Just far enough from 2048 that there are *some* sectors free - About 3 MBs.

So what did I try? Remove the partition and recreate it from the very beginning. Only... I never tried in in the past, and okay, kernel doesn't like having the partition where its image resides deleted on the fly, it will not give up FDs pointing there or something.

So now, I have a system I cannot reboot, or it will never boot back up :|

Thanks, Raspbian!

I need to get a cheap 1U somewhere or something T.T

My answer to their survey -->

What, if anything, do you most _dislike_ about Firebase In-App Messaging?

Come on, have you sit a normal dev, completely new to this push notification thing and ask him to make run a simple app like the flutter firebase_messaging plugin example? For sure you did not oh dear brain dead moron that found his college degree in a Linux magazine 'Ruby special edition'.

Every-f**kin thing about that Firebase is loose end. I read all Medium articles, your utterly soporific documentation that never ends, I am actually running the flutter plugin example firebase_messaging. Nothing works or is referenced correctly: nothing. You really go blind eyes in life... you guys; right? Oh, there is a flimsy workaround in the 100th post under the Github issue number 10 thousand... lets close the crash report. If I did not change 50 meaningless lines in gradle-what-not files to make your brick-of-puke to work, I did not changed a single one.

I dream of you, looking at all those nonsense config files, with cross side eyes and some small but constant sweat, sweat that stinks piss btw, leaving your eyes because you see the end, the absolute total fuckup coming. The day where all that thick stinky shit will become beyond salvation; blurred by infinite uncontrolled and skewed complexity; your creation, your pathetic brain exposed for us all.

For sure I am not the first one to complain... your whole thing, from the first to last quark that constitute it, is irrelevant; a never ending pile of non sense. Someone with all the world contained sabotage determination would not have done lower. Thank you for making me loose hours down deep your shit show. So appreciated.

The setup is: servers, your crap-as-a-service and some mobile devices. For Christ sake, sending 100 bytes as a little [ beep beep + 'hello kitty' ] is not fucking rocket science. Yet you fuckin push it to be a grinding task ... for eternity!!!

You know what, you should invent and require another, new, useless key-value called 'Registration API Key Plugin ID Service' that we have to generate and sync on two machines, everyday, using something obscure shit like a 'Gradle terminal'. Maybe also you could deprecate another key, rename another one to make things worst and I propose to choose a new hash function that we have to compile ourselves. A good candidate would be a C buggy source code from some random Github hacker... who has injected some platform dependent SIMD code (he works on PowerPC and have not test on x64); you know, the guy you admire because he is so much more lowlife that you and has all the Pokemon on his desk. Well that guy just finished a really really rapid hash function... over GPU in a server less fashion... we have an API for it. Every new user will gain 3ms for every new key. WOW, Imagine the gain over millions of users!!! Push that in the official pipe fucktard!.. What are you waiting for? Wait, no, change the whole service name and infrastructure. Move everything to CLSG (cloud lambda service ... by Google); that is it, brilliant!

And Oh, yeah, to secure the whole void, bury the doc for the new hash under 3000 words, lost between v2, v1 and some other deprecated doc that also have 3000 and are still first result on Google. Finally I think about it, let go the doc, fuck it... a tutorial, for 'weak ass' right.
One last thing, rewrite all your tech in the latest new in house language, split everything in 'femto services' => ( one assembly operation by OS process ) and finally cramp all those in containers... Agile, for sure it has to be Agile. Users will really appreciate the improvements of your mandatory service.

I have a small NUC-like machine in my home with an old external hdd connected to it. I use it to run my local gitlab, nextcloud and to test a few websites I build for the lolz.
If you too have a homelab, whether it's a single raspberry or an entire room full or racks, you know damn well that everything you have running locally as a web service keeps going until it doesn't, for whatever fucking reason. This time, it was the turn of my nextcloud.
The machine has arch linux running, I chose it since I already use it on my coding laptop and being a rolling release means I don't have to manually upgrade to a newer version, risking various fuck-ups and consequent screaming of profanity.
The downside is that arch is a bleeding-edge distro, so, despite being pretty good for what concerns security, as updates are pushed out some packages may still require legacy software to work as intended, since obviously not all developers for all packages can release simultaneously.
The problem was that php reached 8.2.x but nextcloud couldn't use anything beyond 8.1, so the highlighted solution was to download php-legacy, a package with a set of utilities which the cloud could use instead of mainline php.

Pretty easy, right? fuck my life, here we go.

I edited apache-httpd's configurations to link the new libraries, updated every reference in every virtual host that could possibly screw up the web server.

Done.

Then I went on and disabled the php-fpm mainline, creating a new systemd unit that would instead run the legacy executable and afterwards I edited nextcloud's additional configs so they use that instead.

Done, getting a bit dizzy, but I reboot everything and breathe.

At this point the migration should be complete, but wait, the server returns an error saying that the application is still trying to use php 8.2+...wait, what in the sysadmin Christ?

Back to nextcloud config, everything is set, everything else in every other fucking php-legacy and web server is fine, the old fpm service is disabled, I am confused, and why in the FUCKING FUCK is the new php-fpm unit failing to start at boot with "error 78/config - directory not found"? Hello? Am I being trolled by a shitty dual-core amazon fake NUC?
Maybe yes, cause it turns out that the unit was referencing a directory in the external hdd, which gets mounted at boot time after the unit itself starts, so nothing much, just a matter of tinkering with cron jobs, a reboot and at least this one is off my balls.

But why still isn't the server responding correctly? why? WHY?

After slamming my cock on the keyboard here and there scrolling back through all the config files I think to myself, hmmm, my gitlab is working flawlessly, well yeah, I didn't need to install the whole web stack, everything was nice and easy wrapped in a docker container...so why am I even here, why the fuck am I bothering with all this layered web-app bullshit, why don't I just run the up-to-date docker image that someone else has already set up for me, back up all the data and reupload them on the application?

Oh joy, you can't imagine, after 3...almost 4 hours of pure computer-touching the relief I had from seeing the blue web page with the "welcome to nextcloud" title.

Right now it's copying back all the files, and the external hdd is now linked to include the data folder.
Like really, everything was solved in two lines of bash.

I am still fuming, but at least I learned a valuable lesson, if you want a service up for yourself, implement it and deploy it as fucking easy straight-forward as you can, giving MAXIMUM priority to already fully-working options that are out there just waiting to be downloaded and used. I swing my scrotal sack on web-apps elegance as long as it's MY homelab in MY place.

Eat a fat dick php.

sudo pacman -Rns nextcloud
sudo systemctl disable --now php-fpm-legacy
sudo pacman -Rns php-legacy
sudo pacman -Rns $(sudo pacman -Qdtq)

So a few months ago I decided to use Slim Framework for the smaller projects. I chose it mainly because of the number of the recommendations here when I asked for help. The other reason is the PHP version of our server (which we can't change unfortunately). Everything about Slim is pretty awesome. It's easy to use and stuff - but without virtual hosts, I can't run multiple sites written with it on our server. The last uploaded one always wins in selecting vendor and config paths, and so the older ones want to use those new paths, too. This generates a lot of errors in the log and of course, we can't load completely any sites but the last uploaded one. We've tried everything until now, so guess we need a workaround.

The only way I can edit Puppet config files is by git. And the only way I can git pull/push/commit/etc is generating a ssh key with a private key and give my public key to my supervisor to the git server (wherever that may be).

Because I'm on Windows 10 and screwed up my installers, I completely forgot to backup my ssh keys before resetting it. FML

Today at work, I had to do a dry run of our new production environment config for our VM server.
So I setup ESXi in a vm in my workstation. Installed it it, no problem. Setup some VMs, still going good. Then my supervisor came and said I have to make some tweaks and use vCenter. I thought: meh, that came late but ok. Download the vCenter installer from our internal CDN and ran it. Sorry general config, blah blah blah. "Setup with embedded or external platform service controller?" -"Embedded" - "minimal requirements: 11GB ram, 250GB disk storage, 2 CPU cores". Well... Fuck me. My workstation specs: 8 GB RAM, 128 GB SSD, 4 cores.

What the bloody fucking hell does this stuff need 250 GB disk space for?!

Well at least I've got a permanent upgrade for my workstation.

Today was a painful day when I realized that I need to backup my nginx configs like I backup my actual data. 20 minutes of downtime turned into an afternoon when I accidentally deleted the nginx config backups on my server. It's been... let's say fun.

To be a Java (or other business popular language) developer
* Java 6, 8 and features up to 14
* SQL + nosql
* Caching
* Logging eg log4j2,
* Searching eg elastic stack
* Reactive
* Framework (at least 1, but hey, knowing 1 is lame..)
* Networking or at least base http knowledge
* Tomcat, jboss or other shit
* Aws, heroku, GCE or other SAAS/paas
* Rest, RPC, soap
* Business Hello World example
* Hexagonal Architecture
* TDD
* Ddd
* Cqrs
* 12 app factor
* Solid
* Patterns
* docket
* Kubernetes
* Microservices
* Security, oauth2
* concurrency
* AMPQ
* Cloud
* Eureka or consul as service Discovery
* Config server
* Hazel cast
*
*
* Endless story ...

Then we can start hello word app

After couiple of hours (Yes, apprently it's insane how hard is to add a new NIC to a linux machine and make it start on boot), I finally got my connexion working !

Story :
Server has original MB 1Gbits card. Internet connexion is 1.1 Gbps. So 1Gb card only picked at 940 Mbits download

I bought a 2.5 Gb card (new nic)

Pluged it in : Nothing
Couple of ifconfig -a etc, bring device UP : Yeah working !
Reboot : Nothing

/etc/interfaces : nothing

And why it's not eth0 and eth1 etc as before but some thing cryptic like enp3s0.

Well, at least now everything working (Apperently there is a new "network plan" config file in yaml... what a waste, DO FUCKING JSON YOU RETARDS)

Ping is awsome tho ! Same cable on windows Machine, I get 5 ms.

My website is now deployed on a Digitalocean droplet using Terraform to provision the infrastructure and Ansible to configure the server. It creates users, sets up SSH config and deploys the required containers I want all using an Azure pipeline and an Azure storage account to store the TF state.

Now I need a frontend... ._.

Quick Plesk config question...

Been getting open_basedir() notices in the WordPress logs, and frankly it's flooding the log right now. Sample below:

[24-Feb-2019 07:05:19 UTC] PHP Warning: file_exists(): open_basedir restriction in effect. File(/var/www/vhosts/webspacedomain.com/SiteInstallDirectory/wp-content/db.php) is not within the allowed path(s): (/var/www/vhosts/webspacedomain.com/:/tmp/) in /var/www/vhosts/webspacedomain.com/SiteInstallDirectory/wp-includes/load.php on line 397

Checking the settings for open_basedir in the domain's PHP settings, it's currently set to the following default value:

{WEBSPACEROOT}{/}{:}{TMP}{/}

By my read, that **should** be granting permission to the directory. I just checked it against the setting on the dev server (which doesn't report this error), and it's configured in the same manner. Only difference between Dev environment and this one is that the one in Dev is in vhosts/webspacedomain.net/DEV instead of just vhosts/webspacedomain.net

Is there something I'm missing here?

Made a wonderful and good working module for a server. A few days later the jar file got renamed to a .BAK file. From the stacktrace I figured out itd be the configuration file (Json) that was crashing. Guy wouldnt send the config. Told him the problem but he ignored me.

Three days later he came up to me that he forgot a comma at the line end.

Ffs.

You guys think Windows 10 data tracking is bad? Server 2016 is worse. When I try and shut the machine down (it's a VM and I want to change config) it actually asks me the reason for the shutdown. I understand servers are intended to always be up but geez that's overkill. And this is only within my first hour of installation and use.

Any opinion about cheap hosting? Im currenty at transip for dns but i want a small server with open port config or docker suport

So I was writing SaltStack state for syslog management and I had a simple config file in place to be deployed on a test server. I was writing the command to run the state for the test server, and the only thing that was left was to type the hostname of the server (instead of wildcard) when someone interrupted me. After I got back to this terminal I instinctively pressed return sending test configuration to over 80 production servers. Nice one...

Ok, so for past 1 whole day I am trying to make vhost work on my brand new laptop, running Ubuntu 16.04 LTS... When I installed OS, I've set hard disk encryption, and on top of it - user home folder encryption. Don't ask me why I did both.

Setting up vhost is simple and straight forward - I did it hundreds, maybe thousands of times, on various Linux distros, server and desktop releases alike.

And of course, as it usually happens, opposed to all logic and reason - setting up virtual host on this machine did't work. No matter what I do - I get 403 (access not allowed).

All is correctly set - directory params in apache config, vhost paths, directory params within vhost, all the usual stuff.

I thought I was going crazy. I go back to several live servers I'm maintaining - exactly the same setup that doesn't work on my machine. Google it, SO-it, all I can see is exactly what I have been doing... I ended up checking char by char every single line, in disbelief that I cannot find what is the problem.

And then - I finally figured it out after loosing one whole day of my life on it:

I was trying to setup vhost to point to a folder inside my user's home folder - which is set to be encrypted.

Aaaaaand of course - even with all right permissions - Apache cannot read anything from it.

As soon as I tried any other folder outside my home folder - it worked.

I cannot believe that nobody encountered this issue before on Stackoverflow or wherever else.

Hello folks, have a question, I can't decide if I should install windows 7 (super stable Windows btw) or a Linux distribution (debian or Ubuntu 14), I've always been a Windows guy and was thinking of switching to Linux on my new free dos laptop and wanted to have a hand on Linux, but please I don't want that Windows/Linux fight I just need real advice. Some friends told me to get Windows 7 and a VM Linux just for practice, I also thought about having a dual boot Windows Linux server , I think it would be the best config for me.. so..?

I spent half a day trying to figure out why the app on the staging server does not log in the app log file while it does on the dev server.
Server log said log config file found but could not find the root logger.

Problem was that the directory was readable for the app, but not the logfile configuration file.

Dear devs, when a file is not readable that might be some interesting information one could write into a log. AT LEAST MORE INTERESTING THAN "APPLICATION STARTING..."

I need help structuring a new TypeScript project built on a MERN stack. I used CRA for the client, so I opted to have separate tsconfig files -- one for client (auto-generated by CRA) and one for server (extends node12 tsconfig). However, I'm trying to setup eslint and prettier globally so that the lint/style rules are uniform across the codebase. CRA adds an eslint config that extends react-app, which is fine, but I'd like to still have my global rules. I have written my eslintrc.json file and am happy with it, so I placed it in the project root directory. I figured I would install eslint, prettier, etc. in the project root, then when I run eslint globally, it would lint the server code with the global rules and the client code with the global rules and the react-scripts rules.

However, react-scripts complains that I've installed a newer version of eslint in a parent directory. I can either ignore that rule or use the same version as react-scripts, but it seems like react-scripts is going to run eslint on its own when I run npm start, regardless of if I have a global config. What should I do? Is there a better way to structure the app?

Why are apple so fucking back assward and stubborn when it comes to their app review process?

So, at work I made an app. It's a simple one, but it's an app.
It makes it so that the user doesn't have to enter their credentials to sign in to a system developed on our platform.
If you give it a hard oded config it will only connect to that server, if not, it fetches a list of available servers and the user has to select which they want to connect to.

I've uploaded basically the same fucking app thrice, twice with and once without a config.
Two of them when somewhat smoothly through the review, but the last one has been stuck for almost two fucking months! And guess what it's one of the ones with a config!?!

How is that in any way consistent?
They fill us with shit like "your screenshots aren't representative", so I update them.
They go "this is not an AP for the public", I tell them I give less than a steaming pile of fresh dung from a retarded donkey, the intended users are freelancers, so just fucking greenlight it.
Then they go "your screenshots aren't representative", so I tell them to pound sand or specify which screenshot is wrong or what they think is missing.

How are they so fucking inconsistent with their process? Isn't is this process that they used as of defence for their shittastic monopoly, that they don't want to call a monopoly?
I'm so fucking tired.

#Suphle Rant 6: Deptrac, phparkitect

This entry isn't necessarily a rant but a tale of victory. I'm no more as sad as I used to be. I don't work as hard as I used to, so lesser challenges to frustrate my life. On top of that, I'm not bitter about the pace of progress. I'm at a state of contentment regarding Suphle's release

An opportunity to gain publicity presented itself last month when cfp for a php event was announced last month. I submitted and reviewed a post introducing suphle to the community. In the post, I assured readers that I won't be changing anything soon ie the apis are cast in stone. Then php 7.4 officially "went out of circulation". It hit me that even though the code supports php 8 on paper, it's kind of a red herring that decorators don't use php 8 attributes. So I doubled down, suspending documentation.

The container won't support union and intersection types cuz I dislike the ambiguity. Enums can't be hydrated. So I refactored implementation and usages of decorators from interfaces to native attributes. Tried automating typing for all class properties but psalm is using docblocks instead of native typing. So I disabled it and am doing it by hand whenever something takes me to an unfixed class (difficulty: 1). But the good news is, we are php 8 compliant as anybody can ask for!

I decided to ride that wave and implement other things that have been bothering me:
1) 2 commands for automating project setup for collaborators and user facing developers (CHECK)
2) transferring some operations from runtime to compile/build TIME (CHECK)
3) re-attempt implementing container scopes

I tried automating Deptrac usage ie adding the newly created module to the list of regulated architectural layers but their config is in yaml, so I moved to phparkitect which uses php to set the rules. I still can't find a library for programmatically updating php filed/classes but this is more dynamic for me than yaml. I set out to implement their library, turns out the entire logic is dumped into the command class, so I can neither control it without the cli or automate tests to it. I take the command apart, connect it to suphle and run. Guess what, it detects class parents as violations to the rule. Wtflyingfuck?!

As if that's not bad enough, roadrunner (that old biatch!) server setup doesn't fail if an initialization script fails. If initialization script is moved to the application code itself, server setup crumbles and takes the your initialization stuff down with it. I ping the maintainer, rustacian (god bless his soul), who informs me point blank that what I'm trying to do is not possible. Fuck it. I have to write a wrapper command for sequentially starting the server (or not starting if initialization operations don't all succeed).

Legitimate case to reinvent the wheel. I restored my deleted decorators that did dependency sanitation for me at runtime. The remaining piece of the puzzle was a recursive film iterator to feed the decorators. I checked my file system reader for clues on how to implement one and boom! The one I'd written for two other features was compatible. All I had to do was refactor decorators into dependency rules, give them fancy interfaces for customising and filtering what classes each rule should actually evaluate. In a night's work (if you're discrediting how long writing the original sanitization decorators and directory iterator), I coupled the Deptrac/phparkitect library of my dreams. This is one of the those few times I feel like a supreme deity

Hope I can eat better and get some sleep. This meme is me after getting bounced by those three library rejections

Bit of a stupid oopsie I had today that someone might appreciate.

We’re working on a microservice project in Spring Boot, running in a docker swarm. Past few days I get a Spring Cloud config server going in separate stack, create an overlay network, and get CI deployments to use the right profiles etc. It’s looking great, and the first component is working spectacularly.

Now just to do the other 6. Move config files to the Git repo, tweak CI, all the other faffing and hoohas; and deploy. Health checks keep failing, the containers are murdering themselves and resurrecting ad infinitum. They’re doing this so quickly that by the time I get the container ID to exec in and curl health, it’s no longer running. Cue frustration, increased caffeine and nicotine consumption; my sanity is slipping.

No errors in the logs, because from experience the Cloud Config errors ar at debug level. Whhhyyyy?? Some time later (way longer than it should have been) I realize I had never actually included the Spring Cloud Config starter. Boot 101, get your starter!
Since config client is just additional setup in properties.yml, there’s no issue of the dep isn’t there, it just doesn’t try to get the config.

The containers are still unhealthy, I can hear them screaming. But now at least it’s about something else...

One nightmarish project that was doomed from the beginning, had me as the sole developer. I could hardly sleep when we began testing on a separate test system, but with (nearly) all the config stored in shared memory and copied from the production system, I dreaded, half awake, that the production server data base connection was still configured in the test system and that it was shooting all it's test data repeatedly to prod.

Finally drove to company in middle of the night at 4 o'clock. Checked everything was OK, tried to sleep 3 hours before the start of the work day.

This system also had the most hideous memory corruption in some shared memory that was used across several processes and should have been thoroughly protected by a mutex, but somehow, sometimes this crucial map, that was used to speed up the access to all the customer data just contained garbage.

Still haunts me to that day. (Like xkcd's unresolved tension of a non-matching parenthesis - an unresolved bug.

PLEASE i understand how it works but how is hashicorp vault supposed to be used?

Not to mention how should i use it for production? Literally no dipshit tutorial explains it. Everyone explains the vault server -dev part and thats it. Fuck you

Every time i restart the vault server all of the secrets and config get deleted. And then i have to readd them all over again?

How is vault supposed to work in terraform?

How can I automate storing secrets in vault instead of manually doing it?

How to automate starting vault server by a single command along with provisioning secrets and parameters?

How to store iam credentials from ~/.aws/credentials into vault by profile AUTOMATICALLY as soon as vault server is started?

Because if my backend depends on some secret from vault, how am i supposed to automatically have these secrets created so i can just run my backend without worrying which secrets i have to recreate because the restart of vault server deletes all the fucking secrets in dev mode?

How do i use this bullshit?

- Every guide explains it partially
- No guide explains how to 100% automate it
- every dipshit youtube video explains it poorly
- NO ONE explains how to configure it for production.

I am so Fucking lost in learning this bullshit.

Can someone give me a link to a repo of a working example of the things i just mentioned? Either you create it or send an existing link cause i cant find any.

Basically i just want to use Terraform and Vault together but i cant understand how to combine them together so that its all automated 100% -- for example i just want to do

terraform apply --auto-approve

And then the entire terraform aws gets provisioned + vault server stars AND gets provisioned with secrets.

How to do that?

I have some homework todo:
1.- Install & config a lemp environment for testing
1.1.- Maybe mongoDB & nodejs
2.- Install & config a gitlab server
3.- Config a local DNS