AboutSuccessfully recovered from the rm -rf $account! Thank you so much everyone for helping me get back on track ♥️
SkillsSystem administration: 5 years Information security: 2 years Electronics (actively learning): ~2 years Procrastination: 23 years Feel free to contact me at hello a.t nixmagic.com. Humans only, of course. Bots get redirected straight to /dev/null.
Joined devRant on 7/6/2018
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Whoever it was that thought that MAC address spoofing/randomization for "muh network security" was a good idea, I'm gonna violently fucking murder them. It doesn't solve jack shit for security, doesn't magically make your network device "anonymous" or whatever and it never fails to confuse my DHCP servers that use those fucking things. Whoever it was, hang yourself or I'll fucking do it for you. Filthy incompetent motherfucker!!15
Conspiracy theory: An Arch user got laid with a vegan and had a child.. the name of which became Nix.
I get it, you use NixOS, great. But what impresses me the most is that its users somehow find a way to sneak it into literally *any* conversation...12
For the coming few months, refactoring my entire life. Everything will be redone with modularity in mind. So far it seems to be working well. Once the foundations are stable, I could start focusing further on the development of my Linux distribution. Hopefully that'll be done soon.6
TIL that you have to run Arch on everything including servers in order to be considered a competent system administrator19
How difficult is it to do things and do them properly? Clearly in 2019, very difficult. And why on Earth would you do things properly, when there's get rich quick schemes, shortcuts to be found and taken, and that filthy filthy legal tender. If the shitty implementation makes a profit, why do it properly? Makes no sense.
Except it fucking does. And you know why? Because of the guy that comes after you, that works with your fucking bullshit implementation and probably curses you to the moon and beyond in the process. Just like you probably did with the guy that came before you, with that bullshit you got tasked to work with. Don't be that guy. And don't be that guy to the next guy.
Still with me? Good. Here's the thing. You can do [insert job here] quick and dirty. But you're guaranteed to be checking back on it and fixing the crap later on. Or worse yet, someone else will be cursing you to the moon and beyond while they are fixing / working around your crap. So why not do it right in the first place? Is this why we can't have nice things?6
A Gentoo installation might be fun, but it sure as hell isn't worth it, both in time and effort. Broken audio, broken video, broken stability. A broken kernel that doesn't recognize the hard drive or the network interface. And half a week to compile the fucking thing and it's still not done. This is not the right distribution for me.3
Let's portray Stallman as a malevolent criminal, dying on the creepiest hill, shall we? Apparently there's even people that make statements such as "if you defend RMS, you're just as terrible as he is".
Do you have any idea what you're talking about? Do you have any idea what the case even is?
Richard Stallman has a controversial opinion about a rape case committed by someone else. Gee, what a shocker, people have opinions. Does that make Stallman a criminal himself?
Oh but he's representing open source software. That's why he can't be there.
Oh yeah. Shunning him (and erroneously so) as another Reiser is gonna make open source look so good, isn't it.
"I disapprove of what you say, but I will defend to the death your right to say it."
- Evelyn Beatrice Hall, writer of Voltaire
People are entitled to any opinion they may have. Just because you disagree with it (and in this case I do too!) does not mean that it can be used to criminalize someone and to ruin their career. That is just wrong.32
I'm installing Gentoo on a keyboard. Not even kidding.
.. well, clickbait aside, it's a laptop that's been turned into a keyboard on steroids, its backlight broke so I had to remove the display until I get around fixing that.. but its keyboard is so good. They don't make them like that anymore... So yeah 🙃 turning it into some kind of controller for the other desktops. Tomorrow (or rather, in half a week when the Gentoo installation is finally complete) I'll be SSH'ing into my keyboard 😛
The finish line for my Linux journey is starting to get in sight 😄4
Anything I (am able to) build myself.
Also, things that are reasonably standardized. So you probably won't see me using a commercial NAS (needing a web browser to navigate and up-/download my files, say what?) nor would I use something like Mega, despite being encrypted. I don't like lock-in into certain clients to speak some proprietary "secure protocol". Same reason why I don't use ProtonMail or that other one.. Tutanota. As a service, use the standards that already exist, implement those well and then come offer it to me.
But yeah. Self-hosted DNS, email (modified iRedMail), Samba file server, a blog where I have unlimited editing capabilities (God I miss that feature here on devRant), ... Don't trust the machines nor the services you don't truly own, or at least make an informed decision about them. That is not to say that any compute task should be kept local such as search engines or AI or whatever that's best suited for centralized use.. but ideally, I do most of my computing locally, in a standardized way, and in a way that I completely control. Most commercial cloud services unfortunately do not offer that.
Edit: Except mail servers. Fuck mail servers. Nastiest things I've ever built, to the point where I'd argue that it was wrong to ever make email in the first place. Such a broken clusterfuck of protocols, add-ons (SPF, DKIM, DMARC etc), reputation to maintain... Fuck mail servers. Bloody soulsuckers those are. If you don't do system administration for a living, by all means do use the likes of ProtonMail and Tutanota, their security features are nonstandard but at least they (claim to) actually respect your privacy.2
Nice, apparently Kingston isn't just selling storage anymore.. and it turns out that it's even legal as long as the 2 brands don't enter the same market and the brand name is a generic English word (not sure if Kingston is one of those though). Who knew?
To this day I still don't know how the hell Nvidia makes some of the most powerful graphics cards available, yet manages to somehow also write the shittiest software among them. Somehow not only their control panel application takes an eternity to start, their context menu option makes that run like trash, and even Windows Explorer doesn't go unaffected.
But the solution as always: throw more hardware at it. Maybe that's why they make such powerful cards.9
Looks like Keybase now also has its own shitcoin. Isn't it about time for that cryptocurrency wank to end already? How many more BitconneeeEEEECT's do we need?
But but but.. this is the next big thing! It will go *stellar*!10
What the actual fuck. I just found out that on one of the SSD's I bought, the optimal partition start / finish sizes which apparently on that unit only occur every 65 THOUSAND 4kB sectors (which translates to about a quarter GB) means that I have to throw away half a GB worth of space on that disk in order to align it. Very optimized indeed, dear SSD manufacturer! Huge alignment numbers for just that much extra wastage in the name of optimization. Something like 4x sector size on 512 byte sectors or 1x sector size on 4k sectors.. ain't nobody gonna need that. Let's make it a quarter GB.
And that's what they call engineering?13
Someone else disturbing me while I'm thinking about technicalities. Makes me lose my shit because recollecting everything afterwards is often more difficult than the problem itself.
Note to self: tell cleaning lady to keep disturbances to a minimum when I'm working, and turn notifications on the Fandroids off before starting work. No I'm not interested in that Telegram message right now. And God bless OnePlus for putting in a physical slider for that.. more phone manufacturers should start doing this.4
I don't know if this is a problem only in Belgium or also in other countries but while I love Bluetooth for audio playback (headsets, speakers and everything) despite being extremely convoluted as a protocol.. FUCK Bluetooth keyboards.
Several of them I've tried. Several of them, from various brands. Pairing, setting the Belgian keyboard layout (which on that shitty Android 7.0 tablet that I want to use the fucking things with apparently has to be done *every fucking time you connect*, because reasons) all well. Except half the keys don't fucking map properly. A keymap, it doesn't get easier than that! How hard is it to make buttons map to the right keys!? They're literally fucking push buttons on a matrix! Seeing which points in the circuit make contact and sending that off to wherever it needs to go!
And to put the icing on the cake? USB keyboards with the same fucking layout settings work without any problems. So it's extremely likely that it's something in those shitty keyboards' controllers or Bluetooth going full rart on all of them.
Of course, Bluetooth being as convoluted as it is, manufacturers just copy each others' implementations of it if they can.. so there's that.
Can really nobody make a product halfway decent anymore before putting it on the market!?
Another one bites the dust.. JUNK!!! Every single goddamn one of them!1
Earlier I signed up on this forum called NulledBB. Basically some hacker skiddie forum that had a dump of an archive I wanted, unfortunately behind a paywall which I didn't want to bother with.
On signup I noticed that I couldn't use my domain as an email address, as I usually do (the domain is a catch-all which means that mail addresses can be made up for each service I sign up to on the fly, super useful). They did expose the regex that they accepted email as however, which included something along the lines of "@live.*".
So I figured, why not register a subdomain live.nixmagic.com real quick and put that into the mail servers? Didn't take too long and that's what I eventually went with, and registered as email@example.com (which I have no trouble putting on a public forum as you'll see in a minute).
Still didn't manage to get that archive I wanted but I figured, fuck it. It's a throwaway account anyway. But eventually that email address started to receive spam. Stupid motherfucker of a forum operator with his Kali skidmachine probably leaked it.
Usually I just blacklist the email address in SpamAssassin by adding an additional spam score of 100 to email sent to such addresses. But in that case it didn't even sit on the main domain, thanks to that stupid regex block from earlier... 😏
*Logs into my domain admin panel*
*Le rm on the live.nixmagic.com record*
Null routed entirely.. nulled, if you will! 🙃3
Windows, if you can't even do as much as mounting network shares *after* the network comes up, don't you fucking dare to tell me that I can't disable my firewall. Some people may actually know what they're doing and maintain that elsewhere, you know?7
How do you stay sane while developing on top of other people's projects? After building a migration tool on top of LXC (2.x, because.. well, Debian 9 since every bloody option changed in LXC 3.x on Debian 10 and don't even get me started on the snap-crap that is LXD), I'm looking longingly at every intoxicant I have around... The "hmm, so they probably wrote this in response to that but didn't consider so and so..." only goes so far... :/1
Take note, this is the right way to deflect bots
Blocking IP ranges is one thing, but blocking all datacenter IP ranges altogether is something else entirely...4
!dev && rant
> be me
> headphones on
> hands packed with shopping bags
Some old bitch neighbor that I can't stand: oh hi!
WHAT THE FUCK ARE YOU MAKING ME TAKE OFF MY HEADPHONES FOR!?
Seriously. When someone has his hands stuffed with groceries and has headphones on, maybe they don't want to stop, put their bags down, take their headphones off and say no more than another hi. Like not even anything else, just hi and walk away! What's the fucking point!? Making me pause and waste time just for the hell of it? Thank you old bitch.11
I love software. Seriously, I love it. /s
Transmission is given a bad torrent (which, given that it's a torrent service, you'd expect it handles quite robustly) and completely fucks up. Like, really badly. It doesn't respond to RPC anymore, systemd has to resort to sending it a SIGKILL to get it off the process tree, and the web interface.. yeah. Nothing.
It doesn't log by default, so fine I'll add that to the systemd unit and restart it with debugging options enabled.
# systemctl daemon-reload && systemctl daemon-reexec
Turns out that /var/log/transmission.log can't be written to by my Transmission user. Well shit. Change that to /home/condor/transmission.log.
# systemctl daemon-reload && systemctl daemon-reexec
# systemctl restart transmission-daemon
*blood starts to reach its boiling point*
Still logs in the wrong fucking location. Systemd, I told you to log over there. I did everything I could to make you steaming pile of shit reload that fucking config. What's the fucking problem!?
*about 15 minutes of fighting systemd*
Finally! It spits out a log in the right location! Thank you Transmission and systemd for finally doing your fucking jobs. So a bad torrent it is, hmm...
*removes torrent from .config/transmission/torrents*
Transmission: *still fucking shits itself on that ostensibly removed torrent*
That's it. BEGONE!!!
Oh and don't get me started on the fact that apparently a service needs some 400MB of memory. Channeling your inner Chrome Transmission?10
Just added an RSS feed to my blog (https://nixmagic.com/rssfeed.xml/ if you're interested), and as I was testing it out in an RSS reader, I noticed that the reader basically just renders the webpage as if it were a web browser.
Heh.. I have only the Webkit engine on my computer, so I suppose it's just using that in the backend or something like that? How much RAM does that consume?
*looks at Task Manager*
67MB. I shit you not.. 67 megabytes. And that is rendering an entire website with no noticeable differences from a regular web browser.
I've just come to realize that in all the time I ran Netdata on my servers, it was nightly releases, automatically updated too.. that somehow never really broke. Not even minor issues.
I really like that... Moving fast doesn't always have to imply breaking things. I wonder how they're doing it.2
Necessary context for this rant if you haven't read it already: https://devrant.com/rants/2117209
I've just found my LUKS encrypted flash drive back. It was never stolen.. it somehow got buried in the depths of my pockets. No idea how I didn't look into my jacket for the entire time since that incident happened... But I finally found it back. None of my keys were ever compromised. And there's several backups that were stored there that have now been recovered too. Time to dd this flash drive onto a more permanent storage medium again for archival. Either way, it did get me thinking about the security of this drive. And I'll implement them on the next iteration of it.
For now though.. happy ending. So relieved to see that data back...
Full quality screenshot: https://nixmagic.com/pics/...12
It's finally happened. I've used my mail servers for about a year to give out different email addresses on my domain to things I sign up for online, and only used my "actual" email address that received all this email for the whole domain but the single one that I used outbound for private communications.
This worked well for a long time as I could see when spam comes in, where it came from by looking at the email address I designated it. Each company's email would be sent not only from an email address that they choose, but also to an email address that I choose. It allowed me to easily determine where there were problems. For example, on Freenode IRC my vhost happened to make my username@host there a valid email address. It eventually got blacklisted due to too much incoming spam as crawlers started detecting it. Another one was "nickname"@my.domain as I posted it a few times here. Got crawled as well. But it allowed me to easily blacklist each.
I'd never thought my actual outbound email address, my real one, to get crawled though. That would require the mail server of a company I explicitly communicated with to get hacked. But today that happened. I wonder whose it is, but I can't tell.
Time to make my outgoing email bound to a designated email address as well. I want to know which companies this happens to, even if they don't disclose it.7
Was just reading some of the OpenVPN scripts to renew a certificate where I forgot to source the vars file first (apparently OpenVPN stores those in a separate file that you always have to source first, and I tend to forget it sometimes).
Reading the revoke-full script that OpenVPN provides, it's just bash so I can read it no problem. But traversing through it and trying to understand it... Horrible! There's a test file in $RT named keys/revoke-test.pem. It's not used anywhere in OpenVPN for anything useful as far as I'm aware. The script however - the script that's running on a production server! - attempts to remove this file. It doesn't exist. Test files do (or at least should) not exist in production. They're not supposed to be there.
It exports empty variables. Some of them are set by the sourced vars file, some aren't. Not entirely sure why it's exporting variables as empty when they're uninitialized, or why it doesn't just unset the ones that are initialized.
And finally it goes ahead and revokes the key file that I'm actually concerned about through regular OpenSSL and verifies it.
Not to mention that the lack of the sourced vars file, which admittedly I should think about in the current status quo, if it *always* needs to be sourced anyway... Why doesn't the script do that itself then? One less thing to go wrong. But hey, proper design?
Gore. I don't have any other words for it.
And before anyone tells me that I should go and fix it if I'm so worried about it. Remember, I am not a developer. That's the job of the developers that made this in the first place.10