This guy at an internship who only wanted to use anything Microsoft.

It was fine for his own use but he also wanted it for a high security prod environment and tried to push that through.

Luckily, the (very competent) team lead refused to use closed source stuff for high security environments.

"listen (team lead to that guy), it's not going to happen. We're simply not using software from a US based company which is closed source for high security stuff.
Why? The US is one of the biggest surveillance powers in this world, we just can't be sure what's in the software if it's US based. Now you can say that that's paranoid but whether or not it is, the surveillance part is a fact, deal with it. That you want to use it, fine, but NOT. IN. HIGH. SECURITY. PROD. (or prod at all really).

He continued to try and convert colleagues to windows and other Microsoft stuff for the rest of his internship.

Rant number 1000. Let's see how this one goes :D

Here a beer as for celebration!

I'd love to finish a few projects I'm currently working on:

- An add-on which gives a middle finger to websites which use services/products ran by companies which are known to be integrated within the biggest mass surveillance system ever created (US powered). Not because just fuck those websites but because I think (@PonySlaystation came up with this idea) that its only fair that people get to know which websites 'sell them out'. Oh and "but not everyone cares about that" - you don't HAVE to install the addon.
(will be open sourced)

- Notes service with a fun thing.

- PHP based server/website/whateverthefuckyouwant monitoring system which is pretty much module based and works with json files as configuration. (kinda works but still loads of bugs to solve and gotta improve the module system a lot).
(will be open sourced)

- PHP based pihole alternative which suits my needs (will be open sourced)

- Forgot one 😅

Woman couldn't reach the login page of her hosting account.

After 15 minutes of debugging she found out that her Internet wasn't turned on.

This shit is the fucking reason why I drink alcohol.

I always try but I'm social as hell and a beer lover so that mostly turns into laptop etc being pushed aside in favor of friends, music and beer. 😅

And BAM. Wrote a quick'n dirty little php script which works with loads of shell_exec calls to block all ip addresses belonging to an ASN number.

For example: If I get Facebook's ASN number and use it as parameter for this script with a custom name (for the iptables chain), the script creates a chain called the custom name, adds all ip addresses/ranges it got from the whois lookup (on the ASN number) with DROP to iptables and then it adds that chain to the INPUT and OUTPUT chains.

I've done some tests and can indeed genuinely not reach Facebook at all anymore, Microsoft is entirely blocked out as well already 💜

So Facebook provided unlimited data access to loads of companies including spotify/microsoft and other big names.

Although there are privacy rules, those companies had deals which excluded them from these privacy rules.

I don't think my custom DNS server or a pihole is enough anymore, let's firewall block all Facebook's fucking ip ranges.

Source: https://fossbytes.com/facebook-gave...

The perks of learning iptables through practice:

Suddenly losing Internet connection on le entire computer and then realizing that you added a DROP EVERYTHING on the input chain through a referenced chain 😅

Question; does anyone know of the ip addresses you get/see when whoissing an asn number are ALL the ip addresses that company (who's under that asn number) has allocated?

Asking for reasons....

This isn't my week I guess 😅

After my study (application development) I wanted to get a job but wasn't sure about a dev position. Everyone recommended me to go for a Linux one since I've been a Linuxer for 8 years now (7 years then)

Applied to numerous jobs and was invited to an interview with a hosting company for a Linux (support) engineer position.

CEO asked good questions, didn't need to see my diploma and we basically had a good time talking.

15 months later I'm still working here!

Visual Studio Code.

I've tried you because of hearing a lot of good stuff about you. I'd switch back to netbeans regardless because I love netbeans and I always try to use as little as possible from companies like Google/microsoft/facebook (and others) but what you're pulling right now is un-fucking-believable.

I've disabled ANY AND EVERY form of calling home I could (find) in your settings. Crash reports, automatic updates, metrics, you name it. I've searched all the fucking settings but I can't find any other home calling thing that's enabled and yet:

I'm monitoring every goddamn DNS request (through my own DNS server) and I'm still seeing calls to a Microsoft owned domain. Closed all my browser sessions and you as well and it stopped. Started browser again but not you, nothing.
Started you again: BAM. Calls to that damned Microsoft owned domain again.

If you can't honour my decision for disabling any form of home calls, go fuck yourself.

Netbeans, I'm back, I've missed you 💜

Started working on a pihole alternative a while ago.

I like pihole a lot but one of the features I am missing is to be able to define a list of mass surveillance related domains (Snowden leaks; PRISM program and such) and show statistics based on dns queries containing blacklisted domains, prases/words and surveillance-related domains/words (google/facebook/microsoft/apple etc).

Started working on one based on an existing (php based) dns server which is open source and slowly but surely developed something which worked.
Then, I found out that the php resolving function (dns resolving) uses the system default, which can, of course, be google's dns as well. Changing this would be ideal but while the documentation suggested that it could be done some way, it didn't work for me so I chose a library which can do it with specific dns servers (to use as external dns servers).
This library used a different way of showing the retrieved dns query results and really wasn't in for converting everything by hand so i kinda quit the project a while ago.

A few days ago I thought fuck it and started again.
Now have a working version based on the new dns resolving library and made some other good improvements.

For those who are wondering why I chose PHP for this: why the fuck not?

Happy happy happy.

Dear sir,

I'm NOT giving you the information you want because I can't verify you. You can tell me that we're the only company who does it like this and name all companies which do it differently, you can curse me into the ground or completely lose your shit at me but that won't make a difference:
I'm not giving you the information you want.

Sincerely,

Go fuck yourself.

God damnit, me and mysql joins do NOT work together that well, this shit is like magic to me 😅

Ohai, a few devRanters (including me) have been working on planning a Dutch devRant meetup once again.

Although we're quite late with the "announcement", hereby!

It'll happen upcoming Saturday in Nijmegen (at least one German living person is coming as well and some people wanted to see it anyways so that's why).

Here's a collab edit thingy where you can put your name if you're coming!:
http://collabedit.com/wmj25 (yes, no https, I'm aware, I didn't chose this one but for now it works)

I'll mention some dutchies in the comments :)

Looking forward to upcoming Saturday :D

Happened a few weeks ago but still awesome.

Me and a good friend have a website together but we don't monitor it too much.
He studied with me in the same class but went towards frontend/apps where I chose backend/servers/security. He knows how to do basic Linux stuff but that's about it.

We were at a party when he noticed that our site was offline. Walked over to me (because I manage the server) to notify me so I could look into it said I'd look into it (phone):
*visits site: nothing*
*online dig tool: got the server ip*
*remembered this one didn't have pubkey authentication - after three passwords attempts I'm in*

"service apache2 status"
*service doesn't exist*
*right, migrated this one from Apache to nginx....*
"history"
*ah, an nginx restart probably suffices...*
"service nginx restart"

BAM, site is reachable again.

*god damnit, lets encrypt cert expired...*
"history"
*sees command with certbot and our domain both in one*
"!892"
*20 seconds later: success message*
*service nginx reload*

BAM, site works securely again.

"Yo mate, check the site again"

Mate: 😶 w-w-what? *checks site and his watch* you started less than two minutes ago...?
Me: yeah..?
Mate: 😶 now this is why YOU manage our server and I don't 😐

His face was fucking gold. It wasn't that difficult for me (I do this daily) but to him, I was a God at that moment.

Awesome moment 😊

Fucking awesome. The 'encryption backdoor law' in Australia went through!

Now, whenever served with such warrants, companies which are active in Australia will have to pay hefty fines if they don't give encrypted messages to law enforcement in readable form. No matter whether this means just decrypting it with the keys they have or pushing backdoors/inject code into the messaging apps/services in order to extract the contents.

Now let's see how much the big companies really care about their users! (I'd expect them to pull out of Australia but the chance that this'll happen is as tiny as about nothing)

Celebrated saints Nicolas today with the family. Apparently my sister made a devRant account to follow me around and see how/what I'm about in this platform and get me a present based on that.

She got me this: 😍

In may this year, the new mass surveillance law in the Netherlands went into effect. Loads of people were against it with the arguments that everyone's privacy was not protected well enough, data gathered through dragnet surveillance might not be discarded quickly after the target data was filtered out and the dragnet surveillance wouldn't be that 'targeted'.

They were put into the 'paranoid' corner mostly and to assure enough support/votes, it was promised that:
- dragnet surveillance would be done as targeted as possible.
- target data would be filtered out soon and data of non-targets would be discarded automatically by systems designed for that (which would have to be out in place ASAP).
- data of non-targets would NOT be analyzed as that would be a major privacy breach.
- dragnet surveillance could only be done if enough proof would be delivered and if the urgency could justify the actions.

A month ago it was already revealed that there has been a relatively (in this context) high amount of cases where special measures (dragnet surveillance/non-target hacking to get to targets and so on) were used when/while there wasn't enough proof or the measures did not justify the urgency.
Privacy activists were anything but happy but this could be improved and the guarantees which were given to assure privacy of innocent people were in place according to the politicians... we'll see how this goes..

Today it was revealed that:
-there are no systems in place for automatic data discarding (data of innocent civilians) and there are hardly any protocols for how to handle not-needed or non-target data.
- in real life, the 'as targeted dragnet as possible' isn't really as targeted as possible. There aren't any/much checks in place to assure that the dragnets are aimed as targeted as possible.
- there isn't really any data filtering which filters out non-targers, mostly everything is analyzed.

Dear Dutch government and intelligence agency; not so kindly to fuck yourself.

Hardly any of the promised checks which made that this law could go through are actually in place (yet).

Fuck you.

Co-worker loves macos' features/interface but for him, an operating system being open source is a very important thing.

So important that he ditched his mac for a Linux machine. (regular Ubuntu)

Today we recommended him Elementary OS.

Guess who's completely in love!

😁

My first self written framework 😅

Damn that was a pile of ****, I still write my own stuff (frameworks etc) but I've learned a lot and those are way better compared to that first one.

Everything was static, loads of defines (way too fucking many) and so on.

Dus.....

Got a question for the linuxers.

I'm a linuxer myself (no shit) but I don't really tweak a lot. Whenever I see those awesome arch setups with tiling wm's etc (https://devrant.com/rants/1902395/ for example), I would love to set that up myself but one thing:

Any idea on how I'd be able to run this well with 6 screens? I've got genuinely no clue.

Working on a funny/new api/service (will be a public one) and I'm only now realizing how important good security is but especially:

The amount of time that goes into securing an api/application is too goddamn high, I'm spending about 90 percent of my time on writing security checks 😅

Very much fun but the damn.

Running from my job to my bus stop while having my phone in my hands trying to fend off a cyber attack while my hands are nearly freezing and its raining like hell.

Sometimes my job is just fucking awesome.

When you login to a server through ssh for the first time with a specific domain or up address, you get a prompt asking to verify a signature with yes or no (on Linux at least).

That often goes well but sometimes when I already did that....:

ssh user@server
*types yes automatically and presses enter...........*
Neeeeeeeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaammmmmmmmmmmm:
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes^C
user@server: ~$
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C

Nooooo not again 😅

Can't get into details but today took probably like 10 years of my life in the form of stress. On top of that I'm currently the on call Linux engineer so I can't drink much 😥

God fucking damnit.

Just had to get that out.

Just needed to

START FUCKING USING GIT.

😅

Currently working on my first real REST api and I've arrived at the authentication part.

I'm not sure how to do this one, the client will have to login using username/password but then, what's the most conventional way of authentication logged in users through a REST api? (no oauth (yet))

This should be usable for anything like ajax requests to calls from the backend to curl requests.

Looking forward to ideas!

Fuck yeah!

6 monitors are success-fucking-fully running on my setup.

Fun detail is that WITH the official AMD driver, one screen wasn't turning on and one had a weird resolution but WITHOUT it, it works completely fine!

Yes, it runs completely fine on Linux (Kubuntu).

Finally have my dream setup.

That moment that the need for a certain service rises and the domain name you want isn't available so you randomly think of another genius one which you can also do a fun 'joke' with and you start building an api around that idea.

This is gonna be fun 😆