It's Wednesday morning and I almost finished my weekly working hours.. but still had to move today's deadline.

Am I in developer hell already? A shitty project is about to come to an end (hopefully), or should I rather say: It needs to come to an end. But I am still quite lost in how to deal with it, hence procrastinating on it - making the deadline come closer and with it the realization that I'll probably have to rewrite almost everything. I'm not sure how, but I do know that the current code is a dumpster fire.

Basically what I need to do is dealing with the APIs of different payment providers/gateways (like PayPal, AmazonPay). For most cases I'll get a payment ID from the shop and need to act on it later, e.g. capture the authorized money in the case of a credit card transaction or do refunds (without user interaction, unless there is an error). Now at first I put something together where I try to abstract the payment information into two tables:
orders{1}<->{0..n}payments
payments{1}<->{1..n}paymentDetails

Unfortunately trying to abstract the different payment methods and to squeeze them (and their different possible stati and functions) in these tables was not very successful, it's a total mess with magic numbers, half-broken behavior and without any consideration for partial payments/captures or unfinished requests (i.e. if there is an exception before the response is dealt with, there is no indication that anything has ever been sent). Also the current amount is calculated through the history of the paymentDetails table, which basically works differently for each payment type.

How to fix this mess in a way that I'll still have a job by next week?

I'm trying to improve the db schema first, as I think my biggest problems are lying there. Through some research I've come across a recommendation for making payment type specific subtables (with a magic number/string in the main table to prevent having to look up all subtables). That way I can record what I send and receive without having to abstract it too much, so I'll have an acceptable transaction log. The paymentDetails table can be removed (necessary fields go to the payments table). The payments table gets multiple fields for the amount (differentiating between open, authorized, captured, processing and refunded values) and always reflects the current status.

Tables:
payments
paymentRequestsPaypal
paymentRequestsAmazonpay
paymentRequestsXyz

I think I'm going in the right direction here. hm. Maybe there's some light at the end of this long, dark tunnel. Or a train. I'll have two days to find out.

I just found a vulnerability in my companies software.
Anyone who can edit a specific config file could implant some SQL there, which would later be executed by another (unknowing) user from within the software.

The software in question is B2B and has a server-client model, but with the client directly connecting to the database for most operations - but what you can do should be regulated by the software. With this cute little exploit I managed to drop a table from my test environment - or worse: I could manipulate data, so when you realize it it's too late to simply restore a DB backup because there might have been small changes for who knows how long. If someone was to use this maliciously the damages could be easily several million Euros for some of our customers (think about a few hundred thousand orders per day being deleted/changed).

It could also potentially be used for data exfiltration by changing protection flags, though if we're talking industry espionage they would probably find other ways and exploit the OS or DB directly, given that this attack requires specific knowledge of the software. Also we don't promise to safely store your crabby patty recipe (or other super secret secrets).

The good thing is that an attack would only possible for someone with both write access to that file and insider knowledge (though that can be gained by user of the software fairly easily with some knowledge of SQL).

Well, so much for logging off early on Friday.

pen testing

!dev

To anyone suffering from chronic pain, especially lower back pain: Don't get fooled by shitty doctors. And don't expect doctors to magically heal you. If you want to stop your suffering, you need to be proactive.

What? But my herniated disc from 10 years ago... bla bla bla. So what? It's not going to get better when your only exercise is putting on your socks. Chances are 99% that your spine has shit to do with your pain. Go to a proper chronic pain therapy instead of downing opiods and getting sick notes.

Note to self: Do your sports every day you lazy bastard. Eat healthy, sleep regularly, don't stress out over every damn thing and don't forget to fucking relax!

The perks of working for a .NET shop:
1. 130€ of credit to burn on Azure every month, so I can run some long builds there, to have VPN/proxies for free that are not easily blacklisted and whatever else I can think of. Today I set up a VM for my wife to RDP into, so she doesn't have to do her job search on her company laptop (which is the only computer she has right now).

!rant

I had a talk with my manager about my future role in the company. I had talked with him before about my interest to dive deeper in the technical side - rather than the business side, for which we have a higher dev demand.

The outcome is that I will work more closely with the senior devs on technical improvements and also tech strategy (e.g. implementation of code reviews). I will also advise the upcoming manager of the development team (who is coming from a PM position) on technical decisions. Lastly the roadmap for the company is to work more with cloud technology (azure), which is also going to be in my new duties.

I'm looking forward to these new challenges where I can improve myself on the technical side (yay!) rather than on the business side (which bored me).

I've really had enough internet for today. Maybe even for the whole week.

I played around with game scripts (in C-like syntax) and even wrote my own (well, halfway) before learning some Java at school. Had a bad internship and decided to waste a few years by studying engineering, where I failed everything but programming. Before getting kicked out I exmatriculated myself then I kinda came to the conclusion of "How about doing something that seems quite natural to me?".

no VPN
ping 1.1.1.1 => 22ms

with VPN
....
....
timeout

!dev (kinda)

Warning: Might contain (be) stupid rambling.

So I got my new toy and want to play around with it. Just in case I have to return it I first want to make a full disk backup, so I try to boot clonezilla. I press the power button and mash F2, F8, F9 - and it boots straight into the windows setup. Nope, not what I wanted. Try again. And again. Eventually I look it up and apparently I have to hammer the ESC key to get where I want to. Alright, now it works. Boot from USB. Failed. Try again. Failed. Check the BIOS, disable secure boot, reboot. I need to type 4 digits to confirm disabling secure boot. Alright. Reboot, try again, failed. Secure boot is on again. Wtf? After some more infuriating tries I see that NumLock is disabled. AAAARGH. BIOS: Enable NumLock on boot, disable secure boot, enable legacy boot. Input the 4 digits - works! Try to boot from USB: Failed! Grab another USB stick, did the clonezilla image, try again: Finally! It! Works!

Format disk, install Qubes OS. Success!

I will soon move to Belgium for a few months due to my wife's job and I will go back to Germany once in a while for a few weeks. Of course I'll need a computer and I can't take my tower back and forth all the time, thus I'll need something more mobile. Since most notebooks <1000€ are shit and I'll also need at least two external monitors, I went for a small (USFF) PC instead; for about 350€ I got a HP ProDesk 400 G5 with a i5-9500T, 8 GB RAM (to be upgraded), 256 GB NVME (also to be upgraded), B360 chipset. I would have liked a Ryzen, but then I could only get the predecessor with a 2400GE...

Hopefully Linux (Qubes OS in particular) will work fine.

Which privacy-respecting email provider can you recommend? It seems that the following three are the best options:

- tutanota (0€ / 12€)
- posteo (12€)
- mailbox.org (12€)

Do you have any experience with them?
What do you think about a hosted email service with your own domain?

Have you considered that we might just have to stay at home because the batteries of the surveillance pigeons have to be changed? 🧐

I just got sent an email after registering an account at a webshop which contained my username and password.. *sigh*

»The European Commission has revealed it is considering a ban on the use of facial recognition in public areas for up to five years.

Regulators want time to work out how to prevent the technology being abused.«

https://bbc.com/news/...

RAM buying advice needed!

I wanna upgrade from my measly 8GB to 32GB and I'm a bit lost at which RAM to buy. Just the cheapest or is there more to consider? Some cheap options are (due to an offer):
(per 16GB module)
57,99€ DDR4-3200 CL16 Ballistix Sport LT
56,99€ DDR4-3000 CL15 Corsair Vengeance LPX
52,99€ DDR4-3000 CL15 Ballistix Sport LT
46,99€ DDR4-3000 CL16 G.SKILL Aegis
45,99€ DDR4-2400 CL16 Ballistix Sport LT
43,99€ DDR4-2400 CL15 G.SKILL Aegis
(for the latter three I'd need to buy something else to get over 50€)

My hardware can only run at 2400 MHz (MS-7A74 + i5-7500), but the price difference is quite low and I'd be prepared for a (not yet planned) upgrade.

While planning my (personal) server I just seem to pile up more and more things to do/consider. Basically, for now I just want to have rclone, nextcloud and jellyfin, plus some usenet stuff later on. But I want to have the whole installation and configuration automated as far as possible, since I'll at first it will run in a test environment and needs to be migrated to another server at a point, possibly even another OS. So I suppose that means docker, docker-compose and Chef (any better options?). I want SSL: Traefik. User management / auth? RADIUS, LDAP. SSO? keycloak. I also need to deal with virtual hosts. And probably much more..

Since I just have basic Linux knowledge and have no real experience with any of the other technologies, I feel a bit lost. I just got to the abovementioned software due to some ddg research. I don't mind digging deep, I want to learn (which is half the reason for this project), but it's not easy to the the best way to set this up.

I finally managed to get my Wireguard setup to work in both ways! Beforehand I could ping from A to B, but not the other way around.

A network 10.1.0.0/16
B network 10.2.0.0/16
(both actually use multiple /24 subnets, but I reserve a /16 for each site for the sake of simplicity)

Lots of fiddling later this is my configuration:
A interface 10.1.199.1/32
A allowedIPs 10.2.0.0/16
B interface 10.2.199.1/32
B allowed IPs 10.1.0.0/16

ping from 10.1.1.1 to 10.2.1.1 => 172ms
ping from 10.2.1.1 to 10.1.1.1 => 172ms

it works, yay! now to add more sites...

I only have least favorite APIs

Does anyone have experience with Google Drive (GSuite) and rclone? I want to use it as a storage for jellyfin (emby fork) and Nextcloud, with the first being only saved there and the latter either as or with a backup.

I'm considering to build a powerful, small/semi-portable mini-ITX PC. Just small box you can easily travel with, kinda like a laptop but a lot cheaper and without a screen, keyboard and battery - I can't really work on laptops anyway (ergonomics!). Stuffed with something like a 4400G when Renoir (mainstream Zen2) comes out, so lots of processing power. Add 32GB+ RAM and one or two SSDs.

I'd say the reason is that I might work from abroad (remotely) next year, but honestly, it just gives me an excuse to break my piggy bank!

What do you think?

I have set up a VM on Azure as a small build server - nothing fancy yet, just being able to manually build LineageOS. I only spin it up when I need it, so when I do, I can assign quite a beefy machine and that's all fine. But: It needs a lot of hard drive space and the additional data disk needs to be paid 24/7, whether the VM is up or not. As such, it is eating up my (free MSDN) credits. I am not too well versed with Azure yet, so maybe there is a better way.

Does anybody know a cheap way to get a large-ish SSD on Azure? Maybe with ephemeral OS disks, potentially running on another (small) VM in the same network and sharing it?

Motherfuckin fuckidy duck fuck!

I am so done with Azure for today!

After I ran out of space on a secondary drive I shut the VM down and increased said drive and now after starting it (which takes way too long already) I can't ssh into it: "Connection refused". Diagnostics say "everything is fine bruh" and now I'm stuck with an inaccessible VM which I already spent half the night on configuring and downloading 60gb of sources.. aaargh!

I am working on partitioning my life and getting my tech stuff and online life organized. Partially fun, partially dread. Still one of the better things I'm dealing with right now.

Tech stuff mainly includes desktop PC (Qubes OS), network (to be driven by openwrt) and smartphone (already running Lineage OS, but I want to build my own LOS). This is the fun part. I want to add a NAS, but I'm too cheap for a proper one (at least for my >20TB media).

Furthermore offline stuff: Remove clutter, get analog documents properly organized (with a sustainable system) and possibly digitalized. I already have maybe half of the things I own in boxes each with a specific purpose (e.g. audio cables, network cables and game controllers each have their own box). Can be tiresome, but it's easy to see a progress and that makes it quite okay.

Online life: That's a big one. A large chunk is email and the hundreds of website accounts. I have them in a keepass file, but all running under the same address. Unfortunately I need to have a Facebook account for some purposes, but I'd like to start over with a new one. Not so easy when you have to transfer group admin privileges though, when I tried the last time I tripped some system and the new account was banned. Annoying.

tldr: I am looking for recommendations for a basic website for my parents. GOTO question;

Pre-Story:
My parents have a small (offline) business. They have a website to give some general information and list their weekly offers.
When I felt that what has come out of the website-building tool (you know, clicky clicky stuff) looked a bit too early 2000's and is a total ripoff for what you get (almost 20€ per month), I created something with Google Sites for them. Feel free to roast me, but web development is not my field and now it looks much more modern, is mobile friendly and does what it is supposed to do. Weekly offers are edited in a google sheets file, which is embedded in the website. Not great, but this way my mom doesn't have to deal with editing a tables on the page - trust me, it won't look good. This also meant they could downgrade the hosting package to discard the clicky-tool and just the domain (maybe 1€ per month). The website itself is hosted for free by Google.

Some time ago GDPR became a thing and then I was tasked to have a look at it. (side note: I don't want to rant about being responsible for it, that's fine. My parents don't really ask me to do a lot for them.) You can't enter any data on the website, it's just very basic stuff and data protection wise there's just the "usual" stuff (cookies, embedded tools, logs). I added another site with a halfway complete privacy policy. Regarding the whole cookie issue (do not enforce unnecessary cookies) I couldn't find an easy solution. It's not 100%, but what can you really expect from a small business like this? I've seen worse.

Now to the question:
Can you recommend a good alternative to the current solution (Google Sites)?
It should be cheap (<3€/month incl. domain) and my parents should be able to make some basic changes (just text in predefined locations). I am not afraid to get my hands dirty - I can deal with some HTML, CSS, JS - but I don't want to sink a lot of time into this. No need for analytics or the like. Maybe a newsletter would be cool (with the weekly offers), but that's just a random thought of mine and definitely not necessary.

Thanks for reading :)

After lots of fuckery with UEFI, I finally managed to install (and boot into!) Qubes OS - in legacy (MBR), but whatever. I am so excited!

wk177 (least successful project)

A maps behemoth created by a single dev (↑). It took "only" 2 years to get a halfway proper version out. Said dev could have saved half of the time if he (well, his employer) bought the control from a company that has all their devs working on just that (.NET controls) and thus the dev wouldn't have had to reinvent the wheel with the very basic control of the map service provider.

wk172 (worst disturbance while working)

Pain. I haven't really gotten anything done this year, at least not how I would want it. The future is not looking very bright either as far as I can see.

A pm asked about a feature I was developing and I went on to show them what I got so far. Feature-wise almost finished, but it still needed to be polished and thoroughly tested, as such it wasn't merged yet. Weeks later - I couldn't finish it yet for unrelated reasons - there was great confusion about why the feature is not there as it had been billed to the customer already. So I gotta pull some sunshine out of my ass and bring it to the last release branch..